./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3708543903 <...> Warning: Permanently added '10.128.10.57' (ED25519) to the list of known hosts. execve("./syz-executor3708543903", ["./syz-executor3708543903"], 0x7ffc2d0b0a00 /* 10 vars */) = 0 brk(NULL) = 0x55555c01a000 brk(0x55555c01ad40) = 0x55555c01ad40 arch_prctl(ARCH_SET_FS, 0x55555c01a3c0) = 0 set_tid_address(0x55555c01a690) = 290 set_robust_list(0x55555c01a6a0, 24) = 0 rseq(0x55555c01ace0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3708543903", 4096) = 28 getrandom("\x60\xd0\xb1\xa5\x75\xd4\x91\x3f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555c01ad40 brk(0x55555c03bd40) = 0x55555c03bd40 brk(0x55555c03c000) = 0x55555c03c000 mprotect(0x7fe6419b2000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.lTd4Mn", 0700) = 0 chmod("./syzkaller.lTd4Mn", 0777) = 0 chdir("./syzkaller.lTd4Mn") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 292 executing program ./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 292] chdir("./0") = 0 [pid 292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 292] setpgid(0, 0) = 0 [pid 292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 292] write(3, "1000", 4) = 4 [pid 292] close(3) = 0 [pid 292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 292] write(1, "executing program\n", 18) = 18 [pid 292] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 292] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[293]}, 88) = 293 [pid 292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 292] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] memfd_create("syzkaller", 0) = 3 [pid 293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [ 28.820913][ T28] audit: type=1400 audit(1749953268.619:64): avc: denied { execmem } for pid=290 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 28.840953][ T28] audit: type=1400 audit(1749953268.619:65): avc: denied { read write } for pid=290 comm="syz-executor370" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.866417][ T28] audit: type=1400 audit(1749953268.619:66): avc: denied { open } for pid=290 comm="syz-executor370" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 28.890778][ T28] audit: type=1400 audit(1749953268.629:67): avc: denied { ioctl } for pid=290 comm="syz-executor370" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 293] munmap(0x7fe6394c7000, 138412032) = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 293] close(3) = 0 [pid 293] close(4) = 0 [pid 293] mkdir("./file4", 0777) = 0 [ 28.996766][ T293] loop0: detected capacity change from 0 to 40427 [ 29.006825][ T28] audit: type=1400 audit(1749953268.809:68): avc: denied { mounton } for pid=292 comm="syz-executor370" path="/root/syzkaller.lTd4Mn/0/file4" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 29.032280][ T293] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 29.039293][ T293] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 29.047702][ T293] F2FS-fs (loop0): fault_injection options not supported [ 29.054733][ T293] F2FS-fs (loop0): fault_type options not supported [ 29.062367][ T293] F2FS-fs (loop0): invalid crc value [ 29.069713][ T293] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 293] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 293] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 293] chdir("./file4") = 0 [pid 293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 293] ioctl(4, LOOP_CLR_FD) = 0 [pid 293] close(4) = 0 [pid 293] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 292] <... futex resumed>) = 0 [pid 292] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 292] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 293] <... futex resumed>) = 0 [pid 293] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 293] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 292] <... futex resumed>) = 0 [pid 293] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 29.098698][ T293] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 29.105757][ T293] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.113641][ T28] audit: type=1400 audit(1749953268.909:69): avc: denied { mount } for pid=292 comm="syz-executor370" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 292] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 292] <... futex resumed>) = 1 [pid 293] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 292] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 292] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[298]}, 88) = 298 [pid 292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 292] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 292] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 293] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 293] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 298] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 298] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 292] <... futex resumed>) = 0 [pid 292] exit_group(0) = ? [pid 293] <... futex resumed>) = ? [pid 293] +++ exited with 0 +++ [pid 298] <... futex resumed>) = ? [pid 298] +++ exited with 0 +++ [pid 292] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=292, si_uid=0, si_status=0, si_utime=4, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 29.137730][ T28] audit: type=1400 audit(1749953268.939:70): avc: denied { write } for pid=292 comm="syz-executor370" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.139580][ T293] F2FS-fs (loop0): switch discard_unit option is not allowed [ 29.159667][ T28] audit: type=1400 audit(1749953268.939:71): avc: denied { write open } for pid=292 comm="syz-executor370" path=2F726F6F742F73797A6B616C6C65722E6C5464344D6E2F302F66696C65342F233130202864656C6574656429 dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file4") = 0 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FDexecuting program ) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 299] chdir("./1") = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] write(1, "executing program\n", 18) = 18 [pid 299] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 299] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[300]}, 88) = 300 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 300] memfd_create("syzkaller", 0) = 3 [pid 300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [ 29.196574][ T28] audit: type=1400 audit(1749953268.939:72): avc: denied { remount } for pid=292 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 29.216277][ T28] audit: type=1400 audit(1749953268.979:73): avc: denied { unmount } for pid=290 comm="syz-executor370" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 300] munmap(0x7fe6394c7000, 138412032) = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 300] close(3) = 0 [pid 300] close(4) = 0 [pid 300] mkdir("./file4", 0777) = 0 [ 29.390746][ T300] loop0: detected capacity change from 0 to 40427 [ 29.400568][ T300] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 29.407911][ T300] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 29.416134][ T300] F2FS-fs (loop0): fault_injection options not supported [ 29.423377][ T300] F2FS-fs (loop0): fault_type options not supported [ 29.430860][ T300] F2FS-fs (loop0): invalid crc value [ 29.438099][ T300] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 300] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 300] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 300] chdir("./file4") = 0 [pid 300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 300] ioctl(4, LOOP_CLR_FD) = 0 [pid 300] close(4) = 0 [pid 300] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 300] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 299] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[305]}, 88) = 305 [pid 299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 299] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 1 [pid 300] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 300] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 305] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 305] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] exit_group(0) = ? [pid 300] <... futex resumed>) = ? [pid 300] +++ exited with 0 +++ [pid 305] <... futex resumed>) = ? [pid 305] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 29.466400][ T300] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 29.473477][ T300] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.485952][ T300] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./1/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file4") = 0 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 307 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 307] chdir("./2") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] write(1, "executing program\n", 18) = 18 [pid 307] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 307] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[308]}, 88) = 308 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 308] memfd_create("syzkaller", 0) = 3 [pid 308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 308] munmap(0x7fe6394c7000, 138412032) = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 308] close(3) = 0 [pid 308] close(4) = 0 [pid 308] mkdir("./file4", 0777) = 0 [ 29.682970][ T308] loop0: detected capacity change from 0 to 40427 [ 29.692331][ T308] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 29.699950][ T308] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 29.708856][ T308] F2FS-fs (loop0): fault_injection options not supported [ 29.716094][ T308] F2FS-fs (loop0): fault_type options not supported [ 29.723470][ T308] F2FS-fs (loop0): invalid crc value [ 29.729907][ T308] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 308] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 308] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 308] chdir("./file4") = 0 [pid 308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 308] ioctl(4, LOOP_CLR_FD) = 0 [pid 308] close(4) = 0 [pid 308] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 308] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 307] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[313]}, 88) = 313 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 308] <... futex resumed>) = 1 [pid 308] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x7fe6418c69a0, 24 [pid 308] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 313] <... set_robust_list resumed>) = 0 [pid 308] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 313] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 308] <... futex resumed>) = 0 [pid 313] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 308] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 307] exit_group(0) = ? [pid 313] <... futex resumed>) = ? [pid 308] <... futex resumed>) = ? [pid 313] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=5, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 29.759038][ T308] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 29.766237][ T308] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 29.776910][ T308] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./2/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file4") = 0 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 314 ./strace-static-x86_64: Process 314 attached [pid 314] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 314] chdir("./3") = 0 [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 314] setpgid(0, 0) = 0 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 314] write(3, "1000", 4) = 4 [pid 314] close(3) = 0 [pid 314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 314] write(1, "executing program\n", 18executing program ) = 18 [pid 314] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 314] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[315]}, 88) = 315 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 315 attached [pid 315] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 315] memfd_create("syzkaller", 0) = 3 [pid 315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 315] munmap(0x7fe6394c7000, 138412032) = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 315] close(3) = 0 [pid 315] close(4) = 0 [pid 315] mkdir("./file4", 0777) = 0 [ 29.983498][ T315] loop0: detected capacity change from 0 to 40427 [ 29.991383][ T315] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 29.998865][ T315] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.007312][ T315] F2FS-fs (loop0): fault_injection options not supported [ 30.014562][ T315] F2FS-fs (loop0): fault_type options not supported [ 30.022127][ T315] F2FS-fs (loop0): invalid crc value [ 30.029182][ T315] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 315] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 315] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 315] chdir("./file4") = 0 [pid 315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 315] ioctl(4, LOOP_CLR_FD) = 0 [pid 315] close(4) = 0 [pid 315] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 315] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 314] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[320]}, 88) = 320 [pid 314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 314] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 315] <... futex resumed>) = 1 [pid 315] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 315] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 315] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 320] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 320] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 314] exit_group(0) = ? [pid 315] <... futex resumed>) = ? [pid 315] +++ exited with 0 +++ [pid 320] <... futex resumed>) = ? [pid 320] +++ exited with 0 +++ [pid 314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=314, si_uid=0, si_status=0, si_utime=4, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 30.058816][ T315] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 30.066001][ T315] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 30.077746][ T315] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./3/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file4") = 0 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 321 ./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 321] chdir("./4") = 0 [pid 321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 321] setpgid(0, 0) = 0 [pid 321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 321] write(3, "1000", 4) = 4 [pid 321] close(3) = 0 [pid 321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 321] write(1, "executing program\n", 18executing program ) = 18 [pid 321] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 321] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[322]}, 88) = 322 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 322 attached [pid 322] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 322] memfd_create("syzkaller", 0) = 3 [pid 322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 322] munmap(0x7fe6394c7000, 138412032) = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 322] close(3) = 0 [pid 322] close(4) = 0 [pid 322] mkdir("./file4", 0777) = 0 [ 30.278313][ T322] loop0: detected capacity change from 0 to 40427 [ 30.287511][ T322] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 30.294518][ T322] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.303079][ T322] F2FS-fs (loop0): fault_injection options not supported [ 30.310274][ T322] F2FS-fs (loop0): fault_type options not supported [ 30.317775][ T322] F2FS-fs (loop0): invalid crc value [ 30.324336][ T322] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 322] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 322] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 322] chdir("./file4") = 0 [pid 322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 322] ioctl(4, LOOP_CLR_FD) = 0 [pid 322] close(4) = 0 [pid 322] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 322] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 321] <... futex resumed>) = 0 [pid 321] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 321] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[327]}, 88) = 327 [pid 321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 321] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 322] <... futex resumed>) = 1 [pid 322] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 327 attached ) = -1 EINVAL (Invalid argument) [pid 327] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 327] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 327] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] futex(0x7fe6419b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 322] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 322] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 321] <... futex resumed>) = 0 [pid 321] exit_group(0) = ? [pid 327] <... futex resumed>) = ? [pid 327] +++ exited with 0 +++ [pid 322] <... futex resumed>) = ? [pid 322] +++ exited with 0 +++ [pid 321] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=321, si_uid=0, si_status=0, si_utime=5, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 30.353106][ T322] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 30.360251][ T322] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 30.373747][ T322] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./4/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file4") = 0 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 328] chdir("./5") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 328] write(1, "executing program\n", 18executing program ) = 18 [pid 328] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 328] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[329]}, 88) = 329 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 329 attached [pid 329] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 329] memfd_create("syzkaller", 0) = 3 [pid 329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 329] munmap(0x7fe6394c7000, 138412032) = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 329] close(3) = 0 [pid 329] close(4) = 0 [pid 329] mkdir("./file4", 0777) = 0 [ 30.612153][ T329] loop0: detected capacity change from 0 to 40427 [ 30.621019][ T329] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 30.628286][ T329] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.636934][ T329] F2FS-fs (loop0): fault_injection options not supported [ 30.644545][ T329] F2FS-fs (loop0): fault_type options not supported [ 30.651937][ T329] F2FS-fs (loop0): invalid crc value [ 30.658582][ T329] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 329] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 329] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 329] chdir("./file4") = 0 [pid 329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 329] ioctl(4, LOOP_CLR_FD) = 0 [pid 329] close(4) = 0 [pid 329] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 329] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 328] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[334]}, 88) = 334 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 329] <... futex resumed>) = 1 [pid 329] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 329] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 329] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 334] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 334] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] exit_group(0) = ? [pid 329] <... futex resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 334] <... futex resumed>) = ? [pid 334] +++ exited with 0 +++ [pid 328] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=328, si_uid=0, si_status=0, si_utime=4, si_stime=16} --- umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 30.692899][ T329] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 30.700072][ T329] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 30.712309][ T329] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./5/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file4") = 0 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 335 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 335] chdir("./6") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] write(1, "executing program\n", 18executing program ) = 18 [pid 335] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 335] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[336]}, 88) = 336 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 336 attached [pid 336] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 336] memfd_create("syzkaller", 0) = 3 [pid 336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 336] munmap(0x7fe6394c7000, 138412032) = 0 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 336] close(3) = 0 [pid 336] close(4) = 0 [pid 336] mkdir("./file4", 0777) = 0 [pid 336] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 336] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 336] chdir("./file4") = 0 [pid 336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 336] ioctl(4, LOOP_CLR_FD) = 0 [pid 336] close(4) = 0 [pid 336] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 336] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 336] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 335] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[341]}, 88) = 341 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 1 [pid 336] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 336] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 341] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 341] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 335] exit_group(0) = ? [pid 336] <... futex resumed>) = ? [pid 336] +++ exited with 0 +++ [pid 341] <... futex resumed>) = ? [pid 341] +++ exited with 0 +++ [pid 335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=4, si_stime=15} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 30.910567][ T336] loop0: detected capacity change from 0 to 40427 [ 30.918370][ T336] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 30.925522][ T336] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 30.933963][ T336] F2FS-fs (loop0): fault_injection options not supported [ 30.941109][ T336] F2FS-fs (loop0): fault_type options not supported [ 30.948687][ T336] F2FS-fs (loop0): invalid crc value [ 30.955086][ T336] F2FS-fs (loop0): Found nat_bits in checkpoint [ 30.984147][ T336] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 30.991423][ T336] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.002714][ T336] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./6/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file4") = 0 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 342 ./strace-static-x86_64: Process 342 attached [pid 342] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 342] chdir("./7") = 0 [pid 342] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 342] setpgid(0, 0) = 0 [pid 342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 342] write(3, "1000", 4) = 4 [pid 342] close(3) = 0 [pid 342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 342] write(1, "executing program\n", 18) = 18 [pid 342] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 342] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 342] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[343]}, 88) = 343 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] memfd_create("syzkaller", 0) = 3 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 343] munmap(0x7fe6394c7000, 138412032) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 343] close(3) = 0 [pid 343] close(4) = 0 [pid 343] mkdir("./file4", 0777) = 0 [ 31.194620][ T343] loop0: detected capacity change from 0 to 40427 [ 31.203882][ T343] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 31.211177][ T343] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 31.219624][ T343] F2FS-fs (loop0): fault_injection options not supported [ 31.226715][ T343] F2FS-fs (loop0): fault_type options not supported [ 31.234368][ T343] F2FS-fs (loop0): invalid crc value [ 31.241136][ T343] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 343] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 343] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 343] chdir("./file4") = 0 [pid 343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 343] ioctl(4, LOOP_CLR_FD) = 0 [pid 343] close(4) = 0 [pid 343] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 343] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 342] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 0 [pid 343] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 343] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 342] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 342] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 342] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[348]}, 88) = 348 [pid 342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 342] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... futex resumed>) = 1 [pid 343] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 348 attached ) = -1 EINVAL (Invalid argument) [pid 348] set_robust_list(0x7fe6418c69a0, 24 [pid 343] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 348] <... set_robust_list resumed>) = 0 [pid 348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 348] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 348] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 342] exit_group(0) = ? [pid 348] <... futex resumed>) = ? [pid 348] +++ exited with 0 +++ [pid 343] <... futex resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 342] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=342, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 31.270219][ T343] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 31.277325][ T343] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.288722][ T343] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./7/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file4") = 0 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 349 ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 349] chdir("./8") = 0 [pid 349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 349] setpgid(0, 0) = 0 [pid 349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 349] write(3, "1000", 4) = 4 [pid 349] close(3) = 0 [pid 349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 349] write(1, "executing program\n", 18) = 18 [pid 349] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 349] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[350]}, 88) = 350 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 350 attached [pid 350] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 350] memfd_create("syzkaller", 0) = 3 [pid 350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 350] munmap(0x7fe6394c7000, 138412032) = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 350] close(3) = 0 [pid 350] close(4) = 0 [pid 350] mkdir("./file4", 0777) = 0 [ 31.485168][ T350] loop0: detected capacity change from 0 to 40427 [ 31.494473][ T350] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 31.501541][ T350] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 31.509976][ T350] F2FS-fs (loop0): fault_injection options not supported [ 31.517200][ T350] F2FS-fs (loop0): fault_type options not supported [ 31.524704][ T350] F2FS-fs (loop0): invalid crc value [ 31.531627][ T350] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 350] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 350] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 350] chdir("./file4") = 0 [pid 350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 350] ioctl(4, LOOP_CLR_FD) = 0 [pid 350] close(4) = 0 [pid 350] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 350] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 349] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[355]}, 88) = 355 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 349] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 350] <... futex resumed>) = 1 [pid 350] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 350] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 350] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 355 attached [pid 355] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 355] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 355] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 349] <... futex resumed>) = 0 [pid 349] exit_group(0) = ? [pid 350] <... futex resumed>) = ? [pid 350] +++ exited with 0 +++ [pid 355] <... futex resumed>) = ? [pid 355] +++ exited with 0 +++ [pid 349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=349, si_uid=0, si_status=0, si_utime=5, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 31.560190][ T350] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 31.567392][ T350] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.578089][ T350] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./8/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file4") = 0 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 356 ./strace-static-x86_64: Process 356 attached [pid 356] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 356] chdir("./9") = 0 [pid 356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 356] setpgid(0, 0) = 0 [pid 356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 356] write(3, "1000", 4) = 4 [pid 356] close(3) = 0 executing program [pid 356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 356] write(1, "executing program\n", 18) = 18 [pid 356] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 356] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[357]}, 88) = 357 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 357 attached [pid 357] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] memfd_create("syzkaller", 0) = 3 [pid 357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 357] munmap(0x7fe6394c7000, 138412032) = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 357] close(3) = 0 [pid 357] close(4) = 0 [pid 357] mkdir("./file4", 0777) = 0 [ 31.778070][ T357] loop0: detected capacity change from 0 to 40427 [ 31.787426][ T357] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 31.794810][ T357] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 31.803134][ T357] F2FS-fs (loop0): fault_injection options not supported [ 31.810230][ T357] F2FS-fs (loop0): fault_type options not supported [ 31.817599][ T357] F2FS-fs (loop0): invalid crc value [ 31.823969][ T357] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 357] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 357] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 357] chdir("./file4") = 0 [pid 357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 357] ioctl(4, LOOP_CLR_FD) = 0 [pid 357] close(4) = 0 [pid 357] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 1 [pid 357] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 357] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 356] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[362]}, 88) = 362 [pid 356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 356] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 356] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 1 [pid 357] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 357] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 362] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 356] <... futex resumed>) = 0 [pid 356] exit_group(0) = ? [pid 357] <... futex resumed>) = ? [pid 357] +++ exited with 0 +++ [pid 362] <... futex resumed>) = ? [pid 362] +++ exited with 0 +++ [pid 356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=356, si_uid=0, si_status=0, si_utime=4, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 31.853055][ T357] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 31.860142][ T357] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 31.870451][ T357] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./9/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file4") = 0 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 363 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 