./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4104284597 <...> Warning: Permanently added '10.128.1.139' (ED25519) to the list of known hosts. execve("./syz-executor4104284597", ["./syz-executor4104284597"], 0x7ffd40624c00 /* 10 vars */) = 0 brk(NULL) = 0x5555556ae000 brk(0x5555556aed40) = 0x5555556aed40 arch_prctl(ARCH_SET_FS, 0x5555556ae3c0) = 0 set_tid_address(0x5555556ae690) = 5054 set_robust_list(0x5555556ae6a0, 24) = 0 rseq(0x5555556aece0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4104284597", 4096) = 28 getrandom("\x0d\xc7\xa3\x1d\xc7\x62\x76\x18", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555556aed40 brk(0x5555556cfd40) = 0x5555556cfd40 brk(0x5555556d0000) = 0x5555556d0000 mprotect(0x7fa1a5f15000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.rmB0BY", 0700) = 0 chmod("./syzkaller.rmB0BY", 0777) = 0 chdir("./syzkaller.rmB0BY") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5056 attached , child_tidptr=0x5555556ae690) = 5056 [pid 5056] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5056] chdir("./0") = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5056] setpgid(0, 0) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5056] write(3, "1000", 4) = 4 [pid 5056] close(3) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5056] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5056] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5056] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5057 attached => {parent_tid=[5057]}, 88) = 5057 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5057] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5057] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] memfd_create("syzkaller", 0) = 3 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5057] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5057] close(3) = 0 [pid 5057] mkdir("./bus", 0777) = 0 [ 59.117891][ T5057] loop0: detected capacity change from 0 to 40427 [ 59.155531][ T5057] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 59.163765][ T5057] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 59.178996][ T5057] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5057] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5057] chdir("./bus") = 0 [pid 5057] ioctl(4, LOOP_CLR_FD) = 0 [pid 5057] close(4) = 0 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] openat(AT_FDCWD, ".", O_RDONLY [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... openat resumed>) = 4 [ 59.210887][ T5057] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 59.218058][ T5057] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... mkdirat resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 1 [pid 5057] fspick(AT_FDCWD, ".", 0) = 5 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5057] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... fsconfig resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... fsconfig resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] openat(AT_FDCWD, ".", O_RDONLY [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... openat resumed>) = 6 [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] getdents(6, [pid 5056] <... futex resumed>) = 0 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... futex resumed>) = 0 [ 59.344808][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.344861][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.352777][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.360362][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.367904][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.375505][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5057] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5057] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5057] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] exit_group(0 [pid 5057] <... futex resumed>) = ? [pid 5056] <... exit_group resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 59.383080][ T5057] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 59.395531][ T5057] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/bus") = 0 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5062 attached [pid 5062] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5062] chdir("./1" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5062 [pid 5062] <... chdir resumed>) = 0 [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5062] write(3, "1000", 4) = 4 [pid 5062] close(3) = 0 [pid 5062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5062] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5063 attached [pid 5063] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5063] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] <... clone3 resumed> => {parent_tid=[5063]}, 88) = 5063 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] memfd_create("syzkaller", 0 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5063] <... memfd_create resumed>) = 3 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5063] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5063] close(3) = 0 [pid 5063] mkdir("./bus", 0777) = 0 [ 59.942304][ T5063] loop0: detected capacity change from 0 to 40427 [ 59.973710][ T5063] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 59.981700][ T5063] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5063] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5063] chdir("./bus") = 0 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [ 59.994500][ T5063] F2FS-fs (loop0): Found nat_bits in checkpoint [ 60.023400][ T5063] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 60.030803][ T5063] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] openat(AT_FDCWD, ".", O_RDONLY [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... openat resumed>) = 4 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... mkdirat resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] fspick(AT_FDCWD, ".", 0 [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... fspick resumed>) = 5 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... fsconfig resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] <... futex resumed>) = 0 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5062] <... futex resumed>) = 0 [pid 5063] getdents(6, [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5063] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5062] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5063] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5062] <... futex resumed>) = 0 [pid 5062] exit_group(0 [pid 5063] <... futex resumed>) = ? [pid 5062] <... exit_group resumed>) = ? [pid 5063] +++ exited with 0 +++ [pid 5062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5062, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.192907][ T5063] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 60.192939][ T5063] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 60.200978][ T5063] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 60.211475][ T5063] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/bus") = 0 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5068] chdir("./2" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5068 [pid 5068] <... chdir resumed>) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5068] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5069 attached [pid 5069] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5068] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5069] <... rseq resumed>) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] memfd_create("syzkaller", 0 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... memfd_create resumed>) = 3 [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5069] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5069] close(3) = 0 [pid 5069] mkdir("./bus", 0777) = 0 [ 60.847734][ T5069] loop0: detected capacity change from 0 to 40427 [ 60.857810][ T5069] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 60.866045][ T5069] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 60.877921][ T5069] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5069] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5069] chdir("./bus") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] openat(AT_FDCWD, ".", O_RDONLY [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... openat resumed>) = 4 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 60.907007][ T5069] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 60.914119][ T5069] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... mkdirat resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] fspick(AT_FDCWD, ".", 0) = 5 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... fsconfig resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5068] <... futex resumed>) = 1 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... fsconfig resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5068] <... futex resumed>) = 1 [pid 5069] openat(AT_FDCWD, ".", O_RDONLY [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... openat resumed>) = 6 [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5068] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5069] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] exit_group(0 [pid 5069] <... futex resumed>) = ? [pid 5069] +++ exited with 0 +++ [pid 5068] <... exit_group resumed>) = ? [pid 5068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5068, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 61.036767][ T5069] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/bus") = 0 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ae690) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5074] chdir("./3") = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5074] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5074] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5074] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5074] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5074] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5075 attached [pid 5075] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5074] <... clone3 resumed> => {parent_tid=[5075]}, 88) = 5075 [pid 5075] <... rseq resumed>) = 0 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] <... futex resumed>) = 0 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5075] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./bus", 0777) = 0 [ 61.650967][ T5075] loop0: detected capacity change from 0 to 40427 [ 61.671523][ T5075] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 61.679515][ T5075] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 61.691818][ T5075] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5075] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./bus") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] openat(AT_FDCWD, ".", O_RDONLY [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... openat resumed>) = 4 [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5075] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 61.720826][ T5075] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 61.728001][ T5075] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... mkdirat resumed>) = 0 [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] fspick(AT_FDCWD, ".", 0 [pid 5074] <... futex resumed>) = 0 [pid 5075] <... fspick resumed>) = 5 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... fsconfig resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... fsconfig resumed>) = 0 [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] openat(AT_FDCWD, ".", O_RDONLY [pid 5074] <... futex resumed>) = 0 [pid 5075] <... openat resumed>) = 6 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5075] getdents(6, [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5074] <... futex resumed>) = 0 [pid 5074] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5075] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5075] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] exit_group(0 [pid 5075] <... futex resumed>) = ? [pid 5074] <... exit_group resumed>) = ? [pid 5075] +++ exited with 0 +++ [pid 5074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 61.839922][ T5075] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/bus") = 0 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5080 attached , child_tidptr=0x5555556ae690) = 5080 [pid 5080] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5080] chdir("./4") = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4) = 4 [pid 5080] close(3) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5080] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5080] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5080] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5080] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5081 attached [pid 5081] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5080] <... clone3 resumed> => {parent_tid=[5081]}, 88) = 5081 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... rseq resumed>) = 0 [pid 5081] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... set_robust_list resumed>) = 0 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] memfd_create("syzkaller", 0) = 3 [pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5081] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5081] close(3) = 0 [pid 5081] mkdir("./bus", 0777) = 0 [ 62.442199][ T5081] loop0: detected capacity change from 0 to 40427 [ 62.451968][ T5081] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 62.459805][ T5081] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 62.471495][ T5081] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5081] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5081] chdir("./bus") = 0 [pid 5081] ioctl(4, LOOP_CLR_FD) = 0 [pid 5081] close(4) = 0 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 62.500447][ T5081] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 62.507497][ T5081] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... mkdirat resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] fspick(AT_FDCWD, ".", 0) = 5 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5081] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... fsconfig resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... fsconfig resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, ".", O_RDONLY [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 6 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] <... futex resumed>) = 0 [pid 5081] getdents(6, [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5080] <... futex resumed>) = 0 [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5080] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5080] <... futex resumed>) = 0 [pid 5080] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5081] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 0 [pid 5080] exit_group(0 [pid 5081] <... futex resumed>) = ? [pid 5080] <... exit_group resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- [ 62.683684][ T5081] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/bus") = 0 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x5555556ae690) = 5086 [pid 5086] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5086] chdir("./5") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5086] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5086] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5086] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5086] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5087 attached => {parent_tid=[5087]}, 88) = 5087 [pid 5087] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5087] <... rseq resumed>) = 0 [pid 5087] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5087] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./bus", 0777) = 0 [ 63.212196][ T5087] loop0: detected capacity change from 0 to 40427 [ 63.231087][ T5087] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 63.238835][ T5087] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 63.250933][ T5087] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5087] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5087] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./bus") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [ 63.282821][ T5087] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 63.290168][ T5087] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, ".", O_RDONLY [pid 5086] <... futex resumed>) = 1 [pid 5087] <... openat resumed>) = 4 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = 1 [pid 5087] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... mkdirat resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] fspick(AT_FDCWD, ".", 0 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... fspick resumed>) = 5 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... fsconfig resumed>) = 0 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... fsconfig resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5087] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] <... futex resumed>) = 0 [pid 5087] getdents(6, [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5086] <... futex resumed>) = 0 [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... futex resumed>) = 0 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5086] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5087] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5087] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5086] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=19 /* 0.19 s */} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 63.443188][ T5087] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/bus") = 0 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached , child_tidptr=0x5555556ae690) = 5092 [pid 5092] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5092] chdir("./6") = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5092] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5093 attached [pid 5093] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5092] <... clone3 resumed> => {parent_tid=[5093]}, 88) = 5093 [pid 5093] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... futex resumed>) = 0 [pid 5093] memfd_create("syzkaller", 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5093] <... memfd_create resumed>) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5093] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./bus", 0777) = 0 [ 63.991567][ T5093] loop0: detected capacity change from 0 to 40427 [ 64.006280][ T5093] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 64.014272][ T5093] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 64.026466][ T5093] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5093] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5093] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./bus") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.055610][ T5093] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 64.062852][ T5093] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5093] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] fspick(AT_FDCWD, ".", 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... fspick resumed>) = 5 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... fsconfig resumed>) = 0 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5092] <... futex resumed>) = 0 [pid 5093] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... fsconfig resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] openat(AT_FDCWD, ".", O_RDONLY [pid 5092] <... futex resumed>) = 0 [pid 5093] <... openat resumed>) = 6 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 1 [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] getdents(6, [pid 5092] <... futex resumed>) = 0 [pid 5093] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... futex resumed>) = 0 [pid 5092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5092] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5092] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5093] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5093] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] <... futex resumed>) = 0 [pid 5093] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] exit_group(0) = ? [pid 5093] <... futex resumed>) = ? [pid 5093] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=25 /* 0.25 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 64.198076][ T5093] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/bus") = 0 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x5555556ae690) = 5098 [pid 5098] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5098] chdir("./7") = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5098] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5098] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5098] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5098] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5099 attached [pid 5099] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5098] <... clone3 resumed> => {parent_tid=[5099]}, 88) = 5099 [pid 5099] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] memfd_create("syzkaller", 0 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5099] <... memfd_create resumed>) = 3 [pid 5099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5099] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5099] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5099] close(3) = 0 [pid 5099] mkdir("./bus", 0777) = 0 [ 64.730886][ T5099] loop0: detected capacity change from 0 to 40427 [ 64.755293][ T5099] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 64.763135][ T5099] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 64.775506][ T5099] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5099] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5099] chdir("./bus") = 0 [pid 5099] ioctl(4, LOOP_CLR_FD) = 0 [pid 5099] close(4) = 0 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] openat(AT_FDCWD, ".", O_RDONLY [pid 5098] <... futex resumed>) = 0 [pid 5099] <... openat resumed>) = 4 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 64.804428][ T5099] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 64.811586][ T5099] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] fspick(AT_FDCWD, ".", 0 [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... fspick resumed>) = 5 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 1 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] openat(AT_FDCWD, ".", O_RDONLY [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... openat resumed>) = 6 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] getdents(6, [pid 5098] <... futex resumed>) = 0 [ 64.942076][ T5099] f2fs_fill_dentries: 39 callbacks suppressed [ 64.942093][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.948223][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.955889][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.963685][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.971287][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5098] <... futex resumed>) = 0 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5098] <... futex resumed>) = 0 [pid 5099] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5098] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5099] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5099] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5098] <... futex resumed>) = 0 [pid 5098] exit_group(0 [pid 5099] <... futex resumed>) = ? [pid 5098] <... exit_group resumed>) = ? [pid 5099] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5098, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=28 /* 0.28 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 64.978832][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.986413][ T5099] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 64.996281][ T5099] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/bus") = 0 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5104] chdir("./8") = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5104 [pid 5104] <... prctl resumed>) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5104] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5105 attached [pid 5105] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5104] <... clone3 resumed> => {parent_tid=[5105]}, 88) = 5105 [pid 5105] <... rseq resumed>) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5105] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] memfd_create("syzkaller", 0) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5105] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5105] close(3) = 0 [pid 5105] mkdir("./bus", 0777) = 0 [ 65.542045][ T5105] loop0: detected capacity change from 0 to 40427 [ 65.571689][ T5105] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 65.579440][ T5105] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5105] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5105] chdir("./bus") = 0 [pid 5105] ioctl(4, LOOP_CLR_FD) = 0 [pid 5105] close(4) = 0 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 65.592051][ T5105] F2FS-fs (loop0): Found nat_bits in checkpoint [ 65.621088][ T5105] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 65.628153][ T5105] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... mkdirat resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] fspick(AT_FDCWD, ".", 0 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... fspick resumed>) = 5 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... fsconfig resumed>) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] <... futex resumed>) = 0 [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5104] <... futex resumed>) = 0 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... fsconfig resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] openat(AT_FDCWD, ".", O_RDONLY [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... openat resumed>) = 6 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... futex resumed>) = 0 [pid 5105] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5105] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5104] <... futex resumed>) = 0 [pid 5105] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5104] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5105] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5105] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 0 [pid 5104] exit_group(0 [pid 5105] <... futex resumed>) = ? [pid 5104] <... exit_group resumed>) = ? [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 65.752070][ T5105] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 65.752103][ T5105] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 65.760185][ T5105] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 65.778777][ T5105] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/bus") = 0 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x5555556ae690) = 5110 [pid 5110] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5110] chdir("./9") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5110] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5111] <... rseq resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... futex resumed>) = 0 [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5111] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./bus", 0777) = 0 [ 66.361258][ T5111] loop0: detected capacity change from 0 to 40427 [ 66.377733][ T5111] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 66.385542][ T5111] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 66.397172][ T5111] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5111] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./bus") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, ".", O_RDONLY [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 4 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... mkdirat resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] fspick(AT_FDCWD, ".", 0 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... fspick resumed>) = 5 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... fsconfig resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 66.426906][ T5111] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 66.434114][ T5111] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... fsconfig resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] openat(AT_FDCWD, ".", O_RDONLY [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... openat resumed>) = 6 [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = 0 [pid 5111] <... futex resumed>) = 1 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] getdents(6, [pid 5110] <... futex resumed>) = 0 [pid 5111] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [pid 5110] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5110] <... futex resumed>) = 0 [pid 5110] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5111] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5111] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 66.525374][ T5111] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/bus") = 0 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x5555556ae690) = 5116 [pid 5116] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5116] chdir("./10") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5116] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5117 attached => {parent_tid=[5117]}, 88) = 5117 [pid 5117] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] <... rseq resumed>) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5117] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5117] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./bus", 0777) = 0 [ 67.069328][ T5117] loop0: detected capacity change from 0 to 40427 [ 67.083402][ T5117] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 67.091304][ T5117] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 67.103319][ T5117] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5117] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./bus") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] openat(AT_FDCWD, ".", O_RDONLY [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... openat resumed>) = 4 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5116] <... futex resumed>) = 0 [ 67.132799][ T5117] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 67.140034][ T5117] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... mkdirat resumed>) = 0 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] fspick(AT_FDCWD, ".", 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... fspick resumed>) = 5 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] <... futex resumed>) = 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5116] <... futex resumed>) = 0 [pid 5117] openat(AT_FDCWD, ".", O_RDONLY [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... openat resumed>) = 6 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5117] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 1 [pid 5117] getdents(6, [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5116] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5117] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] exit_group(0) = ? [pid 5117] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 67.277433][ T5117] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/bus") = 0 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5122] chdir("./11" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5122 [pid 5122] <... chdir resumed>) = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5122] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5122] <... clone3 resumed> => {parent_tid=[5123]}, 88) = 5123 [pid 5123] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] <... set_robust_list resumed>) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5123] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./bus", 0777) = 0 [ 67.923095][ T5123] loop0: detected capacity change from 0 to 40427 [ 67.935704][ T5123] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 67.943473][ T5123] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 67.955753][ T5123] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5123] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./bus") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] openat(AT_FDCWD, ".", O_RDONLY [pid 5122] <... futex resumed>) = 0 [pid 5123] <... openat resumed>) = 4 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5123] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... mkdirat resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] fspick(AT_FDCWD, ".", 0 [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... fspick resumed>) = 5 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... fsconfig resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 67.984464][ T5123] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 67.991892][ T5123] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... fsconfig resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] openat(AT_FDCWD, ".", O_RDONLY [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... openat resumed>) = 6 [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] getdents(6, [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5123] <... futex resumed>) = 0 [pid 5122] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5123] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0) = ? [pid 5123] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 68.090515][ T5123] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/bus") = 0 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached , child_tidptr=0x5555556ae690) = 5128 [pid 5128] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5128] chdir("./12") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5128] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5128] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5129] <... rseq resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] <... set_robust_list resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] <... memfd_create resumed>) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5129] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./bus", 0777) = 0 [ 68.653063][ T5129] loop0: detected capacity change from 0 to 40427 [ 68.667188][ T5129] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 68.675125][ T5129] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 68.687767][ T5129] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5129] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5129] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./bus") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 68.716759][ T5129] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 68.723920][ T5129] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mkdirat resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] fspick(AT_FDCWD, ".", 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... fspick resumed>) = 5 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... fsconfig resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... fsconfig resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5129] openat(AT_FDCWD, ".", O_RDONLY [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 6 [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] getdents(6, [pid 5128] <... futex resumed>) = 0 [pid 5129] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5129] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 1 [pid 5128] exit_group(0 [pid 5129] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 68.888110][ T5129] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/bus") = 0 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x5555556ae690) = 5134 [pid 5134] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5134] chdir("./13") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5134] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5135]}, 88) = 5135 [pid 5135] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5135] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./bus", 0777) = 0 [ 69.460301][ T5135] loop0: detected capacity change from 0 to 40427 [ 69.473828][ T5135] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 69.481767][ T5135] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 69.494254][ T5135] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5135] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./bus") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 69.523667][ T5135] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 69.530844][ T5135] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... mkdirat resumed>) = 0 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] fspick(AT_FDCWD, ".", 0) = 5 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5134] <... futex resumed>) = 0 [pid 5135] <... fsconfig resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... fsconfig resumed>) = 0 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] openat(AT_FDCWD, ".", O_RDONLY [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... openat resumed>) = 6 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] getdents(6, [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5134] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5135] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... futex resumed>) = 0 [pid 5134] exit_group(0) = ? [pid 5135] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 69.654800][ T5135] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/bus") = 0 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ae690) = 5140 ./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5140] chdir("./14") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5140] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5140] <... clone3 resumed> => {parent_tid=[5141]}, 88) = 5141 [pid 5141] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] <... set_robust_list resumed>) = 0 [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] <... memfd_create resumed>) = 3 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5141] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./bus", 0777) = 0 [ 70.290870][ T5141] loop0: detected capacity change from 0 to 40427 [ 