./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3288015980 <...> Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. execve("./syz-executor3288015980", ["./syz-executor3288015980"], 0x7ffcf5628ef0 /* 10 vars */) = 0 brk(NULL) = 0x55558e3aa000 brk(0x55558e3aad40) = 0x55558e3aad40 arch_prctl(ARCH_SET_FS, 0x55558e3aa3c0) = 0 set_tid_address(0x55558e3aa690) = 5821 set_robust_list(0x55558e3aa6a0, 24) = 0 rseq(0x55558e3aace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3288015980", 4096) = 28 getrandom("\xcd\xef\x4d\x3e\x90\x4f\xfa\x83", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558e3aad40 brk(0x55558e3cbd40) = 0x55558e3cbd40 brk(0x55558e3cc000) = 0x55558e3cc000 mprotect(0x7f836b632000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5822 ./strace-static-x86_64: Process 5822 attached [pid 5821] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] set_robust_list(0x55558e3aa6a0, 24 [pid 5821] write(3, "10000000000", 11 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5821] <... write resumed>) = 11 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "20", 2) = 2 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "0", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "0", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "100", 3) = 3 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "0", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "0", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "7 4 1 3", 7) = 7 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "1", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "0", 1) = 1 [pid 5821] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] write(3, "5822", 4) = 4 [pid 5821] close(3) = 0 [pid 5821] kill(5822, SIGKILL) = 0 [pid 5822] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5822, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached , child_tidptr=0x55558e3aa690) = 5823 [pid 5823] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] mkdir("./syzkaller.tXOKWY", 0700./strace-static-x86_64: Process 5824 attached ) = 0 [pid 5824] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5824] mkdir("./syzkaller.NjwhBE", 0700 [pid 5821] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5824 [pid 5823] chmod("./syzkaller.tXOKWY", 0777 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] <... chmod resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5825 attached [pid 5823] chdir("./syzkaller.tXOKWY" [pid 5824] chmod("./syzkaller.NjwhBE", 0777 [pid 5821] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5825 [pid 5825] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... chmod resumed>) = 0 [pid 5823] <... chdir resumed>) = 0 [pid 5824] chdir("./syzkaller.NjwhBE" [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5825] <... set_robust_list resumed>) = 0 [pid 5823] mkdir("./0", 0777 [pid 5824] <... chdir resumed>) = 0 [pid 5824] mkdir("./0", 0777 [pid 5823] <... mkdir resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5826 attached [pid 5825] mkdir("./syzkaller.AEQR1g", 0700 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5826 [pid 5826] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5825] <... mkdir resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] chmod("./syzkaller.AEQR1g", 0777 [pid 5824] <... openat resumed>) = 3 [pid 5823] <... openat resumed>) = 3 [pid 5826] mkdir("./syzkaller.uNNtjr", 0700 [pid 5823] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5827 attached [pid 5821] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5827 [pid 5827] set_robust_list(0x55558e3aa6a0, 24 [pid 5825] <... chmod resumed>) = 0 [pid 5823] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5827] <... set_robust_list resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5824] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] mkdir("./syzkaller.JGt5vf", 0700 [pid 5826] chmod("./syzkaller.uNNtjr", 0777 [pid 5825] chdir("./syzkaller.AEQR1g" [pid 5824] close(3 [pid 5823] close(3 [pid 5825] <... chdir resumed>) = 0 [pid 5827] <... mkdir resumed>) = 0 [pid 5825] mkdir("./0", 0777 [pid 5824] <... close resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 5825] <... mkdir resumed>) = 0 [pid 5827] chmod("./syzkaller.JGt5vf", 0777 [pid 5826] <... chmod resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached ./strace-static-x86_64: Process 5828 attached [pid 5827] <... chmod resumed>) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5827] chdir("./syzkaller.JGt5vf" [pid 5826] chdir("./syzkaller.uNNtjr" [pid 5825] <... openat resumed>) = 3 [pid 5827] <... chdir resumed>) = 0 [pid 5826] <... chdir resumed>) = 0 [pid 5827] mkdir("./0", 0777 [pid 5826] mkdir("./0", 0777 [pid 5829] set_robust_list(0x55558e3aa6a0, 24 [pid 5828] set_robust_list(0x55558e3aa6a0, 24 [pid 5827] <... mkdir resumed>) = 0 [pid 5826] <... mkdir resumed>) = 0 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5825] ioctl(3, LOOP_CLR_FD [pid 5828] chdir("./0" [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5828 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5829 [pid 5828] <... chdir resumed>) = 0 [pid 5829] chdir("./0" [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5825] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... chdir resumed>) = 0 [pid 5828] <... prctl resumed>) = 0 [pid 5825] close(3 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5825] <... close resumed>) = 0 [pid 5829] <... prctl resumed>) = 0 [pid 5828] setpgid(0, 0 [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [pid 5829] setpgid(0, 0 [pid 5828] <... setpgid resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5826] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5829] <... setpgid resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] set_robust_list(0x55558e3aa6a0, 24 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] write(3, "1000", 4 [pid 5827] <... openat resumed>) = 3 [pid 5826] <... openat resumed>) = 3 [pid 5828] <... write resumed>) = 4 [pid 5828] close(3 [pid 5826] ioctl(3, LOOP_CLR_FD [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... close resumed>) = 0 [pid 5827] ioctl(3, LOOP_CLR_FD [pid 5826] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] symlink("/dev/binderfs", "./binderfs" [pid 5827] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5826] close(3 [pid 5825] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5830 [pid 5826] <... close resumed>) = 0 [pid 5830] chdir("./0" [pid 5829] write(3, "1000", 4 [pid 5828] <... symlink resumed>) = 0 [pid 5827] close(3 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... write resumed>) = 4 [pid 5830] <... chdir resumed>) = 0 executing program [pid 5829] close(3 [pid 5828] write(1, "executing program\n", 18./strace-static-x86_64: Process 5832 attached [pid 5827] <... close resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5829] <... close resumed>) = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] symlink("/dev/binderfs", "./binderfs" [pid 5830] <... prctl resumed>) = 0 [pid 5828] <... write resumed>) = 18 [pid 5830] setpgid(0, 0 [pid 5829] <... symlink resumed>) = 0 [pid 5828] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] set_robust_list(0x55558e3aa6a0, 24 [pid 5832] set_robust_list(0x55558e3aa6a0, 24 [pid 5830] <... setpgid resumed>) = 0 [pid 5828] <... futex resumed>) = 0 [pid 5833] <... set_robust_list resumed>) = 0 executing program [pid 5832] <... set_robust_list resumed>) = 0 [pid 5833] chdir("./0" [pid 5832] chdir("./0" [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] write(1, "executing program\n", 18 [pid 5828] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5826] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5832 [pid 5829] <... write resumed>) = 18 [pid 5828] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... chdir resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5830] <... openat resumed>) = 3 [pid 5829] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5827] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5833 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... prctl resumed>) = 0 [pid 5832] <... prctl resumed>) = 0 [pid 5833] setpgid(0, 0 [pid 5832] setpgid(0, 0) = 0 [pid 5833] <... setpgid resumed>) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... openat resumed>) = 3 [pid 5832] <... openat resumed>) = 3 [pid 5832] write(3, "1000", 4) = 4 [pid 5833] write(3, "1000", 4) = 4 [pid 5832] close(3 [pid 5833] close(3) = 0 [pid 5832] <... close resumed>) = 0 [pid 5832] symlink("/dev/binderfs", "./binderfs" [pid 5833] symlink("/dev/binderfs", "./binderfs" [pid 5832] <... symlink resumed>) = 0 [pid 5833] <... symlink resumed>) = 0 [pid 5832] write(1, "executing program\n", 18executing program [pid 5829] <... futex resumed>) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... write resumed>) = 18 [pid 5830] write(3, "1000", 4 executing program [pid 5833] write(1, "executing program\n", 18 [pid 5832] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... write resumed>) = 4 [pid 5828] <... mmap resumed>) = 0x7f836b53f000 [pid 5833] <... write resumed>) = 18 [pid 5832] <... futex resumed>) = 0 [pid 5830] close(3 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5828] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5833] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5833] <... futex resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5829] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5828] <... mprotect resumed>) = 0 [pid 5833] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5832] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5833] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5830] symlink("/dev/binderfs", "./binderfs" [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... symlink resumed>) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5832] <... mmap resumed>) = 0x7f836b53f000 [pid 5833] <... mmap resumed>) = 0x7f836b53f000 [pid 5832] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5833] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5832] <... mprotect resumed>) = 0 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5835 attached [pid 5832] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5836 attached ./strace-static-x86_64: Process 5837 attached [pid 5835] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5830] write(1, "executing program\n", 18 [pid 5829] <... mmap resumed>) = 0x7f836b53f000 executing program [pid 5836] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5835] <... rseq resumed>) = 0 [pid 5833] <... clone3 resumed> => {parent_tid=[5835]}, 88) = 5835 [pid 5830] <... write resumed>) = 18 [pid 5829] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5828] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5836] <... rseq resumed>) = 0 [pid 5835] set_robust_list(0x7f836b55f9a0, 24 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5830] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... mprotect resumed>) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5836] set_robust_list(0x7f836b55f9a0, 24 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5837] <... rseq resumed>) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] set_robust_list(0x7f836b55f9a0, 24 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5828] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] memfd_create("syzkaller", 0 [pid 5833] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5832] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5828] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5838 attached [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] memfd_create("syzkaller", 0 [pid 5835] <... memfd_create resumed>) = 3 [pid 5832] <... futex resumed>) = 0 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5828] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5838] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] memfd_create("syzkaller", 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5829] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] <... rseq resumed>) = 0 [pid 5837] <... memfd_create resumed>) = 3 [pid 5830] <... mmap resumed>) = 0x7f836b53f000 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] set_robust_list(0x7f836b55f9a0, 24 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5838] <... set_robust_list resumed>) = 0 [pid 5837] <... mmap resumed>) = 0x7f8363000000 [pid 5835] <... mmap resumed>) = 0x7f8363000000 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... mprotect resumed>) = 0 [pid 5829] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] <... memfd_create resumed>) = 3 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5829] <... futex resumed>) = 0 [pid 5838] memfd_create("syzkaller", 0 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5830] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5836] <... mmap resumed>) = 0x7f8363000000 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5829] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5839 attached [pid 5838] <... memfd_create resumed>) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5830] <... clone3 resumed> => {parent_tid=[5839]}, 88) = 5839 [pid 5839] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] set_robust_list(0x7f836b55f9a0, 24 [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5830] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... futex resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5837] <... write resumed>) = 20699119 [pid 5837] munmap(0x7f8363000000, 138412032) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5837] ioctl(4, LOOP_SET_FD, 3 [pid 5838] <... write resumed>) = 20699119 [pid 5838] munmap(0x7f8363000000, 138412032 [pid 5837] <... ioctl resumed>) = 0 [pid 5835] <... write resumed>) = 20699119 [pid 5839] <... write resumed>) = 20699119 [pid 5838] <... munmap resumed>) = 0 [pid 5837] close(3 [pid 5836] <... write resumed>) = 20699119 [pid 5835] munmap(0x7f8363000000, 138412032 [pid 5839] munmap(0x7f8363000000, 138412032 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5837] <... close resumed>) = 0 [pid 5837] close(4) = 0 [pid 5837] mkdir("./bus", 0777 [pid 5838] <... openat resumed>) = 4 [pid 5837] <... mkdir resumed>) = 0 [pid 5836] munmap(0x7f8363000000, 138412032 [ 91.049058][ T5837] loop1: detected capacity change from 0 to 40427 [pid 5837] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5838] ioctl(4, LOOP_SET_FD, 3 [pid 5835] <... munmap resumed>) = 0 [pid 5836] <... munmap resumed>) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5835] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5836] <... openat resumed>) = 4 [pid 5835] <... openat resumed>) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3 [pid 5835] ioctl(4, LOOP_SET_FD, 3 [pid 5839] <... munmap resumed>) = 0 [pid 5838] <... ioctl resumed>) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5838] close(3 [pid 5839] <... openat resumed>) = 4 [pid 5838] <... close resumed>) = 0 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5838] close(4) = 0 [pid 5838] mkdir("./bus", 0777 [pid 5836] <... ioctl resumed>) = 0 [pid 5835] <... ioctl resumed>) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4 [pid 5839] <... ioctl resumed>) = 0 [pid 5838] <... mkdir resumed>) = 0 [pid 5836] <... close resumed>) = 0 [pid 5835] close(3 [pid 5836] mkdir("./bus", 0777 [pid 5835] <... close resumed>) = 0 [pid 5838] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5836] <... mkdir resumed>) = 0 [pid 5835] close(4) = 0 [pid 5835] mkdir("./bus", 0777) = 0 [pid 5835] mount("/dev/loop4", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5839] close(3 [pid 5836] mount("/dev/loop3", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5839] <... close resumed>) = 0 [pid 5839] close(4) = 0 [ 91.102734][ T5838] loop0: detected capacity change from 0 to 40427 [ 91.110304][ T5837] F2FS-fs (loop1): invalid crc value [ 91.121314][ T5835] loop4: detected capacity change from 0 to 40427 [ 91.128624][ T5836] loop3: detected capacity change from 0 to 40427 [ 91.140579][ T5839] loop2: detected capacity change from 0 to 40427 [pid 5839] mkdir("./bus", 0777) = 0 [ 91.172655][ T5838] F2FS-fs (loop0): invalid crc value [ 91.191096][ T5836] F2FS-fs (loop3): invalid crc value [ 91.197513][ T5835] F2FS-fs (loop4): invalid crc value [ 91.250074][ T5839] F2FS-fs (loop2): invalid crc value [ 91.429177][ T5837] F2FS-fs (loop1): Start checkpoint disabled! [pid 5839] mount("/dev/loop2", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5837] <... mount resumed>) = 0 [pid 5837] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5837] chdir("./bus") = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5837] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5837] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5837] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5828] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... openat resumed>) = 5 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5828] <... futex resumed>) = 0 [pid 5828] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 91.483865][ T5837] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 91.515977][ T5838] F2FS-fs (loop0): Start checkpoint disabled! [pid 5837] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5838] <... mount resumed>) = 0 [pid 5838] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./bus") = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5838] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5829] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... openat resumed>) = 4 [pid 5838] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] <... futex resumed>) = 0 [ 91.555117][ T5838] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 91.582331][ T5835] F2FS-fs (loop4): Start checkpoint disabled! [ 91.584372][ T5839] F2FS-fs (loop2): Start checkpoint disabled! [pid 5838] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5829] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5828] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5828] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5828] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5828] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5828] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5852]}, 88) = 5852 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5828] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.603377][ T63] kworker/u8:4: attempt to access beyond end of device [ 91.603377][ T63] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 91.610398][ T5836] F2FS-fs (loop3): Start checkpoint disabled! [ 91.628518][ T3494] kworker/u8:6: attempt to access beyond end of device [ 91.628518][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 91.629629][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 91.629660][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.629676][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 91.629759][ T63] Call Trace: [ 91.629773][ T63] [ 91.629788][ T63] dump_stack_lvl+0x189/0x250 [ 91.629828][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.629861][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 91.629881][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 91.629913][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 5828] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5852 attached [pid 5852] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5852] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5852] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5852] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 91.629955][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 91.630005][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 91.630064][ T63] __submit_merged_bio+0x27a/0x6a0 [ 91.630111][ T63] __submit_merged_write_cond+0x255/0x530 [ 91.630153][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 91.630185][ T63] ? __lock_acquire+0xaac/0xd20 [ 91.630264][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.630320][ T63] ? unwind_next_frame+0xa5/0x2390 [ 91.630435][ T63] ? stack_trace_save+0x9c/0xe0 [ 91.630459][ T63] ? __pfx_stack_trace_save+0x10/0x10 [ 91.630481][ T63] ? __pfx_hlock_conflict+0x10/0x10 [ 91.630511][ T63] ? check_path+0x21/0x40 [ 91.630539][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.630575][ T63] do_writepages+0x3ae/0x7b0 [ 91.630603][ T63] ? validate_chain+0x897/0x2140 [ 91.630650][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.630695][ T63] ? __pfx_do_writepages+0x10/0x10 [ 91.630748][ T63] __writeback_single_inode+0x145/0xff0 [ 91.630779][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 91.630812][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 91.630842][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.630878][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.630936][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 91.631033][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.631081][ T63] wb_writeback+0x43b/0xaf0 [ 91.631124][ T63] ? queue_io+0x3a1/0x590 [ 91.631160][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 91.631203][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.631236][ T63] wb_workfn+0x409/0xef0 [ 91.631285][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 91.631307][ T63] ? register_lock_class+0x51/0x320 [ 91.631347][ T63] ? __lock_acquire+0xaac/0xd20 [ 91.631392][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.631437][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.631462][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.631496][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.631536][ T63] process_scheduled_works+0xadb/0x17a0 [ 91.631634][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 91.631696][ T63] worker_thread+0x8a0/0xda0 [ 91.631756][ T63] kthread+0x70e/0x8a0 [ 91.631789][ T63] ? __pfx_worker_thread+0x10/0x10 [ 91.631809][ T63] ? __pfx_kthread+0x10/0x10 [ 91.631839][ T63] ? __pfx_kthread+0x10/0x10 [ 91.631864][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.631889][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.631918][ T63] ? __pfx_kthread+0x10/0x10 [ 91.631943][ T63] ret_from_fork+0x4b/0x80 [ 91.631965][ T63] ? __pfx_kthread+0x10/0x10 [pid 5852] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... mount resumed>) = 0 [pid 5836] <... mount resumed>) = 0 [pid 5829] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5828] <... futex resumed>) = 0 [pid 5836] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./bus") = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5836] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5832] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5832] <... futex resumed>) = 0 [pid 5836] <... openat resumed>) = 4 [pid 5832] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5836] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5832] <... futex resumed>) = 0 [pid 5836] <... openat resumed>) = 5 [ 91.631991][ T63] ret_from_fork_asm+0x1a/0x30 [ 91.632056][ T63] [ 91.634938][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 91.700845][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 91.700880][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.700896][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 91.700932][ T3494] Call Trace: [ 91.700940][ T3494] [pid 5832] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5829] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5835] <... mount resumed>) = 0 [pid 5838] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5838] <... futex resumed>) = 0 [pid 5835] <... openat resumed>) = 3 [pid 5838] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] chdir("./bus" [pid 5852] <... futex resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5836] <... futex resumed>) = 1 [pid 5832] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5852] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5839] chdir("./bus" [pid 5836] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... chdir resumed>) = 0 [pid 5832] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... chdir resumed>) = 0 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5832] <... futex resumed>) = 0 [pid 5829] <... mmap resumed>) = 0x7f836b51e000 [pid 5839] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5836] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5835] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5832] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5829] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 5835] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... mprotect resumed>) = 0 [pid 5839] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5835] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 1 [pid 5835] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5839] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5833] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5835] <... openat resumed>) = 4 [pid 5829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5855]}, 88) = 5855 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5855 attached [pid 5835] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5829] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5835] <... futex resumed>) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5855] <... rseq resumed>) = 0 [pid 5835] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] set_robust_list(0x7f836b53e9a0, 24 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5839] <... futex resumed>) = 0 [ 91.700950][ T3494] dump_stack_lvl+0x189/0x250 [ 91.700997][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.701029][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 91.701049][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 91.701077][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 91.701116][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 91.701156][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 91.701209][ T3494] __submit_merged_bio+0x27a/0x6a0 [pid 5835] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5833] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... futex resumed>) = 1 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5835] <... openat resumed>) = 5 [pid 5830] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5855] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5855] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 1 [pid 5839] <... futex resumed>) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5855] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5830] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... openat resumed>) = 5 [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 1 [pid 5835] <... futex resumed>) = 1 [pid 5829] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5838] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5833] <... futex resumed>) = 0 [pid 5838] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5833] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5833] <... futex resumed>) = 1 [pid 5839] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... futex resumed>) = 1 [pid 5835] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5833] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5838] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... futex resumed>) = 0 [pid 5829] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5839] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = ? [pid 5830] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... exit_group resumed>) = ? [pid 5855] +++ exited with 0 +++ [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5838] +++ exited with 0 +++ [pid 5830] <... futex resumed>) = 0 [pid 5829] +++ exited with 0 +++ [pid 5839] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5830] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5829, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=44 /* 0.44 s */} --- [pid 5823] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./0/binderfs") = 0 [pid 5823] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5832] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5832] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 91.701248][ T3494] __submit_merged_write_cond+0x255/0x530 [ 91.701287][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 91.701320][ T3494] ? __lock_acquire+0xaac/0xd20 [ 91.701390][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.701440][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 91.701504][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 91.701551][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 91.701585][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 91.701621][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [pid 5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5856]}, 88) = 5856 [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5832] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5856 attached [pid 5833] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5856] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5833] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... rseq resumed>) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 0 [pid 5856] set_robust_list(0x7f836b53e9a0, 24 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5830] <... mmap resumed>) = 0x7f836b51e000 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... mmap resumed>) = 0x7f836b51e000 [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 5830] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 5856] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5833] <... mprotect resumed>) = 0 [pid 5830] <... mprotect resumed>) = 0 [pid 5856] <... ioctl resumed>, 0x200000000180) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 5830] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5856] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 5856] <... futex resumed>) = 1 [pid 5833] <... clone3 resumed> => {parent_tid=[5857]}, 88) = 5857 [pid 5832] <... futex resumed>) = 0 [pid 5856] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5832] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5832] <... futex resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5832] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5833] <... futex resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.701657][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 91.701699][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.701734][ T3494] do_writepages+0x3ae/0x7b0 [ 91.701775][ T3494] ? __lock_acquire+0xaac/0xd20 [ 91.701813][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 91.701861][ T3494] __writeback_single_inode+0x145/0xff0 [ 91.701892][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 91.701924][ T3494] writeback_sb_inodes+0x6b5/0x1000 [pid 5830] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5833] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5833] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5830] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5830] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 91.701992][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 91.702072][ T3494] ? rcu_is_watching+0x15/0xb0 [ 91.702118][ T3494] wb_writeback+0x43b/0xaf0 [ 91.702158][ T3494] ? queue_io+0x3a1/0x590 [ 91.702192][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 91.702232][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.702264][ T3494] wb_workfn+0x409/0xef0 [ 91.702306][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 91.702328][ T3494] ? register_lock_class+0x51/0x320 [ 91.702366][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5833] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE [pid 5830] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE [pid 5833] <... mprotect resumed>) = 0 [pid 5830] <... mprotect resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 5860 attached ./strace-static-x86_64: Process 5859 attached [pid 5860] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5830] <... clone3 resumed> => {parent_tid=[5860]}, 88) = 5860 [pid 5860] <... rseq resumed>) = 0 [pid 5859] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5833] <... clone3 resumed> => {parent_tid=[5859]}, 88) = 5859 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... rseq resumed>) = 0 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] set_robust_list(0x7f836b51d9a0, 24 [pid 5859] set_robust_list(0x7f836b51d9a0, 24 [pid 5833] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = 0 [pid 5860] <... set_robust_list resumed>) = 0 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5833] <... futex resumed>) = 0 [pid 5830] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5859] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0) = -1 ENOSPC (No space left on device) [pid 5860] <... ioctl resumed>) = -1 ENOSPC (No space left on device) [pid 5860] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 1 [pid 5859] <... futex resumed>) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5860] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... futex resumed>) = 0 [ 91.702408][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.702451][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.702475][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.702508][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.702545][ T3494] process_scheduled_works+0xadb/0x17a0 [ 91.702614][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 91.702672][ T3494] worker_thread+0x8a0/0xda0 [ 91.702726][ T3494] kthread+0x70e/0x8a0 [ 91.702757][ T3494] ? __pfx_worker_thread+0x10/0x10 ./strace-static-x86_64: Process 5858 attached ./strace-static-x86_64: Process 5857 attached [pid 5858] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5857] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5858] <... rseq resumed>) = 0 [pid 5857] <... rseq resumed>) = 0 [pid 5858] set_robust_list(0x7f836b53e9a0, 24 [pid 5857] set_robust_list(0x7f836b53e9a0, 24 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] <... ioctl resumed>, 0x200000000180) = -1 EFBIG (File too large) [pid 5857] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5858] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... ioctl resumed>, 0x200000000180) = -1 EFBIG (File too large) [pid 5858] <... futex resumed>) = 0 [pid 5857] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = 0 [ 91.702777][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.702805][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.702829][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.702854][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.702883][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.702907][ T3494] ret_from_fork+0x4b/0x80 [ 91.702929][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.702954][ T3494] ret_from_fork_asm+0x1a/0x30 [ 91.703013][ T3494] [ 91.703023][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 91.704809][ T5839] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 91.748574][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 91.748607][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.748622][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 91.748659][ T63] Call Trace: [ 91.748668][ T63] [ 91.748678][ T63] dump_stack_lvl+0x189/0x250 [ 91.748718][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 5857] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] exit_group(0) = ? [ 91.748749][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 91.748769][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 91.748796][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 91.748839][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 91.748881][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 91.748940][ T63] __submit_merged_bio+0x27a/0x6a0 [ 91.748980][ T63] __submit_merged_write_cond+0x255/0x530 [ 91.749030][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 91.749063][ T63] ? __lock_acquire+0xaac/0xd20 [pid 5832] exit_group(0) = ? [ 91.749141][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.749197][ T63] ? unwind_next_frame+0xa5/0x2390 [ 91.749313][ T63] ? stack_trace_save+0x9c/0xe0 [ 91.749337][ T63] ? __pfx_stack_trace_save+0x10/0x10 [ 91.749357][ T63] ? __pfx_hlock_conflict+0x10/0x10 [ 91.749387][ T63] ? check_path+0x21/0x40 [ 91.749416][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.749452][ T63] do_writepages+0x3ae/0x7b0 [ 91.749479][ T63] ? validate_chain+0x897/0x2140 [pid 5830] exit_group(0) = ? [pid 5860] <... futex resumed>) = ? [pid 5860] +++ exited with 0 +++ [pid 5858] <... futex resumed>) = ? [pid 5858] +++ exited with 0 +++ [pid 5833] exit_group(0 [pid 5859] <... futex resumed>) = ? [pid 5857] <... futex resumed>) = ? [pid 5833] <... exit_group resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5857] +++ exited with 0 +++ [ 91.749529][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.749574][ T63] ? __pfx_do_writepages+0x10/0x10 [ 91.749628][ T63] __writeback_single_inode+0x145/0xff0 [ 91.749659][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 91.749693][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 91.749723][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.749758][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.749815][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 91.749907][ T63] ? rcu_is_watching+0x15/0xb0 [ 91.749955][ T63] wb_writeback+0x43b/0xaf0 [ 91.750003][ T63] ? queue_io+0x3a1/0x590 [ 91.750040][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 91.750084][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.750117][ T63] wb_workfn+0x409/0xef0 [ 91.750165][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 91.750188][ T63] ? register_lock_class+0x51/0x320 [ 91.750228][ T63] ? __lock_acquire+0xaac/0xd20 [ 91.750273][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.750318][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.750342][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.750375][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 91.750413][ T63] process_scheduled_works+0xadb/0x17a0 [ 91.750492][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 91.750553][ T63] worker_thread+0x8a0/0xda0 [ 91.750615][ T63] kthread+0x70e/0x8a0 [ 91.750647][ T63] ? __pfx_worker_thread+0x10/0x10 [ 91.750667][ T63] ? __pfx_kthread+0x10/0x10 [ 91.750696][ T63] ? __pfx_kthread+0x10/0x10 [ 91.750721][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.750746][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.750776][ T63] ? __pfx_kthread+0x10/0x10 [ 91.750801][ T63] ret_from_fork+0x4b/0x80 [ 91.750823][ T63] ? __pfx_kthread+0x10/0x10 [ 91.750849][ T63] ret_from_fork_asm+0x1a/0x30 [ 91.750910][ T63] [ 91.750919][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 91.759120][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 91.759153][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.759168][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 91.759204][ T3494] Call Trace: [ 91.759213][ T3494] [ 91.759222][ T3494] dump_stack_lvl+0x189/0x250 [ 91.759260][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.759291][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 91.759310][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 91.759338][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 91.759376][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 91.759417][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 91.759470][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 91.759508][ T3494] __submit_merged_write_cond+0x255/0x530 [ 91.759546][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 91.759579][ T3494] ? __lock_acquire+0xaac/0xd20 [ 91.759648][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.759698][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 91.759774][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 91.759821][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 91.759855][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 91.759891][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 91.759927][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 91.759971][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 91.760006][ T3494] do_writepages+0x3ae/0x7b0 [ 91.760048][ T3494] ? __lock_acquire+0xaac/0xd20 [ 91.760087][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 91.760135][ T3494] __writeback_single_inode+0x145/0xff0 [ 91.760166][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 91.760196][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 91.760257][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 91.760337][ T3494] ? rcu_is_watching+0x15/0xb0 [ 91.760388][ T3494] wb_writeback+0x43b/0xaf0 [ 91.760428][ T3494] ? queue_io+0x3a1/0x590 [ 91.760461][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 91.760501][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.760533][ T3494] wb_workfn+0x409/0xef0 [ 91.760576][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 91.760599][ T3494] ? register_lock_class+0x51/0x320 [ 91.760636][ T3494] ? __lock_acquire+0xaac/0xd20 [ 91.760678][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.760720][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.760752][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.760785][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 91.760822][ T3494] process_scheduled_works+0xadb/0x17a0 [ 91.760892][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 91.760948][ T3494] worker_thread+0x8a0/0xda0 [ 91.761000][ T3494] kthread+0x70e/0x8a0 [ 91.761031][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 91.761052][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.761080][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.761105][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.761130][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.761158][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.761180][ T3494] ret_from_fork+0x4b/0x80 [ 91.761201][ T3494] ? __pfx_kthread+0x10/0x10 [ 91.761227][ T3494] ret_from_fork_asm+0x1a/0x30 [ 91.761280][ T3494] [ 91.761290][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 91.764510][ T5836] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [pid 5852] <... ioctl resumed>) = ? [pid 5852] +++ exited with 0 +++ [ 91.896695][ T5835] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 92.007079][ T5838] VFS:Filesystem freeze failed [ 92.012825][ T24] cfg80211: failed to load regulatory.db [ 92.980244][ T5837] VFS:Filesystem freeze failed [pid 5837] <... ioctl resumed>) = ? [pid 5837] +++ exited with 0 +++ [pid 5828] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5828, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=35 /* 0.35 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./0/binderfs") = 0 [ 93.011088][ T3494] kworker/u8:6: attempt to access beyond end of device [ 93.011088][ T3494] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 93.030181][ T13] kworker/u8:1: attempt to access beyond end of device [ 93.030181][ T13] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 93.066670][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 93.066702][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.066716][ T3494] Workqueue: writeback wb_workfn (flush-7:4) [ 93.066749][ T3494] Call Trace: [ 93.066758][ T3494] [ 93.066766][ T3494] dump_stack_lvl+0x189/0x250 [ 93.066802][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.066832][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 93.066851][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 93.066876][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.066912][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 93.066949][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 93.067009][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 93.067046][ T3494] __submit_merged_write_cond+0x255/0x530 [ 93.067082][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 93.067114][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.067177][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.067226][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 93.067285][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 93.067330][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 93.067361][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 93.067396][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 93.067429][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 93.067468][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.067499][ T3494] do_writepages+0x3ae/0x7b0 [ 93.067535][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.067577][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 93.067622][ T3494] __writeback_single_inode+0x145/0xff0 [ 93.067652][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 93.067681][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 93.067737][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 93.067813][ T3494] ? rcu_is_watching+0x15/0xb0 [ 93.067856][ T3494] wb_writeback+0x43b/0xaf0 [ 93.067894][ T3494] ? queue_io+0x3a1/0x590 [ 93.067926][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 93.067975][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.068005][ T3494] wb_workfn+0x409/0xef0 [ 93.068047][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 93.068068][ T3494] ? register_lock_class+0x51/0x320 [ 93.068104][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.068144][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.068185][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.068207][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.068239][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.068274][ T3494] process_scheduled_works+0xadb/0x17a0 [ 93.068341][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.068394][ T3494] worker_thread+0x8a0/0xda0 [ 93.068445][ T3494] kthread+0x70e/0x8a0 [ 93.068474][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 93.068493][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.068519][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.068542][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.068566][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.068592][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.068616][ T3494] ret_from_fork+0x4b/0x80 [ 93.068635][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.068659][ T3494] ret_from_fork_asm+0x1a/0x30 [ 93.068710][ T3494] [ 93.069888][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 93.069916][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.069930][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 93.069976][ T13] Call Trace: [ 93.069985][ T13] [ 93.069993][ T13] dump_stack_lvl+0x189/0x250 [ 93.070028][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.070058][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 93.070076][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 93.070098][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.070131][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 93.070163][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 93.070212][ T13] __submit_merged_bio+0x27a/0x6a0 [ 93.070255][ T13] __submit_merged_write_cond+0x255/0x530 [ 93.070292][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 93.070323][ T13] ? unwind_next_frame+0xa5/0x2390 [ 93.070346][ T13] ? unwind_next_frame+0x19ae/0x2390 [ 93.070410][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.070491][ T13] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 93.070545][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 93.070587][ T13] ? psi_task_change+0xe5/0x250 [ 93.070612][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.070644][ T13] do_writepages+0x3ae/0x7b0 [ 93.070682][ T13] ? psi_group_change+0xbc7/0x1210 [ 93.070701][ T13] ? rcu_read_lock_sched_held+0x89/0x100 [ 93.070742][ T13] ? __pfx_do_writepages+0x10/0x10 [ 93.070802][ T13] __writeback_single_inode+0x145/0xff0 [ 93.070832][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 93.070861][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 93.070920][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 93.071003][ T13] ? rcu_is_watching+0x15/0xb0 [ 93.071045][ T13] wb_writeback+0x43b/0xaf0 [ 93.071083][ T13] ? queue_io+0x3a1/0x590 [ 93.071115][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 93.071153][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.071183][ T13] wb_workfn+0x409/0xef0 [ 93.071224][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 93.071245][ T13] ? register_lock_class+0x51/0x320 [ 93.071281][ T13] ? __lock_acquire+0xaac/0xd20 [ 93.071320][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.071359][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.071380][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.071410][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.071445][ T13] process_scheduled_works+0xadb/0x17a0 [ 93.071533][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.071585][ T13] worker_thread+0x8a0/0xda0 [ 93.071633][ T13] kthread+0x70e/0x8a0 [ 93.071662][ T13] ? __pfx_worker_thread+0x10/0x10 [ 93.071681][ T13] ? __pfx_kthread+0x10/0x10 [ 93.071704][ T13] ? __pfx_kthread+0x10/0x10 [ 93.071727][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.071751][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.071777][ T13] ? __pfx_kthread+0x10/0x10 [ 93.071799][ T13] ret_from_fork+0x4b/0x80 [ 93.071818][ T13] ? __pfx_kthread+0x10/0x10 [ 93.071842][ T13] ret_from_fork_asm+0x1a/0x30 [ 93.071891][ T13] [ 93.074693][ T3494] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 93.106630][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 93.109056][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 93.109087][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.109102][ T3494] Workqueue: writeback wb_workfn (flush-7:4) [ 93.109139][ T3494] Call Trace: [ 93.109148][ T3494] [ 93.109158][ T3494] dump_stack_lvl+0x189/0x250 [ 93.109197][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.109230][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 93.109250][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 93.109277][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.109320][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 93.109363][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 93.109421][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 93.109478][ T3494] __submit_merged_write_cond+0x255/0x530 [ 93.109535][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 93.109577][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.109663][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.109718][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 93.109791][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 93.109843][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 93.109878][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 93.109917][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 93.109982][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 93.110026][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.110062][ T3494] do_writepages+0x3ae/0x7b0 [ 93.110106][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.110147][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 93.110201][ T3494] __writeback_single_inode+0x145/0xff0 [ 93.110233][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 93.110266][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 93.110334][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 93.110433][ T3494] ? rcu_is_watching+0x15/0xb0 [ 93.110482][ T3494] wb_writeback+0x43b/0xaf0 [ 93.110525][ T3494] ? queue_io+0x3a1/0x590 [ 93.110560][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 93.110605][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.110638][ T3494] wb_workfn+0x409/0xef0 [ 93.110687][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 93.110709][ T3494] ? register_lock_class+0x51/0x320 [ 93.110741][ T3494] ? __lock_acquire+0xaac/0xd20 [ 93.110787][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.110833][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.110857][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.110891][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 93.110928][ T3494] process_scheduled_works+0xadb/0x17a0 [ 93.111015][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.111077][ T3494] worker_thread+0x8a0/0xda0 [ 93.111139][ T3494] kthread+0x70e/0x8a0 [ 93.111171][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 93.111192][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.111222][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.111247][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.111272][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.111301][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.111326][ T3494] ret_from_fork+0x4b/0x80 [ 93.111348][ T3494] ? __pfx_kthread+0x10/0x10 [ 93.111374][ T3494] ret_from_fork_asm+0x1a/0x30 [ 93.111433][ T3494] [ 93.111443][ T3494] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 93.120329][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 93.120357][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.120372][ T13] Workqueue: writeback wb_workfn (flush-7:2) [ 93.120421][ T13] Call Trace: [ 93.120430][ T13] [ 93.120439][ T13] dump_stack_lvl+0x189/0x250 [ 93.120476][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.120508][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 93.120528][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 93.120555][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.120594][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 93.120633][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 93.120687][ T13] __submit_merged_bio+0x27a/0x6a0 [ 93.120733][ T13] __submit_merged_write_cond+0x255/0x530 [ 93.120772][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 93.120805][ T13] ? unwind_next_frame+0xa5/0x2390 [ 93.120830][ T13] ? unwind_next_frame+0x19ae/0x2390 [ 93.120892][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.120977][ T13] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 93.121034][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 93.121079][ T13] ? psi_task_change+0xe5/0x250 [ 93.121105][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 93.121139][ T13] do_writepages+0x3ae/0x7b0 [ 93.121178][ T13] ? psi_group_change+0xbc7/0x1210 [ 93.121199][ T13] ? rcu_read_lock_sched_held+0x89/0x100 [ 93.121242][ T13] ? __pfx_do_writepages+0x10/0x10 [ 93.121292][ T13] __writeback_single_inode+0x145/0xff0 [ 93.121321][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 93.121352][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 93.121414][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 93.121495][ T13] ? rcu_is_watching+0x15/0xb0 [ 93.121539][ T13] wb_writeback+0x43b/0xaf0 [ 93.121579][ T13] ? queue_io+0x3a1/0x590 [ 93.121613][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 93.121653][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.121685][ T13] wb_workfn+0x409/0xef0 [ 93.121736][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 93.121759][ T13] ? register_lock_class+0x51/0x320 [ 93.121798][ T13] ? __lock_acquire+0xaac/0xd20 [ 93.121840][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.121882][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.121906][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.121939][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 93.121977][ T13] process_scheduled_works+0xadb/0x17a0 [ 93.122056][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.122110][ T13] worker_thread+0x8a0/0xda0 [ 93.122162][ T13] kthread+0x70e/0x8a0 [ 93.122191][ T13] ? __pfx_worker_thread+0x10/0x10 [ 93.122210][ T13] ? __pfx_kthread+0x10/0x10 [ 93.122237][ T13] ? __pfx_kthread+0x10/0x10 [ 93.122261][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 93.122284][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.122311][ T13] ? __pfx_kthread+0x10/0x10 [ 93.122336][ T13] ret_from_fork+0x4b/0x80 [ 93.122355][ T13] ? __pfx_kthread+0x10/0x10 [ 93.122381][ T13] ret_from_fork_asm+0x1a/0x30 [ 93.122432][ T13] [ 93.122441][ T13] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [pid 5824] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] <... ioctl resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5830] +++ exited with 0 +++ [pid 5825] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=40 /* 0.40 s */} --- [pid 5825] restart_syscall(<... resuming interrupted clone ...> [pid 5835] <... ioctl resumed>) = ? [pid 5825] <... restart_syscall resumed>) = 0 [pid 5825] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.328128][ T5835] VFS:Filesystem freeze failed [ 94.334020][ T5839] VFS:Filesystem freeze failed [pid 5835] +++ exited with 0 +++ [pid 5833] +++ exited with 0 +++ [pid 5825] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5833, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=52 /* 0.52 s */} --- [pid 5825] <... openat resumed>) = 3 [pid 5827] restart_syscall(<... resuming interrupted clone ...> [pid 5825] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5825] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5827] <... restart_syscall resumed>) = 0 [pid 5825] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] unlink("./0/binderfs" [pid 5827] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5827] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5825] <... unlink resumed>) = 0 [pid 5827] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5827] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./0/binderfs") = 0 [pid 5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./0/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./0") = 0 [pid 5824] mkdir("./1", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./0/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./0") = 0 [pid 5823] mkdir("./1", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5825] <... umount2 resumed>) = 0 [pid 5825] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5825] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5825] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5825] close(4) = 0 [pid 5825] rmdir("./0/bus") = 0 [pid 5825] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5825] close(3) = 0 [pid 5825] rmdir("./0") = 0 [pid 5823] <... close resumed>) = 0 [pid 5825] mkdir("./1", 0777 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5866 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] chdir("./1") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4 [pid 5825] <... mkdir resumed>) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5866] <... write resumed>) = 4 [pid 5866] close(3 [pid 5825] <... openat resumed>) = 3 [pid 5825] ioctl(3, LOOP_CLR_FD [pid 5866] <... close resumed>) = 0 [pid 5825] <... ioctl resumed>) = 0 [pid 5825] close(3 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5866] write(1, "executing program\n", 18 [pid 5827] <... umount2 resumed>) = 0 [pid 5866] <... write resumed>) = 18 [pid 5866] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./0/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./0/bus") = 0 [pid 5827] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./0") = 0 [pid 5827] mkdir("./1", 0777 [pid 5866] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5827] <... mkdir resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = 0 [pid 5827] close(3 [pid 5824] <... close resumed>) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5867 attached [pid 5866] <... mmap resumed>) = 0x7f836b53f000 [pid 5867] set_robust_list(0x55558e3aa6a0, 24 [pid 5866] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5867 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... mprotect resumed>) = 0 [pid 5867] chdir("./1") = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5866] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5867] <... prctl resumed>) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5867] setpgid(0, 0./strace-static-x86_64: Process 5868 attached ) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5866] <... clone3 resumed> => {parent_tid=[5868]}, 88) = 5868 [pid 5868] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5868] set_robust_list(0x7f836b55f9a0, 24 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5866] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] write(3, "1000", 4 [pid 5868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5866] <... futex resumed>) = 0 [pid 5867] <... write resumed>) = 4 [pid 5868] memfd_create("syzkaller", 0 [pid 5867] close(3 [pid 5866] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... close resumed>) = 0 [pid 5868] <... memfd_create resumed>) = 3 [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5867] <... symlink resumed>) = 0 [pid 5867] write(1, "executing program\n", 18executing program ) = 18 [pid 5826] kill(-5832, SIGKILL) = 0 [pid 5826] kill(5832, SIGKILL [pid 5867] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... kill resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5867] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5867] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5869 attached [pid 5869] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5867] <... clone3 resumed> => {parent_tid=[5869]}, 88) = 5869 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] <... rseq resumed>) = 0 [pid 5867] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] set_robust_list(0x7f836b55f9a0, 24 [pid 5867] <... futex resumed>) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] memfd_create("syzkaller", 0) = 3 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5825] <... close resumed>) = 0 [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached , child_tidptr=0x55558e3aa690) = 5870 [pid 5870] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5870] chdir("./1") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0 [pid 5827] <... close resumed>) = 0 [pid 5870] <... setpgid resumed>) = 0 [pid 5868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5871 [pid 5870] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5871 attached [pid 5870] write(3, "1000", 4 [pid 5871] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5870] <... write resumed>) = 4 [pid 5871] chdir("./1" [pid 5870] close(3 [pid 5871] <... chdir resumed>) = 0 [pid 5870] <... close resumed>) = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5870] symlink("/dev/binderfs", "./binderfs" [pid 5871] <... prctl resumed>) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5870] <... symlink resumed>) = 0 [pid 5871] <... openat resumed>) = 3 [pid 5870] write(1, "executing program\n", 18executing program [pid 5871] write(3, "1000", 4 [pid 5870] <... write resumed>) = 18 [pid 5871] <... write resumed>) = 4 [pid 5871] close(3) = 0 [pid 5870] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] symlink("/dev/binderfs", "./binderfs" [pid 5870] <... futex resumed>) = 0 [pid 5871] <... symlink resumed>) = 0 [pid 5870] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, executing program [pid 5871] write(1, "executing program\n", 18 [pid 5870] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5871] <... write resumed>) = 18 [pid 5870] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5871] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5871] <... futex resumed>) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5870] <... mmap resumed>) = 0x7f836b53f000 [pid 5871] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5871] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5870] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5870] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5871] <... clone3 resumed> => {parent_tid=[5872]}, 88) = 5872 ./strace-static-x86_64: Process 5872 attached [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5872] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5871] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... rseq resumed>) = 0 [pid 5870] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5872] set_robust_list(0x7f836b55f9a0, 24 [pid 5870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5872] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5873 attached [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5871] <... futex resumed>) = 0 [pid 5870] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5870] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 0 [pid 5873] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5872] memfd_create("syzkaller", 0 [pid 5873] <... rseq resumed>) = 0 [pid 5873] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5872] <... memfd_create resumed>) = 3 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] <... mmap resumed>) = 0x7f8363000000 [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5826] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5826] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5826] getdents64(3, 0x55558e3ab730 /* 2 entries */, 32768) = 48 [pid 5826] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5826] close(3) = 0 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5872] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5868] <... write resumed>) = 20699119 [pid 5868] munmap(0x7f8363000000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./bus", 0777) = 0 [ 95.912699][ T5868] loop0: detected capacity change from 0 to 40427 [ 95.970409][ T5868] F2FS-fs (loop0): invalid crc value [pid 5868] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5869] <... write resumed>) = 20699119 [pid 5869] munmap(0x7f8363000000, 138412032) = 0 [pid 5869] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5869] close(3) = 0 [pid 5869] close(4) = 0 [pid 5869] mkdir("./bus", 0777) = 0 [ 96.137760][ T5869] loop1: detected capacity change from 0 to 40427 [ 96.194468][ T5869] F2FS-fs (loop1): invalid crc value [pid 5869] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5868] <... mount resumed>) = 0 [pid 5868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./bus") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5868] <... futex resumed>) = 0 [ 96.256817][ T5868] F2FS-fs (loop0): Start checkpoint disabled! [ 96.290523][ T5868] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5868] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5866] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5868] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5866] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... openat resumed>) = 5 [pid 5868] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] <... write resumed>) = 20699119 [pid 5868] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5866] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] munmap(0x7f8363000000, 138412032) = 0 [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5866] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 5877 attached ) = 4 [pid 5866] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5873] ioctl(4, LOOP_SET_FD, 3 [pid 5866] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.395931][ T3494] kworker/u8:6: attempt to access beyond end of device [ 96.395931][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 96.433009][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 96.433040][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.433054][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 96.433087][ T3494] Call Trace: [ 96.433095][ T3494] [ 96.433116][ T3494] dump_stack_lvl+0x189/0x250 [ 96.433152][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.433182][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 96.433200][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 96.433226][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 96.433284][ T5873] loop2: detected capacity change from 0 to 40427 [ 96.433282][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 96.433322][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 96.433384][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 96.433424][ T3494] __submit_merged_write_cond+0x255/0x530 [ 96.433464][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 96.433494][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.433570][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 96.433622][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 96.433693][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 96.433752][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 96.433786][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 96.433823][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 96.433859][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 96.433902][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 96.433936][ T3494] do_writepages+0x3ae/0x7b0 [ 96.433978][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.434017][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 96.434069][ T3494] __writeback_single_inode+0x145/0xff0 [ 96.434100][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 96.434132][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 96.434199][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 96.434305][ T3494] ? rcu_is_watching+0x15/0xb0 [ 96.434353][ T3494] wb_writeback+0x43b/0xaf0 [ 96.434396][ T3494] ? queue_io+0x3a1/0x590 [ 96.434431][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 96.434474][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.434508][ T3494] wb_workfn+0x409/0xef0 [pid 5866] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5866] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5866] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5878]}, 88) = 5878 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5866] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5878 attached [pid 5878] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 5878] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5878] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5877] <... rseq resumed>) = 0 [pid 5873] <... ioctl resumed>) = 0 [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5872] <... write resumed>) = 20699119 [ 96.434556][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 96.434579][ T3494] ? register_lock_class+0x51/0x320 [ 96.434620][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.434664][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.434714][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.434738][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.434771][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.434811][ T3494] process_scheduled_works+0xadb/0x17a0 [ 96.434891][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [pid 5872] munmap(0x7f8363000000, 138412032 [pid 5877] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5877] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5877] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 96.434953][ T3494] worker_thread+0x8a0/0xda0 [ 96.435013][ T3494] kthread+0x70e/0x8a0 [ 96.435045][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 96.435066][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.435095][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.435120][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.435145][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.435174][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.435199][ T3494] ret_from_fork+0x4b/0x80 [ 96.435221][ T3494] ? __pfx_kthread+0x10/0x10 [pid 5877] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] close(3) = 0 [pid 5873] close(4) = 0 [pid 5873] mkdir("./bus", 0777) = 0 [ 96.435247][ T3494] ret_from_fork_asm+0x1a/0x30 [ 96.435306][ T3494] [ 96.435316][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 96.457768][ T5869] F2FS-fs (loop1): Start checkpoint disabled! [ 96.511939][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 96.511973][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.511988][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 96.512026][ T3494] Call Trace: [ 96.512035][ T3494] [ 96.512044][ T3494] dump_stack_lvl+0x189/0x250 [ 96.512085][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.512117][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 96.512137][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 96.512164][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 96.512207][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 96.512250][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 96.512307][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 96.512348][ T3494] __submit_merged_write_cond+0x255/0x530 [pid 5873] mount("/dev/loop2", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5872] <... munmap resumed>) = 0 [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 96.512389][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 96.512498][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.512588][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 96.512643][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 96.512718][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 96.512770][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 96.512805][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 96.512844][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [pid 5872] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5872] close(3) = 0 [pid 5872] close(4) = 0 [pid 5872] mkdir("./bus", 0777) = 0 [ 96.512881][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 96.512926][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 96.512961][ T3494] do_writepages+0x3ae/0x7b0 [ 96.513007][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.513048][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 96.513103][ T3494] __writeback_single_inode+0x145/0xff0 [ 96.513135][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 96.513176][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 96.513246][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 96.513339][ T3494] ? rcu_is_watching+0x15/0xb0 [ 96.513387][ T3494] wb_writeback+0x43b/0xaf0 [ 96.513462][ T3494] ? queue_io+0x3a1/0x590 [ 96.513497][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 96.513542][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.513577][ T3494] wb_workfn+0x409/0xef0 [ 96.513625][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 96.513647][ T3494] ? register_lock_class+0x51/0x320 [ 96.513685][ T3494] ? __lock_acquire+0xaac/0xd20 [ 96.513728][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.513776][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.513802][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.513837][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 96.513875][ T3494] process_scheduled_works+0xadb/0x17a0 [ 96.513955][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 96.514017][ T3494] worker_thread+0x8a0/0xda0 [ 96.514079][ T3494] kthread+0x70e/0x8a0 [ 96.514112][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 96.514134][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.514164][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.514189][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.514214][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.514243][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.514269][ T3494] ret_from_fork+0x4b/0x80 [ 96.514291][ T3494] ? __pfx_kthread+0x10/0x10 [ 96.514317][ T3494] ret_from_fork_asm+0x1a/0x30 [ 96.514377][ T3494] [ 96.514387][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 96.549632][ T5869] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 96.805113][ T5873] F2FS-fs (loop2): invalid crc value [pid 5872] mount("/dev/loop4", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5878] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5868] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5878] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5878] <... futex resumed>) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5878] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... mount resumed>) = 0 [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5866] exit_group(0 [pid 5878] <... futex resumed>) = ? [pid 5877] <... futex resumed>) = ? [pid 5869] <... openat resumed>) = 3 [pid 5868] <... futex resumed>) = ? [pid 5866] <... exit_group resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5877] +++ exited with 0 +++ [pid 5869] chdir("./bus" [pid 5868] +++ exited with 0 +++ [pid 5869] <... chdir resumed>) = 0 [pid 5866] +++ exited with 0 +++ [pid 5869] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5866, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=43 /* 0.43 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...> [pid 5869] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5869] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... restart_syscall resumed>) = 0 [pid 5869] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5823] getdents64(3, [pid 5867] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5869] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5823] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5867] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./1/binderfs") = 0 [pid 5823] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5869] <... openat resumed>) = 4 [pid 5869] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [ 96.883394][ T5872] loop4: detected capacity change from 0 to 40427 [ 96.910701][ T5868] VFS:Filesystem freeze failed [ 96.942325][ T5872] F2FS-fs (loop4): invalid crc value [pid 5869] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5869] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5867] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... openat resumed>) = 5 [pid 5869] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5869] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5869] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5867] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 97.192018][ T53] kworker/u8:3: attempt to access beyond end of device [ 97.192018][ T53] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5867] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5867] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5882 attached => {parent_tid=[5882]}, 88) = 5882 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 97.264954][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 97.264984][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.264997][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 97.265031][ T53] Call Trace: [ 97.265040][ T53] [ 97.265049][ T53] dump_stack_lvl+0x189/0x250 [ 97.265086][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.265117][ T53] ? __pfx_queue_work_on+0x10/0x10 [pid 5882] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5882] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5882] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5882] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5867] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 97.265135][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 97.265161][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 97.265201][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 97.265242][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 97.265296][ T53] __submit_merged_bio+0x27a/0x6a0 [ 97.265335][ T53] __submit_merged_write_cond+0x255/0x530 [ 97.265374][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 97.265454][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 97.265484][ T53] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 97.265618][ T53] ? f2fs_write_node_pages+0x38a/0x6e0 [ 97.265655][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 97.265691][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 97.265734][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 97.265767][ T53] do_writepages+0x3ae/0x7b0 [ 97.265808][ T53] ? __lock_acquire+0xaac/0xd20 [ 97.265847][ T53] ? __pfx_do_writepages+0x10/0x10 [ 97.265899][ T53] __writeback_single_inode+0x145/0xff0 [ 97.265929][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 97.265960][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 97.266026][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 97.266114][ T53] ? rcu_is_watching+0x15/0xb0 [ 97.266160][ T53] wb_writeback+0x43b/0xaf0 [ 97.266200][ T53] ? queue_io+0x3a1/0x590 [ 97.266234][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 97.266276][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.266308][ T53] wb_workfn+0x409/0xef0 [ 97.266354][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 97.266375][ T53] ? register_lock_class+0x51/0x320 [ 97.266413][ T53] ? __lock_acquire+0xaac/0xd20 [ 97.266460][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.266499][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.266521][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.266551][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.266587][ T53] process_scheduled_works+0xadb/0x17a0 [ 97.266671][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 97.266729][ T53] worker_thread+0x8a0/0xda0 [ 97.266787][ T53] kthread+0x70e/0x8a0 [ 97.266818][ T53] ? __pfx_worker_thread+0x10/0x10 [ 97.266838][ T53] ? __pfx_kthread+0x10/0x10 [ 97.266865][ T53] ? __pfx_kthread+0x10/0x10 [ 97.266889][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.266913][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.266940][ T53] ? __pfx_kthread+0x10/0x10 [ 97.266964][ T53] ret_from_fork+0x4b/0x80 [ 97.266984][ T53] ? __pfx_kthread+0x10/0x10 [ 97.267009][ T53] ret_from_fork_asm+0x1a/0x30 [ 97.267064][ T53] [ 97.352019][ T5872] F2FS-fs (loop4): Start checkpoint disabled! [ 97.565889][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 97.572881][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 97.572910][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 97.572924][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 97.572957][ T53] Call Trace: [ 97.572966][ T53] [ 97.572975][ T53] dump_stack_lvl+0x189/0x250 [ 97.573011][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.573041][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 97.573059][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 97.573084][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 97.573121][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 97.573159][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 97.573209][ T53] __submit_merged_bio+0x27a/0x6a0 [ 97.573244][ T53] __submit_merged_write_cond+0x255/0x530 [ 97.573281][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 97.573351][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 97.573381][ T53] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 97.573494][ T53] ? f2fs_write_node_pages+0x38a/0x6e0 [ 97.573528][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 97.573562][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 97.573602][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 97.573634][ T53] do_writepages+0x3ae/0x7b0 [ 97.573672][ T53] ? __lock_acquire+0xaac/0xd20 [ 97.573710][ T53] ? __pfx_do_writepages+0x10/0x10 [ 97.573755][ T53] __writeback_single_inode+0x145/0xff0 [ 97.573784][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 97.573813][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 97.573872][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 97.573947][ T53] ? rcu_is_watching+0x15/0xb0 [ 97.573989][ T53] wb_writeback+0x43b/0xaf0 [ 97.574027][ T53] ? queue_io+0x3a1/0x590 [ 97.574059][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 97.574097][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.574127][ T53] wb_workfn+0x409/0xef0 [ 97.574167][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 97.574188][ T53] ? register_lock_class+0x51/0x320 [ 97.574224][ T53] ? __lock_acquire+0xaac/0xd20 [ 97.574263][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.574304][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.574326][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.574357][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 97.574402][ T53] process_scheduled_works+0xadb/0x17a0 [ 97.574468][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 97.574521][ T53] worker_thread+0x8a0/0xda0 [ 97.574571][ T53] kthread+0x70e/0x8a0 [ 97.574599][ T53] ? __pfx_worker_thread+0x10/0x10 [ 97.574619][ T53] ? __pfx_kthread+0x10/0x10 [ 97.574645][ T53] ? __pfx_kthread+0x10/0x10 [ 97.574669][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.574692][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.574718][ T53] ? __pfx_kthread+0x10/0x10 [ 97.574741][ T53] ret_from_fork+0x4b/0x80 [ 97.574761][ T53] ? __pfx_kthread+0x10/0x10 [ 97.574785][ T53] ret_from_fork_asm+0x1a/0x30 [ 97.574836][ T53] [pid 5867] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5882] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5869] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5869] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] exit_group(0) = ? [pid 5882] <... futex resumed>) = ? [pid 5869] <... futex resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=66 /* 0.66 s */} --- [pid 5872] <... mount resumed>) = 0 [pid 5873] <... mount resumed>) = 0 [pid 5824] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5872] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5824] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5873] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5872] <... openat resumed>) = 3 [pid 5824] <... openat resumed>) = 3 [pid 5873] <... openat resumed>) = 3 [pid 5824] newfstatat(3, "", [pid 5873] chdir("./bus" [pid 5872] chdir("./bus" [pid 5873] <... chdir resumed>) = 0 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5872] <... chdir resumed>) = 0 [pid 5824] getdents64(3, [pid 5873] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5872] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5873] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5824] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5872] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5873] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5872] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 1 [pid 5872] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./1/binderfs" [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... unlink resumed>) = 0 [pid 5824] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5872] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [ 97.574844][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 97.644956][ T5873] F2FS-fs (loop2): Start checkpoint disabled! [ 97.755881][ T5872] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 97.891562][ T5869] VFS:Filesystem freeze failed [ 97.892416][ T5873] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [pid 5873] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5872] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5871] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5872] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5873] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = 1 [pid 5873] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5872] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5873] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5870] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 97.964298][ T13] kworker/u8:1: attempt to access beyond end of device [ 97.964298][ T13] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5870] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5871] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5871] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5871] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5885]}, 88) = 5885 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5871] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.008952][ T3494] kworker/u8:6: attempt to access beyond end of device [ 98.008952][ T3494] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 98.026173][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 98.026203][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.026217][ T13] Workqueue: writeback wb_workfn (flush-7:4) [pid 5871] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5885 attached [pid 5885] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5885] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5885] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5885] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] <... futex resumed>) = 0 [pid 5871] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5871] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.026249][ T13] Call Trace: [ 98.026257][ T13] [ 98.026266][ T13] dump_stack_lvl+0x189/0x250 [ 98.026343][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.026373][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 98.026391][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.026416][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.026459][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 98.026498][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 98.026551][ T13] __submit_merged_bio+0x27a/0x6a0 [pid 5885] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5871] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 98.026590][ T13] __submit_merged_write_cond+0x255/0x530 [ 98.026629][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 98.026659][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.026732][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.026784][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 98.026855][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 98.026904][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 98.026937][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 98.026974][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 98.027010][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 98.027053][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.027086][ T13] do_writepages+0x3ae/0x7b0 [ 98.027128][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.027167][ T13] ? __pfx_do_writepages+0x10/0x10 [ 98.027219][ T13] __writeback_single_inode+0x145/0xff0 [ 98.027248][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 98.027280][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 98.027354][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 98.027443][ T13] ? rcu_is_watching+0x15/0xb0 [ 98.027500][ T13] wb_writeback+0x43b/0xaf0 [ 98.027540][ T13] ? queue_io+0x3a1/0x590 [ 98.027573][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 98.027612][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.027643][ T13] wb_workfn+0x409/0xef0 [ 98.027687][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 98.027707][ T13] ? register_lock_class+0x51/0x320 [ 98.027744][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.027785][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.027826][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5871] exit_group(0) = ? [ 98.027848][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.027878][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.027914][ T13] process_scheduled_works+0xadb/0x17a0 [ 98.027986][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 98.028042][ T13] worker_thread+0x8a0/0xda0 [ 98.028098][ T13] kthread+0x70e/0x8a0 [ 98.028127][ T13] ? __pfx_worker_thread+0x10/0x10 [ 98.028146][ T13] ? __pfx_kthread+0x10/0x10 [ 98.028173][ T13] ? __pfx_kthread+0x10/0x10 [ 98.028195][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5870] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 98.028218][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.028245][ T13] ? __pfx_kthread+0x10/0x10 [ 98.028268][ T13] ret_from_fork+0x4b/0x80 [ 98.028287][ T13] ? __pfx_kthread+0x10/0x10 [ 98.028317][ T13] ret_from_fork_asm+0x1a/0x30 [ 98.028378][ T13] [ 98.286753][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 98.286788][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 5870] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... umount2 resumed>) = 0 [ 98.286803][ T3494] Workqueue: writeback wb_workfn (flush-7:2) [ 98.286839][ T3494] Call Trace: [ 98.286849][ T3494] [ 98.286859][ T3494] dump_stack_lvl+0x189/0x250 [ 98.286897][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.286929][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 98.286949][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.286976][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.287015][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 98.287055][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [pid 5823] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 98.287107][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 98.287145][ T3494] __submit_merged_write_cond+0x255/0x530 [ 98.287184][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 98.287216][ T3494] ? __lock_acquire+0xaac/0xd20 [ 98.287284][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.287338][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 98.287403][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 98.287450][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 98.287484][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [pid 5823] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./1/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./1") = 0 [pid 5823] mkdir("./2", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5870] <... futex resumed>) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5870] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5870] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5886]}, 88) = 5886 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5886 attached NULL, 8) = 0 [pid 5870] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.287520][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 98.287563][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 98.287606][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.287640][ T3494] do_writepages+0x3ae/0x7b0 [ 98.287680][ T3494] ? __lock_acquire+0xaac/0xd20 [ 98.287719][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 98.287769][ T3494] __writeback_single_inode+0x145/0xff0 [ 98.287799][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 98.287842][ T3494] writeback_sb_inodes+0x6b5/0x1000 [pid 5870] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5886] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5886] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5886] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5870] <... futex resumed>) = 0 [ 98.287901][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 98.287986][ T3494] ? rcu_is_watching+0x15/0xb0 [ 98.288027][ T3494] wb_writeback+0x43b/0xaf0 [ 98.288062][ T3494] ? queue_io+0x3a1/0x590 [ 98.288112][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 98.288152][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.288183][ T3494] wb_workfn+0x409/0xef0 [ 98.288226][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 98.288248][ T3494] ? register_lock_class+0x51/0x320 [ 98.288285][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 5870] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 98.288324][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.288365][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.288388][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.288433][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.288467][ T3494] process_scheduled_works+0xadb/0x17a0 [ 98.288534][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 98.288587][ T3494] worker_thread+0x8a0/0xda0 [ 98.288638][ T3494] kthread+0x70e/0x8a0 [ 98.288667][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 98.288687][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.288714][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.288761][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.288786][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.288815][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.288839][ T3494] ret_from_fork+0x4b/0x80 [ 98.288860][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.288886][ T3494] ret_from_fork_asm+0x1a/0x30 [ 98.288940][ T3494] [ 98.288982][ T3494] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 98.321652][ T13] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 98.346645][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 98.346676][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.346691][ T3494] Workqueue: writeback wb_workfn (flush-7:2) [ 98.346727][ T3494] Call Trace: [ 98.346735][ T3494] [ 98.346745][ T3494] dump_stack_lvl+0x189/0x250 [ 98.346783][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.346820][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 98.346840][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.346866][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.346907][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 98.346948][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 98.347003][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 98.347042][ T3494] __submit_merged_write_cond+0x255/0x530 [ 98.347082][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 98.347132][ T3494] ? __lock_acquire+0xaac/0xd20 [ 98.347210][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.347265][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 98.347352][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 98.347403][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 98.347440][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 98.347478][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 98.347515][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 98.347575][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.347610][ T3494] do_writepages+0x3ae/0x7b0 [ 98.347651][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 5870] exit_group(0) = ? [ 98.347692][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 98.347745][ T3494] __writeback_single_inode+0x145/0xff0 [ 98.347794][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 98.347827][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 98.347896][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 98.347997][ T3494] ? rcu_is_watching+0x15/0xb0 [ 98.348045][ T3494] wb_writeback+0x43b/0xaf0 [ 98.348086][ T3494] ? queue_io+0x3a1/0x590 [ 98.348121][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 98.348163][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.348195][ T3494] wb_workfn+0x409/0xef0 [ 98.348242][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 98.348264][ T3494] ? register_lock_class+0x51/0x320 [ 98.348317][ T3494] ? __lock_acquire+0xaac/0xd20 [ 98.348361][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.348405][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.348429][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.348463][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 98.348501][ T3494] process_scheduled_works+0xadb/0x17a0 [pid 5823] <... close resumed>) = 0 [ 98.348591][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 98.348653][ T3494] worker_thread+0x8a0/0xda0 [ 98.348717][ T3494] kthread+0x70e/0x8a0 [ 98.348749][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 98.348770][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.348798][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.348824][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.348849][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.348879][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.348904][ T3494] ret_from_fork+0x4b/0x80 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5887 [ 98.348924][ T3494] ? __pfx_kthread+0x10/0x10 [ 98.348951][ T3494] ret_from_fork_asm+0x1a/0x30 [ 98.349009][ T3494] [ 98.349501][ T3494] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 98.362627][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 98.362661][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.362677][ T13] Workqueue: writeback wb_workfn (flush-7:4) [ 98.362714][ T13] Call Trace: [ 98.362723][ T13] ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5887] chdir("./2") = 0 [pid 5887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5887] setpgid(0, 0) = 0 [pid 5887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5887] write(3, "1000", 4) = 4 [pid 5887] close(3) = 0 [pid 5887] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5887] write(1, "executing program\n", 18) = 18 [pid 5887] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5887] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5887] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5888]}, 88) = 5888 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.362734][ T13] dump_stack_lvl+0x189/0x250 [ 98.362774][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.362807][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 98.362827][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.362854][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.362896][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 98.362938][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 98.362995][ T13] __submit_merged_bio+0x27a/0x6a0 [ 98.363036][ T13] __submit_merged_write_cond+0x255/0x530 [ 98.363078][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 98.363121][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.363195][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.363247][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 98.363325][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 98.363376][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 98.363409][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 98.363446][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 98.363482][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [pid 5887] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5888 attached [pid 5888] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5888] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] memfd_create("syzkaller", 0) = 3 [pid 5888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 98.363524][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 98.363558][ T13] do_writepages+0x3ae/0x7b0 [ 98.363600][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.363639][ T13] ? __pfx_do_writepages+0x10/0x10 [ 98.363691][ T13] __writeback_single_inode+0x145/0xff0 [ 98.363722][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 98.363753][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 98.363820][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 98.363908][ T13] ? rcu_is_watching+0x15/0xb0 [ 98.363955][ T13] wb_writeback+0x43b/0xaf0 [ 98.363995][ T13] ? queue_io+0x3a1/0x590 [ 98.364029][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 98.364072][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.364105][ T13] wb_workfn+0x409/0xef0 [ 98.364153][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 98.364175][ T13] ? register_lock_class+0x51/0x320 [ 98.364213][ T13] ? __lock_acquire+0xaac/0xd20 [ 98.364257][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.364306][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.364329][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.364361][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 98.364398][ T13] process_scheduled_works+0xadb/0x17a0 [ 98.364474][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 98.364533][ T13] worker_thread+0x8a0/0xda0 [ 98.364590][ T13] kthread+0x70e/0x8a0 [ 98.364621][ T13] ? __pfx_worker_thread+0x10/0x10 [ 98.364641][ T13] ? __pfx_kthread+0x10/0x10 [ 98.364669][ T13] ? __pfx_kthread+0x10/0x10 [ 98.364693][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5886] <... ioctl resumed>) = ? [pid 5885] <... ioctl resumed>) = ? [pid 5873] <... ioctl resumed>) = ? [pid 5872] <... ioctl resumed>) = ? [pid 5824] <... umount2 resumed>) = 0 [pid 5886] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=92 /* 0.92 s */} --- [pid 5827] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5873] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, [pid 5825] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=58 /* 0.58 s */} --- [pid 5827] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5825] restart_syscall(<... resuming interrupted clone ...