363] chdir("./10") = 0 [pid 363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 363] setpgid(0, 0) = 0 [pid 363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 363] write(3, "1000", 4) = 4 [pid 363] close(3) = 0 [pid 363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 363] write(1, "executing program\n", 18) = 18 [pid 363] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 363] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[364]}, 88) = 364 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 364 attached [pid 364] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 364] memfd_create("syzkaller", 0) = 3 [pid 364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 364] munmap(0x7fe6394c7000, 138412032) = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 364] close(3) = 0 [pid 364] close(4) = 0 [pid 364] mkdir("./file4", 0777) = 0 [ 32.068992][ T364] loop0: detected capacity change from 0 to 40427 [ 32.078012][ T364] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 32.084996][ T364] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.093459][ T364] F2FS-fs (loop0): fault_injection options not supported [ 32.100620][ T364] F2FS-fs (loop0): fault_type options not supported [ 32.108265][ T364] F2FS-fs (loop0): invalid crc value [ 32.115128][ T364] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 364] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 364] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 364] chdir("./file4") = 0 [pid 364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 364] ioctl(4, LOOP_CLR_FD) = 0 [pid 364] close(4) = 0 [pid 364] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 364] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 363] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[369]}, 88) = 369 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 363] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 364] <... futex resumed>) = 1 [pid 364] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 364] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 364] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 369] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 369] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 363] exit_group(0) = ? [pid 364] <... futex resumed>) = ? [pid 364] +++ exited with 0 +++ [pid 369] <... futex resumed>) = ? [pid 369] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=363, si_uid=0, si_status=0, si_utime=2, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 32.144482][ T364] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.151611][ T364] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 32.162659][ T364] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./10/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file4") = 0 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 370] chdir("./11") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] write(1, "executing program\n", 18executing program ) = 18 [pid 370] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 370] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[371]}, 88) = 371 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 371] munmap(0x7fe6394c7000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 371] close(3) = 0 [pid 371] close(4) = 0 [pid 371] mkdir("./file4", 0777) = 0 [ 32.364877][ T371] loop0: detected capacity change from 0 to 40427 [ 32.374048][ T371] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 32.381212][ T371] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.389499][ T371] F2FS-fs (loop0): fault_injection options not supported [ 32.396630][ T371] F2FS-fs (loop0): fault_type options not supported [ 32.403983][ T371] F2FS-fs (loop0): invalid crc value [ 32.410537][ T371] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 371] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 371] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 371] chdir("./file4") = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... futex resumed>) = 0 [pid 371] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 371] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 370] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[376]}, 88) = 376 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... futex resumed>) = 1 [pid 371] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 371] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 376] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 376] futex(0x7fe6419b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = 0 [pid 370] exit_group(0) = ? [pid 376] <... futex resumed>) = ? [pid 376] +++ exited with 0 +++ [pid 371] <... futex resumed>) = ? [pid 371] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=1, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 32.438994][ T371] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.446300][ T371] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 32.460695][ T371] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./11/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file4") = 0 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 377 ./strace-static-x86_64: Process 377 attached [pid 377] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 377] chdir("./12") = 0 [pid 377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 377] setpgid(0, 0) = 0 [pid 377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 377] write(3, "1000", 4) = 4 [pid 377] close(3) = 0 [pid 377] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 377] write(1, "executing program\n", 18) = 18 [pid 377] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 377] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[378]}, 88) = 378 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 378 attached [pid 378] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] memfd_create("syzkaller", 0) = 3 [pid 378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 378] munmap(0x7fe6394c7000, 138412032) = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 378] close(3) = 0 [pid 378] close(4) = 0 [pid 378] mkdir("./file4", 0777) = 0 [ 32.661631][ T378] loop0: detected capacity change from 0 to 40427 [ 32.672379][ T378] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 32.679544][ T378] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.687961][ T378] F2FS-fs (loop0): fault_injection options not supported [ 32.695043][ T378] F2FS-fs (loop0): fault_type options not supported [ 32.702435][ T378] F2FS-fs (loop0): invalid crc value [ 32.708881][ T378] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 378] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 378] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 378] chdir("./file4") = 0 [pid 378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 378] ioctl(4, LOOP_CLR_FD) = 0 [pid 378] close(4) = 0 [pid 378] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 0 [pid 378] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 378] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 377] <... futex resumed>) = 0 [pid 377] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 377] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[383]}, 88) = 383 [pid 377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 377] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 377] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 378] <... futex resumed>) = 1 [pid 378] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 383 attached ) = -1 EINVAL (Invalid argument) [pid 383] set_robust_list(0x7fe6418c69a0, 24 [pid 378] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 383] <... set_robust_list resumed>) = 0 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 383] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 383] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 377] <... futex resumed>) = 0 [pid 383] futex(0x7fe6419b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 377] exit_group(0 [pid 383] <... futex resumed>) = ? [pid 378] <... futex resumed>) = ? [pid 377] <... exit_group resumed>) = ? [pid 383] +++ exited with 0 +++ [pid 378] +++ exited with 0 +++ [pid 377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=377, si_uid=0, si_status=0, si_utime=4, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 32.738030][ T378] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.745097][ T378] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 32.757034][ T378] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./12/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file4") = 0 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 384 ./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 384] chdir("./13") = 0 [pid 384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 384] setpgid(0, 0) = 0 [pid 384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 384] write(3, "1000", 4) = 4 [pid 384] close(3) = 0 [pid 384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 384] write(1, "executing program\n", 18executing program ) = 18 [pid 384] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 384] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[385]}, 88) = 385 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] memfd_create("syzkaller", 0) = 3 [pid 385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 385] munmap(0x7fe6394c7000, 138412032) = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 385] close(3) = 0 [pid 385] close(4) = 0 [pid 385] mkdir("./file4", 0777) = 0 [ 32.959729][ T385] loop0: detected capacity change from 0 to 40427 [ 32.969211][ T385] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 32.976355][ T385] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.984587][ T385] F2FS-fs (loop0): fault_injection options not supported [ 32.991740][ T385] F2FS-fs (loop0): fault_type options not supported [ 32.999244][ T385] F2FS-fs (loop0): invalid crc value [ 33.005682][ T385] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 385] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 385] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 385] chdir("./file4") = 0 [pid 385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 385] ioctl(4, LOOP_CLR_FD) = 0 [pid 385] close(4) = 0 [pid 385] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 384] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = 0 [pid 385] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 385] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 384] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 384] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[390]}, 88) = 390 [pid 384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 384] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 385] <... futex resumed>) = 1 [pid 385] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], [pid 385] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 385] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 390] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 390] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... futex resumed>) = 0 [pid 384] exit_group(0) = ? [pid 390] <... futex resumed>) = ? [pid 390] +++ exited with 0 +++ [pid 385] <... futex resumed>) = ? [pid 385] +++ exited with 0 +++ [pid 384] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=384, si_uid=0, si_status=0, si_utime=4, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 33.034818][ T385] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.041923][ T385] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.053659][ T385] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./13/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file4") = 0 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 391 ./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 391] chdir("./14") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] write(1, "executing program\n", 18) = 18 [pid 391] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 391] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[392]}, 88) = 392 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 392 attached [pid 392] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 392] memfd_create("syzkaller", 0) = 3 [pid 392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 392] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 392] munmap(0x7fe6394c7000, 138412032) = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 392] close(3) = 0 [pid 392] close(4) = 0 [pid 392] mkdir("./file4", 0777) = 0 [ 33.251063][ T392] loop0: detected capacity change from 0 to 40427 [ 33.260046][ T392] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 33.267241][ T392] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 33.275468][ T392] F2FS-fs (loop0): fault_injection options not supported [ 33.282704][ T392] F2FS-fs (loop0): fault_type options not supported [ 33.290116][ T392] F2FS-fs (loop0): invalid crc value [ 33.296863][ T392] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 392] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 392] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 392] chdir("./file4") = 0 [pid 392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 392] ioctl(4, LOOP_CLR_FD) = 0 [pid 392] close(4) = 0 [pid 392] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 392] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 391] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[397]}, 88) = 397 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 392] <... futex resumed>) = 1 [pid 392] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 397 attached [pid 392] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 397] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = 0 [pid 391] exit_group(0) = ? [pid 397] <... futex resumed>) = ? [pid 392] <... futex resumed>) = ? [pid 392] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ [pid 391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=391, si_uid=0, si_status=0, si_utime=3, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 33.325182][ T392] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.332321][ T392] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.345371][ T392] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./14/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file4") = 0 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 398 ./strace-static-x86_64: Process 398 attached [pid 398] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 398] chdir("./15") = 0 [pid 398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 398] setpgid(0, 0) = 0 [pid 398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 398] write(3, "1000", 4) = 4 [pid 398] close(3) = 0 [pid 398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 398] write(1, "executing program\n", 18executing program ) = 18 [pid 398] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 398] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[399]}, 88) = 399 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] memfd_create("syzkaller", 0) = 3 [pid 399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 399] munmap(0x7fe6394c7000, 138412032) = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 399] close(3) = 0 [pid 399] close(4) = 0 [pid 399] mkdir("./file4", 0777) = 0 [ 33.545525][ T399] loop0: detected capacity change from 0 to 40427 [ 33.554658][ T399] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 33.561803][ T399] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 33.570103][ T399] F2FS-fs (loop0): fault_injection options not supported [ 33.577205][ T399] F2FS-fs (loop0): fault_type options not supported [ 33.584476][ T399] F2FS-fs (loop0): invalid crc value [ 33.591055][ T399] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 399] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 399] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 399] chdir("./file4") = 0 [pid 399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 399] ioctl(4, LOOP_CLR_FD) = 0 [pid 399] close(4) = 0 [pid 399] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 0 [pid 399] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 399] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 398] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[404]}, 88) = 404 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 398] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] <... futex resumed>) = 1 [pid 399] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7fe6418c69a0, 24 [pid 399] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 399] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 404] <... set_robust_list resumed>) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 404] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 404] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 398] exit_group(0) = ? [pid 404] <... futex resumed>) = ? [pid 404] +++ exited with 0 +++ [pid 399] <... futex resumed>) = ? [pid 399] +++ exited with 0 +++ [pid 398] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=398, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 33.619229][ T399] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.626315][ T399] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.639537][ T399] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./15/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file4") = 0 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 405] chdir("./16") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18) = 18 [pid 405] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 405] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[406]}, 88) = 406 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 406 attached [pid 406] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 406] munmap(0x7fe6394c7000, 138412032) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 406] close(3) = 0 [pid 406] close(4) = 0 [pid 406] mkdir("./file4", 0777) = 0 [ 33.834398][ T406] loop0: detected capacity change from 0 to 40427 [ 33.844176][ T406] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 33.851295][ T406] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 33.859674][ T406] F2FS-fs (loop0): fault_injection options not supported [ 33.866964][ T406] F2FS-fs (loop0): fault_type options not supported [ 33.874463][ T406] F2FS-fs (loop0): invalid crc value [ 33.881207][ T406] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 406] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 406] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file4") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 406] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 405] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 406] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 406] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 405] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[411]}, 88) = 411 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 406] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 411] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] exit_group(0) = ? [pid 411] <... futex resumed>) = ? [pid 406] <... futex resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 411] +++ exited with 0 +++ [pid 405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=3, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 33.910748][ T406] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 33.917834][ T406] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.930969][ T406] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./16/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file4") = 0 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 412 ./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 412] chdir("./17") = 0 [pid 412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 412] setpgid(0, 0) = 0 [pid 412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 412] write(3, "1000", 4) = 4 [pid 412] close(3) = 0 [pid 412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 412] write(1, "executing program\n", 18) = 18 [pid 412] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 412] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[413]}, 88) = 413 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] memfd_create("syzkaller", 0) = 3 [pid 413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 413] munmap(0x7fe6394c7000, 138412032) = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 413] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 413] close(3) = 0 [pid 413] close(4) = 0 [pid 413] mkdir("./file4", 0777) = 0 [ 34.125513][ T413] loop0: detected capacity change from 0 to 40427 [ 34.134951][ T413] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 34.142152][ T413] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.150607][ T413] F2FS-fs (loop0): fault_injection options not supported [ 34.157897][ T413] F2FS-fs (loop0): fault_type options not supported [ 34.165286][ T413] F2FS-fs (loop0): invalid crc value [ 34.171842][ T413] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 413] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 413] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 413] chdir("./file4") = 0 [pid 413] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 413] ioctl(4, LOOP_CLR_FD) = 0 [pid 413] close(4) = 0 [pid 413] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 413] <... futex resumed>) = 1 [pid 413] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 413] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 412] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 412] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[418]}, 88) = 418 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 413] <... futex resumed>) = 1 [pid 413] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 413] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 413] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 413] <... futex resumed>) = 0 [pid 418] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 412] <... futex resumed>) = 0 [pid 412] exit_group(0) = ? [pid 418] <... futex resumed>) = ? [pid 418] +++ exited with 0 +++ [pid 413] +++ exited with 0 +++ [pid 412] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=412, si_uid=0, si_status=0, si_utime=5, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 34.199877][ T413] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 34.207012][ T413] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 34.222610][ T413] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./17/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file4") = 0 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 419] chdir("./18") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 419] write(3, "1000", 4) = 4 [pid 419] close(3) = 0 [pid 419] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 419] write(1, "executing program\n", 18) = 18 [pid 419] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 419] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[420]}, 88) = 420 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 420] memfd_create("syzkaller", 0) = 3 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 420] munmap(0x7fe6394c7000, 138412032) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 420] close(3) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("./file4", 0777) = 0 [ 34.420031][ T420] loop0: detected capacity change from 0 to 40427 [ 34.429182][ T420] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 34.436383][ T420] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.444600][ T420] F2FS-fs (loop0): fault_injection options not supported [ 34.451908][ T420] F2FS-fs (loop0): fault_type options not supported [ 34.459264][ T420] F2FS-fs (loop0): invalid crc value [ 34.465753][ T420] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 420] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 420] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 420] chdir("./file4") = 0 [pid 420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_CLR_FD) = 0 [pid 420] close(4) = 0 [pid 420] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 0 [pid 420] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 420] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 419] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[425]}, 88) = 425 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 1 [pid 420] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 425 attached [pid 420] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 425] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 419] exit_group(0) = ? [pid 425] <... futex resumed>) = ? [pid 420] <... futex resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 420] +++ exited with 0 +++ [pid 419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=419, si_uid=0, si_status=0, si_utime=3, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 34.494480][ T420] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 34.501602][ T420] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 34.515185][ T420] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./18/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file4") = 0 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 426 ./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 426] chdir("./19") = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 426] setpgid(0, 0) = 0 [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 426] write(3, "1000", 4) = 4 [pid 426] close(3) = 0 [pid 426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 426] write(1, "executing program\n", 18executing program ) = 18 [pid 426] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 426] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[427]}, 88) = 427 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] memfd_create("syzkaller", 0) = 3 [pid 427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 427] munmap(0x7fe6394c7000, 138412032) = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 427] close(3) = 0 [pid 427] close(4) = 0 [pid 427] mkdir("./file4", 0777) = 0 [ 34.712658][ T427] loop0: detected capacity change from 0 to 40427 [ 34.721771][ T427] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 34.729045][ T427] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 34.737549][ T427] F2FS-fs (loop0): fault_injection options not supported [ 34.744619][ T427] F2FS-fs (loop0): fault_type options not supported [ 34.751999][ T427] F2FS-fs (loop0): invalid crc value [ 34.759000][ T427] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 427] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 427] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 427] chdir("./file4") = 0 [pid 427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 427] ioctl(4, LOOP_CLR_FD) = 0 [pid 427] close(4) = 0 [pid 427] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 0 [pid 427] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 427] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 426] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[432]}, 88) = 432 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... futex resumed>) = 1 [pid 427] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 427] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 432] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 426] exit_group(0) = ? [pid 432] <... futex resumed>) = ? [pid 427] <... futex resumed>) = ? [pid 432] +++ exited with 0 +++ [pid 427] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=4, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 34.787460][ T427] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 34.794649][ T427] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 34.807538][ T427] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./19/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file4") = 0 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 433] chdir("./20") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 433] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[434]}, 88) = 434 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] memfd_create("syzkaller", 0) = 3 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 434] munmap(0x7fe6394c7000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 434] close(3) = 0 [pid 434] close(4) = 0 [pid 434] mkdir("./file4", 0777) = 0 [ 35.008681][ T434] loop0: detected capacity change from 0 to 40427 [ 35.018092][ T434] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 35.025334][ T434] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.033596][ T434] F2FS-fs (loop0): fault_injection options not supported [ 35.040704][ T434] F2FS-fs (loop0): fault_type options not supported [ 35.048105][ T434] F2FS-fs (loop0): invalid crc value [ 35.054782][ T434] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 434] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 434] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 434] chdir("./file4") = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 434] ioctl(4, LOOP_CLR_FD) = 0 [pid 434] close(4) = 0 [pid 434] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 1 [pid 434] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 434] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 433] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[439]}, 88) = 439 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 434] <... futex resumed>) = 1 [pid 434] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 439 attached ) = -1 EINVAL (Invalid argument) [pid 434] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 439] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] exit_group(0 [pid 434] <... futex resumed>) = ? [pid 433] <... exit_group resumed>) = ? [pid 439] +++ exited with 0 +++ [pid 434] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 35.083487][ T434] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.090680][ T434] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.101359][ T434] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./20/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file4") = 0 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 440 ./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 440] chdir("./21") = 0 [pid 440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 440] setpgid(0, 0) = 0 [pid 440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 440] write(3, "1000", 4) = 4 [pid 440] close(3) = 0 [pid 440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 440] write(1, "executing program\n", 18) = 18 [pid 440] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 440] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[441]}, 88) = 441 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] memfd_create("syzkaller", 0) = 3 [pid 441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 441] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 441] munmap(0x7fe6394c7000, 138412032) = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 441] close(3) = 0 [pid 441] close(4) = 0 [pid 441] mkdir("./file4", 0777) = 0 [ 35.301116][ T441] loop0: detected capacity change from 0 to 40427 [ 35.311704][ T441] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 35.318931][ T441] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.327396][ T441] F2FS-fs (loop0): fault_injection options not supported [ 35.334627][ T441] F2FS-fs (loop0): fault_type options not supported [ 35.342032][ T441] F2FS-fs (loop0): invalid crc value [ 35.348602][ T441] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 441] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 441] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 441] chdir("./file4") = 0 [pid 441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 441] ioctl(4, LOOP_CLR_FD) = 0 [pid 441] close(4) = 0 [pid 441] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 441] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 440] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[446]}, 88) = 446 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... futex resumed>) = 1 [pid 441] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 441] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 446] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = 0 [pid 440] exit_group(0) = ? [pid 441] <... futex resumed>) = ? [pid 