70.305550][ T5141] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 70.313447][ T5141] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 70.325825][ T5141] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5141] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./bus") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, ".", O_RDONLY [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 4 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... mkdirat resumed>) = 0 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] fspick(AT_FDCWD, ".", 0 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... fspick resumed>) = 5 [pid 5140] <... futex resumed>) = 0 [ 70.354126][ T5141] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 70.361229][ T5141] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] <... futex resumed>) = 0 [pid 5141] openat(AT_FDCWD, ".", O_RDONLY [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... openat resumed>) = 6 [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] getdents(6, [pid 5140] <... futex resumed>) = 0 [ 70.475518][ T5141] f2fs_fill_dentries: 39 callbacks suppressed [ 70.475537][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.482463][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.490387][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.497955][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.505547][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 0 [pid 5141] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5140] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5141] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] exit_group(0 [pid 5141] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 70.513423][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.521041][ T5141] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 70.530162][ T5141] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/bus") = 0 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5146] chdir("./15") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5146 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5146] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5147 attached [pid 5147] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5146] <... clone3 resumed> => {parent_tid=[5147]}, 88) = 5147 [pid 5147] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... memfd_create resumed>) = 3 [pid 5146] <... futex resumed>) = 0 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... mmap resumed>) = 0x7fa19da2a000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5147] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./bus", 0777) = 0 [ 71.100244][ T5147] loop0: detected capacity change from 0 to 40427 [ 71.114909][ T5147] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 71.122715][ T5147] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 71.134857][ T5147] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5147] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./bus") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = 0 [ 71.163956][ T5147] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 71.171099][ T5147] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] openat(AT_FDCWD, ".", O_RDONLY [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 4 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... mkdirat resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] fspick(AT_FDCWD, ".", 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... fspick resumed>) = 5 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... fsconfig resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] openat(AT_FDCWD, ".", O_RDONLY [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... openat resumed>) = 6 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] getdents(6, [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5147] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] exit_group(0 [pid 5147] <... futex resumed>) = ? [pid 5146] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 71.304233][ T5147] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 71.304264][ T5147] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 71.312250][ T5147] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 71.329113][ T5147] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/bus") = 0 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached [pid 5152] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5152] chdir("./16") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5152 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5152] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5152] <... clone3 resumed> => {parent_tid=[5153]}, 88) = 5153 [pid 5153] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5153] <... set_robust_list resumed>) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] memfd_create("syzkaller", 0 [pid 5152] <... futex resumed>) = 0 [pid 5153] <... memfd_create resumed>) = 3 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5153] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./bus", 0777) = 0 [ 71.927091][ T5153] loop0: detected capacity change from 0 to 40427 [ 71.939794][ T5153] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 71.947560][ T5153] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 71.959869][ T5153] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5153] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./bus") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 71.991013][ T5153] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 71.998063][ T5153] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... mkdirat resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] fspick(AT_FDCWD, ".", 0 [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... fspick resumed>) = 5 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... fsconfig resumed>) = 0 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... fsconfig resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5153] openat(AT_FDCWD, ".", O_RDONLY [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... openat resumed>) = 6 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] getdents(6, [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5152] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5153] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] exit_group(0 [pid 5153] <... futex resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 72.129114][ T5153] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/bus") = 0 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5158] chdir("./17" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5158 [pid 5158] <... chdir resumed>) = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5158] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5159 attached [pid 5159] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5158] <... clone3 resumed> => {parent_tid=[5159]}, 88) = 5159 [pid 5159] <... rseq resumed>) = 0 [pid 5159] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] memfd_create("syzkaller", 0 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] <... memfd_create resumed>) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5159] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./bus", 0777) = 0 [ 72.720662][ T5159] loop0: detected capacity change from 0 to 40427 [ 72.736505][ T5159] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 72.744431][ T5159] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 72.756521][ T5159] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5159] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./bus") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] openat(AT_FDCWD, ".", O_RDONLY [pid 5158] <... futex resumed>) = 0 [pid 5159] <... openat resumed>) = 4 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mkdirat resumed>) = 0 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [ 72.789070][ T5159] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 72.796193][ T5159] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] <... futex resumed>) = 0 [pid 5159] fspick(AT_FDCWD, ".", 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... fspick resumed>) = 5 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... fsconfig resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... fsconfig resumed>) = 0 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] openat(AT_FDCWD, ".", O_RDONLY [pid 5158] <... futex resumed>) = 0 [pid 5159] <... openat resumed>) = 6 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] getdents(6, [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5159] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] exit_group(0 [pid 5159] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 72.924019][ T5159] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/bus") = 0 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5164] chdir("./18" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5164 [pid 5164] <... chdir resumed>) = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5164] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5165 attached [pid 5165] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5164] <... clone3 resumed> => {parent_tid=[5165]}, 88) = 5165 [pid 5165] <... rseq resumed>) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... futex resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5165] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5165] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./bus", 0777) = 0 [ 73.496716][ T5165] loop0: detected capacity change from 0 to 40427 [ 73.520954][ T5165] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 73.528717][ T5165] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 73.541440][ T5165] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5165] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./bus") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] openat(AT_FDCWD, ".", O_RDONLY [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... openat resumed>) = 4 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5165] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... mkdirat resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5165] fspick(AT_FDCWD, ".", 0 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... fspick resumed>) = 5 [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5164] <... futex resumed>) = 0 [pid 5165] <... fsconfig resumed>) = 0 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5164] <... futex resumed>) = 0 [ 73.569967][ T5165] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 73.577058][ T5165] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... fsconfig resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5165] openat(AT_FDCWD, ".", O_RDONLY [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... openat resumed>) = 6 [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] getdents(6, [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5165] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5164] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5165] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0 [pid 5165] <... futex resumed>) = ? [pid 5164] <... exit_group resumed>) = ? [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=17 /* 0.17 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 73.668430][ T5165] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/bus") = 0 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5170] chdir("./19") = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5170 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5170] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5170] <... clone3 resumed> => {parent_tid=[5171]}, 88) = 5171 [pid 5171] <... rseq resumed>) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] <... futex resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5171] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./bus", 0777) = 0 [ 74.181994][ T5171] loop0: detected capacity change from 0 to 40427 [ 74.197221][ T5171] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 74.205168][ T5171] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 74.217284][ T5171] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5171] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./bus") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5171] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... mkdirat resumed>) = 0 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... futex resumed>) = 0 [pid 5171] fspick(AT_FDCWD, ".", 0) = 5 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... fsconfig resumed>) = 0 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] <... futex resumed>) = 0 [pid 5171] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 74.245917][ T5171] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 74.253140][ T5171] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... fsconfig resumed>) = 0 [pid 5170] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 0 [pid 5171] openat(AT_FDCWD, ".", O_RDONLY [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... openat resumed>) = 6 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] getdents(6, [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5170] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5170] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5171] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] exit_group(0 [pid 5171] <... futex resumed>) = ? [pid 5170] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 74.367655][ T5171] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/bus") = 0 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached [pid 5176] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5176] chdir("./20" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5176 [pid 5176] <... chdir resumed>) = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5176] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5176] <... clone3 resumed> => {parent_tid=[5177]}, 88) = 5177 [pid 5177] <... rseq resumed>) = 0 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] <... set_robust_list resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] <... futex resumed>) = 0 [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5177] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./bus", 0777) = 0 [ 75.070502][ T5177] loop0: detected capacity change from 0 to 40427 [ 75.086755][ T5177] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 75.094620][ T5177] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 75.106434][ T5177] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5177] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5177] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./bus") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] <... futex resumed>) = 0 [pid 5177] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = 0 [pid 5176] <... futex resumed>) = 1 [pid 5177] fspick(AT_FDCWD, ".", 0) = 5 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... fsconfig resumed>) = 0 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5177] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.135624][ T5177] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 75.142731][ T5177] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... fsconfig resumed>) = 0 [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] getdents(6, [pid 5176] <... futex resumed>) = 0 [pid 5177] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5177] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5177] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] exit_group(0 [pid 5177] <... futex resumed>) = ? [pid 5176] <... exit_group resumed>) = ? [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=25 /* 0.25 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 75.237936][ T5177] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/bus") = 0 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5182 attached , child_tidptr=0x5555556ae690) = 5182 [pid 5182] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5182] chdir("./21") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5182] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5183 attached [pid 5183] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5183]}, 88) = 5183 [pid 5183] <... rseq resumed>) = 0 [pid 5183] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] <... set_robust_list resumed>) = 0 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5183] memfd_create("syzkaller", 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5183] <... memfd_create resumed>) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5183] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5183] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./bus", 0777) = 0 [ 75.814514][ T5183] loop0: detected capacity change from 0 to 40427 [ 75.833928][ T5183] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 75.841777][ T5183] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 75.853639][ T5183] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5183] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5183] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./bus") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] openat(AT_FDCWD, ".", O_RDONLY [pid 5182] <... futex resumed>) = 0 [pid 5183] <... openat resumed>) = 4 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... futex resumed>) = 0 [ 75.882477][ T5183] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 75.889524][ T5183] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] fspick(AT_FDCWD, ".", 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... fspick resumed>) = 5 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 5183] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... fsconfig resumed>) = 0 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... fsconfig resumed>) = 0 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 1 [pid 5183] openat(AT_FDCWD, ".", O_RDONLY [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... openat resumed>) = 6 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] getdents(6, [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.014707][ T5183] f2fs_fill_dentries: 39 callbacks suppressed [ 76.014725][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.021097][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.028660][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.036612][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.044279][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5183] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5183] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5182] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5183] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] <... futex resumed>) = 0 [pid 5182] exit_group(0 [pid 5183] <... futex resumed>) = ? [pid 5182] <... exit_group resumed>) = ? [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.051869][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.059407][ T5183] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.078145][ T5183] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/bus") = 0 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached , child_tidptr=0x5555556ae690) = 5188 [pid 5188] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5188] chdir("./22") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5188] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5189 attached [pid 5189] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5188] <... clone3 resumed> => {parent_tid=[5189]}, 88) = 5189 [pid 5189] <... rseq resumed>) = 0 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], [pid 5189] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5188] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], [pid 5188] <... futex resumed>) = 0 [pid 5189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5189] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./bus", 0777) = 0 [ 76.695308][ T5189] loop0: detected capacity change from 0 to 40427 [ 76.704774][ T5189] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 76.712591][ T5189] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 76.726725][ T5189] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5189] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./bus") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.775343][ T5189] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 76.782719][ T5189] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5189] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] fspick(AT_FDCWD, ".", 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... fspick resumed>) = 5 [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] <... futex resumed>) = 0 [pid 5189] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5189] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [pid 5188] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0} => {parent_tid=[5194]}, 88) = 5194 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5194 attached [pid 5194] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5194] set_robust_list(0x7fa1a5e299a0, 24) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5194] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5194] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... futex resumed>) = 1 [pid 5194] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5194] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5194] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5194] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] <... fsconfig resumed>) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] exit_group(0) = ? [pid 5189] +++ exited with 0 +++ [pid 5194] <... futex resumed>) = ? [pid 5194] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.922059][ T5194] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.922089][ T5194] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.929982][ T5194] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 76.942562][ T5194] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/bus") = 0 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5195] chdir("./23" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5195 [pid 5195] <... chdir resumed>) = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5195] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5196 attached => {parent_tid=[5196]}, 88) = 5196 [pid 5196] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] <... rseq resumed>) = 0 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5196] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... set_robust_list resumed>) = 0 [pid 5195] <... futex resumed>) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5196] memfd_create("syzkaller", 0) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5196] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./bus", 0777) = 0 [ 77.743651][ T5196] loop0: detected capacity change from 0 to 40427 [ 77.759339][ T5196] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 77.767170][ T5196] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 77.779359][ T5196] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5196] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5196] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./bus") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] openat(AT_FDCWD, ".", O_RDONLY [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... openat resumed>) = 4 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5196] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... mkdirat resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] fspick(AT_FDCWD, ".", 0 [pid 5195] <... futex resumed>) = 0 [ 77.808287][ T5196] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 77.815487][ T5196] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... fspick resumed>) = 5 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5196] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... fsconfig resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5196] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... fsconfig resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] openat(AT_FDCWD, ".", O_RDONLY [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... openat resumed>) = 6 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5196] getdents(6, [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] <... futex resumed>) = 0 [pid 5196] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5195] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5196] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] exit_group(0 [pid 5196] <... futex resumed>) = ? [pid 5195] <... exit_group resumed>) = ? [pid 5196] +++ exited with 0 +++ [pid 5195] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 77.932194][ T5196] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/bus") = 0 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x5555556ae690) = 5201 [pid 5201] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5201] chdir("./24") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5201] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5202 attached => {parent_tid=[5202]}, 88) = 5202 [pid 5202] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] <... set_robust_list resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] memfd_create("syzkaller", 0) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5202] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./bus", 0777) = 0 [ 78.516901][ T5202] loop0: detected capacity change from 0 to 40427 [ 78.536254][ T5202] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 78.544064][ T5202] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 78.555839][ T5202] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5202] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5202] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./bus") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] openat(AT_FDCWD, ".", O_RDONLY [pid 5201] <... futex resumed>) = 0 [pid 5202] <... openat resumed>) = 4 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... mkdirat resumed>) = 0 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] fspick(AT_FDCWD, ".", 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... fspick resumed>) = 5 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... fsconfig resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 78.584739][ T5202] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 78.591872][ T5202] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5202] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] openat(AT_FDCWD, ".", O_RDONLY [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... openat resumed>) = 6 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5202] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] exit_group(0 [pid 5202] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5201] <... exit_group resumed>) = ? [pid 5202] +++ exited with 0 +++ [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 78.690114][ T5202] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/bus") = 0 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x5555556ae690) = 5207 [pid 5207] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5207] chdir("./25") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5207] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5208 attached [pid 5208] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5207] <... clone3 resumed> => {parent_tid=[5208]}, 88) = 5208 [pid 5208] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] <... set_robust_list resumed>) = 0 [pid 5207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] memfd_create("syzkaller", 0 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5208] <... memfd_create resumed>) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5208] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./bus", 0777) = 0 [ 79.257668][ T5208] loop0: detected capacity change from 0 to 40427 [ 79.277938][ T5208] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 79.286292][ T5208] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 79.299128][ T5208] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5208] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./bus") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] openat(AT_FDCWD, ".", O_RDONLY [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 4 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... mkdirat resumed>) = 0 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 1 [pid 5208] fspick(AT_FDCWD, ".", 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... fspick resumed>) = 5 [ 79.329161][ T5208] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 79.336296][ T5208] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... fsconfig resumed>) = 0 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] openat(AT_FDCWD, ".", O_RDONLY [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... openat resumed>) = 6 [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = 1 [pid 5208] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5208] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5207] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5208] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] exit_group(0 [pid 5208] <... futex resumed>) = ? [pid 5207] <... exit_group resumed>) = ? [pid 5208] +++ exited with 0 +++ [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 79.466329][ T5208] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/bus") = 0 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x5555556ae690) = 5213 [pid 5213] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5213] chdir("./26") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5213] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5214 attached => {parent_tid=[5214]}, 88) = 5214 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5213] <... futex resumed>) = 0 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] memfd_create("syzkaller", 0) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5214] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./bus", 0777) = 0 [ 80.018199][ T5214] loop0: detected capacity change from 0 to 40427 [ 80.037801][ T5214] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 80.045708][ T5214] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 80.058743][ T5214] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5214] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5214] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./bus") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 80.098121][ T5214] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 80.105266][ T5214] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5213] <... futex resumed>) = 0 [pid 5214] openat(AT_FDCWD, ".", O_RDONLY [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... openat resumed>) = 4 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... mkdirat resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5214] fspick(AT_FDCWD, ".", 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... fspick resumed>) = 5 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... fsconfig resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] openat(AT_FDCWD, ".", O_RDONLY [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... openat resumed>) = 6 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] getdents(6, [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5213] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5213] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5214] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] <... futex resumed>) = 0 [pid 5214] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] exit_group(0 [pid 5214] <... futex resumed>) = ? [pid 5214] +++ exited with 0 +++ [pid 5213] <... exit_group resumed>) = ? [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 80.257870][ T5214] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/bus") = 0 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x5555556ae690) = 5219 [pid 5219] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5219] chdir("./27") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5219] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5220 attached => {parent_tid=[5220]}, 88) = 5220 [pid 5220] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] <... rseq resumed>) = 0 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5220] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./bus", 0777) = 0 [ 80.857287][ T5220] loop0: detected capacity change from 0 to 40427 [ 80.866990][ T5220] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 80.875001][ T5220] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 80.887083][ T5220] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5220] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./bus") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 80.916636][ T5220] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 80.923763][ T5220] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] fspick(AT_FDCWD, ".", 0 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... fspick resumed>) = 5 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] <... fsconfig resumed>) = 0 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... fsconfig resumed>) = 0 [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] openat(AT_FDCWD, ".", O_RDONLY [pid 5219] <... futex resumed>) = 0 [pid 5220] <... openat resumed>) = 6 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] <... futex resumed>) = 0 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5219] <... futex resumed>) = 0 [pid 5220] getdents(6, [ 81.065622][ T5220] f2fs_fill_dentries: 32 callbacks suppressed [ 81.065643][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.072302][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.080163][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.087771][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.095386][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5219] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... futex resumed>) = 0 [pid 5219] <... futex resumed>) = 0 [pid 5220] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5219] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5220] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] exit_group(0 [pid 5220] <... futex resumed>) = ? [pid 5219] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 81.103106][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.110702][ T5220] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.120389][ T5220] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/bus") = 0 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached , child_tidptr=0x5555556ae690) = 5225 [pid 5225] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5225] chdir("./28") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5225] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5225] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5225] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5225] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5226 attached [pid 5226] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5225] <... clone3 resumed> => {parent_tid=[5226]}, 88) = 5226 [pid 5226] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5226] <... set_robust_list resumed>) = 0 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... futex resumed>) = 0 [pid 5226] memfd_create("syzkaller", 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5226] <... memfd_create resumed>) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5226] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] mkdir("./bus", 0777) = 0 [ 81.677708][ T5226] loop0: detected capacity change from 0 to 40427 [ 81.691216][ T5226] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 81.699066][ T5226] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 81.711430][ T5226] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5226] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5226] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./bus") = 0 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... mkdirat resumed>) = 0 [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] fspick(AT_FDCWD, ".", 0) = 5 [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5225] <... futex resumed>) = 0 [pid 5226] <... fsconfig resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5225] <... futex resumed>) = 0 [ 81.741425][ T5226] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 81.748629][ T5226] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... fsconfig resumed>) = 0 [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] <... futex resumed>) = 0 [pid 5226] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5225] <... futex resumed>) = 0 [pid 5226] openat(AT_FDCWD, ".", O_RDONLY [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... openat resumed>) = 6 [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] getdents(6, [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5225] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = 0 [pid 5225] <... futex resumed>) = 1 [pid 5226] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [ 81.841417][ T23] cfg80211: failed to load regulatory.db [ 81.845849][ T5226] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.847871][ T5226] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 81.855669][ T5226] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5225] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5226] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5225] <... futex resumed>) = 0 [pid 5225] exit_group(0 [pid 5226] <... futex resumed>) = ? [pid 5225] <... exit_group resumed>) = ? [pid 5226] +++ exited with 0 +++ [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 81.881289][ T5226] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/bus") = 0 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached [pid 5232] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5232] chdir("./29") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5232 [pid 5232] <... prctl resumed>) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5232] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5233 