> [pid 5827] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./1/binderfs") = 0 [pid 5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5825] <... restart_syscall resumed>) = 0 [pid 5825] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5825] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5825] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] unlink("./1/binderfs") = 0 [pid 5825] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW [ 98.364717][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.364745][ T13] ? __pfx_kthread+0x10/0x10 [ 98.364769][ T13] ret_from_fork+0x4b/0x80 [ 98.364790][ T13] ? __pfx_kthread+0x10/0x10 [ 98.364816][ T13] ret_from_fork_asm+0x1a/0x30 [ 98.364871][ T13] [ 98.364880][ T13] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 99.295641][ T5873] VFS:Filesystem freeze failed [ 99.300688][ T5872] VFS:Filesystem freeze failed [pid 5824] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5888] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./1/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./1") = 0 [pid 5824] mkdir("./2", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5889 ./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5889] chdir("./2") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] write(1, "executing program\n", 18 [pid 5825] <... umount2 resumed>) = 0 [pid 5825] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5825] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5825] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5825] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5825] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5825] close(4) = 0 [pid 5825] rmdir("./1/bus") = 0 [pid 5825] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5825] close(3) = 0 [pid 5825] rmdir("./1") = 0 [pid 5825] mkdir("./2", 0777executing program ) = 0 [pid 5889] <... write resumed>) = 18 [pid 5825] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5825] ioctl(3, LOOP_CLR_FD) = 0 [pid 5889] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] close(3 [pid 5889] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5889] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5889] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] <... rseq resumed>) = 0 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] set_robust_list(0x7f836b55f9a0, 24 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5890] <... set_robust_list resumed>) = 0 [pid 5889] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] <... futex resumed>) = 0 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5890] memfd_create("syzkaller", 0) = 3 [pid 5827] <... umount2 resumed>) = 0 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./1/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./1/bus") = 0 [pid 5827] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./1") = 0 [pid 5827] mkdir("./2", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = 0 [pid 5827] close(3 [pid 5888] <... write resumed>) = 20699119 [pid 5888] munmap(0x7f8363000000, 138412032) = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5888] close(3) = 0 [pid 5888] close(4) = 0 [pid 5888] mkdir("./bus", 0777) = 0 [ 100.040026][ T5888] loop0: detected capacity change from 0 to 40427 [ 100.088966][ T5888] F2FS-fs (loop0): invalid crc value [pid 5888] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5825] <... close resumed>) = 0 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5825] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5892 ./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5892] chdir("./2") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5892] write(1, "executing program\n", 18) = 18 [pid 5892] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5892] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5827] <... close resumed>) = 0 [pid 5892] <... mprotect resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 5893 attached [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5827] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5893 [pid 5893] set_robust_list(0x55558e3aa6a0, 24./strace-static-x86_64: Process 5894 attached ) = 0 [pid 5892] <... clone3 resumed> => {parent_tid=[5894]}, 88) = 5894 [pid 5894] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5893] chdir("./2" [pid 5892] rt_sigprocmask(SIG_SETMASK, [], [pid 5894] <... rseq resumed>) = 0 [pid 5893] <... chdir resumed>) = 0 [pid 5892] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5894] set_robust_list(0x7f836b55f9a0, 24 [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5892] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... prctl resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], [pid 5893] setpgid(0, 0 [pid 5892] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5893] <... setpgid resumed>) = 0 [pid 5888] <... mount resumed>) = 0 [pid 5888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] memfd_create("syzkaller", 0 [pid 5888] chdir("./bus") = 0 [pid 5888] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5888] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5894] <... memfd_create resumed>) = 3 [pid 5893] <... openat resumed>) = 3 [pid 5888] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5893] write(3, "1000", 4) = 4 [pid 5887] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] <... mmap resumed>) = 0x7f8363000000 [pid 5893] close(3 [pid 5887] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... close resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 executing program [pid 5893] write(1, "executing program\n", 18) = 18 [pid 5888] <... openat resumed>) = 4 [pid 5893] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... futex resumed>) = 0 [pid 5893] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5888] <... futex resumed>) = 1 [pid 5893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5888] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5888] <... openat resumed>) = 5 [ 100.338476][ T5888] F2FS-fs (loop0): Start checkpoint disabled! [ 100.365520][ T5888] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5893] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5888] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... mprotect resumed>) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5888] <... futex resumed>) = 1 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5888] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5893] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5896 attached [pid 5893] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5896] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5896] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5896] memfd_create("syzkaller", 0) = 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 100.423580][ T63] kworker/u8:4: attempt to access beyond end of device [ 100.423580][ T63] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5887] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.472985][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 100.473015][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.473028][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 100.473061][ T63] Call Trace: [ 100.473068][ T63] [ 100.473077][ T63] dump_stack_lvl+0x189/0x250 [ 100.473112][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.473141][ T63] ? __pfx_queue_work_on+0x10/0x10 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5887] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5897]}, 88) = 5897 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.473160][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 100.473195][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 100.473231][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 100.473269][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 100.473318][ T63] __submit_merged_bio+0x27a/0x6a0 [ 100.473354][ T63] __submit_merged_write_cond+0x255/0x530 [ 100.473387][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 100.473416][ T63] ? __lock_acquire+0xaac/0xd20 [ 100.473478][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 5887] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5887] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5887] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5887] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5887] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5898]}, 88) = 5898 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5887] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5898 attached [pid 5898] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [ 100.473524][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 100.473584][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 100.473629][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 100.473660][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 100.473694][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 100.473732][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 100.473772][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 100.473804][ T63] do_writepages+0x3ae/0x7b0 [ 100.473841][ T63] ? __lock_acquire+0xaac/0xd20 [ 100.473877][ T63] ? __pfx_do_writepages+0x10/0x10 [ 100.473922][ T63] __writeback_single_inode+0x145/0xff0 [ 100.473950][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 100.473979][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 100.474037][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 100.474113][ T63] ? rcu_is_watching+0x15/0xb0 [ 100.474155][ T63] wb_writeback+0x43b/0xaf0 [ 100.474199][ T63] ? queue_io+0x3a1/0x590 [ 100.474230][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 100.474268][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.474297][ T63] wb_workfn+0x409/0xef0 [ 100.474337][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 100.474358][ T63] ? register_lock_class+0x51/0x320 [ 100.474393][ T63] ? __lock_acquire+0xaac/0xd20 [ 100.474431][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.474471][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.474492][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.474522][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.474556][ T63] process_scheduled_works+0xadb/0x17a0 [pid 5898] set_robust_list(0x7f836b51d9a0, 24) = 0 [ 100.474622][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 100.474673][ T63] worker_thread+0x8a0/0xda0 [ 100.474724][ T63] kthread+0x70e/0x8a0 [ 100.474751][ T63] ? __pfx_worker_thread+0x10/0x10 [ 100.474770][ T63] ? __pfx_kthread+0x10/0x10 [ 100.474796][ T63] ? __pfx_kthread+0x10/0x10 [ 100.474819][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.474841][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.474868][ T63] ? __pfx_kthread+0x10/0x10 [ 100.474890][ T63] ret_from_fork+0x4b/0x80 [ 100.474909][ T63] ? __pfx_kthread+0x10/0x10 ./strace-static-x86_64: Process 5897 attached [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5887] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 100.474933][ T63] ret_from_fork_asm+0x1a/0x30 [ 100.474983][ T63] [ 100.596630][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5897] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] <... rseq resumed>) = 0 [pid 5898] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5897] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5897] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5897] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.926669][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 100.926701][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.926714][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 100.926746][ T63] Call Trace: [ 100.926755][ T63] [ 100.926764][ T63] dump_stack_lvl+0x189/0x250 [ 100.926798][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.926826][ T63] ? __pfx_queue_work_on+0x10/0x10 [pid 5897] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 100.926844][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 100.926869][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 100.926905][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 100.926942][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 100.926990][ T63] __submit_merged_bio+0x27a/0x6a0 [ 100.927024][ T63] __submit_merged_write_cond+0x255/0x530 [ 100.927059][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 100.927089][ T63] ? __lock_acquire+0xaac/0xd20 [ 100.927151][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 100.927198][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 100.927256][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 100.927300][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 100.927331][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 100.927373][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 100.927406][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 100.927445][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 100.927476][ T63] do_writepages+0x3ae/0x7b0 [ 100.927513][ T63] ? __lock_acquire+0xaac/0xd20 [pid 5894] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5890] <... write resumed>) = 20699119 [pid 5890] munmap(0x7f8363000000, 138412032) = 0 [ 100.927548][ T63] ? __pfx_do_writepages+0x10/0x10 [ 100.927593][ T63] __writeback_single_inode+0x145/0xff0 [ 100.927621][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 100.927649][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 100.927706][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 100.927779][ T63] ? rcu_is_watching+0x15/0xb0 [ 100.927820][ T63] wb_writeback+0x43b/0xaf0 [ 100.927857][ T63] ? queue_io+0x3a1/0x590 [ 100.927888][ T63] ? __pfx_wb_writeback+0x10/0x10 [pid 5890] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] close(4) = 0 [pid 5890] mkdir("./bus", 0777) = 0 [ 100.927925][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.927954][ T63] wb_workfn+0x409/0xef0 [ 100.927993][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 100.928014][ T63] ? register_lock_class+0x51/0x320 [ 100.928049][ T63] ? __lock_acquire+0xaac/0xd20 [ 100.928087][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.928126][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.928148][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.928178][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 100.928212][ T63] process_scheduled_works+0xadb/0x17a0 [ 100.928276][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 100.928328][ T63] worker_thread+0x8a0/0xda0 [ 100.928382][ T63] kthread+0x70e/0x8a0 [ 100.928411][ T63] ? __pfx_worker_thread+0x10/0x10 [ 100.928430][ T63] ? __pfx_kthread+0x10/0x10 [ 100.928456][ T63] ? __pfx_kthread+0x10/0x10 [ 100.928478][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.928501][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.928526][ T63] ? __pfx_kthread+0x10/0x10 [ 100.928549][ T63] ret_from_fork+0x4b/0x80 [ 100.928569][ T63] ? __pfx_kthread+0x10/0x10 [ 100.928592][ T63] ret_from_fork_asm+0x1a/0x30 [ 100.928641][ T63] [ 100.929817][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 101.133072][ T5890] loop1: detected capacity change from 0 to 40427 [ 101.218962][ T5890] F2FS-fs (loop1): invalid crc value [pid 5890] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5894] <... write resumed>) = 20699119 [pid 5894] munmap(0x7f8363000000, 138412032) = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5896] <... write resumed>) = 20699119 [pid 5896] munmap(0x7f8363000000, 138412032 [pid 5894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5894] close(3) = 0 [pid 5898] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5894] close(4 [pid 5888] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5898] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... close resumed>) = 0 [pid 5888] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5894] mkdir("./bus", 0777 [pid 5888] <... futex resumed>) = 0 [pid 5898] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5896] <... munmap resumed>) = 0 [pid 5894] <... mkdir resumed>) = 0 [pid 5888] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5887] exit_group(0 [pid 5898] <... futex resumed>) = ? [pid 5897] <... futex resumed>) = ? [pid 5896] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5894] mount("/dev/loop2", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5888] <... futex resumed>) = ? [pid 5887] <... exit_group resumed>) = ? [pid 5898] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ [ 101.463031][ T5894] loop2: detected capacity change from 0 to 40427 [ 101.486695][ T5888] VFS:Filesystem freeze failed [pid 5896] <... openat resumed>) = 4 [pid 5888] +++ exited with 0 +++ [pid 5887] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5887, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=44 /* 0.44 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...> [pid 5896] ioctl(4, LOOP_SET_FD, 3 [pid 5823] <... restart_syscall resumed>) = 0 [pid 5823] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./2/binderfs") = 0 [pid 5823] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5896] <... ioctl resumed>) = 0 [pid 5896] close(3) = 0 [ 101.518607][ T5894] F2FS-fs (loop2): invalid crc value [ 101.526095][ T5896] loop4: detected capacity change from 0 to 40427 [pid 5896] close(4) = 0 [pid 5896] mkdir("./bus", 0777) = 0 [ 101.631160][ T5896] F2FS-fs (loop4): invalid crc value [ 101.672098][ T5890] F2FS-fs (loop1): Start checkpoint disabled! [pid 5896] mount("/dev/loop4", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5890] <... mount resumed>) = 0 [pid 5890] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./bus") = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 101.748653][ T5890] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5890] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5890] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... openat resumed>) = 5 [pid 5890] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5889] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5889] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5889] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5904 attached => {parent_tid=[5904]}, 88) = 5904 [pid 5904] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5904] <... rseq resumed>) = 0 [pid 5904] set_robust_list(0x7f836b53e9a0, 24 [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... set_robust_list resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 101.856926][ T5894] F2FS-fs (loop2): Start checkpoint disabled! [ 101.863475][ T3494] kworker/u8:6: attempt to access beyond end of device [ 101.863475][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 101.891895][ T5894] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [pid 5894] <... mount resumed>) = 0 [pid 5894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5894] chdir("./bus") = 0 [pid 5894] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5894] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5894] <... futex resumed>) = 1 [pid 5894] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [ 101.903126][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 101.903159][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.903174][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 101.903207][ T3494] Call Trace: [ 101.903216][ T3494] [ 101.903225][ T3494] dump_stack_lvl+0x189/0x250 [ 101.903262][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.903293][ T3494] ? __pfx_queue_work_on+0x10/0x10 [pid 5904] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5894] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5894] <... futex resumed>) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5889] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5892] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... mmap resumed>) = 0x7f836b4fd000 [pid 5889] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5894] <... openat resumed>) = 5 [pid 5889] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5906]}, 88) = 5906 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5906 attached [pid 5889] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5894] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5906] <... rseq resumed>) = 0 [pid 5906] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5894] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5906] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5896] <... mount resumed>) = 0 [pid 5896] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5896] chdir("./bus") = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5896] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... futex resumed>) = 1 [ 101.903312][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 101.903346][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.903387][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 101.903427][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 101.903481][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 101.903520][ T3494] __submit_merged_write_cond+0x255/0x530 [ 101.903559][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 101.903590][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.903664][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 101.903716][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 101.903786][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 101.903835][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 101.903868][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 101.903905][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 101.903941][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 101.903983][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 101.904016][ T3494] do_writepages+0x3ae/0x7b0 [ 101.904057][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.904096][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 101.904148][ T3494] __writeback_single_inode+0x145/0xff0 [ 101.904177][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 101.904208][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 101.904274][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 101.904366][ T3494] ? rcu_is_watching+0x15/0xb0 [ 101.904412][ T3494] wb_writeback+0x43b/0xaf0 [ 101.904453][ T3494] ? queue_io+0x3a1/0x590 [ 101.904486][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 101.904528][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.904559][ T3494] wb_workfn+0x409/0xef0 [ 101.904605][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 101.904626][ T3494] ? register_lock_class+0x51/0x320 [ 101.904664][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.904706][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.904749][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.904771][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.904803][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.904839][ T3494] process_scheduled_works+0xadb/0x17a0 [ 101.904914][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 101.904973][ T3494] worker_thread+0x8a0/0xda0 [ 101.905031][ T3494] kthread+0x70e/0x8a0 [ 101.905061][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 101.905082][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.905109][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.905133][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.905157][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.905184][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.905208][ T3494] ret_from_fork+0x4b/0x80 [ 101.905228][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.905253][ T3494] ret_from_fork_asm+0x1a/0x30 [ 101.905309][ T3494] [ 101.905317][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 101.929299][ T5896] F2FS-fs (loop4): Start checkpoint disabled! [ 101.938685][ T5896] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 101.942083][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 5896] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5896] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... futex resumed>) = 1 [pid 5896] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5896] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5896] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5896] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5893] <... futex resumed>) = 0 [pid 5893] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5889] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5892] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5892] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5907]}, 88) = 5907 ./strace-static-x86_64: Process 5907 attached [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5892] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... rseq resumed>) = 0 [pid 5907] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5907] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = 0 [pid 5893] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5907] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5907] <... futex resumed>) = 1 [pid 5893] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5892] <... futex resumed>) = 0 [pid 5907] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5907] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5892] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... mmap resumed>) = 0x7f836b51e000 [pid 5893] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5908 attached [pid 5908] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5893] <... clone3 resumed> => {parent_tid=[5908]}, 88) = 5908 [pid 5908] <... rseq resumed>) = 0 [pid 5908] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5908] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5908] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = 0 [pid 5908] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5908] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5892] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5893] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5908] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5893] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5889] exit_group(0) = ? [pid 5904] <... ioctl resumed> ) = ? [pid 5904] +++ exited with 0 +++ [pid 5892] exit_group(0) = ? [pid 5893] exit_group(0) = ? [ 101.942118][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.942133][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 101.942168][ T3494] Call Trace: [ 101.942178][ T3494] [ 101.942188][ T3494] dump_stack_lvl+0x189/0x250 [ 101.942228][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.942260][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 101.942279][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 101.942307][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.942362][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 101.942405][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 101.942463][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 101.942503][ T3494] __submit_merged_write_cond+0x255/0x530 [ 101.942541][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 101.942573][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.942653][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 101.942708][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 101.942781][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 101.942833][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 101.942868][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 101.942906][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 101.942944][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 101.942988][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 101.943023][ T3494] do_writepages+0x3ae/0x7b0 [ 101.943066][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.943106][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 101.943160][ T3494] __writeback_single_inode+0x145/0xff0 [ 101.943191][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 101.943224][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 101.943293][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 101.943392][ T3494] ? rcu_is_watching+0x15/0xb0 [ 101.943440][ T3494] wb_writeback+0x43b/0xaf0 [ 101.943482][ T3494] ? queue_io+0x3a1/0x590 [ 101.943518][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 101.943561][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.943594][ T3494] wb_workfn+0x409/0xef0 [ 101.943642][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 101.943664][ T3494] ? register_lock_class+0x51/0x320 [ 101.943704][ T3494] ? __lock_acquire+0xaac/0xd20 [ 101.943749][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.943793][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.943817][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.943851][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 101.943889][ T3494] process_scheduled_works+0xadb/0x17a0 [ 101.943967][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 101.944030][ T3494] worker_thread+0x8a0/0xda0 [ 101.944092][ T3494] kthread+0x70e/0x8a0 [ 101.944125][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 101.944145][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.944175][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.944199][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.944224][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.944254][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.944279][ T3494] ret_from_fork+0x4b/0x80 [ 101.944300][ T3494] ? __pfx_kthread+0x10/0x10 [ 101.944333][ T3494] ret_from_fork_asm+0x1a/0x30 [ 101.944392][ T3494] [ 101.944401][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5890] <... ioctl resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5906] <... ioctl resumed>) = ? [pid 5906] +++ exited with 0 +++ [pid 5889] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5889, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=35 /* 0.35 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./2/binderfs") = 0 [pid 5824] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [ 102.562157][ T5890] VFS:Filesystem freeze failed [pid 5823] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./2/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./2") = 0 [pid 5823] mkdir("./3", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 5824] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] newfstatat(AT_FDCWD, "./2/bus", [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5909 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5909 attached ) = -1 EINVAL (Invalid argument) [pid 5909] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] openat(AT_FDCWD, "./2/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5909] <... set_robust_list resumed>) = 0 [pid 5909] chdir("./3" [pid 5824] <... openat resumed>) = 4 [pid 5909] <... chdir resumed>) = 0 [pid 5824] newfstatat(4, "", [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5909] setpgid(0, 0 [pid 5824] getdents64(4, [pid 5909] <... setpgid resumed>) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5909] <... openat resumed>) = 3 [pid 5824] getdents64(4, [pid 5909] write(3, "1000", 4 [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5909] <... write resumed>) = 4 [pid 5824] close(4 [pid 5909] close(3) = 0 [pid 5824] <... close resumed>) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs" [pid 5824] rmdir("./2/bus" [pid 5909] <... symlink resumed>) = 0 [pid 5824] <... rmdir resumed>) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3 [pid 5909] write(1, "executing program\n", 18executing program [pid 5824] <... close resumed>) = 0 [pid 5909] <... write resumed>) = 18 [pid 5824] rmdir("./2" [pid 5909] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5909] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5824] <... rmdir resumed>) = 0 [pid 5909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5909] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5824] mkdir("./3", 0777 [pid 5909] <... mprotect resumed>) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5910 attached => {parent_tid=[5910]}, 88) = 5910 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5909] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5910] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5910] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5824] <... mkdir resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5910] <... mmap resumed>) = 0x7f8363000000 [pid 5824] <... openat resumed>) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached , child_tidptr=0x55558e3aa690) = 5911 [pid 5911] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5911] chdir("./3") = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5911] setpgid(0, 0) = 0 [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5911] write(3, "1000", 4) = 4 [pid 5911] close(3) = 0 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5911] write(1, "executing program\n", 18executing program ) = 18 [pid 5911] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5911] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5911] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5912 attached [pid 5912] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5912] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5911] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5912] memfd_create("syzkaller", 0) = 3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5910] <... write resumed>) = 20699119 [pid 5910] munmap(0x7f8363000000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5910] close(4) = 0 [pid 5910] mkdir("./bus", 0777) = 0 [ 104.079107][ T5910] loop0: detected capacity change from 0 to 40427 [ 104.137327][ T5910] F2FS-fs (loop0): invalid crc value [pid 5910] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 5910] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./bus") = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5910] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5910] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] <... futex resumed>) = 0 [pid 5910] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5909] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... openat resumed>) = 4 [ 104.372833][ T5910] F2FS-fs (loop0): Start checkpoint disabled! [ 104.401513][ T5910] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5910] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5910] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5909] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5910] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [ 104.539400][ T3494] kworker/u8:6: attempt to access beyond end of device [ 104.539400][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 104.576616][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 104.576648][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.576663][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 104.576696][ T3494] Call Trace: [ 104.576705][ T3494] [ 104.576714][ T3494] dump_stack_lvl+0x189/0x250 [ 104.576751][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.576781][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 104.576800][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 104.576826][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 104.576865][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 104.576906][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 104.576959][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 104.576998][ T3494] __submit_merged_write_cond+0x255/0x530 [ 104.577037][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 104.577069][ T3494] ? __lock_acquire+0xaac/0xd20 [ 104.577151][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.577203][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 104.577278][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 104.577327][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 104.577360][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 104.577397][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 104.577432][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 104.577474][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.577507][ T3494] do_writepages+0x3ae/0x7b0 [ 104.577548][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 5912] <... write resumed>) = 20699119 [pid 5909] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5909] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5915]}, 88) = 5915 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5909] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5915] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5915] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5915] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 104.577587][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 104.577639][ T3494] __writeback_single_inode+0x145/0xff0 [ 104.577668][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 104.577699][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 104.577765][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 104.577853][ T3494] ? rcu_is_watching+0x15/0xb0 [ 104.577899][ T3494] wb_writeback+0x43b/0xaf0 [ 104.577940][ T3494] ? queue_io+0x3a1/0x590 [ 104.577973][ T3494] ? __pfx_wb_writeback+0x10/0x10 [pid 5915] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5909] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 104.578015][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.578046][ T3494] wb_workfn+0x409/0xef0 [ 104.578092][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 104.578113][ T3494] ? register_lock_class+0x51/0x320 [ 104.578160][ T3494] ? __lock_acquire+0xaac/0xd20 [ 104.578202][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 104.578245][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.578267][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 104.578299][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 104.578336][ T3494] process_scheduled_works+0xadb/0x17a0 [ 104.578411][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 104.578469][ T3494] worker_thread+0x8a0/0xda0 [ 104.578527][ T3494] kthread+0x70e/0x8a0 [ 104.578558][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 104.578577][ T3494] ? __pfx_kthread+0x10/0x10 [ 104.578605][ T3494] ? __pfx_kthread+0x10/0x10 [ 104.578629][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 104.578652][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.578680][ T3494] ? __pfx_kthread+0x10/0x10 [ 104.578703][ T3494] ret_from_fork+0x4b/0x80 [ 104.578723][ T3494] ? __pfx_kthread+0x10/0x10 [ 104.578748][ T3494] ret_from_fork_asm+0x1a/0x30 [ 104.578804][ T3494] [ 104.746558][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5912] munmap(0x7f8363000000, 138412032) = 0 [pid 5909] exit_group(0) = ? [pid 5912] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [ 105.087003][ T5912] loop1: detected capacity change from 0 to 40427 [ 105.106638][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 105.106671][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.106685][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 105.106719][ T3494] Call Trace: [ 105.106727][ T3494] [ 105.106736][ T3494] dump_stack_lvl+0x189/0x250 [ 105.106772][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.106802][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 105.106820][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 105.106845][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 105.106888][ T3494] f2fs_handle_critical_error+0x37c/0x540 [pid 5912] close(4) = 0 [pid 5912] mkdir("./bus", 0777) = 0 [ 105.106927][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 105.106977][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 105.107012][ T3494] __submit_merged_write_cond+0x255/0x530 [ 105.107048][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 105.107078][ T3494] ? __lock_acquire+0xaac/0xd20 [ 105.107143][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 105.107191][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 105.107252][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 105.107296][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 105.107328][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 105.107362][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 105.107396][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 105.107436][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 105.107468][ T3494] do_writepages+0x3ae/0x7b0 [ 105.107506][ T3494] ? __lock_acquire+0xaac/0xd20 [ 105.107543][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 105.107588][ T3494] __writeback_single_inode+0x145/0xff0 [ 105.107617][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 105.107646][ T3494] writeback_sb_inodes+0x6b5/0x1000 [pid 5912] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5825] kill(-5892, SIGKILL) = 0 [pid 5825] kill(5892, SIGKILL) = 0 [ 105.107705][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 105.107780][ T3494] ? rcu_is_watching+0x15/0xb0 [ 105.107823][ T3494] wb_writeback+0x43b/0xaf0 [ 105.107861][ T3494] ? queue_io+0x3a1/0x590 [ 105.107898][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 105.107937][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.107966][ T3494] wb_workfn+0x409/0xef0 [ 105.108007][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 105.108027][ T3494] ? register_lock_class+0x51/0x320 [ 105.108063][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 5827] kill(-5893, SIGKILL) = 0 [pid 5827] kill(5893, SIGKILL) = 0 [ 105.108102][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 105.108142][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.108164][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 105.108196][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 105.108235][ T3494] process_scheduled_works+0xadb/0x17a0 [ 105.108301][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 105.108354][ T3494] worker_thread+0x8a0/0xda0 [ 105.108404][ T3494] kthread+0x70e/0x8a0 [ 105.108433][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 105.108452][ T3494] ? __pfx_kthread+0x10/0x10 [ 105.108478][ T3494] ? __pfx_kthread+0x10/0x10 [ 105.108501][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.108524][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.108551][ T3494] ? __pfx_kthread+0x10/0x10 [ 105.108574][ T3494] ret_from_fork+0x4b/0x80 [ 105.108594][ T3494] ? __pfx_kthread+0x10/0x10 [ 105.108618][ T3494] ret_from_fork_asm+0x1a/0x30 [ 105.108669][ T3494] [ 105.232318][ T5912] F2FS-fs (loop1): invalid crc value [ 105.233267][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5915] <... ioctl resumed>) = ? [pid 5910] <... ioctl resumed>) = ? [pid 5915] +++ exited with 0 +++ [pid 5910] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [ 105.448440][ T5910] VFS:Filesystem freeze failed [pid 5823] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./3/binderfs") = 0 [pid 5823] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... mount resumed>) = 0 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5912] chdir("./bus") = 0 [pid 5912] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5912] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5911] <... futex resumed>) = 0 [pid 5911] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5912] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5911] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5911] <... futex resumed>) = 0 [pid 5912] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5911] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... openat resumed>) = 5 [pid 5911] <... futex resumed>) = 0 [ 105.605689][ T5912] F2FS-fs (loop1): Start checkpoint disabled! [ 105.633732][ T5912] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5911] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5911] <... futex resumed>) = 0 [pid 5827] getdents64(3, [pid 5911] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] <... getdents64 resumed>0x55558e3ab730 /* 2 entries */, 32768) = 48 [pid 5912] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5827] getdents64(3, [pid 5912] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5911] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5827] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5825] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5825] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5825] getdents64(3, 0x55558e3ab730 /* 2 entries */, 32768) = 48 [pid 5825] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5825] close(3) = 0 [ 105.710811][ T53] kworker/u8:3: attempt to access beyond end of device [ 105.710811][ T53] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 105.746965][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 105.746995][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.747009][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 105.747054][ T53] Call Trace: [ 105.747063][ T53] [ 105.747072][ T53] dump_stack_lvl+0x189/0x250 [ 105.747108][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.747137][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 105.747156][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 105.747180][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 105.747219][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 105.747258][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 105.747309][ T53] __submit_merged_bio+0x27a/0x6a0 [ 105.747347][ T53] __submit_merged_write_cond+0x255/0x530 [ 105.747384][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 105.747414][ T53] ? __lock_acquire+0xaac/0xd20 [ 105.747484][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 105.747534][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 105.747601][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 105.747648][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 105.747680][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 105.747715][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 105.747749][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 105.747789][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 105.747821][ T53] do_writepages+0x3ae/0x7b0 [ 105.747860][ T53] ? __lock_acquire+0xaac/0xd20 [ 105.747898][ T53] ? __pfx_do_writepages+0x10/0x10 [ 105.747947][ T53] __writeback_single_inode+0x145/0xff0 [ 105.747976][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 105.748005][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 105.748074][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 105.748158][ T53] ? rcu_is_watching+0x15/0xb0 [ 105.748203][ T53] wb_writeback+0x43b/0xaf0 [ 105.748242][ T53] ? queue_io+0x3a1/0x590 [ 105.748275][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 105.748314][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.748344][ T53] wb_workfn+0x409/0xef0 [ 105.748388][ T53] ? __pfx_wb_workfn+0x10/0x10 [pid 5911] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5911] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5918]}, 88) = 5918 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5911] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5911] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5911] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5919]}, 88) = 5919 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5911] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5919 attached [ 105.748408][ T53] ? register_lock_class+0x51/0x320 [ 105.748445][ T53] ? __lock_acquire+0xaac/0xd20 [ 105.748487][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 105.748526][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.748549][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 105.748579][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 105.748614][ T53] process_scheduled_works+0xadb/0x17a0 [ 105.748685][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 105.748741][ T53] worker_thread+0x8a0/0xda0 [ 105.748798][ T53] kthread+0x70e/0x8a0 [pid 5919] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 5919] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5919] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5911] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5911] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 105.748828][ T53] ? __pfx_worker_thread+0x10/0x10 [ 105.748846][ T53] ? __pfx_kthread+0x10/0x10 [ 105.748872][ T53] ? __pfx_kthread+0x10/0x10 [ 105.748896][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.748919][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.748945][ T53] ? __pfx_kthread+0x10/0x10 [ 105.748967][ T53] ret_from_fork+0x4b/0x80 [ 105.748987][ T53] ? __pfx_kthread+0x10/0x10 [ 105.749011][ T53] ret_from_fork_asm+0x1a/0x30 [ 105.749070][ T53] ./strace-static-x86_64: Process 5918 attached [ 105.749078][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5918] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5918] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5918] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5918] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... umount2 resumed>) = 0 [ 106.126258][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 106.126287][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 106.126300][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 106.126330][ T53] Call Trace: [ 106.126337][ T53] [ 106.126346][ T53] dump_stack_lvl+0x189/0x250 [ 106.126381][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.126408][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 106.126426][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 106.126451][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 106.126489][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 106.126524][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 106.126571][ T53] __submit_merged_bio+0x27a/0x6a0 [ 106.126605][ T53] __submit_merged_write_cond+0x255/0x530 [ 106.126639][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 106.126668][ T53] ? __lock_acquire+0xaac/0xd20 [ 106.126724][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 106.126770][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 106.126828][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 106.126871][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 106.126900][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 106.126929][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 106.126961][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 106.127011][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 106.127043][ T53] do_writepages+0x3ae/0x7b0 [ 106.127081][ T53] ? __lock_acquire+0xaac/0xd20 [ 106.127116][ T53] ? __pfx_do_writepages+0x10/0x10 [ 106.127158][ T53] __writeback_single_inode+0x145/0xff0 [ 106.127186][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 106.127213][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 106.127270][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 106.127342][ T53] ? rcu_is_watching+0x15/0xb0 [ 106.127384][ T53] wb_writeback+0x43b/0xaf0 [ 106.127418][ T53] ? queue_io+0x3a1/0x590 [ 106.127449][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 106.127485][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.127513][ T53] wb_workfn+0x409/0xef0 [ 106.127552][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 106.127571][ T53] ? register_lock_class+0x51/0x320 [ 106.127604][ T53] ? __lock_acquire+0xaac/0xd20 [ 106.127642][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 106.127681][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.127703][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 106.127733][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 106.127766][ T53] process_scheduled_works+0xadb/0x17a0 [ 106.127827][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 106.127879][ T53] worker_thread+0x8a0/0xda0 [ 106.127927][ T53] kthread+0x70e/0x8a0 [ 106.127955][ T53] ? __pfx_worker_thread+0x10/0x10 [ 106.127974][ T53] ? __pfx_kthread+0x10/0x10 [ 106.128009][ T53] ? __pfx_kthread+0x10/0x10 [ 106.128032][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.128055][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.128082][ T53] ? __pfx_kthread+0x10/0x10 [ 106.128105][ T53] ret_from_fork+0x4b/0x80 [ 106.128124][ T53] ? __pfx_kthread+0x10/0x10 [ 106.128148][ T53] ret_from_fork_asm+0x1a/0x30 [ 106.128199][ T53] [pid 5823] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./3/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./3") = 0 [pid 5823] mkdir("./4", 0777) = 0 [pid 5911] exit_group(0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5911] <... exit_group resumed>) = ? [pid 5823] <... openat resumed>) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5918] <... futex resumed>) = ? [pid 5918] +++ exited with 0 +++ [ 106.746531][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5919] <... ioctl resumed>) = ? [pid 5912] <... ioctl resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ [pid 5911] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=37 /* 0.37 s */} --- [pid 5824] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./3/binderfs") = 0 [ 106.857489][ T5912] VFS:Filesystem freeze failed [pid 5824] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5920 attached [pid 5920] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5920 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5920] chdir("./4") = 0 [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5920] setpgid(0, 0) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5920] write(3, "1000", 4) = 4 [pid 5920] close(3) = 0 [pid 5920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5920] write(1, "executing program\n", 18executing program ) = 18 [pid 5920] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5920] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5921 attached => {parent_tid=[5921]}, 88) = 5921 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5921] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5921] <... rseq resumed>) = 0 [pid 5920] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] set_robust_list(0x7f836b55f9a0, 24 [pid 5920] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5921] <... set_robust_list resumed>) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] memfd_create("syzkaller", 0) = 3 [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./3/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./3/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./3") = 0 [pid 5824] mkdir("./4", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5922 ./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5922] chdir("./4") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5922] write(1, "executing program\n", 18executing program ) = 18 [pid 5922] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5922] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5922] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] <... rseq resumed>) = 0 [pid 5923] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5923] memfd_create("syzkaller", 0) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5921] <... write resumed>) = 20699119 [pid 5921] munmap(0x7f8363000000, 138412032) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5921] close(3) = 0 [pid 5921] close(4) = 0 [pid 5921] mkdir("./bus", 0777) = 0 [pid 5921] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [ 108.228208][ T5921] loop0: detected capacity change from 0 to 40427 [ 108.286559][ T5921] F2FS-fs (loop0): invalid crc value [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5921] <... mount resumed>) = 0 [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5921] chdir("./bus") = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5921] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5920] <... futex resumed>) = 1 [pid 5921] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5920] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 4 [pid 5921] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... openat resumed>) = 5 [pid 5921] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 108.516384][ T5921] F2FS-fs (loop0): Start checkpoint disabled! [ 108.546686][ T5921] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5920] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5920] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5920] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5920] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5926]}, 88) = 5926 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5920] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 108.607269][ T3494] kworker/u8:6: attempt to access beyond end of device [ 108.607269][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 108.654303][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 108.654352][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.654374][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 108.654422][ T3494] Call Trace: [ 108.654438][ T3494] [ 108.654448][ T3494] dump_stack_lvl+0x189/0x250 [ 108.654485][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.654516][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 108.654535][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 108.654561][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 108.654601][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 108.654655][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 108.654708][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 108.654745][ T3494] __submit_merged_write_cond+0x255/0x530 [ 108.654783][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 108.654812][ T3494] ? __lock_acquire+0xaac/0xd20 [ 108.654910][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.654962][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 108.655032][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 108.655082][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 108.655114][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 108.655151][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 108.655187][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 108.655229][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.655262][ T3494] do_writepages+0x3ae/0x7b0 [ 108.655302][ T3494] ? __lock_acquire+0xaac/0xd20 [ 108.655341][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 108.655392][ T3494] __writeback_single_inode+0x145/0xff0 [ 108.655421][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 108.655452][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 108.655518][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 108.655604][ T3494] ? rcu_is_watching+0x15/0xb0 [ 108.655650][ T3494] wb_writeback+0x43b/0xaf0 [ 108.655691][ T3494] ? queue_io+0x3a1/0x590 [ 108.655724][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 108.655765][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 108.655797][ T3494] wb_workfn+0x409/0xef0 [ 108.655848][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 108.655869][ T3494] ? register_lock_class+0x51/0x320 [ 108.655907][ T3494] ? __lock_acquire+0xaac/0xd20 [ 108.655949][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 108.655992][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 108.656014][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 108.656045][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 108.656081][ T3494] process_scheduled_works+0xadb/0x17a0 [ 108.656156][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 108.656214][ T3494] worker_thread+0x8a0/0xda0 [ 108.656272][ T3494] kthread+0x70e/0x8a0 [ 108.656302][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 108.656322][ T3494] ? __pfx_kthread+0x10/0x10 [ 108.656349][ T3494] ? __pfx_kthread+0x10/0x10 [ 108.656373][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 108.656396][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.656423][ T3494] ? __pfx_kthread+0x10/0x10 [ 108.656447][ T3494] ret_from_fork+0x4b/0x80 [ 108.656466][ T3494] ? __pfx_kthread+0x10/0x10 [ 108.656490][ T3494] ret_from_fork_asm+0x1a/0x30 [ 108.656541][ T3494] [pid 5920] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5926 attached [pid 5926] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5926] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5926] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5920] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5923] <... write resumed>) = 20699119 [pid 5920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5923] munmap(0x7f8363000000, 138412032) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 109.175947][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 109.190217][ T5923] loop1: detected capacity change from 0 to 40427 [ 109.216651][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 109.216686][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.216700][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 109.216734][ T3494] Call Trace: [ 109.216742][ T3494] [ 109.216751][ T3494] dump_stack_lvl+0x189/0x250 [ 109.216786][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.216816][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 109.216835][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 109.216860][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 109.216896][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 109.216934][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 109.216984][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 109.217020][ T3494] __submit_merged_write_cond+0x255/0x530 [ 109.217056][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 109.217086][ T3494] ? __lock_acquire+0xaac/0xd20 [ 109.217151][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 109.217199][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 109.217259][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 109.217304][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 109.217336][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 109.217370][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 109.217404][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 109.217443][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 109.217476][ T3494] do_writepages+0x3ae/0x7b0 [ 109.217514][ T3494] ? __lock_acquire+0xaac/0xd20 [ 109.217551][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 109.217604][ T3494] __writeback_single_inode+0x145/0xff0 [ 109.217633][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 109.217663][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 109.217721][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 109.217797][ T3494] ? rcu_is_watching+0x15/0xb0 [ 109.217840][ T3494] wb_writeback+0x43b/0xaf0 [ 109.217877][ T3494] ? queue_io+0x3a1/0x590 [ 109.217909][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 109.217947][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.217977][ T3494] wb_workfn+0x409/0xef0 [ 109.218018][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 109.218038][ T3494] ? register_lock_class+0x51/0x320 [ 109.218074][ T3494] ? __lock_acquire+0xaac/0xd20 [ 109.218113][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 109.218153][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.218175][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 109.218206][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 109.218242][ T3494] process_scheduled_works+0xadb/0x17a0 [ 109.218308][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 109.218361][ T3494] worker_thread+0x8a0/0xda0 [ 109.218411][ T3494] kthread+0x70e/0x8a0 [ 109.218439][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 109.218458][ T3494] ? __pfx_kthread+0x10/0x10 [ 109.218484][ T3494] ? __pfx_kthread+0x10/0x10 [ 109.218508][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.218531][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.218562][ T3494] ? __pfx_kthread+0x10/0x10 [ 109.218586][ T3494] ret_from_fork+0x4b/0x80 [ 109.218605][ T3494] ? __pfx_kthread+0x10/0x10 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [ 109.218630][ T3494] ret_from_fork_asm+0x1a/0x30 [ 109.218680][ T3494] [ 109.534418][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5923] close(4) = 0 [pid 5923] mkdir("./bus", 0777) = 0 [ 109.598478][ T5923] F2FS-fs (loop1): invalid crc value [pid 5923] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5920] exit_group(0) = ? [pid 5926] <... ioctl resumed>) = ? [pid 5921] <... ioctl resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ [pid 5920] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./4/binderfs") = 0 [pid 5823] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5923] <... mount resumed>) = 0 [ 109.890050][ T5921] VFS:Filesystem freeze failed [ 109.895229][ T5923] F2FS-fs (loop1): Start checkpoint disabled! [ 109.927569][ T5923] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5923] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./bus") = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5923] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5923] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... futex resumed>) = 0 [pid 5923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5922] <... futex resumed>) = 0 [pid 5923] <... openat resumed>) = 4 [pid 5922] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5923] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5922] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... openat resumed>) = 5 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5922] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5922] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5922] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5929 attached [pid 5929] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5922] <... clone3 resumed> => {parent_tid=[5929]}, 88) = 5929 [pid 5929] <... rseq resumed>) = 0 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5929] set_robust_list(0x7f836b53e9a0, 24 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5929] <... set_robust_list resumed>) = 0 [pid 5922] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], [pid 5922] <... futex resumed>) = 0 [pid 5929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 110.037788][ T969] kworker/u8:5: attempt to access beyond end of device [ 110.037788][ T969] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 110.083272][ T969] CPU: 1 UID: 0 PID: 969 Comm: kworker/u8:5 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 110.083308][ T969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.083323][ T969] Workqueue: writeback wb_workfn (flush-7:1) [ 110.083357][ T969] Call Trace: [ 110.083366][ T969] [ 110.083376][ T969] dump_stack_lvl+0x189/0x250 [ 110.083413][ T969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.083443][ T969] ? __pfx_queue_work_on+0x10/0x10 [ 110.083462][ T969] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 110.083487][ T969] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.083528][ T969] f2fs_handle_critical_error+0x37c/0x540 [ 110.083568][ T969] f2fs_write_end_io+0x4e2/0x6d0 [ 110.083623][ T969] __submit_merged_bio+0x27a/0x6a0 [ 110.083662][ T969] __submit_merged_write_cond+0x255/0x530 [ 110.083701][ T969] f2fs_write_data_pages+0x2854/0x31f0 [ 110.083741][ T969] ? __lock_acquire+0xaac/0xd20 [ 110.083815][ T969] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 5929] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5922] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5922] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5922] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5930]}, 88) = 5930 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5930 attached [pid 5930] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 5930] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 110.083867][ T969] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 110.083937][ T969] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 110.083986][ T969] ? trace_f2fs_writepages+0x7f/0x200 [ 110.084018][ T969] ? f2fs_write_node_pages+0x478/0x6e0 [ 110.084055][ T969] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.084090][ T969] ? has_not_enough_free_secs+0xd8b/0x1640 [ 110.084132][ T969] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.084166][ T969] do_writepages+0x3ae/0x7b0 [ 110.084207][ T969] ? __lock_acquire+0xaac/0xd20 [pid 5930] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5922] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 110.084246][ T969] ? __pfx_do_writepages+0x10/0x10 [ 110.084297][ T969] __writeback_single_inode+0x145/0xff0 [ 110.084327][ T969] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 110.084358][ T969] writeback_sb_inodes+0x6b5/0x1000 [ 110.084424][ T969] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 110.084512][ T969] ? rcu_is_watching+0x15/0xb0 [ 110.084558][ T969] wb_writeback+0x43b/0xaf0 [ 110.084599][ T969] ? queue_io+0x3a1/0x590 [ 110.084633][ T969] ? __pfx_wb_writeback+0x10/0x10 [ 110.084685][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.084717][ T969] wb_workfn+0x409/0xef0 [ 110.084772][ T969] ? __pfx_wb_workfn+0x10/0x10 [ 110.084793][ T969] ? register_lock_class+0x51/0x320 [ 110.084831][ T969] ? __lock_acquire+0xaac/0xd20 [ 110.084880][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.084923][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.084946][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.084978][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.085015][ T969] process_scheduled_works+0xadb/0x17a0 [ 110.085090][ T969] ? __pfx_process_scheduled_works+0x10/0x10 [ 110.085149][ T969] worker_thread+0x8a0/0xda0 [ 110.085174][ T969] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.085211][ T969] ? __kthread_parkme+0x7b/0x200 [ 110.085248][ T969] kthread+0x70e/0x8a0 [ 110.085278][ T969] ? __pfx_worker_thread+0x10/0x10 [ 110.085298][ T969] ? __pfx_kthread+0x10/0x10 [ 110.085325][ T969] ? __pfx_kthread+0x10/0x10 [ 110.085349][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.085373][ T969] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5922] exit_group(0) = ? [ 110.085400][ T969] ? __pfx_kthread+0x10/0x10 [ 110.085424][ T969] ret_from_fork+0x4b/0x80 [ 110.085444][ T969] ? __pfx_kthread+0x10/0x10 [ 110.085469][ T969] ret_from_fork_asm+0x1a/0x30 [ 110.085525][ T969] [ 110.406998][ T969] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 110.416749][ T969] CPU: 1 UID: 0 PID: 969 Comm: kworker/u8:5 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 110.416780][ T969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.416795][ T969] Workqueue: writeback wb_workfn (flush-7:1) [ 110.416844][ T969] Call Trace: [ 110.416853][ T969] [ 110.416862][ T969] dump_stack_lvl+0x189/0x250 [ 110.416899][ T969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.416930][ T969] ? __pfx_queue_work_on+0x10/0x10 [ 110.416947][ T969] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 110.416972][ T969] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.417007][ T969] f2fs_handle_critical_error+0x37c/0x540 [ 110.417045][ T969] f2fs_write_end_io+0x4e2/0x6d0 [ 110.417109][ T969] __submit_merged_bio+0x27a/0x6a0 [ 110.417144][ T969] __submit_merged_write_cond+0x255/0x530 [ 110.417180][ T969] f2fs_write_data_pages+0x2854/0x31f0 [ 110.417212][ T969] ? __lock_acquire+0xaac/0xd20 [ 110.417283][ T969] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.417331][ T969] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 110.417392][ T969] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 110.417449][ T969] ? trace_f2fs_writepages+0x7f/0x200 [ 110.417481][ T969] ? f2fs_write_node_pages+0x478/0x6e0 [ 110.417515][ T969] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.417547][ T969] ? has_not_enough_free_secs+0xd8b/0x1640 [ 110.417600][ T969] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.417639][ T969] do_writepages+0x3ae/0x7b0 [ 110.417682][ T969] ? __lock_acquire+0xaac/0xd20 [ 110.417734][ T969] ? __pfx_do_writepages+0x10/0x10 [ 110.417809][ T969] __writeback_single_inode+0x145/0xff0 [ 110.417851][ T969] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 110.417885][ T969] writeback_sb_inodes+0x6b5/0x1000 [ 110.417959][ T969] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 110.418063][ T969] ? rcu_is_watching+0x15/0xb0 [ 110.418107][ T969] wb_writeback+0x43b/0xaf0 [ 110.418145][ T969] ? queue_io+0x3a1/0x590 [ 110.418178][ T969] ? __pfx_wb_writeback+0x10/0x10 [ 110.418224][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.418261][ T969] wb_workfn+0x409/0xef0 [ 110.418309][ T969] ? __pfx_wb_workfn+0x10/0x10 [ 110.418336][ T969] ? register_lock_class+0x51/0x320 [ 110.418386][ T969] ? __lock_acquire+0xaac/0xd20 [ 110.418435][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.418491][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.418514][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.418546][ T969] ? process_scheduled_works+0x9ec/0x17a0 [ 110.418581][ T969] process_scheduled_works+0xadb/0x17a0 [ 110.418663][ T969] ? __pfx_process_scheduled_works+0x10/0x10 [ 110.418729][ T969] worker_thread+0x8a0/0xda0 [ 110.418754][ T969] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.418788][ T969] ? __kthread_parkme+0x7b/0x200 [ 110.418821][ T969] kthread+0x70e/0x8a0 [ 110.418850][ T969] ? __pfx_worker_thread+0x10/0x10 [ 110.418870][ T969] ? __pfx_kthread+0x10/0x10 [ 110.418912][ T969] ? __pfx_kthread+0x10/0x10 [ 110.418941][ T969] ? _raw_spin_unlock_irq+0x23/0x50 [ 110.418965][ T969] ? lockdep_hardirqs_on+0x9c/0x150 [ 110.418992][ T969] ? __pfx_kthread+0x10/0x10 [ 110.419015][ T969] ret_from_fork+0x4b/0x80 [ 110.419035][ T969] ? __pfx_kthread+0x10/0x10 [ 110.419058][ T969] ret_from_fork_asm+0x1a/0x30 [pid 5923] <... ioctl resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5930] <... ioctl resumed>) = ? [pid 5930] +++ exited with 0 +++ [pid 5929] <... ioctl resumed> ) = ? [pid 5929] +++ exited with 0 +++ [pid 5922] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5922, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=35 /* 0.35 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./4/binderfs") = 0 [ 110.419111][ T969] [ 110.419774][ T969] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 110.748393][ T5923] VFS:Filesystem freeze failed [pid 5824] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./4/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./4") = 0 [pid 5823] mkdir("./5", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./4/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./4/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./4") = 0 [pid 5824] mkdir("./5", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5931 attached , child_tidptr=0x55558e3aa690) = 5931 [pid 5931] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5931] chdir("./5") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] write(1, "executing program\n", 18) = 18 [pid 5931] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5931] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5931] <... clone3 resumed> => {parent_tid=[5932]}, 88) = 5932 [pid 5932] <... rseq resumed>) = 0 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], [pid 5932] set_robust_list(0x7f836b55f9a0, 24 [pid 5931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5932] <... set_robust_list resumed>) = 0 [pid 5931] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], [pid 5931] <... futex resumed>) = 0 [pid 5932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5931] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5933 attached , child_tidptr=0x55558e3aa690) = 5933 executing program [pid 5933] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5933] chdir("./5") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] write(1, "executing program\n", 18) = 18 [pid 5933] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5933] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5934]}, 88) = 5934 ./strace-static-x86_64: Process 5934 attached [pid 5934] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5933] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5932] <... write resumed>) = 20699119 [pid 5932] munmap(0x7f8363000000, 138412032) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] close(4) = 0 [pid 5932] mkdir("./bus", 0777) = 0 [ 112.262330][ T5932] loop0: detected capacity change from 0 to 40427 [ 112.325173][ T5932] F2FS-fs (loop0): invalid crc value [pid 5932] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5934] <... write resumed>) = 20699119 [pid 5934] munmap(0x7f8363000000, 138412032) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5934] close(3) = 0 [pid 5934] close(4) = 0 [pid 5934] mkdir("./bus", 0777) = 0 [ 112.521149][ T5932] F2FS-fs (loop0): Start checkpoint disabled! [ 112.545871][ T5934] loop1: detected capacity change from 0 to 40427 [ 112.561464][ T5932] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5934] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5932] <... mount resumed>) = 0 [pid 5932] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./bus") = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 112.593140][ T5934] F2FS-fs (loop1): invalid crc value [pid 5932] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5932] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5931] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... openat resumed>) = 5 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... futex resumed>) = 0 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5932] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5931] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5931] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5931] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5938]}, 88) = 5938 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.738237][ T13] kworker/u8:1: attempt to access beyond end of device [ 112.738237][ T13] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 112.798097][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 112.798128][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.798148][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 112.798180][ T13] Call Trace: [ 112.798187][ T13] [ 112.798195][ T13] dump_stack_lvl+0x189/0x250 [ 112.798229][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.798258][ T13] ? __pfx_queue_work_on+0x10/0x10 [pid 5931] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5931] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5931] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 5939 attached => {parent_tid=[5939]}, 88) = 5939 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] <... rseq resumed>) = 0 [pid 5939] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 112.798276][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 112.798302][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 112.798338][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 112.798376][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 112.798426][ T13] __submit_merged_bio+0x27a/0x6a0 [ 112.798462][ T13] __submit_merged_write_cond+0x255/0x530 [ 112.798497][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 112.798527][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.798595][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 112.798641][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 112.798661][ T13] ? folios_put_refs+0x560/0x640 [ 112.798719][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 112.798765][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 112.798798][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 112.798833][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 112.798868][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 112.798908][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 112.798942][ T13] do_writepages+0x3ae/0x7b0 [ 112.798980][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.799018][ T13] ? __pfx_do_writepages+0x10/0x10 [ 112.799064][ T13] __writeback_single_inode+0x145/0xff0 [ 112.799095][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 112.799125][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 112.799184][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 112.799260][ T13] ? rcu_is_watching+0x15/0xb0 [ 112.799303][ T13] wb_writeback+0x43b/0xaf0 [ 112.799342][ T13] ? queue_io+0x3a1/0x590 [ 112.799374][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 112.799412][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.799442][ T13] wb_workfn+0x409/0xef0 [ 112.799483][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 112.799504][ T13] ? register_lock_class+0x51/0x320 [ 112.799540][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.799587][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 112.799627][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.799649][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 112.799680][ T13] ? process_scheduled_works+0x9ec/0x17a0 [pid 5939] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0./strace-static-x86_64: Process 5938 attached [pid 5931] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5938] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5938] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5938] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5938] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.799715][ T13] process_scheduled_works+0xadb/0x17a0 [ 112.799781][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 112.799834][ T13] worker_thread+0x8a0/0xda0 [ 112.799884][ T13] kthread+0x70e/0x8a0 [ 112.799913][ T13] ? __pfx_worker_thread+0x10/0x10 [ 112.799932][ T13] ? __pfx_kthread+0x10/0x10 [ 112.799958][ T13] ? __pfx_kthread+0x10/0x10 [ 112.799981][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.800004][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.800030][ T13] ? __pfx_kthread+0x10/0x10 [ 112.800054][ T13] ret_from_fork+0x4b/0x80 [ 112.800073][ T13] ? __pfx_kthread+0x10/0x10 [ 112.800097][ T13] ret_from_fork_asm+0x1a/0x30 [ 112.800147][ T13] [ 112.800156][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 112.884658][ T5934] F2FS-fs (loop1): Start checkpoint disabled! [ 112.986604][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 112.986636][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.986653][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 112.986688][ T13] Call Trace: [ 112.986697][ T13] [ 112.986708][ T13] dump_stack_lvl+0x189/0x250 [ 112.986747][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.986778][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 112.986798][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 112.986824][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 112.986866][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 112.986907][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 112.986964][ T13] __submit_merged_bio+0x27a/0x6a0 [ 112.987003][ T13] __submit_merged_write_cond+0x255/0x530 [ 112.987043][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 112.987074][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.987150][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 112.987222][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 112.987253][ T13] ? folios_put_refs+0x560/0x640 [ 112.987324][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 112.987376][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 112.987411][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 112.987450][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 112.987487][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 112.987532][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 112.987568][ T13] do_writepages+0x3ae/0x7b0 [ 112.987610][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.987652][ T13] ? __pfx_do_writepages+0x10/0x10 [ 112.987707][ T13] __writeback_single_inode+0x145/0xff0 [ 112.987739][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 112.987771][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 112.987841][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 112.987932][ T13] ? rcu_is_watching+0x15/0xb0 [ 112.987982][ T13] wb_writeback+0x43b/0xaf0 [ 112.988025][ T13] ? queue_io+0x3a1/0x590 [ 112.988058][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 112.988098][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.988132][ T13] wb_workfn+0x409/0xef0 [ 112.988182][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 112.988204][ T13] ? register_lock_class+0x51/0x320 [ 112.988251][ T13] ? __lock_acquire+0xaac/0xd20 [ 112.988297][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 112.988341][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.988365][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 112.988399][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 112.988438][ T13] process_scheduled_works+0xadb/0x17a0 [ 112.988515][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 112.988577][ T13] worker_thread+0x8a0/0xda0 [ 112.988637][ T13] kthread+0x70e/0x8a0 [ 112.988669][ T13] ? __pfx_worker_thread+0x10/0x10 [ 112.988690][ T13] ? __pfx_kthread+0x10/0x10 [ 112.988720][ T13] ? __pfx_kthread+0x10/0x10 [ 112.988745][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.988770][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.988799][ T13] ? __pfx_kthread+0x10/0x10 [ 112.988824][ T13] ret_from_fork+0x4b/0x80 [ 112.988846][ T13] ? __pfx_kthread+0x10/0x10 [ 112.988872][ T13] ret_from_fork_asm+0x1a/0x30 [ 112.988931][ T13] [ 112.988941][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5938] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5932] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5939] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5932] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... mount resumed>) = 0 [pid 5932] <... futex resumed>) = 0 [pid 5931] exit_group(0 [pid 5939] <... futex resumed>) = ? [pid 5938] <... futex resumed>) = ? [pid 5934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5931] <... exit_group resumed>) = ? [pid 5939] +++ exited with 0 +++ [pid 5938] +++ exited with 0 +++ [pid 5934] <... openat resumed>) = 3 [pid 5932] +++ exited with 0 +++ [pid 5931] +++ exited with 0 +++ [pid 5934] chdir("./bus" [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5931, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=33 /* 0.33 s */} --- [pid 5934] <... chdir resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5934] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5933] <... futex resumed>) = 0 [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5933] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] unlink("./5/binderfs" [pid 5934] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5823] <... unlink resumed>) = 0 [pid 5934] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5933] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 113.455103][ T5932] VFS:Filesystem freeze failed [ 113.455928][ T5934] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5823] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5934] <... openat resumed>) = 4 [pid 5934] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5934] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5934] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5934] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 1 [pid 5934] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 113.542641][ T13] kworker/u8:1: attempt to access beyond end of device [ 113.542641][ T13] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5933] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5933] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5933] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5933] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5933] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5941]}, 88) = 5941 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5933] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5941] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5941] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5941] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5933] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 113.586932][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 113.586964][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.586979][ T13] Workqueue: writeback wb_workfn (flush-7:1) [ 113.587012][ T13] Call Trace: [ 113.587020][ T13] [ 113.587029][ T13] dump_stack_lvl+0x189/0x250 [ 113.587064][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.587093][ T13] ? __pfx_queue_work_on+0x10/0x10 [pid 5933] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5933] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 113.587111][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 113.587135][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 113.587171][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 113.587214][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 113.587263][ T13] __submit_merged_bio+0x27a/0x6a0 [ 113.587298][ T13] __submit_merged_write_cond+0x255/0x530 [ 113.587334][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 113.587363][ T13] ? __lock_acquire+0xaac/0xd20 [ 113.587427][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.587473][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 113.587532][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 113.587576][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 113.587606][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 113.587639][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 113.587671][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 113.587710][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 113.587759][ T13] do_writepages+0x3ae/0x7b0 [ 113.587797][ T13] ? __lock_acquire+0xaac/0xd20 [ 113.587833][ T13] ? __pfx_do_writepages+0x10/0x10 [ 113.587879][ T13] __writeback_single_inode+0x145/0xff0 [ 113.587907][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 113.587936][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 113.587994][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 113.588069][ T13] ? rcu_is_watching+0x15/0xb0 [ 113.588111][ T13] wb_writeback+0x43b/0xaf0 [ 113.588148][ T13] ? queue_io+0x3a1/0x590 [ 113.588180][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 113.588224][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.588254][ T13] wb_workfn+0x409/0xef0 [ 113.588295][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 113.588315][ T13] ? register_lock_class+0x51/0x320 [ 113.588351][ T13] ? __lock_acquire+0xaac/0xd20 [ 113.588391][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 113.588431][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.588453][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 113.588484][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 113.588519][ T13] process_scheduled_works+0xadb/0x17a0 [ 113.588586][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 113.588639][ T13] worker_thread+0x8a0/0xda0 [ 113.588689][ T13] kthread+0x70e/0x8a0 [ 113.588717][ T13] ? __pfx_worker_thread+0x10/0x10 [ 113.588736][ T13] ? __pfx_kthread+0x10/0x10 [ 113.588763][ T13] ? __pfx_kthread+0x10/0x10 [ 113.588786][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.588809][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.588836][ T13] ? __pfx_kthread+0x10/0x10 [ 113.588859][ T13] ret_from_fork+0x4b/0x80 [pid 5933] exit_group(0) = ? [ 113.588879][ T13] ? __pfx_kthread+0x10/0x10 [ 113.588903][ T13] ret_from_fork_asm+0x1a/0x30 [ 113.588964][ T13] [ 113.588972][ T13] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 114.106571][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 114.106604][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.106619][ T13] Workqueue: writeback wb_workfn (flush-7:1) [ 114.106653][ T13] Call Trace: [ 114.106662][ T13] [ 114.106671][ T13] dump_stack_lvl+0x189/0x250 [ 114.106707][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.106737][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 114.106755][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 114.106781][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 114.106818][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 114.106856][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 114.106906][ T13] __submit_merged_bio+0x27a/0x6a0 [ 114.106943][ T13] __submit_merged_write_cond+0x255/0x530 [ 114.106979][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 114.107010][ T13] ? __lock_acquire+0xaac/0xd20 [ 114.107074][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 114.107122][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 114.107189][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 114.107235][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 114.107267][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 114.107301][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 114.107335][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 114.107375][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 114.107408][ T13] do_writepages+0x3ae/0x7b0 [ 114.107446][ T13] ? __lock_acquire+0xaac/0xd20 [ 114.107483][ T13] ? __pfx_do_writepages+0x10/0x10 [ 114.107529][ T13] __writeback_single_inode+0x145/0xff0 [ 114.107558][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 114.107587][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 114.107645][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 114.107720][ T13] ? rcu_is_watching+0x15/0xb0 [ 114.107763][ T13] wb_writeback+0x43b/0xaf0 [ 114.107800][ T13] ? queue_io+0x3a1/0x590 [ 114.107832][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 114.107870][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 114.107900][ T13] wb_workfn+0x409/0xef0 [ 114.107940][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 114.107961][ T13] ? register_lock_class+0x51/0x320 [ 114.107997][ T13] ? __lock_acquire+0xaac/0xd20 [ 114.108036][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 114.108077][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 114.108099][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 114.108130][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 114.108171][ T13] process_scheduled_works+0xadb/0x17a0 [ 114.108238][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 114.108291][ T13] worker_thread+0x8a0/0xda0 [ 114.108341][ T13] kthread+0x70e/0x8a0 [ 114.108370][ T13] ? __pfx_worker_thread+0x10/0x10 [ 114.108389][ T13] ? __pfx_kthread+0x10/0x10 [ 114.108415][ T13] ? __pfx_kthread+0x10/0x10 [ 114.108439][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 114.108462][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.108489][ T13] ? __pfx_kthread+0x10/0x10 [ 114.108512][ T13] ret_from_fork+0x4b/0x80 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./5/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./5") = 0 [ 114.108532][ T13] ? __pfx_kthread+0x10/0x10 [ 114.108556][ T13] ret_from_fork_asm+0x1a/0x30 [ 114.108608][ T13] [ 114.108616][ T13] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5823] mkdir("./6", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5934] <... ioctl resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5941] <... ioctl resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=49 /* 0.49 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./5/binderfs") = 0 [ 114.551877][ T5934] VFS:Filesystem freeze failed [pid 5824] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... close resumed>) = 0 [pid 5824] <... umount2 resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5942] chdir("./6") = 0 [pid 5824] openat(AT_FDCWD, "./5/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] <... openat resumed>) = 4 [pid 5942] setpgid(0, 0) = 0 [pid 5824] newfstatat(4, "", [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5942] <... openat resumed>) = 3 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5942 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5942] write(1, "executing program\n", 18executing program [pid 5824] getdents64(4, [pid 5942] <... write resumed>) = 18 [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./5/bus" [pid 5942] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... rmdir resumed>) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5824] getdents64(3, [pid 5942] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5942] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5824] close(3 [pid 5942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5824] <... close resumed>) = 0 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] rmdir("./5" [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5824] <... rmdir resumed>) = 0 [pid 5942] <... mmap resumed>) = 0x7f836b53f000 [pid 5824] mkdir("./6", 0777 [pid 5942] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5824] <... mkdir resumed>) = 0 [pid 5942] <... mprotect resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5824] <... openat resumed>) = 3 [pid 5942] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5824] ioctl(3, LOOP_CLR_FD [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 5824] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5943 attached [pid 5824] close(3 [pid 5943] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5943]}, 88) = 5943 [pid 5943] <... rseq resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] set_robust_list(0x7f836b55f9a0, 24 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] <... set_robust_list resumed>) = 0 [pid 5942] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5944 ./strace-static-x86_64: Process 5944 attached [pid 5944] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5944] chdir("./6") = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5944] setpgid(0, 0) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5944] write(3, "1000", 4) = 4 [pid 5944] close(3) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5944] write(1, "executing program\n", 18executing program ) = 18 [pid 5944] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5944] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5945 attached => {parent_tid=[5945]}, 88) = 5945 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5945] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5944] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... rseq resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5945] set_robust_list(0x7f836b55f9a0, 24 [pid 5944] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5945] <... set_robust_list resumed>) = 0 [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5945] memfd_create("syzkaller", 0) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5943] <... write resumed>) = 20699119 [pid 5943] munmap(0x7f8363000000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./bus", 0777) = 0 [ 115.968195][ T5943] loop0: detected capacity change from 0 to 40427 [ 116.028969][ T5943] F2FS-fs (loop0): invalid crc value [pid 5943] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5945] <... write resumed>) = 20699119 [pid 5945] munmap(0x7f8363000000, 138412032) = 0 [pid 5945] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5945] close(3) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./bus", 0777) = 0 [ 116.182788][ T5945] loop1: detected capacity change from 0 to 40427 [ 116.238661][ T5945] F2FS-fs (loop1): invalid crc value [ 116.246990][ T5943] F2FS-fs (loop0): Start checkpoint disabled! [pid 5945] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5943] <... mount resumed>) = 0 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./bus") = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5943] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5943] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5942] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... openat resumed>) = 5 [ 116.287253][ T5943] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5943] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5943] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5942] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5942] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5949 attached [pid 5949] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5942] <... clone3 resumed> => {parent_tid=[5949]}, 88) = 5949 [pid 5949] <... rseq resumed>) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5949] set_robust_list(0x7f836b53e9a0, 24 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5942] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... futex resumed>) = 0 [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 116.361111][ T13] kworker/u8:1: attempt to access beyond end of device [ 116.361111][ T13] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 116.432786][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 116.432819][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.432833][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 116.432864][ T13] Call Trace: [ 116.432872][ T13] [ 116.432881][ T13] dump_stack_lvl+0x189/0x250 [ 116.432915][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.432944][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 116.432962][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 116.432986][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.433022][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 116.433059][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 116.433106][ T13] __submit_merged_bio+0x27a/0x6a0 [ 116.433141][ T13] __submit_merged_write_cond+0x255/0x530 [ 116.433176][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 116.433206][ T13] ? __lock_acquire+0xaac/0xd20 [ 116.433269][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.433315][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 116.433379][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 116.433423][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 116.433454][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 116.433487][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 116.433522][ T13] ? xfd_validate_state+0x6d/0x150 [ 116.433547][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.433579][ T13] do_writepages+0x3ae/0x7b0 [ 116.433615][ T13] ? __lock_acquire+0xaac/0xd20 [pid 5949] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5942] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 5950 attached [pid 5950] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 5950] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5950] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... clone3 resumed> => {parent_tid=[5950]}, 88) = 5950 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5942] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] <... futex resumed>) = 0 [pid 5950] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5942] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 116.433650][ T13] ? __pfx_do_writepages+0x10/0x10 [ 116.433695][ T13] __writeback_single_inode+0x145/0xff0 [ 116.433723][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 116.433751][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 116.433808][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 116.433881][ T13] ? rcu_is_watching+0x15/0xb0 [ 116.433922][ T13] wb_writeback+0x43b/0xaf0 [ 116.433959][ T13] ? queue_io+0x3a1/0x590 [ 116.433990][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 116.434027][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.434055][ T13] wb_workfn+0x409/0xef0 [ 116.434095][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 116.434116][ T13] ? register_lock_class+0x51/0x320 [ 116.434150][ T13] ? __lock_acquire+0xaac/0xd20 [ 116.434207][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.434247][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.434269][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.434300][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.434340][ T13] process_scheduled_works+0xadb/0x17a0 [ 116.434405][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.434458][ T13] worker_thread+0x8a0/0xda0 [ 116.434508][ T13] kthread+0x70e/0x8a0 [ 116.434537][ T13] ? __pfx_worker_thread+0x10/0x10 [ 116.434556][ T13] ? __pfx_kthread+0x10/0x10 [ 116.434581][ T13] ? __pfx_kthread+0x10/0x10 [ 116.434604][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.434627][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.434654][ T13] ? __pfx_kthread+0x10/0x10 [ 116.434677][ T13] ret_from_fork+0x4b/0x80 [ 116.434696][ T13] ? __pfx_kthread+0x10/0x10 [ 116.434720][ T13] ret_from_fork_asm+0x1a/0x30 [ 116.434771][ T13] [ 116.434779][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.592683][ T5945] F2FS-fs (loop1): Start checkpoint disabled! [ 116.620242][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 116.620275][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.620291][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 116.620335][ T13] Call Trace: [ 116.620345][ T13] [ 116.620355][ T13] dump_stack_lvl+0x189/0x250 [ 