441] +++ exited with 0 +++ [pid 446] <... futex resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=440, si_uid=0, si_status=0, si_utime=5, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 35.377421][ T441] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.384603][ T441] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.395338][ T441] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./21/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file4") = 0 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 447] chdir("./22") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] write(1, "executing program\n", 18) = 18 [pid 447] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 447] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[448]}, 88) = 448 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] memfd_create("syzkaller", 0) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 448] munmap(0x7fe6394c7000, 138412032) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 448] close(3) = 0 [pid 448] close(4) = 0 [pid 448] mkdir("./file4", 0777) = 0 [ 35.593041][ T448] loop0: detected capacity change from 0 to 40427 [ 35.602317][ T448] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 35.609569][ T448] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.618069][ T448] F2FS-fs (loop0): fault_injection options not supported [ 35.625132][ T448] F2FS-fs (loop0): fault_type options not supported [ 35.632491][ T448] F2FS-fs (loop0): invalid crc value [ 35.638905][ T448] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 448] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 448] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("./file4") = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_CLR_FD) = 0 [pid 448] close(4) = 0 [pid 448] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 448] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 447] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[453]}, 88) = 453 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 448] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 453] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] exit_group(0) = ? [pid 448] <... futex resumed>) = ? [pid 448] +++ exited with 0 +++ [pid 453] <... futex resumed>) = ? [pid 453] +++ exited with 0 +++ [pid 447] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=447, si_uid=0, si_status=0, si_utime=3, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 35.668328][ T448] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.675397][ T448] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.687750][ T448] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./22/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file4") = 0 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 454 ./strace-static-x86_64: Process 454 attached [pid 454] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 454] chdir("./23") = 0 [pid 454] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 454] setpgid(0, 0) = 0 [pid 454] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 454] write(3, "1000", 4) = 4 [pid 454] close(3) = 0 [pid 454] symlink("/dev/binderfs", "./binderfs") = 0 [pid 454] write(1, "executing program\n", 18executing program ) = 18 [pid 454] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 454] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 454] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[455]}, 88) = 455 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] memfd_create("syzkaller", 0) = 3 [pid 455] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 455] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 455] munmap(0x7fe6394c7000, 138412032) = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 455] close(3) = 0 [pid 455] close(4) = 0 [pid 455] mkdir("./file4", 0777) = 0 [ 35.890655][ T455] loop0: detected capacity change from 0 to 40427 [ 35.900156][ T455] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 35.907278][ T455] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 35.915521][ T455] F2FS-fs (loop0): fault_injection options not supported [ 35.922642][ T455] F2FS-fs (loop0): fault_type options not supported [ 35.930162][ T455] F2FS-fs (loop0): invalid crc value [ 35.936806][ T455] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 455] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 455] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 455] chdir("./file4") = 0 [pid 455] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 455] ioctl(4, LOOP_CLR_FD) = 0 [pid 455] close(4) = 0 [pid 455] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 455] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... futex resumed>) = 0 [pid 455] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 455] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 0 [pid 454] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 454] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 454] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 454] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[460]}, 88) = 460 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 454] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... futex resumed>) = 1 [pid 455] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 455] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 460] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 0 [pid 454] exit_group(0) = ? [pid 455] <... futex resumed>) = ? [pid 455] +++ exited with 0 +++ [pid 460] <... futex resumed>) = ? [pid 460] +++ exited with 0 +++ [pid 454] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=454, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 35.965745][ T455] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 35.972851][ T455] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 35.985329][ T455] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./23/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file4") = 0 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 461] chdir("./24") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 461] write(1, "executing program\n", 18) = 18 [pid 461] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 461] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0}./strace-static-x86_64: Process 462 attached => {parent_tid=[462]}, 88) = 462 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 462] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] memfd_create("syzkaller", 0) = 3 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 462] munmap(0x7fe6394c7000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 462] close(3) = 0 [pid 462] close(4) = 0 [pid 462] mkdir("./file4", 0777) = 0 [ 36.187533][ T462] loop0: detected capacity change from 0 to 40427 [ 36.196952][ T462] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 36.204023][ T462] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.212403][ T462] F2FS-fs (loop0): fault_injection options not supported [ 36.219545][ T462] F2FS-fs (loop0): fault_type options not supported [ 36.226990][ T462] F2FS-fs (loop0): invalid crc value [ 36.233349][ T462] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 462] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 462] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 462] chdir("./file4") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 462] ioctl(4, LOOP_CLR_FD) = 0 [pid 462] close(4) = 0 [pid 462] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 462] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 461] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[467]}, 88) = 467 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] <... futex resumed>) = 1 [pid 462] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 462] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 467] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] exit_group(0) = ? [pid 462] <... futex resumed>) = ? [pid 462] +++ exited with 0 +++ [pid 467] <... futex resumed>) = ? [pid 467] +++ exited with 0 +++ [pid 461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=3, si_stime=17} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 36.262209][ T462] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.269318][ T462] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 36.281004][ T462] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./24/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file4") = 0 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) executing program close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 468 ./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 468] chdir("./25") = 0 [pid 468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 468] setpgid(0, 0) = 0 [pid 468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 468] write(3, "1000", 4) = 4 [pid 468] close(3) = 0 [pid 468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 468] write(1, "executing program\n", 18) = 18 [pid 468] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 468] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[469]}, 88) = 469 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 469] memfd_create("syzkaller", 0) = 3 [pid 469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 469] munmap(0x7fe6394c7000, 138412032) = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 469] close(3) = 0 [pid 469] close(4) = 0 [pid 469] mkdir("./file4", 0777) = 0 [ 36.473969][ T469] loop0: detected capacity change from 0 to 40427 [ 36.483467][ T469] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 36.490528][ T469] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.498905][ T469] F2FS-fs (loop0): fault_injection options not supported [ 36.505979][ T469] F2FS-fs (loop0): fault_type options not supported [ 36.513387][ T469] F2FS-fs (loop0): invalid crc value [ 36.519899][ T469] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 469] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 469] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 469] chdir("./file4") = 0 [pid 469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 469] ioctl(4, LOOP_CLR_FD) = 0 [pid 469] close(4) = 0 [pid 469] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 469] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 468] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[474]}, 88) = 474 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 469] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 474] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = 0 [pid 468] exit_group(0) = ? [pid 469] <... futex resumed>) = ? [pid 469] +++ exited with 0 +++ [pid 474] <... futex resumed>) = ? [pid 474] +++ exited with 0 +++ [pid 468] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=468, si_uid=0, si_status=0, si_utime=5, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 36.549124][ T469] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.556226][ T469] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 36.568530][ T469] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./25/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file4") = 0 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 475 ./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 475] chdir("./26") = 0 [pid 475] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 475] setpgid(0, 0) = 0 [pid 475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 475] write(3, "1000", 4) = 4 [pid 475] close(3) = 0 [pid 475] symlink("/dev/binderfs", "./binderfs") = 0 [pid 475] write(1, "executing program\n", 18) = 18 [pid 475] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 475] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[476]}, 88) = 476 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] memfd_create("syzkaller", 0) = 3 [pid 476] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 476] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 476] munmap(0x7fe6394c7000, 138412032) = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 476] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 476] close(3) = 0 [pid 476] close(4) = 0 [pid 476] mkdir("./file4", 0777) = 0 [ 36.764600][ T476] loop0: detected capacity change from 0 to 40427 [ 36.773763][ T476] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 36.780809][ T476] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 36.789209][ T476] F2FS-fs (loop0): fault_injection options not supported [ 36.796334][ T476] F2FS-fs (loop0): fault_type options not supported [ 36.803961][ T476] F2FS-fs (loop0): invalid crc value [ 36.810586][ T476] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 476] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 476] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 476] chdir("./file4") = 0 [pid 476] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 476] ioctl(4, LOOP_CLR_FD) = 0 [pid 476] close(4) = 0 [pid 476] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 1 [pid 476] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 476] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... futex resumed>) = 0 [pid 475] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 475] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 475] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[481]}, 88) = 481 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 475] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 476] <... futex resumed>) = 1 [pid 476] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 476] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 481] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 481] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 475] <... futex resumed>) = 0 [pid 475] exit_group(0) = ? [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 0 +++ [pid 481] <... futex resumed>) = ? [pid 481] +++ exited with 0 +++ [pid 475] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=475, si_uid=0, si_status=0, si_utime=3, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 36.839499][ T476] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 36.846800][ T476] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 36.859105][ T476] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./26/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file4") = 0 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 482] chdir("./27") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 482] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 483] munmap(0x7fe6394c7000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 483] close(3) = 0 [pid 483] close(4) = 0 [pid 483] mkdir("./file4", 0777) = 0 [ 37.053783][ T483] loop0: detected capacity change from 0 to 40427 [ 37.062971][ T483] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 37.070007][ T483] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.078447][ T483] F2FS-fs (loop0): fault_injection options not supported [ 37.085506][ T483] F2FS-fs (loop0): fault_type options not supported [ 37.093091][ T483] F2FS-fs (loop0): invalid crc value [ 37.099756][ T483] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 483] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 483] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 483] chdir("./file4") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_CLR_FD) = 0 [pid 483] close(4) = 0 [pid 483] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 483] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 482] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[488]}, 88) = 488 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... futex resumed>) = 1 [pid 483] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 488 attached ) = -1 EINVAL (Invalid argument) [pid 488] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 488] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] futex(0x7fe6419b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 482] <... futex resumed>) = 0 [pid 482] exit_group(0) = ? [pid 488] <... futex resumed>) = ? [pid 488] +++ exited with 0 +++ [pid 483] <... futex resumed>) = ? [pid 483] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=3, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 