attached => {parent_tid=[5233]}, 88) = 5233 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] <... rseq resumed>) = 0 [pid 5233] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5233] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./bus", 0777) = 0 [ 82.427871][ T5233] loop0: detected capacity change from 0 to 40427 [ 82.437416][ T5233] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 82.445299][ T5233] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 82.457166][ T5233] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5233] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5233] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./bus") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] <... futex resumed>) = 0 [pid 5233] openat(AT_FDCWD, ".", O_RDONLY [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... openat resumed>) = 4 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 82.486076][ T5233] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 82.493333][ T5233] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... mkdirat resumed>) = 0 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] fspick(AT_FDCWD, ".", 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] <... fspick resumed>) = 5 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5232] <... futex resumed>) = 0 [pid 5233] <... fsconfig resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... fsconfig resumed>) = 0 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5233] openat(AT_FDCWD, ".", O_RDONLY [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... openat resumed>) = 6 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] getdents(6, [pid 5232] <... futex resumed>) = 0 [pid 5233] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5233] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5232] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5233] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 82.606263][ T5233] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/bus") = 0 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached [pid 5238] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5238] chdir("./30") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5238 [pid 5238] <... prctl resumed>) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5238] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5239 attached [pid 5239] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5238] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... set_robust_list resumed>) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] memfd_create("syzkaller", 0 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] <... memfd_create resumed>) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5239] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./bus", 0777) = 0 [ 83.085784][ T5239] loop0: detected capacity change from 0 to 40427 [ 83.095305][ T5239] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 83.103159][ T5239] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 83.115198][ T5239] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5239] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5239] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./bus") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 83.143590][ T5239] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 83.150725][ T5239] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5239] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... mkdirat resumed>) = 0 [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] fspick(AT_FDCWD, ".", 0 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... fspick resumed>) = 5 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 1 [pid 5239] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... fsconfig resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] <... futex resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... fsconfig resumed>) = 0 [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] openat(AT_FDCWD, ".", O_RDONLY [pid 5238] <... futex resumed>) = 0 [pid 5239] <... openat resumed>) = 6 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] <... futex resumed>) = 0 [pid 5239] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5238] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5239] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] exit_group(0) = ? [pid 5239] <... futex resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 83.279338][ T5239] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/bus") = 0 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5244] chdir("./31" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5244 [pid 5244] <... chdir resumed>) = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5244] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5245 attached [pid 5245] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5244] <... clone3 resumed> => {parent_tid=[5245]}, 88) = 5245 [pid 5245] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] memfd_create("syzkaller", 0 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] <... memfd_create resumed>) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5245] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./bus", 0777) = 0 [ 83.838837][ T5245] loop0: detected capacity change from 0 to 40427 [ 83.854089][ T5245] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 83.861881][ T5245] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 83.873820][ T5245] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5245] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5245] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./bus") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... mkdirat resumed>) = 0 [ 83.902530][ T5245] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 83.909590][ T5245] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] fspick(AT_FDCWD, ".", 0 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... fspick resumed>) = 5 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... fsconfig resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... futex resumed>) = 0 [pid 5245] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] openat(AT_FDCWD, ".", O_RDONLY [pid 5244] <... futex resumed>) = 0 [pid 5245] <... openat resumed>) = 6 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] getdents(6, [pid 5244] <... futex resumed>) = 0 [pid 5245] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = 0 [pid 5244] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5245] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5245] <... futex resumed>) = ? [pid 5244] <... exit_group resumed>) = ? [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.024391][ T5245] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/bus") = 0 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x5555556ae690) = 5250 [pid 5250] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5250] chdir("./32") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5250] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5251 attached => {parent_tid=[5251]}, 88) = 5251 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5251] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./bus", 0777) = 0 [ 84.671834][ T5251] loop0: detected capacity change from 0 to 40427 [ 84.705900][ T5251] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 84.713853][ T5251] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5251] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5251] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./bus") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 84.727612][ T5251] F2FS-fs (loop0): Found nat_bits in checkpoint [ 84.755980][ T5251] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 84.763097][ T5251] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... mkdirat resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] fspick(AT_FDCWD, ".", 0 [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... fspick resumed>) = 5 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... fsconfig resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5251] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... fsconfig resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] openat(AT_FDCWD, ".", O_RDONLY [pid 5250] <... futex resumed>) = 0 [pid 5251] <... openat resumed>) = 6 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] getdents(6, [pid 5250] <... futex resumed>) = 0 [pid 5251] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5251] <... futex resumed>) = 0 [pid 5250] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5251] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 84.886518][ T5251] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/bus") = 0 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x5555556ae690) = 5256 [pid 5256] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5256] chdir("./33") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5256] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5257 attached => {parent_tid=[5257]}, 88) = 5257 [pid 5257] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... set_robust_list resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] memfd_create("syzkaller", 0 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] <... memfd_create resumed>) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5257] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./bus", 0777) = 0 [ 85.448026][ T5257] loop0: detected capacity change from 0 to 40427 [ 85.472124][ T5257] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 85.479907][ T5257] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 85.492193][ T5257] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5257] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5257] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./bus") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] openat(AT_FDCWD, ".", O_RDONLY [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... openat resumed>) = 4 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [ 85.521218][ T5257] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 85.528367][ T5257] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5256] <... futex resumed>) = 1 [pid 5257] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... mkdirat resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] fspick(AT_FDCWD, ".", 0 [pid 5256] <... futex resumed>) = 0 [pid 5257] <... fspick resumed>) = 5 [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... fsconfig resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... fsconfig resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] openat(AT_FDCWD, ".", O_RDONLY [pid 5256] <... futex resumed>) = 0 [pid 5257] <... openat resumed>) = 6 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] <... futex resumed>) = 0 [pid 5257] <... futex resumed>) = 1 [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] getdents(6, [pid 5256] <... futex resumed>) = 0 [pid 5257] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5257] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5257] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 85.650698][ T5257] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/bus") = 0 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5262 attached , child_tidptr=0x5555556ae690) = 5262 [pid 5262] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5262] chdir("./34") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5262] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5263 attached => {parent_tid=[5263]}, 88) = 5263 [pid 5263] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5263] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5263] <... set_robust_list resumed>) = 0 [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], [pid 5262] <... futex resumed>) = 0 [pid 5263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5263] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./bus", 0777) = 0 [ 86.260270][ T5263] loop0: detected capacity change from 0 to 40427 [ 86.275397][ T5263] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 86.283183][ T5263] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 86.294921][ T5263] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5263] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5263] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./bus") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] <... mkdirat resumed>) = 0 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] <... futex resumed>) = 0 [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] fspick(AT_FDCWD, ".", 0) = 5 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] <... futex resumed>) = 0 [pid 5263] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... fsconfig resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5262] <... futex resumed>) = 0 [ 86.324186][ T5263] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 86.331545][ T5263] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... fsconfig resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] openat(AT_FDCWD, ".", O_RDONLY [pid 5262] <... futex resumed>) = 0 [pid 5263] <... openat resumed>) = 6 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... futex resumed>) = 0 [pid 5263] <... futex resumed>) = 1 [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] getdents(6, [pid 5262] <... futex resumed>) = 0 [ 86.415793][ T5263] f2fs_fill_dentries: 39 callbacks suppressed [ 86.415810][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.422225][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.429858][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.437409][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.444998][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5262] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5263] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5262] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5263] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5263] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... futex resumed>) = 0 [pid 5262] exit_group(0 [pid 5263] <... futex resumed>) = ? [pid 5262] <... exit_group resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 86.452592][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.460280][ T5263] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 86.469644][ T5263] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/bus") = 0 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5268 attached , child_tidptr=0x5555556ae690) = 5268 [pid 5268] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5268] chdir("./35") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5268] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5269 attached => {parent_tid=[5269]}, 88) = 5269 [pid 5269] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5269] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5269] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./bus", 0777) = 0 [ 87.079977][ T5269] loop0: detected capacity change from 0 to 40427 [ 87.099630][ T5269] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 87.107452][ T5269] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 87.119754][ T5269] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5269] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5269] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./bus") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5269] openat(AT_FDCWD, ".", O_RDONLY [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... openat resumed>) = 4 [ 87.150297][ T5269] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 87.157356][ T5269] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... mkdirat resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] fspick(AT_FDCWD, ".", 0 [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... fspick resumed>) = 5 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5269] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... fsconfig resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5268] <... futex resumed>) = 0 [pid 5269] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... futex resumed>) = 0 [pid 5269] openat(AT_FDCWD, ".", O_RDONLY [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... openat resumed>) = 6 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 1 [pid 5269] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5268] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5268] <... futex resumed>) = 0 [pid 5269] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5268] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] <... futex resumed>) = 0 [pid 5268] exit_group(0) = ? [pid 5269] +++ exited with 0 +++ [pid 5268] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5268, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 87.265735][ T5269] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 87.265766][ T5269] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 87.273513][ T5269] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 87.284949][ T5269] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/bus") = 0 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5274 attached , child_tidptr=0x5555556ae690) = 5274 [pid 5274] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5274] chdir("./36") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5274] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5274] <... clone3 resumed> => {parent_tid=[5275]}, 88) = 5275 [pid 5275] <... rseq resumed>) = 0 [pid 5275] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], [pid 5275] <... set_robust_list resumed>) = 0 [pid 5274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5275] memfd_create("syzkaller", 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5275] <... memfd_create resumed>) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5275] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./bus", 0777) = 0 [ 87.905434][ T5275] loop0: detected capacity change from 0 to 40427 [ 87.920234][ T5275] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 87.927999][ T5275] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 87.940524][ T5275] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5275] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./bus") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] openat(AT_FDCWD, ".", O_RDONLY) = 4 [ 87.970629][ T5275] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 87.977679][ T5275] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5275] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... mkdirat resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = 1 [pid 5275] fspick(AT_FDCWD, ".", 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... fspick resumed>) = 5 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... fsconfig resumed>) = 0 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... fsconfig resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5275] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] getdents(6, [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = 0 [pid 5274] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5274] <... futex resumed>) = 0 [pid 5274] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5275] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] exit_group(0 [pid 5275] <... futex resumed>) = ? [pid 5274] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ [pid 5274] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5274, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 88.120053][ T5275] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/bus") = 0 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x5555556ae690) = 5281 [pid 5281] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5281] chdir("./37") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5281] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5282 attached => {parent_tid=[5282]}, 88) = 5282 [pid 5282] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5282] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] memfd_create("syzkaller", 0 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] <... memfd_create resumed>) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5282] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./bus", 0777) = 0 [ 88.669436][ T5282] loop0: detected capacity change from 0 to 40427 [ 88.682486][ T5282] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 88.690314][ T5282] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 88.703069][ T5282] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5282] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5282] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./bus") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mkdirat resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] fspick(AT_FDCWD, ".", 0 [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... fspick resumed>) = 5 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5282] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... fsconfig resumed>) = 0 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5281] <... futex resumed>) = 0 [ 88.731841][ T5282] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 88.738908][ T5282] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... fsconfig resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] openat(AT_FDCWD, ".", O_RDONLY [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... openat resumed>) = 6 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] getdents(6, [pid 5281] <... futex resumed>) = 0 [pid 5282] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] <... futex resumed>) = 0 [pid 5282] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5281] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5282] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... futex resumed>) = 0 [pid 5281] exit_group(0) = ? [pid 5282] <... futex resumed>) = ? [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.850777][ T5282] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/bus") = 0 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached [pid 5287] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5287 [pid 5287] chdir("./38") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5287] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5288 attached => {parent_tid=[5288]}, 88) = 5288 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... set_robust_list resumed>) = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] memfd_create("syzkaller", 0) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5288] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./bus", 0777) = 0 [ 89.386004][ T5288] loop0: detected capacity change from 0 to 40427 [ 89.395815][ T5288] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 89.403624][ T5288] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 89.416017][ T5288] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5288] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5288] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./bus") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] openat(AT_FDCWD, ".", O_RDONLY [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... openat resumed>) = 4 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... mkdirat resumed>) = 0 [ 89.446715][ T5288] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 89.454054][ T5288] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] fspick(AT_FDCWD, ".", 0) = 5 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... fsconfig resumed>) = 0 [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] <... futex resumed>) = 0 [pid 5288] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] <... futex resumed>) = 0 [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] getdents(6, [pid 5287] <... futex resumed>) = 0 [pid 5288] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5288] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5288] <... futex resumed>) = 1 [pid 5287] exit_group(0) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 89.592228][ T5288] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/bus") = 0 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5293 attached , child_tidptr=0x5555556ae690) = 5293 [pid 5293] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5293] chdir("./39") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5293] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5294 attached => {parent_tid=[5294]}, 88) = 5294 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... set_robust_list resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] memfd_create("syzkaller", 0) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5294] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./bus", 0777) = 0 [ 90.251769][ T5294] loop0: detected capacity change from 0 to 40427 [ 90.276016][ T5294] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 90.283895][ T5294] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 90.295954][ T5294] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5294] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./bus") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... mkdirat resumed>) = 0 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 90.324395][ T5294] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 90.331577][ T5294] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] fspick(AT_FDCWD, ".", 0) = 5 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5294] <... futex resumed>) = 1 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... fsconfig resumed>) = 0 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] <... futex resumed>) = 1 [pid 5294] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5294] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = 0 [pid 5293] exit_group(0) = ? [pid 5294] <... futex resumed>) = ? [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=20 /* 0.20 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 90.480462][ T5294] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/bus") = 0 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5299 attached , child_tidptr=0x5555556ae690) = 5299 [pid 5299] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5299] chdir("./40") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5299] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5299] <... clone3 resumed> => {parent_tid=[5300]}, 88) = 5300 [pid 5300] <... rseq resumed>) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5299] <... futex resumed>) = 0 [pid 5300] memfd_create("syzkaller", 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] <... memfd_create resumed>) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5300] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./bus", 0777) = 0 [ 91.084216][ T5300] loop0: detected capacity change from 0 to 40427 [ 91.094126][ T5300] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 91.101965][ T5300] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 91.114122][ T5300] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5300] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./bus") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] openat(AT_FDCWD, ".", O_RDONLY [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... openat resumed>) = 4 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] <... futex resumed>) = 0 [pid 5300] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... mkdirat resumed>) = 0 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] fspick(AT_FDCWD, ".", 0 [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... fspick resumed>) = 5 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.142934][ T5300] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 91.150082][ T5300] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 1 [pid 5300] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5300] openat(AT_FDCWD, ".", O_RDONLY [pid 5299] <... futex resumed>) = 1 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... openat resumed>) = 6 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5299] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5300] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5300] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] exit_group(0 [pid 5300] <... futex resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5299] <... exit_group resumed>) = ? [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 91.257083][ T5300] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/bus") = 0 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x5555556ae690) = 5305 [pid 5305] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5305] chdir("./41") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5305] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5306 attached => {parent_tid=[5306]}, 88) = 5306 [pid 5306] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] <... futex resumed>) = 0 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] memfd_create("syzkaller", 0) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5306] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./bus", 0777) = 0 [ 91.929589][ T5306] loop0: detected capacity change from 0 to 40427 [ 91.957976][ T5306] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 91.965776][ T5306] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 91.978103][ T5306] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5306] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./bus") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [ 92.007012][ T5306] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 92.014135][ T5306] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5306] openat(AT_FDCWD, ".", O_RDONLY [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... openat resumed>) = 4 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... mkdirat resumed>) = 0 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] fspick(AT_FDCWD, ".", 0 [pid 5305] <... futex resumed>) = 0 [pid 5306] <... fspick resumed>) = 5 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 0 [pid 5306] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... fsconfig resumed>) = 0 [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 1 [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] openat(AT_FDCWD, ".", O_RDONLY [pid 5305] <... futex resumed>) = 0 [pid 5306] <... openat resumed>) = 6 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5306] getdents(6, [ 92.150412][ T5306] f2fs_fill_dentries: 39 callbacks suppressed [ 92.150430][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.156577][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.164481][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.172392][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.180302][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 0 [pid 5306] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5305] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5306] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5305] exit_group(0 [pid 5306] <... futex resumed>) = ? [pid 5305] <... exit_group resumed>) = ? [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 92.187886][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.195491][ T5306] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 92.207450][ T5306] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/bus") = 0 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5311 attached , child_tidptr=0x5555556ae690) = 5311 [pid 5311] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5311] chdir("./42") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5311] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5312 attached => {parent_tid=[5312]}, 88) = 5312 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5312] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./bus", 0777) = 0 [ 92.776463][ T5312] loop0: detected capacity change from 0 to 40427 [ 92.799546][ T5312] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 92.807545][ T5312] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 92.819340][ T5312] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5312] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5312] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./bus") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5312] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... mkdirat resumed>) = 0 [ 92.848288][ T5312] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 92.855517][ T5312] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5312] <... futex resumed>) = 1 [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] fspick(AT_FDCWD, ".", 0 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... fspick resumed>) = 5 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... fsconfig resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5312] openat(AT_FDCWD, ".", O_RDONLY [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... openat resumed>) = 6 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] getdents(6, [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5311] <... futex resumed>) = 0 [pid 5311] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5312] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5311] exit_group(0) = ? [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 93.005286][ T5312] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 93.005315][ T5312] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 93.013445][ T5312] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 93.025452][ T5312] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/bus") = 0 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached [pid 5317] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5317] chdir("./43" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5317 [pid 5317] <... chdir resumed>) = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5317] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5318 attached => {parent_tid=[5318]}, 88) = 5318 [pid 5318] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5318] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./bus", 0777) = 0 [ 93.653125][ T5318] loop0: detected capacity change from 0 to 40427 [ 93.669918][ T5318] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 93.677741][ T5318] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 93.690256][ T5318] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5318] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5318] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./bus") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 93.719134][ T5318] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 93.726509][ T5318] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5318] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5318] fspick(AT_FDCWD, ".", 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... fspick resumed>) = 5 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... fsconfig resumed>) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... fsconfig resumed>) = 0 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] openat(AT_FDCWD, ".", O_RDONLY [pid 5317] <... futex resumed>) = 0 [pid 5318] <... openat resumed>) = 6 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5318] getdents(6, [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5317] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5318] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] exit_group(0 [pid 5318] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 93.857552][ T5318] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/bus") = 0 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x5555556ae690) = 5323 [pid 5323] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5323] chdir("./44") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5323] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5323] <... clone3 resumed> => {parent_tid=[5324]}, 88) = 5324 [pid 5324] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] rt_sigprocmask(SIG_SETMASK, [], [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] memfd_create("syzkaller", 0 [pid 5323] <... futex resumed>) = 0 [pid 5324] <... memfd_create resumed>) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] <... mmap resumed>) = 0x7fa19da2a000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5324] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./bus", 0777) = 0 [ 94.445715][ T5324] loop0: detected capacity change from 0 to 40427 [ 94.471338][ T5324] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 94.479090][ T5324] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 94.491059][ T5324] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5324] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5324] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./bus") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 94.522037][ T5324] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 94.529578][ T5324] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... mkdirat resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] fspick(AT_FDCWD, ".", 0 [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... fspick resumed>) = 5 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5324] <... futex resumed>) = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5324] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... fsconfig resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... fsconfig resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] openat(AT_FDCWD, ".", O_RDONLY [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... openat resumed>) = 6 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] getdents(6, [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5324] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5324] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] exit_group(0 [pid 5324] <... futex resumed>) = ? [pid 5323] <... exit_group resumed>) = ? [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 94.678915][ T5324] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/bus") = 0 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5329] chdir("./45") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5329 