116.620395][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.620427][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 116.620446][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 116.620474][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.620516][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 116.620558][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 116.620631][ T13] __submit_merged_bio+0x27a/0x6a0 [ 116.620674][ T13] __submit_merged_write_cond+0x255/0x530 [ 116.620716][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 116.620749][ T13] ? __lock_acquire+0xaac/0xd20 [ 116.620827][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.620881][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 116.620955][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 116.621006][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 116.621040][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 116.621078][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 116.621119][ T13] ? xfd_validate_state+0x6d/0x150 [ 116.621148][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.621183][ T13] do_writepages+0x3ae/0x7b0 [ 116.621226][ T13] ? __lock_acquire+0xaac/0xd20 [ 116.621268][ T13] ? __pfx_do_writepages+0x10/0x10 [ 116.621328][ T13] __writeback_single_inode+0x145/0xff0 [ 116.621359][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 116.621393][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 116.621461][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 116.621553][ T13] ? rcu_is_watching+0x15/0xb0 [ 116.621601][ T13] wb_writeback+0x43b/0xaf0 [ 116.621643][ T13] ? queue_io+0x3a1/0x590 [ 116.621679][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 116.621722][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.621756][ T13] wb_workfn+0x409/0xef0 [ 116.621814][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 116.621836][ T13] ? register_lock_class+0x51/0x320 [ 116.621874][ T13] ? __lock_acquire+0xaac/0xd20 [ 116.621918][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.621961][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.621983][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.622016][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 116.622053][ T13] process_scheduled_works+0xadb/0x17a0 [ 116.622128][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.622187][ T13] worker_thread+0x8a0/0xda0 [ 116.622269][ T13] kthread+0x70e/0x8a0 [ 116.622301][ T13] ? __pfx_worker_thread+0x10/0x10 [ 116.622330][ T13] ? __pfx_kthread+0x10/0x10 [ 116.622360][ T13] ? __pfx_kthread+0x10/0x10 [ 116.622386][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.622410][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.622440][ T13] ? __pfx_kthread+0x10/0x10 [ 116.622465][ T13] ret_from_fork+0x4b/0x80 [ 116.622487][ T13] ? __pfx_kthread+0x10/0x10 [ 116.622514][ T13] ret_from_fork_asm+0x1a/0x30 [ 116.622572][ T13] [ 116.622581][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 116.791474][ T5945] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5950] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5949] <... ioctl resumed>, 0x200000000180) = -1 ENOENT (No such file or directory) [pid 5943] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5950] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5950] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] exit_group(0 [pid 5950] <... futex resumed>) = ? [pid 5949] <... futex resumed>) = ? [pid 5943] <... futex resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5950] +++ exited with 0 +++ [pid 5949] +++ exited with 0 +++ [pid 5943] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ [pid 5945] <... mount resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=31 /* 0.31 s */} --- [pid 5945] chdir("./bus" [pid 5823] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5945] <... chdir resumed>) = 0 [pid 5823] <... openat resumed>) = 3 [ 117.085312][ T5943] VFS:Filesystem freeze failed [pid 5945] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] newfstatat(3, "", [pid 5945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5945] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5945] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] getdents64(3, [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5945] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5944] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5945] <... openat resumed>) = 4 [pid 5945] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5945] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5944] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5945] <... openat resumed>) = 5 [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./6/binderfs" [pid 5945] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5945] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = 0 [pid 5823] <... unlink resumed>) = 0 [pid 5945] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5944] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 117.143827][ T13] kworker/u8:1: attempt to access beyond end of device [ 117.143827][ T13] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 117.166640][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 117.166669][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 5823] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5944] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5944] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5952]}, 88) = 5952 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5944] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5952 attached [pid 5952] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5952] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5952] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5952] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5952] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5944] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 117.166682][ T13] Workqueue: writeback wb_workfn (flush-7:1) [ 117.166713][ T13] Call Trace: [ 117.166720][ T13] [ 117.166728][ T13] dump_stack_lvl+0x189/0x250 [ 117.166761][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.166788][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 117.166804][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 117.166826][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 117.166859][ T13] f2fs_handle_critical_error+0x37c/0x540 [pid 5944] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 117.166893][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 117.166938][ T13] __submit_merged_bio+0x27a/0x6a0 [ 117.166974][ T13] __submit_merged_write_cond+0x255/0x530 [ 117.167009][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 117.167039][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.167101][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.167167][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 117.167228][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 117.167282][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 117.167313][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 117.167348][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 117.167381][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 117.167421][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.167454][ T13] do_writepages+0x3ae/0x7b0 [ 117.167492][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.167529][ T13] ? __pfx_do_writepages+0x10/0x10 [ 117.167575][ T13] __writeback_single_inode+0x145/0xff0 [ 117.167604][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 117.167634][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 117.167692][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 117.167767][ T13] ? rcu_is_watching+0x15/0xb0 [ 117.167810][ T13] wb_writeback+0x43b/0xaf0 [ 117.167847][ T13] ? queue_io+0x3a1/0x590 [ 117.167879][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 117.167917][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.167947][ T13] wb_workfn+0x409/0xef0 [ 117.167987][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 117.168008][ T13] ? register_lock_class+0x51/0x320 [ 117.168044][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.168084][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.168124][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.168147][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.168178][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.168213][ T13] process_scheduled_works+0xadb/0x17a0 [ 117.168286][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 117.168350][ T13] worker_thread+0x8a0/0xda0 [ 117.168399][ T13] kthread+0x70e/0x8a0 [ 117.168427][ T13] ? __pfx_worker_thread+0x10/0x10 [pid 5944] exit_group(0) = ? [ 117.168445][ T13] ? __pfx_kthread+0x10/0x10 [ 117.168471][ T13] ? __pfx_kthread+0x10/0x10 [ 117.168493][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.168516][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.168542][ T13] ? __pfx_kthread+0x10/0x10 [ 117.168564][ T13] ret_from_fork+0x4b/0x80 [ 117.168583][ T13] ? __pfx_kthread+0x10/0x10 [ 117.168606][ T13] ret_from_fork_asm+0x1a/0x30 [ 117.168675][ T13] [ 117.170143][ T13] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 117.636633][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 117.636665][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.636679][ T13] Workqueue: writeback wb_workfn (flush-7:1) [ 117.636711][ T13] Call Trace: [ 117.636719][ T13] [ 117.636728][ T13] dump_stack_lvl+0x189/0x250 [ 117.636765][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.636795][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 117.636813][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 117.636838][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 117.636877][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 117.636921][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 117.636988][ T13] __submit_merged_bio+0x27a/0x6a0 [ 117.637025][ T13] __submit_merged_write_cond+0x255/0x530 [ 117.637063][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 117.637093][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.637165][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.637215][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 117.637283][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 117.637330][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 117.637362][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 117.637398][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 117.637432][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 117.637473][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 117.637505][ T13] do_writepages+0x3ae/0x7b0 [ 117.637545][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.637583][ T13] ? __pfx_do_writepages+0x10/0x10 [ 117.637632][ T13] __writeback_single_inode+0x145/0xff0 [ 117.637661][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 117.637691][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 117.637755][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 117.637839][ T13] ? rcu_is_watching+0x15/0xb0 [ 117.637884][ T13] wb_writeback+0x43b/0xaf0 [ 117.637923][ T13] ? queue_io+0x3a1/0x590 [ 117.637956][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 117.638003][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.638032][ T13] wb_workfn+0x409/0xef0 [ 117.638076][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 117.638096][ T13] ? register_lock_class+0x51/0x320 [ 117.638133][ T13] ? __lock_acquire+0xaac/0xd20 [ 117.638174][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.638215][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.638237][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.638267][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 117.638303][ T13] process_scheduled_works+0xadb/0x17a0 [ 117.638375][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 117.638431][ T13] worker_thread+0x8a0/0xda0 [ 117.638487][ T13] kthread+0x70e/0x8a0 [ 117.638516][ T13] ? __pfx_worker_thread+0x10/0x10 [ 117.638535][ T13] ? __pfx_kthread+0x10/0x10 [ 117.638561][ T13] ? __pfx_kthread+0x10/0x10 [ 117.638584][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 117.638607][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.638634][ T13] ? __pfx_kthread+0x10/0x10 [ 117.638657][ T13] ret_from_fork+0x4b/0x80 [ 117.638676][ T13] ? __pfx_kthread+0x10/0x10 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./6/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./6") = 0 [pid 5823] mkdir("./7", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [ 117.638700][ T13] ret_from_fork_asm+0x1a/0x30 [ 117.638754][ T13] [ 117.756578][ T13] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5823] close(3 [pid 5945] <... ioctl resumed>) = ? [pid 5945] +++ exited with 0 +++ [pid 5952] <... ioctl resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=64 /* 0.64 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./6/binderfs") = 0 [ 118.234579][ T5945] VFS:Filesystem freeze failed [pid 5824] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5953 ./strace-static-x86_64: Process 5953 attached [pid 5953] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5953] chdir("./7") = 0 [pid 5953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5953] setpgid(0, 0) = 0 [pid 5953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5953] write(3, "1000", 4) = 4 [pid 5953] close(3) = 0 [pid 5953] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5953] write(1, "executing program\n", 18) = 18 [pid 5953] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5953] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5954 attached => {parent_tid=[5954]}, 88) = 5954 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5954] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5954] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] memfd_create("syzkaller", 0) = 3 [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./6/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./6/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./6") = 0 [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] mkdir("./7", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5955 attached [pid 5955] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5955 [pid 5955] <... set_robust_list resumed>) = 0 [pid 5955] chdir("./7") = 0 [pid 5955] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5955] setpgid(0, 0) = 0 [pid 5955] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5955] write(3, "1000", 4) = 4 [pid 5955] close(3) = 0 [pid 5955] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5955] write(1, "executing program\n", 18) = 18 [pid 5955] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5955] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5955] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5956 attached => {parent_tid=[5956]}, 88) = 5956 [pid 5956] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... rseq resumed>) = 0 [pid 5955] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] set_robust_list(0x7f836b55f9a0, 24 [pid 5955] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5955] <... futex resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5956] memfd_create("syzkaller", 0) = 3 [pid 5956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5954] <... write resumed>) = 20699119 [pid 5954] munmap(0x7f8363000000, 138412032) = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] close(4) = 0 [pid 5954] mkdir("./bus", 0777) = 0 [ 119.284982][ T5954] loop0: detected capacity change from 0 to 40427 [ 119.332599][ T5954] F2FS-fs (loop0): invalid crc value [pid 5954] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 119.579413][ T5954] F2FS-fs (loop0): Start checkpoint disabled! [ 119.606634][ T5954] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5954] chdir("./bus") = 0 [pid 5954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5954] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5954] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5954] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... openat resumed>) = 5 [pid 5954] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5953] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5953] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5953] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 5959 attached => {parent_tid=[5959]}, 88) = 5959 [pid 5953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5953] <... futex resumed>) = 0 [pid 5959] <... rseq resumed>) = 0 [pid 5953] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] set_robust_list(0x7f836b53e9a0, 24) = 0 [ 119.746826][ T13] kworker/u8:1: attempt to access beyond end of device [ 119.746826][ T13] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 119.793802][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 119.793833][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.793848][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 119.793890][ T13] Call Trace: [ 119.793899][ T13] [ 119.793908][ T13] dump_stack_lvl+0x189/0x250 [ 119.793950][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.793980][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 119.793999][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 119.794024][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 119.794060][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 119.794099][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 119.794149][ T13] __submit_merged_bio+0x27a/0x6a0 [ 119.794185][ T13] __submit_merged_write_cond+0x255/0x530 [ 119.794222][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 119.794253][ T13] ? __lock_acquire+0xaac/0xd20 [ 119.794318][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 119.794366][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 119.794434][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 119.794479][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 119.794511][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 119.794545][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 119.794579][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 119.794619][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 119.794652][ T13] do_writepages+0x3ae/0x7b0 [ 119.794690][ T13] ? __lock_acquire+0xaac/0xd20 [ 119.794727][ T13] ? __pfx_do_writepages+0x10/0x10 [ 119.794773][ T13] __writeback_single_inode+0x145/0xff0 [ 119.794802][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 119.794831][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 119.794899][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 119.794974][ T13] ? rcu_is_watching+0x15/0xb0 [ 119.795017][ T13] wb_writeback+0x43b/0xaf0 [ 119.795055][ T13] ? queue_io+0x3a1/0x590 [ 119.795087][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 119.795126][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 119.795156][ T13] wb_workfn+0x409/0xef0 [ 119.795197][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 119.795218][ T13] ? register_lock_class+0x51/0x320 [ 119.795254][ T13] ? __lock_acquire+0xaac/0xd20 [ 119.795293][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 119.795334][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 119.795356][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 119.795388][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 119.795423][ T13] process_scheduled_works+0xadb/0x17a0 [ 119.795489][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 119.795542][ T13] worker_thread+0x8a0/0xda0 [ 119.795593][ T13] kthread+0x70e/0x8a0 [ 119.795622][ T13] ? __pfx_worker_thread+0x10/0x10 [ 119.795641][ T13] ? __pfx_kthread+0x10/0x10 [ 119.795667][ T13] ? __pfx_kthread+0x10/0x10 [ 119.795691][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 119.795714][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.795741][ T13] ? __pfx_kthread+0x10/0x10 [ 119.795764][ T13] ret_from_fork+0x4b/0x80 [ 119.795784][ T13] ? __pfx_kthread+0x10/0x10 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5959] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5959] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 0 [pid 5953] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5959] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 119.795808][ T13] ret_from_fork_asm+0x1a/0x30 [ 119.795866][ T13] [ 119.906641][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5953] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5956] <... write resumed>) = 20699119 [pid 5956] munmap(0x7f8363000000, 138412032) = 0 [ 120.366953][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 120.366984][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.367000][ T13] Workqueue: writeback wb_workfn (flush-7:0) [ 120.367033][ T13] Call Trace: [ 120.367042][ T13] [ 120.367052][ T13] dump_stack_lvl+0x189/0x250 [ 120.367089][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.367120][ T13] ? __pfx_queue_work_on+0x10/0x10 [pid 5956] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5956] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5956] close(3) = 0 [pid 5956] close(4) = 0 [pid 5956] mkdir("./bus", 0777) = 0 [ 120.367139][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 120.367165][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 120.367205][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 120.367246][ T13] f2fs_write_end_io+0x4e2/0x6d0 [ 120.367305][ T13] __submit_merged_bio+0x27a/0x6a0 [ 120.367344][ T13] __submit_merged_write_cond+0x255/0x530 [ 120.367383][ T13] f2fs_write_data_pages+0x2854/0x31f0 [ 120.367414][ T13] ? __lock_acquire+0xaac/0xd20 [ 120.367489][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 120.367542][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 120.367612][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 120.367661][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 120.367694][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 120.367737][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 120.367775][ T13] ? has_not_enough_free_secs+0xd8b/0x1640 [ 120.367817][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 120.367851][ T13] do_writepages+0x3ae/0x7b0 [ 120.367892][ T13] ? __lock_acquire+0xaac/0xd20 [ 120.367932][ T13] ? __pfx_do_writepages+0x10/0x10 [ 120.367983][ T13] __writeback_single_inode+0x145/0xff0 [ 120.368013][ T13] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 120.368045][ T13] writeback_sb_inodes+0x6b5/0x1000 [ 120.368112][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 120.368200][ T13] ? rcu_is_watching+0x15/0xb0 [ 120.368246][ T13] wb_writeback+0x43b/0xaf0 [ 120.368287][ T13] ? queue_io+0x3a1/0x590 [ 120.368321][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 120.368363][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 120.368395][ T13] wb_workfn+0x409/0xef0 [ 120.368441][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 120.368462][ T13] ? register_lock_class+0x51/0x320 [ 120.368500][ T13] ? __lock_acquire+0xaac/0xd20 [ 120.368543][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 120.368585][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 120.368608][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 120.368640][ T13] ? process_scheduled_works+0x9ec/0x17a0 [ 120.368676][ T13] process_scheduled_works+0xadb/0x17a0 [ 120.368757][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 120.368817][ T13] worker_thread+0x8a0/0xda0 [ 120.368875][ T13] kthread+0x70e/0x8a0 [ 120.368906][ T13] ? __pfx_worker_thread+0x10/0x10 [ 120.368926][ T13] ? __pfx_kthread+0x10/0x10 [ 120.368954][ T13] ? __pfx_kthread+0x10/0x10 [ 120.368978][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 120.369001][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.369029][ T13] ? __pfx_kthread+0x10/0x10 [ 120.369053][ T13] ret_from_fork+0x4b/0x80 [pid 5956] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5954] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5954] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5959] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] exit_group(0 [pid 5959] <... futex resumed>) = ? [pid 5953] <... exit_group resumed>) = ? [pid 5959] +++ exited with 0 +++ [pid 5954] <... futex resumed>) = ? [pid 5954] +++ exited with 0 +++ [pid 5953] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5953, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./7/binderfs") = 0 [ 120.369073][ T13] ? __pfx_kthread+0x10/0x10 [ 120.369099][ T13] ret_from_fork_asm+0x1a/0x30 [ 120.369155][ T13] [ 120.380739][ T5956] loop1: detected capacity change from 0 to 40427 [ 120.388979][ T13] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 120.489079][ T5956] F2FS-fs (loop1): invalid crc value [ 120.707619][ T5954] VFS:Filesystem freeze failed [pid 5823] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5956] <... mount resumed>) = 0 [pid 5956] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5956] chdir("./bus") = 0 [pid 5956] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5956] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5956] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5956] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5955] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... openat resumed>) = 4 [pid 5956] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5956] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5955] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] <... futex resumed>) = 0 [pid 5956] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5955] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5956] <... openat resumed>) = 5 [ 121.007127][ T5956] F2FS-fs (loop1): Start checkpoint disabled! [ 121.039485][ T5956] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5956] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5956] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5955] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.108503][ T53] kworker/u8:3: attempt to access beyond end of device [ 121.108503][ T53] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 121.156555][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 121.156588][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.156604][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 121.156636][ T53] Call Trace: [ 121.156644][ T53] [ 121.156655][ T53] dump_stack_lvl+0x189/0x250 [ 121.156691][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.156721][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 121.156740][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 121.156766][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 121.156803][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 121.156840][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 121.156891][ T53] __submit_merged_bio+0x27a/0x6a0 [ 121.156927][ T53] __submit_merged_write_cond+0x255/0x530 [ 121.156968][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 121.157006][ T53] ? __lock_acquire+0xaac/0xd20 [ 121.157071][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 121.157115][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 121.157171][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 121.157214][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 121.157244][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 121.157276][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 121.157308][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 121.157346][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 121.157378][ T53] do_writepages+0x3ae/0x7b0 [ 121.157415][ T53] ? __lock_acquire+0xaac/0xd20 [ 121.157449][ T53] ? __pfx_do_writepages+0x10/0x10 [ 121.157495][ T53] __writeback_single_inode+0x145/0xff0 [ 121.157522][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 121.157551][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 121.157607][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 121.157680][ T53] ? rcu_is_watching+0x15/0xb0 [ 121.157723][ T53] wb_writeback+0x43b/0xaf0 [ 121.157759][ T53] ? queue_io+0x3a1/0x590 [ 121.157791][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 121.157828][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.157857][ T53] wb_workfn+0x409/0xef0 [ 121.157896][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 121.157916][ T53] ? register_lock_class+0x51/0x320 [ 121.157951][ T53] ? __lock_acquire+0xaac/0xd20 [ 121.157997][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.158047][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.158067][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.158097][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.158128][ T53] process_scheduled_works+0xadb/0x17a0 [ 121.158191][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 121.158239][ T53] worker_thread+0x8a0/0xda0 [ 121.158305][ T53] kthread+0x70e/0x8a0 [ 121.158333][ T53] ? __pfx_worker_thread+0x10/0x10 [ 121.158352][ T53] ? __pfx_kthread+0x10/0x10 [ 121.158378][ T53] ? __pfx_kthread+0x10/0x10 [ 121.158401][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.158424][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.158449][ T53] ? __pfx_kthread+0x10/0x10 [ 121.158472][ T53] ret_from_fork+0x4b/0x80 [ 121.158490][ T53] ? __pfx_kthread+0x10/0x10 [pid 5955] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5955] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5955] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5962]}, 88) = 5962 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5955] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5955] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5955] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5955] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5955] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5955] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5963]}, 88) = 5963 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5955] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5955] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5963 attached [pid 5963] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 5963] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5963] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5955] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5962 attached [pid 5962] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [ 121.158514][ T53] ret_from_fork_asm+0x1a/0x30 [ 121.158564][ T53] [ 121.159995][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 121.481861][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 121.481893][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 5962] set_robust_list(0x7f836b53e9a0, 24 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 121.481908][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 121.481940][ T53] Call Trace: [ 121.481956][ T53] [ 121.481965][ T53] dump_stack_lvl+0x189/0x250 [ 121.482018][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.482048][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 121.482067][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 121.482092][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 121.482131][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 121.482171][ T53] f2fs_write_end_io+0x4e2/0x6d0 [pid 5823] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./7/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./7") = 0 [pid 5823] mkdir("./8", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5955] exit_group(0 [ 121.482224][ T53] __submit_merged_bio+0x27a/0x6a0 [ 121.482264][ T53] __submit_merged_write_cond+0x255/0x530 [ 121.482305][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 121.482336][ T53] ? __lock_acquire+0xaac/0xd20 [ 121.482412][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 121.482476][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 121.482543][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 121.482591][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 121.482624][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [pid 5823] close(3 [pid 5955] <... exit_group resumed>) = ? [ 121.482659][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 121.482694][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 121.482735][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 121.482768][ T53] do_writepages+0x3ae/0x7b0 [ 121.482845][ T53] ? __lock_acquire+0xaac/0xd20 [ 121.482885][ T53] ? __pfx_do_writepages+0x10/0x10 [ 121.482936][ T53] __writeback_single_inode+0x145/0xff0 [ 121.482974][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 121.483006][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 121.483071][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 121.483160][ T53] ? rcu_is_watching+0x15/0xb0 [ 121.483208][ T53] wb_writeback+0x43b/0xaf0 [ 121.483250][ T53] ? queue_io+0x3a1/0x590 [ 121.483284][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 121.483326][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.483359][ T53] wb_workfn+0x409/0xef0 [ 121.483405][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 121.483427][ T53] ? register_lock_class+0x51/0x320 [ 121.483466][ T53] ? __lock_acquire+0xaac/0xd20 [pid 5962] <... set_robust_list resumed>) = ? [pid 5962] +++ exited with 0 +++ [ 121.483509][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.483552][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.483575][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.483607][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 121.483644][ T53] process_scheduled_works+0xadb/0x17a0 [ 121.483719][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 121.483778][ T53] worker_thread+0x8a0/0xda0 [ 121.483837][ T53] kthread+0x70e/0x8a0 [ 121.483868][ T53] ? __pfx_worker_thread+0x10/0x10 [ 121.483888][ T53] ? __pfx_kthread+0x10/0x10 [ 121.483915][ T53] ? __pfx_kthread+0x10/0x10 [ 121.483940][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 121.483971][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.483999][ T53] ? __pfx_kthread+0x10/0x10 [ 121.484024][ T53] ret_from_fork+0x4b/0x80 [ 121.484043][ T53] ? __pfx_kthread+0x10/0x10 [ 121.484069][ T53] ret_from_fork_asm+0x1a/0x30 [ 121.484125][ T53] [ 121.485058][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5956] <... ioctl resumed>) = ? [pid 5956] +++ exited with 0 +++ [pid 5963] <... ioctl resumed>) = ? [pid 5963] +++ exited with 0 +++ [pid 5955] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5955, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=62 /* 0.62 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./7/binderfs") = 0 [ 121.836618][ T5956] VFS:Filesystem freeze failed [pid 5824] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5964 ./strace-static-x86_64: Process 5964 attached [pid 5964] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5964] chdir("./8") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] write(1, "executing program\n", 18executing program ) = 18 [pid 5964] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5964] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5965]}, 88) = 5965 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5965 attached [pid 5965] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5965] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./7/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./7/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./7") = 0 [pid 5824] mkdir("./8", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5966 attached [pid 5966] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5966 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5966] chdir("./8") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5966] write(1, "executing program\n", 18) = 18 [pid 5966] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5966] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5967 attached => {parent_tid=[5967]}, 88) = 5967 [pid 5967] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5967] set_robust_list(0x7f836b55f9a0, 24 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5967] <... set_robust_list resumed>) = 0 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] <... futex resumed>) = 0 [pid 5967] memfd_create("syzkaller", 0 [pid 5966] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] <... memfd_create resumed>) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5965] <... write resumed>) = 20699119 [pid 5965] munmap(0x7f8363000000, 138412032) = 0 [pid 5967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] close(4) = 0 [pid 5965] mkdir("./bus", 0777) = 0 [ 123.155648][ T5965] loop0: detected capacity change from 0 to 40427 [ 123.213225][ T5965] F2FS-fs (loop0): invalid crc value [ 123.496799][ T5965] F2FS-fs (loop0): Start checkpoint disabled! [pid 5965] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 5965] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./bus") = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5965] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5965] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5964] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... openat resumed>) = 4 [pid 5964] <... futex resumed>) = 0 [pid 5965] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 0 [pid 5964] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5965] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5964] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] <... openat resumed>) = 5 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 123.545439][ T5965] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 123.592558][ T53] kworker/u8:3: attempt to access beyond end of device [ 123.592558][ T53] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5965] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5964] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5964] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5964] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5970]}, 88) = 5970 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5964] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5970 attached [pid 5970] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5970] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5970] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5970] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5964] <... futex resumed>) = 0 [pid 5970] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5964] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.636836][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 123.636869][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.636885][ T53] Workqueue: writeback wb_workfn (flush-7:0) [ 123.636918][ T53] Call Trace: [ 123.636926][ T53] [ 123.636935][ T53] dump_stack_lvl+0x189/0x250 [ 123.636971][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.637001][ T53] ? __pfx_queue_work_on+0x10/0x10 [pid 5964] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... write resumed>) = 20699119 [pid 5967] munmap(0x7f8363000000, 138412032 [pid 5964] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 123.637020][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 123.637046][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 123.637083][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 123.637120][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 123.637170][ T53] __submit_merged_bio+0x27a/0x6a0 [ 123.637204][ T53] __submit_merged_write_cond+0x255/0x530 [ 123.637241][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 123.637273][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.637339][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 5967] <... munmap resumed>) = 0 [ 123.637388][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 123.637449][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 123.637496][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 123.637528][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 123.637563][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 123.637598][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 123.637638][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 123.637672][ T53] do_writepages+0x3ae/0x7b0 [ 123.637711][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.637759][ T53] ? __pfx_do_writepages+0x10/0x10 [ 123.637806][ T53] __writeback_single_inode+0x145/0xff0 [ 123.637836][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 123.637866][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 123.637925][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 123.638001][ T53] ? rcu_is_watching+0x15/0xb0 [ 123.638044][ T53] wb_writeback+0x43b/0xaf0 [ 123.638083][ T53] ? queue_io+0x3a1/0x590 [ 123.638116][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 123.638154][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.638184][ T53] wb_workfn+0x409/0xef0 [ 123.638226][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 123.638248][ T53] ? register_lock_class+0x51/0x320 [ 123.638283][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.638323][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.638364][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.638386][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.638432][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.638467][ T53] process_scheduled_works+0xadb/0x17a0 [ 123.638530][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 123.638582][ T53] worker_thread+0x8a0/0xda0 [ 123.638631][ T53] kthread+0x70e/0x8a0 [ 123.638678][ T53] ? __pfx_worker_thread+0x10/0x10 [ 123.638698][ T53] ? __pfx_kthread+0x10/0x10 [ 123.638735][ T53] ? __pfx_kthread+0x10/0x10 [ 123.638759][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.638782][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.638810][ T53] ? __pfx_kthread+0x10/0x10 [ 123.638834][ T53] ret_from_fork+0x4b/0x80 [ 123.638855][ T53] ? __pfx_kthread+0x10/0x10 [ 123.638879][ T53] ret_from_fork_asm+0x1a/0x30 [ 123.638930][ T53] [ 123.638939][ T53] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 123.757369][ T5967] loop1: detected capacity change from 0 to 40427 [ 123.976572][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 123.976603][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.976619][ T53] Workqueue: writeback wb_workfn (flush-7:0) [ 123.976653][ T53] Call Trace: [ 123.976661][ T53] [ 123.976671][ T53] dump_stack_lvl+0x189/0x250 [ 123.976707][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.976737][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 123.976756][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 123.976783][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 123.976820][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 123.976857][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 123.976908][ T53] __submit_merged_bio+0x27a/0x6a0 [ 123.976944][ T53] __submit_merged_write_cond+0x255/0x530 [ 123.976982][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 123.977013][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.977077][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 123.977125][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 123.977186][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 123.977232][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 123.977264][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 123.977298][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 123.977332][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 123.977372][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 123.977405][ T53] do_writepages+0x3ae/0x7b0 [ 123.977444][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.977499][ T53] ? __pfx_do_writepages+0x10/0x10 [ 123.977544][ T53] __writeback_single_inode+0x145/0xff0 [ 123.977591][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 123.977620][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 123.977679][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 123.977754][ T53] ? rcu_is_watching+0x15/0xb0 [ 123.977797][ T53] wb_writeback+0x43b/0xaf0 [ 123.977835][ T53] ? queue_io+0x3a1/0x590 [ 123.977867][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 123.977905][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.977935][ T53] wb_workfn+0x409/0xef0 [ 123.977976][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 123.977997][ T53] ? register_lock_class+0x51/0x320 [ 123.978033][ T53] ? __lock_acquire+0xaac/0xd20 [ 123.978073][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.978113][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.978136][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.978168][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 123.978203][ T53] process_scheduled_works+0xadb/0x17a0 [ 123.978269][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 123.978323][ T53] worker_thread+0x8a0/0xda0 [ 123.978373][ T53] kthread+0x70e/0x8a0 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] close(4 [pid 5964] exit_group(0) = ? [ 123.978402][ T53] ? __pfx_worker_thread+0x10/0x10 [ 123.978421][ T53] ? __pfx_kthread+0x10/0x10 [ 123.978453][ T53] ? __pfx_kthread+0x10/0x10 [ 123.978476][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.978500][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 123.978526][ T53] ? __pfx_kthread+0x10/0x10 [ 123.978550][ T53] ret_from_fork+0x4b/0x80 [ 123.978570][ T53] ? __pfx_kthread+0x10/0x10 [ 123.978594][ T53] ret_from_fork_asm+0x1a/0x30 [ 123.978645][ T53] [pid 5967] <... close resumed>) = 0 [pid 5967] mkdir("./bus", 0777) = 0 [ 123.978653][ T53] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 124.309974][ T5967] F2FS-fs (loop1): invalid crc value [pid 5967] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5970] <... ioctl resumed>) = ? [pid 5965] <... ioctl resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5965] +++ exited with 0 +++ [pid 5964] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5964, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./8/binderfs") = 0 [ 124.489825][ T5965] VFS:Filesystem freeze failed [pid 5823] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5967] <... mount resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./bus") = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5967] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5966] <... futex resumed>) = 0 [pid 5967] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5966] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... openat resumed>) = 4 [pid 5967] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5967] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5966] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... openat resumed>) = 5 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 124.616749][ T5967] F2FS-fs (loop1): Start checkpoint disabled! [ 124.647920][ T5967] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 5967] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5966] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5975]}, 88) = 5975 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5975 attached [pid 5966] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 124.687608][ T3494] kworker/u8:6: attempt to access beyond end of device [ 124.687608][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5975] set_robust_list(0x7f836b53e9a0, 24) = 0 [ 124.736638][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 124.736689][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.736703][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 124.736736][ T3494] Call Trace: [ 124.736745][ T3494] [ 124.736754][ T3494] dump_stack_lvl+0x189/0x250 [ 124.736790][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.736820][ T3494] ? __pfx_queue_work_on+0x10/0x10 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5966] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [ 124.736838][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 124.736897][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 124.736950][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 124.737009][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 124.737062][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 124.737102][ T3494] __submit_merged_write_cond+0x255/0x530 [ 124.737142][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 124.737173][ T3494] ? __lock_acquire+0xaac/0xd20 [ 124.737247][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 124.737300][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 124.737371][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 124.737420][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 124.737454][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 124.737492][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 124.737527][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 124.737570][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 124.737604][ T3494] do_writepages+0x3ae/0x7b0 [ 124.737644][ T3494] ? __lock_acquire+0xaac/0xd20 [ 124.737691][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 124.737743][ T3494] __writeback_single_inode+0x145/0xff0 [ 124.737773][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 124.737804][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 124.737871][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 124.737959][ T3494] ? rcu_is_watching+0x15/0xb0 [ 124.738017][ T3494] wb_writeback+0x43b/0xaf0 [ 124.738074][ T3494] ? queue_io+0x3a1/0x590 [ 124.738108][ T3494] ? __pfx_wb_writeback+0x10/0x10 [pid 5966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5975] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 124.738150][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.738182][ T3494] wb_workfn+0x409/0xef0 [ 124.738228][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 124.738249][ T3494] ? register_lock_class+0x51/0x320 [ 124.738288][ T3494] ? __lock_acquire+0xaac/0xd20 [ 124.738331][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 124.738374][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.738397][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 124.738429][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 124.738465][ T3494] process_scheduled_works+0xadb/0x17a0 [ 124.738541][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 124.738600][ T3494] worker_thread+0x8a0/0xda0 [ 124.738670][ T3494] kthread+0x70e/0x8a0 [ 124.738702][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 124.738722][ T3494] ? __pfx_kthread+0x10/0x10 [ 124.738749][ T3494] ? __pfx_kthread+0x10/0x10 [ 124.738773][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.738797][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.738825][ T3494] ? __pfx_kthread+0x10/0x10 [ 124.738849][ T3494] ret_from_fork+0x4b/0x80 [pid 5966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} [pid 5975] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5966] <... clone3 resumed> => {parent_tid=[5977]}, 88) = 5977 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] <... ioctl resumed>, 0x200000000180) = -1 EIO (Input/output error) [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5966] <... futex resumed>) = 0 [pid 5975] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 124.738869][ T3494] ? __pfx_kthread+0x10/0x10 [ 124.738894][ T3494] ret_from_fork_asm+0x1a/0x30 [ 124.738950][ T3494] [ 124.740330][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 125.058468][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 125.058498][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 125.058512][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 125.058543][ T3494] Call Trace: [ 125.058551][ T3494] [ 125.058560][ T3494] dump_stack_lvl+0x189/0x250 [ 125.058595][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.058626][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 125.058646][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 125.058685][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 125.058724][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 125.058762][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 125.058818][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 125.058857][ T3494] __submit_merged_write_cond+0x255/0x530 [ 125.058897][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 125.058929][ T3494] ? __lock_acquire+0xaac/0xd20 [ 125.059004][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.059055][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 125.059121][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 125.059168][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 125.059201][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 125.059235][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 125.059271][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 125.059314][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.059347][ T3494] do_writepages+0x3ae/0x7b0 [ 125.059387][ T3494] ? __lock_acquire+0xaac/0xd20 [ 125.059426][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 125.059474][ T3494] __writeback_single_inode+0x145/0xff0 [ 125.059505][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 125.059537][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 125.059602][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 125.059693][ T3494] ? rcu_is_watching+0x15/0xb0 [ 125.059740][ T3494] wb_writeback+0x43b/0xaf0 [ 125.059780][ T3494] ? queue_io+0x3a1/0x590 [ 125.059814][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 125.059855][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 125.059887][ T3494] wb_workfn+0x409/0xef0 [ 125.059932][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 125.059954][ T3494] ? register_lock_class+0x51/0x320 [ 125.060004][ T3494] ? __lock_acquire+0xaac/0xd20 [ 125.060044][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 125.060085][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 125.060108][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 125.060138][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 125.060173][ T3494] process_scheduled_works+0xadb/0x17a0 [ 125.060244][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 125.060300][ T3494] worker_thread+0x8a0/0xda0 [ 125.060379][ T3494] kthread+0x70e/0x8a0 [ 125.060408][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 125.060428][ T3494] ? __pfx_kthread+0x10/0x10 [ 125.060454][ T3494] ? __pfx_kthread+0x10/0x10 ./strace-static-x86_64: Process 5977 attached [pid 5966] exit_group(0 [pid 5975] <... futex resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5975] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ [pid 5967] <... ioctl resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=51 /* 0.51 s */} --- [pid 5824] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./8/binderfs") = 0 [ 125.060477][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 125.060500][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 125.060528][ T3494] ? __pfx_kthread+0x10/0x10 [ 125.060552][ T3494] ret_from_fork+0x4b/0x80 [ 125.060572][ T3494] ? __pfx_kthread+0x10/0x10 [ 125.060597][ T3494] ret_from_fork_asm+0x1a/0x30 [ 125.060653][ T3494] [ 125.060669][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 125.387036][ T5967] VFS:Filesystem freeze failed [pid 5824] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./8/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./8") = 0 [pid 5823] mkdir("./9", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./8/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./8/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./8") = 0 [pid 5824] mkdir("./9", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5980 ./strace-static-x86_64: Process 5980 attached [pid 5980] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5980] chdir("./9") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5980] write(1, "executing program\n", 18) = 18 [pid 5980] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5980] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5981]}, 88) = 5981 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5981 attached [pid 5981] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5981] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 5983 ./strace-static-x86_64: Process 5983 attached [pid 5983] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5983] chdir("./9") = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5983] write(1, "executing program\n", 18) = 18 [pid 5983] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5983] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 5984 attached => {parent_tid=[5984]}, 88) = 5984 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] <... rseq resumed>) = 0 [pid 5983] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5984] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5981] <... write resumed>) = 20699119 [pid 5981] munmap(0x7f8363000000, 138412032) = 0 [pid 5984] <... write resumed>) = 20699119 [pid 5984] munmap(0x7f8363000000, 138412032 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5984] <... munmap resumed>) = 0 [pid 5981] <... openat resumed>) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3 [pid 5984] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5981] <... ioctl resumed>) = 0 [pid 5984] ioctl(4, LOOP_SET_FD, 3 [pid 5981] close(3) = 0 [pid 5981] close(4) = 0 [pid 5981] mkdir("./bus", 0777) = 0 [pid 5981] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5984] <... ioctl resumed>) = 0 [ 127.081476][ T5981] loop0: detected capacity change from 0 to 40427 [ 127.101880][ T5984] loop1: detected capacity change from 0 to 40427 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./bus", 0777) = 0 [ 127.130452][ T5981] F2FS-fs (loop0): invalid crc value [ 127.172423][ T5984] F2FS-fs (loop1): invalid crc value [pid 5984] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 5981] <... mount resumed>) = 0 [pid 5984] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5984] <... openat resumed>) = 3 [pid 5981] <... openat resumed>) = 3 [pid 5984] chdir("./bus") = 0 [pid 5981] chdir("./bus" [pid 5984] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5981] <... chdir resumed>) = 0 [pid 5984] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5984] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = 1 [pid 5981] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5981] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5983] <... futex resumed>) = 0 [pid 5981] <... openat resumed>) = 4 [pid 5980] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5984] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5980] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5983] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5980] <... futex resumed>) = 0 [pid 5984] <... openat resumed>) = 4 [ 127.437069][ T5981] F2FS-fs (loop0): Start checkpoint disabled! [ 127.443920][ T5984] F2FS-fs (loop1): Start checkpoint disabled! [ 127.459301][ T5984] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 127.476563][ T5981] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5984] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... openat resumed>) = 5 [pid 5980] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... futex resumed>) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5981] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5980] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5981] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5980] <... futex resumed>) = 0 [pid 5983] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5980] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 127.518444][ T63] kworker/u8:4: attempt to access beyond end of device [ 127.518444][ T63] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 127.546584][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 5984] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5980] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5980] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [ 127.546617][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.546632][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 127.546667][ T63] Call Trace: [ 127.546676][ T63] [ 127.546685][ T63] dump_stack_lvl+0x189/0x250 [ 127.546723][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.546753][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 127.546772][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 127.546798][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 127.546839][ T63] f2fs_handle_critical_error+0x37c/0x540 [pid 5980] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5989]}, 88) = 5989 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 127.546879][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 127.546933][ T63] __submit_merged_bio+0x27a/0x6a0 [ 127.546972][ T63] __submit_merged_write_cond+0x255/0x530 [ 127.547012][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 127.547043][ T63] ? __lock_acquire+0xaac/0xd20 [ 127.547118][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 127.547170][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 127.547249][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 127.547298][ T63] ? trace_f2fs_writepages+0x7f/0x200 [pid 5980] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5980] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5980] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5980] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[5990]}, 88) = 5990 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 127.547332][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 127.547369][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 127.547405][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 127.547448][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 127.547482][ T63] do_writepages+0x3ae/0x7b0 [ 127.547538][ T63] ? __pfx_do_writepages+0x10/0x10 [ 127.547589][ T63] __writeback_single_inode+0x145/0xff0 [ 127.547619][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 127.547650][ T63] writeback_sb_inodes+0x6b5/0x1000 [pid 5980] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 127.547690][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 127.547738][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 127.547826][ T63] ? rcu_is_watching+0x15/0xb0 [ 127.547872][ T63] wb_writeback+0x43b/0xaf0 [ 127.547913][ T63] ? queue_io+0x3a1/0x590 [ 127.547946][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 127.547988][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.548020][ T63] wb_workfn+0x409/0xef0 [ 127.548065][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 127.548086][ T63] ? register_lock_class+0x51/0x320 [ 127.548125][ T63] ? __lock_acquire+0xaac/0xd20 [ 127.548167][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 127.548210][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.548239][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 127.548270][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 127.548307][ T63] process_scheduled_works+0xadb/0x17a0 [ 127.548381][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 127.548440][ T63] worker_thread+0x8a0/0xda0 [ 127.548497][ T63] kthread+0x70e/0x8a0 [ 127.548528][ T63] ? __pfx_worker_thread+0x10/0x10 [pid 5984] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5984] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 127.548549][ T63] ? __pfx_kthread+0x10/0x10 [ 127.548575][ T63] ? __pfx_kthread+0x10/0x10 [ 127.548597][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.548620][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.548648][ T63] ? __pfx_kthread+0x10/0x10 [ 127.548671][ T63] ret_from_fork+0x4b/0x80 [ 127.548689][ T63] ? __pfx_kthread+0x10/0x10 [ 127.548714][ T63] ret_from_fork_asm+0x1a/0x30 [ 127.548770][ T63] [ 127.548778][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 127.868405][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 127.868444][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.868459][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 127.868493][ T63] Call Trace: [ 127.868502][ T63] [ 127.868511][ T63] dump_stack_lvl+0x189/0x250 [ 127.868547][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.868578][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 127.868597][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 127.868622][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 127.868661][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 127.868701][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 127.868754][ T63] __submit_merged_bio+0x27a/0x6a0 [ 127.868791][ T63] __submit_merged_write_cond+0x255/0x530 [ 127.868830][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 127.868860][ T63] ? __lock_acquire+0xaac/0xd20 [ 127.868932][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 127.868983][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 127.869074][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 127.869122][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 127.869155][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 127.869191][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 127.869226][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 127.869267][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 127.869300][ T63] do_writepages+0x3ae/0x7b0 [ 127.869354][ T63] ? __pfx_do_writepages+0x10/0x10 [pid 5983] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5990 attached ./strace-static-x86_64: Process 5989 attached [pid 5990] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5989] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5990] <... rseq resumed>) = 0 [pid 5989] <... rseq resumed>) = 0 [pid 5990] set_robust_list(0x7f836b51d9a0, 24 [pid 5989] set_robust_list(0x7f836b53e9a0, 24 [pid 5990] <... set_robust_list resumed>) = 0 [pid 5989] <... set_robust_list resumed>) = 0 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5990] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5989] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5989] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5983] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5983] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[5991]}, 88) = 5991 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 127.869404][ T63] __writeback_single_inode+0x145/0xff0 [ 127.869443][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 127.869475][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 127.869513][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 127.869560][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 127.869644][ T63] ? rcu_is_watching+0x15/0xb0 [ 127.869708][ T63] wb_writeback+0x43b/0xaf0 [ 127.869749][ T63] ? queue_io+0x3a1/0x590 [ 127.869783][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 127.869825][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.869857][ T63] wb_workfn+0x409/0xef0 [ 127.869903][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 127.869925][ T63] ? register_lock_class+0x51/0x320 [ 127.869963][ T63] ? __lock_acquire+0xaac/0xd20 [ 127.870006][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 127.870048][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.870072][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 127.870104][ T63] ? process_scheduled_works+0x9ec/0x17a0 [pid 5983] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5991 attached [pid 5991] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5991] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 127.870140][ T63] process_scheduled_works+0xadb/0x17a0 [ 127.870215][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 127.870274][ T63] worker_thread+0x8a0/0xda0 [ 127.870332][ T63] kthread+0x70e/0x8a0 [ 127.870363][ T63] ? __pfx_worker_thread+0x10/0x10 [ 127.870388][ T63] ? __pfx_kthread+0x10/0x10 [ 127.870421][ T63] ? __pfx_kthread+0x10/0x10 [ 127.870446][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.870470][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.870498][ T63] ? __pfx_kthread+0x10/0x10 [pid 5991] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5983] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5983] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5983] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 5992 attached [pid 5992] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 5983] <... clone3 resumed> => {parent_tid=[5992]}, 88) = 5992 [pid 5992] <... rseq resumed>) = 0 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] set_robust_list(0x7f836b51d9a0, 24 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] <... set_robust_list resumed>) = 0 [pid 5983] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5983] <... futex resumed>) = 0 [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5983] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5992] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5980] exit_group(0 [pid 5989] <... futex resumed>) = ? [pid 5980] <... exit_group resumed>) = ? [pid 5989] +++ exited with 0 +++ [pid 5990] <... ioctl resumed>) = ? [pid 5990] +++ exited with 0 +++ [pid 5981] <... ioctl resumed>) = ? [pid 5981] +++ exited with 0 +++ [pid 5980] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./9/binderfs") = 0 [pid 5823] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5983] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5983] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 127.870523][ T63] ret_from_fork+0x4b/0x80 [ 127.870543][ T63] ? __pfx_kthread+0x10/0x10 [ 127.870568][ T63] ret_from_fork_asm+0x1a/0x30 [ 127.870624][ T63] [ 127.870632][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 127.873123][ T53] kworker/u8:3: attempt to access beyond end of device [ 127.873123][ T53] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 128.210242][ T5981] VFS:Filesystem freeze failed [pid 5983] exit_group(0) = ? [ 128.467037][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 128.467069][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.467083][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 128.467117][ T53] Call Trace: [ 128.467126][ T53] [ 128.467135][ T53] dump_stack_lvl+0x189/0x250 [ 128.467166][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.467189][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 128.467203][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 128.467223][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 128.467251][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 128.467281][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 128.467337][ T53] __submit_merged_bio+0x27a/0x6a0 [ 128.467366][ T53] __submit_merged_write_cond+0x255/0x530 [ 128.467398][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 128.467431][ T53] ? __lock_acquire+0xaac/0xd20 [ 128.467483][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.467522][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 128.467578][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 128.467619][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 128.467649][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 128.467682][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 128.467713][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 128.467752][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.467784][ T53] do_writepages+0x3ae/0x7b0 [ 128.467834][ T53] ? __pfx_do_writepages+0x10/0x10 [ 128.467881][ T53] __writeback_single_inode+0x145/0xff0 [ 128.467912][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 128.467941][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 128.467969][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.468003][ T53] ? rcu_is_watching+0x15/0xb0 [ 128.468053][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 128.468129][ T53] ? rcu_is_watching+0x15/0xb0 [ 128.468171][ T53] wb_writeback+0x43b/0xaf0 [ 128.468209][ T53] ? queue_io+0x3a1/0x590 [ 128.468242][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 128.468280][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.468311][ T53] wb_workfn+0x409/0xef0 [ 128.468352][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 128.468373][ T53] ? register_lock_class+0x51/0x320 [ 128.468416][ T53] ? __lock_acquire+0xaac/0xd20 [ 128.468457][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.468498][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.468520][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.468553][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.468589][ T53] process_scheduled_works+0xadb/0x17a0 [ 128.468655][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 128.468709][ T53] worker_thread+0x8a0/0xda0 [ 128.468759][ T53] kthread+0x70e/0x8a0 [ 128.468788][ T53] ? __pfx_worker_thread+0x10/0x10 [ 128.468808][ T53] ? __pfx_kthread+0x10/0x10 [ 128.468835][ T53] ? __pfx_kthread+0x10/0x10 [ 128.468859][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.468882][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.468909][ T53] ? __pfx_kthread+0x10/0x10 [ 128.468932][ T53] ret_from_fork+0x4b/0x80 [ 128.468953][ T53] ? __pfx_kthread+0x10/0x10 [ 128.468978][ T53] ret_from_fork_asm+0x1a/0x30 [ 128.469050][ T53] [ 128.469277][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 128.791180][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 128.791211][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.791226][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 128.791260][ T53] Call Trace: [ 128.791269][ T53] [ 128.791279][ T53] dump_stack_lvl+0x189/0x250 [ 128.791316][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.791347][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 128.791366][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 128.791402][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 128.791443][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 128.791483][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 128.791538][ T53] __submit_merged_bio+0x27a/0x6a0 [ 128.791577][ T53] __submit_merged_write_cond+0x255/0x530 [ 128.791616][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 128.791647][ T53] ? __lock_acquire+0xaac/0xd20 [ 128.791721][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.791774][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 128.791844][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 128.791893][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 128.791926][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 128.791963][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 128.791999][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 128.792041][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.792075][ T53] do_writepages+0x3ae/0x7b0 [ 128.792130][ T53] ? __pfx_do_writepages+0x10/0x10 [ 128.792182][ T53] __writeback_single_inode+0x145/0xff0 [ 128.792212][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 128.792244][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 128.792272][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.792308][ T53] ? rcu_is_watching+0x15/0xb0 [ 128.792363][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 128.792457][ T53] ? rcu_is_watching+0x15/0xb0 [ 128.792503][ T53] wb_writeback+0x43b/0xaf0 [ 128.792544][ T53] ? queue_io+0x3a1/0x590 [ 128.792578][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 128.792620][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.792652][ T53] wb_workfn+0x409/0xef0 [ 128.792699][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 128.792720][ T53] ? register_lock_class+0x51/0x320 [ 128.792759][ T53] ? __lock_acquire+0xaac/0xd20 [ 128.792802][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.792845][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.792868][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.792901][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 128.792937][ T53] process_scheduled_works+0xadb/0x17a0 [ 128.793013][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 128.793073][ T53] worker_thread+0x8a0/0xda0 [ 128.793131][ T53] kthread+0x70e/0x8a0 [ 128.793162][ T53] ? __pfx_worker_thread+0x10/0x10 [ 128.793182][ T53] ? __pfx_kthread+0x10/0x10 [pid 5992] <... ioctl resumed>) = ? [pid 5991] <... ioctl resumed> ) = ? [pid 5984] <... ioctl resumed>) = ? [pid 5992] +++ exited with 0 +++ [pid 5991] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ [pid 5983] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5983, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=39 /* 0.39 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 128.793210][ T53] ? __pfx_kthread+0x10/0x10 [ 128.793234][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.793259][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.793286][ T53] ? __pfx_kthread+0x10/0x10 [ 128.793310][ T53] ret_from_fork+0x4b/0x80 [ 128.793331][ T53] ? __pfx_kthread+0x10/0x10 [ 128.793356][ T53] ret_from_fork_asm+0x1a/0x30 [ 128.793418][ T53] [ 128.793426][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 129.115282][ T5984] VFS:Filesystem freeze failed [pid 5824] unlink("./9/binderfs") = 0 [pid 5824] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./9/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./9") = 0 [pid 5823] mkdir("./10", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./9/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./9/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./9") = 0 [pid 5824] mkdir("./10", 0777) = 0 [pid 5823] <... close resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] <... openat resumed>) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5993 attached ) = 0 [pid 5993] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] close(3 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 5993 [pid 5993] <... set_robust_list resumed>) = 0 [pid 5993] chdir("./10") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5993] write(1, "executing program\n", 18) = 18 [pid 5993] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5993] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5994]}, 88) = 5994 ./strace-static-x86_64: Process 5994 attached [pid 5994] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5994] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5994] <... futex resumed>) = 0 [pid 5994] memfd_create("syzkaller", 0 [pid 5993] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5994] <... memfd_create resumed>) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x55558e3aa690) = 5995 [pid 5995] set_robust_list(0x55558e3aa6a0, 24) = 0 executing program [pid 5995] chdir("./10") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] write(1, "executing program\n", 18) = 18 [pid 5995] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5995] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[5996]}, 88) = 5996 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5995] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5996 attached [pid 5996] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 5996] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5994] <... write resumed>) = 20699119 [pid 5994] munmap(0x7f8363000000, 138412032) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5994] close(3) = 0 [pid 5994] close(4) = 0 [pid 5994] mkdir("./bus", 0777) = 0 [ 130.721865][ T5994] loop0: detected capacity change from 0 to 40427 [ 130.768353][ T5994] F2FS-fs (loop0): invalid crc value [pid 5994] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5996] <... write resumed>) = 20699119 [pid 5996] munmap(0x7f8363000000, 138412032) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] close(4) = 0 [ 130.972948][ T5996] loop1: detected capacity change from 0 to 40427 [ 130.984784][ T5994] F2FS-fs (loop0): Start checkpoint disabled! [ 131.001818][ T5994] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5996] mkdir("./bus", 0777) = 0 [pid 5994] <... mount resumed>) = 0 [pid 5996] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./bus") = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5994] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = 0 [pid 5993] <... futex resumed>) = 1 [pid 5994] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5993] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... openat resumed>) = 4 [pid 5994] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5994] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... openat resumed>) = 5 [pid 5994] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 131.032028][ T5996] F2FS-fs (loop1): invalid crc value [pid 5994] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5993] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5993] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5993] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 131.097440][ T53] kworker/u8:3: attempt to access beyond end of device [ 131.097440][ T53] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 5993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6000]}, 88) = 6000 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6000 attached [pid 6000] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6000] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6000] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6000] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 131.149699][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 131.149732][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.149746][ T53] Workqueue: writeback wb_workfn (flush-7:0) [ 131.149781][ T53] Call Trace: [ 131.149789][ T53] [ 131.149799][ T53] dump_stack_lvl+0x189/0x250 [ 131.149833][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6000] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 0 [ 131.149864][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 131.149883][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 131.149909][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 131.149946][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 131.149985][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 131.150036][ T53] __submit_merged_bio+0x27a/0x6a0 [ 131.150084][ T53] __submit_merged_write_cond+0x255/0x530 [ 131.150121][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 131.150169][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.150235][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.150290][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 131.150352][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 131.150397][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 131.150430][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 131.150465][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 131.150499][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 131.150539][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.150572][ T53] do_writepages+0x3ae/0x7b0 [ 131.150610][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.150647][ T53] ? __pfx_do_writepages+0x10/0x10 [ 131.150694][ T53] __writeback_single_inode+0x145/0xff0 [ 131.150724][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 131.150754][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 131.150813][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 131.150889][ T53] ? rcu_is_watching+0x15/0xb0 [ 131.150932][ T53] wb_writeback+0x43b/0xaf0 [ 131.150970][ T53] ? queue_io+0x3a1/0x590 [ 131.151002][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 131.151041][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.151072][ T53] wb_workfn+0x409/0xef0 [ 131.151113][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 131.151134][ T53] ? register_lock_class+0x51/0x320 [ 131.151170][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.151210][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.151251][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.151281][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.151313][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.151348][ T53] process_scheduled_works+0xadb/0x17a0 [ 131.151415][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 131.151469][ T53] worker_thread+0x8a0/0xda0 [ 131.151520][ T53] kthread+0x70e/0x8a0 [ 131.151561][ T53] ? __pfx_worker_thread+0x10/0x10 [ 131.151580][ T53] ? __pfx_kthread+0x10/0x10 [ 131.151606][ T53] ? __pfx_kthread+0x10/0x10 [ 131.151629][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.151652][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.151678][ T53] ? __pfx_kthread+0x10/0x10 [ 131.151701][ T53] ret_from_fork+0x4b/0x80 [ 131.151720][ T53] ? __pfx_kthread+0x10/0x10 [ 131.151744][ T53] ret_from_fork_asm+0x1a/0x30 [ 131.151793][ T53] [ 131.151802][ T53] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 131.238330][ T5996] F2FS-fs (loop1): Start checkpoint disabled! [ 131.486556][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 131.486588][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.486603][ T53] Workqueue: writeback wb_workfn (flush-7:0) [ 131.486636][ T53] Call Trace: [ 131.486645][ T53] [ 131.486655][ T53] dump_stack_lvl+0x189/0x250 [ 131.486691][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.486721][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 131.486740][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 131.486766][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 131.486803][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 131.486841][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 131.486892][ T53] __submit_merged_bio+0x27a/0x6a0 [ 131.486928][ T53] __submit_merged_write_cond+0x255/0x530 [ 131.486965][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 131.486997][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.487062][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.487110][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 131.487172][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 131.487217][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 131.487255][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 131.487291][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 131.487326][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 131.487366][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 131.487399][ T53] do_writepages+0x3ae/0x7b0 [ 131.487436][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.487474][ T53] ? __pfx_do_writepages+0x10/0x10 [ 131.487520][ T53] __writeback_single_inode+0x145/0xff0 [ 131.487550][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 131.487579][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 131.487639][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 131.487714][ T53] ? rcu_is_watching+0x15/0xb0 [ 131.487757][ T53] wb_writeback+0x43b/0xaf0 [ 131.487795][ T53] ? queue_io+0x3a1/0x590 [ 131.487827][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 131.487866][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.487896][ T53] wb_workfn+0x409/0xef0 [ 131.487936][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 131.487958][ T53] ? register_lock_class+0x51/0x320 [ 131.487994][ T53] ? __lock_acquire+0xaac/0xd20 [ 131.488034][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.488075][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.488098][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.488130][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 131.488166][ T53] process_scheduled_works+0xadb/0x17a0 [ 131.488233][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 131.488292][ T53] worker_thread+0x8a0/0xda0 [ 131.488342][ T53] kthread+0x70e/0x8a0 [ 131.488371][ T53] ? __pfx_worker_thread+0x10/0x10 [ 131.488390][ T53] ? __pfx_kthread+0x10/0x10 [ 131.488417][ T53] ? __pfx_kthread+0x10/0x10 [ 131.488440][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.488464][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.488491][ T53] ? __pfx_kthread+0x10/0x10 [ 131.488514][ T53] ret_from_fork+0x4b/0x80 [ 131.488535][ T53] ? __pfx_kthread+0x10/0x10 [ 131.488560][ T53] ret_from_fork_asm+0x1a/0x30 [ 131.488610][ T53] [ 131.488619][ T53] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6000] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 131.738421][ T5996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6000] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5994] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 5994] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] exit_group(0 [pid 5994] <... futex resumed>) = ? [pid 5993] <... exit_group resumed>) = ? [pid 5994] +++ exited with 0 +++ [pid 6000] <... futex resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 5993] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=38 /* 0.38 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./10/binderfs") = 0 [ 131.896590][ T5994] VFS:Filesystem freeze failed [pid 5823] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5996] <... mount resumed>) = 0 [pid 5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./bus") = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5996] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 5995] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 4 [pid 5996] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 5 [pid 5996] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5995] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5995] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6002 attached [pid 6002] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5995] <... clone3 resumed> => {parent_tid=[6002]}, 88) = 6002 [pid 6002] <... rseq resumed>) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 6002] set_robust_list(0x7f836b53e9a0, 24 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6002] <... set_robust_list resumed>) = 0 [pid 5995] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... futex resumed>) = 0 [pid 6002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 132.047420][ T53] kworker/u8:3: attempt to access beyond end of device [ 132.047420][ T53] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 132.083028][ T53] CPU: 1 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 132.083062][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.083077][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 132.083109][ T53] Call Trace: [ 132.083118][ T53] [ 132.083127][ T53] dump_stack_lvl+0x189/0x250 [ 132.083169][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.083198][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 132.083216][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 132.083241][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6002] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 5995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 5995] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6003]}, 88) = 6003 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5995] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6003 attached [pid 6003] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6003] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 132.083277][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 132.083314][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 132.083363][ T53] __submit_merged_bio+0x27a/0x6a0 [ 132.083417][ T53] __submit_merged_write_cond+0x255/0x530 [ 132.083454][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 132.083485][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.083550][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 132.083599][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 132.083661][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [pid 6003] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 132.083706][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 132.083738][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 132.083773][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 132.083807][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 132.083848][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 132.083880][ T53] do_writepages+0x3ae/0x7b0 [ 132.083919][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.083956][ T53] ? __pfx_do_writepages+0x10/0x10 [ 132.084002][ T53] __writeback_single_inode+0x145/0xff0 [ 132.084031][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 132.084061][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 132.084120][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 132.084201][ T53] ? rcu_is_watching+0x15/0xb0 [ 132.084243][ T53] wb_writeback+0x43b/0xaf0 [ 132.084281][ T53] ? queue_io+0x3a1/0x590 [ 132.084313][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 132.084352][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.084381][ T53] wb_workfn+0x409/0xef0 [ 132.084422][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 132.084444][ T53] ? register_lock_class+0x51/0x320 [ 132.084479][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.084519][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.084560][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.084582][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.084614][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.084650][ T53] process_scheduled_works+0xadb/0x17a0 [ 132.084716][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 132.084769][ T53] worker_thread+0x8a0/0xda0 [ 132.084820][ T53] kthread+0x70e/0x8a0 [ 132.084849][ T53] ? __pfx_worker_thread+0x10/0x10 [ 132.084868][ T53] ? __pfx_kthread+0x10/0x10 [ 132.084895][ T53] ? __pfx_kthread+0x10/0x10 [ 132.084919][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.084942][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.084969][ T53] ? __pfx_kthread+0x10/0x10 [ 132.084992][ T53] ret_from_fork+0x4b/0x80 [ 132.085012][ T53] ? __pfx_kthread+0x10/0x10 [ 132.085036][ T53] ret_from_fork_asm+0x1a/0x30 [ 132.085087][ T53] [pid 5995] exit_group(0) = ? [ 132.085095][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 132.496587][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 132.496620][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.496635][ T53] Workqueue: writeback wb_workfn (flush-7:1) [ 132.496670][ T53] Call Trace: [ 132.496678][ T53] [ 132.496689][ T53] dump_stack_lvl+0x189/0x250 [ 132.496724][ T53] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.496755][ T53] ? __pfx_queue_work_on+0x10/0x10 [ 132.496774][ T53] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 132.496800][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 132.496837][ T53] f2fs_handle_critical_error+0x37c/0x540 [ 132.496876][ T53] f2fs_write_end_io+0x4e2/0x6d0 [ 132.496931][ T53] __submit_merged_bio+0x27a/0x6a0 [ 132.496968][ T53] __submit_merged_write_cond+0x255/0x530 [ 132.497004][ T53] f2fs_write_data_pages+0x2854/0x31f0 [ 132.497035][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.497100][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 132.497148][ T53] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 132.497209][ T53] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 132.497254][ T53] ? trace_f2fs_writepages+0x7f/0x200 [ 132.497287][ T53] ? f2fs_write_node_pages+0x478/0x6e0 [ 132.497321][ T53] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 132.497355][ T53] ? has_not_enough_free_secs+0xd8b/0x1640 [ 132.497395][ T53] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 132.497427][ T53] do_writepages+0x3ae/0x7b0 [ 132.497466][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.497513][ T53] ? __pfx_do_writepages+0x10/0x10 [ 132.497576][ T53] __writeback_single_inode+0x145/0xff0 [ 132.497606][ T53] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 132.497635][ T53] writeback_sb_inodes+0x6b5/0x1000 [ 132.497693][ T53] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 132.497769][ T53] ? rcu_is_watching+0x15/0xb0 [ 132.497812][ T53] wb_writeback+0x43b/0xaf0 [ 132.497850][ T53] ? queue_io+0x3a1/0x590 [ 132.497887][ T53] ? __pfx_wb_writeback+0x10/0x10 [ 132.497926][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.497956][ T53] wb_workfn+0x409/0xef0 [ 132.497997][ T53] ? __pfx_wb_workfn+0x10/0x10 [ 132.498018][ T53] ? register_lock_class+0x51/0x320 [ 132.498054][ T53] ? __lock_acquire+0xaac/0xd20 [ 132.498094][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.498133][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.498156][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.498188][ T53] ? process_scheduled_works+0x9ec/0x17a0 [ 132.498236][ T53] process_scheduled_works+0xadb/0x17a0 [ 132.498300][ T53] ? __pfx_process_scheduled_works+0x10/0x10 [ 132.498352][ T53] worker_thread+0x8a0/0xda0 [ 132.498401][ T53] kthread+0x70e/0x8a0 [ 132.498428][ T53] ? __pfx_worker_thread+0x10/0x10 [ 132.498447][ T53] ? __pfx_kthread+0x10/0x10 [ 132.498472][ T53] ? __pfx_kthread+0x10/0x10 [ 132.498495][ T53] ? _raw_spin_unlock_irq+0x23/0x50 [ 132.498518][ T53] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.498543][ T53] ? __pfx_kthread+0x10/0x10 [ 132.498566][ T53] ret_from_fork+0x4b/0x80 [ 132.498586][ T53] ? __pfx_kthread+0x10/0x10 [ 132.498609][ T53] ret_from_fork_asm+0x1a/0x30 [ 132.498659][ T53] [ 132.498667][ T53] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./10/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./10") = 0 [pid 5823] mkdir("./11", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 6003] <... ioctl resumed>) = ? [pid 6002] <... ioctl resumed> ) = ? [pid 5996] <... ioctl resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 6002] +++ exited with 0 +++ [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6004 attached [pid 5996] +++ exited with 0 +++ [pid 5995] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=62 /* 0.62 s */} --- [pid 5824] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.197411][ T5996] VFS:Filesystem freeze failed [pid 5824] unlink("./10/binderfs" [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6004 [pid 6004] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... unlink resumed>) = 0 [pid 6004] <... set_robust_list resumed>) = 0 [pid 5824] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6004] chdir("./11") = 0 [pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6004] setpgid(0, 0) = 0 [pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6004] write(3, "1000", 4) = 4 [pid 6004] close(3) = 0 [pid 6004] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6004] write(1, "executing program\n", 18) = 18 [pid 6004] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6004] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6005 attached [pid 6005] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6005]}, 88) = 6005 [pid 6005] <... rseq resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6005] set_robust_list(0x7f836b55f9a0, 24 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6005] <... set_robust_list resumed>) = 0 [pid 6004] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] <... futex resumed>) = 0 [pid 6005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6005] memfd_create("syzkaller", 0) = 3 [pid 6005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./10/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./10/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./10") = 0 [pid 5824] mkdir("./11", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached , child_tidptr=0x55558e3aa690) = 6006 [pid 6006] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6006] chdir("./11") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6006] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6006] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6007 attached => {parent_tid=[6007]}, 88) = 6007 [pid 6007] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] <... rseq resumed>) = 0 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] set_robust_list(0x7f836b55f9a0, 24 [pid 6006] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... set_robust_list resumed>) = 0 [pid 6006] <... futex resumed>) = 0 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6005] <... write resumed>) = 20699119 [pid 6005] munmap(0x7f8363000000, 138412032) = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6005] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6005] close(3) = 0 [pid 6005] close(4) = 0 [pid 6005] mkdir("./bus", 0777) = 0 [ 134.171278][ T6005] loop0: detected capacity change from 0 to 40427 [ 134.208017][ T6005] F2FS-fs (loop0): invalid crc value [pid 6005] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6005] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6005] chdir("./bus") = 0 [pid 6005] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6005] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6004] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... openat resumed>) = 4 [pid 6004] <... futex resumed>) = 0 [pid 6004] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 134.436948][ T6005] F2FS-fs (loop0): Start checkpoint disabled! [ 134.465362][ T6005] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6005] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6004] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6005] <... openat resumed>) = 5 [pid 6005] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6004] <... futex resumed>) = 0 [pid 6005] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6004] <... futex resumed>) = 0 [pid 6005] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 134.556651][ T63] kworker/u8:4: attempt to access beyond end of device [ 134.556651][ T63] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 134.586541][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 134.586573][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.586588][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 134.586619][ T63] Call Trace: [ 134.586626][ T63] [ 134.586634][ T63] dump_stack_lvl+0x189/0x250 [ 134.586663][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.586687][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 134.586702][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 134.586723][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.586755][ T63] f2fs_handle_critical_error+0x37c/0x540 [pid 6004] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6004] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6010]}, 88) = 6010 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6004] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6004] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6004] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6004] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6011 attached [pid 6011] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6004] <... clone3 resumed> => {parent_tid=[6011]}, 88) = 6011 [pid 6011] <... rseq resumed>) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6011] set_robust_list(0x7f836b51d9a0, 24 [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6004] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], [pid 6004] <... futex resumed>) = 0 [pid 6011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 134.586787][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 134.586829][ T63] __submit_merged_bio+0x27a/0x6a0 [ 134.586859][ T63] __submit_merged_write_cond+0x255/0x530 [ 134.586890][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 134.586914][ T63] ? __lock_acquire+0xaac/0xd20 [ 134.586977][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.587018][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 134.587070][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 134.587109][ T63] ? trace_f2fs_writepages+0x7f/0x200 [pid 6011] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 134.587134][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 134.587163][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 134.587191][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 134.587224][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.587250][ T63] do_writepages+0x3ae/0x7b0 [ 134.587282][ T63] ? __lock_acquire+0xaac/0xd20 [ 134.587312][ T63] ? __pfx_do_writepages+0x10/0x10 [ 134.587351][ T63] __writeback_single_inode+0x145/0xff0 [ 134.587375][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 134.587399][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 134.587449][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 134.587516][ T63] ? rcu_is_watching+0x15/0xb0 [ 134.587551][ T63] wb_writeback+0x43b/0xaf0 [ 134.587583][ T63] ? queue_io+0x3a1/0x590 [ 134.587609][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 134.587641][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.587666][ T63] wb_workfn+0x409/0xef0 [ 134.587700][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 134.587717][ T63] ? register_lock_class+0x51/0x320 [ 134.587748][ T63] ? __lock_acquire+0xaac/0xd20 [ 134.587781][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.587814][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.587832][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.587857][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.587886][ T63] process_scheduled_works+0xadb/0x17a0 [ 134.587942][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 134.587996][ T63] worker_thread+0x8a0/0xda0 [ 134.588040][ T63] kthread+0x70e/0x8a0 [ 134.588064][ T63] ? __pfx_worker_thread+0x10/0x10 [ 134.588080][ T63] ? __pfx_kthread+0x10/0x10 [ 134.588101][ T63] ? __pfx_kthread+0x10/0x10 [ 134.588120][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.588138][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.588161][ T63] ? __pfx_kthread+0x10/0x10 [ 134.588180][ T63] ret_from_fork+0x4b/0x80 [ 134.588195][ T63] ? __pfx_kthread+0x10/0x10 [ 134.588215][ T63] ret_from_fork_asm+0x1a/0x30 [ 134.588258][ T63] ./strace-static-x86_64: Process 6010 attached [pid 6010] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6004] exit_group(0) = ? [ 134.588504][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 134.909636][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 134.909665][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.909680][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 134.909712][ T63] Call Trace: [ 134.909721][ T63] [ 134.909730][ T63] dump_stack_lvl+0x189/0x250 [ 134.909766][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.909794][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 134.909813][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 134.909836][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.909875][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 134.909914][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 134.909979][ T63] __submit_merged_bio+0x27a/0x6a0 [ 134.910016][ T63] __submit_merged_write_cond+0x255/0x530 [ 134.910055][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 134.910085][ T63] ? __lock_acquire+0xaac/0xd20 [pid 6010] <... rseq resumed>) = ? [pid 6010] +++ exited with 0 +++ [ 134.910158][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.910210][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 134.910278][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 134.910328][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 134.910361][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 134.910407][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 134.910443][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 134.910486][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 134.910520][ T63] do_writepages+0x3ae/0x7b0 [ 134.910561][ T63] ? __lock_acquire+0xaac/0xd20 [ 134.910600][ T63] ? __pfx_do_writepages+0x10/0x10 [ 134.910652][ T63] __writeback_single_inode+0x145/0xff0 [ 134.910682][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 134.910713][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 134.910780][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 134.910868][ T63] ? rcu_is_watching+0x15/0xb0 [ 134.910914][ T63] wb_writeback+0x43b/0xaf0 [ 134.910962][ T63] ? queue_io+0x3a1/0x590 [ 134.910996][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 134.911037][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.911070][ T63] wb_workfn+0x409/0xef0 [ 134.911116][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 134.911137][ T63] ? register_lock_class+0x51/0x320 [ 134.911175][ T63] ? __lock_acquire+0xaac/0xd20 [ 134.911218][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.911261][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.911283][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.911316][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 134.911352][ T63] process_scheduled_works+0xadb/0x17a0 [ 134.911427][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 134.911487][ T63] worker_thread+0x8a0/0xda0 [ 134.911544][ T63] kthread+0x70e/0x8a0 [ 134.911576][ T63] ? __pfx_worker_thread+0x10/0x10 [ 134.911597][ T63] ? __pfx_kthread+0x10/0x10 [ 134.911625][ T63] ? __pfx_kthread+0x10/0x10 [ 134.911650][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.911674][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.911702][ T63] ? __pfx_kthread+0x10/0x10 [pid 6005] <... ioctl resumed>) = ? [pid 6011] <... ioctl resumed>) = ? [pid 6011] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ [pid 6004] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6004, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=36 /* 0.36 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./11/binderfs") = 0 [ 134.911726][ T63] ret_from_fork+0x4b/0x80 [ 134.911747][ T63] ? __pfx_kthread+0x10/0x10 [ 134.911772][ T63] ret_from_fork_asm+0x1a/0x30 [ 134.911828][ T63] [ 134.912406][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 135.246638][ T6005] VFS:Filesystem freeze failed [pid 5823] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6007] <... write resumed>) = 20699119 [pid 6007] munmap(0x7f8363000000, 138412032) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] close(4) = 0 [pid 6007] mkdir("./bus", 0777) = 0 [ 135.387920][ T6007] loop1: detected capacity change from 0 to 40427 [ 135.436532][ T6007] F2FS-fs (loop1): invalid crc value [pid 6007] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./11/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./11") = 0 [pid 5823] mkdir("./12", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD [pid 6007] <... mount resumed>) = 0 [pid 5823] <... ioctl resumed>) = 0 [pid 5823] close(3 [ 135.656778][ T6007] F2FS-fs (loop1): Start checkpoint disabled! [ 135.696594][ T6007] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6007] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./bus") = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6007] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] <... futex resumed>) = 0 [pid 6007] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6006] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... openat resumed>) = 4 [pid 6007] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6006] <... futex resumed>) = 0 [pid 6007] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6006] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... openat resumed>) = 5 [pid 6007] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6006] <... futex resumed>) = 0 [ 135.783290][ T63] kworker/u8:4: attempt to access beyond end of device [ 135.783290][ T63] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 135.807751][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 135.807784][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 135.807799][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 135.807832][ T63] Call Trace: [ 135.807840][ T63] [ 135.807849][ T63] dump_stack_lvl+0x189/0x250 [ 135.807886][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.807916][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 135.807934][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 135.807959][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 135.807998][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 135.808037][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 135.808090][ T63] __submit_merged_bio+0x27a/0x6a0 [ 135.808127][ T63] __submit_merged_write_cond+0x255/0x530 [ 135.808165][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 135.808196][ T63] ? __lock_acquire+0xaac/0xd20 [ 135.808268][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 135.808319][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 135.808387][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 135.808435][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 135.808467][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 135.808528][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 135.808582][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 135.808625][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 135.808664][ T63] do_writepages+0x3ae/0x7b0 [ 135.808706][ T63] ? __lock_acquire+0xaac/0xd20 [ 135.808745][ T63] ? __pfx_do_writepages+0x10/0x10 [ 135.808797][ T63] __writeback_single_inode+0x145/0xff0 [ 135.808827][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 135.808859][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 135.808924][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 135.809012][ T63] ? rcu_is_watching+0x15/0xb0 [ 135.809059][ T63] wb_writeback+0x43b/0xaf0 [ 135.809100][ T63] ? queue_io+0x3a1/0x590 [ 135.809134][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 135.809176][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 135.809208][ T63] wb_workfn+0x409/0xef0 [ 135.809253][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 135.809275][ T63] ? register_lock_class+0x51/0x320 [ 135.809313][ T63] ? __lock_acquire+0xaac/0xd20 [pid 6006] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6006] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6006] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6014]}, 88) = 6014 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6006] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6006] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6006] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6015]}, 88) = 6015 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.809356][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 135.809400][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 135.809423][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 135.809455][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 135.809492][ T63] process_scheduled_works+0xadb/0x17a0 [ 135.809568][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 135.809626][ T63] worker_thread+0x8a0/0xda0 [ 135.809691][ T63] kthread+0x70e/0x8a0 [ 135.809721][ T63] ? __pfx_worker_thread+0x10/0x10 [ 135.809742][ T63] ? __pfx_kthread+0x10/0x10 [pid 6006] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6015 attached ./strace-static-x86_64: Process 6014 attached ) = -1 ETIMEDOUT (Connection timed out) [ 135.809769][ T63] ? __pfx_kthread+0x10/0x10 [ 135.809793][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 135.809817][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 135.809845][ T63] ? __pfx_kthread+0x10/0x10 [ 135.809869][ T63] ret_from_fork+0x4b/0x80 [ 135.809890][ T63] ? __pfx_kthread+0x10/0x10 [ 135.809915][ T63] ret_from_fork_asm+0x1a/0x30 [ 135.809971][ T63] [ 135.809980][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6015] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6014] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6015] <... rseq resumed>) = 0 [pid 6015] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 136.136815][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 136.136856][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 136.136871][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 136.136903][ T63] Call Trace: [ 136.136912][ T63] [ 136.136921][ T63] dump_stack_lvl+0x189/0x250 [ 136.136957][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.136986][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 136.137005][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 136.137030][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 136.137071][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 136.137111][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 136.137165][ T63] __submit_merged_bio+0x27a/0x6a0 [ 136.137203][ T63] __submit_merged_write_cond+0x255/0x530 [ 136.137242][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 136.137273][ T63] ? __lock_acquire+0xaac/0xd20 [ 136.137346][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6015] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6014] <... rseq resumed>) = 0 [pid 6014] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6014] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6014] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 136.137397][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 136.137464][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 136.137513][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 136.137546][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 136.137583][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 136.137616][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 136.137659][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 136.137693][ T63] do_writepages+0x3ae/0x7b0 [ 136.137733][ T63] ? __lock_acquire+0xaac/0xd20 [pid 6014] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] exit_group(0 [pid 6014] <... futex resumed>) = ? [pid 6006] <... exit_group resumed>) = ? [pid 6014] +++ exited with 0 +++ [ 136.137772][ T63] ? __pfx_do_writepages+0x10/0x10 [ 136.137834][ T63] __writeback_single_inode+0x145/0xff0 [ 136.137872][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 136.137902][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 136.137965][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 136.138051][ T63] ? rcu_is_watching+0x15/0xb0 [ 136.138095][ T63] wb_writeback+0x43b/0xaf0 [ 136.138135][ T63] ? queue_io+0x3a1/0x590 [ 136.138167][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 136.138208][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 136.138238][ T63] wb_workfn+0x409/0xef0 [ 136.138281][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 136.138301][ T63] ? register_lock_class+0x51/0x320 [ 136.138337][ T63] ? __lock_acquire+0xaac/0xd20 [ 136.138377][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 136.138418][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 136.138441][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 136.138472][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 136.138507][ T63] process_scheduled_works+0xadb/0x17a0 [ 136.138579][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 136.138636][ T63] worker_thread+0x8a0/0xda0 [ 136.138692][ T63] kthread+0x70e/0x8a0 [ 136.138721][ T63] ? __pfx_worker_thread+0x10/0x10 [ 136.138740][ T63] ? __pfx_kthread+0x10/0x10 [ 136.138766][ T63] ? __pfx_kthread+0x10/0x10 [ 136.138790][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 136.138812][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 136.138838][ T63] ? __pfx_kthread+0x10/0x10 [ 136.138870][ T63] ret_from_fork+0x4b/0x80 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6016 ./strace-static-x86_64: Process 6016 attached [pid 6016] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6016] chdir("./12") = 0 [pid 6016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 136.138889][ T63] ? __pfx_kthread+0x10/0x10 [ 136.138913][ T63] ret_from_fork_asm+0x1a/0x30 [ 136.138967][ T63] [ 136.138976][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6016] setpgid(0, 0) = 0 [pid 6016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6016] write(3, "1000", 4) = 4 [pid 6016] close(3) = 0 [pid 6016] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6016] write(1, "executing program\n", 18) = 18 [pid 6016] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6016] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6017 attached => {parent_tid=[6017]}, 88) = 6017 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6016] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6016] <... futex resumed>) = 0 [pid 6017] <... rseq resumed>) = 0 [pid 6016] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6017] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6015] <... ioctl resumed>) = ? [pid 6007] <... ioctl resumed>) = ? [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] +++ exited with 0 +++ [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6015] +++ exited with 0 +++ [pid 6006] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=40 /* 0.40 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./11/binderfs") = 0 [ 136.537805][ T6007] VFS:Filesystem freeze failed [pid 5824] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./11/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./11/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./11") = 0 [pid 5824] mkdir("./12", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6018 ./strace-static-x86_64: Process 6018 attached [pid 6017] <... write resumed>) = 20699119 [pid 6018] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6018] chdir("./12") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6018] write(1, "executing program\n", 18) = 18 [pid 6018] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] munmap(0x7f8363000000, 138412032 [pid 6018] <... futex resumed>) = 0 [pid 6018] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6018] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6019]}, 88) = 6019 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6018] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6019 attached [pid 6019] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6019] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6017] <... munmap resumed>) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./bus", 0777) = 0 [ 137.508255][ T6017] loop0: detected capacity change from 0 to 40427 [ 137.547437][ T6017] F2FS-fs (loop0): invalid crc value [pid 6017] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6017] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./bus") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 137.777904][ T6017] F2FS-fs (loop0): Start checkpoint disabled! [ 137.802206][ T6017] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6017] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6017] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6016] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... openat resumed>) = 4 [pid 6017] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6016] <... futex resumed>) = 0 [pid 6017] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6016] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6017] <... openat resumed>) = 5 [pid 6017] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6017] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6016] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6016] <... futex resumed>) = 1 [pid 6017] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6016] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6016] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6016] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6016] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 137.877333][ T3494] kworker/u8:6: attempt to access beyond end of device [ 137.877333][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 137.906647][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6022 attached => {parent_tid=[6022]}, 88) = 6022 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6016] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6022] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6022] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6022] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6022] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] <... futex resumed>) = 0 [pid 6016] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 137.906679][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.906694][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 137.906728][ T3494] Call Trace: [ 137.906737][ T3494] [ 137.906753][ T3494] dump_stack_lvl+0x189/0x250 [ 137.906790][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.906820][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 137.906839][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 137.906865][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 137.906902][ T3494] f2fs_handle_critical_error+0x37c/0x540 [pid 6022] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6016] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 137.906940][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 137.906991][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 137.907027][ T3494] __submit_merged_write_cond+0x255/0x530 [ 137.907064][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 137.907095][ T3494] ? __lock_acquire+0xaac/0xd20 [ 137.907161][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.907208][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 137.907270][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 137.907316][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 137.907348][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 137.907383][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 137.907417][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 137.907458][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.907490][ T3494] do_writepages+0x3ae/0x7b0 [ 137.907529][ T3494] ? __lock_acquire+0xaac/0xd20 [ 137.907566][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 137.907613][ T3494] __writeback_single_inode+0x145/0xff0 [ 137.907642][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 137.907672][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 137.907731][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 137.907813][ T3494] ? rcu_is_watching+0x15/0xb0 [ 137.907856][ T3494] wb_writeback+0x43b/0xaf0 [ 137.907894][ T3494] ? queue_io+0x3a1/0x590 [ 137.907927][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 137.907966][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.907996][ T3494] wb_workfn+0x409/0xef0 [ 137.908037][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 137.908058][ T3494] ? register_lock_class+0x51/0x320 [ 137.908094][ T3494] ? __lock_acquire+0xaac/0xd20 [ 137.908134][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 137.908174][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.908197][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 137.908229][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 137.908266][ T3494] process_scheduled_works+0xadb/0x17a0 [ 137.908352][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 137.908405][ T3494] worker_thread+0x8a0/0xda0 [ 137.908456][ T3494] kthread+0x70e/0x8a0 [ 137.908485][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 137.908503][ T3494] ? __pfx_kthread+0x10/0x10 [ 137.908525][ T3494] ? __pfx_kthread+0x10/0x10 [ 137.908548][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.908571][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.908598][ T3494] ? __pfx_kthread+0x10/0x10 [ 137.908622][ T3494] ret_from_fork+0x4b/0x80 [ 137.908641][ T3494] ? __pfx_kthread+0x10/0x10 [ 137.908666][ T3494] ret_from_fork_asm+0x1a/0x30 [ 137.908717][ T3494] [ 137.908725][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6016] exit_group(0) = ? [ 138.366619][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 138.366654][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.366669][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 138.366705][ T3494] Call Trace: [ 138.366713][ T3494] [ 138.366723][ T3494] dump_stack_lvl+0x189/0x250 [ 138.366760][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.366790][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 138.366810][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 138.366836][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 138.366874][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 138.366912][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 138.366962][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 138.366999][ T3494] __submit_merged_write_cond+0x255/0x530 [ 138.367036][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 138.367067][ T3494] ? __lock_acquire+0xaac/0xd20 [ 138.367133][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 138.367181][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 138.367242][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 138.367288][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 138.367320][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 138.367356][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 138.367389][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 138.367436][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 138.367469][ T3494] do_writepages+0x3ae/0x7b0 [ 138.367507][ T3494] ? __lock_acquire+0xaac/0xd20 [ 138.367545][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 138.367591][ T3494] __writeback_single_inode+0x145/0xff0 [ 138.367621][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 138.367651][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 138.367710][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 138.367787][ T3494] ? rcu_is_watching+0x15/0xb0 [ 138.367830][ T3494] wb_writeback+0x43b/0xaf0 [ 138.367868][ T3494] ? queue_io+0x3a1/0x590 [ 138.367900][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 138.367939][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.367969][ T3494] wb_workfn+0x409/0xef0 [ 138.368010][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 138.368031][ T3494] ? register_lock_class+0x51/0x320 [ 138.368067][ T3494] ? __lock_acquire+0xaac/0xd20 [ 138.368107][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 138.368148][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.368170][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 138.368202][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 138.368238][ T3494] process_scheduled_works+0xadb/0x17a0 [ 138.368327][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 138.368381][ T3494] worker_thread+0x8a0/0xda0 [ 138.368437][ T3494] kthread+0x70e/0x8a0 [ 138.368467][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 138.368486][ T3494] ? __pfx_kthread+0x10/0x10 [ 138.368513][ T3494] ? __pfx_kthread+0x10/0x10 [ 138.368537][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 138.368560][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.368587][ T3494] ? __pfx_kthread+0x10/0x10 [ 138.368611][ T3494] ret_from_fork+0x4b/0x80 [ 138.368631][ T3494] ? __pfx_kthread+0x10/0x10 [ 138.368656][ T3494] ret_from_fork_asm+0x1a/0x30 [ 138.368711][ T3494] [ 138.370544][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6019] <... write resumed>) = 20699119 [pid 6019] munmap(0x7f8363000000, 138412032) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 6017] <... ioctl resumed>) = ? [pid 6017] +++ exited with 0 +++ [pid 6022] <... ioctl resumed>) = ? [pid 6019] <... ioctl resumed>) = 0 [pid 6022] +++ exited with 0 +++ [pid 6016] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6016, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=35 /* 0.35 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./12/binderfs") = 0 [ 138.751774][ T6017] VFS:Filesystem freeze failed [ 138.768781][ T6019] loop1: detected capacity change from 0 to 40427 [pid 5823] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6019] close(3) = 0 [pid 6019] close(4) = 0 [pid 6019] mkdir("./bus", 0777) = 0 [ 138.845587][ T6019] F2FS-fs (loop1): invalid crc value [pid 6019] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./bus") = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6019] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 6019] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6018] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... openat resumed>) = 4 [ 138.995013][ T6019] F2FS-fs (loop1): Start checkpoint disabled! [ 139.035116][ T6019] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6019] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6018] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... openat resumed>) = 5 [pid 6019] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6018] <... futex resumed>) = 0 [ 139.110175][ T3494] kworker/u8:6: attempt to access beyond end of device [ 139.110175][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 139.146620][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 139.146653][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.146668][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 139.146700][ T3494] Call Trace: [ 139.146708][ T3494] [ 139.146718][ T3494] dump_stack_lvl+0x189/0x250 [ 139.146751][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.146795][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 139.146812][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 139.146835][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6018] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6018] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6018] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6025]}, 88) = 6025 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6018] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6025 attached [pid 6025] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6025] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6025] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6025] <... futex resumed>) = 0 [pid 6025] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6018] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./12/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./12") = 0 [pid 5823] mkdir("./13", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 139.146868][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 139.146918][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 139.146966][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 139.146997][ T3494] __submit_merged_write_cond+0x255/0x530 [ 139.147029][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 139.147057][ T3494] ? __lock_acquire+0xaac/0xd20 [ 139.147116][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 139.147159][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 139.147217][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 139.147259][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 139.147290][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 139.147323][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 139.147355][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 139.147400][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 139.147430][ T3494] do_writepages+0x3ae/0x7b0 [ 139.147460][ T3494] ? irqentry_exit+0x74/0x90 [ 139.147492][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.147523][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 139.147580][ T3494] __writeback_single_inode+0x145/0xff0 [ 139.147607][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 139.147634][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 139.147687][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 139.147754][ T3494] ? rcu_is_watching+0x15/0xb0 [ 139.147793][ T3494] wb_writeback+0x43b/0xaf0 [ 139.147827][ T3494] ? queue_io+0x3a1/0x590 [ 139.147855][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 139.147890][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 139.147917][ T3494] wb_workfn+0x409/0xef0 [ 139.147954][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 139.147973][ T3494] ? register_lock_class+0x51/0x320 [ 139.148005][ T3494] ? __lock_acquire+0xaac/0xd20 [ 139.148040][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.148077][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 139.148098][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.148126][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.148158][ T3494] process_scheduled_works+0xadb/0x17a0 [ 139.148225][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 139.148294][ T3494] worker_thread+0x8a0/0xda0 [ 139.148338][ T3494] kthread+0x70e/0x8a0 [ 139.148364][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 139.148388][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.148412][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.148435][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 139.148458][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.148485][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.148508][ T3494] ret_from_fork+0x4b/0x80 [ 139.148527][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.148551][ T3494] ret_from_fork_asm+0x1a/0x30 [ 139.148601][ T3494] [ 139.148609][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 139.474989][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 139.475021][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.475036][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 139.475071][ T3494] Call Trace: [ 139.475079][ T3494] [ 139.475089][ T3494] dump_stack_lvl+0x189/0x250 [ 139.475127][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.475158][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 139.475176][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 139.475203][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 139.475243][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 139.475284][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 139.475338][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 139.475421][ T3494] __submit_merged_write_cond+0x255/0x530 [ 139.475461][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 139.475492][ T3494] ? __lock_acquire+0xaac/0xd20 [ 139.475567][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 139.475619][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 139.475690][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 139.475739][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 139.475773][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 139.475810][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 139.475847][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [pid 6018] exit_group(0) = ? [ 139.475890][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 139.475923][ T3494] do_writepages+0x3ae/0x7b0 [ 139.475961][ T3494] ? irqentry_exit+0x74/0x90 [ 139.475988][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.476026][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 139.476077][ T3494] __writeback_single_inode+0x145/0xff0 [ 139.476107][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 139.476145][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 139.476212][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 139.476300][ T3494] ? rcu_is_watching+0x15/0xb0 [ 139.476347][ T3494] wb_writeback+0x43b/0xaf0 [ 139.476394][ T3494] ? queue_io+0x3a1/0x590 [ 139.476428][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 139.476474][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 139.476504][ T3494] wb_workfn+0x409/0xef0 [ 139.476547][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 139.476569][ T3494] ? register_lock_class+0x51/0x320 [ 139.476605][ T3494] ? __lock_acquire+0xaac/0xd20 [ 139.476648][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.476692][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 139.476715][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.476747][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 139.476784][ T3494] process_scheduled_works+0xadb/0x17a0 [ 139.476859][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 139.476919][ T3494] worker_thread+0x8a0/0xda0 [ 139.476977][ T3494] kthread+0x70e/0x8a0 [ 139.477007][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 139.477027][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.477055][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.477079][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [pid 5823] <... close resumed>) = 0 [ 139.477103][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.477130][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.477154][ T3494] ret_from_fork+0x4b/0x80 [ 139.477175][ T3494] ? __pfx_kthread+0x10/0x10 [ 139.477201][ T3494] ret_from_fork_asm+0x1a/0x30 [ 139.477257][ T3494] [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6026 [pid 6026] <... set_robust_list resumed>) = 0 [pid 6026] chdir("./13") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6026] write(1, "executing program\n", 18) = 18 [pid 6026] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6026] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6027]}, 88) = 6027 ./strace-static-x86_64: Process 6027 attached [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6027] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6027] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 139.966513][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6025] <... ioctl resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6019] <... ioctl resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=41 /* 0.41 s */} --- [pid 5824] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 140.168149][ T6019] VFS:Filesystem freeze failed [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./12/binderfs") = 0 [pid 5824] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 6027] munmap(0x7f8363000000, 138412032) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] close(4) = 0 [pid 6027] mkdir("./bus", 0777) = 0 [ 140.507807][ T6027] loop0: detected capacity change from 0 to 40427 [ 140.533208][ T6027] F2FS-fs (loop0): invalid crc value [pid 6027] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./12/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./12/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./12") = 0 [pid 5824] mkdir("./13", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6027] <... mount resumed>) = 0 [pid 6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./bus") = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6027] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [ 140.727248][ T6027] F2FS-fs (loop0): Start checkpoint disabled! [ 140.760883][ T6027] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6026] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6026] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... openat resumed>) = 4 [pid 6027] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6027] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6026] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... openat resumed>) = 5 [pid 6027] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6027] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 0 [pid 6027] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6026] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6026] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 140.837292][ T3494] kworker/u8:6: attempt to access beyond end of device [ 140.837292][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 140.871886][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6030]}, 88) = 6030 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6030 attached [pid 6030] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6030] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6030] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 140.871919][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.871934][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 140.871965][ T3494] Call Trace: [ 140.871973][ T3494] [ 140.871982][ T3494] dump_stack_lvl+0x189/0x250 [ 140.872016][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.872043][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 140.872061][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 140.872084][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6030] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6026] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 140.872120][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 140.872155][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 140.872205][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 140.872239][ T3494] __submit_merged_write_cond+0x255/0x530 [ 140.872275][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 140.872315][ T3494] ? __lock_acquire+0xaac/0xd20 [ 140.872387][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 140.872450][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 140.872516][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 140.872562][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 140.872594][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 140.872631][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 140.872665][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 140.872707][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 140.872735][ T3494] do_writepages+0x3ae/0x7b0 [ 140.872767][ T3494] ? __lock_acquire+0xaac/0xd20 [ 140.872798][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 140.872837][ T3494] __writeback_single_inode+0x145/0xff0 [ 140.872862][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 140.872886][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 140.872937][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 140.873003][ T3494] ? rcu_is_watching+0x15/0xb0 [ 140.873039][ T3494] wb_writeback+0x43b/0xaf0 [ 140.873070][ T3494] ? queue_io+0x3a1/0x590 [ 140.873096][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 140.873128][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.873153][ T3494] wb_workfn+0x409/0xef0 [ 140.873188][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 140.873205][ T3494] ? register_lock_class+0x51/0x320 [ 140.873234][ T3494] ? __lock_acquire+0xaac/0xd20 [ 140.873267][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 140.873312][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.873331][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 140.873356][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 140.873397][ T3494] process_scheduled_works+0xadb/0x17a0 [ 140.873452][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 140.873496][ T3494] worker_thread+0x8a0/0xda0 [ 140.873538][ T3494] kthread+0x70e/0x8a0 [ 140.873562][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 140.873577][ T3494] ? __pfx_kthread+0x10/0x10 [ 140.873598][ T3494] ? __pfx_kthread+0x10/0x10 [ 140.873616][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 140.873634][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.873674][ T3494] ? __pfx_kthread+0x10/0x10 [ 140.873692][ T3494] ret_from_fork+0x4b/0x80 [ 140.873708][ T3494] ? __pfx_kthread+0x10/0x10 [ 140.873728][ T3494] ret_from_fork_asm+0x1a/0x30 [ 140.873771][ T3494] [pid 5824] <... close resumed>) = 0 [ 140.874075][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 141.192606][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 141.192638][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.192653][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 141.192685][ T3494] Call Trace: [ 141.192693][ T3494] [ 141.192701][ T3494] dump_stack_lvl+0x189/0x250 [ 141.192736][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.192766][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 141.192784][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 141.192808][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 141.192846][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 141.192886][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 141.192939][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 141.192977][ T3494] __submit_merged_write_cond+0x255/0x530 [ 141.193013][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6031 attached , child_tidptr=0x55558e3aa690) = 6031 [pid 6031] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6031] chdir("./13") = 0 [pid 6031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6031] setpgid(0, 0) = 0 [pid 6031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6031] write(3, "1000", 4) = 4 [pid 6031] close(3) = 0 [ 141.193042][ T3494] ? __lock_acquire+0xaac/0xd20 [ 141.193117][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 141.193168][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 141.193239][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 141.193288][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 141.193321][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 141.193359][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 141.193394][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 141.193434][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 executing program [pid 6031] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6031] write(1, "executing program\n", 18) = 18 [pid 6031] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6031] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6032]}, 88) = 6032 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6032 attached NULL, 8) = 0 [pid 6032] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6031] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... rseq resumed>) = 0 [pid 6031] <... futex resumed>) = 0 [pid 6032] set_robust_list(0x7f836b55f9a0, 24 [pid 6031] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6032] <... set_robust_list resumed>) = 0 [ 141.193465][ T3494] do_writepages+0x3ae/0x7b0 [ 141.193520][ T3494] ? __lock_acquire+0xaac/0xd20 [ 141.193559][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 141.193611][ T3494] __writeback_single_inode+0x145/0xff0 [ 141.193641][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 141.193670][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 141.193733][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 141.193820][ T3494] ? rcu_is_watching+0x15/0xb0 [ 141.193867][ T3494] wb_writeback+0x43b/0xaf0 [ 141.193907][ T3494] ? queue_io+0x3a1/0x590 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6032] memfd_create("syzkaller", 0) = 3 [pid 6032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 141.193941][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 141.193983][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 141.194016][ T3494] wb_workfn+0x409/0xef0 [ 141.194062][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 141.194084][ T3494] ? register_lock_class+0x51/0x320 [ 141.194123][ T3494] ? __lock_acquire+0xaac/0xd20 [ 141.194167][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 141.194210][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 141.194233][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 141.194264][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 141.194302][ T3494] process_scheduled_works+0xadb/0x17a0 [ 141.194378][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 141.194437][ T3494] worker_thread+0x8a0/0xda0 [ 141.194504][ T3494] kthread+0x70e/0x8a0 [ 141.194535][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 141.194556][ T3494] ? __pfx_kthread+0x10/0x10 [ 141.194583][ T3494] ? __pfx_kthread+0x10/0x10 [ 141.194607][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 141.194631][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.194659][ T3494] ? __pfx_kthread+0x10/0x10 [pid 6026] exit_group(0) = ? [ 141.194683][ T3494] ret_from_fork+0x4b/0x80 [ 141.194703][ T3494] ? __pfx_kthread+0x10/0x10 [ 141.194728][ T3494] ret_from_fork_asm+0x1a/0x30 [ 141.194785][ T3494] [ 141.194795][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6027] <... ioctl resumed>) = ? [pid 6027] +++ exited with 0 +++ [pid 6030] <... ioctl resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./13/binderfs") = 0 [ 141.646684][ T6027] VFS:Filesystem freeze failed [pid 5823] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6032] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./13/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./13") = 0 [pid 5823] mkdir("./14", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6032] <... write resumed>) = 20699119 [pid 6032] munmap(0x7f8363000000, 138412032) = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6032] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6032] close(3) = 0 [pid 6032] close(4) = 0 [pid 6032] mkdir("./bus", 0777) = 0 [ 142.307654][ T6032] loop1: detected capacity change from 0 to 40427 [ 142.340949][ T6032] F2FS-fs (loop1): invalid crc value [pid 6032] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6034 ./strace-static-x86_64: Process 6034 attached [pid 6034] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6034] chdir("./14") = 0 [pid 6034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6034] setpgid(0, 0) = 0 [pid 6034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6034] write(3, "1000", 4) = 4 executing program [pid 6034] close(3) = 0 [pid 6034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6034] write(1, "executing program\n", 18) = 18 [pid 6034] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6034] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6035 attached => {parent_tid=[6035]}, 88) = 6035 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6035] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6034] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... rseq resumed>) = 0 [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6035] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6035] memfd_create("syzkaller", 0) = 3 [pid 6035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6032] <... mount resumed>) = 0 [pid 6032] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6032] chdir("./bus") = 0 [pid 6032] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6032] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6032] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6032] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 142.527227][ T6032] F2FS-fs (loop1): Start checkpoint disabled! [ 142.546135][ T6032] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6031] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6031] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6032] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6031] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... openat resumed>) = 5 [pid 6032] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6032] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6031] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6031] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6031] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6031] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 142.669060][ T12] kworker/u8:0: attempt to access beyond end of device [ 142.669060][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 142.704609][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 142.704643][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 142.704663][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 142.704697][ T12] Call Trace: [ 142.704706][ T12] [ 142.704715][ T12] dump_stack_lvl+0x189/0x250 [ 142.704753][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.704783][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 142.704803][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 142.704830][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.704870][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 142.704911][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 142.704965][ T12] __submit_merged_bio+0x27a/0x6a0 [ 142.705004][ T12] __submit_merged_write_cond+0x255/0x530 [ 142.705044][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 142.705075][ T12] ? __lock_acquire+0xaac/0xd20 [ 142.705150][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 142.705210][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 142.705232][ T12] ? scsi_alloc_sgtables+0x6b7/0xb60 [ 142.705312][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 142.705362][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 142.705395][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 142.705432][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 142.705468][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 142.705511][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 142.705545][ T12] do_writepages+0x3ae/0x7b0 [ 142.705600][ T12] ? __pfx_do_writepages+0x10/0x10 [ 142.705652][ T12] __writeback_single_inode+0x145/0xff0 [ 142.705683][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 142.705714][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 142.705755][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 142.705803][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 142.705890][ T12] ? rcu_is_watching+0x15/0xb0 [ 142.705935][ T12] wb_writeback+0x43b/0xaf0 [ 142.705977][ T12] ? queue_io+0x3a1/0x590 [ 142.706010][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 142.706052][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.706085][ T12] wb_workfn+0x409/0xef0 [pid 6031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6037]}, 88) = 6037 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6031] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6037 attached [pid 6037] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6037] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6037] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6037] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] <... futex resumed>) = 0 [pid 6031] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6031] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 142.706130][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 142.706157][ T12] ? register_lock_class+0x51/0x320 [ 142.706196][ T12] ? __lock_acquire+0xaac/0xd20 [ 142.706238][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 142.706281][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.706304][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 142.706336][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 142.706372][ T12] process_scheduled_works+0xadb/0x17a0 [ 142.706446][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 142.706501][ T12] worker_thread+0x8a0/0xda0 [ 142.706558][ T12] kthread+0x70e/0x8a0 [ 142.706589][ T12] ? __pfx_worker_thread+0x10/0x10 [ 142.706609][ T12] ? __pfx_kthread+0x10/0x10 [ 142.706637][ T12] ? __pfx_kthread+0x10/0x10 [ 142.706661][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.706685][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 142.706711][ T12] ? __pfx_kthread+0x10/0x10 [ 142.706736][ T12] ret_from_fork+0x4b/0x80 [ 142.706756][ T12] ? __pfx_kthread+0x10/0x10 [ 142.706782][ T12] ret_from_fork_asm+0x1a/0x30 [ 142.706837][ T12] [pid 6031] exit_group(0) = ? [ 143.256522][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 143.276547][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 143.276580][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 143.276596][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 143.276630][ T12] Call Trace: [ 143.276638][ T12] [ 143.276647][ T12] dump_stack_lvl+0x189/0x250 [ 143.276683][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.276713][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 143.276733][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 143.276758][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.276795][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 143.276846][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 143.276894][ T12] __submit_merged_bio+0x27a/0x6a0 [ 143.276929][ T12] __submit_merged_write_cond+0x255/0x530 [ 143.276964][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 143.276994][ T12] ? __lock_acquire+0xaac/0xd20 [ 143.277058][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 143.277122][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 143.277139][ T12] ? scsi_alloc_sgtables+0x6b7/0xb60 [ 143.277211][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 143.277257][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 143.277290][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 143.277325][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 143.277368][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 143.277409][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 143.277442][ T12] do_writepages+0x3ae/0x7b0 [ 143.277492][ T12] ? __pfx_do_writepages+0x10/0x10 [ 143.277538][ T12] __writeback_single_inode+0x145/0xff0 [ 143.277567][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 143.277597][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 143.277635][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 143.277678][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 143.277754][ T12] ? rcu_is_watching+0x15/0xb0 [ 143.277797][ T12] wb_writeback+0x43b/0xaf0 [ 143.277835][ T12] ? queue_io+0x3a1/0x590 [ 143.277868][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 143.277906][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.277936][ T12] wb_workfn+0x409/0xef0 [ 143.277977][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 143.277998][ T12] ? register_lock_class+0x51/0x320 [ 143.278034][ T12] ? __lock_acquire+0xaac/0xd20 [ 143.278074][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 143.278114][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.278137][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 143.278169][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 143.278205][ T12] process_scheduled_works+0xadb/0x17a0 [ 143.278271][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.278325][ T12] worker_thread+0x8a0/0xda0 [ 143.278383][ T12] kthread+0x70e/0x8a0 [ 143.278412][ T12] ? __pfx_worker_thread+0x10/0x10 [ 143.278432][ T12] ? __pfx_kthread+0x10/0x10 [ 143.278458][ T12] ? __pfx_kthread+0x10/0x10 [ 143.278482][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.278505][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.278532][ T12] ? __pfx_kthread+0x10/0x10 [ 143.278555][ T12] ret_from_fork+0x4b/0x80 [ 143.278576][ T12] ? __pfx_kthread+0x10/0x10 [ 143.278600][ T12] ret_from_fork_asm+0x1a/0x30 [ 143.278651][ T12] [ 143.278659][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 143.688399][ T6032] VFS:Filesystem freeze failed [pid 6035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6032] <... ioctl resumed>) = ? [pid 6032] +++ exited with 0 +++ [pid 6037] <... ioctl resumed>) = ? [pid 6037] +++ exited with 0 +++ [pid 6031] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6031, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=43 /* 0.43 s */} --- [pid 5824] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./13/binderfs") = 0 [pid 5824] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6035] <... write resumed>) = 20699119 [pid 6035] munmap(0x7f8363000000, 138412032) = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6035] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6035] close(3) = 0 [pid 6035] close(4) = 0 [pid 6035] mkdir("./bus", 0777) = 0 [ 143.978040][ T6035] loop0: detected capacity change from 0 to 40427 [ 144.013853][ T6035] F2FS-fs (loop0): invalid crc value [pid 6035] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./13/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./13/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./13") = 0 [pid 5824] mkdir("./14", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6035] <... mount resumed>) = 0 [pid 6035] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6035] chdir("./bus") = 0 [pid 6035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6035] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6035] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] <... futex resumed>) = 0 [pid 6034] <... futex resumed>) = 1 [pid 6035] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6034] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 144.255131][ T6035] F2FS-fs (loop0): Start checkpoint disabled! [ 144.273828][ T6035] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6034] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6034] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6034] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6040]}, 88) = 6040 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6034] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6034] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6040 attached [pid 6040] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6040] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 144.367725][ T12] kworker/u8:0: attempt to access beyond end of device [ 144.367725][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 144.407088][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 144.407118][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.407132][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 144.407166][ T12] Call Trace: [ 144.407174][ T12] [ 144.407184][ T12] dump_stack_lvl+0x189/0x250 [ 144.407218][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.407247][ T12] ? __pfx_queue_work_on+0x10/0x10 [pid 6040] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6040] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 144.407267][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 144.407292][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 144.407327][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 144.407364][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 144.407412][ T12] __submit_merged_bio+0x27a/0x6a0 [ 144.407447][ T12] __submit_merged_write_cond+0x255/0x530 [ 144.407483][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 144.407512][ T12] ? __lock_acquire+0xaac/0xd20 [ 144.407576][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6040] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6034] <... futex resumed>) = 0 [pid 6034] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 0 [ 144.407620][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 144.407683][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 144.407727][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 144.407758][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 144.407791][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 144.407823][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 144.407862][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 144.407917][ T12] do_writepages+0x3ae/0x7b0 [ 144.407954][ T12] ? __lock_acquire+0xaac/0xd20 [pid 6040] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 144.407991][ T12] ? __pfx_do_writepages+0x10/0x10 [ 144.408036][ T12] __writeback_single_inode+0x145/0xff0 [ 144.408071][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 144.408100][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 144.408157][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 144.408230][ T12] ? rcu_is_watching+0x15/0xb0 [ 144.408272][ T12] wb_writeback+0x43b/0xaf0 [ 144.408309][ T12] ? queue_io+0x3a1/0x590 [ 144.408340][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 144.408378][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.408408][ T12] wb_workfn+0x409/0xef0 [ 144.408448][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 144.408468][ T12] ? register_lock_class+0x51/0x320 [ 144.408503][ T12] ? __lock_acquire+0xaac/0xd20 [ 144.408541][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.408581][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.408603][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.408634][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.408668][ T12] process_scheduled_works+0xadb/0x17a0 [ 144.408751][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 144.408805][ T12] worker_thread+0x8a0/0xda0 [ 144.408856][ T12] kthread+0x70e/0x8a0 [ 144.408885][ T12] ? __pfx_worker_thread+0x10/0x10 [ 144.408905][ T12] ? __pfx_kthread+0x10/0x10 [ 144.408932][ T12] ? __pfx_kthread+0x10/0x10 [ 144.408955][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.408979][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.409006][ T12] ? __pfx_kthread+0x10/0x10 [ 144.409029][ T12] ret_from_fork+0x4b/0x80 [ 144.409061][ T12] ? __pfx_kthread+0x10/0x10 [ 144.409091][ T12] ret_from_fork_asm+0x1a/0x30 [ 144.409141][ T12] [ 144.626626][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 144.953552][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 144.953586][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 144.953602][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 144.953637][ T12] Call Trace: [ 144.953645][ T12] [ 144.953655][ T12] dump_stack_lvl+0x189/0x250 [ 144.953694][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.953730][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 144.953749][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 144.953785][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 144.953825][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 144.953866][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 144.953932][ T12] __submit_merged_bio+0x27a/0x6a0 [ 144.953974][ T12] __submit_merged_write_cond+0x255/0x530 [ 144.954014][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 144.954044][ T12] ? __lock_acquire+0xaac/0xd20 [ 144.954115][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 144.954166][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 144.954234][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 144.954287][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 144.954319][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 144.954355][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 144.954390][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 144.954431][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 144.954463][ T12] do_writepages+0x3ae/0x7b0 [ 144.954502][ T12] ? __lock_acquire+0xaac/0xd20 [ 144.954549][ T12] ? __pfx_do_writepages+0x10/0x10 [ 144.954618][ T12] __writeback_single_inode+0x145/0xff0 [ 144.954648][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 144.954680][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 144.954747][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 144.954834][ T12] ? rcu_is_watching+0x15/0xb0 [ 144.954881][ T12] wb_writeback+0x43b/0xaf0 [ 144.954921][ T12] ? queue_io+0x3a1/0x590 [ 144.954955][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 144.954997][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.955030][ T12] wb_workfn+0x409/0xef0 [ 144.955076][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 144.955097][ T12] ? register_lock_class+0x51/0x320 [ 144.955136][ T12] ? __lock_acquire+0xaac/0xd20 [ 144.955179][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.955223][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.955253][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.955285][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 144.955322][ T12] process_scheduled_works+0xadb/0x17a0 [ 144.955396][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 144.955454][ T12] worker_thread+0x8a0/0xda0 [ 144.955512][ T12] kthread+0x70e/0x8a0 [ 144.955543][ T12] ? __pfx_worker_thread+0x10/0x10 [ 144.955562][ T12] ? __pfx_kthread+0x10/0x10 [ 144.955590][ T12] ? __pfx_kthread+0x10/0x10 [ 144.955614][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.955638][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.955665][ T12] ? __pfx_kthread+0x10/0x10 [ 144.955689][ T12] ret_from_fork+0x4b/0x80 [ 144.955709][ T12] ? __pfx_kthread+0x10/0x10 [ 144.955734][ T12] ret_from_fork_asm+0x1a/0x30 [ 144.955801][ T12] [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6041] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6041] chdir("./14") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3executing program ) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6041] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6034] exit_group(0) = ? [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6042 attached => {parent_tid=[6042]}, 88) = 6042 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] <... rseq resumed>) = 0 [pid 6041] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] set_robust_list(0x7f836b55f9a0, 24 [pid 6041] <... futex resumed>) = 0 [pid 6042] <... set_robust_list resumed>) = 0 [pid 6041] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6042] memfd_create("syzkaller", 0) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 145.346584][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6040] <... ioctl resumed>) = ? [pid 6035] <... ioctl resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6035] +++ exited with 0 +++ [pid 6034] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6034, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5823] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./14/binderfs") = 0 [ 145.636905][ T6035] VFS:Filesystem freeze failed [pid 5823] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./14/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./14") = 0 [pid 5823] mkdir("./15", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6042] <... write resumed>) = 20699119 [pid 6042] munmap(0x7f8363000000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [ 146.438442][ T6042] loop1: detected capacity change from 0 to 40427 [ 146.476761][ T6042] F2FS-fs (loop1): invalid crc value [pid 6042] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6044 attached , child_tidptr=0x55558e3aa690) = 6044 [pid 6044] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6044] chdir("./15") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6044] write(1, "executing program\n", 18executing program ) = 18 [pid 6044] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6044] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6044] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6045 attached => {parent_tid=[6045]}, 88) = 6045 [pid 6045] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... rseq resumed>) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] set_robust_list(0x7f836b55f9a0, 24 [pid 6044] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... set_robust_list resumed>) = 0 [pid 6044] <... futex resumed>) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 146.756801][ T6042] F2FS-fs (loop1): Start checkpoint disabled! [pid 6042] <... mount resumed>) = 0 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6042] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6041] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6042] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6041] <... futex resumed>) = 0 [pid 6042] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6041] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... openat resumed>) = 5 [pid 6041] <... futex resumed>) = 0 [pid 6042] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 0 [pid 6041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6042] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 146.797597][ T6042] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6041] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 146.849604][ T3513] kworker/u8:7: attempt to access beyond end of device [ 146.849604][ T3513] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 146.894674][ T3513] CPU: 0 UID: 0 PID: 3513 Comm: kworker/u8:7 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 146.894709][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 146.894724][ T3513] Workqueue: writeback wb_workfn (flush-7:1) [ 146.894757][ T3513] Call Trace: [ 146.894767][ T3513] [ 146.894776][ T3513] dump_stack_lvl+0x189/0x250 [ 146.894812][ T3513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.894842][ T3513] ? __pfx_queue_work_on+0x10/0x10 [ 146.894860][ T3513] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 146.894886][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 146.894923][ T3513] f2fs_handle_critical_error+0x37c/0x540 [ 146.894962][ T3513] f2fs_write_end_io+0x4e2/0x6d0 [ 146.895013][ T3513] __submit_merged_bio+0x27a/0x6a0 [ 146.895049][ T3513] __submit_merged_write_cond+0x255/0x530 [ 146.895086][ T3513] f2fs_write_data_pages+0x2854/0x31f0 [ 146.895117][ T3513] ? __lock_acquire+0xaac/0xd20 [ 146.895189][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6042] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6041] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6047]}, 88) = 6047 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6047 attached [pid 6047] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6047] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6047] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6047] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6047] <... futex resumed>) = 1 [pid 6047] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 146.895237][ T3513] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 146.895297][ T3513] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 146.895342][ T3513] ? trace_f2fs_writepages+0x7f/0x200 [ 146.895374][ T3513] ? f2fs_write_node_pages+0x478/0x6e0 [ 146.895408][ T3513] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 146.895442][ T3513] ? has_not_enough_free_secs+0xd8b/0x1640 [ 146.895482][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 146.895514][ T3513] do_writepages+0x3ae/0x7b0 [ 146.895552][ T3513] ? __lock_acquire+0xaac/0xd20 [ 146.895589][ T3513] ? __pfx_do_writepages+0x10/0x10 [ 146.895635][ T3513] __writeback_single_inode+0x145/0xff0 [ 146.895664][ T3513] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 146.895693][ T3513] writeback_sb_inodes+0x6b5/0x1000 [ 146.895750][ T3513] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 146.895825][ T3513] ? rcu_is_watching+0x15/0xb0 [ 146.895868][ T3513] wb_writeback+0x43b/0xaf0 [ 146.895905][ T3513] ? queue_io+0x3a1/0x590 [ 146.895937][ T3513] ? __pfx_wb_writeback+0x10/0x10 [ 146.895976][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.896005][ T3513] wb_workfn+0x409/0xef0 [ 146.896046][ T3513] ? __pfx_wb_workfn+0x10/0x10 [ 146.896067][ T3513] ? register_lock_class+0x51/0x320 [ 146.896103][ T3513] ? __lock_acquire+0xaac/0xd20 [ 146.896143][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 146.896190][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.896212][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 146.896244][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 146.896280][ T3513] process_scheduled_works+0xadb/0x17a0 [pid 6041] exit_group(0) = ? [ 146.896345][ T3513] ? __pfx_process_scheduled_works+0x10/0x10 [ 146.896398][ T3513] worker_thread+0x8a0/0xda0 [ 146.896421][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 146.896456][ T3513] ? __kthread_parkme+0x7b/0x200 [ 146.896488][ T3513] kthread+0x70e/0x8a0 [ 146.896517][ T3513] ? __pfx_worker_thread+0x10/0x10 [ 146.896537][ T3513] ? __pfx_kthread+0x10/0x10 [ 146.896563][ T3513] ? __pfx_kthread+0x10/0x10 [ 146.896586][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 146.896610][ T3513] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.896637][ T3513] ? __pfx_kthread+0x10/0x10 [ 146.896661][ T3513] ret_from_fork+0x4b/0x80 [ 146.896681][ T3513] ? __pfx_kthread+0x10/0x10 [ 146.896705][ T3513] ret_from_fork_asm+0x1a/0x30 [ 146.896755][ T3513] [ 147.429600][ T3513] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 147.456575][ T3513] CPU: 1 UID: 0 PID: 3513 Comm: kworker/u8:7 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 147.456607][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.456622][ T3513] Workqueue: writeback wb_workfn (flush-7:1) [ 147.456657][ T3513] Call Trace: [ 147.456665][ T3513] [ 147.456675][ T3513] dump_stack_lvl+0x189/0x250 [ 147.456711][ T3513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.456741][ T3513] ? __pfx_queue_work_on+0x10/0x10 [ 147.456761][ T3513] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 147.456786][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 147.456833][ T3513] f2fs_handle_critical_error+0x37c/0x540 [ 147.456873][ T3513] f2fs_write_end_io+0x4e2/0x6d0 [ 147.456924][ T3513] __submit_merged_bio+0x27a/0x6a0 [ 147.456960][ T3513] __submit_merged_write_cond+0x255/0x530 [ 147.456997][ T3513] f2fs_write_data_pages+0x2854/0x31f0 [ 147.457028][ T3513] ? __lock_acquire+0xaac/0xd20 [ 147.457093][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 147.457142][ T3513] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 147.457203][ T3513] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 147.457250][ T3513] ? trace_f2fs_writepages+0x7f/0x200 [ 147.457282][ T3513] ? f2fs_write_node_pages+0x478/0x6e0 [ 147.457317][ T3513] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 147.457352][ T3513] ? has_not_enough_free_secs+0xd8b/0x1640 [ 147.457391][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 147.457425][ T3513] do_writepages+0x3ae/0x7b0 [ 147.457464][ T3513] ? __lock_acquire+0xaac/0xd20 [ 147.457500][ T3513] ? __pfx_do_writepages+0x10/0x10 [ 147.457546][ T3513] __writeback_single_inode+0x145/0xff0 [ 147.457576][ T3513] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 147.457605][ T3513] writeback_sb_inodes+0x6b5/0x1000 [ 147.457664][ T3513] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 147.457740][ T3513] ? rcu_is_watching+0x15/0xb0 [ 147.457782][ T3513] wb_writeback+0x43b/0xaf0 [ 147.457829][ T3513] ? queue_io+0x3a1/0x590 [ 147.457862][ T3513] ? __pfx_wb_writeback+0x10/0x10 [ 147.457900][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.457931][ T3513] wb_workfn+0x409/0xef0 [ 147.457972][ T3513] ? __pfx_wb_workfn+0x10/0x10 [ 147.457994][ T3513] ? register_lock_class+0x51/0x320 [ 147.458030][ T3513] ? __lock_acquire+0xaac/0xd20 [pid 6045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 6045] munmap(0x7f8363000000, 138412032) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 147.458070][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 147.458111][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.458134][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 147.458166][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 147.458202][ T3513] process_scheduled_works+0xadb/0x17a0 [ 147.458267][ T3513] ? __pfx_process_scheduled_works+0x10/0x10 [ 147.458321][ T3513] worker_thread+0x8a0/0xda0 [ 147.458346][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 147.458381][ T3513] ? __kthread_parkme+0x7b/0x200 [ 147.458414][ T3513] kthread+0x70e/0x8a0 [ 147.458443][ T3513] ? __pfx_worker_thread+0x10/0x10 [ 147.458463][ T3513] ? __pfx_kthread+0x10/0x10 [ 147.458490][ T3513] ? __pfx_kthread+0x10/0x10 [ 147.458513][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 147.458537][ T3513] ? lockdep_hardirqs_on+0x9c/0x150 [ 147.458564][ T3513] ? __pfx_kthread+0x10/0x10 [ 147.458588][ T3513] ret_from_fork+0x4b/0x80 [ 147.458607][ T3513] ? __pfx_kthread+0x10/0x10 [ 147.458632][ T3513] ret_from_fork_asm+0x1a/0x30 [ 147.458683][ T3513] [ 147.458692][ T3513] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 147.708733][ T6045] loop0: detected capacity change from 0 to 40427 [pid 6045] ioctl(4, LOOP_SET_FD, 3 [pid 6047] <... ioctl resumed>) = ? [pid 6047] +++ exited with 0 +++ [pid 6042] <... ioctl resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=33 /* 0.33 s */} --- [pid 5824] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./14/binderfs") = 0 [ 147.850362][ T6042] VFS:Filesystem freeze failed [pid 5824] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6045] <... ioctl resumed>) = 0 [pid 6045] close(3) = 0 [pid 6045] close(4) = 0 [pid 6045] mkdir("./bus", 0777) = 0 [ 147.941477][ T6045] F2FS-fs (loop0): invalid crc value [ 148.194701][ T6045] F2FS-fs (loop0): Start checkpoint disabled! [pid 6045] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./bus") = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6045] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6045] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6044] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] <... openat resumed>) = 4 [pid 5824] <... umount2 resumed>) = 0 [pid 6045] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6045] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] <... futex resumed>) = 0 [pid 6045] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6044] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6045] <... openat resumed>) = 5 [pid 5824] newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./14/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./14/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./14") = 0 [pid 5824] mkdir("./15", 0777) = 0 [ 148.266911][ T6045] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6045] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6045] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] <... futex resumed>) = 0 [pid 6045] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6044] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6044] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6044] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 148.382716][ T12] kworker/u8:0: attempt to access beyond end of device [ 148.382716][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 148.417526][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 148.417559][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.417575][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 148.417608][ T12] Call Trace: [ 148.417617][ T12] [ 148.417639][ T12] dump_stack_lvl+0x189/0x250 [ 148.417673][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.417703][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 148.417720][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 148.417746][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 148.417782][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 148.417819][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 148.417868][ T12] __submit_merged_bio+0x27a/0x6a0 [ 148.417903][ T12] __submit_merged_write_cond+0x255/0x530 [ 148.417939][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 148.417968][ T12] ? __lock_acquire+0xaac/0xd20 [ 148.418031][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.418091][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 148.418150][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 148.418194][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 148.418224][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 148.418259][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 148.418291][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 148.418330][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 148.418362][ T12] do_writepages+0x3ae/0x7b0 [ 148.418399][ T12] ? __lock_acquire+0xaac/0xd20 [ 148.418434][ T12] ? __pfx_do_writepages+0x10/0x10 [ 148.418479][ T12] __writeback_single_inode+0x145/0xff0 [pid 6044] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6044] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6050 attached => {parent_tid=[6050]}, 88) = 6050 [pid 6050] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6050] <... rseq resumed>) = 0 [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] set_robust_list(0x7f836b53e9a0, 24 [pid 6044] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... set_robust_list resumed>) = 0 [pid 6044] <... futex resumed>) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6050] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6050] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6050] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 148.418507][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 148.418536][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 148.418597][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 148.418670][ T12] ? rcu_is_watching+0x15/0xb0 [ 148.418712][ T12] wb_writeback+0x43b/0xaf0 [ 148.418748][ T12] ? queue_io+0x3a1/0x590 [ 148.418797][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 148.418833][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 148.418863][ T12] wb_workfn+0x409/0xef0 [ 148.418904][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 148.418925][ T12] ? register_lock_class+0x51/0x320 [ 148.418961][ T12] ? __lock_acquire+0xaac/0xd20 [ 148.419001][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 148.419048][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 148.419070][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 148.419102][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 148.419136][ T12] process_scheduled_works+0xadb/0x17a0 [ 148.419202][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 148.419255][ T12] worker_thread+0x8a0/0xda0 [ 148.419306][ T12] kthread+0x70e/0x8a0 [ 148.419334][ T12] ? __pfx_worker_thread+0x10/0x10 [ 148.419354][ T12] ? __pfx_kthread+0x10/0x10 [ 148.419379][ T12] ? __pfx_kthread+0x10/0x10 [ 148.419403][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 148.419426][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.419453][ T12] ? __pfx_kthread+0x10/0x10 [ 148.419476][ T12] ret_from_fork+0x4b/0x80 [ 148.419496][ T12] ? __pfx_kthread+0x10/0x10 [ 148.419520][ T12] ret_from_fork_asm+0x1a/0x30 [ 148.419570][ T12] [ 148.421340][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6044] exit_group(0) = ? [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6051 ./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6051] chdir("./15") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [ 149.197090][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 149.197124][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.197139][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 149.197172][ T12] Call Trace: [ 149.197181][ T12] [ 149.197190][ T12] dump_stack_lvl+0x189/0x250 [ 149.197226][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.197256][ T12] ? __pfx_queue_work_on+0x10/0x10 [pid 6051] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6051] write(1, "executing program\n", 18) = 18 [pid 6051] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6051] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6052]}, 88) = 6052 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 149.197274][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 149.197299][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 149.197336][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 149.197374][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 149.197422][ T12] __submit_merged_bio+0x27a/0x6a0 [ 149.197458][ T12] __submit_merged_write_cond+0x255/0x530 [ 149.197495][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 149.197525][ T12] ? __lock_acquire+0xaac/0xd20 [ 149.197590][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 149.197638][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 149.197699][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 149.197743][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 149.197775][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 149.197809][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 149.197843][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 149.197883][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 149.197916][ T12] do_writepages+0x3ae/0x7b0 [ 149.197954][ T12] ? __lock_acquire+0xaac/0xd20 [ 149.197999][ T12] ? __pfx_do_writepages+0x10/0x10 [ 149.198053][ T12] __writeback_single_inode+0x145/0xff0 [ 149.198082][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 149.198112][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 149.198171][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 149.198247][ T12] ? rcu_is_watching+0x15/0xb0 [ 149.198290][ T12] wb_writeback+0x43b/0xaf0 [ 149.198328][ T12] ? queue_io+0x3a1/0x590 [ 149.198365][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 149.198414][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 149.198448][ T12] wb_workfn+0x409/0xef0 [ 149.198493][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 149.198514][ T12] ? register_lock_class+0x51/0x320 [ 149.198550][ T12] ? __lock_acquire+0xaac/0xd20 [ 149.198590][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 149.198630][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 149.198652][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 149.198684][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 149.198724][ T12] process_scheduled_works+0xadb/0x17a0 [ 149.198791][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 149.198845][ T12] worker_thread+0x8a0/0xda0 [ 149.198895][ T12] kthread+0x70e/0x8a0 [ 149.198924][ T12] ? __pfx_worker_thread+0x10/0x10 [ 149.198944][ T12] ? __pfx_kthread+0x10/0x10 [ 149.198970][ T12] ? __pfx_kthread+0x10/0x10 [ 149.199000][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 149.199023][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.199051][ T12] ? __pfx_kthread+0x10/0x10 [ 149.199074][ T12] ret_from_fork+0x4b/0x80 [pid 6051] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6052 attached [pid 6052] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6052] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [ 149.199094][ T12] ? __pfx_kthread+0x10/0x10 [ 149.199119][ T12] ret_from_fork_asm+0x1a/0x30 [ 149.199170][ T12] [ 149.199179][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6050] <... ioctl resumed>) = ? [pid 6045] <... ioctl resumed>) = ? [pid 6050] +++ exited with 0 +++ [pid 6045] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=40 /* 0.40 s */} --- [pid 5823] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./15/binderfs") = 0 [ 149.591689][ T6045] VFS:Filesystem freeze failed [pid 5823] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./15/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./15") = 0 [pid 5823] mkdir("./16", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached , child_tidptr=0x55558e3aa690) = 6053 [pid 6053] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6052] <... write resumed>) = 20699119 [pid 6053] chdir("./16") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6052] munmap(0x7f8363000000, 138412032 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] <... munmap resumed>) = 0 [pid 6053] write(1, "executing program\n", 18executing program ) = 18 [pid 6052] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6053] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... openat resumed>) = 4 [pid 6053] <... futex resumed>) = 0 [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6053] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6053] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 6052] <... ioctl resumed>) = 0 [pid 6052] close(3) = 0 [pid 6053] <... mprotect resumed>) = 0 [pid 6052] close(4) = 0 [pid 6053] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6052] mkdir("./bus", 0777) = 0 [pid 6053] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6052] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6054 attached => {parent_tid=[6054]}, 88) = 6054 [pid 6054] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], [pid 6054] <... rseq resumed>) = 0 [pid 6054] set_robust_list(0x7f836b55f9a0, 24 [pid 6053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6054] <... set_robust_list resumed>) = 0 [pid 6053] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], [pid 6053] <... futex resumed>) = 0 [pid 6054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6053] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 150.488347][ T6052] loop1: detected capacity change from 0 to 40427 [ 150.514861][ T6052] F2FS-fs (loop1): invalid crc value [pid 6052] <... mount resumed>) = 0 [pid 6052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./bus") = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6052] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [ 150.746792][ T6052] F2FS-fs (loop1): Start checkpoint disabled! [ 150.776587][ T6052] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6051] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... openat resumed>) = 4 [pid 6052] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6051] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... openat resumed>) = 5 [pid 6052] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 150.837344][ T3494] kworker/u8:6: attempt to access beyond end of device [ 150.837344][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 150.876592][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 150.876626][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.876641][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 150.876674][ T3494] Call Trace: [ 150.876682][ T3494] [ 150.876691][ T3494] dump_stack_lvl+0x189/0x250 [ 150.876725][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.876755][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 150.876773][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 150.876806][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 150.876842][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 150.876878][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 150.876927][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 150.876961][ T3494] __submit_merged_write_cond+0x255/0x530 [ 150.876997][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 150.877027][ T3494] ? __lock_acquire+0xaac/0xd20 [ 150.877089][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6051] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6051] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6051] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6057]}, 88) = 6057 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6057 attached [pid 6057] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6057] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6057] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6057] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6057] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6051] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6051] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 150.877136][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 150.877195][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 150.877239][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 150.877269][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 150.877303][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 150.877336][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 150.877385][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 150.877415][ T3494] do_writepages+0x3ae/0x7b0 [ 150.877449][ T3494] ? __lock_acquire+0xaac/0xd20 [ 150.877482][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 150.877524][ T3494] __writeback_single_inode+0x145/0xff0 [ 150.877569][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 150.877598][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 150.877654][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 150.877727][ T3494] ? rcu_is_watching+0x15/0xb0 [ 150.877768][ T3494] wb_writeback+0x43b/0xaf0 [ 150.877813][ T3494] ? queue_io+0x3a1/0x590 [ 150.877845][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 150.877882][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 150.877911][ T3494] wb_workfn+0x409/0xef0 [ 150.877950][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 150.877970][ T3494] ? register_lock_class+0x51/0x320 [ 150.878006][ T3494] ? __lock_acquire+0xaac/0xd20 [ 150.878044][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 150.878083][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 150.878105][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 150.878136][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 150.878170][ T3494] process_scheduled_works+0xadb/0x17a0 [ 150.878235][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 150.878286][ T3494] worker_thread+0x8a0/0xda0 [ 150.878335][ T3494] kthread+0x70e/0x8a0 [ 150.878363][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 150.878382][ T3494] ? __pfx_kthread+0x10/0x10 [ 150.878408][ T3494] ? __pfx_kthread+0x10/0x10 [ 150.878430][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 150.878453][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.878479][ T3494] ? __pfx_kthread+0x10/0x10 [ 150.878502][ T3494] ret_from_fork+0x4b/0x80 [pid 6051] exit_group(0) = ? [ 150.878521][ T3494] ? __pfx_kthread+0x10/0x10 [ 150.878545][ T3494] ret_from_fork_asm+0x1a/0x30 [ 150.878600][ T3494] [ 150.878609][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 151.276584][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 151.276619][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 151.276634][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 151.276668][ T3494] Call Trace: [ 151.276677][ T3494] [ 151.276686][ T3494] dump_stack_lvl+0x189/0x250 [ 151.276722][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.276752][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 151.276772][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 151.276798][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.276836][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 151.276874][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 151.276924][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 151.276961][ T3494] __submit_merged_write_cond+0x255/0x530 [ 151.276998][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 151.277029][ T3494] ? __lock_acquire+0xaac/0xd20 [ 151.277095][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 151.277148][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 151.277209][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 151.277254][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 151.277285][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 151.277320][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 151.277354][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 151.277394][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 151.277427][ T3494] do_writepages+0x3ae/0x7b0 [ 151.277464][ T3494] ? __lock_acquire+0xaac/0xd20 [ 151.277501][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 151.277552][ T3494] __writeback_single_inode+0x145/0xff0 [ 151.277582][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 151.277611][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 151.277670][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 151.277746][ T3494] ? rcu_is_watching+0x15/0xb0 [ 151.277788][ T3494] wb_writeback+0x43b/0xaf0 [ 151.277827][ T3494] ? queue_io+0x3a1/0x590 [ 151.277859][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 151.277897][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 151.277928][ T3494] wb_workfn+0x409/0xef0 [ 151.277969][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 151.277990][ T3494] ? register_lock_class+0x51/0x320 [ 151.278026][ T3494] ? __lock_acquire+0xaac/0xd20 [ 151.278066][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 151.278106][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 151.278129][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 151.278161][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 151.278197][ T3494] process_scheduled_works+0xadb/0x17a0 [ 151.278263][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 151.278317][ T3494] worker_thread+0x8a0/0xda0 [ 151.278367][ T3494] kthread+0x70e/0x8a0 [ 151.278396][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 151.278416][ T3494] ? __pfx_kthread+0x10/0x10 [ 151.278442][ T3494] ? __pfx_kthread+0x10/0x10 [ 151.278466][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 151.278489][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.278517][ T3494] ? __pfx_kthread+0x10/0x10 [ 151.278547][ T3494] ret_from_fork+0x4b/0x80 [ 151.278566][ T3494] ? __pfx_kthread+0x10/0x10 [pid 6052] <... ioctl resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6057] <... ioctl resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=35 /* 0.35 s */} --- [pid 5824] umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [ 151.278591][ T3494] ret_from_fork_asm+0x1a/0x30 [ 151.278642][ T3494] [ 151.594366][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 151.620012][ T6052] VFS:Filesystem freeze failed [pid 5824] umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./15/binderfs") = 0 [pid 5824] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6054] <... write resumed>) = 20699119 [pid 6054] munmap(0x7f8363000000, 138412032) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6054] close(3) = 0 [pid 6054] close(4) = 0 [pid 6054] mkdir("./bus", 0777) = 0 [ 151.720997][ T6054] loop0: detected capacity change from 0 to 40427 [ 151.767445][ T6054] F2FS-fs (loop0): invalid crc value [pid 6054] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6054] chdir("./bus") = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6054] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6054] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6054] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] <... futex resumed>) = 1 [ 151.916714][ T6054] F2FS-fs (loop0): Start checkpoint disabled! [ 151.951549][ T6054] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 152.011356][ T12] kworker/u8:0: attempt to access beyond end of device [ 152.011356][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 152.038390][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6054] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6053] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6053] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6053] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6060]}, 88) = 6060 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6053] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 152.038421][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.038435][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 152.038468][ T12] Call Trace: [ 152.038476][ T12] [ 152.038485][ T12] dump_stack_lvl+0x189/0x250 [ 152.038514][ T12] ? preempt_schedule_thunk+0x16/0x30 [ 152.038539][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.038576][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 152.038594][ T12] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 152.038619][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6053] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6053] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6053] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6053] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6061 attached [ 152.038654][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 152.038691][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 152.038740][ T12] __submit_merged_bio+0x27a/0x6a0 [ 152.038774][ T12] __submit_merged_write_cond+0x255/0x530 [ 152.038810][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 152.038839][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.038902][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.038948][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 152.039006][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 => {parent_tid=[6061]}, 88) = 6061 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6053] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... rseq resumed>) = 0 [pid 6053] <... futex resumed>) = 0 [pid 6061] set_robust_list(0x7f836b51d9a0, 24 [pid 6053] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... set_robust_list resumed>) = 0 [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 152.039050][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 152.039080][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 152.039114][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 152.039147][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 152.039184][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.039216][ T12] do_writepages+0x3ae/0x7b0 [ 152.039253][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.039288][ T12] ? __pfx_do_writepages+0x10/0x10 [ 152.039333][ T12] __writeback_single_inode+0x145/0xff0 [pid 6061] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6053] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 152.039362][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 152.039390][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 152.039467][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 152.039543][ T12] ? rcu_is_watching+0x15/0xb0 [ 152.039592][ T12] wb_writeback+0x43b/0xaf0 [ 152.039630][ T12] ? queue_io+0x3a1/0x590 [ 152.039662][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 152.039701][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.039731][ T12] wb_workfn+0x409/0xef0 [ 152.039772][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 152.039793][ T12] ? register_lock_class+0x51/0x320 [ 152.039829][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.039868][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.039909][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.039932][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.039963][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.039999][ T12] process_scheduled_works+0xadb/0x17a0 [ 152.040065][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 152.040118][ T12] worker_thread+0x8a0/0xda0 [ 152.040169][ T12] kthread+0x70e/0x8a0 [ 152.040198][ T12] ? __pfx_worker_thread+0x10/0x10 [ 152.040217][ T12] ? __pfx_kthread+0x10/0x10 [ 152.040243][ T12] ? __pfx_kthread+0x10/0x10 [ 152.040267][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.040291][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.040318][ T12] ? __pfx_kthread+0x10/0x10 [ 152.040341][ T12] ret_from_fork+0x4b/0x80 [ 152.040361][ T12] ? __pfx_kthread+0x10/0x10 [ 152.040386][ T12] ret_from_fork_asm+0x1a/0x30 [ 152.040437][ T12] [ 152.040445][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 152.416557][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 152.416592][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.416608][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 152.416641][ T12] Call Trace: [ 152.416650][ T12] [ 152.416660][ T12] dump_stack_lvl+0x189/0x250 [ 152.416695][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.416727][ T12] ? __pfx_queue_work_on+0x10/0x10 ./strace-static-x86_64: Process 6060 attached [pid 6060] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6060] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6060] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6060] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] exit_group(0 [pid 6060] <... futex resumed>) = ? [pid 6053] <... exit_group resumed>) = ? [pid 6060] +++ exited with 0 +++ [ 152.416746][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 152.416772][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 152.416809][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 152.416855][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 152.416906][ T12] __submit_merged_bio+0x27a/0x6a0 [ 152.416942][ T12] __submit_merged_write_cond+0x255/0x530 [ 152.416991][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 152.417021][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.417102][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./15/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./15/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./15") = 0 [pid 5824] mkdir("./16", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 152.417149][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 152.417210][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 152.417255][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 152.417288][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 152.417323][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 152.417356][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 152.417397][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 152.417431][ T12] do_writepages+0x3ae/0x7b0 [ 152.417476][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.417513][ T12] ? __pfx_do_writepages+0x10/0x10 [ 152.417559][ T12] __writeback_single_inode+0x145/0xff0 [ 152.417588][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 152.417618][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 152.417677][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 152.417754][ T12] ? rcu_is_watching+0x15/0xb0 [ 152.417797][ T12] wb_writeback+0x43b/0xaf0 [ 152.417835][ T12] ? queue_io+0x3a1/0x590 [ 152.417868][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 152.417906][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.417937][ T12] wb_workfn+0x409/0xef0 [ 152.417978][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 152.417999][ T12] ? register_lock_class+0x51/0x320 [ 152.418035][ T12] ? __lock_acquire+0xaac/0xd20 [ 152.418075][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.418116][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.418139][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.418171][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 152.418206][ T12] process_scheduled_works+0xadb/0x17a0 [ 152.418273][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 152.418326][ T12] worker_thread+0x8a0/0xda0 [ 152.418376][ T12] kthread+0x70e/0x8a0 [ 152.418405][ T12] ? __pfx_worker_thread+0x10/0x10 [ 152.418424][ T12] ? __pfx_kthread+0x10/0x10 [ 152.418459][ T12] ? __pfx_kthread+0x10/0x10 [ 152.418483][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 152.418506][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.418534][ T12] ? __pfx_kthread+0x10/0x10 [ 152.418558][ T12] ret_from_fork+0x4b/0x80 [ 152.418577][ T12] ? __pfx_kthread+0x10/0x10 [ 152.418602][ T12] ret_from_fork_asm+0x1a/0x30 [ 152.418653][ T12] [ 152.418662][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] close(3 [pid 6061] <... ioctl resumed>) = ? [pid 6054] <... ioctl resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6054] +++ exited with 0 +++ [pid 6053] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=38 /* 0.38 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./16/binderfs") = 0 [ 152.767475][ T6054] VFS:Filesystem freeze failed [pid 5823] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6062 [pid 6062] <... set_robust_list resumed>) = 0 [pid 6062] chdir("./16") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] write(1, "executing program\n", 18executing program ) = 18 [pid 6062] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6062] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6062] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6063 attached [pid 6063] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6063] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] <... clone3 resumed> => {parent_tid=[6063]}, 88) = 6063 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6062] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./16/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./16") = 0 [pid 5823] mkdir("./17", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6064 attached [pid 6064] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6064 [pid 6064] <... set_robust_list resumed>) = 0 [pid 6064] chdir("./17") = 0 [pid 6064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6064] setpgid(0, 0) = 0 [pid 6064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6064] write(3, "1000", 4) = 4 [pid 6064] close(3) = 0 [pid 6064] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6064] write(1, "executing program\n", 18) = 18 [pid 6064] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6064] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6065 attached => {parent_tid=[6065]}, 88) = 6065 [pid 6065] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6065] <... rseq resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] set_robust_list(0x7f836b55f9a0, 24 [pid 6064] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... set_robust_list resumed>) = 0 [pid 6064] <... futex resumed>) = 0 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6065] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] memfd_create("syzkaller", 0) = 3 [pid 6065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6063] <... write resumed>) = 20699119 [pid 6063] munmap(0x7f8363000000, 138412032) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] close(4) = 0 [pid 6063] mkdir("./bus", 0777) = 0 [ 153.879395][ T6063] loop1: detected capacity change from 0 to 40427 [ 153.927359][ T6063] F2FS-fs (loop1): invalid crc value [pid 6063] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6063] <... mount resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6063] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] <... futex resumed>) = 0 [pid 6063] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6062] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... openat resumed>) = 4 [pid 6063] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [ 154.156786][ T6063] F2FS-fs (loop1): Start checkpoint disabled! [ 154.195923][ T6063] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6062] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6063] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6063] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6063] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6063] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 154.261532][ T12] kworker/u8:0: attempt to access beyond end of device [ 154.261532][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 154.296546][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6062] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6062] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6062] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6068]}, 88) = 6068 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6068 attached [pid 6068] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6068] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6068] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6068] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.296592][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.296608][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 154.296642][ T12] Call Trace: [ 154.296651][ T12] [ 154.296661][ T12] dump_stack_lvl+0x189/0x250 [ 154.296698][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.296729][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 154.296748][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 154.296774][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6062] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 154.296814][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 154.296855][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 154.296909][ T12] __submit_merged_bio+0x27a/0x6a0 [ 154.296948][ T12] __submit_merged_write_cond+0x255/0x530 [ 154.296988][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 154.297020][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.297094][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 154.297146][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 154.297217][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 154.297266][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 154.297300][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 154.297337][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 154.297373][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 154.297416][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 154.297449][ T12] do_writepages+0x3ae/0x7b0 [ 154.297492][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.297531][ T12] ? __pfx_do_writepages+0x10/0x10 [ 154.297589][ T12] __writeback_single_inode+0x145/0xff0 [ 154.297620][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 154.297652][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 154.297718][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 154.297805][ T12] ? rcu_is_watching+0x15/0xb0 [ 154.297852][ T12] wb_writeback+0x43b/0xaf0 [ 154.297893][ T12] ? queue_io+0x3a1/0x590 [ 154.297927][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 154.297969][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.298001][ T12] wb_workfn+0x409/0xef0 [ 154.298047][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 154.298069][ T12] ? register_lock_class+0x51/0x320 [ 154.298107][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.298151][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.298193][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.298217][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.298249][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.298286][ T12] process_scheduled_works+0xadb/0x17a0 [ 154.298361][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 154.298420][ T12] worker_thread+0x8a0/0xda0 [ 154.298479][ T12] kthread+0x70e/0x8a0 [ 154.298510][ T12] ? __pfx_worker_thread+0x10/0x10 [ 154.298531][ T12] ? __pfx_kthread+0x10/0x10 [ 154.298565][ T12] ? __pfx_kthread+0x10/0x10 [ 154.298590][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.298614][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.298642][ T12] ? __pfx_kthread+0x10/0x10 [ 154.298666][ T12] ret_from_fork+0x4b/0x80 [ 154.298687][ T12] ? __pfx_kthread+0x10/0x10 [ 154.298712][ T12] ret_from_fork_asm+0x1a/0x30 [ 154.298768][ T12] [ 154.298777][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6062] exit_group(0) = ? [ 154.736724][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 154.736759][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.736774][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 154.736808][ T12] Call Trace: [ 154.736817][ T12] [ 154.736826][ T12] dump_stack_lvl+0x189/0x250 [ 154.736864][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.736906][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 154.736925][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 154.736950][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 154.737007][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 154.737048][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 154.737102][ T12] __submit_merged_bio+0x27a/0x6a0 [ 154.737141][ T12] __submit_merged_write_cond+0x255/0x530 [ 154.737179][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 154.737211][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.737296][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 154.737348][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 154.737417][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 154.737467][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 154.737500][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 154.737537][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 154.737574][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 154.737617][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 154.737651][ T12] do_writepages+0x3ae/0x7b0 [ 154.737692][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.737732][ T12] ? __pfx_do_writepages+0x10/0x10 [ 154.737785][ T12] __writeback_single_inode+0x145/0xff0 [ 154.737814][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 154.737846][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 154.737913][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 154.738001][ T12] ? rcu_is_watching+0x15/0xb0 [ 154.738048][ T12] wb_writeback+0x43b/0xaf0 [ 154.738089][ T12] ? queue_io+0x3a1/0x590 [ 154.738123][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 154.738164][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.738196][ T12] wb_workfn+0x409/0xef0 [ 154.738241][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 154.738263][ T12] ? register_lock_class+0x51/0x320 [ 154.738306][ T12] ? __lock_acquire+0xaac/0xd20 [ 154.738349][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.738392][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.738414][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.738446][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 154.738483][ T12] process_scheduled_works+0xadb/0x17a0 [ 154.738558][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 154.738617][ T12] worker_thread+0x8a0/0xda0 [ 154.738675][ T12] kthread+0x70e/0x8a0 [ 154.738706][ T12] ? __pfx_worker_thread+0x10/0x10 [ 154.738725][ T12] ? __pfx_kthread+0x10/0x10 [ 154.738753][ T12] ? __pfx_kthread+0x10/0x10 [ 154.738777][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 154.738801][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.738829][ T12] ? __pfx_kthread+0x10/0x10 [ 154.738853][ T12] ret_from_fork+0x4b/0x80 [ 154.738873][ T12] ? __pfx_kthread+0x10/0x10 [pid 6063] <... ioctl resumed>) = ? [pid 6063] +++ exited with 0 +++ [pid 6068] <... ioctl resumed>) = ? [pid 6068] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=28 /* 0.28 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 6065] <... write resumed>) = 20699119 [pid 5824] <... restart_syscall resumed>) = 0 [pid 5824] umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6065] munmap(0x7f8363000000, 138412032 [pid 5824] newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./16/binderfs") = 0 [ 154.738898][ T12] ret_from_fork_asm+0x1a/0x30 [ 154.738954][ T12] [ 155.054328][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 155.068667][ T6063] VFS:Filesystem freeze failed [pid 5824] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6065] <... munmap resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6065] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6065] close(3) = 0 [pid 6065] close(4) = 0 [pid 6065] mkdir("./bus", 0777) = 0 [ 155.180545][ T6065] loop0: detected capacity change from 0 to 40427 [ 155.232640][ T6065] F2FS-fs (loop0): invalid crc value [pid 6065] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./16/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./16/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./16") = 0 [pid 5824] mkdir("./17", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6065] <... mount resumed>) = 0 [pid 6065] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6065] chdir("./bus") = 0 [ 155.549277][ T6065] F2FS-fs (loop0): Start checkpoint disabled! [ 155.578970][ T6065] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6065] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6065] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6065] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6064] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6065] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] <... futex resumed>) = 0 [pid 6065] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6064] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.667261][ T12] kworker/u8:0: attempt to access beyond end of device [ 155.667261][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 155.686609][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 155.686642][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.686657][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 155.686691][ T12] Call Trace: [ 155.686700][ T12] [ 155.686710][ T12] dump_stack_lvl+0x189/0x250 [ 155.686745][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.686775][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 155.686794][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 155.686820][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 155.686857][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 155.686896][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 155.686946][ T12] __submit_merged_bio+0x27a/0x6a0 [ 155.686983][ T12] __submit_merged_write_cond+0x255/0x530 [ 155.687020][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 155.687050][ T12] ? __lock_acquire+0xaac/0xd20 [ 155.687139][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 155.687188][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 155.687249][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 155.687303][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 155.687336][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 155.687372][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [pid 6064] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6064] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6071]}, 88) = 6071 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6064] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.687405][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 155.687446][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 155.687479][ T12] do_writepages+0x3ae/0x7b0 [ 155.687518][ T12] ? __lock_acquire+0xaac/0xd20 [ 155.687555][ T12] ? __pfx_do_writepages+0x10/0x10 [ 155.687601][ T12] __writeback_single_inode+0x145/0xff0 [ 155.687631][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 155.687660][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 155.687719][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [pid 6064] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6064] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6064] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6064] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6072 attached => {parent_tid=[6072]}, 88) = 6072 [pid 6072] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] <... rseq resumed>) = 0 [pid 6064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] set_robust_list(0x7f836b51d9a0, 24 [pid 6064] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... set_robust_list resumed>) = 0 [pid 6064] <... futex resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6064] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 155.687795][ T12] ? rcu_is_watching+0x15/0xb0 [ 155.687838][ T12] wb_writeback+0x43b/0xaf0 [ 155.687876][ T12] ? queue_io+0x3a1/0x590 [ 155.687908][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 155.687946][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.687977][ T12] wb_workfn+0x409/0xef0 [ 155.688017][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 155.688038][ T12] ? register_lock_class+0x51/0x320 [ 155.688075][ T12] ? __lock_acquire+0xaac/0xd20 [ 155.688114][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 155.688155][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.688178][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 155.688209][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 155.688245][ T12] process_scheduled_works+0xadb/0x17a0 [ 155.688317][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 155.688371][ T12] worker_thread+0x8a0/0xda0 [ 155.688422][ T12] kthread+0x70e/0x8a0 [ 155.688450][ T12] ? __pfx_worker_thread+0x10/0x10 [ 155.688470][ T12] ? __pfx_kthread+0x10/0x10 [ 155.688496][ T12] ? __pfx_kthread+0x10/0x10 [pid 6072] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5824] <... close resumed>) = 0 [pid 6064] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6073 attached [pid 6073] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6073 [pid 6073] chdir("./17") = 0 [pid 6073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6073] setpgid(0, 0) = 0 [pid 6073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6073] write(3, "1000", 4./strace-static-x86_64: Process 6071 attached ) = 4 [pid 6073] close(3) = 0 [pid 6073] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6073] write(1, "executing program\n", 18) = 18 [pid 6073] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6073] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6073] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6071] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6074]}, 88) = 6074 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6073] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6074 attached [pid 6073] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6074] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6074] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6074] memfd_create("syzkaller", 0) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6071] <... rseq resumed>) = 0 [pid 6071] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6071] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6071] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 155.688520][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 155.688543][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.688570][ T12] ? __pfx_kthread+0x10/0x10 [ 155.688594][ T12] ret_from_fork+0x4b/0x80 [ 155.688613][ T12] ? __pfx_kthread+0x10/0x10 [ 155.688638][ T12] ret_from_fork_asm+0x1a/0x30 [ 155.688689][ T12] [ 155.688698][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 156.179119][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 156.179153][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.179168][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 156.179204][ T12] Call Trace: [ 156.179212][ T12] [ 156.179222][ T12] dump_stack_lvl+0x189/0x250 [ 156.179260][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.179298][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 156.179317][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 156.179343][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 156.179384][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 156.179424][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 156.179480][ T12] __submit_merged_bio+0x27a/0x6a0 [ 156.179518][ T12] __submit_merged_write_cond+0x255/0x530 [ 156.179558][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 156.179590][ T12] ? __lock_acquire+0xaac/0xd20 [ 156.179664][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 156.179717][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 156.179787][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 156.179837][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 156.179870][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 156.179907][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 156.179943][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 156.179985][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 156.180019][ T12] do_writepages+0x3ae/0x7b0 [ 156.180060][ T12] ? __lock_acquire+0xaac/0xd20 [pid 6071] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6064] exit_group(0) = ? [pid 6071] <... futex resumed>) = ? [pid 6071] +++ exited with 0 +++ [ 156.180100][ T12] ? __pfx_do_writepages+0x10/0x10 [ 156.180152][ T12] __writeback_single_inode+0x145/0xff0 [ 156.180181][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 156.180213][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 156.180293][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 156.180384][ T12] ? rcu_is_watching+0x15/0xb0 [ 156.180432][ T12] wb_writeback+0x43b/0xaf0 [ 156.180472][ T12] ? queue_io+0x3a1/0x590 [ 156.180506][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 156.180548][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.180580][ T12] wb_workfn+0x409/0xef0 [ 156.180627][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 156.180648][ T12] ? register_lock_class+0x51/0x320 [ 156.180686][ T12] ? __lock_acquire+0xaac/0xd20 [ 156.180730][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 156.180773][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.180795][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 156.180827][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 156.180865][ T12] process_scheduled_works+0xadb/0x17a0 [ 156.180940][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 156.181000][ T12] worker_thread+0x8a0/0xda0 [ 156.181058][ T12] kthread+0x70e/0x8a0 [ 156.181089][ T12] ? __pfx_worker_thread+0x10/0x10 [ 156.181109][ T12] ? __pfx_kthread+0x10/0x10 [ 156.181137][ T12] ? __pfx_kthread+0x10/0x10 [ 156.181161][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.181185][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.181213][ T12] ? __pfx_kthread+0x10/0x10 [ 156.181237][ T12] ret_from_fork+0x4b/0x80 [ 156.181258][ T12] ? __pfx_kthread+0x10/0x10 [ 156.181289][ T12] ret_from_fork_asm+0x1a/0x30 [ 156.181345][ T12] [ 156.181354][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6072] <... ioctl resumed>) = ? [pid 6065] <... ioctl resumed>) = ? [pid 6072] +++ exited with 0 +++ [pid 6065] +++ exited with 0 +++ [pid 6064] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6064, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=33 /* 0.33 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./17/binderfs") = 0 [ 156.599091][ T6065] VFS:Filesystem freeze failed [pid 5823] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6074] <... write resumed>) = 20699119 [pid 6074] munmap(0x7f8363000000, 138412032) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] close(4) = 0 [pid 6074] mkdir("./bus", 0777) = 0 [ 156.962598][ T6074] loop1: detected capacity change from 0 to 40427 [pid 6074] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./17/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./17") = 0 [pid 5823] mkdir("./18", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [ 157.037952][ T6074] F2FS-fs (loop1): invalid crc value [ 157.276886][ T6074] F2FS-fs (loop1): Start checkpoint disabled! [pid 5823] close(3 [pid 6074] <... mount resumed>) = 0 [pid 6074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6074] chdir("./bus") = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6074] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6074] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6073] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] <... openat resumed>) = 4 [pid 6073] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6074] <... futex resumed>) = 0 [pid 6074] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6073] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] <... openat resumed>) = 5 [pid 6073] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 157.326545][ T6074] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6074] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6073] <... futex resumed>) = 0 [pid 6074] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6073] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6077 attached [ 157.417526][ T3494] kworker/u8:6: attempt to access beyond end of device [ 157.417526][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 157.446981][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 157.447013][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.447028][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 157.447059][ T3494] Call Trace: [ 157.447068][ T3494] [ 157.447077][ T3494] dump_stack_lvl+0x189/0x250 [ 157.447113][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.447142][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 157.447175][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 157.447200][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 157.447239][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 157.447277][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 157.447329][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 157.447365][ T3494] __submit_merged_write_cond+0x255/0x530 [ 157.447421][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 157.447499][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 157.447530][ T3494] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 157.447616][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.447656][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.447742][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 executing program [pid 6077] set_robust_list(0x55558e3aa6a0, 24 [pid 6073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6077 [pid 6073] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6073] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6078]}, 88) = 6078 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6073] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] <... set_robust_list resumed>) = 0 [pid 6077] chdir("./18") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] write(1, "executing program\n", 18) = 18 [pid 6077] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6077] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6077] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6079]}, 88) = 6079 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6077] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6073] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6073] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6073] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6073] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6073] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6073] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6080 attached => {parent_tid=[6080]}, 88) = 6080 [pid 6080] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6073] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] <... rseq resumed>) = 0 [pid 6080] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 157.447776][ T3494] do_writepages+0x3ae/0x7b0 [ 157.447802][ T3494] ? arch_scale_cpu_capacity+0x18/0xb0 [ 157.447854][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 157.447906][ T3494] __writeback_single_inode+0x145/0xff0 [ 157.447936][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 157.447967][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 157.448032][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 157.448101][ T3494] ? rcu_is_watching+0x15/0xb0 [ 157.448137][ T3494] wb_writeback+0x43b/0xaf0 [ 157.448174][ T3494] ? queue_io+0x3a1/0x590 [pid 6080] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6073] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 157.448201][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 157.448233][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.448258][ T3494] wb_workfn+0x409/0xef0 [ 157.448292][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 157.448309][ T3494] ? register_lock_class+0x51/0x320 [ 157.448339][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.448372][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.448406][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.448424][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.448450][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.448478][ T3494] process_scheduled_works+0xadb/0x17a0 [ 157.448535][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 157.448580][ T3494] worker_thread+0x8a0/0xda0 [ 157.448624][ T3494] kthread+0x70e/0x8a0 [ 157.448648][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 157.448663][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.448685][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.448703][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.448722][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 ./strace-static-x86_64: Process 6079 attached ./strace-static-x86_64: Process 6078 attached [ 157.448744][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.448763][ T3494] ret_from_fork+0x4b/0x80 [ 157.448779][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.448798][ T3494] ret_from_fork_asm+0x1a/0x30 [ 157.448841][ T3494] [ 157.450326][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 157.744015][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 157.744045][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.744059][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 157.744092][ T3494] Call Trace: [ 157.744101][ T3494] [ 157.744111][ T3494] dump_stack_lvl+0x189/0x250 [ 157.744154][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.744183][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 157.744201][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 157.744227][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 157.744266][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 157.744306][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [pid 6073] exit_group(0) = ? [ 157.744358][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 157.744395][ T3494] __submit_merged_write_cond+0x255/0x530 [ 157.744433][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 157.744509][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 157.744538][ T3494] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 157.744623][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.744661][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.744744][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 157.744776][ T3494] do_writepages+0x3ae/0x7b0 [ 157.744801][ T3494] ? arch_scale_cpu_capacity+0x18/0xb0 [ 157.744852][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 157.744901][ T3494] __writeback_single_inode+0x145/0xff0 [ 157.744929][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 157.744960][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 157.745023][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 157.745107][ T3494] ? rcu_is_watching+0x15/0xb0 [ 157.745158][ T3494] wb_writeback+0x43b/0xaf0 [ 157.745197][ T3494] ? queue_io+0x3a1/0x590 [ 157.745229][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 157.745269][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.745300][ T3494] wb_workfn+0x409/0xef0 [ 157.745344][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 157.745365][ T3494] ? register_lock_class+0x51/0x320 [ 157.745402][ T3494] ? __lock_acquire+0xaac/0xd20 [ 157.745443][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.745485][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.745507][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.745538][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 157.745573][ T3494] process_scheduled_works+0xadb/0x17a0 [ 157.745646][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 157.745703][ T3494] worker_thread+0x8a0/0xda0 [ 157.745759][ T3494] kthread+0x70e/0x8a0 [ 157.745789][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 157.745808][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.745835][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.745858][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 157.745881][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.745908][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.745931][ T3494] ret_from_fork+0x4b/0x80 [pid 6079] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6078] +++ exited with 0 +++ [pid 6079] <... rseq resumed>) = 0 [pid 6080] <... ioctl resumed>) = ? [pid 6074] <... ioctl resumed>) = ? [pid 6079] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6080] +++ exited with 0 +++ [pid 6079] memfd_create("syzkaller", 0 [pid 6074] +++ exited with 0 +++ [pid 6073] +++ exited with 0 +++ [pid 6079] <... memfd_create resumed>) = 3 [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6073, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 157.745950][ T3494] ? __pfx_kthread+0x10/0x10 [ 157.745975][ T3494] ret_from_fork_asm+0x1a/0x30 [ 157.746029][ T3494] [ 157.746037][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 158.042150][ T6074] VFS:Filesystem freeze failed [pid 5824] unlink("./17/binderfs") = 0 [pid 5824] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./17/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./17/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./17") = 0 [pid 5824] mkdir("./18", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3) = 0 [pid 6079] <... write resumed>) = 20699119 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached [pid 6081] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6081 [pid 6081] <... set_robust_list resumed>) = 0 [pid 6081] chdir("./18") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] write(1, "executing program\n", 18) = 18 [pid 6081] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6081] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6082]}, 88) = 6082 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6082 attached [pid 6079] munmap(0x7f8363000000, 138412032 [pid 6082] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6082] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] memfd_create("syzkaller", 0) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6079] <... munmap resumed>) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6079] close(3) = 0 [pid 6079] close(4) = 0 [pid 6079] mkdir("./bus", 0777) = 0 [ 158.908177][ T6079] loop0: detected capacity change from 0 to 40427 [ 158.975088][ T6079] F2FS-fs (loop0): invalid crc value [pid 6079] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6079] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [ 159.217831][ T6079] F2FS-fs (loop0): Start checkpoint disabled! [ 159.247815][ T6079] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6079] chdir("./bus") = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6079] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6079] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6077] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... openat resumed>) = 4 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6079] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6077] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 159.397291][ T3494] kworker/u8:6: attempt to access beyond end of device [ 159.397291][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 159.423457][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 159.423490][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.423505][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 159.423540][ T3494] Call Trace: [ 159.423549][ T3494] [ 159.423559][ T3494] dump_stack_lvl+0x189/0x250 [ 159.423596][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 159.423626][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 159.423645][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 159.423671][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 159.423711][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 159.423751][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 159.423805][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 159.423844][ T3494] __submit_merged_write_cond+0x255/0x530 [ 159.423883][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 159.423913][ T3494] ? __lock_acquire+0xaac/0xd20 [ 159.423987][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.424040][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 159.424110][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 159.424160][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [pid 6077] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6077] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6085]}, 88) = 6085 ./strace-static-x86_64: Process 6085 attached [pid 6077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6077] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6085] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6085] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6085] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 159.424193][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 159.424238][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 159.424274][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 159.424316][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.424350][ T3494] do_writepages+0x3ae/0x7b0 [ 159.424391][ T3494] ? __lock_acquire+0xaac/0xd20 [ 159.424431][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 159.424483][ T3494] __writeback_single_inode+0x145/0xff0 [ 159.424513][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 159.424544][ T3494] writeback_sb_inodes+0x6b5/0x1000 [pid 6085] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 159.424611][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 159.424699][ T3494] ? rcu_is_watching+0x15/0xb0 [ 159.424745][ T3494] wb_writeback+0x43b/0xaf0 [ 159.424785][ T3494] ? queue_io+0x3a1/0x590 [ 159.424819][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 159.424861][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.424893][ T3494] wb_workfn+0x409/0xef0 [ 159.424938][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 159.424959][ T3494] ? register_lock_class+0x51/0x320 [ 159.424999][ T3494] ? __lock_acquire+0xaac/0xd20 [ 159.425042][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 159.425086][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.425108][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 159.425141][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 159.425178][ T3494] process_scheduled_works+0xadb/0x17a0 [ 159.425260][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 159.425320][ T3494] worker_thread+0x8a0/0xda0 [ 159.425378][ T3494] kthread+0x70e/0x8a0 [ 159.425409][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 159.425429][ T3494] ? __pfx_kthread+0x10/0x10 [ 159.425457][ T3494] ? __pfx_kthread+0x10/0x10 [ 159.425481][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 159.425505][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 159.425534][ T3494] ? __pfx_kthread+0x10/0x10 [ 159.425558][ T3494] ret_from_fork+0x4b/0x80 [ 159.425578][ T3494] ? __pfx_kthread+0x10/0x10 [ 159.425604][ T3494] ret_from_fork_asm+0x1a/0x30 [ 159.425660][ T3494] [ 159.636590][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6082] <... write resumed>) = 20699119 [pid 6082] munmap(0x7f8363000000, 138412032) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 160.066566][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 160.066601][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.066617][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 160.066652][ T3494] Call Trace: [ 160.066661][ T3494] [ 160.066671][ T3494] dump_stack_lvl+0x189/0x250 [ 160.066709][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.066741][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 160.066760][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 160.066805][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 160.066838][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 160.066871][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 160.066916][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 160.066947][ T3494] __submit_merged_write_cond+0x255/0x530 [ 160.066980][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 160.067005][ T3494] ? __lock_acquire+0xaac/0xd20 [ 160.067064][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6082] ioctl(4, LOOP_SET_FD, 3 [pid 6077] exit_group(0) = ? [ 160.067107][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 160.067173][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 160.067213][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 160.067240][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 160.067274][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 160.067309][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 160.067349][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 160.067382][ T3494] do_writepages+0x3ae/0x7b0 [ 160.067423][ T3494] ? __lock_acquire+0xaac/0xd20 [ 160.067462][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 160.067513][ T3494] __writeback_single_inode+0x145/0xff0 [ 160.067544][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 160.067576][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 160.067643][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 160.067730][ T3494] ? rcu_is_watching+0x15/0xb0 [ 160.067776][ T3494] wb_writeback+0x43b/0xaf0 [ 160.067818][ T3494] ? queue_io+0x3a1/0x590 [ 160.067852][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 160.067893][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.067927][ T3494] wb_workfn+0x409/0xef0 [ 160.067973][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 160.067995][ T3494] ? register_lock_class+0x51/0x320 [ 160.068035][ T3494] ? __lock_acquire+0xaac/0xd20 [ 160.068078][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 160.068123][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.068153][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 160.068185][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 160.068223][ T3494] process_scheduled_works+0xadb/0x17a0 [ 160.068299][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 160.068359][ T3494] worker_thread+0x8a0/0xda0 [ 160.068417][ T3494] kthread+0x70e/0x8a0 [ 160.068449][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 160.068469][ T3494] ? __pfx_kthread+0x10/0x10 [ 160.068497][ T3494] ? __pfx_kthread+0x10/0x10 [ 160.068521][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.068545][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.068573][ T3494] ? __pfx_kthread+0x10/0x10 [ 160.068598][ T3494] ret_from_fork+0x4b/0x80 [pid 6079] <... ioctl resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6085] <... ioctl resumed>) = ? [pid 6085] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=32 /* 0.32 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 160.068619][ T3494] ? __pfx_kthread+0x10/0x10 [ 160.068644][ T3494] ret_from_fork_asm+0x1a/0x30 [ 160.068701][ T3494] [ 160.072212][ T6082] loop1: detected capacity change from 0 to 40427 [ 160.396550][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 160.416667][ T6079] VFS:Filesystem freeze failed [pid 5823] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./18/binderfs") = 0 [pid 5823] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6082] <... ioctl resumed>) = 0 [pid 6082] close(3) = 0 [pid 6082] close(4) = 0 [pid 6082] mkdir("./bus", 0777) = 0 [ 160.530608][ T6082] F2FS-fs (loop1): invalid crc value [pid 6082] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./bus") = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6082] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6082] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 160.822804][ T6082] F2FS-fs (loop1): Start checkpoint disabled! [ 160.856899][ T6082] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6082] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6082] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6081] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.887425][ T63] kworker/u8:4: attempt to access beyond end of device [ 160.887425][ T63] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 160.916603][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 160.916638][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.916654][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 160.916689][ T63] Call Trace: [ 160.916698][ T63] [ 160.916708][ T63] dump_stack_lvl+0x189/0x250 [ 160.916746][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.916776][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 160.916796][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 160.916822][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 160.916863][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 160.916910][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 160.916964][ T63] __submit_merged_bio+0x27a/0x6a0 [ 160.917003][ T63] __submit_merged_write_cond+0x255/0x530 [ 160.917042][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 160.917073][ T63] ? __lock_acquire+0xaac/0xd20 [ 160.917148][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 160.917202][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 160.917273][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 160.917322][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 160.917356][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 160.917393][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 160.917430][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 160.917473][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 160.917507][ T63] do_writepages+0x3ae/0x7b0 [ 160.917549][ T63] ? __lock_acquire+0xaac/0xd20 [ 160.917588][ T63] ? __pfx_do_writepages+0x10/0x10 [ 160.917640][ T63] __writeback_single_inode+0x145/0xff0 [ 160.917670][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 160.917702][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 160.917769][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 160.917868][ T63] ? rcu_is_watching+0x15/0xb0 [ 160.917922][ T63] wb_writeback+0x43b/0xaf0 [ 160.917963][ T63] ? queue_io+0x3a1/0x590 [ 160.917998][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 160.918040][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.918072][ T63] wb_workfn+0x409/0xef0 [ 160.918118][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 160.918140][ T63] ? register_lock_class+0x51/0x320 [ 160.918179][ T63] ? __lock_acquire+0xaac/0xd20 [ 160.918222][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 160.918265][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.918288][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 160.918320][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 160.918357][ T63] process_scheduled_works+0xadb/0x17a0 [ 160.918433][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 160.918492][ T63] worker_thread+0x8a0/0xda0 [ 160.918550][ T63] kthread+0x70e/0x8a0 [ 160.918581][ T63] ? __pfx_worker_thread+0x10/0x10 [pid 6081] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6081] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6089]}, 88) = 6089 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6081] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6090]}, 88) = 6090 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6090 attached [pid 6090] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6090] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6090] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 160.918601][ T63] ? __pfx_kthread+0x10/0x10 [ 160.918636][ T63] ? __pfx_kthread+0x10/0x10 [ 160.918660][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.918684][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.918712][ T63] ? __pfx_kthread+0x10/0x10 [ 160.918736][ T63] ret_from_fork+0x4b/0x80 [ 160.918756][ T63] ? __pfx_kthread+0x10/0x10 [ 160.918781][ T63] ret_from_fork_asm+0x1a/0x30 [ 160.918836][ T63] [ 160.918845][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 161.236188][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 161.236219][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.236234][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 161.236265][ T63] Call Trace: [ 161.236274][ T63] [ 161.236283][ T63] dump_stack_lvl+0x189/0x250 [ 161.236321][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.236353][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 161.236372][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 161.236398][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 161.236441][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 161.236481][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 161.236544][ T63] __submit_merged_bio+0x27a/0x6a0 [ 161.236583][ T63] __submit_merged_write_cond+0x255/0x530 [ 161.236622][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 161.236652][ T63] ? __lock_acquire+0xaac/0xd20 [ 161.236725][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 161.236776][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 161.236846][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 161.236902][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 161.236937][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 161.236974][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 161.237007][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 161.237047][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 161.237077][ T63] do_writepages+0x3ae/0x7b0 [ 161.237117][ T63] ? __lock_acquire+0xaac/0xd20 [ 161.237155][ T63] ? __pfx_do_writepages+0x10/0x10 [ 161.237205][ T63] __writeback_single_inode+0x145/0xff0 [ 161.237234][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 161.237263][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 161.237324][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 161.237405][ T63] ? rcu_is_watching+0x15/0xb0 [ 161.237448][ T63] wb_writeback+0x43b/0xaf0 [ 161.237506][ T63] ? queue_io+0x3a1/0x590 [ 161.237540][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 161.237581][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 161.237614][ T63] wb_workfn+0x409/0xef0 [ 161.237661][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 161.237682][ T63] ? register_lock_class+0x51/0x320 [ 161.237721][ T63] ? __lock_acquire+0xaac/0xd20 [ 161.237764][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 161.237808][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 161.237830][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 161.237863][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 161.237908][ T63] process_scheduled_works+0xadb/0x17a0 [ 161.237984][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 161.238042][ T63] worker_thread+0x8a0/0xda0 [ 161.238101][ T63] kthread+0x70e/0x8a0 [ 161.238132][ T63] ? __pfx_worker_thread+0x10/0x10 [ 161.238153][ T63] ? __pfx_kthread+0x10/0x10 [ 161.238181][ T63] ? __pfx_kthread+0x10/0x10 [ 161.238205][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 161.238229][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.238257][ T63] ? __pfx_kthread+0x10/0x10 [ 161.238281][ T63] ret_from_fork+0x4b/0x80 [ 161.238301][ T63] ? __pfx_kthread+0x10/0x10 ./strace-static-x86_64: Process 6089 attached [ 161.238326][ T63] ret_from_fork_asm+0x1a/0x30 [ 161.238383][ T63] [pid 6089] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 161.796467][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6089] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6089] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6089] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6082] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6082] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] exit_group(0 [pid 6089] <... futex resumed>) = ? [pid 6081] <... exit_group resumed>) = ? [pid 6089] +++ exited with 0 +++ [pid 6090] <... futex resumed>) = ? [pid 6082] <... futex resumed>) = ? [pid 6082] +++ exited with 0 +++ [pid 6090] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=73 /* 0.73 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./18/binderfs") = 0 [ 161.996517][ T6082] VFS:Filesystem freeze failed [pid 5824] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./18/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./18") = 0 [pid 5823] mkdir("./19", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... close resumed>) = 0 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./18/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] <... openat resumed>) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./18/bus") = 0 ./strace-static-x86_64: Process 6091 attached [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6091 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 6091] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] rmdir("./18" [pid 6091] <... set_robust_list resumed>) = 0 [pid 5824] <... rmdir resumed>) = 0 [pid 6091] chdir("./19") = 0 [pid 6091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6091] setpgid(0, 0) = 0 [pid 6091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6091] write(3, "1000", 4) = 4 [pid 6091] close(3) = 0 [pid 6091] symlink("/dev/binderfs", "./binderfs" [pid 5824] mkdir("./19", 0777 [pid 6091] <... symlink resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 executing program [pid 6091] write(1, "executing program\n", 18) = 18 [pid 6091] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6091] <... futex resumed>) = 0 [pid 5824] <... openat resumed>) = 3 [pid 6091] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5824] ioctl(3, LOOP_CLR_FD [pid 6091] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5824] <... ioctl resumed>) = 0 [pid 6091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5824] close(3 [pid 6091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6091] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6092]}, 88) = 6092 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6091] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6092 attached [pid 6092] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6092] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6092] memfd_create("syzkaller", 0) = 3 [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached , child_tidptr=0x55558e3aa690) = 6093 [pid 6093] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6093] chdir("./19") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6093] write(1, "executing program\n", 18) = 18 [pid 6093] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6093] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6094 attached => {parent_tid=[6094]}, 88) = 6094 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], [pid 6094] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6094] <... rseq resumed>) = 0 [pid 6093] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] set_robust_list(0x7f836b55f9a0, 24 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... set_robust_list resumed>) = 0 [pid 6093] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6092] <... write resumed>) = 20699119 [pid 6092] munmap(0x7f8363000000, 138412032) = 0 [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6092] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] close(3) = 0 [pid 6092] close(4) = 0 [pid 6092] mkdir("./bus", 0777) = 0 [ 163.433290][ T6092] loop0: detected capacity change from 0 to 40427 [ 163.489520][ T6092] F2FS-fs (loop0): invalid crc value [pid 6092] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6094] <... write resumed>) = 20699119 [pid 6094] munmap(0x7f8363000000, 138412032) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 163.716936][ T6092] F2FS-fs (loop0): Start checkpoint disabled! [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6092] <... mount resumed>) = 0 [pid 6094] close(3) = 0 [pid 6092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6094] close(4) = 0 [pid 6092] <... openat resumed>) = 3 [pid 6094] mkdir("./bus", 0777 [pid 6092] chdir("./bus" [pid 6094] <... mkdir resumed>) = 0 [pid 6092] <... chdir resumed>) = 0 [pid 6094] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6092] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6092] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6091] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6091] <... futex resumed>) = 0 [pid 6092] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6091] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... openat resumed>) = 4 [pid 6092] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6091] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... openat resumed>) = 5 [pid 6092] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 0 [pid 6091] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 163.767746][ T6092] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 163.776611][ T6094] loop1: detected capacity change from 0 to 40427 [pid 6091] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... futex resumed>) = 1 [pid 6092] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6091] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 163.817468][ T6094] F2FS-fs (loop1): invalid crc value [ 163.829722][ T63] kworker/u8:4: attempt to access beyond end of device [ 163.829722][ T63] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 163.909411][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 163.909445][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.909461][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 163.909496][ T63] Call Trace: [ 163.909505][ T63] [ 163.909514][ T63] dump_stack_lvl+0x189/0x250 [ 163.909550][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.909580][ T63] ? __pfx_queue_work_on+0x10/0x10 [pid 6091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6091] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6098 attached => {parent_tid=[6098]}, 88) = 6098 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6091] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6098] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6098] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6098] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6091] <... futex resumed>) = 0 [pid 6098] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6091] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 163.909599][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 163.909624][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 163.909661][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 163.909700][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 163.909750][ T63] __submit_merged_bio+0x27a/0x6a0 [ 163.909786][ T63] __submit_merged_write_cond+0x255/0x530 [ 163.909822][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 163.909891][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6091] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 163.909930][ T63] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 163.910007][ T63] ? xfd_validate_state+0x6d/0x150 [ 163.910028][ T63] ? save_fpregs_to_fpstate+0xa3/0x210 [ 163.910063][ T63] ? __lock_acquire+0xaac/0xd20 [ 163.910139][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 163.910173][ T63] do_writepages+0x3ae/0x7b0 [ 163.910221][ T63] ? __pfx_do_writepages+0x10/0x10 [ 163.910267][ T63] __writeback_single_inode+0x145/0xff0 [ 163.910297][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 163.910327][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 163.910390][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 163.910466][ T63] ? rcu_is_watching+0x15/0xb0 [ 163.910508][ T63] wb_writeback+0x43b/0xaf0 [ 163.910546][ T63] ? queue_io+0x3a1/0x590 [ 163.910578][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 163.910617][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 163.910647][ T63] wb_workfn+0x409/0xef0 [ 163.910683][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 163.910701][ T63] ? register_lock_class+0x51/0x320 [ 163.910738][ T63] ? __lock_acquire+0xaac/0xd20 [ 163.910778][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 163.910820][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 163.910852][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 163.910888][ T63] process_scheduled_works+0xadb/0x17a0 [ 163.910961][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 163.911015][ T63] worker_thread+0x8a0/0xda0 [ 163.911065][ T63] kthread+0x70e/0x8a0 [ 163.911094][ T63] ? __pfx_worker_thread+0x10/0x10 [ 163.911113][ T63] ? __pfx_kthread+0x10/0x10 [ 163.911140][ T63] ? __pfx_kthread+0x10/0x10 [pid 6091] exit_group(0) = ? [ 163.911164][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 163.911187][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 163.911215][ T63] ? __pfx_kthread+0x10/0x10 [ 163.911239][ T63] ret_from_fork+0x4b/0x80 [ 163.911259][ T63] ? __pfx_kthread+0x10/0x10 [ 163.911283][ T63] ret_from_fork_asm+0x1a/0x30 [ 163.911334][ T63] [ 163.911344][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 164.256939][ T6094] F2FS-fs (loop1): Start checkpoint disabled! [ 164.266720][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 164.266749][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.266763][ T63] Workqueue: writeback wb_workfn (flush-7:0) [ 164.266794][ T63] Call Trace: [ 164.266802][ T63] [ 164.266812][ T63] dump_stack_lvl+0x189/0x250 [ 164.266850][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.266880][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 164.266898][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 164.266924][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 164.266965][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 164.267006][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 164.267061][ T63] __submit_merged_bio+0x27a/0x6a0 [ 164.267100][ T63] __submit_merged_write_cond+0x255/0x530 [ 164.267140][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 164.267220][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 164.267250][ T63] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 164.267339][ T63] ? xfd_validate_state+0x6d/0x150 [ 164.267360][ T63] ? save_fpregs_to_fpstate+0xa3/0x210 [ 164.267398][ T63] ? __lock_acquire+0xaac/0xd20 [ 164.267484][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 164.267518][ T63] do_writepages+0x3ae/0x7b0 [ 164.267574][ T63] ? __pfx_do_writepages+0x10/0x10 [ 164.267636][ T63] __writeback_single_inode+0x145/0xff0 [ 164.267668][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 164.267700][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 164.267766][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 164.267854][ T63] ? rcu_is_watching+0x15/0xb0 [ 164.267900][ T63] wb_writeback+0x43b/0xaf0 [ 164.267941][ T63] ? queue_io+0x3a1/0x590 [ 164.267975][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 164.268016][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.268047][ T63] wb_workfn+0x409/0xef0 [ 164.268093][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 164.268115][ T63] ? register_lock_class+0x51/0x320 [ 164.268153][ T63] ? __lock_acquire+0xaac/0xd20 [ 164.268196][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.268240][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.268272][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.268309][ T63] process_scheduled_works+0xadb/0x17a0 [ 164.268385][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 164.268444][ T63] worker_thread+0x8a0/0xda0 [ 164.268502][ T63] kthread+0x70e/0x8a0 [ 164.268533][ T63] ? __pfx_worker_thread+0x10/0x10 [ 164.268553][ T63] ? __pfx_kthread+0x10/0x10 [ 164.268580][ T63] ? __pfx_kthread+0x10/0x10 [ 164.268610][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.268634][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 164.268662][ T63] ? __pfx_kthread+0x10/0x10 [ 164.268687][ T63] ret_from_fork+0x4b/0x80 [ 164.268706][ T63] ? __pfx_kthread+0x10/0x10 [ 164.268731][ T63] ret_from_fork_asm+0x1a/0x30 [ 164.268787][ T63] [ 164.268796][ T63] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 164.326682][ T6094] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 164.565155][ T6092] VFS:Filesystem freeze failed [pid 6092] <... ioctl resumed>) = ? [pid 6092] +++ exited with 0 +++ [pid 6098] <... ioctl resumed>) = ? [pid 6098] +++ exited with 0 +++ [pid 6091] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6091, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=34 /* 0.34 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./19/binderfs") = 0 [pid 5823] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6094] <... mount resumed>) = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6094] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6094] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6093] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... openat resumed>) = 4 [pid 6094] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... openat resumed>) = 5 [pid 6094] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6094] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 164.859768][ T63] kworker/u8:4: attempt to access beyond end of device [ 164.859768][ T63] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 164.886549][ T63] CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6093] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6093] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6093] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6100]}, 88) = 6100 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6100 attached [pid 6100] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6100] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6100] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6100] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 164.886590][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.886606][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 164.886639][ T63] Call Trace: [ 164.886647][ T63] [ 164.886657][ T63] dump_stack_lvl+0x189/0x250 [ 164.886691][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.886720][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 164.886739][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 164.886764][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 164.886802][ T63] f2fs_handle_critical_error+0x37c/0x540 [pid 6100] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 164.886841][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 164.886891][ T63] __submit_merged_bio+0x27a/0x6a0 [ 164.886928][ T63] __submit_merged_write_cond+0x255/0x530 [ 164.886965][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 164.886996][ T63] ? __lock_acquire+0xaac/0xd20 [ 164.887061][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 164.887109][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 164.887170][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 164.887216][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 164.887248][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 164.887283][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 164.887317][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 164.887358][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 164.887391][ T63] do_writepages+0x3ae/0x7b0 [ 164.887429][ T63] ? __lock_acquire+0xaac/0xd20 [ 164.887465][ T63] ? __pfx_do_writepages+0x10/0x10 [ 164.887511][ T63] __writeback_single_inode+0x145/0xff0 [ 164.887541][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 164.887676][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 164.887742][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 164.887838][ T63] ? rcu_is_watching+0x15/0xb0 [ 164.887885][ T63] wb_writeback+0x43b/0xaf0 [ 164.887925][ T63] ? queue_io+0x3a1/0x590 [ 164.887958][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 164.887999][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.888029][ T63] wb_workfn+0x409/0xef0 [ 164.888071][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 164.888093][ T63] ? register_lock_class+0x51/0x320 [ 164.888130][ T63] ? __lock_acquire+0xaac/0xd20 [ 164.888171][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.888212][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.888235][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.888267][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 164.888305][ T63] process_scheduled_works+0xadb/0x17a0 [ 164.888374][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 164.888430][ T63] worker_thread+0x8a0/0xda0 [ 164.888483][ T63] kthread+0x70e/0x8a0 [ 164.888514][ T63] ? __pfx_worker_thread+0x10/0x10 [pid 6093] exit_group(0) = ? [ 164.888534][ T63] ? __pfx_kthread+0x10/0x10 [ 164.888561][ T63] ? __pfx_kthread+0x10/0x10 [ 164.888586][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.888612][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 164.888641][ T63] ? __pfx_kthread+0x10/0x10 [ 164.888665][ T63] ret_from_fork+0x4b/0x80 [ 164.888687][ T63] ? __pfx_kthread+0x10/0x10 [ 164.888713][ T63] ret_from_fork_asm+0x1a/0x30 [ 164.888767][ T63] [ 164.888778][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 165.276784][ T63] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 165.276818][ T63] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.276834][ T63] Workqueue: writeback wb_workfn (flush-7:1) [ 165.276868][ T63] Call Trace: [ 165.276877][ T63] [ 165.276887][ T63] dump_stack_lvl+0x189/0x250 [ 165.276923][ T63] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.276954][ T63] ? __pfx_queue_work_on+0x10/0x10 [ 165.276973][ T63] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 165.276998][ T63] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 165.277036][ T63] f2fs_handle_critical_error+0x37c/0x540 [ 165.277074][ T63] f2fs_write_end_io+0x4e2/0x6d0 [ 165.277124][ T63] __submit_merged_bio+0x27a/0x6a0 [ 165.277161][ T63] __submit_merged_write_cond+0x255/0x530 [ 165.277198][ T63] f2fs_write_data_pages+0x2854/0x31f0 [ 165.277229][ T63] ? __lock_acquire+0xaac/0xd20 [ 165.277299][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 165.277347][ T63] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 165.277408][ T63] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 165.277454][ T63] ? trace_f2fs_writepages+0x7f/0x200 [ 165.277486][ T63] ? f2fs_write_node_pages+0x478/0x6e0 [ 165.277521][ T63] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 165.277562][ T63] ? has_not_enough_free_secs+0xd8b/0x1640 [ 165.277603][ T63] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 165.277636][ T63] do_writepages+0x3ae/0x7b0 [ 165.277674][ T63] ? __lock_acquire+0xaac/0xd20 [ 165.277711][ T63] ? __pfx_do_writepages+0x10/0x10 [ 165.277758][ T63] __writeback_single_inode+0x145/0xff0 [ 165.277787][ T63] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 165.277817][ T63] writeback_sb_inodes+0x6b5/0x1000 [ 165.277876][ T63] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 165.277952][ T63] ? rcu_is_watching+0x15/0xb0 [ 165.277996][ T63] wb_writeback+0x43b/0xaf0 [ 165.278033][ T63] ? queue_io+0x3a1/0x590 [ 165.278065][ T63] ? __pfx_wb_writeback+0x10/0x10 [ 165.278105][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 165.278134][ T63] wb_workfn+0x409/0xef0 [ 165.278175][ T63] ? __pfx_wb_workfn+0x10/0x10 [ 165.278196][ T63] ? register_lock_class+0x51/0x320 [ 165.278232][ T63] ? __lock_acquire+0xaac/0xd20 [ 165.278271][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 165.278312][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 165.278335][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 165.278368][ T63] ? process_scheduled_works+0x9ec/0x17a0 [ 165.278404][ T63] process_scheduled_works+0xadb/0x17a0 [ 165.278470][ T63] ? __pfx_process_scheduled_works+0x10/0x10 [ 165.278529][ T63] worker_thread+0x8a0/0xda0 [ 165.278579][ T63] kthread+0x70e/0x8a0 [ 165.278608][ T63] ? __pfx_worker_thread+0x10/0x10 [ 165.278628][ T63] ? __pfx_kthread+0x10/0x10 [ 165.278655][ T63] ? __pfx_kthread+0x10/0x10 [ 165.278679][ T63] ? _raw_spin_unlock_irq+0x23/0x50 [ 165.278702][ T63] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.278730][ T63] ? __pfx_kthread+0x10/0x10 [ 165.278753][ T63] ret_from_fork+0x4b/0x80 [ 165.278773][ T63] ? __pfx_kthread+0x10/0x10 [ 165.278799][ T63] ret_from_fork_asm+0x1a/0x30 [ 165.278850][ T63] [ 165.594480][ T63] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 165.616897][ T6094] VFS:Filesystem freeze failed [pid 6094] <... ioctl resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6100] <... ioctl resumed>) = ? [pid 6100] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=68 /* 0.68 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./19/binderfs") = 0 [pid 5824] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./19/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./19") = 0 [pid 5823] mkdir("./20", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./19/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./19/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./19") = 0 [pid 5824] mkdir("./20", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5824] <... close resumed>) = 0 ./strace-static-x86_64: Process 6101 attached [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6101 [pid 6101] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6101] chdir("./20" [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6101] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6102 attached [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6102 [pid 6102] set_robust_list(0x55558e3aa6a0, 24 [pid 6101] setpgid(0, 0 [pid 6102] <... set_robust_list resumed>) = 0 [pid 6101] <... setpgid resumed>) = 0 [pid 6102] chdir("./20" [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6102] <... chdir resumed>) = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6101] <... openat resumed>) = 3 [pid 6102] <... prctl resumed>) = 0 [pid 6102] setpgid(0, 0 [pid 6101] write(3, "1000", 4 [pid 6102] <... setpgid resumed>) = 0 [pid 6101] <... write resumed>) = 4 [pid 6101] close(3 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6101] <... close resumed>) = 0 [pid 6102] <... openat resumed>) = 3 [pid 6101] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6102] write(3, "1000", 4 [pid 6101] write(1, "executing program\n", 18 [pid 6102] <... write resumed>) = 4 [pid 6101] <... write resumed>) = 18 [pid 6102] close(3) = 0 [pid 6101] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6101] <... futex resumed>) = 0 executing program [pid 6102] write(1, "executing program\n", 18 [pid 6101] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 6102] <... write resumed>) = 18 [pid 6101] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6102] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6102] <... futex resumed>) = 0 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6102] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6101] <... mmap resumed>) = 0x7f836b53f000 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6101] <... mprotect resumed>) = 0 [pid 6102] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6101] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6101] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6102] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6103 attached [pid 6103] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 6104 attached ) = 0 [pid 6102] <... clone3 resumed> => {parent_tid=[6103]}, 88) = 6103 [pid 6104] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6103] set_robust_list(0x7f836b55f9a0, 24 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... clone3 resumed> => {parent_tid=[6104]}, 88) = 6104 [pid 6104] <... rseq resumed>) = 0 [pid 6103] <... set_robust_list resumed>) = 0 [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6104] set_robust_list(0x7f836b55f9a0, 24 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6104] <... set_robust_list resumed>) = 0 [pid 6102] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... futex resumed>) = 0 [pid 6101] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6101] <... futex resumed>) = 0 [pid 6104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6103] memfd_create("syzkaller", 0 [pid 6101] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6104] memfd_create("syzkaller", 0 [pid 6103] <... memfd_create resumed>) = 3 [pid 6104] <... memfd_create resumed>) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6103] <... mmap resumed>) = 0x7f8363000000 [pid 6104] <... mmap resumed>) = 0x7f8363000000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 6103] <... write resumed>) = 20699119 [pid 6104] munmap(0x7f8363000000, 138412032) = 0 [pid 6103] munmap(0x7f8363000000, 138412032 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6103] <... munmap resumed>) = 0 [pid 6104] <... openat resumed>) = 4 [pid 6104] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6104] close(3 [pid 6103] <... openat resumed>) = 4 [pid 6104] <... close resumed>) = 0 [pid 6103] ioctl(4, LOOP_SET_FD, 3 [pid 6104] close(4) = 0 [pid 6104] mkdir("./bus", 0777) = 0 [pid 6104] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6103] <... ioctl resumed>) = 0 [pid 6103] close(3) = 0 [pid 6103] close(4) = 0 [ 167.498446][ T6104] loop0: detected capacity change from 0 to 40427 [ 167.519909][ T6103] loop1: detected capacity change from 0 to 40427 [ 167.539128][ T6104] F2FS-fs (loop0): invalid crc value [pid 6103] mkdir("./bus", 0777) = 0 [ 167.554996][ T6103] F2FS-fs (loop1): invalid crc value [ 167.765545][ T6104] F2FS-fs (loop0): Start checkpoint disabled! [pid 6103] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6104] <... mount resumed>) = 0 [pid 6104] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6104] chdir("./bus") = 0 [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6104] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 167.806643][ T6104] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 167.828678][ T6103] F2FS-fs (loop1): Start checkpoint disabled! [pid 6101] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6104] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6104] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6104] <... futex resumed>) = 0 [pid 6104] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6103] <... mount resumed>) = 0 [pid 6104] <... openat resumed>) = 5 [pid 6103] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./bus") = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6103] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... futex resumed>) = 1 [pid 6103] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6104] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... futex resumed>) = 1 [pid 6103] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6104] <... futex resumed>) = 1 [pid 6103] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6104] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6103] <... futex resumed>) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6101] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6103] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6104] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 167.862375][ T6103] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6102] <... futex resumed>) = 0 [pid 6101] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 167.924310][ T3513] kworker/u8:7: attempt to access beyond end of device [ 167.924310][ T3513] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 167.956741][ T3494] kworker/u8:6: attempt to access beyond end of device [ 167.956741][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6102] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6101] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6101] <... futex resumed>) = 0 [pid 6102] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6102] <... futex resumed>) = 0 [pid 6101] <... mmap resumed>) = 0x7f836b51e000 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6101] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 6102] <... mmap resumed>) = 0x7f836b51e000 [pid 6101] <... mprotect resumed>) = 0 [pid 6102] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 6101] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6102] <... mprotect resumed>) = 0 [pid 6101] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6101] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6109 attached [pid 6102] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6109] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 6101] <... clone3 resumed> => {parent_tid=[6109]}, 88) = 6109 ./strace-static-x86_64: Process 6110 attached [pid 6109] <... rseq resumed>) = 0 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], [pid 6110] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6109] set_robust_list(0x7f836b53e9a0, 24 [pid 6102] <... clone3 resumed> => {parent_tid=[6110]}, 88) = 6110 [pid 6101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6110] <... rseq resumed>) = 0 [pid 6109] <... set_robust_list resumed>) = 0 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] set_robust_list(0x7f836b53e9a0, 24 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] <... futex resumed>) = 0 [pid 6110] <... set_robust_list resumed>) = 0 [pid 6109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6102] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] rt_sigprocmask(SIG_SETMASK, [], [pid 6109] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6102] <... futex resumed>) = 0 [pid 6110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6109] <... ioctl resumed>, 0x200000000180) = -1 EIO (Input/output error) [pid 6102] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6110] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6109] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6109] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6101] <... futex resumed>) = 0 [pid 6109] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 167.970902][ T3513] CPU: 1 UID: 0 PID: 3513 Comm: kworker/u8:7 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 167.970935][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.970950][ T3513] Workqueue: writeback wb_workfn (flush-7:0) [ 167.970999][ T3513] Call Trace: [ 167.971008][ T3513] [ 167.971017][ T3513] dump_stack_lvl+0x189/0x250 [ 167.971052][ T3513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.971082][ T3513] ? __pfx_queue_work_on+0x10/0x10 [pid 6101] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6102] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6102] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6111]}, 88) = 6111 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6102] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6111 attached [pid 6102] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6102] <... futex resumed>) = 0 [pid 6111] <... rseq resumed>) = 0 [pid 6102] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 167.971101][ T3513] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 167.971127][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 167.971164][ T3513] f2fs_handle_critical_error+0x37c/0x540 [ 167.971203][ T3513] f2fs_write_end_io+0x4e2/0x6d0 [ 167.971253][ T3513] __submit_merged_bio+0x27a/0x6a0 [ 167.971289][ T3513] __submit_merged_write_cond+0x255/0x530 [ 167.971326][ T3513] f2fs_write_data_pages+0x2854/0x31f0 [ 167.971357][ T3513] ? __lock_acquire+0xaac/0xd20 [pid 6111] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6102] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 167.971422][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 167.971471][ T3513] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 167.971493][ T3513] ? __lock_acquire+0xaac/0xd20 [ 167.971571][ T3513] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 167.971620][ T3513] ? trace_f2fs_writepages+0x7f/0x200 [ 167.971651][ T3513] ? f2fs_write_node_pages+0x478/0x6e0 [ 167.971684][ T3513] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 167.971717][ T3513] ? has_not_enough_free_secs+0xd8b/0x1640 [ 167.971756][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 167.971788][ T3513] do_writepages+0x3ae/0x7b0 [ 167.971825][ T3513] ? __lock_acquire+0xaac/0xd20 [ 167.971860][ T3513] ? __pfx_do_writepages+0x10/0x10 [ 167.971905][ T3513] __writeback_single_inode+0x145/0xff0 [ 167.971933][ T3513] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 167.971961][ T3513] writeback_sb_inodes+0x6b5/0x1000 [ 167.972017][ T3513] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 167.972090][ T3513] ? rcu_is_watching+0x15/0xb0 [ 167.972132][ T3513] wb_writeback+0x43b/0xaf0 [ 167.972169][ T3513] ? queue_io+0x3a1/0x590 [ 167.972200][ T3513] ? __pfx_wb_writeback+0x10/0x10 [ 167.972236][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.972285][ T3513] wb_workfn+0x409/0xef0 [ 167.972326][ T3513] ? __pfx_wb_workfn+0x10/0x10 [ 167.972347][ T3513] ? register_lock_class+0x51/0x320 [ 167.972384][ T3513] ? __lock_acquire+0xaac/0xd20 [ 167.972424][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 167.972465][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.972488][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 167.972520][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [pid 6102] exit_group(0) = ? [ 167.972556][ T3513] process_scheduled_works+0xadb/0x17a0 [ 167.972630][ T3513] ? __pfx_process_scheduled_works+0x10/0x10 [ 167.972685][ T3513] worker_thread+0x8a0/0xda0 [ 167.972709][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 167.972744][ T3513] ? __kthread_parkme+0x7b/0x200 [ 167.972777][ T3513] kthread+0x70e/0x8a0 [ 167.972806][ T3513] ? __pfx_worker_thread+0x10/0x10 [ 167.972826][ T3513] ? __pfx_kthread+0x10/0x10 [ 167.972852][ T3513] ? __pfx_kthread+0x10/0x10 [ 167.972877][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.972900][ T3513] ? lockdep_hardirqs_on+0x9c/0x150 [ 167.972928][ T3513] ? __pfx_kthread+0x10/0x10 [ 167.972952][ T3513] ret_from_fork+0x4b/0x80 [ 167.972972][ T3513] ? __pfx_kthread+0x10/0x10 [ 167.972997][ T3513] ret_from_fork_asm+0x1a/0x30 [ 167.973048][ T3513] [ 167.973057][ T3513] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 168.311242][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6101] exit_group(0) = ? [ 168.311273][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.311289][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 168.311323][ T3494] Call Trace: [ 168.311341][ T3494] [ 168.311351][ T3494] dump_stack_lvl+0x189/0x250 [ 168.311387][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.311418][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 168.311437][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 168.311463][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 168.311500][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 168.311539][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 168.311589][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 168.311626][ T3494] __submit_merged_write_cond+0x255/0x530 [ 168.311663][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 168.311695][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.311761][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.311809][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 168.311871][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 168.311916][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 168.311949][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 168.311984][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 168.312019][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 168.312059][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.312092][ T3494] do_writepages+0x3ae/0x7b0 [ 168.312131][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.312167][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 168.312214][ T3494] __writeback_single_inode+0x145/0xff0 [ 168.312244][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 168.312273][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 168.312339][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 168.312414][ T3494] ? rcu_is_watching+0x15/0xb0 [ 168.312457][ T3494] wb_writeback+0x43b/0xaf0 [ 168.312497][ T3494] ? queue_io+0x3a1/0x590 [ 168.312530][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 168.312569][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.312599][ T3494] wb_workfn+0x409/0xef0 [ 168.312641][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 168.312663][ T3494] ? register_lock_class+0x51/0x320 [ 168.312700][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.312740][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.312782][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.312806][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.312838][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.312875][ T3494] process_scheduled_works+0xadb/0x17a0 [ 168.312943][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 168.312997][ T3494] worker_thread+0x8a0/0xda0 [ 168.313049][ T3494] kthread+0x70e/0x8a0 [ 168.313079][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 168.313099][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.313126][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.313149][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.313173][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.313201][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.313225][ T3494] ret_from_fork+0x4b/0x80 [ 168.313245][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.313269][ T3494] ret_from_fork_asm+0x1a/0x30 [ 168.313320][ T3494] [ 168.313340][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 168.456583][ T3513] CPU: 0 UID: 0 PID: 3513 Comm: kworker/u8:7 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 168.456616][ T3513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.456632][ T3513] Workqueue: writeback wb_workfn (flush-7:0) [ 168.456671][ T3513] Call Trace: [ 168.456680][ T3513] [ 168.456692][ T3513] dump_stack_lvl+0x189/0x250 [ 168.456731][ T3513] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.456763][ T3513] ? __pfx_queue_work_on+0x10/0x10 [ 168.456784][ T3513] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 168.456811][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 168.456852][ T3513] f2fs_handle_critical_error+0x37c/0x540 [ 168.456895][ T3513] f2fs_write_end_io+0x4e2/0x6d0 [ 168.456949][ T3513] __submit_merged_bio+0x27a/0x6a0 [ 168.456988][ T3513] __submit_merged_write_cond+0x255/0x530 [ 168.457027][ T3513] f2fs_write_data_pages+0x2854/0x31f0 [ 168.457059][ T3513] ? __lock_acquire+0xaac/0xd20 [ 168.457129][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.457180][ T3513] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 168.457203][ T3513] ? __lock_acquire+0xaac/0xd20 [ 168.457272][ T3513] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 168.457320][ T3513] ? trace_f2fs_writepages+0x7f/0x200 [ 168.457353][ T3513] ? f2fs_write_node_pages+0x478/0x6e0 [ 168.457390][ T3513] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 168.457426][ T3513] ? has_not_enough_free_secs+0xd8b/0x1640 [ 168.457469][ T3513] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.457504][ T3513] do_writepages+0x3ae/0x7b0 [ 168.457545][ T3513] ? __lock_acquire+0xaac/0xd20 [ 168.457591][ T3513] ? __pfx_do_writepages+0x10/0x10 [ 168.457639][ T3513] __writeback_single_inode+0x145/0xff0 [ 168.457671][ T3513] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 168.457702][ T3513] writeback_sb_inodes+0x6b5/0x1000 [ 168.457764][ T3513] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 168.457844][ T3513] ? rcu_is_watching+0x15/0xb0 [ 168.457889][ T3513] wb_writeback+0x43b/0xaf0 [ 168.457930][ T3513] ? queue_io+0x3a1/0x590 [ 168.457964][ T3513] ? __pfx_wb_writeback+0x10/0x10 [ 168.458005][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.458037][ T3513] wb_workfn+0x409/0xef0 [ 168.458080][ T3513] ? __pfx_wb_workfn+0x10/0x10 [ 168.458102][ T3513] ? register_lock_class+0x51/0x320 [ 168.458141][ T3513] ? __lock_acquire+0xaac/0xd20 [ 168.458184][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 168.458226][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.458251][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 168.458285][ T3513] ? process_scheduled_works+0x9ec/0x17a0 [ 168.458317][ T3513] process_scheduled_works+0xadb/0x17a0 [ 168.458384][ T3513] ? __pfx_process_scheduled_works+0x10/0x10 [ 168.458440][ T3513] worker_thread+0x8a0/0xda0 [ 168.458466][ T3513] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 168.458504][ T3513] ? __kthread_parkme+0x7b/0x200 [ 168.458538][ T3513] kthread+0x70e/0x8a0 [ 168.458575][ T3513] ? __pfx_worker_thread+0x10/0x10 [ 168.458594][ T3513] ? __pfx_kthread+0x10/0x10 [ 168.458621][ T3513] ? __pfx_kthread+0x10/0x10 [ 168.458647][ T3513] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.458672][ T3513] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.458703][ T3513] ? __pfx_kthread+0x10/0x10 [ 168.458729][ T3513] ret_from_fork+0x4b/0x80 [ 168.458749][ T3513] ? __pfx_kthread+0x10/0x10 [ 168.458776][ T3513] ret_from_fork_asm+0x1a/0x30 [ 168.458830][ T3513] [ 168.458839][ T3513] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 168.463912][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 168.463943][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.463959][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 168.463992][ T3494] Call Trace: [ 168.464001][ T3494] [ 168.464011][ T3494] dump_stack_lvl+0x189/0x250 [ 168.464050][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.464082][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 168.464102][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 168.464129][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 168.464173][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 168.464215][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 168.464273][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 168.464324][ T3494] __submit_merged_write_cond+0x255/0x530 [ 168.464366][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 168.464399][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.464478][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.464533][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 168.464607][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 168.464658][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 168.464694][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 168.464734][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 168.464782][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 168.464824][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 168.464859][ T3494] do_writepages+0x3ae/0x7b0 [ 168.464901][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.464942][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 168.465013][ T3494] __writeback_single_inode+0x145/0xff0 [ 168.465045][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 168.465080][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 168.465150][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 168.465243][ T3494] ? rcu_is_watching+0x15/0xb0 [ 168.465291][ T3494] wb_writeback+0x43b/0xaf0 [ 168.465340][ T3494] ? queue_io+0x3a1/0x590 [ 168.465377][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 168.465420][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.465455][ T3494] wb_workfn+0x409/0xef0 [ 168.465503][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 168.465526][ T3494] ? register_lock_class+0x51/0x320 [ 168.465577][ T3494] ? __lock_acquire+0xaac/0xd20 [ 168.465621][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.465665][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.465688][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.465722][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 168.465759][ T3494] process_scheduled_works+0xadb/0x17a0 [ 168.465854][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 168.465916][ T3494] worker_thread+0x8a0/0xda0 [ 168.465978][ T3494] kthread+0x70e/0x8a0 [ 168.466011][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 168.466033][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.466061][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.466088][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.466113][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.466143][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.466183][ T3494] ret_from_fork+0x4b/0x80 [ 168.466205][ T3494] ? __pfx_kthread+0x10/0x10 [ 168.466233][ T3494] ret_from_fork_asm+0x1a/0x30 [ 168.466291][ T3494] [ 168.466306][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6111] <... ioctl resumed>) = ? [pid 6110] <... ioctl resumed> ) = ? [pid 6109] <... ioctl resumed>) = ? [pid 6104] <... ioctl resumed>) = ? [pid 6103] <... ioctl resumed>) = ? [pid 6111] +++ exited with 0 +++ [pid 6110] +++ exited with 0 +++ [pid 6109] +++ exited with 0 +++ [pid 6104] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} --- [pid 5823] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", [pid 6103] +++ exited with 0 +++ [pid 6102] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6102, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=34 /* 0.34 s */} --- [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] <... openat resumed>) = 3 [pid 5823] newfstatat(AT_FDCWD, "./20/binderfs", [pid 5824] newfstatat(3, "", [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 169.279829][ T6104] VFS:Filesystem freeze failed [ 169.284940][ T6103] VFS:Filesystem freeze failed [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] unlink("./20/binderfs" [pid 5824] getdents64(3, [pid 5823] <... unlink resumed>) = 0 [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./20/binderfs") = 0 [pid 5824] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5824] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./20/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./20") = 0 [pid 5824] mkdir("./21", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./20/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./20/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./20") = 0 [pid 5823] mkdir("./21", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6112 attached , child_tidptr=0x55558e3aa690) = 6112 [pid 6112] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6112] chdir("./21") = 0 [pid 6112] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6112] setpgid(0, 0executing program ) = 0 [pid 6112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6112] write(3, "1000", 4) = 4 [pid 6112] close(3) = 0 [pid 6112] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6112] write(1, "executing program\n", 18) = 18 [pid 6112] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6112] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6112] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6113 attached => {parent_tid=[6113]}, 88) = 6113 [pid 6113] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6113] <... rseq resumed>) = 0 [pid 6113] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], [pid 6112] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6112] <... futex resumed>) = 0 [pid 6113] memfd_create("syzkaller", 0 [pid 6112] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6113] <... memfd_create resumed>) = 3 [pid 6113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6114 ./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6114] chdir("./21") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 executing program [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] write(1, "executing program\n", 18) = 18 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6114] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6115 attached [pid 6115] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] <... rseq resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6115] set_robust_list(0x7f836b55f9a0, 24 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6114] <... futex resumed>) = 0 [pid 6115] memfd_create("syzkaller", 0 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] <... memfd_create resumed>) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6113] <... write resumed>) = 20699119 [pid 6113] munmap(0x7f8363000000, 138412032) = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6113] close(3) = 0 [pid 6113] close(4) = 0 [pid 6113] mkdir("./bus", 0777) = 0 [ 170.984036][ T6113] loop1: detected capacity change from 0 to 40427 [ 171.037915][ T6113] F2FS-fs (loop1): invalid crc value [ 171.256789][ T6113] F2FS-fs (loop1): Start checkpoint disabled! [pid 