37.129099][ T483] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.136162][ T483] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.146892][ T483] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./27/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file4") = 0 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 489 ./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 489] chdir("./28") = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 489] setpgid(0, 0) = 0 [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 489] write(3, "1000", 4) = 4 [pid 489] close(3) = 0 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] write(1, "executing program\n", 18executing program ) = 18 [pid 489] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 489] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0}./strace-static-x86_64: Process 490 attached => {parent_tid=[490]}, 88) = 490 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 490] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] memfd_create("syzkaller", 0) = 3 [pid 490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 490] munmap(0x7fe6394c7000, 138412032) = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 490] close(3) = 0 [pid 490] close(4) = 0 [pid 490] mkdir("./file4", 0777) = 0 [ 37.355985][ T490] loop0: detected capacity change from 0 to 40427 [ 37.375544][ T490] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 37.382600][ T490] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.390893][ T490] F2FS-fs (loop0): fault_injection options not supported [ 37.397965][ T490] F2FS-fs (loop0): fault_type options not supported [pid 490] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 490] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 490] chdir("./file4") = 0 [pid 490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 490] ioctl(4, LOOP_CLR_FD) = 0 [pid 490] close(4) = 0 [pid 490] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 490] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... futex resumed>) = 0 [pid 490] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 490] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = 0 [pid 489] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 489] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[495]}, 88) = 495 [pid 489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 489] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... futex resumed>) = 1 [ 37.405230][ T490] F2FS-fs (loop0): invalid crc value [ 37.412828][ T490] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.440808][ T490] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.447892][ T490] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 490] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 490] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 490] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 490] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 495] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 489] exit_group(0) = ? [pid 490] <... futex resumed>) = ? [pid 490] +++ exited with 0 +++ [pid 495] +++ exited with 0 +++ [pid 489] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=3, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 37.461131][ T490] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./28/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file4") = 0 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 496 ./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 496] chdir("./29") = 0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 496] setpgid(0, 0) = 0 [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 496] write(3, "1000", 4) = 4 [pid 496] close(3) = 0 [pid 496] symlink("/dev/binderfs", "./binderfs") = 0 [pid 496] write(1, "executing program\n", 18executing program ) = 18 [pid 496] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 496] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 496] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[497]}, 88) = 497 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 497] memfd_create("syzkaller", 0) = 3 [pid 497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 497] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 497] munmap(0x7fe6394c7000, 138412032) = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 497] close(3) = 0 [pid 497] close(4) = 0 [pid 497] mkdir("./file4", 0777) = 0 [ 37.660578][ T497] loop0: detected capacity change from 0 to 40427 [ 37.669871][ T497] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 37.677046][ T497] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.685260][ T497] F2FS-fs (loop0): fault_injection options not supported [ 37.692513][ T497] F2FS-fs (loop0): fault_type options not supported [ 37.699894][ T497] F2FS-fs (loop0): invalid crc value [ 37.706896][ T497] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 497] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 497] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 497] chdir("./file4") = 0 [pid 497] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 497] ioctl(4, LOOP_CLR_FD) = 0 [pid 497] close(4) = 0 [pid 497] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 497] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 496] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 0 [pid 497] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 497] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 496] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 496] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 496] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[502]}, 88) = 502 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 502 attached ) = -1 EINVAL (Invalid argument) [pid 497] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 497] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 502] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 502] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] exit_group(0) = ? [pid 502] <... futex resumed>) = ? [pid 497] <... futex resumed>) = ? [pid 502] +++ exited with 0 +++ [pid 497] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=5, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 37.735320][ T497] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.742437][ T497] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.755488][ T497] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./29/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file4") = 0 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 503 ./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 503] chdir("./30") = 0 [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 503] setpgid(0, 0) = 0 [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 503] write(3, "1000", 4) = 4 [pid 503] close(3) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 503] write(1, "executing program\n", 18executing program ) = 18 [pid 503] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 503] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[504]}, 88) = 504 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] memfd_create("syzkaller", 0) = 3 [pid 504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 504] munmap(0x7fe6394c7000, 138412032) = 0 [pid 504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 504] close(3) = 0 [pid 504] close(4) = 0 [pid 504] mkdir("./file4", 0777) = 0 [ 37.955737][ T504] loop0: detected capacity change from 0 to 40427 [ 37.968131][ T504] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 37.975125][ T504] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.983607][ T504] F2FS-fs (loop0): fault_injection options not supported [ 37.990880][ T504] F2FS-fs (loop0): fault_type options not supported [ 37.998228][ T504] F2FS-fs (loop0): invalid crc value [ 38.004734][ T504] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 504] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 504] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 504] chdir("./file4") = 0 [pid 504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 504] ioctl(4, LOOP_CLR_FD) = 0 [pid 504] close(4) = 0 [pid 504] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 504] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 503] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[509]}, 88) = 509 [pid 503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 503] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... futex resumed>) = 1 [pid 504] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 504] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 509] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 509] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... futex resumed>) = 0 [pid 503] exit_group(0) = ? [pid 504] <... futex resumed>) = ? [pid 504] +++ exited with 0 +++ [pid 509] <... futex resumed>) = ? [pid 509] +++ exited with 0 +++ [pid 503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=503, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 38.034033][ T504] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 38.041111][ T504] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 38.051361][ T504] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./30/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file4") = 0 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 510 ./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 510] chdir("./31") = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] write(1, "executing program\n", 18executing program ) = 18 [pid 510] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 510] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[511]}, 88) = 511 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 510] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] memfd_create("syzkaller", 0) = 3 [pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 511] munmap(0x7fe6394c7000, 138412032) = 0 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 511] close(3) = 0 [pid 511] close(4) = 0 [pid 511] mkdir("./file4", 0777) = 0 [ 38.253162][ T511] loop0: detected capacity change from 0 to 40427 [ 38.263862][ T511] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 38.270942][ T511] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 38.279292][ T511] F2FS-fs (loop0): fault_injection options not supported [ 38.286440][ T511] F2FS-fs (loop0): fault_type options not supported [ 38.293805][ T511] F2FS-fs (loop0): invalid crc value [ 38.300437][ T511] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 511] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 511] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 511] chdir("./file4") = 0 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 511] ioctl(4, LOOP_CLR_FD) = 0 [pid 511] close(4) = 0 [pid 511] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 511] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] <... futex resumed>) = 0 [pid 510] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... futex resumed>) = 0 [pid 511] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 511] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] <... futex resumed>) = 0 [pid 510] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 510] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[516]}, 88) = 516 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 510] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 511] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 516] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 516] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = 0 [pid 510] exit_group(0) = ? [pid 511] <... futex resumed>) = ? [pid 511] +++ exited with 0 +++ [pid 516] <... futex resumed>) = ? [pid 516] +++ exited with 0 +++ [pid 510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=510, si_uid=0, si_status=0, si_utime=3, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 38.329457][ T511] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 38.336558][ T511] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 38.350209][ T511] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./31/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file4") = 0 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 517] chdir("./32") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 executing program [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18) = 18 [pid 517] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 517] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[518]}, 88) = 518 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 518] memfd_create("syzkaller", 0) = 3 [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 518] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 518] munmap(0x7fe6394c7000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 518] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 518] close(3) = 0 [pid 518] close(4) = 0 [pid 518] mkdir("./file4", 0777) = 0 [ 38.548742][ T518] loop0: detected capacity change from 0 to 40427 [ 38.557601][ T518] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 38.565167][ T518] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 38.573442][ T518] F2FS-fs (loop0): fault_injection options not supported [ 38.580635][ T518] F2FS-fs (loop0): fault_type options not supported [ 38.588010][ T518] F2FS-fs (loop0): invalid crc value [ 38.594584][ T518] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 518] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 518] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 518] chdir("./file4") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 518] ioctl(4, LOOP_CLR_FD) = 0 [pid 518] close(4) = 0 [pid 518] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 518] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 517] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[523]}, 88) = 523 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] <... futex resumed>) = 1 [pid 518] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 518] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 523] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] exit_group(0) = ? [pid 518] <... futex resumed>) = ? [pid 518] +++ exited with 0 +++ [pid 523] <... futex resumed>) = ? [pid 523] +++ exited with 0 +++ [pid 517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=3, si_stime=15} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 38.623032][ T518] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 38.630129][ T518] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 38.643110][ T518] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./32/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file4") = 0 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 524] chdir("./33") = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] write(1, "executing program\n", 18) = 18 [pid 524] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 524] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[525]}, 88) = 525 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] memfd_create("syzkaller", 0) = 3 [pid 525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 525] munmap(0x7fe6394c7000, 138412032) = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 525] close(3) = 0 [pid 525] close(4) = 0 [pid 525] mkdir("./file4", 0777) = 0 [ 38.839348][ T525] loop0: detected capacity change from 0 to 40427 [ 38.848471][ T525] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 38.855695][ T525] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 38.863960][ T525] F2FS-fs (loop0): fault_injection options not supported [ 38.871193][ T525] F2FS-fs (loop0): fault_type options not supported [ 38.878657][ T525] F2FS-fs (loop0): invalid crc value [ 38.885204][ T525] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 525] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 525] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 525] chdir("./file4") = 0 [pid 525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 525] ioctl(4, LOOP_CLR_FD) = 0 [pid 525] close(4) = 0 [pid 525] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 525] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 524] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[530]}, 88) = 530 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 525] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 525] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 530] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... futex resumed>) = 0 [pid 530] <... futex resumed>) = 1 [pid 524] exit_group(0) = ? [pid 525] <... futex resumed>) = ? [pid 530] +++ exited with 0 +++ [pid 525] +++ exited with 0 +++ [pid 524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=524, si_uid=0, si_status=0, si_utime=5, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 38.914064][ T525] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 38.921181][ T525] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 38.933810][ T525] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./33/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file4") = 0 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 531 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 531] chdir("./34") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 531] write(1, "executing program\n", 18executing program ) = 18 [pid 531] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 531] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[532]}, 88) = 532 ./strace-static-x86_64: Process 532 attached [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 532] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 532] munmap(0x7fe6394c7000, 138412032) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] close(3) = 0 [pid 532] close(4) = 0 [pid 532] mkdir("./file4", 0777) = 0 [ 39.137531][ T532] loop0: detected capacity change from 0 to 40427 [ 39.145255][ T532] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 39.152693][ T532] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 39.161098][ T532] F2FS-fs (loop0): fault_injection options not supported [ 39.168449][ T532] F2FS-fs (loop0): fault_type options not supported [ 39.175859][ T532] F2FS-fs (loop0): invalid crc value [ 39.182480][ T532] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 532] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 532] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 532] chdir("./file4") = 0 [pid 532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 532] ioctl(4, LOOP_CLR_FD) = 0 [pid 532] close(4) = 0 [pid 532] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 532] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 0 [pid 532] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 532] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 531] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[537]}, 88) = 537 [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... futex resumed>) = 1 [pid 532] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 532] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 537] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 531] <... futex resumed>) = 0 [pid 531] exit_group(0) = ? [pid 532] <... futex resumed>) = ? [pid 532] +++ exited with 0 +++ [pid 537] <... futex resumed>) = ? [pid 537] +++ exited with 0 +++ [pid 531] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=531, si_uid=0, si_status=0, si_utime=3, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 39.211875][ T532] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 39.218958][ T532] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 39.231244][ T532] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./34/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file4") = 0 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 538] chdir("./35") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs") = 0 [pid 538] write(1, "executing program\n", 18) = 18 [pid 538] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 538] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0}executing program => {parent_tid=[539]}, 88) = 539 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] memfd_create("syzkaller", 0) = 3 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 539] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 539] munmap(0x7fe6394c7000, 138412032) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 539] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 539] close(3) = 0 [pid 539] close(4) = 0 [pid 539] mkdir("./file4", 0777) = 0 [ 39.429182][ T539] loop0: detected capacity change from 0 to 40427 [ 39.438540][ T539] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 39.445574][ T539] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 39.454112][ T539] F2FS-fs (loop0): fault_injection options not supported [ 39.461410][ T539] F2FS-fs (loop0): fault_type options not supported [ 39.468791][ T539] F2FS-fs (loop0): invalid crc value [ 39.475130][ T539] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 539] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 539] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 539] chdir("./file4") = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 539] ioctl(4, LOOP_CLR_FD) = 0 [pid 539] close(4) = 0 [pid 539] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 1 [pid 539] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 539] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 538] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[544]}, 88) = 544 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 1 [pid 539] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 539] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 544] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 544] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] exit_group(0) = ? [pid 539] <... futex resumed>) = ? [pid 539] +++ exited with 0 +++ [pid 544] <... futex resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=538, si_uid=0, si_status=0, si_utime=5, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 39.504033][ T539] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 39.511149][ T539] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 39.521435][ T539] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./35/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file4") = 0 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 545] chdir("./36") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 executing program [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18) = 18 [pid 545] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 545] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[546]}, 88) = 546 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] memfd_create("syzkaller", 0) = 3 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 546] munmap(0x7fe6394c7000, 138412032) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 546] close(3) = 0 [pid 546] close(4) = 0 [pid 546] mkdir("./file4", 0777) = 0 [ 39.725505][ T546] loop0: detected capacity change from 0 to 40427 [ 39.736209][ T546] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 39.743361][ T546] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 39.751673][ T546] F2FS-fs (loop0): fault_injection options not supported [ 39.758957][ T546] F2FS-fs (loop0): fault_type options not supported [ 39.766280][ T546] F2FS-fs (loop0): invalid crc value [ 39.772929][ T546] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 546] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 546] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 546] chdir("./file4") = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 546] ioctl(4, LOOP_CLR_FD) = 0 [pid 546] close(4) = 0 [pid 546] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 546] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 545] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[551]}, 88) = 551 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 546] <... futex resumed>) = 1 [pid 546] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 546] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 551] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] exit_group(0) = ? [pid 546] <... futex resumed>) = ? [pid 546] +++ exited with 0 +++ [pid 551] <... futex resumed>) = ? [pid 551] +++ exited with 0 +++ [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=3, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 39.801605][ T546] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 39.808723][ T546] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 39.819313][ T546] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./36/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file4") = 0 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 552 ./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 552] chdir("./37") = 0 [pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 552] setpgid(0, 0) = 0 [pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 552] write(3, "1000", 4) = 4 [pid 552] close(3) = 0 [pid 552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 552] write(1, "executing program\n", 18) = 18 [pid 552] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 552] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[553]}, 88) = 553 [pid 552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 552] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] memfd_create("syzkaller", 0) = 3 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 553] munmap(0x7fe6394c7000, 138412032) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 553] close(3) = 0 [pid 553] close(4) = 0 [pid 553] mkdir("./file4", 0777) = 0 [ 40.013842][ T553] loop0: detected capacity change from 0 to 40427 [ 40.023154][ T553] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 40.030607][ T553] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 40.039077][ T553] F2FS-fs (loop0): fault_injection options not supported [ 40.046295][ T553] F2FS-fs (loop0): fault_type options not supported [ 40.053592][ T553] F2FS-fs (loop0): invalid crc value [ 40.060380][ T553] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 553] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 553] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 553] chdir("./file4") = 0 [pid 553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_CLR_FD) = 0 [pid 553] close(4) = 0 [pid 553] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 553] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 552] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[558]}, 88) = 558 [pid 552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 552] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7fe6418c69a0, 24 [pid 553] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 553] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 553] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 558] <... set_robust_list resumed>) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 558] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 552] <... futex resumed>) = 0 [pid 552] exit_group(0) = ? [pid 558] <... futex resumed>) = ? [pid 553] <... futex resumed>) = ? [pid 558] +++ exited with 0 +++ [pid 553] +++ exited with 0 +++ [pid 552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=552, si_uid=0, si_status=0, si_utime=1, si_stime=18} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 40.089007][ T553] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 40.096070][ T553] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 40.108977][ T553] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./37/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file4") = 0 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 559 ./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 559] chdir("./38") = 0 [pid 559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 559] setpgid(0, 0) = 0 [pid 559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 559] write(3, "1000", 4executing program ) = 4 [pid 559] close(3) = 0 [pid 559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 559] write(1, "executing program\n", 18) = 18 [pid 559] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 559] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[560]}, 88) = 560 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] memfd_create("syzkaller", 0) = 3 [pid 560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 560] munmap(0x7fe6394c7000, 138412032) = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 560] close(3) = 0 [pid 560] close(4) = 0 [pid 560] mkdir("./file4", 0777) = 0 [ 40.309260][ T560] loop0: detected capacity change from 0 to 40427 [ 40.319055][ T560] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 40.326270][ T560] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 40.334487][ T560] F2FS-fs (loop0): fault_injection options not supported [ 40.341727][ T560] F2FS-fs (loop0): fault_type options not supported [ 40.349364][ T560] F2FS-fs (loop0): invalid crc value [ 40.355975][ T560] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 560] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 560] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 560] chdir("./file4") = 0 [pid 560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 560] ioctl(4, LOOP_CLR_FD) = 0 [pid 560] close(4) = 0 [pid 560] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 1 [pid 560] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 560] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = 0 [pid 559] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 559] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[565]}, 88) = 565 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 559] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 560] <... futex resumed>) = 1 [pid 560] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 560] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 565] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 559] <... futex resumed>) = 0 [pid 559] exit_group(0) = ? [pid 560] <... futex resumed>) = ? [pid 560] +++ exited with 0 +++ [pid 565] <... futex resumed>) = ? [pid 565] +++ exited with 0 +++ [pid 559] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=559, si_uid=0, si_status=0, si_utime=5, si_stime=12} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 40.384543][ T560] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 40.391639][ T560] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 40.402995][ T560] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./38/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file4") = 0 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 566] chdir("./39") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] write(1, "executing program\n", 18executing program ) = 18 [pid 566] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 566] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0}./strace-static-x86_64: Process 567 attached => {parent_tid=[567]}, 88) = 567 [pid 567] set_robust_list(0x7fe6418e79a0, 24 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 567] <... set_robust_list resumed>) = 0 [pid 567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 567] memfd_create("syzkaller", 0) = 3 [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 567] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 567] munmap(0x7fe6394c7000, 138412032) = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 567] close(3) = 0 [pid 567] close(4) = 0 [pid 567] mkdir("./file4", 0777) = 0 [ 40.601975][ T567] loop0: detected capacity change from 0 to 40427 [ 40.612470][ T567] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 40.619695][ T567] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 40.628257][ T567] F2FS-fs (loop0): fault_injection options not supported [ 40.640147][ T567] F2FS-fs (loop0): fault_type options not supported [pid 567] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 567] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 567] chdir("./file4") = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 567] ioctl(4, LOOP_CLR_FD) = 0 [pid 567] close(4) = 0 [pid 567] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... futex resumed>) = 1 [pid 567] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 567] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 566] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[572]}, 88) = 572 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 567] <... futex resumed>) = 1 [ 40.647594][ T567] F2FS-fs (loop0): invalid crc value [ 40.654251][ T567] F2FS-fs (loop0): Found nat_bits in checkpoint [ 40.683749][ T567] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 40.690868][ T567] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 567] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x7fe6418c69a0, 24 [pid 567] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 572] <... set_robust_list resumed>) = 0 [pid 572] rt_sigprocmask(SIG_SETMASK, [], [pid 567] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 572] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 572] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 572] futex(0x7fe6419b86d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] <... futex resumed>) = 0 [pid 567] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] <... futex resumed>) = 0 [pid 566] exit_group(0 [pid 572] <... futex resumed>) = ? [pid 566] <... exit_group resumed>) = ? [pid 572] +++ exited with 0 +++ [pid 567] <... futex resumed>) = ? [pid 567] +++ exited with 0 +++ [pid 566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=4, si_stime=16} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 40.705823][ T567] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./39/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file4") = 0 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 573 ./strace-static-x86_64: Process 573 attached [pid 573] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 573] chdir("./40") = 0 [pid 573] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 573] setpgid(0, 0) = 0 [pid 573] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 573] write(3, "1000", 4) = 4 [pid 573] close(3) = 0 [pid 573] symlink("/dev/binderfs", "./binderfs") = 0 [pid 573] write(1, "executing program\n", 18) = 18 [pid 573] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 573] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 573] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[574]}, 88) = 574 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 574] memfd_create("syzkaller", 0) = 3 [pid 574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 574] munmap(0x7fe6394c7000, 138412032) = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 574] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 574] close(3) = 0 [pid 574] close(4) = 0 [pid 574] mkdir("./file4", 0777) = 0 [ 40.902924][ T574] loop0: detected capacity change from 0 to 40427 [ 40.913149][ T574] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 40.920359][ T574] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 40.928637][ T574] F2FS-fs (loop0): fault_injection options not supported [ 40.935794][ T574] F2FS-fs (loop0): fault_type options not supported [ 40.943328][ T574] F2FS-fs (loop0): invalid crc value [ 40.949953][ T574] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 574] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 574] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 574] chdir("./file4") = 0 [pid 574] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 574] ioctl(4, LOOP_CLR_FD) = 0 [pid 574] close(4) = 0 [pid 574] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 574] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 573] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 573] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 573] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0} => {parent_tid=[579]}, 88) = 579 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL) = -1 EINVAL (Invalid argument) [pid 574] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 574] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x7fe6418c69a0, 24) = 0 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59) = -1 EINVAL (Invalid argument) [pid 579] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 573] <... futex resumed>) = 0 [pid 573] exit_group(0) = ? [pid 574] <... futex resumed>) = ? [pid 579] <... futex resumed>) = ? [pid 574] +++ exited with 0 +++ [pid 579] +++ exited with 0 +++ [pid 573] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=573, si_uid=0, si_status=0, si_utime=4, si_stime=14} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55555c01b730 /* 4 entries */, 32768) = 112 [ 40.978577][ T574] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 40.985673][ T574] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 40.999106][ T574] F2FS-fs (loop0): switch discard_unit option is not allowed umount2("./40/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file4", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55555c023770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555c023770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file4") = 0 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x55555c01b730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555c01a690) = 580 ./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x55555c01a6a0, 24) = 0 [pid 580] chdir("./41") = 0 [pid 580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 580] setpgid(0, 0) = 0 [pid 580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 580] write(3, "1000", 4) = 4 [pid 580] close(3) = 0 [pid 580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 580] write(1, "executing program\n", 18) = 18 [pid 580] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] rt_sigaction(SIGRT_1, {sa_handler=0x7fe641950ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe6419421a0}, NULL, 8) = 0 [pid 580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418c7000 [pid 580] mprotect(0x7fe6418c8000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418e7990, parent_tid=0x7fe6418e7990, exit_signal=0, stack=0x7fe6418c7000, stack_size=0x20300, tls=0x7fe6418e76c0} => {parent_tid=[581]}, 88) = 581 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x7fe6418e79a0, 24) = 0 [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] memfd_create("syzkaller", 0) = 3 [pid 581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6394c7000 [pid 581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 581] munmap(0x7fe6394c7000, 138412032) = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 581] close(3) = 0 [pid 581] close(4) = 0 [pid 581] mkdir("./file4", 0777) = 0 [ 41.199260][ T581] loop0: detected capacity change from 0 to 40427 [ 41.210587][ T581] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 41.217619][ T581] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 41.225883][ T581] F2FS-fs (loop0): fault_injection options not supported [ 41.233172][ T581] F2FS-fs (loop0): fault_type options not supported [ 41.240540][ T581] F2FS-fs (loop0): invalid crc value [ 41.247401][ T581] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 581] mount("/dev/loop0", "./file4", "f2fs", 0, "noinline_xattr,active_logs=4,discard,fault_injection=00000000000000041160,fault_type=000000000000000"...) = 0 [pid 581] openat(AT_FDCWD, "./file4", O_RDONLY|O_DIRECTORY) = 3 [pid 581] chdir("./file4") = 0 [pid 581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 581] ioctl(4, LOOP_CLR_FD) = 0 [pid 581] close(4) = 0 [pid 581] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 581] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 580] <... futex resumed>) = 0 [pid 580] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 580] futex(0x7fe6419b86cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 581] <... futex resumed>) = 0 [pid 581] openat(AT_FDCWD, ".", O_WRONLY|O_SYNC|O_DIRECT|O_TMPFILE, 000) = 4 [pid 581] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 580] <... futex resumed>) = 0 [pid 580] futex(0x7fe6419b86c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fe6419b86dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe6418a6000 [pid 580] mprotect(0x7fe6418a7000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fe6418c6990, parent_tid=0x7fe6418c6990, exit_signal=0, stack=0x7fe6418a6000, stack_size=0x20300, tls=0x7fe6418c66c0}./strace-static-x86_64: Process 586 attached [pid 581] <... futex resumed>) = 1 [pid 586] set_robust_list(0x7fe6418c69a0, 24 [pid 581] mount(NULL, ".", NULL, MS_NOSUID|MS_NOEXEC|MS_REMOUNT|MS_NOATIME|MS_NODIRATIME|MS_REC|MS_POSIXACL|MS_UNBINDABLE|MS_PRIVATE|MS_SLAVE|MS_STRICTATIME, NULL [pid 586] <... set_robust_list resumed>) = 0 [pid 580] <... clone3 resumed> => {parent_tid=[586]}, 88) = 586 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] futex(0x7fe6419b86d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 580] futex(0x7fe6419b86dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 586] write(4, "\x3a\x73\x79\x7a\x32\x3a\x45\x3a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x36\x3a\x66\x32\x66\x73\x00\x3a\x66\x61\x75\x6c\x74\x5f\x69\x6e\x6a\x65\x63\x74\x69\x6f\x6e\x3a\x2e\x2f\x66\x69\x6c\x65\x32\x3a", 59 [pid 581] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 581] futex(0x7fe6419b86cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 41.276654][ T581] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 41.283717][ T581] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 41.295980][ T581] F2FS-fs (loop0): switch discard_unit option is not allowed [ 41.304894][ T586] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 41.316760][ T586] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [pid 581] futex(0x7fe6419b86c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 580] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 41.325164][ T586] CPU: 1 PID: 586 Comm: syz-executor370 Not tainted 6.1.138-syzkaller-00009-g6246d345f550 #0 [ 41.335312][ T586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 41.345380][ T586] RIP: 0010:update_sit_entry+0x4f9/0x15a0 [ 41.351577][ T586] Code: 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ee 11 8d ff 48 8b 1b 4c 01 f3 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 55 0f 00 00 44 0f b6 23 44 89 e0 44 08 f8 [ 41.371191][ T586] RSP: 0018:ffffc900016a6fc0 EFLAGS: 00010246 [ 41.377352][ T586] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 41.385319][ T586] RDX: ffff88811dd2a880 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.393284][ T586] RBP: ffffc900016a7090 R08: ffff88811dd2a880 R09: 0000000000000003 [ 41.401249][ T586] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000 [ 41.409240][ T586] R13: ffff88811c6c80c8 R14: 0000000000000000 R15: 0000000000000080 [ 41.417226][ T586] FS: 00007fe6418c66c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [pid 580] exit_group(0) = ? [pid 581] <... futex resumed>) = ? [pid 581] +++ exited with 0 +++ [ 41.426149][ T586] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.432745][ T586] CR2: 00007fe6418c5ff8 CR3: 000000011e5a2000 CR4: 00000000003506a0 [ 41.440729][ T586] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.448695][ T586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.456659][ T586] Call Trace: [ 41.459934][ T586] [ 41.462859][ T586] ? __kasan_check_write+0x14/0x20 [ 41.467988][ T586] ? ktime_get_coarse_with_offset+0x153/0x1a0 [ 41.474172][ T586] f2fs_allocate_data_block+0x148c/0x3af0 [ 41.479921][ T586] ? __cfi__raw_spin_lock+0x10/0x10 [ 41.485121][ T586] ? _raw_spin_unlock+0x4c/0x70 [ 41.489970][ T586] ? f2fs_inode_dirtied+0x308/0x360 [ 41.495258][ T586] ? __cfi_f2fs_allocate_data_block+0x10/0x10 [ 41.501324][ T586] ? f2fs_mark_inode_dirty_sync+0x13e/0x1c0 [ 41.507224][ T586] ? inc_valid_block_count+0x5af/0xa00 [ 41.512682][ T586] f2fs_map_blocks+0x11a8/0x3a60 [ 41.517624][ T586] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 41.523008][ T586] f2fs_iomap_begin+0x1f5/0x920 [ 41.527865][ T586] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 41.533233][ T586] iomap_iter+0x5b7/0xb30 [ 41.537560][ T586] ? __cfi_f2fs_iomap_begin+0x10/0x10 [ 41.542936][ T586] __iomap_dio_rw+0xc34/0x1bd0 [ 41.547697][ T586] ? __cfi___iomap_dio_rw+0x10/0x10 [ 41.552914][ T586] ? down_read_trylock+0x273/0x640 [ 41.558036][ T586] ? fault_in_readable+0x11a/0x150 [ 41.563141][ T586] ? fault_in_iov_iter_readable+0xc3/0x320 [ 41.568941][ T586] f2fs_file_write_iter+0x1559/0x2550 [ 41.574318][ T586] ? __cfi_f2fs_file_write_iter+0x10/0x10 [ 41.580045][ T586] ? _raw_spin_unlock+0x4c/0x70 [ 41.584893][ T586] ? finish_task_switch+0x16b/0x7b0 [ 41.590092][ T586] ? __switch_to_asm+0x3a/0x60 [ 41.594850][ T586] ? avc_policy_seqno+0x1b/0x70 [ 41.599697][ T586] ? fsnotify_perm+0x67/0x5b0 [ 41.604368][ T586] ? security_file_permission+0x8a/0xb0 [ 41.609920][ T586] vfs_write+0x5db/0xca0 [ 41.614165][ T586] ? __kasan_check_write+0x14/0x20 [ 41.619281][ T586] ? __cfi_vfs_write+0x10/0x10 [ 41.624075][ T586] ? __cfi_mutex_lock+0x10/0x10 [ 41.628917][ T586] ? __fdget_pos+0x2cd/0x380 [ 41.633505][ T586] ? ksys_write+0x71/0x240 [ 41.637918][ T586] ksys_write+0x140/0x240 [ 41.642249][ T586] ? __cfi_ksys_write+0x10/0x10 [ 41.647097][ T586] ? do_user_addr_fault+0x9ac/0x1050 [ 41.652403][ T586] ? debug_smp_processor_id+0x17/0x20 [ 41.657771][ T586] __x64_sys_write+0x7b/0x90 [ 41.662384][ T586] x64_sys_call+0x27b/0x9a0 [ 41.666882][ T586] do_syscall_64+0x4c/0xa0 [ 41.671299][ T586] ? clear_bhb_loop+0x15/0x70 [ 41.675985][ T586] ? clear_bhb_loop+0x15/0x70 [ 41.680656][ T586] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 41.686547][ T586] RIP: 0033:0x7fe64192abd9 [ 41.690961][ T586] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 41.710558][ T586] RSP: 002b:00007fe6418c6218 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.719002][ T586] RAX: ffffffffffffffda RBX: 00007fe6419b86d8 RCX: 00007fe64192abd9 [ 41.726968][ T586] RDX: 000000000000003b RSI: 0000200000000080 RDI: 0000000000000004 [ 41.735104][ T586] RBP: 00007fe6419b86d0 R08: 00007fe6418c5fb7 R09: 0000000000000000 [ 41.743071][ T586] R10: 0000000000000014 R11: 0000000000000246 R12: 0000200000000088 [ 41.751131][ T586] R13: 00007fe64197f06b R14: 0000200000000080 R15: 00002000000001c0 [ 41.759100][ T586] [ 41.762120][ T586] Modules linked in: [ 41.766303][ T586] ---[ end trace 0000000000000000 ]--- [ 41.771773][ T586] RIP: 0010:update_sit_entry+0x4f9/0x15a0 [ 41.777633][ T28] audit: type=1400 audit(1749953281.569:74): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 41.799373][ T586] Code: 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 ee 11 8d ff 48 8b 1b 4c 01 f3 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 0f 85 55 0f 00 00 44 0f b6 23 44 89 e0 44 08 f8 [ 41.799457][ T28] audit: type=1400 audit(1749953281.569:75): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 41.819992][ T586] RSP: 0018:ffffc900016a6fc0 EFLAGS: 00010246 [ 41.840343][ T28] audit: type=1400 audit(1749953281.569:76): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 41.846705][ T586] RAX: 0000000000000000 RBX: 0000000000000000 RCX: dffffc0000000000 [ 41.867803][ T28] audit: type=1400 audit(1749953281.569:77): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 41.875934][ T586] RDX: ffff88811dd2a880 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.896225][ T28] audit: type=1400 audit(1749953281.569:78): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 41.904435][ T586] RBP: ffffc900016a7090 R08: ffff88811dd2a880 R09: 0000000000000003 [ 41.924514][ T28] audit: type=1400 audit(1749953281.569:79): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 41.932705][ T586] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000 [ 41.955282][ T28] audit: type=1400 audit(1749953281.569:80): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 41.963529][ T586] R13: ffff88811c6c80c8 R14: 0000000000000000 R15: 0000000000000080 [ 41.993706][ T586] FS: 00007fe6418c66c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 42.002672][ T586] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.009297][ T586] CR2: 00007fe64197e6d8 CR3: 000000011e5a2000 CR4: 00000000003506b0 [ 42.017296][ T586] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.025276][ T586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.033271][ T586] Kernel panic - not syncing: Fatal exception [ 42.039636][ T586] Kernel Offset: disabled [ 42.043962][ T586] Rebooting in 86400 seconds..