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5329] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5330 attached [pid 5330] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5329] <... clone3 resumed> => {parent_tid=[5330]}, 88) = 5330 [pid 5330] <... rseq resumed>) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] <... set_robust_list resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] <... futex resumed>) = 0 [pid 5330] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5330] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./bus", 0777) = 0 [ 95.188636][ T5330] loop0: detected capacity change from 0 to 40427 [ 95.209411][ T5330] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 95.217274][ T5330] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 95.229115][ T5330] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5330] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5330] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./bus") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] openat(AT_FDCWD, ".", O_RDONLY [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... openat resumed>) = 4 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 95.257935][ T5330] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 95.265069][ T5330] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5330] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] fspick(AT_FDCWD, ".", 0) = 5 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... fsconfig resumed>) = 0 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5330] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... fsconfig resumed>) = 0 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] openat(AT_FDCWD, ".", O_RDONLY [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... openat resumed>) = 6 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = 1 [pid 5330] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5330] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] exit_group(0) = ? [pid 5330] <... futex resumed>) = ? [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 95.405801][ T5330] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/bus") = 0 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5335 attached , child_tidptr=0x5555556ae690) = 5335 [pid 5335] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5335] chdir("./46") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5335] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5336 attached => {parent_tid=[5336]}, 88) = 5336 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], [pid 5336] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5336] <... rseq resumed>) = 0 [pid 5336] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5336] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./bus", 0777) = 0 [ 96.001267][ T5336] loop0: detected capacity change from 0 to 40427 [ 96.016156][ T5336] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 96.023996][ T5336] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 96.035723][ T5336] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5336] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5336] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./bus") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5336] fspick(AT_FDCWD, ".", 0) = 5 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [ 96.072534][ T5336] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 96.079888][ T5336] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5336] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... fsconfig resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... fsconfig resumed>) = 0 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] openat(AT_FDCWD, ".", O_RDONLY [pid 5335] <... futex resumed>) = 0 [pid 5336] <... openat resumed>) = 6 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5336] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... futex resumed>) = 0 [pid 5335] exit_group(0 [pid 5336] <... futex resumed>) = ? [pid 5335] <... exit_group resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 96.202966][ T5336] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/bus") = 0 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5343 attached , child_tidptr=0x5555556ae690) = 5343 [pid 5343] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5343] chdir("./47") = 0 [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5343] setpgid(0, 0) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5343] write(3, "1000", 4) = 4 [pid 5343] close(3) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5343] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5344 attached [pid 5344] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5343] <... clone3 resumed> => {parent_tid=[5344]}, 88) = 5344 [pid 5344] <... rseq resumed>) = 0 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] <... set_robust_list resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5344] memfd_create("syzkaller", 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5344] <... memfd_create resumed>) = 3 [pid 5344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5344] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5344] close(3) = 0 [pid 5344] mkdir("./bus", 0777) = 0 [ 96.819849][ T5344] loop0: detected capacity change from 0 to 40427 [ 96.847163][ T5344] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 96.854970][ T5344] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 96.867404][ T5344] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5344] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5344] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5344] chdir("./bus") = 0 [pid 5344] ioctl(4, LOOP_CLR_FD) = 0 [pid 5344] close(4) = 0 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] openat(AT_FDCWD, ".", O_RDONLY [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... openat resumed>) = 4 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [ 96.896488][ T5344] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 96.903623][ T5344] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... mkdirat resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5344] fspick(AT_FDCWD, ".", 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... fspick resumed>) = 5 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5344] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... fsconfig resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5344] openat(AT_FDCWD, ".", O_RDONLY [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... openat resumed>) = 6 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5344] getdents(6, [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5343] <... futex resumed>) = 0 [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5344] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5344] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5343] exit_group(0 [pid 5344] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5343] <... exit_group resumed>) = ? [pid 5344] +++ exited with 0 +++ [pid 5343] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5343, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 97.029166][ T5344] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/bus") = 0 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5351 attached , child_tidptr=0x5555556ae690) = 5351 [pid 5351] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5351] chdir("./48") = 0 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5351] setpgid(0, 0) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5351] write(3, "1000", 4) = 4 [pid 5351] close(3) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5351] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5351] <... clone3 resumed> => {parent_tid=[5352]}, 88) = 5352 [pid 5352] <... rseq resumed>) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], [pid 5352] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] <... set_robust_list resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], [pid 5351] <... futex resumed>) = 0 [pid 5352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5352] memfd_create("syzkaller", 0 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5352] <... memfd_create resumed>) = 3 [pid 5352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5352] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5352] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5352] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5352] close(3) = 0 [pid 5352] mkdir("./bus", 0777) = 0 [ 97.562500][ T5352] loop0: detected capacity change from 0 to 40427 [ 97.582388][ T5352] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 97.590264][ T5352] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 97.603731][ T5352] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5352] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5352] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5352] chdir("./bus") = 0 [pid 5352] ioctl(4, LOOP_CLR_FD) = 0 [pid 5352] close(4) = 0 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] openat(AT_FDCWD, ".", O_RDONLY [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... openat resumed>) = 4 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 97.633199][ T5352] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 97.640549][ T5352] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... mkdirat resumed>) = 0 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] <... futex resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] fspick(AT_FDCWD, ".", 0) = 5 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5351] <... futex resumed>) = 0 [pid 5352] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... fsconfig resumed>) = 0 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... fsconfig resumed>) = 0 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5351] <... futex resumed>) = 0 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 1 [pid 5352] openat(AT_FDCWD, ".", O_RDONLY [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... openat resumed>) = 6 [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5351] <... futex resumed>) = 0 [pid 5352] getdents(6, [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.777697][ T5352] f2fs_fill_dentries: 39 callbacks suppressed [ 97.777715][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.784472][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.792184][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.799813][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.807443][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5351] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5352] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5352] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5351] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5352] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5351] exit_group(0 [pid 5352] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5351] <... exit_group resumed>) = ? [pid 5352] +++ exited with 0 +++ [pid 5351] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5351, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 97.815127][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.822945][ T5352] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 97.836709][ T5352] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/bus") = 0 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5357 attached , child_tidptr=0x5555556ae690) = 5357 [pid 5357] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5357] chdir("./49") = 0 [pid 5357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5357] setpgid(0, 0) = 0 [pid 5357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5357] write(3, "1000", 4) = 4 [pid 5357] close(3) = 0 [pid 5357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5357] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5357] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5357] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] <... rseq resumed>) = 0 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... futex resumed>) = 0 [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] memfd_create("syzkaller", 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5358] <... memfd_create resumed>) = 3 [pid 5358] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5358] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5358] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5358] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5358] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5358] close(3) = 0 [pid 5358] mkdir("./bus", 0777) = 0 [ 98.380664][ T5358] loop0: detected capacity change from 0 to 40427 [ 98.395526][ T5358] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 98.403414][ T5358] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 98.415852][ T5358] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5358] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5358] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5358] chdir("./bus") = 0 [pid 5358] ioctl(4, LOOP_CLR_FD) = 0 [pid 5358] close(4) = 0 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] openat(AT_FDCWD, ".", O_RDONLY [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] <... openat resumed>) = 4 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.444069][ T5358] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 98.451444][ T5358] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... mkdirat resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] fspick(AT_FDCWD, ".", 0 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... fspick resumed>) = 5 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5357] <... futex resumed>) = 0 [pid 5358] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5358] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... fsconfig resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] <... futex resumed>) = 0 [pid 5358] openat(AT_FDCWD, ".", O_RDONLY [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... openat resumed>) = 6 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] getdents(6, [pid 5357] <... futex resumed>) = 0 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5357] <... futex resumed>) = 0 [pid 5358] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5357] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5358] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5357] <... futex resumed>) = 0 [pid 5358] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5357] exit_group(0 [pid 5358] <... futex resumed>) = ? [pid 5358] +++ exited with 0 +++ [pid 5357] <... exit_group resumed>) = ? [pid 5357] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5357, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 98.583415][ T5358] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 98.583439][ T5358] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 98.591786][ T5358] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 98.604331][ T5358] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/bus") = 0 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached , child_tidptr=0x5555556ae690) = 5365 [pid 5365] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5365] chdir("./50") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5365] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5366 attached [pid 5366] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5365] <... clone3 resumed> => {parent_tid=[5366]}, 88) = 5366 [pid 5366] <... rseq resumed>) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... futex resumed>) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5366] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./bus", 0777) = 0 [ 99.327163][ T5366] loop0: detected capacity change from 0 to 40427 [ 99.352175][ T5366] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 99.360030][ T5366] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 99.372823][ T5366] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5366] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5366] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./bus") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, ".", O_RDONLY [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] <... openat resumed>) = 4 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... mkdirat resumed>) = 0 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] <... futex resumed>) = 0 [pid 5366] fspick(AT_FDCWD, ".", 0 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... fspick resumed>) = 5 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... fsconfig resumed>) = 0 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 99.401651][ T5366] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 99.408709][ T5366] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... fsconfig resumed>) = 0 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5366] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5366] openat(AT_FDCWD, ".", O_RDONLY [pid 5365] <... futex resumed>) = 1 [pid 5366] <... openat resumed>) = 6 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] <... futex resumed>) = 0 [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5366] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5365] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5366] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] <... exit_group resumed>) = ? [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 99.524360][ T5366] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/bus") = 0 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x5555556ae690) = 5371 [pid 5371] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5371] chdir("./51") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5371] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5372 attached [pid 5372] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5371] <... clone3 resumed> => {parent_tid=[5372]}, 88) = 5372 [pid 5372] <... rseq resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] <... set_robust_list resumed>) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... futex resumed>) = 0 [pid 5372] memfd_create("syzkaller", 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] <... memfd_create resumed>) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5372] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./bus", 0777) = 0 [ 100.098486][ T5372] loop0: detected capacity change from 0 to 40427 [ 100.122097][ T5372] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 100.129981][ T5372] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 100.142419][ T5372] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5372] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5372] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./bus") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] openat(AT_FDCWD, ".", O_RDONLY [pid 5371] <... futex resumed>) = 0 [pid 5372] <... openat resumed>) = 4 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = 0 [pid 5372] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [ 100.172390][ T5372] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 100.179932][ T5372] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] fspick(AT_FDCWD, ".", 0 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... fspick resumed>) = 5 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5372] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... fsconfig resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5372] openat(AT_FDCWD, ".", O_RDONLY [pid 5371] <... futex resumed>) = 0 [pid 5372] <... openat resumed>) = 6 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5372] getdents(6, [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] <... futex resumed>) = 0 [pid 5372] <... futex resumed>) = 1 [pid 5371] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5372] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0 [pid 5372] <... futex resumed>) = ? [pid 5371] <... exit_group resumed>) = ? [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 100.295292][ T5372] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/bus") = 0 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5377 attached , child_tidptr=0x5555556ae690) = 5377 [pid 5377] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5377] chdir("./52") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5377] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5378 attached [pid 5378] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5377] <... clone3 resumed> => {parent_tid=[5378]}, 88) = 5378 [pid 5378] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5378] <... set_robust_list resumed>) = 0 [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] <... futex resumed>) = 0 [pid 5378] memfd_create("syzkaller", 0 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] <... memfd_create resumed>) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5378] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./bus", 0777) = 0 [ 100.856672][ T5378] loop0: detected capacity change from 0 to 40427 [ 100.887263][ T5378] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 100.895169][ T5378] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5378] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5378] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./bus") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 100.907286][ T5378] F2FS-fs (loop0): Found nat_bits in checkpoint [ 100.936036][ T5378] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 100.943171][ T5378] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5378] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... mkdirat resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] fspick(AT_FDCWD, ".", 0 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... fspick resumed>) = 5 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5378] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... fsconfig resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... fsconfig resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] openat(AT_FDCWD, ".", O_RDONLY [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... openat resumed>) = 6 [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] getdents(6, [pid 5377] <... futex resumed>) = 0 [pid 5378] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] <... futex resumed>) = 0 [pid 5378] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5377] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5378] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] exit_group(0 [pid 5378] <... futex resumed>) = ? [pid 5377] <... exit_group resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 101.069007][ T5378] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/bus") = 0 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5383] chdir("./53") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5383 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5383] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5384 attached [pid 5384] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5383] <... clone3 resumed> => {parent_tid=[5384]}, 88) = 5384 [pid 5384] <... rseq resumed>) = 0 [pid 5384] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5384] memfd_create("syzkaller", 0 [pid 5383] <... futex resumed>) = 1 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] <... memfd_create resumed>) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5384] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./bus", 0777) = 0 [ 101.666460][ T5384] loop0: detected capacity change from 0 to 40427 [ 101.684920][ T5384] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 101.693041][ T5384] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 101.705463][ T5384] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5384] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5384] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./bus") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5383] <... futex resumed>) = 1 [pid 5384] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... mkdirat resumed>) = 0 [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.734105][ T5384] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 101.741251][ T5384] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5383] <... futex resumed>) = 0 [pid 5384] fspick(AT_FDCWD, ".", 0) = 5 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... fsconfig resumed>) = 0 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... fsconfig resumed>) = 0 [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5384] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5384] openat(AT_FDCWD, ".", O_RDONLY [pid 5383] <... futex resumed>) = 1 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... openat resumed>) = 6 [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] getdents(6, [pid 5383] <... futex resumed>) = 0 [pid 5384] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5383] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 0 [pid 5384] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5384] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5383] exit_group(0) = ? [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 101.850355][ T5384] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/bus") = 0 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5389] chdir("./54") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5389 [pid 5389] <... prctl resumed>) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5389] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5389] <... clone3 resumed> => {parent_tid=[5390]}, 88) = 5390 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] memfd_create("syzkaller", 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] <... memfd_create resumed>) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5390] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./bus", 0777) = 0 [ 102.383810][ T5390] loop0: detected capacity change from 0 to 40427 [ 102.397770][ T5390] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 102.406198][ T5390] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 102.419430][ T5390] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5390] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5390] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./bus") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [ 102.449834][ T5390] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 102.457001][ T5390] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5390] close(4) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] openat(AT_FDCWD, ".", O_RDONLY [pid 5389] <... futex resumed>) = 0 [pid 5390] <... openat resumed>) = 4 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... mkdirat resumed>) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] fspick(AT_FDCWD, ".", 0 [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... fspick resumed>) = 5 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... fsconfig resumed>) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] getdents(6, [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5390] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] exit_group(0 [pid 5390] <... futex resumed>) = ? [pid 5389] <... exit_group resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 102.619841][ T5390] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/bus") = 0 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5395 attached , child_tidptr=0x5555556ae690) = 5395 [pid 5395] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5395] chdir("./55") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5395] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5396 attached => {parent_tid=[5396]}, 88) = 5396 [pid 5396] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] <... rseq resumed>) = 0 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] <... futex resumed>) = 0 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5396] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] mkdir("./bus", 0777) = 0 [ 103.181055][ T5396] loop0: detected capacity change from 0 to 40427 [ 103.201849][ T5396] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 103.209608][ T5396] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 103.222275][ T5396] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5396] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5396] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./bus") = 0 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] openat(AT_FDCWD, ".", O_RDONLY [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... openat resumed>) = 4 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... mkdirat resumed>) = 0 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] fspick(AT_FDCWD, ".", 0) = 5 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... fsconfig resumed>) = 0 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5395] <... futex resumed>) = 0 [ 103.250051][ T5396] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 103.257133][ T5396] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... fsconfig resumed>) = 0 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] getdents(6, [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.369445][ T5396] f2fs_fill_dentries: 39 callbacks suppressed [ 103.369464][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.376074][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.383784][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.391528][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.399084][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5395] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 0 [pid 5396] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5395] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5396] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] exit_group(0 [pid 5396] <... futex resumed>) = ? [pid 5395] <... exit_group resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5395, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 103.406697][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.414282][ T5396] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 103.430368][ T5396] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/bus") = 0 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x5555556ae690) = 5401 [pid 5401] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5401] chdir("./56") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5401] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5402 attached [pid 5402] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5401] <... clone3 resumed> => {parent_tid=[5402]}, 88) = 5402 [pid 5402] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5402] <... set_robust_list resumed>) = 0 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5402] <... memfd_create resumed>) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5402] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./bus", 0777) = 0 [ 104.031182][ T5402] loop0: detected capacity change from 0 to 40427 [ 104.056129][ T5402] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 104.063969][ T5402] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 104.076559][ T5402] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5402] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5402] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./bus") = 0 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] openat(AT_FDCWD, ".", O_RDONLY [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... openat resumed>) = 4 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 104.105665][ T5402] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 104.112799][ T5402] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5402] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] <... futex resumed>) = 0 [pid 5402] fspick(AT_FDCWD, ".", 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... fspick resumed>) = 5 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... fsconfig resumed>) = 0 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = 1 [pid 5402] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... fsconfig resumed>) = 0 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5401] <... futex resumed>) = 0 [pid 5402] <... futex resumed>) = 1 [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] getdents(6, [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5402] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5402] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] <... futex resumed>) = 0 [pid 5402] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] exit_group(0) = ? [pid 5402] <... futex resumed>) = ? [pid 5402] +++ exited with 0 +++ [pid 5401] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5401, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=26 /* 0.26 s */} --- [ 104.212009][ T5402] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 104.212040][ T5402] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 104.220317][ T5402] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 104.236200][ T5402] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/bus") = 0 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5407 attached , child_tidptr=0x5555556ae690) = 5407 [pid 5407] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5407] chdir("./57") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5407] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5407] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5408] <... rseq resumed>) = 0 [pid 5408] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] <... set_robust_list resumed>) = 0 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] <... futex resumed>) = 0 [pid 5408] memfd_create("syzkaller", 0 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5408] <... memfd_create resumed>) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5408] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] mkdir("./bus", 0777) = 0 [ 104.824105][ T5408] loop0: detected capacity change from 0 to 40427 [ 104.838994][ T5408] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 104.847048][ T5408] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 104.859061][ T5408] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5408] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5408] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./bus") = 0 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5408] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... mkdirat resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] fspick(AT_FDCWD, ".", 0 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... fspick resumed>) = 5 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] <... futex resumed>) = 0 [ 104.887812][ T5408] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 104.894973][ T5408] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5408] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... fsconfig resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5408] openat(AT_FDCWD, ".", O_RDONLY [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... openat resumed>) = 6 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] getdents(6, [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5407] <... futex resumed>) = 0 [pid 5408] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5407] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5408] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5408] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... futex resumed>) = 0 [pid 5407] exit_group(0 [pid 5408] <... futex resumed>) = ? [pid 5407] <... exit_group resumed>) = ? [pid 5408] +++ exited with 0 +++ [pid 5407] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5407, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 104.989895][ T5408] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/bus") = 0 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5413 attached [pid 5413] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5413] chdir("./58") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5413 [pid 5413] <... prctl resumed>) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5413] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5414 attached [pid 5414] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5413] <... clone3 resumed> => {parent_tid=[5414]}, 88) = 5414 [pid 5414] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5413] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] <... set_robust_list resumed>) = 0 [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] memfd_create("syzkaller", 0 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5414] <... memfd_create resumed>) = 3 [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5414] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] close(3) = 0 [pid 5414] mkdir("./bus", 0777) = 0 [ 105.602602][ T5414] loop0: detected capacity change from 0 to 40427 [ 105.631925][ T5414] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 105.639946][ T5414] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [pid 5414] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5414] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5414] chdir("./bus") = 0 [pid 5414] ioctl(4, LOOP_CLR_FD) = 0 [pid 5414] close(4) = 0 [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [ 105.652267][ T5414] F2FS-fs (loop0): Found nat_bits in checkpoint [ 105.680995][ T5414] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 105.688058][ T5414] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5414] openat(AT_FDCWD, ".", O_RDONLY [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] <... openat resumed>) = 4 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... mkdirat resumed>) = 0 [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5414] <... futex resumed>) = 1 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] fspick(AT_FDCWD, ".", 0) = 5 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5413] <... futex resumed>) = 0 [pid 5414] <... fsconfig resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... fsconfig resumed>) = 0 [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] openat(AT_FDCWD, ".", O_RDONLY [pid 5413] <... futex resumed>) = 0 [pid 5414] <... openat