6113] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6113] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6113] chdir("./bus") = 0 [pid 6113] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6113] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6113] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6113] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6113] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 171.306990][ T6113] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6112] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6113] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6112] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] <... openat resumed>) = 5 [pid 6113] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] <... futex resumed>) = 0 [pid 6113] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6112] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... write resumed>) = 20699119 [ 171.377188][ T3494] kworker/u8:6: attempt to access beyond end of device [ 171.377188][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6115] munmap(0x7f8363000000, 138412032 [pid 6112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6112] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6112] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6112] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6112] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6118]}, 88) = 6118 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6112] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... munmap resumed>) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 171.413606][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 171.413639][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.413654][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 171.413687][ T3494] Call Trace: [ 171.413695][ T3494] [ 171.413705][ T3494] dump_stack_lvl+0x189/0x250 [ 171.413739][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.413768][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 171.413787][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 171.413811][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 171.413847][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 171.413885][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 171.413933][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 171.413969][ T3494] __submit_merged_write_cond+0x255/0x530 [ 171.414004][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 171.414034][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.414096][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 171.414161][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 171.414231][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 171.414277][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 171.414309][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 171.414344][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 171.414379][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 171.414419][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 171.414452][ T3494] do_writepages+0x3ae/0x7b0 [ 171.414491][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.414527][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 171.414574][ T3494] __writeback_single_inode+0x145/0xff0 [pid 6115] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6118 attached [pid 6118] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6118] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6118] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 171.414603][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 171.414633][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 171.414692][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 171.414768][ T3494] ? rcu_is_watching+0x15/0xb0 [ 171.414811][ T3494] wb_writeback+0x43b/0xaf0 [ 171.414849][ T3494] ? queue_io+0x3a1/0x590 [ 171.414881][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 171.414920][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.414950][ T3494] wb_workfn+0x409/0xef0 [ 171.414991][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 171.415013][ T3494] ? register_lock_class+0x51/0x320 [ 171.415049][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.415089][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.415130][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.415153][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.415185][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.415227][ T3494] process_scheduled_works+0xadb/0x17a0 [ 171.415294][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 171.415347][ T3494] worker_thread+0x8a0/0xda0 [pid 6118] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6118] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 171.415410][ T3494] kthread+0x70e/0x8a0 [ 171.415438][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 171.415457][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.415483][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.415505][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.415528][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.415554][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.415577][ T3494] ret_from_fork+0x4b/0x80 [ 171.415597][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.415620][ T3494] ret_from_fork_asm+0x1a/0x30 [ 171.415668][ T3494] [pid 6112] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 171.415677][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 171.474298][ T6115] loop0: detected capacity change from 0 to 40427 [ 171.756683][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 171.756716][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.756732][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 171.756766][ T3494] Call Trace: [ 171.756774][ T3494] [ 171.756785][ T3494] dump_stack_lvl+0x189/0x250 [ 171.756820][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.756851][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 171.756869][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 171.756895][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 171.756933][ T3494] f2fs_handle_critical_error+0x37c/0x540 [pid 6115] <... ioctl resumed>) = 0 [pid 6115] close(3) = 0 [pid 6115] close(4) = 0 [pid 6115] mkdir("./bus", 0777) = 0 [ 171.756972][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 171.757023][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 171.757062][ T3494] __submit_merged_write_cond+0x255/0x530 [ 171.757099][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 171.757131][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.757196][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 171.757245][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 171.757306][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 171.757352][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 171.757384][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 171.757436][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 171.757468][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 171.757507][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 171.757538][ T3494] do_writepages+0x3ae/0x7b0 [ 171.757575][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.757610][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 171.757655][ T3494] __writeback_single_inode+0x145/0xff0 [ 171.757683][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 171.757723][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 171.757789][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 171.757863][ T3494] ? rcu_is_watching+0x15/0xb0 [ 171.757905][ T3494] wb_writeback+0x43b/0xaf0 [ 171.757941][ T3494] ? queue_io+0x3a1/0x590 [ 171.757972][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 171.758009][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.758038][ T3494] wb_workfn+0x409/0xef0 [ 171.758077][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 171.758098][ T3494] ? register_lock_class+0x51/0x320 [ 171.758133][ T3494] ? __lock_acquire+0xaac/0xd20 [ 171.758171][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.758211][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.758234][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.758266][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 171.758301][ T3494] process_scheduled_works+0xadb/0x17a0 [ 171.758365][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 171.758423][ T3494] worker_thread+0x8a0/0xda0 [ 171.758472][ T3494] kthread+0x70e/0x8a0 [ 171.758500][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 171.758519][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.758544][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.758567][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 171.758589][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 171.758615][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.758638][ T3494] ret_from_fork+0x4b/0x80 [ 171.758658][ T3494] ? __pfx_kthread+0x10/0x10 [ 171.758681][ T3494] ret_from_fork_asm+0x1a/0x30 [ 171.758731][ T3494] [ 171.758739][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 171.885580][ T6115] F2FS-fs (loop0): invalid crc value [pid 6115] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6113] <... ioctl resumed>) = -1 EIO (Input/output error) [ 172.117645][ T6113] VFS:Filesystem freeze failed [pid 6118] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6113] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] <... futex resumed>) = 0 [pid 6112] exit_group(0) = ? [pid 6118] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ [pid 6112] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6112, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} --- [pid 5824] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./21/binderfs") = 0 [pid 5824] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6115] <... mount resumed>) = 0 [pid 6115] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./bus") = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [pid 6115] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 5824] <... umount2 resumed>) = 0 [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 1 [ 172.541552][ T6115] F2FS-fs (loop0): Start checkpoint disabled! [ 172.553821][ T6115] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6115] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6115] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 0 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] newfstatat(AT_FDCWD, "./21/bus", [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 172.616959][ T36] kworker/u8:2: attempt to access beyond end of device [ 172.616959][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 172.643708][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 172.643741][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.643755][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 172.643788][ T36] Call Trace: [ 172.643797][ T36] [ 172.643806][ T36] dump_stack_lvl+0x189/0x250 [ 172.643842][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.643872][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 172.643891][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 172.643916][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 172.643955][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 172.643995][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 172.644048][ T36] __submit_merged_bio+0x27a/0x6a0 [ 172.644085][ T36] __submit_merged_write_cond+0x255/0x530 [ 172.644124][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 172.644155][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.644227][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 172.644277][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 172.644383][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.644427][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 172.644468][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 172.644501][ T36] do_writepages+0x3ae/0x7b0 [ 172.644540][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.644578][ T36] ? __pfx_do_writepages+0x10/0x10 [ 172.644628][ T36] __writeback_single_inode+0x145/0xff0 [ 172.644658][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 172.644689][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 172.644752][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 172.644837][ T36] ? rcu_is_watching+0x15/0xb0 [ 172.644881][ T36] wb_writeback+0x43b/0xaf0 [ 172.644921][ T36] ? queue_io+0x3a1/0x590 [ 172.644953][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 172.644993][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.645024][ T36] wb_workfn+0x409/0xef0 [ 172.645069][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 172.645090][ T36] ? register_lock_class+0x51/0x320 [ 172.645128][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.645169][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.645212][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.645234][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.645265][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.645307][ T36] process_scheduled_works+0xadb/0x17a0 [ 172.645380][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 172.645437][ T36] worker_thread+0x8a0/0xda0 [ 172.645462][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 172.645498][ T36] ? __kthread_parkme+0x7b/0x200 [ 172.645533][ T36] kthread+0x70e/0x8a0 [ 172.645562][ T36] ? __pfx_worker_thread+0x10/0x10 [ 172.645582][ T36] ? __pfx_kthread+0x10/0x10 [ 172.645609][ T36] ? __pfx_kthread+0x10/0x10 [ 172.645632][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.645656][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.645683][ T36] ? __pfx_kthread+0x10/0x10 [ 172.645706][ T36] ret_from_fork+0x4b/0x80 [ 172.645726][ T36] ? __pfx_kthread+0x10/0x10 [ 172.645751][ T36] ret_from_fork_asm+0x1a/0x30 [ 172.645805][ T36] [ 172.948499][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 172.955460][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 172.955489][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.955504][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 172.955536][ T36] Call Trace: [ 172.955544][ T36] [ 172.955553][ T36] dump_stack_lvl+0x189/0x250 [ 172.955588][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.955617][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 172.955635][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 172.955660][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 172.955696][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 172.955733][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 172.955781][ T36] __submit_merged_bio+0x27a/0x6a0 [ 172.955816][ T36] __submit_merged_write_cond+0x255/0x530 [ 172.955851][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 172.955881][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.955944][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 172.955990][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 172.956081][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.956121][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 172.956160][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 172.956191][ T36] do_writepages+0x3ae/0x7b0 [ 172.956228][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.956264][ T36] ? __pfx_do_writepages+0x10/0x10 [ 172.956308][ T36] __writeback_single_inode+0x145/0xff0 [ 172.956337][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 172.956366][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 172.956422][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 172.956494][ T36] ? rcu_is_watching+0x15/0xb0 [ 172.956535][ T36] wb_writeback+0x43b/0xaf0 [ 172.956569][ T36] ? queue_io+0x3a1/0x590 [ 172.956597][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 172.956635][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.956662][ T36] wb_workfn+0x409/0xef0 [ 172.956698][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 172.956714][ T36] ? register_lock_class+0x51/0x320 [ 172.956742][ T36] ? __lock_acquire+0xaac/0xd20 [ 172.956772][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.956803][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.956820][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.956844][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 172.956871][ T36] process_scheduled_works+0xadb/0x17a0 [ 172.956920][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 172.956960][ T36] worker_thread+0x8a0/0xda0 [ 172.956978][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 172.957003][ T36] ? __kthread_parkme+0x7b/0x200 [ 172.957028][ T36] kthread+0x70e/0x8a0 [ 172.957056][ T36] ? __pfx_worker_thread+0x10/0x10 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 172.957071][ T36] ? __pfx_kthread+0x10/0x10 [ 172.957091][ T36] ? __pfx_kthread+0x10/0x10 [ 172.957109][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 172.957127][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.957147][ T36] ? __pfx_kthread+0x10/0x10 [ 172.957165][ T36] ret_from_fork+0x4b/0x80 [ 172.957180][ T36] ? __pfx_kthread+0x10/0x10 [ 172.957199][ T36] ret_from_fork_asm+0x1a/0x30 [ 172.957237][ T36] [ 173.258496][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 173.266963][ T6115] VFS:Filesystem freeze failed [pid 6114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] getdents64(4, [pid 6115] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6115] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 5824] getdents64(4, [pid 6115] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] close(4 [pid 6115] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5824] <... close resumed>) = 0 [pid 6114] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] rmdir("./21/bus" [pid 6115] <... futex resumed>) = 0 [pid 6114] <... futex resumed>) = 1 [pid 5824] <... rmdir resumed>) = 0 [pid 6115] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6114] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] getdents64(3, [pid 6115] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6115] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 6115] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 0 [pid 5824] close(3 [pid 6115] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] exit_group(0 [pid 5824] <... close resumed>) = 0 [pid 6115] <... futex resumed>) = ? [pid 6114] <... exit_group resumed>) = ? [pid 5824] rmdir("./21" [pid 6115] +++ exited with 0 +++ [pid 6114] +++ exited with 0 +++ [pid 5824] <... rmdir resumed>) = 0 [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6114, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=79 /* 0.79 s */} --- [pid 5824] mkdir("./22", 0777 [pid 5823] umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... mkdir resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] <... openat resumed>) = 3 [pid 5823] openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] <... openat resumed>) = 3 [pid 5824] close(3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./21/binderfs") = 0 [pid 5823] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6121 ./strace-static-x86_64: Process 6121 attached [pid 6121] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6121] chdir("./22") = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6121] setpgid(0, 0 [pid 5823] <... umount2 resumed>) = 0 [pid 6121] <... setpgid resumed>) = 0 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6121] write(3, "1000", 4) = 4 [pid 6121] close(3) = 0 [pid 6121] symlink("/dev/binderfs", "./binderfs" [pid 5823] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6121] <... symlink resumed>) = 0 [pid 5823] newfstatat(AT_FDCWD, "./21/bus", executing program [pid 6121] write(1, "executing program\n", 18 [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6121] <... write resumed>) = 18 [pid 5823] umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6121] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] openat(AT_FDCWD, "./21/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6121] <... futex resumed>) = 0 [pid 5823] <... openat resumed>) = 4 [pid 6121] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, [pid 5823] newfstatat(4, "", [pid 6121] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6121] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5823] getdents64(4, [pid 6121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5823] <... getdents64 resumed>0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 6121] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5823] getdents64(4, [pid 6121] <... mprotect resumed>) = 0 [pid 5823] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4 [pid 6121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6122 attached [pid 5823] <... close resumed>) = 0 [pid 5823] rmdir("./21/bus" [pid 6121] <... clone3 resumed> => {parent_tid=[6122]}, 88) = 6122 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5823] <... rmdir resumed>) = 0 [pid 6122] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 5823] getdents64(3, [pid 6122] <... rseq resumed>) = 0 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 6122] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 5823] close(3) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5823] rmdir("./21" [pid 6122] memfd_create("syzkaller", 0 [pid 5823] <... rmdir resumed>) = 0 [pid 6122] <... memfd_create resumed>) = 3 [pid 5823] mkdir("./22", 0777) = 0 [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6122] <... mmap resumed>) = 0x7f8363000000 [pid 5823] <... openat resumed>) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6123 ./strace-static-x86_64: Process 6123 attached [pid 6123] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6123] chdir("./22") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6123] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6123] write(1, "executing program\n", 18) = 18 [pid 6123] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6123] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6124]}, 88) = 6124 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6124 attached [pid 6124] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6124] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6124] memfd_create("syzkaller", 0) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6122] <... write resumed>) = 20699119 [pid 6122] munmap(0x7f8363000000, 138412032) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6122] close(3) = 0 [pid 6122] close(4) = 0 [pid 6122] mkdir("./bus", 0777) = 0 [ 175.058259][ T6122] loop1: detected capacity change from 0 to 40427 [ 175.083880][ T6122] F2FS-fs (loop1): invalid crc value [ 175.246686][ T6122] F2FS-fs (loop1): Start checkpoint disabled! [pid 6122] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6122] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6122] chdir("./bus") = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6122] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6122] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6122] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6121] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] <... openat resumed>) = 4 [pid 6122] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] <... futex resumed>) = 0 [ 175.297126][ T6122] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6121] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] <... futex resumed>) = 0 [pid 6122] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6122] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6122] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6122] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 175.393666][ T3494] kworker/u8:6: attempt to access beyond end of device [ 175.393666][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 175.426561][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 175.426596][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.426612][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 175.426647][ T3494] Call Trace: [ 175.426656][ T3494] [ 175.426666][ T3494] dump_stack_lvl+0x189/0x250 [ 175.426703][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.426734][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 175.426753][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 175.426779][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 175.426828][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 175.426870][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 175.426924][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 175.426963][ T3494] __submit_merged_write_cond+0x255/0x530 [ 175.427003][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 175.427035][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.427110][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 175.427163][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 175.427234][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 175.427283][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 175.427316][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 175.427353][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 175.427389][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 175.427431][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 175.427465][ T3494] do_writepages+0x3ae/0x7b0 [ 175.427506][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.427546][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 175.427606][ T3494] __writeback_single_inode+0x145/0xff0 [ 175.427635][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 175.427667][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 175.427734][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 175.427827][ T3494] ? rcu_is_watching+0x15/0xb0 [ 175.427873][ T3494] wb_writeback+0x43b/0xaf0 [ 175.427914][ T3494] ? queue_io+0x3a1/0x590 [ 175.427948][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 175.427990][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.428022][ T3494] wb_workfn+0x409/0xef0 [ 175.428068][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 175.428090][ T3494] ? register_lock_class+0x51/0x320 [ 175.428128][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.428171][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.428215][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.428239][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.428273][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.428311][ T3494] process_scheduled_works+0xadb/0x17a0 [ 175.428387][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 175.428447][ T3494] worker_thread+0x8a0/0xda0 [ 175.428505][ T3494] kthread+0x70e/0x8a0 [ 175.428538][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 175.428559][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.428587][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.428612][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.428637][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.428666][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.428692][ T3494] ret_from_fork+0x4b/0x80 [ 175.428713][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.428739][ T3494] ret_from_fork_asm+0x1a/0x30 [ 175.428796][ T3494] [ 175.428806][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 175.746611][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 175.746644][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.746661][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 175.746695][ T3494] Call Trace: [ 175.746705][ T3494] [ 175.746715][ T3494] dump_stack_lvl+0x189/0x250 [ 175.746747][ T3494] ? preempt_schedule_thunk+0x16/0x30 [ 175.746776][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6121] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... write resumed>) = 20699119 [pid 6121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 175.746815][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 175.746835][ T3494] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 175.746862][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 175.746904][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 175.746946][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 175.747002][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 175.747042][ T3494] __submit_merged_write_cond+0x255/0x530 [ 175.747084][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 175.747115][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.747190][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 175.747243][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 175.747315][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 175.747365][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 175.747399][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 175.747437][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 175.747473][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 175.747517][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 175.747551][ T3494] do_writepages+0x3ae/0x7b0 [ 175.747593][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.747633][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 175.747685][ T3494] __writeback_single_inode+0x145/0xff0 [ 175.747727][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 175.747757][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 175.747846][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 175.747935][ T3494] ? rcu_is_watching+0x15/0xb0 [ 175.747982][ T3494] wb_writeback+0x43b/0xaf0 [ 175.748024][ T3494] ? queue_io+0x3a1/0x590 [ 175.748059][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 175.748102][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.748135][ T3494] wb_workfn+0x409/0xef0 [ 175.748182][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 175.748204][ T3494] ? register_lock_class+0x51/0x320 [ 175.748244][ T3494] ? __lock_acquire+0xaac/0xd20 [ 175.748288][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.748342][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.748365][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.748396][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 175.748433][ T3494] process_scheduled_works+0xadb/0x17a0 [ 175.748506][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 175.748564][ T3494] worker_thread+0x8a0/0xda0 [ 175.748621][ T3494] kthread+0x70e/0x8a0 [ 175.748651][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 175.748671][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.748699][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.748723][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 175.748746][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 175.748774][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.748804][ T3494] ret_from_fork+0x4b/0x80 [pid 6121] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] munmap(0x7f8363000000, 138412032 [pid 6121] <... futex resumed>) = 0 [pid 6121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6121] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6121] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6124] <... munmap resumed>) = 0 [pid 6121] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6127]}, 88) = 6127 [pid 6122] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6121] rt_sigprocmask(SIG_SETMASK, [], [pid 6122] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6127 attached [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6122] <... futex resumed>) = 0 [pid 6121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6122] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6127] <... rseq resumed>) = 0 [pid 6127] set_robust_list(0x7f836b53e9a0, 24 [ 175.748824][ T3494] ? __pfx_kthread+0x10/0x10 [ 175.748850][ T3494] ret_from_fork_asm+0x1a/0x30 [ 175.748905][ T3494] [ 175.748913][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 176.082735][ T6122] VFS:Filesystem freeze failed [pid 6121] <... futex resumed>) = 0 [pid 6127] <... set_robust_list resumed>) = 0 [pid 6124] <... openat resumed>) = 4 [pid 6121] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] ioctl(4, LOOP_SET_FD, 3 [pid 6127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6127] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6127] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6127] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6121] <... futex resumed>) = 1 [pid 6122] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6121] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6122] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6121] exit_group(0 [pid 6127] <... futex resumed>) = ? [pid 6121] <... exit_group resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=37 /* 0.37 s */} --- [pid 5824] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./22/binderfs") = 0 [pid 5824] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6124] <... ioctl resumed>) = 0 [pid 6124] close(3) = 0 [pid 6124] close(4) = 0 [pid 6124] mkdir("./bus", 0777) = 0 [ 176.102269][ T6124] loop0: detected capacity change from 0 to 40427 [ 176.160417][ T6124] F2FS-fs (loop0): invalid crc value [ 176.416738][ T6124] F2FS-fs (loop0): Start checkpoint disabled! [pid 6124] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6124] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./bus") = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6124] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] <... futex resumed>) = 0 [pid 6124] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6123] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] <... futex resumed>) = 0 [pid 6124] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 176.457060][ T6124] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6123] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6123] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6124] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = 0 [pid 6124] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6123] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 176.532219][ T3494] kworker/u8:6: attempt to access beyond end of device [ 176.532219][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 176.596552][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 176.596584][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.596597][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 176.596626][ T3494] Call Trace: [ 176.596633][ T3494] [ 176.596641][ T3494] dump_stack_lvl+0x189/0x250 [ 176.596670][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.596696][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 176.596716][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 176.596739][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 176.596768][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 176.596800][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 176.596840][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 176.596868][ T3494] __submit_merged_write_cond+0x255/0x530 [ 176.596898][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 176.596923][ T3494] ? __lock_acquire+0xaac/0xd20 [ 176.596982][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6123] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6123] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6130]}, 88) = 6130 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6123] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6123] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6131]}, 88) = 6131 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6123] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6131 attached [pid 6131] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6131] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 176.597024][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 176.597070][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 176.597105][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 176.597131][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 176.597159][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 176.597186][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 176.597218][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 176.597245][ T3494] do_writepages+0x3ae/0x7b0 [ 176.597275][ T3494] ? __lock_acquire+0xaac/0xd20 [pid 6131] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6123] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 176.597304][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 176.597340][ T3494] __writeback_single_inode+0x145/0xff0 [ 176.597364][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 176.597388][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 176.597433][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 176.597491][ T3494] ? rcu_is_watching+0x15/0xb0 [ 176.597526][ T3494] wb_writeback+0x43b/0xaf0 [ 176.597556][ T3494] ? queue_io+0x3a1/0x590 [ 176.597581][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 176.597611][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.597635][ T3494] wb_workfn+0x409/0xef0 [ 176.597668][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 176.597685][ T3494] ? register_lock_class+0x51/0x320 [ 176.597715][ T3494] ? __lock_acquire+0xaac/0xd20 [ 176.597747][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.597779][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.597802][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.597828][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.597857][ T3494] process_scheduled_works+0xadb/0x17a0 [ 176.597909][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 176.597950][ T3494] worker_thread+0x8a0/0xda0 [ 176.597997][ T3494] kthread+0x70e/0x8a0 [ 176.598020][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 176.598036][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.598057][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.598076][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.598095][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.598117][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.598136][ T3494] ret_from_fork+0x4b/0x80 ./strace-static-x86_64: Process 6130 attached [pid 6130] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 5824] <... umount2 resumed>) = 0 [pid 6130] set_robust_list(0x7f836b53e9a0, 24 [ 176.598153][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.598173][ T3494] ret_from_fork_asm+0x1a/0x30 [ 176.598213][ T3494] [ 176.598225][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 176.920779][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 176.920812][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 5824] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./22/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./22") = 0 [pid 5824] mkdir("./23", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 176.920828][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 176.920862][ T3494] Call Trace: [ 176.920871][ T3494] [ 176.920881][ T3494] dump_stack_lvl+0x189/0x250 [ 176.920920][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.920951][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 176.920971][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 176.920997][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 176.921037][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 176.921089][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 176.921144][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 176.921184][ T3494] __submit_merged_write_cond+0x255/0x530 [ 176.921225][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 176.921256][ T3494] ? __lock_acquire+0xaac/0xd20 [ 176.921332][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 176.921384][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 176.921452][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 176.921502][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 176.921536][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 176.921573][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 176.921621][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 176.921663][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 176.921697][ T3494] do_writepages+0x3ae/0x7b0 [ 176.921738][ T3494] ? __lock_acquire+0xaac/0xd20 [ 176.921777][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 176.921827][ T3494] __writeback_single_inode+0x145/0xff0 [ 176.921858][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 176.921890][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 176.921955][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 176.922034][ T3494] ? rcu_is_watching+0x15/0xb0 [ 176.922090][ T3494] wb_writeback+0x43b/0xaf0 [ 176.922131][ T3494] ? queue_io+0x3a1/0x590 [ 176.922166][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 176.922207][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.922240][ T3494] wb_workfn+0x409/0xef0 [ 176.922286][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 176.922307][ T3494] ? register_lock_class+0x51/0x320 [ 176.922345][ T3494] ? __lock_acquire+0xaac/0xd20 [ 176.922387][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.922448][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.922472][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.922505][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 176.922542][ T3494] process_scheduled_works+0xadb/0x17a0 [ 176.922619][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 176.922679][ T3494] worker_thread+0x8a0/0xda0 [ 176.922739][ T3494] kthread+0x70e/0x8a0 [ 176.922770][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 176.922791][ T3494] ? __pfx_kthread+0x10/0x10 [pid 5824] close(3 [pid 6130] <... set_robust_list resumed>) = 0 [pid 6130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6130] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6130] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.922820][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.922845][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 176.922869][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 176.922898][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.922923][ T3494] ret_from_fork+0x4b/0x80 [ 176.922944][ T3494] ? __pfx_kthread+0x10/0x10 [ 176.922970][ T3494] ret_from_fork_asm+0x1a/0x30 [ 176.923027][ T3494] [ 176.923037][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 177.246553][ T6124] VFS:Filesystem freeze failed [pid 6130] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6124] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6123] exit_group(0 [pid 6131] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6123] <... exit_group resumed>) = ? [pid 6130] <... futex resumed>) = ? [pid 6130] +++ exited with 0 +++ [pid 6124] +++ exited with 0 +++ [pid 6131] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6123, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./22/binderfs") = 0 [pid 5823] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6133 ./strace-static-x86_64: Process 6133 attached [pid 6133] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6133] chdir("./23") = 0 [pid 6133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6133] setpgid(0, 0executing program ) = 0 [pid 6133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6133] write(3, "1000", 4) = 4 [pid 6133] close(3) = 0 [pid 6133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6133] write(1, "executing program\n", 18) = 18 [pid 6133] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6133] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6133] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6134 attached => {parent_tid=[6134]}, 88) = 6134 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6134] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6134] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] memfd_create("syzkaller", 0) = 3 [pid 6134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./22/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./22/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./22") = 0 [pid 5823] mkdir("./23", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6135 ./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6135] chdir("./23") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6135] write(1, "executing program\n", 18executing program ) = 18 [pid 6135] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6135] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6136 attached => {parent_tid=[6136]}, 88) = 6136 [pid 6136] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6136] <... rseq resumed>) = 0 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6136] set_robust_list(0x7f836b55f9a0, 24 [pid 6135] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... set_robust_list resumed>) = 0 [pid 6135] <... futex resumed>) = 0 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6134] <... write resumed>) = 20699119 [pid 6134] munmap(0x7f8363000000, 138412032) = 0 [pid 6134] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6134] close(3) = 0 [pid 6134] close(4) = 0 [pid 6134] mkdir("./bus", 0777) = 0 [ 178.475134][ T6134] loop1: detected capacity change from 0 to 40427 [ 178.525507][ T6134] F2FS-fs (loop1): invalid crc value [pid 6134] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6134] <... mount resumed>) = 0 [pid 6134] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6134] chdir("./bus") = 0 [pid 6134] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6134] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6133] <... futex resumed>) = 0 [pid 6133] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6134] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [ 178.731423][ T6134] F2FS-fs (loop1): Start checkpoint disabled! [ 178.756616][ T6134] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6133] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... openat resumed>) = 4 [pid 6134] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] <... futex resumed>) = 0 [pid 6133] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6133] <... futex resumed>) = 0 [pid 6133] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6134] <... openat resumed>) = 5 [pid 6134] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] <... futex resumed>) = 0 [pid 6134] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6133] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6133] <... futex resumed>) = 0 [pid 6133] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6133] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6133] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6133] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 178.838094][ T3494] kworker/u8:6: attempt to access beyond end of device [ 178.838094][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 178.856517][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 178.856550][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.856567][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 178.856603][ T3494] Call Trace: [ 178.856612][ T3494] [ 178.856623][ T3494] dump_stack_lvl+0x189/0x250 [ 178.856661][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.856693][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 178.856713][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 178.856741][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 178.856782][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 178.856823][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 178.856885][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 178.856925][ T3494] __submit_merged_write_cond+0x255/0x530 [ 178.856965][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 178.856998][ T3494] ? __lock_acquire+0xaac/0xd20 [ 178.857073][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 178.857127][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 178.857198][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 178.857249][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 178.857283][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 178.857321][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 178.857358][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 178.857402][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 178.857436][ T3494] do_writepages+0x3ae/0x7b0 [ 178.857478][ T3494] ? __lock_acquire+0xaac/0xd20 [ 178.857519][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 178.857571][ T3494] __writeback_single_inode+0x145/0xff0 [ 178.857602][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 178.857635][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 178.857703][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 178.857790][ T3494] ? rcu_is_watching+0x15/0xb0 [ 178.857838][ T3494] wb_writeback+0x43b/0xaf0 [ 178.857886][ T3494] ? queue_io+0x3a1/0x590 [ 178.857921][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 178.857963][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 178.857996][ T3494] wb_workfn+0x409/0xef0 [ 178.858043][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 178.858066][ T3494] ? register_lock_class+0x51/0x320 [ 178.858105][ T3494] ? __lock_acquire+0xaac/0xd20 [ 178.858149][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 178.858193][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 178.858216][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 178.858250][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 178.858287][ T3494] process_scheduled_works+0xadb/0x17a0 [ 178.858363][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 178.858424][ T3494] worker_thread+0x8a0/0xda0 [ 178.858483][ T3494] kthread+0x70e/0x8a0 [ 178.858514][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 178.858535][ T3494] ? __pfx_kthread+0x10/0x10 [ 178.858563][ T3494] ? __pfx_kthread+0x10/0x10 [pid 6133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6139]}, 88) = 6139 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6139 attached ) = -1 ETIMEDOUT (Connection timed out) [pid 6133] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6133] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6133] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6133] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6133] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6140]}, 88) = 6140 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6140 attached [pid 6140] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6140] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 178.858589][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 178.858614][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.858643][ T3494] ? __pfx_kthread+0x10/0x10 [ 178.858669][ T3494] ret_from_fork+0x4b/0x80 [ 178.858690][ T3494] ? __pfx_kthread+0x10/0x10 [ 178.858716][ T3494] ret_from_fork_asm+0x1a/0x30 [ 178.858773][ T3494] [ 178.858783][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6140] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6133] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6133] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6139] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6139] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6139] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6139] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6136] <... write resumed>) = 20699119 [ 179.416839][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 179.416875][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.416892][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 179.416928][ T3494] Call Trace: [ 179.416937][ T3494] [ 179.416948][ T3494] dump_stack_lvl+0x189/0x250 [ 179.416985][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.417016][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 179.417037][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 179.417063][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 179.417101][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 179.417140][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 179.417192][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 179.417229][ T3494] __submit_merged_write_cond+0x255/0x530 [ 179.417267][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 179.417298][ T3494] ? __lock_acquire+0xaac/0xd20 [ 179.417365][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6136] munmap(0x7f8363000000, 138412032 [pid 6133] exit_group(0) = ? [pid 6136] <... munmap resumed>) = 0 [ 179.417418][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 179.417480][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 179.417525][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 179.417558][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 179.417594][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 179.417635][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 179.417676][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 179.417710][ T3494] do_writepages+0x3ae/0x7b0 [ 179.417749][ T3494] ? __lock_acquire+0xaac/0xd20 [ 179.417787][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 179.417834][ T3494] __writeback_single_inode+0x145/0xff0 [ 179.417864][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 179.417895][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 179.417955][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 179.418032][ T3494] ? rcu_is_watching+0x15/0xb0 [ 179.418076][ T3494] wb_writeback+0x43b/0xaf0 [ 179.418115][ T3494] ? queue_io+0x3a1/0x590 [ 179.418147][ T3494] ? __pfx_wb_writeback+0x10/0x10 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 179.418187][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 179.418218][ T3494] wb_workfn+0x409/0xef0 [ 179.418259][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 179.418281][ T3494] ? register_lock_class+0x51/0x320 [ 179.418318][ T3494] ? __lock_acquire+0xaac/0xd20 [ 179.418359][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 179.418401][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 179.418425][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 179.418457][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 179.418494][ T3494] process_scheduled_works+0xadb/0x17a0 [ 179.418560][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 179.418622][ T3494] worker_thread+0x8a0/0xda0 [ 179.418673][ T3494] kthread+0x70e/0x8a0 [ 179.418702][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 179.418723][ T3494] ? __pfx_kthread+0x10/0x10 [ 179.418750][ T3494] ? __pfx_kthread+0x10/0x10 [ 179.418775][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 179.418799][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.418827][ T3494] ? __pfx_kthread+0x10/0x10 [ 179.418852][ T3494] ret_from_fork+0x4b/0x80 [pid 6136] ioctl(4, LOOP_SET_FD, 3 [pid 6139] <... futex resumed>) = ? [pid 6139] +++ exited with 0 +++ [ 179.418873][ T3494] ? __pfx_kthread+0x10/0x10 [ 179.418898][ T3494] ret_from_fork_asm+0x1a/0x30 [ 179.418950][ T3494] [ 179.423325][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 179.579521][ T6136] loop0: detected capacity change from 0 to 40427 [pid 6140] <... ioctl resumed>) = ? [pid 6134] <... ioctl resumed>) = ? [pid 6134] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ [pid 6133] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6133, si_uid=0, si_status=0, si_utime=15 /* 0.15 s */, si_stime=31 /* 0.31 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./23/binderfs") = 0 [ 179.796653][ T6134] VFS:Filesystem freeze failed [pid 5824] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6136] <... ioctl resumed>) = 0 [pid 6136] close(3) = 0 [pid 6136] close(4) = 0 [pid 6136] mkdir("./bus", 0777) = 0 [ 179.973892][ T6136] F2FS-fs (loop0): invalid crc value [pid 6136] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./23/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./23") = 0 [pid 5824] mkdir("./24", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6136] <... mount resumed>) = 0 [pid 6136] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] chdir("./bus") = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6136] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6135] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... openat resumed>) = 4 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] <... futex resumed>) = 0 [pid 6135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6136] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6135] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... openat resumed>) = 5 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] <... futex resumed>) = 0 [ 180.211759][ T6136] F2FS-fs (loop0): Start checkpoint disabled! [ 180.228218][ T6136] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6135] <... futex resumed>) = 1 [pid 6136] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6135] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 180.286728][ T3494] kworker/u8:6: attempt to access beyond end of device [ 180.286728][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6135] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6135] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6143]}, 88) = 6143 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 180.329068][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 180.329102][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.329119][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 180.329153][ T3494] Call Trace: [ 180.329162][ T3494] [ 180.329172][ T3494] dump_stack_lvl+0x189/0x250 [ 180.329207][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6135] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6135] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6135] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6144]}, 88) = 6144 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6135] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6144 attached [ 180.329238][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 180.329256][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 180.329282][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 180.329319][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 180.329360][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 180.329411][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 180.329449][ T3494] __submit_merged_write_cond+0x255/0x530 [ 180.329490][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 180.329570][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6144] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6144] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6135] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 180.329666][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.329709][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.329779][ T3494] ? rcu_read_lock_sched_held+0x89/0x100 [ 180.329815][ T3494] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 180.329871][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 180.329906][ T3494] do_writepages+0x3ae/0x7b0 [ 180.329950][ T3494] ? __switch_to+0xd70/0x1600 [ 180.329993][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 180.330045][ T3494] __writeback_single_inode+0x145/0xff0 [pid 6135] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 180.330076][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 180.330109][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 180.330176][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 180.330264][ T3494] ? rcu_is_watching+0x15/0xb0 [ 180.330311][ T3494] wb_writeback+0x43b/0xaf0 [ 180.330353][ T3494] ? queue_io+0x3a1/0x590 [ 180.330388][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 180.330435][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.330468][ T3494] wb_workfn+0x409/0xef0 [ 180.330515][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 180.330537][ T3494] ? register_lock_class+0x51/0x320 [ 180.330576][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.330620][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.330664][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.330688][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.330721][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.330765][ T3494] process_scheduled_works+0xadb/0x17a0 [ 180.330847][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 180.330907][ T3494] worker_thread+0x8a0/0xda0 [ 180.330967][ T3494] kthread+0x70e/0x8a0 [ 180.330998][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 180.331019][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.331048][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.331073][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.331098][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.331127][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.331152][ T3494] ret_from_fork+0x4b/0x80 [ 180.331173][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.331199][ T3494] ret_from_fork_asm+0x1a/0x30 [ 180.331256][ T3494] ./strace-static-x86_64: Process 6143 attached [pid 6143] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 180.331835][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 180.635958][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 180.635989][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 180.636005][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 180.636037][ T3494] Call Trace: [ 180.636046][ T3494] [ 180.636056][ T3494] dump_stack_lvl+0x189/0x250 [ 180.636093][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.636122][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 180.636141][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 180.636167][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 180.636205][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 180.636247][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 180.636304][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 180.636342][ T3494] __submit_merged_write_cond+0x255/0x530 [ 180.636383][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 180.636468][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 180.636570][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.636611][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.636668][ T3494] ? rcu_read_lock_sched_held+0x89/0x100 [ 180.636701][ T3494] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 180.636802][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 180.636837][ T3494] do_writepages+0x3ae/0x7b0 [ 180.636881][ T3494] ? __switch_to+0xd70/0x1600 [ 180.636923][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 180.636975][ T3494] __writeback_single_inode+0x145/0xff0 [ 180.637007][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 180.637040][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 180.637106][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 180.637196][ T3494] ? rcu_is_watching+0x15/0xb0 [ 180.637244][ T3494] wb_writeback+0x43b/0xaf0 [ 180.637286][ T3494] ? queue_io+0x3a1/0x590 [ 180.637321][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 180.637365][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.637398][ T3494] wb_workfn+0x409/0xef0 [ 180.637446][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 180.637470][ T3494] ? register_lock_class+0x51/0x320 [ 180.637510][ T3494] ? __lock_acquire+0xaac/0xd20 [ 180.637556][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.637601][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.637624][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.637658][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 180.637696][ T3494] process_scheduled_works+0xadb/0x17a0 [ 180.637778][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 180.637837][ T3494] worker_thread+0x8a0/0xda0 [ 180.637897][ T3494] kthread+0x70e/0x8a0 [ 180.637929][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 180.637950][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.637978][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.638003][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.638028][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.638057][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.638082][ T3494] ret_from_fork+0x4b/0x80 [ 180.638103][ T3494] ? __pfx_kthread+0x10/0x10 [ 180.638129][ T3494] ret_from_fork_asm+0x1a/0x30 [ 180.638187][ T3494] [pid 6143] set_robust_list(0x7f836b53e9a0, 24 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6143] <... set_robust_list resumed>) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6145 ./strace-static-x86_64: Process 6145 attached [ 181.119128][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] set_robust_list(0x55558e3aa6a0, 24 [pid 6143] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6145] <... set_robust_list resumed>) = 0 [pid 6143] <... ioctl resumed>, 0x200000000180) = -1 EIO (Input/output error) [pid 6143] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] chdir("./24" [pid 6143] <... futex resumed>) = 0 [pid 6145] <... chdir resumed>) = 0 [pid 6143] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6136] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6145] setpgid(0, 0 [pid 6136] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6136] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... setpgid resumed>) = 0 [pid 6144] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6144] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... openat resumed>) = 3 [pid 6135] exit_group(0 [pid 6145] write(3, "1000", 4) = 4 [pid 6135] <... exit_group resumed>) = ? [pid 6145] close(3 [pid 6144] <... futex resumed>) = ? [pid 6143] <... futex resumed>) = ? [pid 6136] <... futex resumed>) = ? [pid 6143] +++ exited with 0 +++ [pid 6136] +++ exited with 0 +++ [pid 6144] +++ exited with 0 +++ [pid 6145] <... close resumed>) = 0 [pid 6135] +++ exited with 0 +++ [pid 6145] symlink("/dev/binderfs", "./binderfs" [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6135, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=55 /* 0.55 s */} --- [pid 5823] umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6145] <... symlink resumed>) = 0 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6145] write(1, "executing program\n", 18executing program [pid 5823] openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6145] <... write resumed>) = 18 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6145] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] getdents64(3, [pid 6145] <... futex resumed>) = 0 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 6145] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 5823] umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5823] newfstatat(AT_FDCWD, "./23/binderfs", [pid 6145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6145] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE [pid 5823] unlink("./23/binderfs" [pid 6145] <... mprotect resumed>) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5823] <... unlink resumed>) = 0 [pid 6145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5823] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6146 attached => {parent_tid=[6146]}, 88) = 6146 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6146] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6146] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6146] memfd_create("syzkaller", 0) = 3 [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 181.238466][ T6136] VFS:Filesystem freeze failed [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./23/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 6146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] rmdir("./23") = 0 [pid 5823] mkdir("./24", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6146] <... write resumed>) = 20699119 [pid 6146] munmap(0x7f8363000000, 138412032) = 0 [pid 5823] <... close resumed>) = 0 [pid 6146] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6146] close(3./strace-static-x86_64: Process 6147 attached ) = 0 [pid 6147] set_robust_list(0x55558e3aa6a0, 24 [pid 6146] close(4 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6147 [pid 6147] <... set_robust_list resumed>) = 0 [pid 6146] <... close resumed>) = 0 [pid 6146] mkdir("./bus", 0777 [pid 6147] chdir("./24" [pid 6146] <... mkdir resumed>) = 0 [pid 6147] <... chdir resumed>) = 0 [pid 6146] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 182.186495][ T6146] loop1: detected capacity change from 0 to 40427 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6147] write(1, "executing program\n", 18) = 18 [pid 6147] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6147] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6149 attached => {parent_tid=[6149]}, 88) = 6149 [pid 6149] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6149] <... rseq resumed>) = 0 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] set_robust_list(0x7f836b55f9a0, 24 [pid 6147] <... futex resumed>) = 0 [pid 6149] <... set_robust_list resumed>) = 0 [pid 6147] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 182.237033][ T6146] F2FS-fs (loop1): invalid crc value [pid 6149] memfd_create("syzkaller", 0) = 3 [pid 6149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6146] <... mount resumed>) = 0 [pid 6146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6146] chdir("./bus") = 0 [ 182.463793][ T6146] F2FS-fs (loop1): Start checkpoint disabled! [ 182.493054][ T6146] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6146] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6146] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 6146] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 6146] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6146] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 6146] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6145] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] <... futex resumed>) = 0 [pid 6145] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6145] <... futex resumed>) = 0 [pid 6145] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 182.586021][ T3494] kworker/u8:6: attempt to access beyond end of device [ 182.586021][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 182.636547][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 182.636580][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.636597][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 182.636631][ T3494] Call Trace: [ 182.636641][ T3494] [ 182.636650][ T3494] dump_stack_lvl+0x189/0x250 [ 182.636686][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.636716][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 182.636735][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 182.636761][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 182.636797][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 182.636835][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 182.636884][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 182.636920][ T3494] __submit_merged_write_cond+0x255/0x530 [ 182.636957][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 182.636988][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.637052][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6145] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6145] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6151]}, 88) = 6151 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6145] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6145] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6152 attached => {parent_tid=[6152]}, 88) = 6152 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6152] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6152] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6152] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 182.637102][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 182.637163][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 182.637207][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 182.637239][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 182.637273][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 182.637307][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 182.637356][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 182.637388][ T3494] do_writepages+0x3ae/0x7b0 [ 182.637426][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.637461][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 182.637507][ T3494] __writeback_single_inode+0x145/0xff0 [ 182.637535][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 182.637564][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 182.637622][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 182.637697][ T3494] ? rcu_is_watching+0x15/0xb0 [ 182.637739][ T3494] wb_writeback+0x43b/0xaf0 [ 182.637777][ T3494] ? queue_io+0x3a1/0x590 [ 182.637808][ T3494] ? __pfx_wb_writeback+0x10/0x10 ./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6151] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6151] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6151] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 182.637846][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.637876][ T3494] wb_workfn+0x409/0xef0 [ 182.637916][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 182.637937][ T3494] ? register_lock_class+0x51/0x320 [ 182.637972][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.638011][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.638052][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.638074][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.638106][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.638142][ T3494] process_scheduled_works+0xadb/0x17a0 [ 182.638207][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 182.638260][ T3494] worker_thread+0x8a0/0xda0 [ 182.638309][ T3494] kthread+0x70e/0x8a0 [ 182.638344][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 182.638364][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.638390][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.638414][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.638437][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.638464][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.638488][ T3494] ret_from_fork+0x4b/0x80 [pid 6151] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] exit_group(0 [pid 6151] <... futex resumed>) = ? [pid 6145] <... exit_group resumed>) = ? [pid 6151] +++ exited with 0 +++ [ 182.638508][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.638532][ T3494] ret_from_fork_asm+0x1a/0x30 [ 182.638582][ T3494] [ 182.639234][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 182.960412][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 182.960462][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.960479][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 182.960514][ T3494] Call Trace: [ 182.960524][ T3494] [ 182.960535][ T3494] dump_stack_lvl+0x189/0x250 [ 182.960580][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.960612][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 182.960632][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 182.960660][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 182.960701][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 182.960743][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 182.960799][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 182.960838][ T3494] __submit_merged_write_cond+0x255/0x530 [ 182.960879][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 182.960911][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.960986][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 182.961040][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 182.961112][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 182.961163][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 182.961197][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 182.961235][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 182.961272][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 182.961316][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 182.961352][ T3494] do_writepages+0x3ae/0x7b0 [ 182.961394][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.961434][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 182.961487][ T3494] __writeback_single_inode+0x145/0xff0 [ 182.961518][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 182.961550][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 182.961634][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 182.961720][ T3494] ? rcu_is_watching+0x15/0xb0 [ 182.961765][ T3494] wb_writeback+0x43b/0xaf0 [ 182.961805][ T3494] ? queue_io+0x3a1/0x590 [ 182.961838][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 182.961880][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.961911][ T3494] wb_workfn+0x409/0xef0 [ 182.961956][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 182.961977][ T3494] ? register_lock_class+0x51/0x320 [ 182.962015][ T3494] ? __lock_acquire+0xaac/0xd20 [ 182.962056][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.962099][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.962122][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.962154][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 182.962191][ T3494] process_scheduled_works+0xadb/0x17a0 [ 182.962264][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 182.962320][ T3494] worker_thread+0x8a0/0xda0 [ 182.962374][ T3494] kthread+0x70e/0x8a0 [ 182.962404][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 182.962425][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.962452][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.962477][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.962500][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.962528][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.962552][ T3494] ret_from_fork+0x4b/0x80 [ 182.962578][ T3494] ? __pfx_kthread+0x10/0x10 [ 182.962604][ T3494] ret_from_fork_asm+0x1a/0x30 [ 182.962658][ T3494] [ 182.962668][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6149] <... write resumed>) = 20699119 [pid 6149] munmap(0x7f8363000000, 138412032) = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6149] ioctl(4, LOOP_SET_FD, 3 [pid 6152] <... ioctl resumed>) = ? [pid 6146] <... ioctl resumed>) = ? [pid 6152] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ [pid 6145] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./24/binderfs" [pid 6149] <... ioctl resumed>) = 0 [pid 6149] close(3) = 0 [pid 6149] close(4) = 0 [pid 6149] mkdir("./bus", 0777) = 0 [pid 6149] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... unlink resumed>) = 0 [ 183.354449][ T6146] VFS:Filesystem freeze failed [ 183.360193][ T6149] loop0: detected capacity change from 0 to 40427 [ 183.418833][ T6149] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6149] <... mount resumed>) = 0 [pid 6149] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6149] chdir("./bus") = 0 [pid 6149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6149] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6149] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6149] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6147] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] <... openat resumed>) = 4 [pid 6149] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6147] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6149] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [ 183.616842][ T6149] F2FS-fs (loop0): Start checkpoint disabled! [ 183.646572][ T6149] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6149] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6147] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 183.694519][ T3494] kworker/u8:6: attempt to access beyond end of device [ 183.694519][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 183.726542][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 183.726576][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.726593][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 183.726627][ T3494] Call Trace: [ 183.726636][ T3494] [ 183.726646][ T3494] dump_stack_lvl+0x189/0x250 [ 183.726683][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.726714][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 183.726734][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 183.726760][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6147] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6147] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6155]}, 88) = 6155 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6147] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6147] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6147] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6156 attached [pid 6156] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6147] <... clone3 resumed> => {parent_tid=[6156]}, 88) = 6156 [pid 6156] <... rseq resumed>) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] set_robust_list(0x7f836b51d9a0, 24 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] <... set_robust_list resumed>) = 0 [pid 6147] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] <... futex resumed>) = 0 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 183.726801][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 183.726842][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 183.726895][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 183.726933][ T3494] __submit_merged_write_cond+0x255/0x530 [ 183.726973][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 183.727003][ T3494] ? __lock_acquire+0xaac/0xd20 [ 183.727076][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 183.727128][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 183.727197][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [pid 6156] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6147] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 183.727246][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 183.727279][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 183.727322][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 183.727359][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 183.727401][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 183.727434][ T3494] do_writepages+0x3ae/0x7b0 [ 183.727475][ T3494] ? __lock_acquire+0xaac/0xd20 [ 183.727513][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 183.727564][ T3494] __writeback_single_inode+0x145/0xff0 [ 183.727594][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 183.727625][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 183.727690][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 183.727775][ T3494] ? rcu_is_watching+0x15/0xb0 [ 183.727820][ T3494] wb_writeback+0x43b/0xaf0 [ 183.727861][ T3494] ? queue_io+0x3a1/0x590 [ 183.727895][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 183.727936][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.727968][ T3494] wb_workfn+0x409/0xef0 [ 183.728013][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 183.728034][ T3494] ? register_lock_class+0x51/0x320 [ 183.728072][ T3494] ? __lock_acquire+0xaac/0xd20 [ 183.728115][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 183.728157][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.728181][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 183.728212][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 183.728249][ T3494] process_scheduled_works+0xadb/0x17a0 [ 183.728328][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 183.728386][ T3494] worker_thread+0x8a0/0xda0 [ 183.728443][ T3494] kthread+0x70e/0x8a0 ./strace-static-x86_64: Process 6155 attached [ 183.728474][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 183.728494][ T3494] ? __pfx_kthread+0x10/0x10 [ 183.728521][ T3494] ? __pfx_kthread+0x10/0x10 [ 183.728545][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 183.728569][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.728597][ T3494] ? __pfx_kthread+0x10/0x10 [ 183.728621][ T3494] ret_from_fork+0x4b/0x80 [ 183.728642][ T3494] ? __pfx_kthread+0x10/0x10 [ 183.728667][ T3494] ret_from_fork_asm+0x1a/0x30 [ 183.728722][ T3494] [ 183.728731][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6155] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6147] exit_group(0) = ? [ 184.046975][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 184.047006][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.047020][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 184.047054][ T3494] Call Trace: [ 184.047063][ T3494] [ 184.047073][ T3494] dump_stack_lvl+0x189/0x250 [ 184.047110][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.047138][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 184.047156][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 184.047181][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 184.047221][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 184.047260][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 184.047323][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 184.047361][ T3494] __submit_merged_write_cond+0x255/0x530 [ 184.047399][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 184.047429][ T3494] ? __lock_acquire+0xaac/0xd20 [ 184.047501][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 184.047551][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 184.047619][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 184.047668][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 184.047702][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 184.047739][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 184.047774][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 184.047814][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 184.047847][ T3494] do_writepages+0x3ae/0x7b0 [ 184.047887][ T3494] ? __lock_acquire+0xaac/0xd20 [ 184.047925][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 184.047974][ T3494] __writeback_single_inode+0x145/0xff0 [ 184.048004][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 184.048035][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 184.048099][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 184.048181][ T3494] ? rcu_is_watching+0x15/0xb0 [ 184.048227][ T3494] wb_writeback+0x43b/0xaf0 [ 184.048278][ T3494] ? queue_io+0x3a1/0x590 [ 184.048312][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 184.048354][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 184.048386][ T3494] wb_workfn+0x409/0xef0 [ 184.048432][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 184.048453][ T3494] ? register_lock_class+0x51/0x320 [ 184.048491][ T3494] ? __lock_acquire+0xaac/0xd20 [ 184.048534][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 184.048577][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 184.048600][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 184.048632][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 184.048669][ T3494] process_scheduled_works+0xadb/0x17a0 [ 184.048743][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 184.048801][ T3494] worker_thread+0x8a0/0xda0 [ 184.048857][ T3494] kthread+0x70e/0x8a0 [ 184.048889][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 184.048910][ T3494] ? __pfx_kthread+0x10/0x10 [ 184.048938][ T3494] ? __pfx_kthread+0x10/0x10 [ 184.048963][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 184.048987][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.049015][ T3494] ? __pfx_kthread+0x10/0x10 [ 184.049040][ T3494] ret_from_fork+0x4b/0x80 [pid 6155] <... rseq resumed>) = ? [pid 6155] +++ exited with 0 +++ [pid 6149] <... ioctl resumed>) = ? [pid 6156] <... ioctl resumed>) = ? [pid 6149] +++ exited with 0 +++ [pid 6156] +++ exited with 0 +++ [pid 6147] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6147, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=34 /* 0.34 s */} --- [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./24/bus", [pid 5823] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] <... openat resumed>) = 3 [pid 5824] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5823] newfstatat(3, "", [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5823] getdents64(3, [pid 5824] <... openat resumed>) = 4 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] newfstatat(4, "", [pid 5823] umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] getdents64(4, [pid 5823] newfstatat(AT_FDCWD, "./24/binderfs", [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] getdents64(4, [pid 5823] unlink("./24/binderfs" [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] <... unlink resumed>) = 0 [ 184.049061][ T3494] ? __pfx_kthread+0x10/0x10 [ 184.049086][ T3494] ret_from_fork_asm+0x1a/0x30 [ 184.049142][ T3494] [ 184.049152][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 184.368629][ T6149] VFS:Filesystem freeze failed [pid 5824] close(4 [pid 5823] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] rmdir("./24/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./24") = 0 [pid 5824] mkdir("./25", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3) = 0 [pid 5823] <... umount2 resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6157 attached ) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./24/bus", [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6157 [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6157] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6157] <... set_robust_list resumed>) = 0 [pid 5823] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6157] chdir("./25" [pid 5823] <... openat resumed>) = 4 [pid 6157] <... chdir resumed>) = 0 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 6157] setpgid(0, 0 [pid 5823] getdents64(4, [pid 6157] <... setpgid resumed>) = 0 [pid 5823] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 6157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5823] rmdir("./24/bus" [pid 6157] <... openat resumed>) = 3 [pid 5823] <... rmdir resumed>) = 0 [pid 6157] write(3, "1000", 4 [pid 5823] getdents64(3, [pid 6157] <... write resumed>) = 4 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 6157] close(3 [pid 5823] close(3 [pid 6157] <... close resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 6157] symlink("/dev/binderfs", "./binderfs" [pid 5823] rmdir("./24" [pid 6157] <... symlink resumed>) = 0 [pid 5823] <... rmdir resumed>) = 0 [pid 5823] mkdir("./25", 0777) = 0 [pid 6157] write(1, "executing program\n", 18 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 6157] <... write resumed>) = 18 [pid 5823] <... openat resumed>) = 3 [pid 6157] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 6157] <... futex resumed>) = 0 [pid 5823] close(3 [pid 6157] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6157] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6158 attached [pid 6158] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6157] <... clone3 resumed> => {parent_tid=[6158]}, 88) = 6158 [pid 6158] <... rseq resumed>) = 0 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] set_robust_list(0x7f836b55f9a0, 24 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6157] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] <... futex resumed>) = 0 [pid 6158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6158] memfd_create("syzkaller", 0) = 3 [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6159 ./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6159] chdir("./25") = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6159] write(1, "executing program\n", 18) = 18 [pid 6159] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6159] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6160 attached => {parent_tid=[6160]}, 88) = 6160 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6160] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6158] <... write resumed>) = 20699119 [pid 6158] munmap(0x7f8363000000, 138412032) = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6158] close(3) = 0 [pid 6158] close(4) = 0 [pid 6158] mkdir("./bus", 0777) = 0 [ 185.877907][ T6158] loop1: detected capacity change from 0 to 40427 [ 185.935116][ T6158] F2FS-fs (loop1): invalid crc value [pid 6158] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./bus") = 0 [pid 6158] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6158] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] <... futex resumed>) = 0 [pid 6158] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6157] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... openat resumed>) = 4 [pid 6158] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] <... futex resumed>) = 0 [pid 6158] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6157] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... openat resumed>) = 5 [pid 6158] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6158] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6157] <... futex resumed>) = 0 [pid 6158] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 186.141476][ T6158] F2FS-fs (loop1): Start checkpoint disabled! [ 186.176837][ T6158] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 186.217168][ T6132] kworker/u8:8: attempt to access beyond end of device [ 186.217168][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 186.263709][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 186.263743][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 186.263760][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 186.263795][ T6132] Call Trace: [ 186.263805][ T6132] [ 186.263816][ T6132] dump_stack_lvl+0x189/0x250 [ 186.263855][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.263887][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 186.263905][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 186.263931][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 186.263968][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 186.264011][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 186.264067][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 186.264106][ T6132] __submit_merged_write_cond+0x255/0x530 [ 186.264156][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 186.264187][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.264263][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6157] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] <... write resumed>) = 20699119 [pid 6160] munmap(0x7f8363000000, 138412032) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3 [pid 6157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 186.264317][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 186.264422][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.264469][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 186.264512][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 186.264547][ T6132] do_writepages+0x3ae/0x7b0 [ 186.264590][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.264630][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 186.264683][ T6132] __writeback_single_inode+0x145/0xff0 [ 186.264714][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 186.264746][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 186.264812][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 186.264899][ T6132] ? rcu_is_watching+0x15/0xb0 [ 186.264968][ T6132] wb_writeback+0x43b/0xaf0 [ 186.265010][ T6132] ? queue_io+0x3a1/0x590 [ 186.265044][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 186.265087][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.265127][ T6132] wb_workfn+0x409/0xef0 [ 186.265174][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 186.265197][ T6132] ? register_lock_class+0x51/0x320 [ 186.265236][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.265280][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.265324][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.265347][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.265381][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.265419][ T6132] process_scheduled_works+0xadb/0x17a0 [ 186.265495][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 186.265555][ T6132] worker_thread+0x8a0/0xda0 [ 186.265582][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 186.265620][ T6132] ? __kthread_parkme+0x7b/0x200 [ 186.265658][ T6132] kthread+0x70e/0x8a0 [ 186.265689][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 186.265710][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.265739][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.265764][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.265789][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 186.265818][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.265844][ T6132] ret_from_fork+0x4b/0x80 [ 186.265865][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.265891][ T6132] ret_from_fork_asm+0x1a/0x30 [ 186.265948][ T6132] [ 186.265958][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 186.299134][ T6160] loop0: detected capacity change from 0 to 40427 [ 186.356585][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 186.356618][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 186.356635][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 186.356672][ T6132] Call Trace: [ 186.356684][ T6132] [ 186.356694][ T6132] dump_stack_lvl+0x189/0x250 [ 186.356735][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.356769][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 186.356788][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 186.356817][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 186.356860][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 186.356902][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 186.356959][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 186.356999][ T6132] __submit_merged_write_cond+0x255/0x530 [pid 6160] <... ioctl resumed>) = 0 [pid 6157] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6157] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6163]}, 88) = 6163 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6157] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6163 attached [pid 6163] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6163] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6163] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6163] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6157] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6157] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6160] close(3) = 0 [pid 6160] close(4) = 0 [pid 6160] mkdir("./bus", 0777) = 0 [ 186.357041][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 186.357073][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.357157][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 186.357212][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 186.357318][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.357365][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 186.357409][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 186.357445][ T6132] do_writepages+0x3ae/0x7b0 [ 186.357489][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.357530][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 186.357583][ T6132] __writeback_single_inode+0x145/0xff0 [ 186.357614][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 186.357648][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 186.357717][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 186.357806][ T6132] ? rcu_is_watching+0x15/0xb0 [ 186.357855][ T6132] wb_writeback+0x43b/0xaf0 [ 186.357897][ T6132] ? queue_io+0x3a1/0x590 [ 186.357932][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 186.357976][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.358009][ T6132] wb_workfn+0x409/0xef0 [ 186.358057][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 186.358081][ T6132] ? register_lock_class+0x51/0x320 [ 186.358131][ T6132] ? __lock_acquire+0xaac/0xd20 [ 186.358194][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.358240][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.358265][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.358299][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 186.358340][ T6132] process_scheduled_works+0xadb/0x17a0 [ 186.358419][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 186.358482][ T6132] worker_thread+0x8a0/0xda0 [ 186.358510][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 186.358551][ T6132] ? __kthread_parkme+0x7b/0x200 [ 186.358590][ T6132] kthread+0x70e/0x8a0 [ 186.358623][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 186.358646][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.358676][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.358703][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 186.358741][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6160] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6163] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6158] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6163] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6157] exit_group(0) = ? [pid 6163] <... futex resumed>) = ? [pid 6158] <... futex resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6158] +++ exited with 0 +++ [pid 6157] +++ exited with 0 +++ [ 186.358789][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.358815][ T6132] ret_from_fork+0x4b/0x80 [ 186.358838][ T6132] ? __pfx_kthread+0x10/0x10 [ 186.358866][ T6132] ret_from_fork_asm+0x1a/0x30 [ 186.358925][ T6132] [ 186.358935][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 186.673809][ T6160] F2FS-fs (loop0): invalid crc value [ 186.900957][ T6158] VFS:Filesystem freeze failed [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6157, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./25/binderfs") = 0 [pid 5824] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6160] <... mount resumed>) = 0 [pid 6160] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 187.072974][ T6160] F2FS-fs (loop0): Start checkpoint disabled! [ 187.101410][ T6160] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6160] chdir("./bus") = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6160] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6160] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6160] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6159] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6159] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6159] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6166]}, 88) = 6166 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6166 attached [pid 6166] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6166] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 187.196852][ T6132] kworker/u8:8: attempt to access beyond end of device [ 187.196852][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6166] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6159] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6159] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6159] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6167]}, 88) = 6167 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 187.240311][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 187.240347][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.240364][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 187.240404][ T6132] Call Trace: [ 187.240415][ T6132] [ 187.240425][ T6132] dump_stack_lvl+0x189/0x250 [ 187.240464][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.240496][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 6159] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6167 attached [pid 6167] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6167] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6167] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6159] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 187.240516][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 187.240544][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 187.240585][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 187.240647][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 187.240719][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 187.240759][ T6132] __submit_merged_write_cond+0x255/0x530 [ 187.240800][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 187.240832][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.240909][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 187.240961][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 