resumed>) = 6 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] getdents(6, [pid 5413] <... futex resumed>) = 0 [pid 5414] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5414] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5414] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... futex resumed>) = 0 [pid 5413] exit_group(0) = ? [pid 5414] <... futex resumed>) = ? [pid 5414] +++ exited with 0 +++ [pid 5413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5413, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=19 /* 0.19 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 105.811171][ T5414] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/bus") = 0 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5419] chdir("./59") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5419 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5419] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5420 attached [pid 5420] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5419] <... clone3 resumed> => {parent_tid=[5420]}, 88) = 5420 [pid 5420] <... rseq resumed>) = 0 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], [pid 5420] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5420] <... set_robust_list resumed>) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5419] <... futex resumed>) = 0 [pid 5420] memfd_create("syzkaller", 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5420] <... memfd_create resumed>) = 3 [pid 5420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5420] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] close(3) = 0 [pid 5420] mkdir("./bus", 0777) = 0 [ 106.360495][ T5420] loop0: detected capacity change from 0 to 40427 [ 106.380462][ T5420] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 106.388230][ T5420] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 106.400652][ T5420] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5420] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5420] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5420] chdir("./bus") = 0 [pid 5420] ioctl(4, LOOP_CLR_FD) = 0 [pid 5420] close(4) = 0 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] openat(AT_FDCWD, ".", O_RDONLY [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... openat resumed>) = 4 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] <... futex resumed>) = 0 [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5420] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 106.430857][ T5420] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 106.438213][ T5420] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... mkdirat resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] fspick(AT_FDCWD, ".", 0) = 5 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] <... futex resumed>) = 0 [pid 5420] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... fsconfig resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5420] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = 0 [pid 5419] <... futex resumed>) = 1 [pid 5420] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... fsconfig resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] <... futex resumed>) = 0 [pid 5420] openat(AT_FDCWD, ".", O_RDONLY [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... openat resumed>) = 6 [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] getdents(6, [pid 5419] <... futex resumed>) = 0 [pid 5420] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5420] <... futex resumed>) = 0 [pid 5419] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5420] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] exit_group(0 [pid 5420] <... futex resumed>) = ? [pid 5419] <... exit_group resumed>) = ? [pid 5420] +++ exited with 0 +++ [pid 5419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5419, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=18 /* 0.18 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 106.577692][ T5420] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/bus") = 0 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5425 attached [pid 5425] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5425] chdir("./60") = 0 [pid 5425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5425 [pid 5425] setpgid(0, 0) = 0 [pid 5425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5425] write(3, "1000", 4) = 4 [pid 5425] close(3) = 0 [pid 5425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5425] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5426 attached [pid 5426] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5425] <... clone3 resumed> => {parent_tid=[5426]}, 88) = 5426 [pid 5426] <... rseq resumed>) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5426] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5426] <... set_robust_list resumed>) = 0 [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5425] <... futex resumed>) = 0 [pid 5426] memfd_create("syzkaller", 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5426] <... memfd_create resumed>) = 3 [pid 5426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5426] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5426] close(3) = 0 [pid 5426] mkdir("./bus", 0777) = 0 [ 107.089500][ T5426] loop0: detected capacity change from 0 to 40427 [ 107.103462][ T5426] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 107.111284][ T5426] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 107.123445][ T5426] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5426] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5426] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5426] chdir("./bus") = 0 [pid 5426] ioctl(4, LOOP_CLR_FD) = 0 [pid 5426] close(4) = 0 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] <... futex resumed>) = 0 [ 107.152026][ T5426] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 107.159148][ T5426] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5426] openat(AT_FDCWD, ".", O_RDONLY [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... openat resumed>) = 4 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = 0 [pid 5425] <... futex resumed>) = 1 [pid 5426] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... mkdirat resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] fspick(AT_FDCWD, ".", 0) = 5 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... fsconfig resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] openat(AT_FDCWD, ".", O_RDONLY [pid 5425] <... futex resumed>) = 0 [pid 5426] <... openat resumed>) = 6 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5425] <... futex resumed>) = 0 [pid 5426] getdents(6, [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5425] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5425] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5426] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5426] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5425] <... futex resumed>) = 0 [pid 5426] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5425] exit_group(0) = ? [pid 5426] <... futex resumed>) = ? [pid 5426] +++ exited with 0 +++ [pid 5425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5425, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 107.288801][ T5426] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/bus") = 0 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5431 attached , child_tidptr=0x5555556ae690) = 5431 [pid 5431] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5431] chdir("./61") = 0 [pid 5431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5431] setpgid(0, 0) = 0 [pid 5431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5431] write(3, "1000", 4) = 4 [pid 5431] close(3) = 0 [pid 5431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5431] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5431] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5431] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5432 attached [pid 5432] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5431] <... clone3 resumed> => {parent_tid=[5432]}, 88) = 5432 [pid 5432] <... rseq resumed>) = 0 [pid 5432] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5432] <... set_robust_list resumed>) = 0 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] <... futex resumed>) = 0 [pid 5432] memfd_create("syzkaller", 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5432] <... memfd_create resumed>) = 3 [pid 5432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5432] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5432] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5432] close(3) = 0 [pid 5432] mkdir("./bus", 0777) = 0 [ 107.859372][ T5432] loop0: detected capacity change from 0 to 40427 [ 107.883175][ T5432] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 107.891026][ T5432] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 107.903730][ T5432] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5432] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5432] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5432] chdir("./bus") = 0 [pid 5432] ioctl(4, LOOP_CLR_FD) = 0 [pid 5432] close(4) = 0 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] openat(AT_FDCWD, ".", O_RDONLY [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... openat resumed>) = 4 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... mkdirat resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] fspick(AT_FDCWD, ".", 0 [ 107.932160][ T5432] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 107.939238][ T5432] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... fspick resumed>) = 5 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... futex resumed>) = 0 [pid 5431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5432] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... fsconfig resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] openat(AT_FDCWD, ".", O_RDONLY [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... openat resumed>) = 6 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5431] <... futex resumed>) = 0 [pid 5432] getdents(6, [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5431] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5431] <... futex resumed>) = 0 [pid 5431] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5432] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5432] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5431] <... futex resumed>) = 0 [pid 5432] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5431] exit_group(0 [pid 5432] <... futex resumed>) = ? [pid 5431] <... exit_group resumed>) = ? [pid 5432] +++ exited with 0 +++ [pid 5431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5431, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 108.048133][ T5432] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/bus") = 0 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5437 attached , child_tidptr=0x5555556ae690) = 5437 [pid 5437] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5437] chdir("./62") = 0 [pid 5437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5437] setpgid(0, 0) = 0 [pid 5437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5437] write(3, "1000", 4) = 4 [pid 5437] close(3) = 0 [pid 5437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5437] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5438 attached [pid 5438] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5437] <... clone3 resumed> => {parent_tid=[5438]}, 88) = 5438 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5438] <... rseq resumed>) = 0 [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... set_robust_list resumed>) = 0 [pid 5437] <... futex resumed>) = 0 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5438] memfd_create("syzkaller", 0) = 3 [pid 5438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5438] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5438] close(3) = 0 [pid 5438] mkdir("./bus", 0777) = 0 [ 108.624710][ T5438] loop0: detected capacity change from 0 to 40427 [ 108.642079][ T5438] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 108.649922][ T5438] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 108.662618][ T5438] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5438] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5438] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5438] chdir("./bus") = 0 [pid 5438] ioctl(4, LOOP_CLR_FD) = 0 [pid 5438] close(4) = 0 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5438] openat(AT_FDCWD, ".", O_RDONLY [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... openat resumed>) = 4 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [ 108.691284][ T5438] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 108.698370][ T5438] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... mkdirat resumed>) = 0 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5438] fspick(AT_FDCWD, ".", 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... fspick resumed>) = 5 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5437] <... futex resumed>) = 0 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5438] openat(AT_FDCWD, ".", O_RDONLY [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... openat resumed>) = 6 [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] <... futex resumed>) = 0 [pid 5437] <... futex resumed>) = 1 [pid 5438] getdents(6, [ 108.846208][ T5438] f2fs_fill_dentries: 39 callbacks suppressed [ 108.846227][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.852775][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.860421][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.868020][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.875661][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5437] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5437] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5438] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5437] <... futex resumed>) = 0 [pid 5437] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5438] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5438] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5437] <... futex resumed>) = 0 [pid 5437] exit_group(0 [pid 5438] <... futex resumed>) = ? [pid 5437] <... exit_group resumed>) = ? [pid 5438] +++ exited with 0 +++ [pid 5437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5437, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 108.883492][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.891280][ T5438] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 108.909025][ T5438] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/bus") = 0 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5443 attached , child_tidptr=0x5555556ae690) = 5443 [pid 5443] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5443] chdir("./63") = 0 [pid 5443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5443] setpgid(0, 0) = 0 [pid 5443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5443] write(3, "1000", 4) = 4 [pid 5443] close(3) = 0 [pid 5443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5443] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5444 attached [pid 5444] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5443] <... clone3 resumed> => {parent_tid=[5444]}, 88) = 5444 [pid 5444] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5444] <... set_robust_list resumed>) = 0 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] <... futex resumed>) = 0 [pid 5444] memfd_create("syzkaller", 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5444] <... memfd_create resumed>) = 3 [pid 5444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5444] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5444] close(3) = 0 [pid 5444] mkdir("./bus", 0777) = 0 [ 109.485042][ T5444] loop0: detected capacity change from 0 to 40427 [ 109.509382][ T5444] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 109.517274][ T5444] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 109.529500][ T5444] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5444] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5444] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5444] chdir("./bus") = 0 [pid 5444] ioctl(4, LOOP_CLR_FD) = 0 [pid 5444] close(4) = 0 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] <... futex resumed>) = 0 [pid 5444] <... futex resumed>) = 1 [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] openat(AT_FDCWD, ".", O_RDONLY [pid 5443] <... futex resumed>) = 0 [pid 5444] <... openat resumed>) = 4 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.559062][ T5444] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 109.566342][ T5444] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... mkdirat resumed>) = 0 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] fspick(AT_FDCWD, ".", 0 [pid 5443] <... futex resumed>) = 0 [pid 5444] <... fspick resumed>) = 5 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5444] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... fsconfig resumed>) = 0 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] openat(AT_FDCWD, ".", O_RDONLY [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... openat resumed>) = 6 [pid 5443] <... futex resumed>) = 0 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... futex resumed>) = 0 [pid 5443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5444] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] getdents(6, [pid 5443] <... futex resumed>) = 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5443] <... futex resumed>) = 0 [pid 5444] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5443] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5443] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5444] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5444] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5443] <... futex resumed>) = 0 [pid 5443] exit_group(0 [pid 5444] <... futex resumed>) = ? [pid 5444] +++ exited with 0 +++ [pid 5443] <... exit_group resumed>) = ? [pid 5443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5443, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 109.666614][ T5444] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 109.666645][ T5444] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 109.674701][ T5444] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 109.687545][ T5444] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/bus") = 0 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5449 attached , child_tidptr=0x5555556ae690) = 5449 [pid 5449] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5449] chdir("./64") = 0 [pid 5449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5449] setpgid(0, 0) = 0 [pid 5449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5449] write(3, "1000", 4) = 4 [pid 5449] close(3) = 0 [pid 5449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5449] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5449] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5449] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5449] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5450 attached [pid 5450] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5449] <... clone3 resumed> => {parent_tid=[5450]}, 88) = 5450 [pid 5450] <... rseq resumed>) = 0 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] <... set_robust_list resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5449] <... futex resumed>) = 0 [pid 5450] memfd_create("syzkaller", 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5450] <... memfd_create resumed>) = 3 [pid 5450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5450] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5450] close(3) = 0 [pid 5450] mkdir("./bus", 0777) = 0 [ 110.309026][ T5450] loop0: detected capacity change from 0 to 40427 [ 110.329208][ T5450] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 110.337090][ T5450] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 110.349537][ T5450] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5450] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5450] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5450] chdir("./bus") = 0 [pid 5450] ioctl(4, LOOP_CLR_FD) = 0 [pid 5450] close(4) = 0 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] openat(AT_FDCWD, ".", O_RDONLY [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... openat resumed>) = 4 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5449] <... futex resumed>) = 0 [ 110.378124][ T5450] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 110.385301][ T5450] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... mkdirat resumed>) = 0 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5449] <... futex resumed>) = 0 [pid 5450] fspick(AT_FDCWD, ".", 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... fspick resumed>) = 5 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5450] <... futex resumed>) = 1 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5449] <... futex resumed>) = 0 [pid 5450] <... fsconfig resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... fsconfig resumed>) = 0 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] openat(AT_FDCWD, ".", O_RDONLY [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... openat resumed>) = 6 [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] <... futex resumed>) = 0 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5449] <... futex resumed>) = 1 [pid 5450] getdents(6, [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5449] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5449] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5450] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5450] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5449] <... futex resumed>) = 0 [pid 5450] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5449] exit_group(0 [pid 5450] <... futex resumed>) = ? [pid 5450] +++ exited with 0 +++ [pid 5449] <... exit_group resumed>) = ? [pid 5449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5449, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 110.497554][ T5450] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/bus") = 0 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5455 attached , child_tidptr=0x5555556ae690) = 5455 [pid 5455] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5455] chdir("./65") = 0 [pid 5455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5455] setpgid(0, 0) = 0 [pid 5455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5455] write(3, "1000", 4) = 4 [pid 5455] close(3) = 0 [pid 5455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5455] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5455] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5456 attached => {parent_tid=[5456]}, 88) = 5456 [pid 5456] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], [pid 5456] <... rseq resumed>) = 0 [pid 5455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5456] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] <... set_robust_list resumed>) = 0 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] memfd_create("syzkaller", 0) = 3 [pid 5456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5456] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5456] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5456] close(3) = 0 [pid 5456] mkdir("./bus", 0777) = 0 [ 111.190941][ T5456] loop0: detected capacity change from 0 to 40427 [ 111.208332][ T5456] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 111.216319][ T5456] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 111.228388][ T5456] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5456] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5456] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5456] chdir("./bus") = 0 [pid 5456] ioctl(4, LOOP_CLR_FD) = 0 [pid 5456] close(4) = 0 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 111.257612][ T5456] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 111.264736][ T5456] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5455] <... futex resumed>) = 1 [pid 5456] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5455] <... futex resumed>) = 1 [pid 5456] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... mkdirat resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] fspick(AT_FDCWD, ".", 0 [pid 5455] <... futex resumed>) = 0 [pid 5456] <... fspick resumed>) = 5 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5455] <... futex resumed>) = 1 [pid 5456] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... fsconfig resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] <... futex resumed>) = 0 [pid 5456] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... fsconfig resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5455] <... futex resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] openat(AT_FDCWD, ".", O_RDONLY [pid 5455] <... futex resumed>) = 0 [pid 5456] <... openat resumed>) = 6 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] <... futex resumed>) = 0 [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] getdents(6, [pid 5455] <... futex resumed>) = 0 [pid 5456] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5455] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5455] <... futex resumed>) = 1 [pid 5456] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5455] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5456] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5456] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5456] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5455] <... futex resumed>) = 0 [pid 5455] exit_group(0 [pid 5456] <... futex resumed>) = ? [pid 5455] <... exit_group resumed>) = ? [pid 5456] +++ exited with 0 +++ [pid 5455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5455, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 111.371863][ T5456] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/bus") = 0 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5461 attached [pid 5461] set_robust_list(0x5555556ae6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5461 [pid 5461] <... set_robust_list resumed>) = 0 [pid 5461] chdir("./66") = 0 [pid 5461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5461] setpgid(0, 0) = 0 [pid 5461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5461] write(3, "1000", 4) = 4 [pid 5461] close(3) = 0 [pid 5461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5461] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5461] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5462 attached [pid 5462] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5461] <... clone3 resumed> => {parent_tid=[5462]}, 88) = 5462 [pid 5462] <... rseq resumed>) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], [pid 5462] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5462] <... set_robust_list resumed>) = 0 [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], [pid 5461] <... futex resumed>) = 0 [pid 5462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5462] memfd_create("syzkaller", 0) = 3 [pid 5462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5462] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5462] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5462] close(3) = 0 [pid 5462] mkdir("./bus", 0777) = 0 [ 111.927858][ T5462] loop0: detected capacity change from 0 to 40427 [ 111.952951][ T5462] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 111.960902][ T5462] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 111.973173][ T5462] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5462] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5462] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5462] chdir("./bus") = 0 [pid 5462] ioctl(4, LOOP_CLR_FD) = 0 [pid 5462] close(4) = 0 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] openat(AT_FDCWD, ".", O_RDONLY [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... openat resumed>) = 4 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... futex resumed>) = 0 [pid 5462] fspick(AT_FDCWD, ".", 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... fspick resumed>) = 5 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5462] <... futex resumed>) = 1 [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5461] <... futex resumed>) = 0 [ 112.003107][ T5462] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 112.010237][ T5462] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5462] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... fsconfig resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] <... futex resumed>) = 0 [pid 5462] openat(AT_FDCWD, ".", O_RDONLY [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... openat resumed>) = 6 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5461] <... futex resumed>) = 0 [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5461] <... futex resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5461] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5461] <... futex resumed>) = 1 [pid 5462] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5461] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5462] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5462] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5461] <... futex resumed>) = 0 [pid 5461] exit_group(0 [pid 5462] <... futex resumed>) = ? [pid 5461] <... exit_group resumed>) = ? [pid 5462] +++ exited with 0 +++ [pid 5461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5461, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 112.141255][ T5462] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/bus") = 0 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5467 attached , child_tidptr=0x5555556ae690) = 5467 [pid 5467] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5467] chdir("./67") = 0 [pid 5467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5467] setpgid(0, 0) = 0 [pid 5467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5467] write(3, "1000", 4) = 4 [pid 5467] close(3) = 0 [pid 5467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5467] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5468 attached => {parent_tid=[5468]}, 88) = 5468 [pid 5468] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5468] <... rseq resumed>) = 0 [pid 5468] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] memfd_create("syzkaller", 0) = 3 [pid 5468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5468] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5468] close(3) = 0 [pid 5468] mkdir("./bus", 0777) = 0 [ 112.682512][ T5468] loop0: detected capacity change from 0 to 40427 [ 112.694260][ T5468] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 112.702074][ T5468] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 112.714681][ T5468] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5468] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5468] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5468] chdir("./bus") = 0 [pid 5468] ioctl(4, LOOP_CLR_FD) = 0 [pid 5468] close(4) = 0 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] openat(AT_FDCWD, ".", O_RDONLY [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... openat resumed>) = 4 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = 0 [pid 5468] <... futex resumed>) = 1 [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... mkdirat resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] fspick(AT_FDCWD, ".", 0 [pid 5467] <... futex resumed>) = 0 [pid 5468] <... fspick resumed>) = 5 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5467] <... futex resumed>) = 0 [pid 5468] <... fsconfig resumed>) = 0 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 112.743323][ T5468] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 112.750660][ T5468] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... fsconfig resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = 0 [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = 1 [pid 5468] openat(AT_FDCWD, ".", O_RDONLY [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... openat resumed>) = 6 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5467] <... futex resumed>) = 0 [pid 5468] getdents(6, [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5467] <... futex resumed>) = 0 [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... futex resumed>) = 0 [pid 5467] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5467] <... futex resumed>) = 0 [pid 5468] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5467] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5468] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5468] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5467] <... futex resumed>) = 0 [pid 5467] exit_group(0) = ? [pid 5468] <... futex resumed>) = ? [pid 5468] +++ exited with 0 +++ [pid 5467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5467, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 112.845841][ T5468] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/bus") = 0 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5473 attached [pid 5473] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5473] chdir("./68") = 0 [pid 5473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5473 [pid 5473] setpgid(0, 0) = 0 [pid 5473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5473] write(3, "1000", 4) = 4 [pid 5473] close(3) = 0 [pid 5473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5473] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5473] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5474 attached [pid 5474] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5473] <... clone3 resumed> => {parent_tid=[5474]}, 88) = 5474 [pid 5474] <... rseq resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] <... set_robust_list resumed>) = 0 [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5473] <... futex resumed>) = 0 [pid 5474] memfd_create("syzkaller", 0 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5474] <... memfd_create resumed>) = 3 [pid 5474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5474] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5474] close(3) = 0 [pid 5474] mkdir("./bus", 0777) = 0 [ 113.554715][ T5474] loop0: detected capacity change from 0 to 40427 [ 113.569243][ T5474] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 113.577147][ T5474] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 113.589450][ T5474] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5474] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5474] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5474] chdir("./bus") = 0 [pid 5474] ioctl(4, LOOP_CLR_FD) = 0 [pid 5474] close(4) = 0 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] openat(AT_FDCWD, ".", O_RDONLY [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... openat resumed>) = 4 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5473] <... futex resumed>) = 0 [ 113.618485][ T5474] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 113.625635][ T5474] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mkdirat resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] <... futex resumed>) = 0 [pid 5474] fspick(AT_FDCWD, ".", 0) = 5 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... fsconfig resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... fsconfig resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] openat(AT_FDCWD, ".", O_RDONLY [pid 5473] <... futex resumed>) = 0 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... openat resumed>) = 6 [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5473] <... futex resumed>) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5473] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5473] <... futex resumed>) = 1 [pid 5474] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5473] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5474] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5474] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5473] <... futex resumed>) = 0 [pid 5473] exit_group(0) = ? [pid 5474] <... futex resumed>) = ? [pid 5474] +++ exited with 0 +++ [pid 5473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5473, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 113.740738][ T5474] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/bus") = 0 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5479 attached , child_tidptr=0x5555556ae690) = 5479 [pid 5479] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5479] chdir("./69") = 0 [pid 5479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5479] setpgid(0, 0) = 0 [pid 5479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5479] write(3, "1000", 4) = 4 [pid 5479] close(3) = 0 [pid 5479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5479] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5480 attached [pid 5480] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5479] <... clone3 resumed> => {parent_tid=[5480]}, 88) = 5480 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], [pid 5480] <... rseq resumed>) = 0 [pid 5480] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5480] <... set_robust_list resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5479] <... futex resumed>) = 0 [pid 5480] memfd_create("syzkaller", 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5480] <... memfd_create resumed>) = 3 [pid 5480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5480] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5480] close(3) = 0 [pid 5480] mkdir("./bus", 0777) = 0 [ 114.301138][ T5480] loop0: detected capacity change from 0 to 40427 [ 114.310840][ T5480] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 114.318873][ T5480] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 114.331738][ T5480] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5480] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5480] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5480] chdir("./bus") = 0 [pid 5480] ioctl(4, LOOP_CLR_FD) = 0 [pid 5480] close(4) = 0 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = 0 [pid 5480] <... futex resumed>) = 1 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] openat(AT_FDCWD, ".", O_RDONLY [pid 5479] <... futex resumed>) = 0 [pid 5480] <... openat resumed>) = 4 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... mkdirat resumed>) = 0 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [ 114.360571][ T5480] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 114.367883][ T5480] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] fspick(AT_FDCWD, ".", 0 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... fspick resumed>) = 5 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5480] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5479] <... futex resumed>) = 0 [pid 5480] <... fsconfig resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... fsconfig resumed>) = 0 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] <... futex resumed>) = 0 [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = 0 [pid 5479] <... futex resumed>) = 1 [pid 5480] openat(AT_FDCWD, ".", O_RDONLY [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... openat resumed>) = 6 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5480] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5479] <... futex resumed>) = 0 [pid 5480] getdents(6, [ 114.488346][ T5480] f2fs_fill_dentries: 39 callbacks suppressed [ 114.488365][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 114.494624][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 114.502428][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 114.510145][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 114.517695][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5479] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5480] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5479] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [pid 5480] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] <... mprotect resumed>) = 0 [pid 5479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5485] set_robust_list(0x7fa1a5e299a0, 24) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5479] <... clone3 resumed> => {parent_tid=[5485]}, 88) = 5485 [pid 5485] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5479] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... futex resumed>) = 0 [pid 5479] <... futex resumed>) = 1 [pid 5485] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [ 114.525298][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5479] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5485] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5485] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5479] <... futex resumed>) = 0 [pid 5485] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5479] exit_group(0 [pid 5485] <... futex resumed>) = ? [pid 5480] <... futex resumed>) = ? [pid 5485] +++ exited with 0 +++ [pid 5480] +++ exited with 0 +++ [pid 5479] <... exit_group resumed>) = ? [pid 5479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5479, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 114.532883][ T5480] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 114.574891][ T5485] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/bus") = 0 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x5555556ae6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5486 [pid 5486] <... set_robust_list resumed>) = 0 [pid 5486] chdir("./70") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5486] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5487 attached => {parent_tid=[5487]}, 88) = 5487 [pid 5487] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5487] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5487] <... set_robust_list resumed>) = 0 [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] memfd_create("syzkaller", 0) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5487] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] mkdir("./bus", 0777) = 0 [ 115.133916][ T5487] loop0: detected capacity change from 0 to 40427 [ 115.148633][ T5487] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 115.156525][ T5487] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 115.168768][ T5487] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5487] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5487] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./bus") = 0 [pid 5487] ioctl(4, LOOP_CLR_FD) = 0 [pid 5487] close(4) = 0 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [ 115.196928][ T5487] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 115.204054][ T5487] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... mkdirat resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] fspick(AT_FDCWD, ".", 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... fspick resumed>) = 5 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... fsconfig resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] <... futex resumed>) = 0 [pid 5487] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... fsconfig resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] getdents(6, [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5487] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5487] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5487] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] exit_group(0 [pid 5487] <... futex resumed>) = ? [pid 5486] <... exit_group resumed>) = ? [pid 5487] +++ exited with 0 +++ [pid 5486] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5486, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 115.363105][ T5487] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 115.363136][ T5487] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 115.371042][ T5487] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 115.385384][ T5487] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/bus") = 0 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5492 attached [pid 5492] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5492] chdir("./71") = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5492 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5492] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5493 attached [pid 5493] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5492] <... clone3 resumed> => {parent_tid=[5493]}, 88) = 5493 [pid 5493] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5493] <... set_robust_list resumed>) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] memfd_create("syzkaller", 0 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5493] <... memfd_create resumed>) = 3 [pid 5493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5493] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5493] close(3) = 0 [pid 5493] mkdir("./bus", 0777) = 0 [ 115.996100][ T5493] loop0: detected capacity change from 0 to 40427 [ 116.020539][ T5493] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 116.028393][ T5493] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 116.040582][ T5493] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5493] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5493] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5493] chdir("./bus") = 0 [pid 5493] ioctl(4, LOOP_CLR_FD) = 0 [pid 5493] close(4) = 0 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = 0 [pid 5493] <... futex resumed>) = 1 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] openat(AT_FDCWD, ".", O_RDONLY [pid 5492] <... futex resumed>) = 0 [pid 5493] <... openat resumed>) = 4 [ 116.070882][ T5493] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 116.078242][ T5493] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... mkdirat resumed>) = 0 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] fspick(AT_FDCWD, ".", 0 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... fspick resumed>) = 5 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] <... futex resumed>) = 0 [pid 5493] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] <... futex resumed>) = 0 [pid 5493] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... fsconfig resumed>) = 0 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... fsconfig resumed>) = 0 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = 1 [pid 5493] openat(AT_FDCWD, ".", O_RDONLY [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... openat resumed>) = 6 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] getdents(6, [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... futex resumed>) = 0 [pid 5492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5493] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5493] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] <... futex resumed>) = 0 [pid 5492] exit_group(0 [pid 5493] <... futex resumed>) = ? [pid 5492] <... exit_group resumed>) = ? [pid 5493] +++ exited with 0 +++ [pid 5492] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5492, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 116.196317][ T5493] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/bus") = 0 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5498 attached [pid 5498] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5498] chdir("./72") = 0 [pid 5498] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5498 [pid 5498] <... prctl resumed>) = 0 [pid 5498] setpgid(0, 0) = 0 [pid 5498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] write(3, "1000", 4) = 4 [pid 5498] close(3) = 0 [pid 5498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5498] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5499 attached => {parent_tid=[5499]}, 88) = 5499 [pid 5499] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] <... rseq resumed>) = 0 [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] <... set_robust_list resumed>) = 0 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] memfd_create("syzkaller", 0) = 3 [pid 5499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5499] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5499] close(3) = 0 [pid 5499] mkdir("./bus", 0777) = 0 [ 116.833924][ T5499] loop0: detected capacity change from 0 to 40427 [ 116.848346][ T5499] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 116.856211][ T5499] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 116.869423][ T5499] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5499] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5499] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5499] chdir("./bus") = 0 [pid 5499] ioctl(4, LOOP_CLR_FD) = 0 [pid 5499] close(4) = 0 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5499] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = 1 [pid 5499] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 116.897976][ T5499] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 116.905089][ T5499] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... mkdirat resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] fspick(AT_FDCWD, ".", 0 [pid 5498] <... futex resumed>) = 0 [pid 5499] <... fspick resumed>) = 5 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... fsconfig resumed>) = 0 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... futex resumed>) = 0 [pid 5498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... fsconfig resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] openat(AT_FDCWD, ".", O_RDONLY [pid 5498] <... futex resumed>) = 0 [pid 5499] <... openat resumed>) = 6 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] getdents(6, [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5498] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5499] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5499] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] exit_group(0 [pid 5499] <... futex resumed>) = ? [pid 5498] <... exit_group resumed>) = ? [pid 5499] +++ exited with 0 +++ [pid 5498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5498, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 117.028266][ T5499] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/bus") = 0 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5504 attached [pid 5504] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5504] chdir("./73") = 0 [pid 5504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5504 [pid 5504] setpgid(0, 0) = 0 [pid 5504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5504] write(3, "1000", 4) = 4 [pid 5504] close(3) = 0 [pid 5504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5504] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5505 attached [pid 5505] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5505] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5504] <... clone3 resumed> => {parent_tid=[5505]}, 88) = 5505 [pid 5505] <... set_robust_list resumed>) = 0 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], [pid 5505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5505] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5505] memfd_create("syzkaller", 0) = 3 [pid 5505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5505] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5505] close(3) = 0 [pid 5505] mkdir("./bus", 0777) = 0 [ 117.595240][ T5505] loop0: detected capacity change from 0 to 40427 [ 117.608974][ T5505] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 117.616846][ T5505] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 117.628825][ T5505] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5505] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5505] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5505] chdir("./bus") = 0 [pid 5505] ioctl(4, LOOP_CLR_FD) = 0 [pid 5505] close(4) = 0 [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] openat(AT_FDCWD, ".", O_RDONLY [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... openat resumed>) = 4 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... mkdirat resumed>) = 0 [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] fspick(AT_FDCWD, ".", 0) = 5 [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5505] <... futex resumed>) = 1 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5504] <... futex resumed>) = 0 [pid 5505] <... fsconfig resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.657103][ T5505] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 117.664231][ T5505] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... futex resumed>) = 1 [pid 5505] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5504] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] openat(AT_FDCWD, ".", O_RDONLY [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... openat resumed>) = 6 [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5504] <... futex resumed>) = 0 [pid 5505] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5504] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5505] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] exit_group(0 [pid 5505] <... futex resumed>) = ? [pid 5504] <... exit_group resumed>) = ? [pid 5505] +++ exited with 0 +++ [pid 5504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5504, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 117.791460][ T5505] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/bus") = 0 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5510 attached [pid 5510] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5510] chdir("./74") = 0 [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5510 [pid 5510] setpgid(0, 0) = 0 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5510] write(3, "1000", 4) = 4 [pid 5510] close(3) = 0 [pid 5510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5510] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5511 attached [pid 5511] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5510] <... clone3 resumed> => {parent_tid=[5511]}, 88) = 5511 [pid 5511] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5511] <... set_robust_list resumed>) = 0 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5511] memfd_create("syzkaller", 0 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5511] <... memfd_create resumed>) = 3 [pid 5511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5511] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5511] close(3) = 0 [pid 5511] mkdir("./bus", 0777) = 0 [ 118.307732][ T5511] loop0: detected capacity change from 0 to 40427 [ 118.324963][ T5511] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 118.332792][ T5511] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 118.346025][ T5511] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5511] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5511] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5511] chdir("./bus") = 0 [pid 5511] ioctl(4, LOOP_CLR_FD) = 0 [pid 5511] close(4) = 0 [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... futex resumed>) = 0 [ 118.374452][ T5511] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 118.381565][ T5511] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5511] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5510] <... futex resumed>) = 0 [pid 5511] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... mkdirat resumed>) = 0 [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] fspick(AT_FDCWD, ".", 0) = 5 [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5511] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... fsconfig resumed>) = 0 [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = 0 [pid 5511] <... futex resumed>) = 1 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] openat(AT_FDCWD, ".", O_RDONLY [pid 5510] <... futex resumed>) = 0 [pid 5511] <... openat resumed>) = 6 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] getdents(6, [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5511] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5511] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] exit_group(0 [pid 5511] <... futex resumed>) = ? [pid 5510] <... exit_group resumed>) = ? [pid 5511] +++ exited with 0 +++ [pid 5510] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5510, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 118.523354][ T5511] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/bus") = 0 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5516 attached , child_tidptr=0x5555556ae690) = 5516 [pid 5516] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5516] chdir("./75") = 0 [pid 5516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5516] setpgid(0, 0) = 0 [pid 5516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5516] write(3, "1000", 4) = 4 [pid 5516] close(3) = 0 [pid 5516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5516] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5517 attached [pid 5517] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5516] <... clone3 resumed> => {parent_tid=[5517]}, 88) = 5517 [pid 5517] <... rseq resumed>) = 0 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], [pid 5517] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5517] <... set_robust_list resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], [pid 5516] <... futex resumed>) = 0 [pid 5517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5517] memfd_create("syzkaller", 0) = 3 [pid 5517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5517] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5517] close(3) = 0 [pid 5517] mkdir("./bus", 0777) = 0 [ 119.107627][ T5517] loop0: detected capacity change from 0 to 40427 [ 119.132877][ T5517] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 119.140662][ T5517] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 119.153600][ T5517] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5517] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5517] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5517] chdir("./bus") = 0 [pid 5517] ioctl(4, LOOP_CLR_FD) = 0 [pid 5517] close(4) = 0 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... mkdirat resumed>) = 0 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... futex resumed>) = 1 [pid 5517] fspick(AT_FDCWD, ".", 0) = 5 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 119.182445][ T5517] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 119.189595][ T5517] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... futex resumed>) = 1 [pid 5517] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5516] <... futex resumed>) = 0 [pid 5517] openat(AT_FDCWD, ".", O_RDONLY [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... openat resumed>) = 6 [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5517] <... futex resumed>) = 1 [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] getdents(6, [pid 5516] <... futex resumed>) = 0 [pid 5517] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5516] <... futex resumed>) = 0 [pid 5517] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5516] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5517] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] exit_group(0 [pid 5517] <... futex resumed>) = ? [pid 5516] <... exit_group resumed>) = ? [pid 5517] +++ exited with 0 +++ [pid 5516] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5516, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 119.297635][ T5517] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/bus") = 0 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5522 attached , child_tidptr=0x5555556ae690) = 5522 [pid 5522] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5522] chdir("./76") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5522] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5523 attached [pid 5523] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5522] <... clone3 resumed> => {parent_tid=[5523]}, 88) = 5523 [pid 5523] <... rseq resumed>) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] memfd_create("syzkaller", 0 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5523] <... memfd_create resumed>) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5523] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] mkdir("./bus", 0777) = 0 [ 119.959076][ T5523] loop0: detected capacity change from 0 to 40427 [ 119.973189][ T5523] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 119.980974][ T5523] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 119.993175][ T5523] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5523] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5523] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./bus") = 0 [pid 5523] ioctl(4, LOOP_CLR_FD) = 0 [pid 5523] close(4) = 0 [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 0 [pid 5523] <... futex resumed>) = 1 [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] openat(AT_FDCWD, ".", O_RDONLY [pid 5522] <... futex resumed>) = 0 [pid 5523] <... openat resumed>) = 4 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] <... futex resumed>) = 0 [pid 5523] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... mkdirat resumed>) = 0 [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] fspick(AT_FDCWD, ".", 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] <... fspick resumed>) = 5 [ 120.021886][ T5523] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 120.029238][ T5523] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 1 [pid 5523] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... fsconfig resumed>) = 0 [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] openat(AT_FDCWD, ".", O_RDONLY [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... openat resumed>) = 6 [pid 5522] <... futex resumed>) = 0 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5523] <... futex resumed>) = 0 [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] getdents(6, [pid 5522] <... futex resumed>) = 0 [ 120.146344][ T5523] f2fs_fill_dentries: 39 callbacks suppressed [ 120.146362][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.153010][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.160703][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.168261][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.175865][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5522] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = 0 [pid 5522] <... futex resumed>) = 0 [pid 5523] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5522] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5523] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... futex resumed>) = 0 [pid 5522] exit_group(0) = ? [pid 5523] <... futex resumed>) = ? [pid 5523] +++ exited with 0 +++ [pid 5522] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5522, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 120.183462][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.191156][ T5523] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.205989][ T5523] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/bus") = 0 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5528 attached , child_tidptr=0x5555556ae690) = 5528 [pid 5528] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5528] chdir("./77") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5528] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5529 attached [pid 5529] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5528] <... clone3 resumed> => {parent_tid=[5529]}, 88) = 5529 [pid 5529] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] <... set_robust_list resumed>) = 0 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5528] <... futex resumed>) = 0 [pid 5529] memfd_create("syzkaller", 0 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] <... memfd_create resumed>) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5529] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] mkdir("./bus", 0777) = 0 [ 120.789929][ T5529] loop0: detected capacity change from 0 to 40427 [ 120.810048][ T5529] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 120.817901][ T5529] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 120.830679][ T5529] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5529] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5529] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./bus") = 0 [pid 5529] ioctl(4, LOOP_CLR_FD) = 0 [pid 5529] close(4) = 0 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] openat(AT_FDCWD, ".", O_RDONLY [pid 5528] <... futex resumed>) = 0 [pid 5529] <... openat resumed>) = 4 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5528] <... futex resumed>) = 0 [ 120.860078][ T5529] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 120.867130][ T5529] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... mkdirat resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5529] fspick(AT_FDCWD, ".", 0 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... fspick resumed>) = 5 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 0 [pid 5528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... fsconfig resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5529] openat(AT_FDCWD, ".", O_RDONLY [pid 5528] <... futex resumed>) = 0 [pid 5529] <... openat resumed>) = 6 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 0 [pid 5529] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5528] <... futex resumed>) = 0 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5528] <... futex resumed>) = 0 [pid 5529] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5528] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5529] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5529] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... futex resumed>) = 0 [pid 5528] exit_group(0) = ? [pid 5529] <... futex resumed>) = ? [pid 5529] +++ exited with 0 +++ [pid 5528] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5528, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- [ 120.988712][ T5529] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.988745][ T5529] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 120.997051][ T5529] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 121.013941][ T5529] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/bus") = 0 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5534 attached [pid 5534] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5534] chdir("./78") = 0 [pid 5534] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5534 [pid 5534] <... prctl resumed>) = 0 [pid 5534] setpgid(0, 0) = 0 [pid 5534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5534] write(3, "1000", 4) = 4 [pid 5534] close(3) = 0 [pid 5534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5534] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5535 attached [pid 5535] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5534] <... clone3 resumed> => {parent_tid=[5535]}, 88) = 5535 [pid 5535] <... rseq resumed>) = 0 [pid 5535] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], [pid 5535] <... set_robust_list resumed>) = 0 [pid 5534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5535] rt_sigprocmask(SIG_SETMASK, [], [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5535] memfd_create("syzkaller", 0) = 3 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5535] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5535] close(3) = 0 [pid 5535] mkdir("./bus", 0777) = 0 [ 121.654302][ T5535] loop0: detected capacity change from 0 to 40427 [ 121.668433][ T5535] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 121.676498][ T5535] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 121.689743][ T5535] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5535] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5535] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5535] chdir("./bus") = 0 [pid 5535] ioctl(4, LOOP_CLR_FD) = 0 [pid 5535] close(4) = 0 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [ 121.718132][ T5535] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 121.725243][ T5535] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] <... futex resumed>) = 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... mkdirat resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] <... futex resumed>) = 0 [pid 5535] fspick(AT_FDCWD, ".", 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... fspick resumed>) = 5 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... fsconfig resumed>) = 0 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... fsconfig resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] openat(AT_FDCWD, ".", O_RDONLY [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... openat resumed>) = 6 [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] getdents(6, [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5534] <... futex resumed>) = 0 [pid 5535] <... futex resumed>) = 0 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5534] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5534] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5535] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] exit_group(0) = ? [pid 5535] <... futex resumed>) = ? [pid 5535] +++ exited with 0 +++ [pid 5534] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5534, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 121.857132][ T5535] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/bus") = 0 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5540 attached [pid 5540] set_robust_list(0x5555556ae6a0, 24 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5540 [pid 5540] <... set_robust_list resumed>) = 0 [pid 5540] chdir("./79") = 0 [pid 5540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5540] setpgid(0, 0) = 0 [pid 5540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5540] write(3, "1000", 4) = 4 [pid 5540] close(3) = 0 [pid 5540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5540] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5540] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5541 attached [pid 5541] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5540] <... clone3 resumed> => {parent_tid=[5541]}, 88) = 5541 [pid 5541] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], [pid 5541] <... set_robust_list resumed>) = 0 [pid 5540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5540] <... futex resumed>) = 0 [pid 5541] memfd_create("syzkaller", 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5541] <... memfd_create resumed>) = 3 [pid 5541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5541] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5541] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5541] close(3) = 0 [pid 5541] mkdir("./bus", 0777) = 0 [ 122.416365][ T5541] loop0: detected capacity change from 0 to 40427 [ 122.439152][ T5541] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 122.447060][ T5541] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 122.459098][ T5541] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5541] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5541] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5541] chdir("./bus") = 0 [pid 5541] ioctl(4, LOOP_CLR_FD) = 0 [pid 5541] close(4) = 0 [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] openat(AT_FDCWD, ".", O_RDONLY [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... openat resumed>) = 4 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... mkdirat resumed>) = 0 [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [ 122.487782][ T5541] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 122.494949][ T5541] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5541] fspick(AT_FDCWD, ".", 0 [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... fspick resumed>) = 5 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5540] <... futex resumed>) = 0 [pid 5541] <... fsconfig resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... fsconfig resumed>) = 0 [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5541] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = 0 [pid 5540] <... futex resumed>) = 1 [pid 5541] openat(AT_FDCWD, ".", O_RDONLY [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] <... openat resumed>) = 6 [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5540] <... futex resumed>) = 0 [pid 5541] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5541] <... futex resumed>) = 0 [pid 5540] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5541] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5540] <... futex resumed>) = 0 [pid 5541] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5540] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] <... futex resumed>) = 0 [pid 5541] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5540] exit_group(0 [pid 5541] <... futex resumed>) = ? [pid 5540] <... exit_group resumed>) = ? [pid 5541] +++ exited with 0 +++ [pid 5540] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5540, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 122.613481][ T5541] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/bus") = 0 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5546 attached , child_tidptr=0x5555556ae690) = 5546 [pid 5546] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5546] chdir("./80") = 0 [pid 5546] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5546] setpgid(0, 0) = 0 [pid 5546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5546] write(3, "1000", 4) = 4 [pid 5546] close(3) = 0 [pid 5546] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5546] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5547 attached [pid 5547] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5546] <... clone3 resumed> => {parent_tid=[5547]}, 88) = 5547 [pid 5547] <... rseq resumed>) = 0 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] <... set_robust_list resumed>) = 0 [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5546] <... futex resumed>) = 0 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5547] memfd_create("syzkaller", 0) = 3 [pid 5547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5547] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5547] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5547] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5547] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5547] close(3) = 0 [pid 5547] mkdir("./bus", 0777) = 0 [ 123.185017][ T5547] loop0: detected capacity change from 0 to 40427 [ 123.199565][ T5547] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 123.207417][ T5547] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 123.219377][ T5547] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5547] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5547] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5547] chdir("./bus") = 0 [pid 5547] ioctl(4, LOOP_CLR_FD) = 0 [pid 5547] close(4) = 0 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] openat(AT_FDCWD, ".", O_RDONLY [pid 5546] <... futex resumed>) = 0 [pid 5547] <... openat resumed>) = 4 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 123.247886][ T5547] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 123.255028][ T5547] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5547] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... mkdirat resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] fspick(AT_FDCWD, ".", 0 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... fspick resumed>) = 5 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5547] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... fsconfig resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... fsconfig resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5546] <... futex resumed>) = 0 [pid 5547] openat(AT_FDCWD, ".", O_RDONLY [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... openat resumed>) = 6 [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5546] <... futex resumed>) = 0 [pid 5547] <... futex resumed>) = 1 [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] getdents(6, [pid 5546] <... futex resumed>) = 0 [pid 5547] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5547] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5546] <... futex resumed>) = 0 [pid 5546] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5547] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5547] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5546] exit_group(0 [pid 5547] <... futex resumed>) = ? [pid 5546] <... exit_group resumed>) = ? [pid 5547] +++ exited with 0 +++ [pid 