187.241042][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 187.241093][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 187.241127][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 187.241166][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 187.241203][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 187.241246][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 187.241281][ T6132] do_writepages+0x3ae/0x7b0 [ 187.241324][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.241364][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 187.241417][ T6132] __writeback_single_inode+0x145/0xff0 [ 187.241448][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 187.241481][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 187.241548][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 187.241636][ T6132] ? rcu_is_watching+0x15/0xb0 [ 187.241683][ T6132] wb_writeback+0x43b/0xaf0 [ 187.241724][ T6132] ? queue_io+0x3a1/0x590 [ 187.241759][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 187.241801][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.241834][ T6132] wb_workfn+0x409/0xef0 [ 187.241881][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 187.241904][ T6132] ? register_lock_class+0x51/0x320 [ 187.241943][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.241994][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.242037][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.242061][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.242094][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.242132][ T6132] process_scheduled_works+0xadb/0x17a0 [pid 6159] exit_group(0) = ? [ 187.242208][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 187.242268][ T6132] worker_thread+0x8a0/0xda0 [ 187.242294][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 187.242332][ T6132] ? __kthread_parkme+0x7b/0x200 [ 187.242370][ T6132] kthread+0x70e/0x8a0 [ 187.242401][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 187.242422][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.242450][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.242475][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.242500][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 187.242529][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.242554][ T6132] ret_from_fork+0x4b/0x80 [ 187.242576][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.242602][ T6132] ret_from_fork_asm+0x1a/0x30 [ 187.242659][ T6132] [ 187.242669][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 187.646534][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 187.646568][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.646584][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 187.646618][ T6132] Call Trace: [ 187.646627][ T6132] [ 187.646638][ T6132] dump_stack_lvl+0x189/0x250 [ 187.646674][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.646704][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 187.646723][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 187.646750][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 187.646786][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 187.646824][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 187.646873][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 187.646909][ T6132] __submit_merged_write_cond+0x255/0x530 [ 187.646945][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 187.646976][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.647040][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 187.647086][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 187.647147][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 187.647202][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 187.647234][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 187.647268][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 187.647302][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 187.647341][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 187.647374][ T6132] do_writepages+0x3ae/0x7b0 [ 187.647412][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.647448][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 187.647493][ T6132] __writeback_single_inode+0x145/0xff0 [ 187.647522][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 187.647551][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 187.647608][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 187.647682][ T6132] ? rcu_is_watching+0x15/0xb0 [ 187.647723][ T6132] wb_writeback+0x43b/0xaf0 [ 187.647761][ T6132] ? queue_io+0x3a1/0x590 [ 187.647792][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 187.647829][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.647858][ T6132] wb_workfn+0x409/0xef0 [ 187.647916][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 187.647938][ T6132] ? register_lock_class+0x51/0x320 [ 187.647973][ T6132] ? __lock_acquire+0xaac/0xd20 [ 187.648013][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.648054][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.648077][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.648111][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 187.648148][ T6132] process_scheduled_works+0xadb/0x17a0 [ 187.648224][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 187.648279][ T6132] worker_thread+0x8a0/0xda0 [ 187.648303][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 187.648338][ T6132] ? __kthread_parkme+0x7b/0x200 [ 187.648372][ T6132] kthread+0x70e/0x8a0 [ 187.648401][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 187.648422][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.648449][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.648473][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 187.648497][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 187.648526][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.648550][ T6132] ret_from_fork+0x4b/0x80 [ 187.648571][ T6132] ? __pfx_kthread+0x10/0x10 [ 187.648596][ T6132] ret_from_fork_asm+0x1a/0x30 [ 187.648648][ T6132] [ 187.975990][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] <... umount2 resumed>) = 0 [pid 6166] <... ioctl resumed> ) = ? [pid 6166] +++ exited with 0 +++ [pid 6160] <... ioctl resumed>) = ? [pid 6160] +++ exited with 0 +++ [pid 5824] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4 [pid 6167] <... ioctl resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6159] +++ exited with 0 +++ [pid 5824] <... close resumed>) = 0 [pid 5824] rmdir("./25/bus") = 0 [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=65 /* 0.65 s */} --- [pid 5823] umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 188.197617][ T6160] VFS:Filesystem freeze failed [pid 5824] getdents64(3, [pid 5823] unlink("./25/binderfs" [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] <... unlink resumed>) = 0 [pid 5824] close(3 [pid 5823] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] rmdir("./25") = 0 [pid 5824] mkdir("./26", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6170 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4./strace-static-x86_64: Process 6170 attached ) = 0 [pid 5823] rmdir("./25/bus") = 0 [pid 5823] getdents64(3, [pid 6170] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3 [pid 6170] <... set_robust_list resumed>) = 0 [pid 5823] <... close resumed>) = 0 [pid 5823] rmdir("./25" [pid 6170] chdir("./26" [pid 5823] <... rmdir resumed>) = 0 [pid 6170] <... chdir resumed>) = 0 [pid 5823] mkdir("./26", 0777 [pid 6170] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5823] <... mkdir resumed>) = 0 [pid 6170] <... prctl resumed>) = 0 [pid 6170] setpgid(0, 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6170] <... setpgid resumed>) = 0 [pid 6170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6170] write(3, "1000", 4) = 4 [pid 6170] close(3) = 0 [pid 6170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6170] write(1, "executing program\n", 18executing program ) = 18 [pid 6170] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6170] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6171 attached => {parent_tid=[6171]}, 88) = 6171 [pid 6171] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6170] rt_sigprocmask(SIG_SETMASK, [], [pid 6171] <... rseq resumed>) = 0 [pid 6170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6171] set_robust_list(0x7f836b55f9a0, 24 [pid 6170] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... set_robust_list resumed>) = 0 [pid 6170] <... futex resumed>) = 0 [pid 6171] rt_sigprocmask(SIG_SETMASK, [], [pid 6170] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6171] memfd_create("syzkaller", 0) = 3 [pid 6171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6172 attached , child_tidptr=0x55558e3aa690) = 6172 [pid 6172] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6172] chdir("./26") = 0 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6172] write(3, "1000", 4) = 4 [pid 6172] close(3) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6172] write(1, "executing program\n", 18) = 18 [pid 6172] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6172] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6173]}, 88) = 6173 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6172] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6173 attached [pid 6173] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6173] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6173] memfd_create("syzkaller", 0) = 3 [pid 6173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6171] <... write resumed>) = 20699119 [pid 6171] munmap(0x7f8363000000, 138412032) = 0 [pid 6171] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6171] close(3) = 0 [pid 6171] close(4) = 0 [pid 6171] mkdir("./bus", 0777) = 0 [ 189.818550][ T6171] loop1: detected capacity change from 0 to 40427 [ 189.866604][ T6171] F2FS-fs (loop1): invalid crc value [pid 6171] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6173] <... write resumed>) = 20699119 [pid 6173] munmap(0x7f8363000000, 138412032) = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6173] ioctl(4, LOOP_SET_FD, 3 [pid 6171] <... mount resumed>) = 0 [pid 6171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6171] chdir("./bus") = 0 [pid 6171] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6171] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] <... futex resumed>) = 0 [pid 6171] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6170] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... openat resumed>) = 4 [pid 6171] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] <... futex resumed>) = 0 [pid 6171] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] <... ioctl resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6170] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] close(3 [pid 6171] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6170] <... futex resumed>) = 0 [pid 6173] <... close resumed>) = 0 [pid 6170] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] close(4) = 0 [pid 6173] mkdir("./bus", 0777) = 0 [pid 6171] <... openat resumed>) = 5 [ 190.096913][ T6171] F2FS-fs (loop1): Start checkpoint disabled! [ 190.126597][ T6171] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 190.128450][ T6173] loop0: detected capacity change from 0 to 40427 [pid 6173] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6171] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 190.181570][ T3494] kworker/u8:6: attempt to access beyond end of device [ 190.181570][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 190.196579][ T6173] F2FS-fs (loop0): invalid crc value [ 190.234471][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 190.234507][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.234523][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 190.234558][ T3494] Call Trace: [ 190.234567][ T3494] [ 190.234578][ T3494] dump_stack_lvl+0x189/0x250 [ 190.234616][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.234648][ T3494] ? __pfx_queue_work_on+0x10/0x10 [pid 6170] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6170] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6180 attached => {parent_tid=[6180]}, 88) = 6180 [pid 6170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6170] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6180] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6180] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6180] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [ 190.234668][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 190.234695][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 190.234736][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 190.234778][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 190.234843][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 190.234883][ T3494] __submit_merged_write_cond+0x255/0x530 [ 190.234921][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 190.234953][ T3494] ? __lock_acquire+0xaac/0xd20 [ 190.235026][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.235079][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 190.235151][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 190.235202][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 190.235237][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 190.235275][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 190.235312][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 190.235356][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.235391][ T3494] do_writepages+0x3ae/0x7b0 [ 190.235446][ T3494] ? __pfx_do_writepages+0x10/0x10 [pid 6180] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6170] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 190.235496][ T3494] __writeback_single_inode+0x145/0xff0 [ 190.235525][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 190.235555][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 190.235581][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.235616][ T3494] ? rcu_is_watching+0x15/0xb0 [ 190.235672][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 190.235760][ T3494] ? rcu_is_watching+0x15/0xb0 [ 190.235806][ T3494] wb_writeback+0x43b/0xaf0 [ 190.235892][ T3494] ? queue_io+0x3a1/0x590 [ 190.235927][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 190.235970][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.236003][ T3494] wb_workfn+0x409/0xef0 [ 190.236050][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 190.236071][ T3494] ? register_lock_class+0x51/0x320 [ 190.236111][ T3494] ? __lock_acquire+0xaac/0xd20 [ 190.236156][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.236199][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.236223][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.236256][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.236294][ T3494] process_scheduled_works+0xadb/0x17a0 [ 190.236371][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 190.236433][ T3494] worker_thread+0x8a0/0xda0 [ 190.236488][ T3494] kthread+0x70e/0x8a0 [ 190.236519][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 190.236538][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.236562][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.236584][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.236607][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.236634][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.236657][ T3494] ret_from_fork+0x4b/0x80 [pid 6170] exit_group(0) = ? [ 190.236678][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.236701][ T3494] ret_from_fork_asm+0x1a/0x30 [ 190.236754][ T3494] [ 190.601984][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 190.612607][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 190.612639][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.612654][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 190.612686][ T3494] Call Trace: [ 190.612696][ T3494] [ 190.612705][ T3494] dump_stack_lvl+0x189/0x250 [ 190.612743][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.612773][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 190.612800][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 190.612826][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 190.612866][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 190.612907][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 190.612961][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 190.612999][ T3494] __submit_merged_write_cond+0x255/0x530 [ 190.613039][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 190.613070][ T3494] ? __lock_acquire+0xaac/0xd20 [ 190.613142][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.613194][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 190.613264][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 190.613312][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 190.613345][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 190.613381][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 190.613417][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 190.613459][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 190.613493][ T3494] do_writepages+0x3ae/0x7b0 [ 190.613547][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 190.613598][ T3494] __writeback_single_inode+0x145/0xff0 [ 190.613628][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 190.613660][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 190.613688][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.613723][ T3494] ? rcu_is_watching+0x15/0xb0 [ 190.613778][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 190.613870][ T3494] ? rcu_is_watching+0x15/0xb0 [ 190.613925][ T3494] wb_writeback+0x43b/0xaf0 [ 190.613981][ T3494] ? queue_io+0x3a1/0x590 [ 190.614013][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 190.614054][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.614087][ T3494] wb_workfn+0x409/0xef0 [ 190.614132][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 190.614153][ T3494] ? register_lock_class+0x51/0x320 [ 190.614192][ T3494] ? __lock_acquire+0xaac/0xd20 [ 190.614233][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.614276][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.614298][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.614331][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 190.614367][ T3494] process_scheduled_works+0xadb/0x17a0 [ 190.614440][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 190.614498][ T3494] worker_thread+0x8a0/0xda0 [ 190.614556][ T3494] kthread+0x70e/0x8a0 [ 190.614586][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 190.614607][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.614635][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.614659][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.614683][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.614711][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.614735][ T3494] ret_from_fork+0x4b/0x80 [ 190.614756][ T3494] ? __pfx_kthread+0x10/0x10 [ 190.614781][ T3494] ret_from_fork_asm+0x1a/0x30 [ 190.614842][ T3494] [ 190.614852][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 190.626801][ T6173] F2FS-fs (loop0): Start checkpoint disabled! [ 190.945224][ T6173] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6180] <... ioctl resumed>) = ? [pid 6171] <... ioctl resumed>) = ? [pid 6171] +++ exited with 0 +++ [pid 6180] +++ exited with 0 +++ [pid 6170] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6170, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=32 /* 0.32 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 6173] <... mount resumed>) = 0 [pid 5824] <... restart_syscall resumed>) = 0 [pid 5824] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./26/binderfs", [pid 6173] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5824] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6173] <... openat resumed>) = 3 [pid 5824] unlink("./26/binderfs" [pid 6173] chdir("./bus" [pid 5824] <... unlink resumed>) = 0 [pid 6173] <... chdir resumed>) = 0 [ 190.956761][ T6171] VFS:Filesystem freeze failed [pid 5824] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6173] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] <... futex resumed>) = 0 [pid 6173] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6172] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] <... openat resumed>) = 4 [pid 6173] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6172] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... openat resumed>) = 5 [pid 6172] <... futex resumed>) = 0 [pid 6172] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6172] <... futex resumed>) = 0 [ 191.042177][ T36] kworker/u8:2: attempt to access beyond end of device [ 191.042177][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 191.066540][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 191.066574][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.066590][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 191.066625][ T36] Call Trace: [ 191.066635][ T36] [ 191.066645][ T36] dump_stack_lvl+0x189/0x250 [ 191.066682][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.066712][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 191.066732][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 191.066759][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.066798][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 191.066837][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 191.066888][ T36] __submit_merged_bio+0x27a/0x6a0 [ 191.066925][ T36] __submit_merged_write_cond+0x255/0x530 [ 191.066971][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 191.067003][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.067069][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 191.067118][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 191.067180][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 191.067226][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 191.067259][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 191.067295][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 191.067330][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 191.067372][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 191.067405][ T36] do_writepages+0x3ae/0x7b0 [ 191.067445][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.067487][ T36] ? __pfx_do_writepages+0x10/0x10 [ 191.067534][ T36] __writeback_single_inode+0x145/0xff0 [ 191.067576][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 191.067605][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 191.067663][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 191.067755][ T36] ? rcu_is_watching+0x15/0xb0 [ 191.067798][ T36] wb_writeback+0x43b/0xaf0 [ 191.067836][ T36] ? queue_io+0x3a1/0x590 [ 191.067868][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 191.067908][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.067938][ T36] wb_workfn+0x409/0xef0 [ 191.067985][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 191.068007][ T36] ? register_lock_class+0x51/0x320 [ 191.068044][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.068085][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.068127][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.068150][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.068183][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.068219][ T36] process_scheduled_works+0xadb/0x17a0 [ 191.068287][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 191.068342][ T36] worker_thread+0x8a0/0xda0 [ 191.068367][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.068402][ T36] ? __kthread_parkme+0x7b/0x200 [ 191.068436][ T36] kthread+0x70e/0x8a0 [ 191.068465][ T36] ? __pfx_worker_thread+0x10/0x10 [ 191.068485][ T36] ? __pfx_kthread+0x10/0x10 [ 191.068513][ T36] ? __pfx_kthread+0x10/0x10 [ 191.068537][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.068568][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.068597][ T36] ? __pfx_kthread+0x10/0x10 [ 191.068622][ T36] ret_from_fork+0x4b/0x80 [ 191.068643][ T36] ? __pfx_kthread+0x10/0x10 [ 191.068668][ T36] ret_from_fork_asm+0x1a/0x30 [ 191.068719][ T36] [pid 6172] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 191.388868][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 191.395869][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 191.395900][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.395915][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 191.395948][ T36] Call Trace: [ 191.395957][ T36] [ 191.395968][ T36] dump_stack_lvl+0x189/0x250 [ 191.396029][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.396060][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 191.396080][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 191.396108][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.396146][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 191.396185][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 191.396237][ T36] __submit_merged_bio+0x27a/0x6a0 [ 191.396274][ T36] __submit_merged_write_cond+0x255/0x530 [ 191.396312][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 191.396344][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.396411][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 191.396461][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 191.396518][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 191.396563][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 191.396594][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 191.396628][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 191.396663][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 191.396705][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 191.396738][ T36] do_writepages+0x3ae/0x7b0 [ 191.396778][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.396816][ T36] ? __pfx_do_writepages+0x10/0x10 [ 191.396873][ T36] __writeback_single_inode+0x145/0xff0 [ 191.396903][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 191.396934][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 191.397004][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 191.397082][ T36] ? rcu_is_watching+0x15/0xb0 [ 191.397126][ T36] wb_writeback+0x43b/0xaf0 [ 191.397165][ T36] ? queue_io+0x3a1/0x590 [ 191.397198][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 191.397237][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.397268][ T36] wb_workfn+0x409/0xef0 [ 191.397310][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 191.397332][ T36] ? register_lock_class+0x51/0x320 [ 191.397369][ T36] ? __lock_acquire+0xaac/0xd20 [ 191.397409][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.397451][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.397474][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.397507][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 191.397544][ T36] process_scheduled_works+0xadb/0x17a0 [ 191.397610][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 191.397665][ T36] worker_thread+0x8a0/0xda0 [ 191.397689][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 191.397724][ T36] ? __kthread_parkme+0x7b/0x200 [ 191.397759][ T36] kthread+0x70e/0x8a0 [ 191.397789][ T36] ? __pfx_worker_thread+0x10/0x10 [ 191.397809][ T36] ? __pfx_kthread+0x10/0x10 [ 191.397836][ T36] ? __pfx_kthread+0x10/0x10 [ 191.397861][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.397886][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.397914][ T36] ? __pfx_kthread+0x10/0x10 [ 191.397938][ T36] ret_from_fork+0x4b/0x80 [ 191.397959][ T36] ? __pfx_kthread+0x10/0x10 [ 191.397991][ T36] ret_from_fork_asm+0x1a/0x30 [ 191.398044][ T36] [ 191.717236][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6172] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6173] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6173] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 191.796826][ T6173] VFS:Filesystem freeze failed [pid 6172] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6183 attached => {parent_tid=[6183]}, 88) = 6183 [pid 6183] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6183] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6183] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6172] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] <... futex resumed>) = 0 [pid 6183] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6183] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6183] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6172] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0) = -1 EIO (Input/output error) [pid 6173] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6172] <... futex resumed>) = 0 [pid 6173] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] exit_group(0) = ? [pid 6183] <... futex resumed>) = ? [pid 6173] <... futex resumed>) = ? [pid 6173] +++ exited with 0 +++ [pid 6183] +++ exited with 0 +++ [pid 6172] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=62 /* 0.62 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./26/binderfs") = 0 [pid 5823] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./26/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./26") = 0 [pid 5824] mkdir("./27", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./26/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./26") = 0 [pid 5823] mkdir("./27", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6184 attached [pid 6184] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6184 [pid 6184] chdir("./27") = 0 [pid 6184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6184] setpgid(0, 0) = 0 [pid 6184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6184] write(3, "1000", 4) = 4 [pid 6184] close(3) = 0 [pid 6184] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6184] write(1, "executing program\n", 18) = 18 [pid 6184] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6184] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6184] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6185 attached => {parent_tid=[6185]}, 88) = 6185 [pid 6185] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], [pid 6185] <... rseq resumed>) = 0 [pid 6184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] set_robust_list(0x7f836b55f9a0, 24 [pid 6184] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... set_robust_list resumed>) = 0 [pid 6184] <... futex resumed>) = 0 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], [pid 6184] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6185] memfd_create("syzkaller", 0) = 3 [pid 6185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6186 ./strace-static-x86_64: Process 6186 attached [pid 6186] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6186] chdir("./27") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6186] write(1, "executing program\n", 18executing program ) = 18 [pid 6186] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6186] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6187 attached => {parent_tid=[6187]}, 88) = 6187 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6186] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6187] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6187] memfd_create("syzkaller", 0) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6185] <... write resumed>) = 20699119 [pid 6185] munmap(0x7f8363000000, 138412032) = 0 [pid 6185] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6185] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6185] close(3) = 0 [pid 6185] close(4) = 0 [pid 6185] mkdir("./bus", 0777) = 0 [ 193.590993][ T6185] loop1: detected capacity change from 0 to 40427 [ 193.637161][ T6185] F2FS-fs (loop1): invalid crc value [pid 6185] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6187] <... write resumed>) = 20699119 [pid 6187] munmap(0x7f8363000000, 138412032) = 0 [pid 6185] <... mount resumed>) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6185] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6187] <... openat resumed>) = 4 [pid 6185] <... openat resumed>) = 3 [pid 6187] ioctl(4, LOOP_SET_FD, 3 [ 193.886718][ T6185] F2FS-fs (loop1): Start checkpoint disabled! [ 193.925514][ T6185] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6185] chdir("./bus") = 0 [pid 6185] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6185] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6184] <... futex resumed>) = 0 [pid 6184] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6184] <... futex resumed>) = 0 [pid 6185] <... openat resumed>) = 4 [pid 6184] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... ioctl resumed>) = 0 [pid 6185] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] close(3 [pid 6185] <... futex resumed>) = 1 [pid 6184] <... futex resumed>) = 0 [pid 6187] <... close resumed>) = 0 [pid 6184] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] close(4 [pid 6184] <... futex resumed>) = 0 [pid 6187] <... close resumed>) = 0 [pid 6184] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] mkdir("./bus", 0777) = 0 [pid 6185] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6187] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6185] <... openat resumed>) = 5 [pid 6185] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6184] <... futex resumed>) = 0 [pid 6185] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6184] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.948210][ T6187] loop0: detected capacity change from 0 to 40427 [pid 6184] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 193.998877][ T36] kworker/u8:2: attempt to access beyond end of device [ 193.998877][ T36] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 194.031785][ T6187] F2FS-fs (loop0): invalid crc value [pid 6184] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6184] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6184] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6184] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6191]}, 88) = 6191 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6184] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6191 attached [pid 6191] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6191] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6191] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6191] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] <... futex resumed>) = 0 [pid 6184] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6184] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... futex resumed>) = 1 [ 194.048717][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 194.048750][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.048765][ T36] Workqueue: writeback wb_workfn (flush-7:1) [ 194.048799][ T36] Call Trace: [ 194.048808][ T36] [ 194.048816][ T36] dump_stack_lvl+0x189/0x250 [ 194.048854][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.048885][ T36] ? __pfx_queue_work_on+0x10/0x10 [pid 6191] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6184] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6184] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6184] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 194.048904][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 194.048929][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 194.048967][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 194.049006][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 194.049057][ T36] __submit_merged_bio+0x27a/0x6a0 [ 194.049096][ T36] __submit_merged_write_cond+0x255/0x530 [ 194.049134][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 194.049166][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.049239][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 194.049293][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 194.049358][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 194.049406][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 194.049439][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 194.049477][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 194.049513][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 194.049568][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 194.049602][ T36] do_writepages+0x3ae/0x7b0 [ 194.049646][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.049694][ T36] ? __pfx_do_writepages+0x10/0x10 [ 194.049747][ T36] __writeback_single_inode+0x145/0xff0 [ 194.049778][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 194.049811][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 194.049878][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 194.049967][ T36] ? rcu_is_watching+0x15/0xb0 [ 194.050014][ T36] wb_writeback+0x43b/0xaf0 [ 194.050057][ T36] ? queue_io+0x3a1/0x590 [ 194.050092][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 194.050134][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.050168][ T36] wb_workfn+0x409/0xef0 [ 194.050215][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 194.050236][ T36] ? register_lock_class+0x51/0x320 [ 194.050275][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.050319][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.050363][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.050386][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.050419][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.050456][ T36] process_scheduled_works+0xadb/0x17a0 [pid 6184] exit_group(0) = ? [ 194.050540][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 194.050600][ T36] worker_thread+0x8a0/0xda0 [ 194.050626][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 194.050665][ T36] ? __kthread_parkme+0x7b/0x200 [ 194.050702][ T36] kthread+0x70e/0x8a0 [ 194.050734][ T36] ? __pfx_worker_thread+0x10/0x10 [ 194.050755][ T36] ? __pfx_kthread+0x10/0x10 [ 194.050784][ T36] ? __pfx_kthread+0x10/0x10 [ 194.050809][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.050834][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.050863][ T36] ? __pfx_kthread+0x10/0x10 [ 194.050888][ T36] ret_from_fork+0x4b/0x80 [ 194.050909][ T36] ? __pfx_kthread+0x10/0x10 [ 194.050936][ T36] ret_from_fork_asm+0x1a/0x30 [ 194.050993][ T36] [ 194.051004][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 194.385008][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 194.385042][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.385058][ T36] Workqueue: writeback wb_workfn (flush-7:1) [ 194.385092][ T36] Call Trace: [ 194.385102][ T36] [ 194.385112][ T36] dump_stack_lvl+0x189/0x250 [ 194.385150][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.385182][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 194.385203][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 194.385230][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 194.385271][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 194.385314][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 194.385370][ T36] __submit_merged_bio+0x27a/0x6a0 [ 194.385410][ T36] __submit_merged_write_cond+0x255/0x530 [ 194.385451][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 194.385483][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.385577][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 194.385629][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 194.385717][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 194.385779][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 194.385812][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 194.385849][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 194.385902][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 194.385944][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 194.385979][ T36] do_writepages+0x3ae/0x7b0 [ 194.386032][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.386072][ T36] ? __pfx_do_writepages+0x10/0x10 [ 194.386123][ T36] __writeback_single_inode+0x145/0xff0 [ 194.386152][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 194.386184][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 194.386249][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 194.386334][ T36] ? rcu_is_watching+0x15/0xb0 [ 194.386380][ T36] wb_writeback+0x43b/0xaf0 [ 194.386420][ T36] ? queue_io+0x3a1/0x590 [ 194.386452][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 194.386495][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.386551][ T36] wb_workfn+0x409/0xef0 [ 194.386596][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 194.386617][ T36] ? register_lock_class+0x51/0x320 [ 194.386655][ T36] ? __lock_acquire+0xaac/0xd20 [ 194.386697][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.386739][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.386763][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.386795][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 194.386831][ T36] process_scheduled_works+0xadb/0x17a0 [ 194.386907][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 194.386965][ T36] worker_thread+0x8a0/0xda0 [ 194.386992][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 194.387030][ T36] ? __kthread_parkme+0x7b/0x200 [ 194.387068][ T36] kthread+0x70e/0x8a0 [ 194.387100][ T36] ? __pfx_worker_thread+0x10/0x10 [ 194.387121][ T36] ? __pfx_kthread+0x10/0x10 [ 194.387149][ T36] ? __pfx_kthread+0x10/0x10 [ 194.387175][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 194.387200][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.387229][ T36] ? __pfx_kthread+0x10/0x10 [ 194.387254][ T36] ret_from_fork+0x4b/0x80 [ 194.387275][ T36] ? __pfx_kthread+0x10/0x10 [ 194.387301][ T36] ret_from_fork_asm+0x1a/0x30 [ 194.387354][ T36] [ 194.947587][ T6187] F2FS-fs (loop0): Start checkpoint disabled! [ 194.956164][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6185] <... ioctl resumed>) = ? [pid 6191] <... ioctl resumed>) = ? [pid 6191] +++ exited with 0 +++ [pid 6185] +++ exited with 0 +++ [pid 6184] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6184, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 5824] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6187] <... mount resumed>) = 0 [pid 5824] <... openat resumed>) = 3 [pid 6187] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5824] newfstatat(3, "", [pid 6187] <... openat resumed>) = 3 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6187] chdir("./bus" [pid 5824] getdents64(3, [pid 6187] <... chdir resumed>) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 6187] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5824] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6187] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6187] <... futex resumed>) = 1 [pid 6186] <... futex resumed>) = 0 [pid 5824] newfstatat(AT_FDCWD, "./27/binderfs", [pid 6187] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./27/binderfs") = 0 [pid 6186] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6187] <... futex resumed>) = 0 [pid 6186] <... futex resumed>) = 1 [pid 6187] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [ 195.106874][ T6185] VFS:Filesystem freeze failed [ 195.126578][ T6187] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6186] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... openat resumed>) = 4 [pid 6187] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... futex resumed>) = 0 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... openat resumed>) = 5 [pid 6187] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6186] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.251743][ T3494] kworker/u8:6: attempt to access beyond end of device [ 195.251743][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 195.286815][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6186] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6193]}, 88) = 6193 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6186] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6193 attached [pid 6193] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6193] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6193] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6193] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 195.286847][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.286862][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 195.286896][ T3494] Call Trace: [ 195.286904][ T3494] [ 195.286914][ T3494] dump_stack_lvl+0x189/0x250 [ 195.286948][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.286977][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 195.286996][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 195.287021][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6193] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 195.287056][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 195.287094][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 195.287144][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 195.287181][ T3494] __submit_merged_write_cond+0x255/0x530 [ 195.287217][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 195.287247][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.287309][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 195.287356][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 195.287416][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 195.287462][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 195.287505][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 195.287539][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 195.287573][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 195.287613][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 195.287646][ T3494] do_writepages+0x3ae/0x7b0 [ 195.287684][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.287719][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 195.287765][ T3494] __writeback_single_inode+0x145/0xff0 [ 195.287795][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 195.287824][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 195.287882][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 195.287956][ T3494] ? rcu_is_watching+0x15/0xb0 [ 195.287998][ T3494] wb_writeback+0x43b/0xaf0 [ 195.288036][ T3494] ? queue_io+0x3a1/0x590 [ 195.288068][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 195.288105][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.288135][ T3494] wb_workfn+0x409/0xef0 [ 195.288175][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 195.288197][ T3494] ? register_lock_class+0x51/0x320 [ 195.288232][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.288271][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.288311][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.288334][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.288365][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.288400][ T3494] process_scheduled_works+0xadb/0x17a0 [ 195.288475][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 195.288527][ T3494] worker_thread+0x8a0/0xda0 [ 195.288577][ T3494] kthread+0x70e/0x8a0 [pid 6186] exit_group(0) = ? [ 195.288605][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 195.288625][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.288652][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.288676][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.288699][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.288727][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.288751][ T3494] ret_from_fork+0x4b/0x80 [ 195.288771][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.288796][ T3494] ret_from_fork_asm+0x1a/0x30 [ 195.288846][ T3494] [ 195.289157][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 195.707727][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 195.707775][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.707791][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 195.707826][ T3494] Call Trace: [ 195.707836][ T3494] [ 195.707847][ T3494] dump_stack_lvl+0x189/0x250 [ 195.707884][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.707915][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 195.707934][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 195.707960][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 195.708000][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 195.708040][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 195.708095][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 195.708152][ T3494] __submit_merged_write_cond+0x255/0x530 [ 195.708192][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 195.708224][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.708300][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 195.708353][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 195.708424][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 195.708474][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 195.708508][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 195.708546][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 195.708584][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 195.708627][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 195.708669][ T3494] do_writepages+0x3ae/0x7b0 [ 195.708712][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.708752][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 195.708804][ T3494] __writeback_single_inode+0x145/0xff0 [ 195.708834][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 195.708866][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 195.708933][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 195.709021][ T3494] ? rcu_is_watching+0x15/0xb0 [ 195.709067][ T3494] wb_writeback+0x43b/0xaf0 [ 195.709109][ T3494] ? queue_io+0x3a1/0x590 [ 195.709143][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 195.709186][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.709220][ T3494] wb_workfn+0x409/0xef0 [ 195.709266][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 195.709289][ T3494] ? register_lock_class+0x51/0x320 [ 195.709328][ T3494] ? __lock_acquire+0xaac/0xd20 [ 195.709372][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.709415][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.709438][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.709472][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 195.709509][ T3494] process_scheduled_works+0xadb/0x17a0 [ 195.709585][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 195.709644][ T3494] worker_thread+0x8a0/0xda0 [ 195.709709][ T3494] kthread+0x70e/0x8a0 [ 195.709741][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 195.709762][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.709790][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.709815][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 195.709840][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.709868][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.709894][ T3494] ret_from_fork+0x4b/0x80 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6193] <... ioctl resumed>) = ? [pid 6187] <... ioctl resumed>) = ? [pid 6193] +++ exited with 0 +++ [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4 [pid 6187] +++ exited with 0 +++ [pid 6186] +++ exited with 0 +++ [pid 5824] <... close resumed>) = 0 [pid 5824] rmdir("./27/bus" [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6186, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=36 /* 0.36 s */} --- [pid 5824] <... rmdir resumed>) = 0 [pid 5823] restart_syscall(<... resuming interrupted clone ...> [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./27") = 0 [pid 5823] <... restart_syscall resumed>) = 0 [pid 5823] umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] mkdir("./28", 0777 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", [pid 5824] <... mkdir resumed>) = 0 [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] <... openat resumed>) = 3 [pid 5823] umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] ioctl(3, LOOP_CLR_FD [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./27/binderfs", [pid 5824] <... ioctl resumed>) = 0 [pid 5823] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] close(3 [pid 5823] unlink("./27/binderfs") = 0 [ 195.709915][ T3494] ? __pfx_kthread+0x10/0x10 [ 195.709940][ T3494] ret_from_fork_asm+0x1a/0x30 [ 195.709997][ T3494] [ 195.710007][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 196.036935][ T6187] VFS:Filesystem freeze failed [pid 5823] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6194 attached [pid 6194] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6194 [pid 5823] newfstatat(AT_FDCWD, "./27/bus", [pid 6194] <... set_robust_list resumed>) = 0 [pid 6194] chdir("./28" [pid 5823] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6194] <... chdir resumed>) = 0 [pid 6194] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5823] umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6194] <... prctl resumed>) = 0 [pid 6194] setpgid(0, 0 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6194] <... setpgid resumed>) = 0 [pid 5823] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5823] <... openat resumed>) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./27/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 executing program [pid 5823] close(3 [pid 6194] write(3, "1000", 4) = 4 [pid 6194] close(3) = 0 [pid 6194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6194] write(1, "executing program\n", 18) = 18 [pid 6194] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6194] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6195]}, 88) = 6195 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6194] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6195 attached [pid 6195] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6195] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6195] memfd_create("syzkaller", 0) = 3 [pid 5823] <... close resumed>) = 0 [pid 6195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] rmdir("./27") = 0 [pid 5823] mkdir("./28", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6196 ./strace-static-x86_64: Process 6196 attached [pid 6196] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6196] chdir("./28") = 0 [pid 6196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6196] setpgid(0, 0) = 0 [pid 6196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6196] write(3, "1000", 4) = 4 [pid 6196] close(3executing program ) = 0 [pid 6196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6196] write(1, "executing program\n", 18) = 18 [pid 6196] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6196] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6197 attached => {parent_tid=[6197]}, 88) = 6197 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6197] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6196] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... rseq resumed>) = 0 [pid 6196] <... futex resumed>) = 0 [pid 6197] set_robust_list(0x7f836b55f9a0, 24 [pid 6196] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6197] <... set_robust_list resumed>) = 0 [pid 6197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6197] memfd_create("syzkaller", 0) = 3 [pid 6197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6195] <... write resumed>) = 20699119 [pid 6195] munmap(0x7f8363000000, 138412032) = 0 [pid 6195] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6195] close(3) = 0 [pid 6195] close(4) = 0 [pid 6195] mkdir("./bus", 0777) = 0 [ 197.552834][ T6195] loop1: detected capacity change from 0 to 40427 [ 197.616565][ T6195] F2FS-fs (loop1): invalid crc value [pid 6195] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6195] chdir("./bus") = 0 [pid 6195] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6195] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = 0 [pid 6194] <... futex resumed>) = 1 [pid 6195] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6194] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... openat resumed>) = 4 [pid 6195] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] <... futex resumed>) = 0 [pid 6195] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6194] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... openat resumed>) = 5 [pid 6195] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 197.826732][ T6195] F2FS-fs (loop1): Start checkpoint disabled! [ 197.857765][ T6195] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6194] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 197.917469][ T3494] kworker/u8:6: attempt to access beyond end of device [ 197.917469][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 197.948143][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6195] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6197] <... write resumed>) = 20699119 [pid 6194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6194] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6194] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6200]}, 88) = 6200 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6200 attached [pid 6194] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6194] <... futex resumed>) = 0 [pid 6200] <... rseq resumed>) = 0 [pid 6194] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6200] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6200] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6200] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 197.948178][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.948194][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 197.948229][ T3494] Call Trace: [ 197.948238][ T3494] [ 197.948248][ T3494] dump_stack_lvl+0x189/0x250 [ 197.948293][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.948324][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 197.948344][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 197.948370][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6200] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 197.948410][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 197.948451][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 197.948505][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 197.948562][ T3494] __submit_merged_write_cond+0x255/0x530 [ 197.948602][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 197.948634][ T3494] ? __lock_acquire+0xaac/0xd20 [ 197.948710][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 197.948775][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 197.948845][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 197.948894][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 197.948926][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 197.948963][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 197.948998][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 197.949040][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 197.949073][ T3494] do_writepages+0x3ae/0x7b0 [ 197.949114][ T3494] ? __lock_acquire+0xaac/0xd20 [ 197.949152][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 197.949204][ T3494] __writeback_single_inode+0x145/0xff0 [ 197.949234][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 197.949265][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 197.949340][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 197.949445][ T3494] ? rcu_is_watching+0x15/0xb0 [ 197.949493][ T3494] wb_writeback+0x43b/0xaf0 [ 197.949534][ T3494] ? queue_io+0x3a1/0x590 [ 197.949569][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 197.949612][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.949645][ T3494] wb_workfn+0x409/0xef0 [ 197.949692][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 197.949714][ T3494] ? register_lock_class+0x51/0x320 [pid 6194] exit_group(0) = ? [ 197.949757][ T3494] ? __lock_acquire+0xaac/0xd20 [ 197.949800][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 197.949844][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.949868][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 197.949900][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 197.949938][ T3494] process_scheduled_works+0xadb/0x17a0 [ 197.950013][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 197.950072][ T3494] worker_thread+0x8a0/0xda0 [ 197.950131][ T3494] kthread+0x70e/0x8a0 [ 197.950162][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 197.950183][ T3494] ? __pfx_kthread+0x10/0x10 [ 197.950212][ T3494] ? __pfx_kthread+0x10/0x10 [ 197.950237][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 197.950262][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.950296][ T3494] ? __pfx_kthread+0x10/0x10 [ 197.950321][ T3494] ret_from_fork+0x4b/0x80 [ 197.950341][ T3494] ? __pfx_kthread+0x10/0x10 [ 197.950367][ T3494] ret_from_fork_asm+0x1a/0x30 [ 197.950428][ T3494] [ 197.951496][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6197] munmap(0x7f8363000000, 138412032) = 0 [ 198.278756][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 198.278792][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.278808][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 198.278844][ T3494] Call Trace: [ 198.278853][ T3494] [ 198.278864][ T3494] dump_stack_lvl+0x189/0x250 [ 198.278901][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.278933][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 198.278953][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 198.278980][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 198.279021][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 198.279063][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 198.279119][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 198.279158][ T3494] __submit_merged_write_cond+0x255/0x530 [ 198.279199][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 198.279231][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.279306][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 198.279371][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 198.279443][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 198.279494][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 198.279527][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 198.279564][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 198.279600][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 198.279644][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 198.279679][ T3494] do_writepages+0x3ae/0x7b0 [ 198.279721][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.279762][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 198.279814][ T3494] __writeback_single_inode+0x145/0xff0 [ 198.279844][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 198.279877][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 198.279944][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 198.280031][ T3494] ? rcu_is_watching+0x15/0xb0 [ 198.280079][ T3494] wb_writeback+0x43b/0xaf0 [ 198.280120][ T3494] ? queue_io+0x3a1/0x590 [ 198.280155][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 198.280197][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.280231][ T3494] wb_workfn+0x409/0xef0 [ 198.280277][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 198.280300][ T3494] ? register_lock_class+0x51/0x320 [ 198.280346][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.280390][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.280434][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.280458][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.280491][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.280528][ T3494] process_scheduled_works+0xadb/0x17a0 [ 198.280605][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 198.280665][ T3494] worker_thread+0x8a0/0xda0 [ 198.280723][ T3494] kthread+0x70e/0x8a0 [ 198.280755][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 198.280776][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.280804][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.280829][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.280854][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.280883][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.280908][ T3494] ret_from_fork+0x4b/0x80 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6197] ioctl(4, LOOP_SET_FD, 3 [pid 6200] <... ioctl resumed>) = ? [pid 6195] <... ioctl resumed>) = ? [pid 6200] +++ exited with 0 +++ [pid 6197] <... ioctl resumed>) = 0 [pid 6197] close(3) = 0 [pid 6197] close(4) = 0 [pid 6197] mkdir("./bus", 0777) = 0 [ 198.280929][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.280955][ T3494] ret_from_fork_asm+0x1a/0x30 [ 198.281011][ T3494] [ 198.281021][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 198.599521][ T6195] VFS:Filesystem freeze failed [ 198.608567][ T6197] loop0: detected capacity change from 0 to 40427 [pid 6197] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6195] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6194, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=32 /* 0.32 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./28/binderfs") = 0 [ 198.627702][ T6197] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6197] <... mount resumed>) = 0 [pid 6197] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6197] chdir("./bus") = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6197] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6197] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6197] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6196] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... openat resumed>) = 4 [ 198.861468][ T6197] F2FS-fs (loop0): Start checkpoint disabled! [ 198.886960][ T6197] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6197] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6197] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6197] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6196] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] <... openat resumed>) = 5 [pid 6197] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6196] <... futex resumed>) = 0 [pid 6197] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6196] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6196] <... futex resumed>) = 0 [pid 6197] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 198.965065][ T3494] kworker/u8:6: attempt to access beyond end of device [ 198.965065][ T3494] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 198.996590][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 198.996626][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.996643][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 198.996678][ T3494] Call Trace: [ 198.996687][ T3494] [ 198.996698][ T3494] dump_stack_lvl+0x189/0x250 [ 198.996735][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.996766][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 198.996786][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 198.996813][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 198.996851][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 198.996891][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 198.996943][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 198.996980][ T3494] __submit_merged_write_cond+0x255/0x530 [ 198.997018][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 198.997050][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.997116][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 198.997166][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 198.997228][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [pid 6196] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6196] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6196] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6203]}, 88) = 6203 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 198.997275][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 198.997307][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 198.997343][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 198.997377][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 198.997426][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 198.997459][ T3494] do_writepages+0x3ae/0x7b0 [ 198.997498][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.997535][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 198.997582][ T3494] __writeback_single_inode+0x145/0xff0 [ 198.997613][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [pid 6196] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6196] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6196] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6196] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6204]}, 88) = 6204 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6204 attached [pid 6204] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6204] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 198.997643][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 198.997703][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 198.997779][ T3494] ? rcu_is_watching+0x15/0xb0 [ 198.997823][ T3494] wb_writeback+0x43b/0xaf0 [ 198.997862][ T3494] ? queue_io+0x3a1/0x590 [ 198.997895][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 198.997934][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.997965][ T3494] wb_workfn+0x409/0xef0 [ 198.998006][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 198.998028][ T3494] ? register_lock_class+0x51/0x320 [pid 6204] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6196] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6196] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 198.998065][ T3494] ? __lock_acquire+0xaac/0xd20 [ 198.998106][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.998148][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.998171][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.998204][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 198.998240][ T3494] process_scheduled_works+0xadb/0x17a0 [ 198.998308][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 198.998363][ T3494] worker_thread+0x8a0/0xda0 [ 198.998414][ T3494] kthread+0x70e/0x8a0 [ 198.998449][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 198.998469][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.998497][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.998521][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 198.998546][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.998573][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.998598][ T3494] ret_from_fork+0x4b/0x80 [ 198.998618][ T3494] ? __pfx_kthread+0x10/0x10 [ 198.998644][ T3494] ret_from_fork_asm+0x1a/0x30 [ 198.998695][ T3494] [ 198.998705][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 199.316770][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 199.316803][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.316820][ T3494] Workqueue: writeback wb_workfn (flush-7:0) [ 199.316854][ T3494] Call Trace: [ 199.316863][ T3494] [ 199.316875][ T3494] dump_stack_lvl+0x189/0x250 [ 199.316913][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.316945][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 199.316965][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 199.316992][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 199.317033][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 199.317075][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 199.317131][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 199.317181][ T3494] __submit_merged_write_cond+0x255/0x530 [ 199.317222][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 199.317254][ T3494] ? __lock_acquire+0xaac/0xd20 [ 199.317330][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 ./strace-static-x86_64: Process 6203 attached [pid 5824] <... umount2 resumed>) = 0 [pid 6196] exit_group(0) = ? [pid 5824] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6203] +++ exited with 0 +++ [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 199.317384][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 199.317457][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 199.317507][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 199.317541][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 199.317579][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 199.317616][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 199.317659][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 199.317693][ T3494] do_writepages+0x3ae/0x7b0 [ 199.317736][ T3494] ? __lock_acquire+0xaac/0xd20 [ 199.317776][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 199.317828][ T3494] __writeback_single_inode+0x145/0xff0 [ 199.317858][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 199.317890][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 199.317957][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 199.318045][ T3494] ? rcu_is_watching+0x15/0xb0 [ 199.318091][ T3494] wb_writeback+0x43b/0xaf0 [ 199.318133][ T3494] ? queue_io+0x3a1/0x590 [ 199.318173][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 199.318216][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 199.318249][ T3494] wb_workfn+0x409/0xef0 [ 199.318296][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 199.318318][ T3494] ? register_lock_class+0x51/0x320 [ 199.318358][ T3494] ? __lock_acquire+0xaac/0xd20 [ 199.318402][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 199.318446][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 199.318470][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 199.318503][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 199.318541][ T3494] process_scheduled_works+0xadb/0x17a0 [ 199.318616][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 199.318676][ T3494] worker_thread+0x8a0/0xda0 [ 199.318734][ T3494] kthread+0x70e/0x8a0 [ 199.318766][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 199.318787][ T3494] ? __pfx_kthread+0x10/0x10 [ 199.318815][ T3494] ? __pfx_kthread+0x10/0x10 [ 199.318840][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 199.318865][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.318893][ T3494] ? __pfx_kthread+0x10/0x10 [ 199.318918][ T3494] ret_from_fork+0x4b/0x80 [pid 5824] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./28/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./28") = 0 [pid 5824] mkdir("./29", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 199.318939][ T3494] ? __pfx_kthread+0x10/0x10 [ 199.318965][ T3494] ret_from_fork_asm+0x1a/0x30 [ 199.319022][ T3494] [ 199.319032][ T3494] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] close(3 [pid 6197] <... ioctl resumed>) = ? [pid 6204] <... ioctl resumed>) = ? [pid 6204] +++ exited with 0 +++ [pid 6197] +++ exited with 0 +++ [pid 6196] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6196, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=42 /* 0.42 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 199.758160][ T6197] VFS:Filesystem freeze failed [pid 5823] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./28/binderfs") = 0 [pid 5823] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6205 ./strace-static-x86_64: Process 6205 attached [pid 6205] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6205] chdir("./29") = 0 [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6205] setpgid(0, 0) = 0 [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6205] write(3, "1000", 4) = 4 [pid 6205] close(3) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6205] write(1, "executing program\n", 18) = 18 [pid 6205] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6205] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6206 attached => {parent_tid=[6206]}, 88) = 6206 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6205] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6206] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6206] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6206] memfd_create("syzkaller", 0) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./28/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./28") = 0 [pid 5823] mkdir("./29", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6207 ./strace-static-x86_64: Process 6207 attached [pid 6207] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6207] chdir("./29") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6207] write(1, "executing program\n", 18) = 18 [pid 6207] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6207] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6208]}, 88) = 6208 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6208 attached [pid 6207] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6208] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6208] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6206] <... write resumed>) = 20699119 [pid 6206] munmap(0x7f8363000000, 138412032) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6206] close(3) = 0 [pid 6206] close(4) = 0 [pid 6206] mkdir("./bus", 0777) = 0 [ 200.963120][ T6206] loop1: detected capacity change from 0 to 40427 [ 201.021215][ T6206] F2FS-fs (loop1): invalid crc value [pid 6206] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6206] <... mount resumed>) = 0 [pid 6206] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6206] chdir("./bus") = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6206] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6206] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6206] <... futex resumed>) = 0 [pid 6205] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6206] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6206] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6205] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] <... openat resumed>) = 5 [pid 6205] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6206] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 201.259067][ T6206] F2FS-fs (loop1): Start checkpoint disabled! [ 201.288595][ T6206] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6205] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 201.325785][ T6132] kworker/u8:8: attempt to access beyond end of device [ 201.325785][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 201.346568][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 201.346604][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 6205] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6205] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6205] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6211]}, 88) = 6211 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6205] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 201.346620][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 201.346656][ T6132] Call Trace: [ 201.346665][ T6132] [ 201.346676][ T6132] dump_stack_lvl+0x189/0x250 [ 201.346713][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.346743][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 201.346763][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 201.346790][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.346828][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 201.346867][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [pid 6205] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6205] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6205] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6205] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6212 attached [pid 6212] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6205] <... clone3 resumed> => {parent_tid=[6212]}, 88) = 6212 [pid 6212] <... rseq resumed>) = 0 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], [pid 6212] set_robust_list(0x7f836b51d9a0, 24 [pid 6205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6212] <... set_robust_list resumed>) = 0 [pid 6205] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] rt_sigprocmask(SIG_SETMASK, [], [pid 6205] <... futex resumed>) = 0 [pid 6212] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6205] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 201.346918][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 201.346955][ T6132] __submit_merged_write_cond+0x255/0x530 [ 201.346992][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 201.347024][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.347090][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.347140][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 201.347201][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 201.347256][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 201.347289][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 201.347324][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 201.347359][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 201.347400][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.347433][ T6132] do_writepages+0x3ae/0x7b0 [ 201.347473][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.347511][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 201.347558][ T6132] __writeback_single_inode+0x145/0xff0 [ 201.347589][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 201.347619][ T6132] writeback_sb_inodes+0x6b5/0x1000 [pid 6212] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6205] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 201.347679][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 201.347756][ T6132] ? rcu_is_watching+0x15/0xb0 [ 201.347799][ T6132] wb_writeback+0x43b/0xaf0 [ 201.347838][ T6132] ? queue_io+0x3a1/0x590 [ 201.347871][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 201.347910][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.347941][ T6132] wb_workfn+0x409/0xef0 [ 201.347983][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 201.348002][ T6132] ? register_lock_class+0x51/0x320 [ 201.348036][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.348076][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.348118][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.348142][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.348174][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.348210][ T6132] process_scheduled_works+0xadb/0x17a0 [ 201.348284][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 201.348338][ T6132] worker_thread+0x8a0/0xda0 [ 201.348363][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.348398][ T6132] ? __kthread_parkme+0x7b/0x200 [ 201.348432][ T6132] kthread+0x70e/0x8a0 [ 201.348462][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 201.348482][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.348510][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.348534][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.348558][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.348586][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.348611][ T6132] ret_from_fork+0x4b/0x80 [ 201.348632][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.348657][ T6132] ret_from_fork_asm+0x1a/0x30 [ 201.348709][ T6132] ./strace-static-x86_64: Process 6211 attached [pid 6205] exit_group(0) = ? [pid 6211] +++ exited with 0 +++ [ 201.348719][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 201.816548][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 201.816580][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.816596][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 201.816630][ T6132] Call Trace: [ 201.816639][ T6132] [ 201.816649][ T6132] dump_stack_lvl+0x189/0x250 [ 201.816684][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.816713][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 201.816730][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 201.816752][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.816791][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 201.816830][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 201.816881][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 201.816918][ T6132] __submit_merged_write_cond+0x255/0x530 [ 201.816956][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 201.816997][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.817064][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.817113][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 201.817174][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 201.817220][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 201.817253][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 201.817289][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 201.817323][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 201.817364][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.817398][ T6132] do_writepages+0x3ae/0x7b0 [ 201.817436][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.817473][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 201.817520][ T6132] __writeback_single_inode+0x145/0xff0 [ 201.817550][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 201.817580][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 201.817638][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 201.817714][ T6132] ? rcu_is_watching+0x15/0xb0 [ 201.817758][ T6132] wb_writeback+0x43b/0xaf0 [ 201.817796][ T6132] ? queue_io+0x3a1/0x590 [ 201.817829][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 201.817868][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.817899][ T6132] wb_workfn+0x409/0xef0 [ 201.817940][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 201.817968][ T6132] ? register_lock_class+0x51/0x320 [ 201.818005][ T6132] ? __lock_acquire+0xaac/0xd20 [ 201.818045][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.818086][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.818109][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.818141][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 201.818177][ T6132] process_scheduled_works+0xadb/0x17a0 [ 201.818245][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 201.818300][ T6132] worker_thread+0x8a0/0xda0 [ 201.818324][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.818371][ T6132] ? __kthread_parkme+0x7b/0x200 [ 201.818422][ T6132] kthread+0x70e/0x8a0 [ 201.818452][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 201.818472][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.818499][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.818524][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 201.818548][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6208] <... write resumed>) = 20699119 [pid 6208] munmap(0x7f8363000000, 138412032) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 201.818576][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.818600][ T6132] ret_from_fork+0x4b/0x80 [ 201.818622][ T6132] ? __pfx_kthread+0x10/0x10 [ 201.818647][ T6132] ret_from_fork_asm+0x1a/0x30 [ 201.818698][ T6132] [ 201.818709][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6208] ioctl(4, LOOP_SET_FD, 3 [pid 6206] <... ioctl resumed>) = ? [pid 6212] <... ioctl resumed>) = ? [pid 6212] +++ exited with 0 +++ [pid 6206] +++ exited with 0 +++ [pid 6205] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=31 /* 0.31 s */} --- [pid 6208] <... ioctl resumed>) = 0 [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 6208] close(3) = 0 [pid 6208] close(4) = 0 [pid 6208] mkdir("./bus", 0777 [pid 5824] <... restart_syscall resumed>) = 0 [pid 6208] <... mkdir resumed>) = 0 [pid 5824] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6208] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 202.167631][ T6208] loop0: detected capacity change from 0 to 40427 [ 202.174387][ T6206] VFS:Filesystem freeze failed [pid 5824] unlink("./29/binderfs") = 0 [ 202.219249][ T6208] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6208] <... mount resumed>) = 0 [pid 6208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./bus") = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6208] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... futex resumed>) = 0 [pid 6208] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6208] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6207] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... openat resumed>) = 5 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6207] <... futex resumed>) = 0 [ 202.449054][ T6208] F2FS-fs (loop0): Start checkpoint disabled! [ 202.468621][ T6208] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 202.521856][ T36] kworker/u8:2: attempt to access beyond end of device [ 202.521856][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6207] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6207] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6207] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6215]}, 88) = 6215 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6215 attached [pid 6215] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6215] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6215] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6215] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 202.566991][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 202.567025][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.567040][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 202.567075][ T36] Call Trace: [ 202.567085][ T36] [ 202.567097][ T36] dump_stack_lvl+0x189/0x250 [ 202.567131][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.567163][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 202.567183][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 202.567210][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 202.567247][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 202.567287][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 202.567338][ T36] __submit_merged_bio+0x27a/0x6a0 [ 202.567376][ T36] __submit_merged_write_cond+0x255/0x530 [ 202.567415][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 202.567447][ T36] ? __lock_acquire+0xaac/0xd20 [pid 6215] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6207] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 202.567513][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 202.567562][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 202.567623][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 202.567669][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 202.567701][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 202.567737][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 202.567771][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 202.567812][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 202.567846][ T36] do_writepages+0x3ae/0x7b0 [ 202.567886][ T36] ? __lock_acquire+0xaac/0xd20 [ 202.567924][ T36] ? __pfx_do_writepages+0x10/0x10 [ 202.567979][ T36] __writeback_single_inode+0x145/0xff0 [ 202.568010][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 202.568040][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 202.568099][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 202.568187][ T36] ? rcu_is_watching+0x15/0xb0 [ 202.568230][ T36] wb_writeback+0x43b/0xaf0 [ 202.568268][ T36] ? queue_io+0x3a1/0x590 [ 202.568299][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 202.568337][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.568368][ T36] wb_workfn+0x409/0xef0 [ 202.568408][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 202.568429][ T36] ? register_lock_class+0x51/0x320 [ 202.568465][ T36] ? __lock_acquire+0xaac/0xd20 [ 202.568504][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.568544][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.568566][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.568598][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.568633][ T36] process_scheduled_works+0xadb/0x17a0 [ 202.568698][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 202.568750][ T36] worker_thread+0x8a0/0xda0 [ 202.568774][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 202.568808][ T36] ? __kthread_parkme+0x7b/0x200 [ 202.568841][ T36] kthread+0x70e/0x8a0 [ 202.568869][ T36] ? __pfx_worker_thread+0x10/0x10 [ 202.568888][ T36] ? __pfx_kthread+0x10/0x10 [ 202.568915][ T36] ? __pfx_kthread+0x10/0x10 [ 202.568970][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.568993][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6207] exit_group(0) = ? [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [ 202.569021][ T36] ? __pfx_kthread+0x10/0x10 [ 202.569044][ T36] ret_from_fork+0x4b/0x80 [ 202.569065][ T36] ? __pfx_kthread+0x10/0x10 [ 202.569089][ T36] ret_from_fork_asm+0x1a/0x30 [ 202.569139][ T36] [ 202.569526][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 202.900535][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 5824] close(4) = 0 [pid 5824] rmdir("./29/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./29") = 0 [pid 5824] mkdir("./30", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 202.900561][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 202.900573][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 202.900602][ T36] Call Trace: [ 202.900611][ T36] [ 202.900621][ T36] dump_stack_lvl+0x189/0x250 [ 202.900654][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.900680][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 202.900696][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 202.900718][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 202.900751][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 202.900788][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 202.900840][ T36] __submit_merged_bio+0x27a/0x6a0 [ 202.900874][ T36] __submit_merged_write_cond+0x255/0x530 [ 202.900912][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 202.900942][ T36] ? __lock_acquire+0xaac/0xd20 [ 202.901010][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 202.901063][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 202.901143][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 202.901194][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 202.901228][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 202.901266][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 202.901302][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 202.901346][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 202.901380][ T36] do_writepages+0x3ae/0x7b0 [ 202.901422][ T36] ? __lock_acquire+0xaac/0xd20 [ 202.901463][ T36] ? __pfx_do_writepages+0x10/0x10 [ 202.901515][ T36] __writeback_single_inode+0x145/0xff0 [ 202.901546][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 202.901579][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 202.901647][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 202.901737][ T36] ? rcu_is_watching+0x15/0xb0 [ 202.901784][ T36] wb_writeback+0x43b/0xaf0 [ 202.901827][ T36] ? queue_io+0x3a1/0x590 [ 202.901862][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 202.901900][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.901933][ T36] wb_workfn+0x409/0xef0 [ 202.901981][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 202.902003][ T36] ? register_lock_class+0x51/0x320 [ 202.902042][ T36] ? __lock_acquire+0xaac/0xd20 [ 202.902086][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.902135][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.902158][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.902189][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 202.902225][ T36] process_scheduled_works+0xadb/0x17a0 [ 202.902299][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 202.902357][ T36] worker_thread+0x8a0/0xda0 [ 202.902382][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 202.902419][ T36] ? __kthread_parkme+0x7b/0x200 [ 202.902455][ T36] kthread+0x70e/0x8a0 [ 202.902496][ T36] ? __pfx_worker_thread+0x10/0x10 [ 202.902512][ T36] ? __pfx_kthread+0x10/0x10 [ 202.902540][ T36] ? __pfx_kthread+0x10/0x10 [ 202.902559][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 202.902597][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 202.902619][ T36] ? __pfx_kthread+0x10/0x10 [ 202.902638][ T36] ret_from_fork+0x4b/0x80 [ 202.902656][ T36] ? __pfx_kthread+0x10/0x10 [ 202.902676][ T36] ret_from_fork_asm+0x1a/0x30 [ 202.902721][ T36] [ 202.902984][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6216 ./strace-static-x86_64: Process 6216 attached [pid 6215] <... ioctl resumed>) = ? [pid 6208] <... ioctl resumed>) = ? [pid 6215] +++ exited with 0 +++ [pid 6208] +++ exited with 0 +++ [pid 6207] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...