5546] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5546, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 123.386906][ T5547] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/bus") = 0 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5552 attached , child_tidptr=0x5555556ae690) = 5552 [pid 5552] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5552] chdir("./81") = 0 [pid 5552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5552] setpgid(0, 0) = 0 [pid 5552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5552] write(3, "1000", 4) = 4 [pid 5552] close(3) = 0 [pid 5552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5552] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5552] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5552] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5552] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5553 attached => {parent_tid=[5553]}, 88) = 5553 [pid 5553] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5553] <... rseq resumed>) = 0 [pid 5553] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5553] <... set_robust_list resumed>) = 0 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5553] memfd_create("syzkaller", 0) = 3 [pid 5553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5553] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5553] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5553] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5553] close(3) = 0 [pid 5553] mkdir("./bus", 0777) = 0 [ 123.901165][ T5553] loop0: detected capacity change from 0 to 40427 [ 123.921222][ T5553] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 123.929058][ T5553] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 123.941381][ T5553] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5553] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5553] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5553] chdir("./bus") = 0 [pid 5553] ioctl(4, LOOP_CLR_FD) = 0 [pid 5553] close(4) = 0 [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] openat(AT_FDCWD, ".", O_RDONLY [pid 5552] <... futex resumed>) = 0 [pid 5553] <... openat resumed>) = 4 [ 123.972462][ T5553] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 123.980133][ T5553] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = 0 [pid 5552] <... futex resumed>) = 1 [pid 5553] fspick(AT_FDCWD, ".", 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... fspick resumed>) = 5 [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5552] <... futex resumed>) = 0 [pid 5553] <... fsconfig resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] <... futex resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... fsconfig resumed>) = 0 [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5553] openat(AT_FDCWD, ".", O_RDONLY [pid 5552] <... futex resumed>) = 0 [pid 5553] <... openat resumed>) = 6 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5552] <... futex resumed>) = 0 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5552] <... futex resumed>) = 0 [pid 5553] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5552] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] <... futex resumed>) = 0 [pid 5553] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5552] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5553] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5553] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5552] <... futex resumed>) = 0 [pid 5552] exit_group(0 [pid 5553] <... futex resumed>) = ? [pid 5552] <... exit_group resumed>) = ? [pid 5553] +++ exited with 0 +++ [pid 5552] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5552, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 124.125855][ T5553] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/bus") = 0 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5558 attached , child_tidptr=0x5555556ae690) = 5558 [pid 5558] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5558] chdir("./82") = 0 [pid 5558] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5558] setpgid(0, 0) = 0 [pid 5558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5558] write(3, "1000", 4) = 4 [pid 5558] close(3) = 0 [pid 5558] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5558] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5559 attached [pid 5559] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5558] <... clone3 resumed> => {parent_tid=[5559]}, 88) = 5559 [pid 5559] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], [pid 5559] <... set_robust_list resumed>) = 0 [pid 5558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] memfd_create("syzkaller", 0 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5559] <... memfd_create resumed>) = 3 [pid 5559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5559] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5559] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5559] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5559] close(3) = 0 [pid 5559] mkdir("./bus", 0777) = 0 [ 124.626859][ T5559] loop0: detected capacity change from 0 to 40427 [ 124.651335][ T5559] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 124.659094][ T5559] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 124.671811][ T5559] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5559] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5559] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5559] chdir("./bus") = 0 [pid 5559] ioctl(4, LOOP_CLR_FD) = 0 [pid 5559] close(4) = 0 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] openat(AT_FDCWD, ".", O_RDONLY [pid 5558] <... futex resumed>) = 0 [pid 5559] <... openat resumed>) = 4 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... mkdirat resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] <... futex resumed>) = 0 [pid 5559] fspick(AT_FDCWD, ".", 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... fspick resumed>) = 5 [ 124.700888][ T5559] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 124.707986][ T5559] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = 0 [pid 5558] <... futex resumed>) = 1 [pid 5559] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... fsconfig resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] <... futex resumed>) = 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5558] <... futex resumed>) = 0 [pid 5559] getdents(6, [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5558] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5558] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5559] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5559] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5558] <... futex resumed>) = 0 [pid 5559] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5558] exit_group(0) = ? [pid 5559] <... futex resumed>) = ? [pid 5559] +++ exited with 0 +++ [pid 5558] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5558, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=22 /* 0.22 s */} --- umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 124.825802][ T5559] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/bus") = 0 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5564 attached , child_tidptr=0x5555556ae690) = 5564 [pid 5564] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5564] chdir("./83") = 0 [pid 5564] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5564] setpgid(0, 0) = 0 [pid 5564] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5564] write(3, "1000", 4) = 4 [pid 5564] close(3) = 0 [pid 5564] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5564] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5564] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5565 attached => {parent_tid=[5565]}, 88) = 5565 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5565] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5565] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5565] memfd_create("syzkaller", 0) = 3 [pid 5565] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5565] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5565] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5565] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5565] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5565] close(3) = 0 [pid 5565] mkdir("./bus", 0777) = 0 [ 125.384402][ T5565] loop0: detected capacity change from 0 to 40427 [ 125.404509][ T5565] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 125.412285][ T5565] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 125.424578][ T5565] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5565] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5565] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5565] chdir("./bus") = 0 [pid 5565] ioctl(4, LOOP_CLR_FD) = 0 [pid 5565] close(4) = 0 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5565] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... mkdirat resumed>) = 0 [ 125.453135][ T5565] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 125.460517][ T5565] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = 0 [pid 5564] <... futex resumed>) = 1 [pid 5565] fspick(AT_FDCWD, ".", 0) = 5 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5564] <... futex resumed>) = 0 [pid 5565] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... fsconfig resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5565] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5564] <... futex resumed>) = 0 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] <... fsconfig resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5565] <... futex resumed>) = 1 [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] openat(AT_FDCWD, ".", O_RDONLY [pid 5564] <... futex resumed>) = 0 [pid 5565] <... openat resumed>) = 6 [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5565] getdents(6, [pid 5564] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 125.566003][ T5565] f2fs_fill_dentries: 39 callbacks suppressed [ 125.566020][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 125.572315][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 125.580002][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 125.587541][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 125.595288][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5564] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5565] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5564] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5564] <... futex resumed>) = 0 [pid 5564] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5564] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5564] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0}./strace-static-x86_64: Process 5570 attached [pid 5570] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053 [pid 5564] <... clone3 resumed> => {parent_tid=[5570]}, 88) = 5570 [pid 5570] <... rseq resumed>) = 0 [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5570] set_robust_list(0x7fa1a5e299a0, 24 [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] <... set_robust_list resumed>) = 0 [pid 5564] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5564] <... futex resumed>) = 0 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5564] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 125.602917][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5570] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5570] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5564] <... futex resumed>) = 0 [pid 5570] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] exit_group(0 [pid 5565] <... futex resumed>) = ? [pid 5570] <... futex resumed>) = ? [pid 5564] <... exit_group resumed>) = ? [pid 5570] +++ exited with 0 +++ [pid 5565] +++ exited with 0 +++ [pid 5564] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5564, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=26 /* 0.26 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 125.610527][ T5565] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 125.645007][ T5570] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/bus") = 0 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5571 attached [pid 5571] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5571] chdir("./84" [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5571 [pid 5571] <... chdir resumed>) = 0 [pid 5571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5571] setpgid(0, 0) = 0 [pid 5571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5571] write(3, "1000", 4) = 4 [pid 5571] close(3) = 0 [pid 5571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5571] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5572 attached [pid 5572] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5571] <... clone3 resumed> => {parent_tid=[5572]}, 88) = 5572 [pid 5572] <... rseq resumed>) = 0 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5572] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5572] <... set_robust_list resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] <... futex resumed>) = 0 [pid 5572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5572] memfd_create("syzkaller", 0) = 3 [pid 5572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5572] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5572] close(3) = 0 [pid 5572] mkdir("./bus", 0777) = 0 [ 126.180009][ T5572] loop0: detected capacity change from 0 to 40427 [ 126.199451][ T5572] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 126.207243][ T5572] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 126.219419][ T5572] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5572] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5572] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5572] chdir("./bus") = 0 [pid 5572] ioctl(4, LOOP_CLR_FD) = 0 [pid 5572] close(4) = 0 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... mkdirat resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] fspick(AT_FDCWD, ".", 0 [pid 5571] <... futex resumed>) = 0 [pid 5572] <... fspick resumed>) = 5 [ 126.248183][ T5572] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 126.255393][ T5572] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = 0 [pid 5571] <... futex resumed>) = 1 [pid 5572] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... fsconfig resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] <... futex resumed>) = 0 [pid 5572] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... fsconfig resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5572] <... futex resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] getdents(6, [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5571] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5572] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] exit_group(0 [pid 5572] <... futex resumed>) = ? [pid 5571] <... exit_group resumed>) = ? [pid 5572] +++ exited with 0 +++ [pid 5571] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5571, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 126.367993][ T5572] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 126.368024][ T5572] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 126.375748][ T5572] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 126.392757][ T5572] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/bus") = 0 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5577 attached [pid 5577] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5577] chdir("./85") = 0 [pid 5577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5577 [pid 5577] setpgid(0, 0) = 0 [pid 5577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5577] write(3, "1000", 4) = 4 [pid 5577] close(3) = 0 [pid 5577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5577] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5578 attached => {parent_tid=[5578]}, 88) = 5578 [pid 5578] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], [pid 5578] <... rseq resumed>) = 0 [pid 5578] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] <... set_robust_list resumed>) = 0 [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5578] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] memfd_create("syzkaller", 0) = 3 [pid 5578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5578] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5578] close(3) = 0 [pid 5578] mkdir("./bus", 0777) = 0 [ 126.989409][ T5578] loop0: detected capacity change from 0 to 40427 [ 126.998679][ T5578] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 127.006507][ T5578] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 127.018171][ T5578] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5578] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5578] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5578] chdir("./bus") = 0 [pid 5578] ioctl(4, LOOP_CLR_FD) = 0 [pid 5578] close(4) = 0 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] openat(AT_FDCWD, ".", O_RDONLY [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... openat resumed>) = 4 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [ 127.047137][ T5578] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 127.054485][ T5578] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... mkdirat resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5578] fspick(AT_FDCWD, ".", 0 [pid 5577] <... futex resumed>) = 1 [pid 5578] <... fspick resumed>) = 5 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... fsconfig resumed>) = 0 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... futex resumed>) = 0 [pid 5577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... fsconfig resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] openat(AT_FDCWD, ".", O_RDONLY [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... openat resumed>) = 6 [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5577] <... futex resumed>) = 0 [pid 5578] <... futex resumed>) = 1 [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] getdents(6, [pid 5577] <... futex resumed>) = 0 [pid 5578] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5577] <... futex resumed>) = 0 [pid 5578] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5577] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5578] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5578] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] exit_group(0 [pid 5578] <... futex resumed>) = ? [pid 5577] <... exit_group resumed>) = ? [pid 5578] +++ exited with 0 +++ [pid 5577] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5577, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 127.187157][ T5578] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/bus") = 0 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5583 attached , child_tidptr=0x5555556ae690) = 5583 [pid 5583] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5583] chdir("./86") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5583] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5584 attached [pid 5584] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5583] <... clone3 resumed> => {parent_tid=[5584]}, 88) = 5584 [pid 5584] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], [pid 5584] <... set_robust_list resumed>) = 0 [pid 5583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5583] <... futex resumed>) = 0 [pid 5584] memfd_create("syzkaller", 0 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] <... memfd_create resumed>) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5584] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] mkdir("./bus", 0777) = 0 [ 127.765709][ T5584] loop0: detected capacity change from 0 to 40427 [ 127.775088][ T5584] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 127.782899][ T5584] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 127.795261][ T5584] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5584] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5584] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] chdir("./bus") = 0 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] openat(AT_FDCWD, ".", O_RDONLY [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... openat resumed>) = 4 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] <... mkdirat resumed>) = 0 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] fspick(AT_FDCWD, ".", 0 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... fspick resumed>) = 5 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] <... futex resumed>) = 0 [pid 5584] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... fsconfig resumed>) = 0 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5583] <... futex resumed>) = 0 [ 127.823532][ T5584] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 127.830682][ T5584] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... fsconfig resumed>) = 0 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5584] <... futex resumed>) = 0 [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] openat(AT_FDCWD, ".", O_RDONLY [pid 5583] <... futex resumed>) = 0 [pid 5584] <... openat resumed>) = 6 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] <... futex resumed>) = 0 [pid 5584] getdents(6, [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5583] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5584] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] exit_group(0 [pid 5584] <... futex resumed>) = ? [pid 5583] <... exit_group resumed>) = ? [pid 5584] +++ exited with 0 +++ [pid 5583] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5583, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 127.946005][ T5584] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/bus") = 0 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556ae690) = 5589 ./strace-static-x86_64: Process 5589 attached [pid 5589] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5589] chdir("./87") = 0 [pid 5589] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5589] setpgid(0, 0) = 0 [pid 5589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5589] write(3, "1000", 4) = 4 [pid 5589] close(3) = 0 [pid 5589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5589] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5590 attached [pid 5590] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5589] <... clone3 resumed> => {parent_tid=[5590]}, 88) = 5590 [pid 5590] <... rseq resumed>) = 0 [pid 5590] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5589] rt_sigprocmask(SIG_SETMASK, [], [pid 5590] <... set_robust_list resumed>) = 0 [pid 5589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5590] memfd_create("syzkaller", 0) = 3 [pid 5590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5590] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5590] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5590] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5590] close(3) = 0 [pid 5590] mkdir("./bus", 0777) = 0 [ 128.493501][ T5590] loop0: detected capacity change from 0 to 40427 [ 128.503198][ T5590] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 128.511108][ T5590] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 128.522983][ T5590] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5590] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5590] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5590] chdir("./bus") = 0 [pid 5590] ioctl(4, LOOP_CLR_FD) = 0 [pid 5590] close(4) = 0 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5589] <... futex resumed>) = 1 [pid 5590] openat(AT_FDCWD, ".", O_RDONLY [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... openat resumed>) = 4 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [ 128.551245][ T5590] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 128.558306][ T5590] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5590] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... mkdirat resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] <... futex resumed>) = 0 [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5589] <... futex resumed>) = 1 [pid 5590] fspick(AT_FDCWD, ".", 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... fspick resumed>) = 5 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5590] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... fsconfig resumed>) = 0 [pid 5589] <... futex resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... futex resumed>) = 0 [pid 5589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5589] <... futex resumed>) = 0 [pid 5590] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... fsconfig resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] openat(AT_FDCWD, ".", O_RDONLY [pid 5589] <... futex resumed>) = 0 [pid 5590] <... openat resumed>) = 6 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5589] <... futex resumed>) = 0 [pid 5590] getdents(6, [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5590] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5589] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5590] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5590] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5589] <... futex resumed>) = 0 [pid 5590] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5589] exit_group(0) = ? [pid 5590] <... futex resumed>) = ? [pid 5590] +++ exited with 0 +++ [pid 5589] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5589, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 128.670053][ T5590] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/bus") = 0 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5595 attached , child_tidptr=0x5555556ae690) = 5595 [pid 5595] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5595] chdir("./88") = 0 [pid 5595] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5595] setpgid(0, 0) = 0 [pid 5595] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5595] write(3, "1000", 4) = 4 [pid 5595] close(3) = 0 [pid 5595] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5595] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5595] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5595] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5595] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5595] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5596 attached => {parent_tid=[5596]}, 88) = 5596 [pid 5596] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], [pid 5596] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5595] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] <... set_robust_list resumed>) = 0 [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5596] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5596] memfd_create("syzkaller", 0) = 3 [pid 5596] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5596] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5596] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5596] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5596] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5596] close(3) = 0 [pid 5596] mkdir("./bus", 0777) = 0 [ 129.241856][ T5596] loop0: detected capacity change from 0 to 40427 [ 129.257829][ T5596] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 129.265975][ T5596] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 129.278200][ T5596] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5596] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5596] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5596] chdir("./bus") = 0 [pid 5596] ioctl(4, LOOP_CLR_FD) = 0 [pid 5596] close(4) = 0 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] <... futex resumed>) = 0 [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] <... futex resumed>) = 0 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] <... futex resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 129.306454][ T5596] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 129.313649][ T5596] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = 0 [pid 5595] <... futex resumed>) = 1 [pid 5596] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... mkdirat resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] <... futex resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5595] <... futex resumed>) = 0 [pid 5596] fspick(AT_FDCWD, ".", 0 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... fspick resumed>) = 5 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] <... futex resumed>) = 0 [pid 5596] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... fsconfig resumed>) = 0 [pid 5595] <... futex resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... futex resumed>) = 0 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5595] <... futex resumed>) = 0 [pid 5596] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... fsconfig resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] <... futex resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5595] <... futex resumed>) = 0 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5595] <... futex resumed>) = 0 [pid 5596] getdents(6, [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5595] <... futex resumed>) = 0 [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... futex resumed>) = 0 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5596] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5595] <... futex resumed>) = 0 [pid 5596] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5595] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5596] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5596] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5596] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5595] <... futex resumed>) = 0 [pid 5595] exit_group(0 [pid 5596] <... futex resumed>) = ? [pid 5595] <... exit_group resumed>) = ? [pid 5596] +++ exited with 0 +++ [pid 5595] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5595, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 129.434538][ T5596] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/bus") = 0 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5601 attached , child_tidptr=0x5555556ae690) = 5601 [pid 5601] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5601] chdir("./89") = 0 [pid 5601] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5601] setpgid(0, 0) = 0 [pid 5601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5601] write(3, "1000", 4) = 4 [pid 5601] close(3) = 0 [pid 5601] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5601] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5602 attached => {parent_tid=[5602]}, 88) = 5602 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5602] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5602] <... rseq resumed>) = 0 [pid 5602] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5602] memfd_create("syzkaller", 0) = 3 [pid 5602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5602] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5602] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5602] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5602] close(3) = 0 [pid 5602] mkdir("./bus", 0777) = 0 [ 129.945057][ T5602] loop0: detected capacity change from 0 to 40427 [ 129.971552][ T5602] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 129.979321][ T5602] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 129.991990][ T5602] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5602] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5602] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5602] chdir("./bus") = 0 [pid 5602] ioctl(4, LOOP_CLR_FD) = 0 [pid 5602] close(4) = 0 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5601] <... futex resumed>) = 1 [pid 5602] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... mkdirat resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5602] fspick(AT_FDCWD, ".", 0) = 5 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = 0 [pid 5601] <... futex resumed>) = 1 [pid 5602] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... fsconfig resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [ 130.020406][ T5602] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 130.027470][ T5602] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5601] <... futex resumed>) = 0 [pid 5602] openat(AT_FDCWD, ".", O_RDONLY [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... openat resumed>) = 6 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] getdents(6, [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... futex resumed>) = 0 [pid 5601] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5602] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5602] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5601] <... futex resumed>) = 0 [pid 5601] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5602] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5602] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5602] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5601] exit_group(0 [pid 5602] <... futex resumed>) = ? [pid 5601] <... exit_group resumed>) = ? [pid 5602] +++ exited with 0 +++ [pid 5601] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5601, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- [ 130.133352][ T5602] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/bus") = 0 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5607 attached , child_tidptr=0x5555556ae690) = 5607 [pid 5607] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5607] chdir("./90") = 0 [pid 5607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5607] setpgid(0, 0) = 0 [pid 5607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5607] write(3, "1000", 4) = 4 [pid 5607] close(3) = 0 [pid 5607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5607] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5608 attached => {parent_tid=[5608]}, 88) = 5608 [pid 5608] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5608] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] memfd_create("syzkaller", 0 [pid 5607] <... futex resumed>) = 0 [pid 5608] <... memfd_create resumed>) = 3 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5608] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5608] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5608] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5608] close(3) = 0 [pid 5608] mkdir("./bus", 0777) = 0 [ 130.763708][ T5608] loop0: detected capacity change from 0 to 40427 [ 130.780095][ T5608] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 130.787862][ T5608] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 130.800596][ T5608] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5608] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5608] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5608] chdir("./bus") = 0 [pid 5608] ioctl(4, LOOP_CLR_FD) = 0 [pid 5608] close(4) = 0 [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5608] openat(AT_FDCWD, ".", O_RDONLY [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... openat resumed>) = 4 [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5607] <... futex resumed>) = 1 [pid 5608] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... mkdirat resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] fspick(AT_FDCWD, ".", 0 [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] <... fspick resumed>) = 5 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5608] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5607] <... futex resumed>) = 0 [pid 5608] <... fsconfig resumed>) = 0 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5608] <... futex resumed>) = 0 [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5607] <... futex resumed>) = 0 [ 130.828923][ T5608] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 130.836073][ T5608] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... fsconfig resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... futex resumed>) = 0 [pid 5607] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5607] <... futex resumed>) = 1 [pid 5608] getdents(6, [ 130.934259][ T5608] f2fs_fill_dentries: 39 callbacks suppressed [ 130.934278][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 130.940744][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 130.948383][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 130.956165][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 130.964073][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5607] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5608] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5608] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... futex resumed>) = 0 [pid 5607] <... futex resumed>) = 0 [pid 5608] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [pid 5607] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5607] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0}./strace-static-x86_64: Process 5613 attached [pid 5613] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5607] <... clone3 resumed> => {parent_tid=[5613]}, 88) = 5613 [pid 5613] set_robust_list(0x7fa1a5e299a0, 24 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], [pid 5613] <... set_robust_list resumed>) = 0 [pid 5607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5607] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5613] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5607] <... futex resumed>) = 0 [ 130.972207][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5607] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5613] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5613] <... futex resumed>) = 1 [pid 5607] exit_group(0 [pid 5613] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5607] <... exit_group resumed>) = ? [pid 5613] <... futex resumed>) = ? [pid 5613] +++ exited with 0 +++ [pid 5608] <... futex resumed>) = ? [pid 5608] +++ exited with 0 +++ [pid 5607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5607, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 130.979871][ T5608] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 131.014179][ T5613] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/bus") = 0 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached , child_tidptr=0x5555556ae690) = 5614 [pid 5614] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5614] chdir("./91") = 0 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5614] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5615 attached [pid 5615] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5614] <... clone3 resumed> => {parent_tid=[5615]}, 88) = 5615 [pid 5615] <... rseq resumed>) = 0 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5615] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5615] <... set_robust_list resumed>) = 0 [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], [pid 5614] <... futex resumed>) = 0 [pid 5615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5615] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./bus", 0777) = 0 [ 131.591977][ T5615] loop0: detected capacity change from 0 to 40427 [ 131.615988][ T5615] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 131.624293][ T5615] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 131.636132][ T5615] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5615] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5615] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./bus") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] openat(AT_FDCWD, ".", O_RDONLY [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... openat resumed>) = 4 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5615] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5614] <... futex resumed>) = 0 [ 131.664696][ T5615] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 131.671833][ T5615] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... mkdirat resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] fspick(AT_FDCWD, ".", 0) = 5 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] <... futex resumed>) = 0 [pid 5615] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... fsconfig resumed>) = 0 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... futex resumed>) = 0 [pid 5614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5615] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... fsconfig resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] openat(AT_FDCWD, ".", O_RDONLY [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... openat resumed>) = 6 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] getdents(6, [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5614] <... futex resumed>) = 0 [pid 5615] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5614] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5615] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] exit_group(0 [pid 5615] <... futex resumed>) = ? [pid 5614] <... exit_group resumed>) = ? [pid 5615] +++ exited with 0 +++ [pid 5614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5614, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} --- [ 131.796888][ T5615] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 131.796927][ T5615] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 131.805157][ T5615] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 131.821463][ T5615] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/bus") = 0 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5620 attached [pid 5620] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5620] chdir("./92") = 0 [pid 5620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5620 [pid 5620] setpgid(0, 0) = 0 [pid 5620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5620] write(3, "1000", 4) = 4 [pid 5620] close(3) = 0 [pid 5620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5620] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5621 attached [pid 5621] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5620] <... clone3 resumed> => {parent_tid=[5621]}, 88) = 5621 [pid 5621] <... rseq resumed>) = 0 [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5621] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5621] <... set_robust_list resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] <... futex resumed>) = 0 [pid 5621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5621] memfd_create("syzkaller", 0) = 3 [pid 5621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5621] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5621] close(3) = 0 [pid 5621] mkdir("./bus", 0777) = 0 [ 132.376435][ T5621] loop0: detected capacity change from 0 to 40427 [ 132.396111][ T5621] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 132.404063][ T5621] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 132.416299][ T5621] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5621] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5621] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5621] chdir("./bus") = 0 [pid 5621] ioctl(4, LOOP_CLR_FD) = 0 [pid 5621] close(4) = 0 [ 132.444650][ T5621] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 132.451782][ T5621] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5620] <... futex resumed>) = 1 [pid 5621] openat(AT_FDCWD, ".", O_RDONLY [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... openat resumed>) = 4 [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000) = 0 [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] fspick(AT_FDCWD, ".", 0 [pid 5620] <... futex resumed>) = 0 [pid 5621] <... fspick resumed>) = 5 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5620] <... futex resumed>) = 0 [pid 5621] <... fsconfig resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5621] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... fsconfig resumed>) = 0 [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = 0 [pid 5621] openat(AT_FDCWD, ".", O_RDONLY [pid 5620] <... futex resumed>) = 1 [pid 5621] <... openat resumed>) = 6 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5620] <... futex resumed>) = 0 [pid 5621] getdents(6, [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5620] <... futex resumed>) = 0 [pid 5621] <... futex resumed>) = 1 [pid 5620] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5621] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5621] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... futex resumed>) = 0 [pid 5620] exit_group(0 [pid 5621] <... futex resumed>) = ? [pid 5621] +++ exited with 0 +++ [pid 5620] <... exit_group resumed>) = ? [pid 5620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5620, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 132.605431][ T5621] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/bus") = 0 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5626 attached [pid 5626] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5626] chdir("./93") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5626 [pid 5626] <... prctl resumed>) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5626] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5626] <... clone3 resumed> => {parent_tid=[5627]}, 88) = 5627 [pid 5627] <... rseq resumed>) = 0 [pid 5627] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5627] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] mkdir("./bus", 0777) = 0 [ 133.261757][ T5627] loop0: detected capacity change from 0 to 40427 [ 133.276686][ T5627] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 133.284571][ T5627] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 133.297357][ T5627] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5627] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5627] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./bus") = 0 [pid 5627] ioctl(4, LOOP_CLR_FD) = 0 [pid 5627] close(4) = 0 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] openat(AT_FDCWD, ".", O_RDONLY [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 4 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... mkdirat resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [ 133.325884][ T5627] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 133.333034][ T5627] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5627] fspick(AT_FDCWD, ".", 0) = 5 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = 1 [pid 5627] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... fsconfig resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5626] <... futex resumed>) = 0 [pid 5627] openat(AT_FDCWD, ".", O_RDONLY [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... openat resumed>) = 6 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] getdents(6, [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... futex resumed>) = 0 [pid 5626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5627] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5627] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5627] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] exit_group(0 [pid 5627] <... futex resumed>) = ? [pid 5626] <... exit_group resumed>) = ? [pid 5627] +++ exited with 0 +++ [pid 5626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5626, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 133.457621][ T5627] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/bus") = 0 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached [pid 5632] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5632] chdir("./94") = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5632 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5632] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] memfd_create("syzkaller", 0 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... memfd_create resumed>) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5633] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] mkdir("./bus", 0777) = 0 [ 134.032414][ T5633] loop0: detected capacity change from 0 to 40427 [ 134.047057][ T5633] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 134.055047][ T5633] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 134.066826][ T5633] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5633] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5633] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./bus") = 0 [pid 5633] ioctl(4, LOOP_CLR_FD) = 0 [pid 5633] close(4) = 0 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] <... futex resumed>) = 0 [pid 5633] openat(AT_FDCWD, ".", O_RDONLY [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... openat resumed>) = 4 [ 134.095558][ T5633] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 134.102744][ T5633] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... mkdirat resumed>) = 0 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] fspick(AT_FDCWD, ".", 0 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... fspick resumed>) = 5 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5632] <... futex resumed>) = 0 [pid 5633] <... fsconfig resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5633] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... fsconfig resumed>) = 0 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5633] openat(AT_FDCWD, ".", O_RDONLY [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... openat resumed>) = 6 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = 0 [pid 5632] <... futex resumed>) = 1 [pid 5633] getdents(6, [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5632] <... futex resumed>) = 0 [pid 5633] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5632] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5633] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5633] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... futex resumed>) = 0 [pid 5632] exit_group(0 [pid 5633] <... futex resumed>) = ? [pid 5632] <... exit_group resumed>) = ? [pid 5633] +++ exited with 0 +++ [pid 5632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5632, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 134.216648][ T5633] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/bus") = 0 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5638 attached , child_tidptr=0x5555556ae690) = 5638 [pid 5638] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5638] chdir("./95") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5638] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5639 attached [pid 5639] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5638] <... clone3 resumed> => {parent_tid=[5639]}, 88) = 5639 [pid 5639] <... rseq resumed>) = 0 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], [pid 5639] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5639] <... set_robust_list resumed>) = 0 [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], [pid 5638] <... futex resumed>) = 0 [pid 5639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5639] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./bus", 0777) = 0 [ 134.837653][ T5639] loop0: detected capacity change from 0 to 40427 [ 134.847435][ T5639] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 134.855371][ T5639] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 134.867515][ T5639] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5639] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5639] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./bus") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] <... futex resumed>) = 0 [pid 5639] openat(AT_FDCWD, ".", O_RDONLY [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... openat resumed>) = 4 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... mkdirat resumed>) = 0 [ 134.896167][ T5639] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 134.903291][ T5639] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] fspick(AT_FDCWD, ".", 0 [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... fspick resumed>) = 5 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5639] <... futex resumed>) = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... fsconfig resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] openat(AT_FDCWD, ".", O_RDONLY [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... openat resumed>) = 6 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5638] <... futex resumed>) = 0 [pid 5639] getdents(6, [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5639] <... futex resumed>) = 1 [pid 5639] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5638] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5639] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] exit_group(0 [pid 5639] <... futex resumed>) = ? [pid 5638] <... exit_group resumed>) = ? [pid 5639] +++ exited with 0 +++ [pid 5638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5638, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 135.039292][ T5639] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/bus") = 0 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5644 attached , child_tidptr=0x5555556ae690) = 5644 [pid 5644] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5644] chdir("./96") = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [pid 5644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5644] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5645] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5644] <... clone3 resumed> => {parent_tid=[5645]}, 88) = 5645 [pid 5645] <... set_robust_list resumed>) = 0 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] memfd_create("syzkaller", 0 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5645] <... memfd_create resumed>) = 3 [pid 5645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5645] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5645] close(3) = 0 [pid 5645] mkdir("./bus", 0777) = 0 [ 135.662050][ T5645] loop0: detected capacity change from 0 to 40427 [ 135.685394][ T5645] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 135.693197][ T5645] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 135.705323][ T5645] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5645] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5645] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5645] chdir("./bus") = 0 [pid 5645] ioctl(4, LOOP_CLR_FD) = 0 [pid 5645] close(4) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] openat(AT_FDCWD, ".", O_RDONLY [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... openat resumed>) = 4 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... mkdirat resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = 0 [ 135.735174][ T5645] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 135.742290][ T5645] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5645] <... futex resumed>) = 1 [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] fspick(AT_FDCWD, ".", 0 [pid 5644] <... futex resumed>) = 0 [pid 5645] <... fspick resumed>) = 5 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... fsconfig resumed>) = 0 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] <... futex resumed>) = 0 [pid 5645] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... fsconfig resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] <... futex resumed>) = 0 [pid 5645] openat(AT_FDCWD, ".", O_RDONLY [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... openat resumed>) = 6 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] <... futex resumed>) = 0 [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = 0 [pid 5644] <... futex resumed>) = 1 [pid 5644] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054) = -1 EEXIST (File exists) [pid 5645] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5645] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] <... futex resumed>) = 0 [pid 5644] exit_group(0) = ? [pid 5645] <... futex resumed>) = ? [pid 5645] +++ exited with 0 +++ [pid 5644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5644, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 135.861248][ T5645] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/bus") = 0 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5650 attached , child_tidptr=0x5555556ae690) = 5650 [pid 5650] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5650] chdir("./97") = 0 [pid 5650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5650] setpgid(0, 0) = 0 [pid 5650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5650] write(3, "1000", 4) = 4 [pid 5650] close(3) = 0 [pid 5650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5650] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5651 attached => {parent_tid=[5651]}, 88) = 5651 [pid 5651] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] <... rseq resumed>) = 0 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5651] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5651] memfd_create("syzkaller", 0) = 3 [pid 5651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5651] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5651] close(3) = 0 [pid 5651] mkdir("./bus", 0777) = 0 [ 136.438581][ T5651] loop0: detected capacity change from 0 to 40427 [ 136.463560][ T5651] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 136.471354][ T5651] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 136.483533][ T5651] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5651] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5651] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5651] chdir("./bus") = 0 [pid 5651] ioctl(4, LOOP_CLR_FD) = 0 [pid 5651] close(4) = 0 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] <... futex resumed>) = 0 [pid 5651] openat(AT_FDCWD, ".", O_RDONLY [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... openat resumed>) = 4 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] <... futex resumed>) = 0 [pid 5651] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... mkdirat resumed>) = 0 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... futex resumed>) = 1 [pid 5651] fspick(AT_FDCWD, ".", 0) = 5 [ 136.512425][ T5651] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 136.519485][ T5651] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... futex resumed>) = 1 [pid 5651] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... futex resumed>) = 1 [pid 5651] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5650] <... futex resumed>) = 0 [pid 5651] openat(AT_FDCWD, ".", O_RDONLY [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... openat resumed>) = 6 [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... futex resumed>) = 1 [pid 5651] getdents(6, [pid 5650] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5650] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [ 136.660270][ T5651] f2fs_fill_dentries: 39 callbacks suppressed [ 136.660289][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 136.666408][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 136.674275][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 136.681978][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 136.689533][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5651] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5650] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE [pid 5651] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... mprotect resumed>) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5651] <... futex resumed>) = 0 [pid 5651] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0}./strace-static-x86_64: Process 5656 attached => {parent_tid=[5656]}, 88) = 5656 [pid 5656] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053) = 0 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] set_robust_list(0x7fa1a5e299a0, 24 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] <... set_robust_list resumed>) = 0 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5650] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] <... futex resumed>) = 0 [ 136.697124][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [pid 5656] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5650] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5656] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5656] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] <... futex resumed>) = 0 [pid 5650] exit_group(0 [pid 5651] <... futex resumed>) = ? [pid 5650] <... exit_group resumed>) = ? [pid 5656] <... futex resumed>) = ? [pid 5651] +++ exited with 0 +++ [pid 5656] +++ exited with 0 +++ [pid 5650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5650, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=30 /* 0.30 s */} --- [ 136.704883][ T5651] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 136.744989][ T5656] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/bus") = 0 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5657 attached [pid 5657] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5657] chdir("./98") = 0 [pid 5657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] <... clone resumed>, child_tidptr=0x5555556ae690) = 5657 [pid 5657] setpgid(0, 0) = 0 [pid 5657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5657] write(3, "1000", 4) = 4 [pid 5657] close(3) = 0 [pid 5657] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5657] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5657] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5658 attached => {parent_tid=[5658]}, 88) = 5658 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5658] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053) = 0 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] set_robust_list(0x7fa1a5e4a9a0, 24 [pid 5657] <... futex resumed>) = 0 [pid 5658] <... set_robust_list resumed>) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5658] memfd_create("syzkaller", 0) = 3 [pid 5658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5658] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5658] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5658] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5658] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5658] close(3) = 0 [pid 5658] mkdir("./bus", 0777) = 0 [ 137.355794][ T5658] loop0: detected capacity change from 0 to 40427 [ 137.382470][ T5658] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 137.390405][ T5658] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 137.403309][ T5658] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5658] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5658] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5658] chdir("./bus") = 0 [pid 5658] ioctl(4, LOOP_CLR_FD) = 0 [pid 5658] close(4) = 0 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5658] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5658] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] <... futex resumed>) = 1 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5657] <... futex resumed>) = 1 [ 137.432116][ T5658] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 137.439189][ T5658] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5658] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... mkdirat resumed>) = 0 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5658] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] fspick(AT_FDCWD, ".", 0) = 5 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 1 [pid 5658] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5658] <... futex resumed>) = 1 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... fsconfig resumed>) = 0 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 1 [pid 5658] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... futex resumed>) = 1 [pid 5658] getdents(6, 0x20000200 /* 1 entries */, 188) = 96 [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5658] <... futex resumed>) = 0 [pid 5658] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5657] <... futex resumed>) = 1 [pid 5657] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5658] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5657] <... futex resumed>) = 0 [pid 5658] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5657] exit_group(0) = ? [pid 5658] <... futex resumed>) = ? [ 137.580795][ T5658] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 137.580827][ T5658] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 137.588473][ T5658] F2FS-fs (loop0): invalid namelen(0), ino:0, run fsck to fix. [ 137.603407][ T5658] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint [pid 5658] +++ exited with 0 +++ [pid 5657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5657, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555556b7770 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555556b7770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/bus") = 0 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 getdents64(3, 0x5555556af730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5663 attached , child_tidptr=0x5555556ae690) = 5663 [pid 5663] set_robust_list(0x5555556ae6a0, 24) = 0 [pid 5663] chdir("./99") = 0 [pid 5663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5663] setpgid(0, 0) = 0 [pid 5663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5663] write(3, "1000", 4) = 4 [pid 5663] close(3) = 0 [pid 5663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] rt_sigaction(SIGRT_1, {sa_handler=0x7fa1a5eb4030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa1a5ea51e0}, NULL, 8) = 0 [pid 5663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e2a000 [pid 5663] mprotect(0x7fa1a5e2b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e4a990, parent_tid=0x7fa1a5e4a990, exit_signal=0, stack=0x7fa1a5e2a000, stack_size=0x20300, tls=0x7fa1a5e4a6c0}./strace-static-x86_64: Process 5664 attached => {parent_tid=[5664]}, 88) = 5664 [pid 5664] rseq(0x7fa1a5e4afe0, 0x20, 0, 0x53053053 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], [pid 5664] <... rseq resumed>) = 0 [pid 5663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5664] set_robust_list(0x7fa1a5e4a9a0, 24) = 0 [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] rt_sigprocmask(SIG_SETMASK, [], [pid 5663] <... futex resumed>) = 0 [pid 5664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5664] memfd_create("syzkaller", 0) = 3 [pid 5664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa19da2a000 [pid 5664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 5664] munmap(0x7fa19da2a000, 138412032) = 0 [pid 5664] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5664] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5664] close(3) = 0 [pid 5664] mkdir("./bus", 0777) = 0 [ 138.193108][ T5664] loop0: detected capacity change from 0 to 40427 [ 138.236319][ T5664] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 138.244599][ T5664] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 138.261873][ T5664] F2FS-fs (loop0): Found nat_bits in checkpoint [pid 5664] mount("/dev/loop0", "./bus", "f2fs", MS_SYNCHRONOUS|MS_NOATIME|MS_SILENT|MS_LAZYTIME, "fastboot,quota") = 0 [pid 5664] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5664] chdir("./bus") = 0 [pid 5664] ioctl(4, LOOP_CLR_FD) = 0 [pid 5664] close(4) = 0 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5664] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = 1 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5664] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5663] <... futex resumed>) = 0 [pid 5664] mkdirat(4, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 000 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... mkdirat resumed>) = 0 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5664] futex(0x7fa1a5f1b6c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = 1 [pid 5664] fspick(AT_FDCWD, ".", 0 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... fspick resumed>) = 5 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5664] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... fsconfig resumed>) = 0 [pid 5663] <... futex resumed>) = 0 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5664] <... futex resumed>) = 0 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5664] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5663] futex(0x7fa1a5f1b6c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 138.323743][ T5664] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 138.331358][ T5664] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [pid 5663] futex(0x7fa1a5f1b6cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5663] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa1a5e09000 [pid 5663] mprotect(0x7fa1a5e0a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa1a5e29990, parent_tid=0x7fa1a5e29990, exit_signal=0, stack=0x7fa1a5e09000, stack_size=0x20300, tls=0x7fa1a5e296c0}./strace-static-x86_64: Process 5669 attached [pid 5669] rseq(0x7fa1a5e29fe0, 0x20, 0, 0x53053053 [pid 5663] <... clone3 resumed> => {parent_tid=[5669]}, 88) = 5669 [pid 5669] <... rseq resumed>) = 0 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], [pid 5669] set_robust_list(0x7fa1a5e299a0, 24 [pid 5663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5669] <... set_robust_list resumed>) = 0 [pid 5663] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] rt_sigprocmask(SIG_SETMASK, [], [pid 5663] <... futex resumed>) = 0 [pid 5669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5663] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] openat(AT_FDCWD, ".", O_RDONLY) = 6 [pid 5669] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5669] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5663] <... futex resumed>) = 0 [pid 5669] getdents(6, [pid 5663] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... getdents resumed>0x20000200 /* 1 entries */, 188) = 96 [pid 5669] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5669] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5663] futex(0x7fa1a5f1b6d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5663] <... futex resumed>) = 0 [pid 5669] mkdirat(6, "\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 054 [pid 5663] futex(0x7fa1a5f1b6dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... mkdirat resumed>) = -1 EEXIST (File exists) [pid 5669] futex(0x7fa1a5f1b6dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5663] <... futex resumed>) = 0 [pid 5669] futex(0x7fa1a5f1b6d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5664] <... fsconfig resumed>) = 0 [pid 5664] futex(0x7fa1a5f1b6cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5663] exit_group(0 [pid 5669] <... futex resumed>) = ? [pid 5663] <... exit_group resumed>) = ? [pid 5669] +++ exited with 0 +++ [pid 5664] +++ exited with 0 +++ [pid 5663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5663, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555556af730 /* 4 entries */, 32768) = 104 [ 138.505059][ T5054] ------------[ cut here ]------------ [ 138.511250][ T5054] kernel BUG at fs/f2fs/inode.c:933! [ 138.516561][ T5054] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 138.522629][ T5054] CPU: 1 PID: 5054 Comm: syz-executor410 Not tainted 6.6.0-syzkaller-14142-g90b0c2b2edd1 #0 [ 138.532689][ T5054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 138.542727][ T5054] RIP: 0010:f2fs_evict_inode+0x1576/0x1590 [ 138.548535][ T5054] Code: fd 31 ff 89 de e8 5a 4f bf fd 40 84 ed 75 29 e8 c0 4c bf fd 4c 8b 74 24 08 e9 c9 eb ff ff e8 b1 4c bf fd 0f 0b e8 aa 4c bf fd <0f> 0b e8 a3 4c bf fd 0f 0b e9 f6 fe ff ff e8 97 4c bf fd e8 72 e7 [ 138.568306][ T5054] RSP: 0018:ffffc900039df918 EFLAGS: 00010293 [ 138.574382][ T5054] RAX: ffffffff83cf9f56 RBX: 0000000000000002 RCX: ffff888014b30000 [ 138.582343][ T5054] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 138.590349][ T5054] RBP: 0000000000000000 R08: ffffffff83cf984a R09: 1ffff1100ed0061d [ 138.598388][ T5054] R10: dffffc0000000000 R11: ffffed100ed0061e R12: 1ffff1100ed0058f [ 138.606441][ T5054] R13: ffff888076802c38 R14: ffff8880768030e8 R15: dffffc0000000000 [ 138.614491][ T5054] FS: 00005555556ae3c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 138.623584][ T5054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.630157][ T5054] CR2: 00007ffdbe23ce18 CR3: 00000000727e8000 CR4: 00000000003506f0 [ 138.638120][ T5054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 138.646078][ T5054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 138.654036][ T5054] Call Trace: [ 138.657312][ T5054] [ 138.660235][ T5054] ? __die_body+0x8b/0xe0 [ 138.664560][ T5054] ? die+0xa1/0xd0 [ 138.668316][ T5054] ? do_trap+0x153/0x380 [ 138.672554][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.677742][ T5054] ? do_error_trap+0x1dc/0x2c0 [ 138.682499][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.687690][ T5054] ? do_int3+0x50/0x50 [ 138.691754][ T5054] ? handle_invalid_op+0x34/0x40 [ 138.696684][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.701870][ T5054] ? exc_invalid_op+0x33/0x50 [ 138.706554][ T5054] ? asm_exc_invalid_op+0x1a/0x20 [ 138.711569][ T5054] ? f2fs_evict_inode+0xe6a/0x1590 [ 138.716670][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.721883][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.727069][ T5054] ? f2fs_evict_inode+0x1576/0x1590 [ 138.732255][ T5054] ? bit_waitqueue+0x30/0x30 [ 138.736837][ T5054] ? do_raw_spin_unlock+0x13b/0x8b0 [ 138.742028][ T5054] ? _raw_spin_unlock+0x28/0x40 [ 138.746870][ T5054] ? f2fs_write_inode+0x470/0x470 [ 138.752061][ T5054] evict+0x2a4/0x620 [ 138.755950][ T5054] evict_inodes+0x5f8/0x690 [ 138.760449][ T5054] ? clear_inode+0x150/0x150 [ 138.765025][ T5054] ? dput+0x52/0x470 [ 138.768937][ T5054] ? dput+0x452/0x470 [ 138.772914][ T5054] generic_shutdown_super+0x9d/0x2c0 [ 138.778279][ T5054] kill_block_super+0x44/0x90 [ 138.782946][ T5054] kill_f2fs_super+0x303/0x3b0 [ 138.787704][ T5054] ? f2fs_mount+0x40/0x40 [ 138.792029][ T5054] ? shrinker_free+0x2c3/0x3d0 [ 138.796783][ T5054] deactivate_locked_super+0xc1/0x130 [ 138.802148][ T5054] cleanup_mnt+0x426/0x4c0 [ 138.806552][ T5054] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.811742][ T5054] task_work_run+0x24a/0x300 [ 138.816326][ T5054] ? task_work_cancel+0x2b0/0x2b0 [ 138.821340][ T5054] ? lockdep_hardirqs_on+0x98/0x140 [ 138.826535][ T5054] ? __x64_sys_umount+0x126/0x170 [ 138.831552][ T5054] ptrace_notify+0x2cd/0x380 [ 138.836135][ T5054] ? user_path_at_empty+0x4c/0x60 [ 138.841153][ T5054] ? do_notify_parent+0x10c0/0x10c0 [ 138.846346][ T5054] ? __x64_sys_umount+0x126/0x170 [ 138.851471][ T5054] ? path_umount+0xf40/0xf40 [ 138.856054][ T5054] ? syscall_enter_from_user_mode+0x32/0x230 [ 138.862096][ T5054] syscall_exit_to_user_mode+0x15c/0x280 [ 138.867720][ T5054] do_syscall_64+0x50/0x110 [ 138.872232][ T5054] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 138.878145][ T5054] RIP: 0033:0x7fa1a5e8ee77 [ 138.882587][ T5054] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 138.902188][ T5054] RSP: 002b:00007ffdbe23d5c8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 138.910595][ T5054] RAX: 0000000000000000 RBX: 0000000000021a97 RCX: 00007fa1a5e8ee77 [ 138.918554][ T5054] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdbe23d680 [ 138.926556][ T5054] RBP: 00007ffdbe23d680 R08: 0000000000000000 R09: 0000000000000000 [ 138.934523][ T5054] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffdbe23e740 [ 138.942485][ T5054] R13: 00005555556af700 R14: 431bde82d7b634db R15: 00007ffdbe23e6e4 [ 138.950451][ T5054] [ 138.953456][ T5054] Modules linked in: [ 138.959947][ T5054] ---[ end trace 0000000000000000 ]--- [ 138.965440][ T5054] RIP: 0010:f2fs_evict_inode+0x1576/0x1590 [ 138.971612][ T5054] Code: fd 31 ff 89 de e8 5a 4f bf fd 40 84 ed 75 29 e8 c0 4c bf fd 4c 8b 74 24 08 e9 c9 eb ff ff e8 b1 4c bf fd 0f 0b e8 aa 4c bf fd <0f> 0b e8 a3 4c bf fd 0f 0b e9 f6 fe ff ff e8 97 4c bf fd e8 72 e7 [ 138.991287][ T5054] RSP: 0018:ffffc900039df918 EFLAGS: 00010293 [ 138.997447][ T5054] RAX: ffffffff83cf9f56 RBX: 0000000000000002 RCX: ffff888014b30000 [ 139.005532][ T5054] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 139.013549][ T5054] RBP: 0000000000000000 R08: ffffffff83cf984a R09: 1ffff1100ed0061d [ 139.021561][ T5054] R10: dffffc0000000000 R11: ffffed100ed0061e R12: 1ffff1100ed0058f [ 139.029535][ T5054] R13: ffff888076802c38 R14: ffff8880768030e8 R15: dffffc0000000000 [ 139.037610][ T5054] FS: 00005555556ae3c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 139.046640][ T5054] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.053269][ T5054] CR2: 00007ffdbe23ce18 CR3: 00000000727e8000 CR4: 00000000003506f0 [ 139.061424][ T5054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 139.069483][ T5054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 139.077497][ T5054] Kernel panic - not syncing: Fatal exception [ 139.083649][ T5054] Kernel Offset: disabled [ 139.087968][ T5054] Rebooting in 86400 seconds..