> [pid 6216] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5823] <... restart_syscall resumed>) = 0 [pid 6216] chdir("./30") = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5823] umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6216] <... prctl resumed>) = 0 [pid 5823] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6216] setpgid(0, 0 [pid 5823] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6216] <... setpgid resumed>) = 0 [pid 5823] <... openat resumed>) = 3 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 6216] <... openat resumed>) = 3 [pid 5823] umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./29/binderfs") = 0 [ 203.367060][ T6208] VFS:Filesystem freeze failed [pid 5823] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6216] write(3, "1000", 4) = 4 [pid 6216] close(3) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6216] write(1, "executing program\n", 18) = 18 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6216] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6217 attached => {parent_tid=[6217]}, 88) = 6217 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6216] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6217] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6217] memfd_create("syzkaller", 0) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./29/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./29") = 0 [pid 5823] mkdir("./30", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6218 ./strace-static-x86_64: Process 6218 attached [pid 6218] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6218] chdir("./30") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6218] write(1, "executing program\n", 18executing program ) = 18 [pid 6218] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6218] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6218] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6219]}, 88) = 6219 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6218] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6219 attached [pid 6219] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6219] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6217] <... write resumed>) = 20699119 [pid 6217] munmap(0x7f8363000000, 138412032) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6217] close(3) = 0 [pid 6217] close(4) = 0 [pid 6217] mkdir("./bus", 0777) = 0 [ 204.356889][ T6217] loop1: detected capacity change from 0 to 40427 [ 204.410074][ T6217] F2FS-fs (loop1): invalid crc value [pid 6217] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6217] <... mount resumed>) = 0 [pid 6217] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6217] chdir("./bus") = 0 [ 204.636757][ T6217] F2FS-fs (loop1): Start checkpoint disabled! [ 204.671150][ T6217] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6217] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6217] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6217] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 1 [pid 6217] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... openat resumed>) = 5 [pid 6217] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 204.779160][ T3494] kworker/u8:6: attempt to access beyond end of device [ 204.779160][ T3494] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6216] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6216] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6216] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6222 attached => {parent_tid=[6222]}, 88) = 6222 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6216] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6222] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6222] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6222] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 204.816539][ T3494] CPU: 1 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 204.816573][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 204.816590][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 204.816625][ T3494] Call Trace: [ 204.816634][ T3494] [ 204.816645][ T3494] dump_stack_lvl+0x189/0x250 [ 204.816682][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.816714][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 204.816734][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [pid 6222] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6216] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 204.816767][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 204.816806][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 204.816846][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 204.816897][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 204.816934][ T3494] __submit_merged_write_cond+0x255/0x530 [ 204.816972][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 204.817003][ T3494] ? __lock_acquire+0xaac/0xd20 [ 204.817070][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 204.817119][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 204.817181][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 204.817228][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 204.817262][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 204.817297][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 204.817333][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 204.817374][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 204.817408][ T3494] do_writepages+0x3ae/0x7b0 [ 204.817447][ T3494] ? __lock_acquire+0xaac/0xd20 [ 204.817485][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 204.817533][ T3494] __writeback_single_inode+0x145/0xff0 [ 204.817563][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 204.817593][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 204.817653][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 204.817730][ T3494] ? rcu_is_watching+0x15/0xb0 [ 204.817780][ T3494] wb_writeback+0x43b/0xaf0 [ 204.817820][ T3494] ? queue_io+0x3a1/0x590 [ 204.817853][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 204.817893][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 204.817924][ T3494] wb_workfn+0x409/0xef0 [pid 6219] <... write resumed>) = 20699119 [ 204.817965][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 204.817987][ T3494] ? register_lock_class+0x51/0x320 [ 204.818025][ T3494] ? __lock_acquire+0xaac/0xd20 [ 204.818065][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 204.818107][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 204.818131][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 204.818163][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 204.818200][ T3494] process_scheduled_works+0xadb/0x17a0 [ 204.818268][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [pid 6219] munmap(0x7f8363000000, 138412032) = 0 [ 204.818322][ T3494] worker_thread+0x8a0/0xda0 [ 204.818374][ T3494] kthread+0x70e/0x8a0 [ 204.818404][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 204.818425][ T3494] ? __pfx_kthread+0x10/0x10 [ 204.818452][ T3494] ? __pfx_kthread+0x10/0x10 [ 204.818477][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 204.818501][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 204.818529][ T3494] ? __pfx_kthread+0x10/0x10 [ 204.818554][ T3494] ret_from_fork+0x4b/0x80 [ 204.818575][ T3494] ? __pfx_kthread+0x10/0x10 [ 204.818601][ T3494] ret_from_fork_asm+0x1a/0x30 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6219] close(3) = 0 [ 204.818654][ T3494] [ 204.818663][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 205.127239][ T6219] loop0: detected capacity change from 0 to 40427 [pid 6219] close(4) = 0 [pid 6219] mkdir("./bus", 0777 [pid 6216] exit_group(0 [pid 6219] <... mkdir resumed>) = 0 [pid 6216] <... exit_group resumed>) = ? [ 205.224989][ T6219] F2FS-fs (loop0): invalid crc value [ 205.324746][ T3494] CPU: 0 UID: 0 PID: 3494 Comm: kworker/u8:6 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 205.324781][ T3494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.324797][ T3494] Workqueue: writeback wb_workfn (flush-7:1) [ 205.324832][ T3494] Call Trace: [ 205.324843][ T3494] [ 205.324853][ T3494] dump_stack_lvl+0x189/0x250 [ 205.324890][ T3494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.324921][ T3494] ? __pfx_queue_work_on+0x10/0x10 [ 205.324941][ T3494] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 205.324968][ T3494] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 205.325006][ T3494] f2fs_handle_critical_error+0x37c/0x540 [ 205.325054][ T3494] f2fs_write_end_io+0x4e2/0x6d0 [ 205.325104][ T3494] __submit_merged_bio+0x27a/0x6a0 [ 205.325141][ T3494] __submit_merged_write_cond+0x255/0x530 [ 205.325179][ T3494] f2fs_write_data_pages+0x2854/0x31f0 [ 205.325210][ T3494] ? __lock_acquire+0xaac/0xd20 [ 205.325276][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 205.325325][ T3494] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 205.325386][ T3494] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 205.325432][ T3494] ? trace_f2fs_writepages+0x7f/0x200 [ 205.325464][ T3494] ? f2fs_write_node_pages+0x478/0x6e0 [ 205.325500][ T3494] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 205.325534][ T3494] ? has_not_enough_free_secs+0xd8b/0x1640 [ 205.325574][ T3494] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 205.325608][ T3494] do_writepages+0x3ae/0x7b0 [ 205.325646][ T3494] ? __lock_acquire+0xaac/0xd20 [ 205.325684][ T3494] ? __pfx_do_writepages+0x10/0x10 [ 205.325730][ T3494] __writeback_single_inode+0x145/0xff0 [ 205.325760][ T3494] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 205.325791][ T3494] writeback_sb_inodes+0x6b5/0x1000 [ 205.325851][ T3494] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 205.325928][ T3494] ? rcu_is_watching+0x15/0xb0 [ 205.325972][ T3494] wb_writeback+0x43b/0xaf0 [ 205.326011][ T3494] ? queue_io+0x3a1/0x590 [ 205.326050][ T3494] ? __pfx_wb_writeback+0x10/0x10 [ 205.326089][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 205.326120][ T3494] wb_workfn+0x409/0xef0 [ 205.326168][ T3494] ? __pfx_wb_workfn+0x10/0x10 [ 205.326190][ T3494] ? register_lock_class+0x51/0x320 [ 205.326227][ T3494] ? __lock_acquire+0xaac/0xd20 [ 205.326267][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 205.326309][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 205.326332][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 205.326364][ T3494] ? process_scheduled_works+0x9ec/0x17a0 [ 205.326401][ T3494] process_scheduled_works+0xadb/0x17a0 [ 205.326468][ T3494] ? __pfx_process_scheduled_works+0x10/0x10 [ 205.326523][ T3494] worker_thread+0x8a0/0xda0 [ 205.326575][ T3494] kthread+0x70e/0x8a0 [ 205.326605][ T3494] ? __pfx_worker_thread+0x10/0x10 [ 205.326625][ T3494] ? __pfx_kthread+0x10/0x10 [ 205.326652][ T3494] ? __pfx_kthread+0x10/0x10 [ 205.326676][ T3494] ? _raw_spin_unlock_irq+0x23/0x50 [ 205.326700][ T3494] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.326729][ T3494] ? __pfx_kthread+0x10/0x10 [ 205.326754][ T3494] ret_from_fork+0x4b/0x80 [ 205.326775][ T3494] ? __pfx_kthread+0x10/0x10 [ 205.326801][ T3494] ret_from_fork_asm+0x1a/0x30 [ 205.326853][ T3494] [ 205.732858][ T6219] F2FS-fs (loop0): Start checkpoint disabled! [pid 6219] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] <... ioctl resumed>) = ? [pid 6217] <... ioctl resumed>) = ? [pid 6219] chdir("./bus" [pid 6222] +++ exited with 0 +++ [pid 6219] <... chdir resumed>) = 0 [pid 6217] +++ exited with 0 +++ [pid 6216] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=37 /* 0.37 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6219] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... restart_syscall resumed>) = 0 [pid 5824] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./30/binderfs") = 0 [pid 5824] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6218] <... futex resumed>) = 1 [pid 6219] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6218] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6218] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... openat resumed>) = 5 [pid 6218] <... futex resumed>) = 0 [ 205.796615][ T6219] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 205.802407][ T3494] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 205.814709][ T6217] VFS:Filesystem freeze failed [pid 6218] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6218] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6218] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6218] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6218] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6225]}, 88) = 6225 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6218] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6225 attached ) = 0 [pid 6218] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 205.883325][ T6132] kworker/u8:8: attempt to access beyond end of device [ 205.883325][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 205.931685][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 205.931720][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 205.931736][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 205.931771][ T6132] Call Trace: [ 205.931780][ T6132] [ 205.931791][ T6132] dump_stack_lvl+0x189/0x250 [ 205.931829][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.931861][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 6225] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6225] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6225] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 205.931881][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 205.931909][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 205.931961][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 205.932002][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 205.932058][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 205.932099][ T6132] __submit_merged_write_cond+0x255/0x530 [ 205.932139][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 205.932171][ T6132] ? __lock_acquire+0xaac/0xd20 [ 205.932247][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 205.932300][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 205.932372][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 205.932405][ T6132] ? __lock_acquire+0xaac/0xd20 [ 205.932448][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 205.932483][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 205.932520][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 205.932570][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 205.932605][ T6132] do_writepages+0x3ae/0x7b0 [ 205.932648][ T6132] ? __lock_acquire+0xaac/0xd20 [pid 6225] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] <... futex resumed>) = 0 [pid 6218] <... futex resumed>) = 1 [pid 6225] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 205.932688][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 205.932741][ T6132] __writeback_single_inode+0x145/0xff0 [ 205.932772][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 205.932804][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 205.932872][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 205.932966][ T6132] ? rcu_is_watching+0x15/0xb0 [ 205.933012][ T6132] wb_writeback+0x43b/0xaf0 [ 205.933053][ T6132] ? queue_io+0x3a1/0x590 [ 205.933087][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 205.933130][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [pid 6218] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 205.933163][ T6132] wb_workfn+0x409/0xef0 [ 205.933210][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 205.933233][ T6132] ? register_lock_class+0x51/0x320 [ 205.933272][ T6132] ? __lock_acquire+0xaac/0xd20 [ 205.933315][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 205.933359][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 205.933383][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 205.933417][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 205.933454][ T6132] process_scheduled_works+0xadb/0x17a0 [ 205.933530][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 205.933591][ T6132] worker_thread+0x8a0/0xda0 [ 205.933616][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 205.933655][ T6132] ? __kthread_parkme+0x7b/0x200 [ 205.933690][ T6132] kthread+0x70e/0x8a0 [ 205.933715][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 205.933736][ T6132] ? __pfx_kthread+0x10/0x10 [ 205.933765][ T6132] ? __pfx_kthread+0x10/0x10 [ 205.933790][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 205.933815][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.933843][ T6132] ? __pfx_kthread+0x10/0x10 [ 205.933868][ T6132] ret_from_fork+0x4b/0x80 [ 205.933889][ T6132] ? __pfx_kthread+0x10/0x10 [ 205.933915][ T6132] ret_from_fork_asm+0x1a/0x30 [ 205.933991][ T6132] [ 206.258035][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.265026][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 206.265058][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.265074][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 206.265109][ T6132] Call Trace: [ 206.265118][ T6132] [ 206.265128][ T6132] dump_stack_lvl+0x189/0x250 [ 206.265164][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.265195][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 206.265215][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 206.265242][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 206.265279][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 206.265318][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 206.265369][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 206.265407][ T6132] __submit_merged_write_cond+0x255/0x530 [ 206.265444][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 206.265476][ T6132] ? __lock_acquire+0xaac/0xd20 [ 206.265543][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 206.265593][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 206.265654][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 206.265687][ T6132] ? __lock_acquire+0xaac/0xd20 [ 206.265727][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 206.265759][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 206.265795][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 206.265840][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 206.265874][ T6132] do_writepages+0x3ae/0x7b0 [ 206.265914][ T6132] ? __lock_acquire+0xaac/0xd20 [ 206.265960][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 206.266009][ T6132] __writeback_single_inode+0x145/0xff0 [ 206.266040][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 206.266071][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 206.266131][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 206.266208][ T6132] ? rcu_is_watching+0x15/0xb0 [ 206.266252][ T6132] wb_writeback+0x43b/0xaf0 [ 206.266291][ T6132] ? queue_io+0x3a1/0x590 [ 206.266324][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 206.266364][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 206.266395][ T6132] wb_workfn+0x409/0xef0 [ 206.266438][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 206.266459][ T6132] ? register_lock_class+0x51/0x320 [ 206.266496][ T6132] ? __lock_acquire+0xaac/0xd20 [ 206.266536][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 206.266577][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 206.266601][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 206.266633][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 206.266670][ T6132] process_scheduled_works+0xadb/0x17a0 [ 206.266738][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 206.266792][ T6132] worker_thread+0x8a0/0xda0 [ 206.266817][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 206.266852][ T6132] ? __kthread_parkme+0x7b/0x200 [ 206.266886][ T6132] kthread+0x70e/0x8a0 [ 206.266916][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 206.266936][ T6132] ? __pfx_kthread+0x10/0x10 [ 206.266971][ T6132] ? __pfx_kthread+0x10/0x10 [ 206.266995][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 206.267032][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.267078][ T6132] ? __pfx_kthread+0x10/0x10 [ 206.267106][ T6132] ret_from_fork+0x4b/0x80 [ 206.267128][ T6132] ? __pfx_kthread+0x10/0x10 [ 206.267154][ T6132] ret_from_fork_asm+0x1a/0x30 [ 206.267207][ T6132] [pid 6218] exit_group(0) = ? [ 206.585288][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 206.605657][ T6219] VFS:Filesystem freeze failed [pid 6225] <... ioctl resumed>) = ? [pid 6219] <... ioctl resumed>) = ? [pid 6225] +++ exited with 0 +++ [pid 6219] +++ exited with 0 +++ [pid 6218] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=40 /* 0.40 s */} --- [pid 5823] umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./30/binderfs") = 0 [pid 5823] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./30/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./30") = 0 [pid 5824] mkdir("./31", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./30/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./30") = 0 [pid 5823] mkdir("./31", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6226 attached , child_tidptr=0x55558e3aa690) = 6226 [pid 6226] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6226] chdir("./31") = 0 [pid 6226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6226] setpgid(0, 0) = 0 [pid 6226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6226] write(3, "1000", 4) = 4 [pid 6226] close(3) = 0 [pid 6226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6226] write(1, "executing program\n", 18) = 18 [pid 6226] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6226] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6227]}, 88) = 6227 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6226] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6227 attached [pid 6227] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6227] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6227] memfd_create("syzkaller", 0) = 3 [pid 6227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6228 attached [pid 6228] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6228 [pid 6228] <... set_robust_list resumed>) = 0 [pid 6228] chdir("./31") = 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6228] setpgid(0, 0) = 0 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6228] write(3, "1000", 4) = 4 [pid 6228] close(3) = 0 executing program [pid 6228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6228] write(1, "executing program\n", 18) = 18 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6228] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6228] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6229]}, 88) = 6229 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6228] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6229 attached [pid 6229] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6229] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6229] memfd_create("syzkaller", 0) = 3 [pid 6229] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6229] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6227] <... write resumed>) = 20699119 [pid 6227] munmap(0x7f8363000000, 138412032) = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6227] close(3) = 0 [pid 6227] close(4) = 0 [pid 6227] mkdir("./bus", 0777) = 0 [ 208.501794][ T6227] loop1: detected capacity change from 0 to 40427 [ 208.586649][ T6227] F2FS-fs (loop1): invalid crc value [pid 6227] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6229] <... write resumed>) = 20699119 [pid 6229] munmap(0x7f8363000000, 138412032 [pid 6227] <... mount resumed>) = 0 [pid 6229] <... munmap resumed>) = 0 [ 208.791331][ T6227] F2FS-fs (loop1): Start checkpoint disabled! [ 208.817135][ T6227] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6229] ioctl(4, LOOP_SET_FD, 3 [pid 6227] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6227] chdir("./bus") = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6227] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6226] <... futex resumed>) = 0 [pid 6226] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] <... futex resumed>) = 0 [pid 6227] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6227] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] <... futex resumed>) = 0 [pid 6227] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] <... ioctl resumed>) = 0 [pid 6226] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] close(3) = 0 [pid 6229] close(4) = 0 [pid 6227] <... futex resumed>) = 0 [pid 6226] <... futex resumed>) = 1 [pid 6227] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6226] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6226] <... futex resumed>) = 0 [pid 6227] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6226] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 208.858704][ T6229] loop0: detected capacity change from 0 to 40427 [ 208.888937][ T6132] kworker/u8:8: attempt to access beyond end of device [ 208.888937][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 208.906502][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 208.906534][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.906550][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 208.906584][ T6132] Call Trace: [ 208.906594][ T6132] [ 208.906603][ T6132] dump_stack_lvl+0x189/0x250 [ 208.906639][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.906668][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 208.906688][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 208.906714][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 208.906761][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 208.906803][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 208.906856][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 208.906894][ T6132] __submit_merged_write_cond+0x255/0x530 [ 208.906932][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 208.906962][ T6132] ? __lock_acquire+0xaac/0xd20 [ 208.907031][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6229] mkdir("./bus", 0777) = 0 [pid 6226] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6226] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6226] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6232]}, 88) = 6232 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6226] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 208.907081][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 208.907149][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 208.907199][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 208.907233][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 208.907270][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 208.907306][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 208.907349][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 208.907384][ T6132] do_writepages+0x3ae/0x7b0 [ 208.907426][ T6132] ? __lock_acquire+0xaac/0xd20 [pid 6226] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6226] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6226] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6226] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6233]}, 88) = 6233 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6226] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6233 attached [pid 6226] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6233] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 208.907466][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 208.907518][ T6132] __writeback_single_inode+0x145/0xff0 [ 208.907550][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 208.907583][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 208.907647][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 208.907735][ T6132] ? rcu_is_watching+0x15/0xb0 [ 208.907791][ T6132] wb_writeback+0x43b/0xaf0 [ 208.907832][ T6132] ? queue_io+0x3a1/0x590 [ 208.907867][ T6132] ? __pfx_wb_writeback+0x10/0x10 [pid 6233] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6226] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 208.907910][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.907943][ T6132] wb_workfn+0x409/0xef0 [ 208.907990][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 208.908013][ T6132] ? register_lock_class+0x51/0x320 [ 208.908053][ T6132] ? __lock_acquire+0xaac/0xd20 [ 208.908097][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 208.908141][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.908165][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 208.908198][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 208.908236][ T6132] process_scheduled_works+0xadb/0x17a0 [ 208.908312][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 208.908372][ T6132] worker_thread+0x8a0/0xda0 [ 208.908399][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 208.908436][ T6132] ? __kthread_parkme+0x7b/0x200 [ 208.908473][ T6132] kthread+0x70e/0x8a0 [ 208.908505][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 208.908526][ T6132] ? __pfx_kthread+0x10/0x10 [ 208.908555][ T6132] ? __pfx_kthread+0x10/0x10 [ 208.908580][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 208.908605][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.908634][ T6132] ? __pfx_kthread+0x10/0x10 [ 208.908659][ T6132] ret_from_fork+0x4b/0x80 [ 208.908680][ T6132] ? __pfx_kthread+0x10/0x10 [ 208.908707][ T6132] ret_from_fork_asm+0x1a/0x30 [ 208.908769][ T6132] [ 208.908780][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 209.180765][ T6229] F2FS-fs (loop0): invalid crc value [ 209.190974][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 209.191009][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.191026][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 209.191064][ T6132] Call Trace: [ 209.191075][ T6132] [ 209.191086][ T6132] dump_stack_lvl+0x189/0x250 [ 209.191128][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.191162][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 209.191184][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 209.191212][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6229] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"..../strace-static-x86_64: Process 6232 attached [pid 6232] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6232] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6232] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6232] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.191256][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 209.191300][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 209.191359][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 209.191400][ T6132] __submit_merged_write_cond+0x255/0x530 [ 209.191450][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 209.191485][ T6132] ? __lock_acquire+0xaac/0xd20 [ 209.191564][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 209.191619][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 209.191691][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 209.191743][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 209.191779][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 209.191818][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 209.191857][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 209.191901][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 209.191938][ T6132] do_writepages+0x3ae/0x7b0 [ 209.191983][ T6132] ? __lock_acquire+0xaac/0xd20 [ 209.192025][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 209.192081][ T6132] __writeback_single_inode+0x145/0xff0 [pid 6232] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6226] exit_group(0 [pid 6232] <... futex resumed>) = ? [pid 6226] <... exit_group resumed>) = ? [pid 6232] +++ exited with 0 +++ [ 209.192113][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 209.192148][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 209.192217][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 209.192309][ T6132] ? rcu_is_watching+0x15/0xb0 [ 209.192358][ T6132] wb_writeback+0x43b/0xaf0 [ 209.192403][ T6132] ? queue_io+0x3a1/0x590 [ 209.192446][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 209.192491][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.192527][ T6132] wb_workfn+0x409/0xef0 [ 209.192577][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 209.192600][ T6132] ? register_lock_class+0x51/0x320 [ 209.192642][ T6132] ? __lock_acquire+0xaac/0xd20 [ 209.192687][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 209.192733][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.192758][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 209.192793][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 209.192833][ T6132] process_scheduled_works+0xadb/0x17a0 [ 209.192911][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 209.192973][ T6132] worker_thread+0x8a0/0xda0 [ 209.193001][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 209.193041][ T6132] ? __kthread_parkme+0x7b/0x200 [ 209.193080][ T6132] kthread+0x70e/0x8a0 [ 209.193113][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 209.193136][ T6132] ? __pfx_kthread+0x10/0x10 [ 209.193166][ T6132] ? __pfx_kthread+0x10/0x10 [ 209.193192][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 209.193218][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.193248][ T6132] ? __pfx_kthread+0x10/0x10 [ 209.193274][ T6132] ret_from_fork+0x4b/0x80 [ 209.193297][ T6132] ? __pfx_kthread+0x10/0x10 [pid 6227] <... ioctl resumed>) = ? [pid 6227] +++ exited with 0 +++ [ 209.193325][ T6132] ret_from_fork_asm+0x1a/0x30 [ 209.193384][ T6132] [ 209.193393][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 209.576801][ T6227] VFS:Filesystem freeze failed [pid 6233] <... ioctl resumed>) = ? [pid 6233] +++ exited with 0 +++ [pid 6226] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6226, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=34 /* 0.34 s */} --- [pid 5824] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./31/binderfs") = 0 [pid 5824] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6229] <... mount resumed>) = 0 [pid 6229] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6229] chdir("./bus") = 0 [pid 6229] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6229] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [ 209.886719][ T6229] F2FS-fs (loop0): Start checkpoint disabled! [ 209.922890][ T6229] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6229] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 1 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6229] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 1 [pid 6229] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... openat resumed>) = 5 [pid 6229] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6228] <... futex resumed>) = 0 [pid 6229] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6228] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6228] <... futex resumed>) = 0 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./31/bus") = 0 [ 210.028421][ T6132] kworker/u8:8: attempt to access beyond end of device [ 210.028421][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 210.066944][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 210.066976][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.066991][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 210.067024][ T6132] Call Trace: [ 210.067033][ T6132] [ 210.067041][ T6132] dump_stack_lvl+0x189/0x250 [ 210.067074][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.067102][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./31" [pid 6228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] <... rmdir resumed>) = 0 [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6228] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5824] mkdir("./32", 0777 [pid 6228] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6228] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6228] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5824] <... mkdir resumed>) = 0 [pid 6228] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6228] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6236 attached => {parent_tid=[6236]}, 88) = 6236 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], [pid 6236] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6236] <... rseq resumed>) = 0 [pid 6228] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] set_robust_list(0x7f836b53e9a0, 24 [pid 6228] <... futex resumed>) = 0 [pid 6236] <... set_robust_list resumed>) = 0 [pid 6228] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6236] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6236] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6236] <... futex resumed>) = 1 [pid 6228] <... futex resumed>) = 0 [pid 5824] <... openat resumed>) = 3 [pid 6228] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 6236] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5824] close(3 [pid 6228] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 210.067121][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 210.067147][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 210.067182][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 210.067219][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 210.067266][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 210.067302][ T6132] __submit_merged_write_cond+0x255/0x530 [ 210.067336][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 210.067364][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.067451][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 210.067495][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 210.067572][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 210.067617][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 210.067648][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 210.067682][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 210.067716][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 210.067755][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 210.067790][ T6132] do_writepages+0x3ae/0x7b0 [ 210.067830][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.067867][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 210.067908][ T6132] __writeback_single_inode+0x145/0xff0 [ 210.067938][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 210.067968][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 210.068021][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 210.068111][ T6132] ? rcu_is_watching+0x15/0xb0 [ 210.068154][ T6132] wb_writeback+0x43b/0xaf0 [ 210.068193][ T6132] ? queue_io+0x3a1/0x590 [ 210.068224][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 210.068263][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.068293][ T6132] wb_workfn+0x409/0xef0 [ 210.068334][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 210.068356][ T6132] ? register_lock_class+0x51/0x320 [ 210.068402][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.068443][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.068483][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.068506][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.068539][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.068574][ T6132] process_scheduled_works+0xadb/0x17a0 [pid 6228] exit_group(0) = ? [ 210.068640][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 210.068694][ T6132] worker_thread+0x8a0/0xda0 [ 210.068719][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 210.068753][ T6132] ? __kthread_parkme+0x7b/0x200 [ 210.068787][ T6132] kthread+0x70e/0x8a0 [ 210.068817][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 210.068837][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.068864][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.068889][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.068915][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.068944][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.068967][ T6132] ret_from_fork+0x4b/0x80 [ 210.068988][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.069014][ T6132] ret_from_fork_asm+0x1a/0x30 [ 210.069067][ T6132] [ 210.069077][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 210.480420][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 210.480455][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.480472][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 210.480507][ T6132] Call Trace: [ 210.480516][ T6132] [ 210.480526][ T6132] dump_stack_lvl+0x189/0x250 [ 210.480563][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.480602][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 210.480623][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 210.480650][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 210.480688][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 210.480727][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 210.480778][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 210.480820][ T6132] __submit_merged_write_cond+0x255/0x530 [ 210.480857][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 210.480889][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.480954][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 210.481002][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 210.481064][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 210.481110][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 210.481143][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 210.481178][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 210.481222][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 210.481262][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 210.481296][ T6132] do_writepages+0x3ae/0x7b0 [ 210.481336][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.481372][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 210.481435][ T6132] __writeback_single_inode+0x145/0xff0 [ 210.481471][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 210.481502][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 210.481561][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 210.481643][ T6132] ? rcu_is_watching+0x15/0xb0 [ 210.481687][ T6132] wb_writeback+0x43b/0xaf0 [ 210.481731][ T6132] ? queue_io+0x3a1/0x590 [ 210.481765][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 210.481805][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.481836][ T6132] wb_workfn+0x409/0xef0 [ 210.481877][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 210.481900][ T6132] ? register_lock_class+0x51/0x320 [ 210.481937][ T6132] ? __lock_acquire+0xaac/0xd20 [ 210.481978][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.482020][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.482043][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.482076][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 210.482113][ T6132] process_scheduled_works+0xadb/0x17a0 [ 210.482181][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 210.482236][ T6132] worker_thread+0x8a0/0xda0 [ 210.482260][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 210.482295][ T6132] ? __kthread_parkme+0x7b/0x200 [ 210.482330][ T6132] kthread+0x70e/0x8a0 [ 210.482359][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 210.482380][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.482408][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.482432][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.482457][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.482486][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.482510][ T6132] ret_from_fork+0x4b/0x80 [ 210.482531][ T6132] ? __pfx_kthread+0x10/0x10 [ 210.482556][ T6132] ret_from_fork_asm+0x1a/0x30 [ 210.482613][ T6132] [ 210.482623][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 executing program [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6239 ./strace-static-x86_64: Process 6239 attached [pid 6239] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6239] chdir("./32") = 0 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6239] setpgid(0, 0) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6239] write(3, "1000", 4) = 4 [pid 6239] close(3) = 0 [pid 6239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6239] write(1, "executing program\n", 18) = 18 [pid 6239] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6239] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6239] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6240]}, 88) = 6240 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6239] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6240 attached [pid 6240] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6240] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6236] <... ioctl resumed>) = ? [pid 6229] <... ioctl resumed>) = ? [pid 6236] +++ exited with 0 +++ [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=74 /* 0.74 s */} --- [pid 5823] umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./31/binderfs") = 0 [ 210.937522][ T6229] VFS:Filesystem freeze failed [pid 5823] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5823] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 6240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] close(4) = 0 [pid 5823] rmdir("./31/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./31") = 0 [pid 5823] mkdir("./32", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6241 ./strace-static-x86_64: Process 6241 attached [pid 6241] set_robust_list(0x55558e3aa6a0, 24 [pid 6240] <... write resumed>) = 20699119 [pid 6241] <... set_robust_list resumed>) = 0 [pid 6240] munmap(0x7f8363000000, 138412032 [pid 6241] chdir("./32" [pid 6240] <... munmap resumed>) = 0 [pid 6241] <... chdir resumed>) = 0 [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6241] setpgid(0, 0) = 0 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6240] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6241] <... openat resumed>) = 3 [pid 6240] <... openat resumed>) = 4 [pid 6241] write(3, "1000", 4) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3 [pid 6241] close(3) = 0 [pid 6240] <... ioctl resumed>) = 0 [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6240] mkdir("./bus", 0777) = 0 [pid 6240] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6241] write(1, "executing program\n", 18executing program ) = 18 [pid 6241] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6241] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6243 attached => {parent_tid=[6243]}, 88) = 6243 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6241] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6243] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6243] memfd_create("syzkaller", 0) = 3 [pid 6243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 211.899995][ T6240] loop1: detected capacity change from 0 to 40427 [ 211.932371][ T6240] F2FS-fs (loop1): invalid crc value [pid 6240] <... mount resumed>) = 0 [pid 6240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./bus") = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6240] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] <... futex resumed>) = 0 [pid 6240] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6239] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... openat resumed>) = 4 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 212.156717][ T6240] F2FS-fs (loop1): Start checkpoint disabled! [ 212.184986][ T6240] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6240] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6240] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] <... futex resumed>) = 0 [pid 6240] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6239] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6239] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6239] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6239] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6239] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6245]}, 88) = 6245 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6239] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6245 attached [ 212.279301][ T6238] kworker/u8:9: attempt to access beyond end of device [ 212.279301][ T6238] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 212.326327][ T6238] CPU: 0 UID: 0 PID: 6238 Comm: kworker/u8:9 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 212.326362][ T6238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.326379][ T6238] Workqueue: writeback wb_workfn (flush-7:1) [ 212.326418][ T6238] Call Trace: [ 212.326427][ T6238] [ 212.326437][ T6238] dump_stack_lvl+0x189/0x250 [ 212.326480][ T6238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.326508][ T6238] ? __pfx_queue_work_on+0x10/0x10 [pid 6245] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6245] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6245] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6245] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6245] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... futex resumed>) = 0 [pid 6239] <... futex resumed>) = 1 [pid 6245] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 212.326525][ T6238] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 212.326551][ T6238] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.326588][ T6238] f2fs_handle_critical_error+0x37c/0x540 [ 212.326625][ T6238] f2fs_write_end_io+0x4e2/0x6d0 [ 212.326674][ T6238] __submit_merged_bio+0x27a/0x6a0 [ 212.326709][ T6238] __submit_merged_write_cond+0x255/0x530 [ 212.326746][ T6238] f2fs_write_data_pages+0x2854/0x31f0 [ 212.326776][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.326841][ T6238] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 212.326890][ T6238] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 212.326949][ T6238] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 212.326994][ T6238] ? trace_f2fs_writepages+0x7f/0x200 [ 212.327027][ T6238] ? f2fs_write_node_pages+0x478/0x6e0 [ 212.327062][ T6238] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 212.327106][ T6238] ? has_not_enough_free_secs+0xd8b/0x1640 [ 212.327147][ T6238] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 212.327181][ T6238] do_writepages+0x3ae/0x7b0 [ 212.327221][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.327259][ T6238] ? __pfx_do_writepages+0x10/0x10 [ 212.327306][ T6238] __writeback_single_inode+0x145/0xff0 [ 212.327336][ T6238] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 212.327367][ T6238] writeback_sb_inodes+0x6b5/0x1000 [ 212.327427][ T6238] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 212.327513][ T6238] ? rcu_is_watching+0x15/0xb0 [ 212.327557][ T6238] wb_writeback+0x43b/0xaf0 [ 212.327596][ T6238] ? queue_io+0x3a1/0x590 [ 212.327629][ T6238] ? __pfx_wb_writeback+0x10/0x10 [ 212.327669][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.327700][ T6238] wb_workfn+0x409/0xef0 [ 212.327742][ T6238] ? __pfx_wb_workfn+0x10/0x10 [ 212.327763][ T6238] ? register_lock_class+0x51/0x320 [ 212.327801][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.327841][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.327883][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.327906][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.327939][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.327976][ T6238] process_scheduled_works+0xadb/0x17a0 [ 212.328044][ T6238] ? __pfx_process_scheduled_works+0x10/0x10 [ 212.328098][ T6238] worker_thread+0x8a0/0xda0 [ 212.328123][ T6238] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.328158][ T6238] ? __kthread_parkme+0x7b/0x200 [ 212.328192][ T6238] kthread+0x70e/0x8a0 [ 212.328222][ T6238] ? __pfx_worker_thread+0x10/0x10 [ 212.328242][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.328270][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.328294][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.328319][ T6238] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.328347][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.328371][ T6238] ret_from_fork+0x4b/0x80 [ 212.328392][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.328418][ T6238] ret_from_fork_asm+0x1a/0x30 [ 212.328476][ T6238] [pid 6239] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 212.836460][ T6238] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 212.843544][ T6238] CPU: 1 UID: 0 PID: 6238 Comm: kworker/u8:9 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 212.843575][ T6238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.843591][ T6238] Workqueue: writeback wb_workfn (flush-7:1) [ 212.843625][ T6238] Call Trace: [ 212.843634][ T6238] [ 212.843643][ T6238] dump_stack_lvl+0x189/0x250 [ 212.843679][ T6238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.843709][ T6238] ? __pfx_queue_work_on+0x10/0x10 [ 212.843727][ T6238] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 212.843753][ T6238] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.843790][ T6238] f2fs_handle_critical_error+0x37c/0x540 [ 212.843827][ T6238] f2fs_write_end_io+0x4e2/0x6d0 [ 212.843877][ T6238] __submit_merged_bio+0x27a/0x6a0 [ 212.843912][ T6238] __submit_merged_write_cond+0x255/0x530 [ 212.843948][ T6238] f2fs_write_data_pages+0x2854/0x31f0 [ 212.843997][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.844063][ T6238] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 212.844113][ T6238] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 212.844175][ T6238] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 212.844233][ T6238] ? trace_f2fs_writepages+0x7f/0x200 [ 212.844265][ T6238] ? f2fs_write_node_pages+0x478/0x6e0 [ 212.844299][ T6238] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 212.844333][ T6238] ? has_not_enough_free_secs+0xd8b/0x1640 [ 212.844373][ T6238] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 212.844406][ T6238] do_writepages+0x3ae/0x7b0 [ 212.844444][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.844479][ T6238] ? __pfx_do_writepages+0x10/0x10 [ 212.844532][ T6238] __writeback_single_inode+0x145/0xff0 [ 212.844561][ T6238] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 212.844590][ T6238] writeback_sb_inodes+0x6b5/0x1000 [ 212.844647][ T6238] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 212.844722][ T6238] ? rcu_is_watching+0x15/0xb0 [ 212.844764][ T6238] wb_writeback+0x43b/0xaf0 [ 212.844801][ T6238] ? queue_io+0x3a1/0x590 [ 212.844833][ T6238] ? __pfx_wb_writeback+0x10/0x10 [ 212.844871][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.844900][ T6238] wb_workfn+0x409/0xef0 [ 212.844940][ T6238] ? __pfx_wb_workfn+0x10/0x10 [ 212.844961][ T6238] ? register_lock_class+0x51/0x320 [ 212.844997][ T6238] ? __lock_acquire+0xaac/0xd20 [ 212.845036][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.845076][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.845099][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.845130][ T6238] ? process_scheduled_works+0x9ec/0x17a0 [ 212.845165][ T6238] process_scheduled_works+0xadb/0x17a0 [ 212.845230][ T6238] ? __pfx_process_scheduled_works+0x10/0x10 [ 212.845283][ T6238] worker_thread+0x8a0/0xda0 [ 212.845306][ T6238] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 212.845340][ T6238] ? __kthread_parkme+0x7b/0x200 [ 212.845373][ T6238] kthread+0x70e/0x8a0 [ 212.845401][ T6238] ? __pfx_worker_thread+0x10/0x10 [ 212.845421][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.845447][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.845471][ T6238] ? _raw_spin_unlock_irq+0x23/0x50 [ 212.845501][ T6238] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.845528][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.845551][ T6238] ret_from_fork+0x4b/0x80 [ 212.845571][ T6238] ? __pfx_kthread+0x10/0x10 [ 212.845595][ T6238] ret_from_fork_asm+0x1a/0x30 [ 212.845646][ T6238] [ 212.845654][ T6238] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6243] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6239] exit_group(0) = ? [pid 6245] <... ioctl resumed>) = ? [pid 6245] +++ exited with 0 +++ [pid 6240] <... ioctl resumed>) = ? [pid 6240] +++ exited with 0 +++ [pid 6239] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=32 /* 0.32 s */} --- [ 213.446494][ T6240] VFS:Filesystem freeze failed [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./32/binderfs") = 0 [pid 5824] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6243] <... write resumed>) = 20699119 [pid 6243] munmap(0x7f8363000000, 138412032) = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6243] close(3) = 0 [pid 6243] close(4) = 0 [ 213.549256][ T6243] loop0: detected capacity change from 0 to 40427 [pid 6243] mkdir("./bus", 0777) = 0 [ 213.620562][ T6243] F2FS-fs (loop0): invalid crc value [pid 6243] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6243] chdir("./bus") = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6243] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... futex resumed>) = 1 [pid 6243] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6243] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... futex resumed>) = 1 [pid 6243] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5824] <... umount2 resumed>) = 0 [pid 6243] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6243] <... futex resumed>) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] newfstatat(AT_FDCWD, "./32/bus", [pid 6243] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 213.837066][ T6243] F2FS-fs (loop0): Start checkpoint disabled! [ 213.855770][ T6243] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 5824] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./32/bus") = 0 [ 213.897210][ T36] kworker/u8:2: attempt to access beyond end of device [ 213.897210][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 213.927464][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 213.927499][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.927515][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 213.927549][ T36] Call Trace: [ 213.927559][ T36] [ 213.927569][ T36] dump_stack_lvl+0x189/0x250 [ 213.927607][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.927639][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 213.927660][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 213.927687][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 213.927728][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 213.927769][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 213.927825][ T36] __submit_merged_bio+0x27a/0x6a0 [ 213.927864][ T36] __submit_merged_write_cond+0x255/0x530 [ 213.927905][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 213.927937][ T36] ? __lock_acquire+0xaac/0xd20 [ 213.928012][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.928065][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 213.928136][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 213.928193][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 213.928226][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 213.928265][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 213.928302][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 213.928345][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.928379][ T36] do_writepages+0x3ae/0x7b0 [ 213.928421][ T36] ? __lock_acquire+0xaac/0xd20 [ 213.928462][ T36] ? __pfx_do_writepages+0x10/0x10 [ 213.928514][ T36] __writeback_single_inode+0x145/0xff0 [ 213.928545][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 213.928578][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 213.928645][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 213.928733][ T36] ? rcu_is_watching+0x15/0xb0 [ 213.928780][ T36] wb_writeback+0x43b/0xaf0 [ 213.928822][ T36] ? queue_io+0x3a1/0x590 [ 213.928857][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 213.928900][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 213.928933][ T36] wb_workfn+0x409/0xef0 [ 213.928980][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 213.929002][ T36] ? register_lock_class+0x51/0x320 [pid 6241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] getdents64(3, [pid 6241] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 6241] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE [pid 5824] close(3 [pid 6241] <... mprotect resumed>) = 0 [pid 5824] <... close resumed>) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5824] rmdir("./32" [pid 6241] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5824] <... rmdir resumed>) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 5824] mkdir("./33", 0777) = 0 [pid 6241] <... clone3 resumed> => {parent_tid=[6248]}, 88) = 6248 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] <... openat resumed>) = 3 [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] ioctl(3, LOOP_CLR_FD [pid 6241] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... ioctl resumed>) = 0 [pid 6241] <... futex resumed>) = 0 [pid 5824] close(3 [pid 6241] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6241] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6241] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6249]}, 88) = 6249 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6241] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.929042][ T36] ? __lock_acquire+0xaac/0xd20 [ 213.929086][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 213.929130][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 213.929160][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 213.929193][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 213.929231][ T36] process_scheduled_works+0xadb/0x17a0 [ 213.929307][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 213.929367][ T36] worker_thread+0x8a0/0xda0 [ 213.929392][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6241] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 213.929430][ T36] ? __kthread_parkme+0x7b/0x200 [ 213.929468][ T36] kthread+0x70e/0x8a0 [ 213.929499][ T36] ? __pfx_worker_thread+0x10/0x10 [ 213.929520][ T36] ? __pfx_kthread+0x10/0x10 [ 213.929548][ T36] ? __pfx_kthread+0x10/0x10 [ 213.929573][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 213.929598][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.929627][ T36] ? __pfx_kthread+0x10/0x10 [ 213.929652][ T36] ret_from_fork+0x4b/0x80 [ 213.929674][ T36] ? __pfx_kthread+0x10/0x10 ./strace-static-x86_64: Process 6249 attached ./strace-static-x86_64: Process 6248 attached [pid 6249] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6248] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6249] <... rseq resumed>) = 0 [pid 6248] <... rseq resumed>) = 0 [pid 6249] set_robust_list(0x7f836b51d9a0, 24 [pid 6248] set_robust_list(0x7f836b53e9a0, 24 [pid 6249] <... set_robust_list resumed>) = 0 [pid 6248] <... set_robust_list resumed>) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], [pid 6248] rt_sigprocmask(SIG_SETMASK, [], [pid 6249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6249] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6248] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6248] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.929700][ T36] ret_from_fork_asm+0x1a/0x30 [ 213.929757][ T36] [ 213.929767][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 214.358458][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 214.358494][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.358510][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 214.358546][ T36] Call Trace: [ 214.358555][ T36] [ 214.358565][ T36] dump_stack_lvl+0x189/0x250 [ 214.358601][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.358632][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 214.358652][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 214.358677][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 214.358715][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 214.358754][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 214.358804][ T36] __submit_merged_bio+0x27a/0x6a0 [ 214.358842][ T36] __submit_merged_write_cond+0x255/0x530 [ 214.358880][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 214.358912][ T36] ? __lock_acquire+0xaac/0xd20 [ 214.358979][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6248] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... close resumed>) = 0 [ 214.359028][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 214.359091][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 214.359138][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 214.359171][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 214.359206][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 214.359241][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 214.359282][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 214.359317][ T36] do_writepages+0x3ae/0x7b0 [ 214.359363][ T36] ? __lock_acquire+0xaac/0xd20 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6250 attached [pid 6250] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6250 [pid 6250] <... set_robust_list resumed>) = 0 [ 214.359401][ T36] ? __pfx_do_writepages+0x10/0x10 [ 214.359454][ T36] __writeback_single_inode+0x145/0xff0 [ 214.359484][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 214.359515][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 214.359575][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 214.359651][ T36] ? rcu_is_watching+0x15/0xb0 [ 214.359696][ T36] wb_writeback+0x43b/0xaf0 [ 214.359735][ T36] ? queue_io+0x3a1/0x590 [ 214.359769][ T36] ? __pfx_wb_writeback+0x10/0x10 [pid 6250] chdir("./33") = 0 [pid 6250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6250] setpgid(0, 0) = 0 [pid 6250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6250] write(3, "1000", 4) = 4 [pid 6250] close(3) = 0 [pid 6250] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6250] write(1, "executing program\n", 18) = 18 [pid 6250] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6250] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6251 attached => {parent_tid=[6251]}, 88) = 6251 [pid 6251] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], [pid 6251] set_robust_list(0x7f836b55f9a0, 24 [pid 6250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6251] <... set_robust_list resumed>) = 0 [pid 6250] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], [pid 6250] <... futex resumed>) = 0 [pid 6251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6250] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6251] memfd_create("syzkaller", 0) = 3 [pid 6251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6241] exit_group(0 [pid 6248] <... futex resumed>) = ? [pid 6241] <... exit_group resumed>) = ? [pid 6248] +++ exited with 0 +++ [ 214.359809][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 214.359840][ T36] wb_workfn+0x409/0xef0 [ 214.359882][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 214.359904][ T36] ? register_lock_class+0x51/0x320 [ 214.359942][ T36] ? __lock_acquire+0xaac/0xd20 [ 214.359994][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 214.360034][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 214.360056][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 214.360088][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 214.360141][ T36] process_scheduled_works+0xadb/0x17a0 [ 214.360209][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 214.360263][ T36] worker_thread+0x8a0/0xda0 [ 214.360288][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 214.360324][ T36] ? __kthread_parkme+0x7b/0x200 [ 214.360364][ T36] kthread+0x70e/0x8a0 [ 214.360394][ T36] ? __pfx_worker_thread+0x10/0x10 [ 214.360418][ T36] ? __pfx_kthread+0x10/0x10 [ 214.360446][ T36] ? __pfx_kthread+0x10/0x10 [ 214.360470][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 214.360494][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.360522][ T36] ? __pfx_kthread+0x10/0x10 [ 214.360547][ T36] ret_from_fork+0x4b/0x80 [ 214.360569][ T36] ? __pfx_kthread+0x10/0x10 [ 214.360594][ T36] ret_from_fork_asm+0x1a/0x30 [ 214.360647][ T36] [ 214.417469][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6249] <... ioctl resumed>) = ? [pid 6243] <... ioctl resumed>) = ? [pid 6249] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ [pid 6241] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6241, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=35 /* 0.35 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./32/binderfs") = 0 [ 214.813167][ T6243] VFS:Filesystem freeze failed [pid 5823] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./32/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./32") = 0 [pid 5823] mkdir("./33", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6251] <... write resumed>) = 20699119 [pid 6251] munmap(0x7f8363000000, 138412032) = 0 [pid 6251] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6251] close(3) = 0 [pid 6251] close(4) = 0 [pid 6251] mkdir("./bus", 0777) = 0 [ 215.502950][ T6251] loop1: detected capacity change from 0 to 40427 [pid 6251] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6253 attached , child_tidptr=0x55558e3aa690) = 6253 [ 215.556555][ T6251] F2FS-fs (loop1): invalid crc value [pid 6253] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6253] chdir("./33") = 0 [pid 6253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6253] setpgid(0, 0) = 0 [pid 6253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6253] write(3, "1000", 4) = 4 [pid 6253] close(3) = 0 [pid 6253] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6253] write(1, "executing program\n", 18) = 18 [pid 6253] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6253] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6254 attached [pid 6254] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6253] <... clone3 resumed> => {parent_tid=[6254]}, 88) = 6254 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6254] <... rseq resumed>) = 0 [pid 6254] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6254] memfd_create("syzkaller", 0) = 3 [pid 6254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6251] <... mount resumed>) = 0 [pid 6251] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6251] chdir("./bus") = 0 [pid 6251] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6251] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6251] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6250] <... futex resumed>) = 0 [pid 6250] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6250] <... futex resumed>) = 1 [pid 6251] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6250] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6251] <... openat resumed>) = 4 [pid 6251] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6251] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6250] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... openat resumed>) = 5 [pid 6250] <... futex resumed>) = 0 [pid 6250] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6251] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6250] <... futex resumed>) = 0 [pid 6251] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6250] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 215.822750][ T6251] F2FS-fs (loop1): Start checkpoint disabled! [ 215.842753][ T6251] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6250] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6250] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6250] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6256 attached => {parent_tid=[6256]}, 88) = 6256 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6250] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6256] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 215.907549][ T6132] kworker/u8:8: attempt to access beyond end of device [ 215.907549][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6256] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6256] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6250] <... futex resumed>) = 0 [pid 6250] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6250] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... futex resumed>) = 1 [ 215.956549][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 215.956582][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.956598][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 215.956634][ T6132] Call Trace: [ 215.956643][ T6132] [ 215.956654][ T6132] dump_stack_lvl+0x189/0x250 [ 215.956691][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.956722][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 6256] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6250] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6250] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 215.956742][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 215.956768][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 215.956806][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 215.956845][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 215.956896][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 215.956934][ T6132] __submit_merged_write_cond+0x255/0x530 [ 215.956973][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 215.957042][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 215.957073][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 215.957154][ T6132] ? __lock_acquire+0xaac/0xd20 [ 215.957214][ T6132] ? __switch_to+0xd70/0x1600 [ 215.957276][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 215.957311][ T6132] do_writepages+0x3ae/0x7b0 [ 215.957362][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 215.957409][ T6132] __writeback_single_inode+0x145/0xff0 [ 215.957441][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 215.957472][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 215.957531][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 215.957608][ T6132] ? rcu_is_watching+0x15/0xb0 [ 215.957652][ T6132] wb_writeback+0x43b/0xaf0 [ 215.957692][ T6132] ? queue_io+0x3a1/0x590 [ 215.957724][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 215.957764][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 215.957796][ T6132] wb_workfn+0x409/0xef0 [ 215.957838][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 215.957861][ T6132] ? register_lock_class+0x51/0x320 [ 215.957898][ T6132] ? __lock_acquire+0xaac/0xd20 [ 215.957939][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 215.957982][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 215.958005][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 215.958038][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 215.958074][ T6132] process_scheduled_works+0xadb/0x17a0 [ 215.958141][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 215.958195][ T6132] worker_thread+0x8a0/0xda0 [ 215.958220][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 215.958266][ T6132] ? __kthread_parkme+0x7b/0x200 [ 215.958301][ T6132] kthread+0x70e/0x8a0 [ 215.958330][ T6132] ? __pfx_worker_thread+0x10/0x10 [pid 6250] exit_group(0) = ? [ 215.958351][ T6132] ? __pfx_kthread+0x10/0x10 [ 215.958377][ T6132] ? __pfx_kthread+0x10/0x10 [ 215.958401][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 215.958424][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 215.958451][ T6132] ? __pfx_kthread+0x10/0x10 [ 215.958474][ T6132] ret_from_fork+0x4b/0x80 [ 215.958495][ T6132] ? __pfx_kthread+0x10/0x10 [ 215.958518][ T6132] ret_from_fork_asm+0x1a/0x30 [ 215.958569][ T6132] [ 215.958581][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 216.326468][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 216.326503][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.326518][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 216.326552][ T6132] Call Trace: [ 216.326561][ T6132] [ 216.326570][ T6132] dump_stack_lvl+0x189/0x250 [ 216.326606][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.326635][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 216.326654][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 216.326681][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 216.326718][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 216.326758][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 216.326808][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 216.326845][ T6132] __submit_merged_write_cond+0x255/0x530 [ 216.326884][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 216.326956][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.326987][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 216.327064][ T6132] ? __lock_acquire+0xaac/0xd20 [ 216.327125][ T6132] ? __switch_to+0xd70/0x1600 [ 216.327177][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.327211][ T6132] do_writepages+0x3ae/0x7b0 [ 216.327268][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 216.327315][ T6132] __writeback_single_inode+0x145/0xff0 [ 216.327346][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 216.327376][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 216.327436][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 216.327513][ T6132] ? rcu_is_watching+0x15/0xb0 [ 216.327556][ T6132] wb_writeback+0x43b/0xaf0 [ 216.327595][ T6132] ? queue_io+0x3a1/0x590 [ 216.327628][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 216.327667][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 216.327698][ T6132] wb_workfn+0x409/0xef0 [ 216.327740][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 216.327762][ T6132] ? register_lock_class+0x51/0x320 [ 216.327798][ T6132] ? __lock_acquire+0xaac/0xd20 [ 216.327839][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 216.327880][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 216.327903][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 216.327936][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 216.327972][ T6132] process_scheduled_works+0xadb/0x17a0 [ 216.328040][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 216.328094][ T6132] worker_thread+0x8a0/0xda0 [ 216.328119][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 216.328154][ T6132] ? __kthread_parkme+0x7b/0x200 [ 216.328188][ T6132] kthread+0x70e/0x8a0 [ 216.328217][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 216.328238][ T6132] ? __pfx_kthread+0x10/0x10 [ 216.328272][ T6132] ? __pfx_kthread+0x10/0x10 [ 216.328297][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 216.328322][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.328349][ T6132] ? __pfx_kthread+0x10/0x10 [ 216.328374][ T6132] ret_from_fork+0x4b/0x80 [ 216.328395][ T6132] ? __pfx_kthread+0x10/0x10 [ 216.328420][ T6132] ret_from_fork_asm+0x1a/0x30 [ 216.328472][ T6132] [ 216.328696][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 6254] munmap(0x7f8363000000, 138412032) = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6254] ioctl(4, LOOP_SET_FD, 3 [pid 6256] <... ioctl resumed>) = ? [pid 6251] <... ioctl resumed>) = ? [pid 6256] +++ exited with 0 +++ [pid 6254] <... ioctl resumed>) = 0 [pid 6251] +++ exited with 0 +++ [pid 6250] +++ exited with 0 +++ [pid 6254] close(3 [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6250, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=38 /* 0.38 s */} --- [pid 6254] <... close resumed>) = 0 [pid 6254] close(4) = 0 [pid 5824] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6254] mkdir("./bus", 0777) = 0 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6254] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 216.818319][ T6251] VFS:Filesystem freeze failed [ 216.818496][ T6254] loop0: detected capacity change from 0 to 40427 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./33/binderfs") = 0 [ 216.862397][ T6254] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6254] <... mount resumed>) = 0 [pid 6254] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6254] chdir("./bus") = 0 [pid 6254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6254] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] <... futex resumed>) = 0 [pid 6253] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6254] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6254] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] <... futex resumed>) = 0 [pid 6253] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6254] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6254] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6253] <... futex resumed>) = 0 [pid 6254] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6253] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 217.094223][ T6254] F2FS-fs (loop0): Start checkpoint disabled! [ 217.113594][ T6254] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 217.169779][ T6132] kworker/u8:8: attempt to access beyond end of device [ 217.169779][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 217.207913][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 217.207965][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.207982][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 217.208018][ T6132] Call Trace: [ 217.208027][ T6132] [ 217.208037][ T6132] dump_stack_lvl+0x189/0x250 [ 217.208074][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.208115][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 217.208134][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 217.208160][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.208197][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 217.208236][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 217.208286][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 217.208322][ T6132] __submit_merged_write_cond+0x255/0x530 [ 217.208358][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 217.208427][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.208457][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 217.208542][ T6132] ? __lock_acquire+0xaac/0xd20 [ 217.208634][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.208669][ T6132] do_writepages+0x3ae/0x7b0 [ 217.208719][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 217.208766][ T6132] __writeback_single_inode+0x145/0xff0 [ 217.208796][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 217.208827][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 217.208928][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 217.209004][ T6132] ? rcu_is_watching+0x15/0xb0 [ 217.209049][ T6132] wb_writeback+0x43b/0xaf0 [ 217.209087][ T6132] ? queue_io+0x3a1/0x590 [ 217.209120][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 217.209159][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.209190][ T6132] wb_workfn+0x409/0xef0 [ 217.209232][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 217.209255][ T6132] ? register_lock_class+0x51/0x320 [ 217.209292][ T6132] ? __lock_acquire+0xaac/0xd20 [ 217.209332][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.209374][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.209398][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.209430][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.209467][ T6132] process_scheduled_works+0xadb/0x17a0 [ 217.209547][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 217.209600][ T6132] worker_thread+0x8a0/0xda0 [ 217.209624][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.209658][ T6132] ? __kthread_parkme+0x7b/0x200 [ 217.209690][ T6132] kthread+0x70e/0x8a0 [ 217.209719][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 217.209738][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.209765][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.209789][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [pid 6253] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6253] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6253] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6259]}, 88) = 6259 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6253] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6253] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6253] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6260]}, 88) = 6260 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6253] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6253] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6260 attached [pid 6260] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6260] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6260] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0./strace-static-x86_64: Process 6259 attached [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6259] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 5824] <... openat resumed>) = 4 [ 217.209812][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.209839][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.209863][ T6132] ret_from_fork+0x4b/0x80 [ 217.209889][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.209914][ T6132] ret_from_fork_asm+0x1a/0x30 [ 217.209965][ T6132] [ 217.209974][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, [pid 6253] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] <... getdents64 resumed>0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./33/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./33") = 0 [pid 5824] mkdir("./34", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 217.535778][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 217.535809][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.535825][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 217.535860][ T6132] Call Trace: [ 217.535882][ T6132] [ 217.535893][ T6132] dump_stack_lvl+0x189/0x250 [ 217.535932][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.535975][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 217.535994][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 217.536020][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.536060][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 217.536099][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 217.536153][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 217.536191][ T6132] __submit_merged_write_cond+0x255/0x530 [ 217.536229][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 217.536304][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.536334][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 217.536432][ T6132] ? __lock_acquire+0xaac/0xd20 [ 217.536516][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 217.536550][ T6132] do_writepages+0x3ae/0x7b0 [ 217.536603][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 217.536654][ T6132] __writeback_single_inode+0x145/0xff0 [ 217.536683][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 217.536715][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 217.536780][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 217.536862][ T6132] ? rcu_is_watching+0x15/0xb0 [ 217.536919][ T6132] wb_writeback+0x43b/0xaf0 [ 217.536959][ T6132] ? queue_io+0x3a1/0x590 [ 217.536992][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 217.537033][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.537066][ T6132] wb_workfn+0x409/0xef0 [ 217.537111][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 217.537133][ T6132] ? register_lock_class+0x51/0x320 [ 217.537170][ T6132] ? __lock_acquire+0xaac/0xd20 [ 217.537212][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.537255][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.537278][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.537309][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 217.537345][ T6132] process_scheduled_works+0xadb/0x17a0 [ 217.537419][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 217.537474][ T6132] worker_thread+0x8a0/0xda0 [ 217.537500][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.537537][ T6132] ? __kthread_parkme+0x7b/0x200 [ 217.537572][ T6132] kthread+0x70e/0x8a0 [ 217.537602][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 217.537623][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.537650][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.537675][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.537699][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.537727][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.537750][ T6132] ret_from_fork+0x4b/0x80 [ 217.537773][ T6132] ? __pfx_kthread+0x10/0x10 [ 217.537800][ T6132] ret_from_fork_asm+0x1a/0x30 [ 217.537856][ T6132] [pid 5824] close(3 [pid 6259] <... rseq resumed>) = 0 [pid 6259] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6259] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6259] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.026462][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6259] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6254] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6260] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... close resumed>) = 0 [pid 6260] <... futex resumed>) = 0 [pid 6253] exit_group(0 [pid 6259] <... futex resumed>) = ? [pid 6254] <... futex resumed>) = ? [pid 6253] <... exit_group resumed>) = ? [pid 6260] +++ exited with 0 +++ [pid 6259] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ [pid 6253] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6253, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=35 /* 0.35 s */} --- [pid 5823] umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 218.147320][ T6254] VFS:Filesystem freeze failed [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./33/binderfs") = 0 [pid 5823] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6261 attached , child_tidptr=0x55558e3aa690) = 6261 [pid 6261] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6261] chdir("./34") = 0 [pid 6261] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6261] setpgid(0, 0) = 0 [pid 6261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6261] write(3, "1000", 4) = 4 [pid 6261] close(3) = 0 [pid 6261] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6261] write(1, "executing program\n", 18) = 18 [pid 6261] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6261] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6261] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6262 attached => {parent_tid=[6262]}, 88) = 6262 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], [pid 6262] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6262] set_robust_list(0x7f836b55f9a0, 24 [pid 6261] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... set_robust_list resumed>) = 0 [pid 6261] <... futex resumed>) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6262] memfd_create("syzkaller", 0) = 3 [pid 6262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./33/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./33") = 0 [pid 5823] mkdir("./34", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6263 ./strace-static-x86_64: Process 6263 attached [pid 6263] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6263] chdir("./34") = 0 [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6263] setpgid(0, 0) = 0 [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6263] write(3, "1000", 4) = 4 [pid 6263] close(3) = 0 [pid 6263] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6263] write(1, "executing program\n", 18) = 18 [pid 6263] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6263] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6264 attached => {parent_tid=[6264]}, 88) = 6264 [pid 6264] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6264] <... rseq resumed>) = 0 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] set_robust_list(0x7f836b55f9a0, 24 [pid 6263] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... set_robust_list resumed>) = 0 [pid 6263] <... futex resumed>) = 0 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] memfd_create("syzkaller", 0) = 3 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6262] <... write resumed>) = 20699119 [pid 6262] munmap(0x7f8363000000, 138412032) = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6262] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6262] close(3) = 0 [pid 6262] close(4) = 0 [pid 6262] mkdir("./bus", 0777) = 0 [ 219.153017][ T6262] loop1: detected capacity change from 0 to 40427 [ 219.206909][ T6262] F2FS-fs (loop1): invalid crc value [pid 6262] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6262] <... mount resumed>) = 0 [pid 6262] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6262] chdir("./bus") = 0 [pid 6262] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6262] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6262] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 219.460403][ T6262] F2FS-fs (loop1): Start checkpoint disabled! [ 219.478239][ T6262] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6261] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6262] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6262] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6261] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6262] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6261] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... openat resumed>) = 5 [pid 6262] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6262] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6261] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6261] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6261] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6261] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6261] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6267]}, 88) = 6267 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6261] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 219.550599][ T12] kworker/u8:0: attempt to access beyond end of device [ 219.550599][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 219.596534][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 219.596568][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.596583][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 219.596617][ T12] Call Trace: [ 219.596626][ T12] [ 219.596637][ T12] dump_stack_lvl+0x189/0x250 [ 219.596673][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.596704][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 219.596724][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 219.596750][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.596803][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 219.596843][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 219.596897][ T12] __submit_merged_bio+0x27a/0x6a0 [ 219.596935][ T12] __submit_merged_write_cond+0x255/0x530 [ 219.596974][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 219.597004][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.597085][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 219.597136][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 219.597157][ T12] ? __switch_to+0xd70/0x1600 [ 219.597235][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 219.597284][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 219.597317][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 219.597353][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 219.597389][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 219.597431][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 219.597464][ T12] do_writepages+0x3ae/0x7b0 [pid 6261] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6267 attached [pid 6267] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6267] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6267] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6267] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 219.597524][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.597565][ T12] ? __pfx_do_writepages+0x10/0x10 [ 219.597618][ T12] __writeback_single_inode+0x145/0xff0 [ 219.597648][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 219.597681][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 219.597748][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 219.597837][ T12] ? rcu_is_watching+0x15/0xb0 [ 219.597884][ T12] wb_writeback+0x43b/0xaf0 [ 219.597925][ T12] ? queue_io+0x3a1/0x590 [ 219.597960][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 219.598003][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.598042][ T12] wb_workfn+0x409/0xef0 [ 219.598089][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 219.598111][ T12] ? register_lock_class+0x51/0x320 [ 219.598150][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.598194][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.598243][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.598267][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.598300][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.598348][ T12] process_scheduled_works+0xadb/0x17a0 [ 219.598422][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 219.598480][ T12] worker_thread+0x8a0/0xda0 [ 219.598538][ T12] kthread+0x70e/0x8a0 [ 219.598586][ T12] ? __pfx_worker_thread+0x10/0x10 [ 219.598607][ T12] ? __pfx_kthread+0x10/0x10 [ 219.598635][ T12] ? __pfx_kthread+0x10/0x10 [ 219.598660][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.598685][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.598714][ T12] ? __pfx_kthread+0x10/0x10 [pid 6267] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6261] <... futex resumed>) = 0 [pid 6261] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6261] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 219.598739][ T12] ret_from_fork+0x4b/0x80 [ 219.598760][ T12] ? __pfx_kthread+0x10/0x10 [ 219.598786][ T12] ret_from_fork_asm+0x1a/0x30 [ 219.598844][ T12] [ 219.604271][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 219.927024][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 219.927056][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [pid 6267] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6261] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 219.927072][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 219.927105][ T12] Call Trace: [ 219.927114][ T12] [ 219.927124][ T12] dump_stack_lvl+0x189/0x250 [ 219.927161][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.927192][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 219.927212][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 219.927238][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 219.927277][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 219.927318][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 219.927371][ T12] __submit_merged_bio+0x27a/0x6a0 [ 219.927410][ T12] __submit_merged_write_cond+0x255/0x530 [ 219.927448][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 219.927479][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.927551][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 219.927602][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 219.927623][ T12] ? __switch_to+0xd70/0x1600 [ 219.927698][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 219.927746][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 219.927779][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 219.927815][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 219.927850][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 219.927892][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 219.927925][ T12] do_writepages+0x3ae/0x7b0 [ 219.927966][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.928016][ T12] ? __pfx_do_writepages+0x10/0x10 [ 219.928067][ T12] __writeback_single_inode+0x145/0xff0 [ 219.928097][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [pid 6261] exit_group(0) = ? [ 219.928128][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 219.928190][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 219.928273][ T12] ? rcu_is_watching+0x15/0xb0 [ 219.928320][ T12] wb_writeback+0x43b/0xaf0 [ 219.928361][ T12] ? queue_io+0x3a1/0x590 [ 219.928395][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 219.928437][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.928469][ T12] wb_workfn+0x409/0xef0 [ 219.928515][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 219.928536][ T12] ? register_lock_class+0x51/0x320 [ 219.928574][ T12] ? __lock_acquire+0xaac/0xd20 [ 219.928616][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.928659][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.928682][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.928714][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 219.928751][ T12] process_scheduled_works+0xadb/0x17a0 [ 219.928824][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 219.928881][ T12] worker_thread+0x8a0/0xda0 [ 219.928940][ T12] kthread+0x70e/0x8a0 [ 219.928970][ T12] ? __pfx_worker_thread+0x10/0x10 [pid 6264] <... write resumed>) = 20699119 [ 219.928998][ T12] ? __pfx_kthread+0x10/0x10 [ 219.929026][ T12] ? __pfx_kthread+0x10/0x10 [ 219.929050][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.929074][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.929102][ T12] ? __pfx_kthread+0x10/0x10 [ 219.929126][ T12] ret_from_fork+0x4b/0x80 [ 219.929147][ T12] ? __pfx_kthread+0x10/0x10 [ 219.929173][ T12] ret_from_fork_asm+0x1a/0x30 [ 219.929228][ T12] [ 219.931019][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6264] munmap(0x7f8363000000, 138412032) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6264] close(3) = 0 [pid 6264] close(4) = 0 [pid 6264] mkdir("./bus", 0777) = 0 [ 220.308867][ T6264] loop0: detected capacity change from 0 to 40427 [ 220.333404][ T6264] F2FS-fs (loop0): invalid crc value [pid 6264] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6267] <... ioctl resumed>) = ? [pid 6267] +++ exited with 0 +++ [pid 6262] <... ioctl resumed>) = ? [pid 6262] +++ exited with 0 +++ [pid 6261] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6261, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=34 /* 0.34 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./34/binderfs") = 0 [ 220.586881][ T6262] VFS:Filesystem freeze failed [ 220.677949][ T6264] F2FS-fs (loop0): Start checkpoint disabled! [pid 5824] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6264] <... mount resumed>) = 0 [pid 6264] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6264] chdir("./bus") = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6264] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6264] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6263] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... openat resumed>) = 4 [pid 6264] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6263] <... futex resumed>) = 0 [pid 6264] <... openat resumed>) = 5 [pid 6263] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6263] <... futex resumed>) = 0 [ 220.727307][ T6264] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6263] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6263] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [ 220.778387][ T12] kworker/u8:0: attempt to access beyond end of device [ 220.778387][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6270]}, 88) = 6270 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6263] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 220.828563][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 220.828597][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 220.828625][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 220.828659][ T12] Call Trace: [ 220.828669][ T12] [ 220.828679][ T12] dump_stack_lvl+0x189/0x250 [ 220.828715][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [pid 6263] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6263] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6271]}, 88) = 6271 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6263] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6271 attached [pid 6271] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6271] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 220.828747][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 220.828766][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 220.828792][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 220.828832][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 220.828871][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 220.828925][ T12] __submit_merged_bio+0x27a/0x6a0 [ 220.828963][ T12] __submit_merged_write_cond+0x255/0x530 [ 220.829002][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 220.829033][ T12] ? __lock_acquire+0xaac/0xd20 [pid 6271] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 220.829105][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 220.829156][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 220.829225][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 220.829273][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 220.829306][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 220.829342][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 220.829378][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 220.829420][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 220.829453][ T12] do_writepages+0x3ae/0x7b0 [ 220.829493][ T12] ? __lock_acquire+0xaac/0xd20 [ 220.829532][ T12] ? __pfx_do_writepages+0x10/0x10 [ 220.829582][ T12] __writeback_single_inode+0x145/0xff0 [ 220.829620][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 220.829651][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 220.829716][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 220.829797][ T12] ? rcu_is_watching+0x15/0xb0 [ 220.829842][ T12] wb_writeback+0x43b/0xaf0 [ 220.829884][ T12] ? queue_io+0x3a1/0x590 [ 220.829918][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 220.829960][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.829992][ T12] wb_workfn+0x409/0xef0 [ 220.830038][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 220.830059][ T12] ? register_lock_class+0x51/0x320 [ 220.830097][ T12] ? __lock_acquire+0xaac/0xd20 [ 220.830140][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 220.830182][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.830205][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 220.830238][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 220.830274][ T12] process_scheduled_works+0xadb/0x17a0 [ 220.830349][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 220.830406][ T12] worker_thread+0x8a0/0xda0 [ 220.830488][ T12] kthread+0x70e/0x8a0 [ 220.830519][ T12] ? __pfx_worker_thread+0x10/0x10 [ 220.830540][ T12] ? __pfx_kthread+0x10/0x10 [ 220.830568][ T12] ? __pfx_kthread+0x10/0x10 [ 220.830593][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 220.830624][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 220.830652][ T12] ? __pfx_kthread+0x10/0x10 [ 220.830677][ T12] ret_from_fork+0x4b/0x80 ./strace-static-x86_64: Process 6270 attached [pid 6270] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6263] exit_group(0) = ? [ 220.830699][ T12] ? __pfx_kthread+0x10/0x10 [ 220.830724][ T12] ret_from_fork_asm+0x1a/0x30 [ 220.830779][ T12] [ 220.832885][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 221.152782][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 221.152810][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.152824][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 221.152855][ T12] Call Trace: [ 221.152865][ T12] [ 221.152876][ T12] dump_stack_lvl+0x189/0x250 [ 221.152910][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.152939][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 221.152958][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 221.153001][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 221.153038][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 221.153078][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 221.153130][ T12] __submit_merged_bio+0x27a/0x6a0 [ 221.153168][ T12] __submit_merged_write_cond+0x255/0x530 [ 221.153206][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 221.153237][ T12] ? __lock_acquire+0xaac/0xd20 [ 221.153310][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 221.153357][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 221.153412][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 221.153450][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 221.153476][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 221.153506][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 221.153534][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 221.153568][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 221.153595][ T12] do_writepages+0x3ae/0x7b0 [ 221.153640][ T12] ? __lock_acquire+0xaac/0xd20 [ 221.153671][ T12] ? __pfx_do_writepages+0x10/0x10 [ 221.153718][ T12] __writeback_single_inode+0x145/0xff0 [ 221.153743][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 221.153768][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 221.153820][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 221.153888][ T12] ? rcu_is_watching+0x15/0xb0 [ 221.153925][ T12] wb_writeback+0x43b/0xaf0 [ 221.153958][ T12] ? queue_io+0x3a1/0x590 [ 221.153985][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 221.154018][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 221.154044][ T12] wb_workfn+0x409/0xef0 [ 221.154080][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 221.154097][ T12] ? register_lock_class+0x51/0x320 [ 221.154128][ T12] ? __lock_acquire+0xaac/0xd20 [ 221.154162][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 221.154196][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 221.154215][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 221.154242][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 221.154271][ T12] process_scheduled_works+0xadb/0x17a0 [ 221.154330][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 221.154377][ T12] worker_thread+0x8a0/0xda0 [ 221.154423][ T12] kthread+0x70e/0x8a0 [ 221.154448][ T12] ? __pfx_worker_thread+0x10/0x10 [ 221.154464][ T12] ? __pfx_kthread+0x10/0x10 [ 221.154486][ T12] ? __pfx_kthread+0x10/0x10 [pid 6270] <... rseq resumed>) = ? [pid 6270] +++ exited with 0 +++ [pid 6271] <... ioctl resumed>) = ? [pid 6264] <... ioctl resumed>) = ? [pid 6271] +++ exited with 0 +++ [ 221.154506][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 221.154525][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.154548][ T12] ? __pfx_kthread+0x10/0x10 [ 221.154568][ T12] ret_from_fork+0x4b/0x80 [ 221.154585][ T12] ? __pfx_kthread+0x10/0x10 [ 221.154612][ T12] ret_from_fork_asm+0x1a/0x30 [ 221.154656][ T12] [ 221.155277][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 221.474060][ T6264] VFS:Filesystem freeze failed [pid 6264] +++ exited with 0 +++ [pid 6263] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6263, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=29 /* 0.29 s */} --- [pid 5823] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./34/binderfs") = 0 [pid 5823] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./34/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./34") = 0 [pid 5824] mkdir("./35", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./34/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./34") = 0 [pid 5823] mkdir("./35", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6272 attached , child_tidptr=0x55558e3aa690) = 6272 [pid 6272] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6272] chdir("./35") = 0 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3) = 0 [pid 6272] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6272] write(1, "executing program\n", 18) = 18 [pid 6272] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6272] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6273 attached => {parent_tid=[6273]}, 88) = 6273 [pid 6273] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], [pid 6273] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] memfd_create("syzkaller", 0 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] <... memfd_create resumed>) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6274 attached , child_tidptr=0x55558e3aa690) = 6274 [pid 6274] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6274] chdir("./35") = 0 [pid 6274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6274] setpgid(0, 0) = 0 [pid 6274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6274] write(3, "1000", 4) = 4 [pid 6274] close(3) = 0 [pid 6274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6274] write(1, "executing program\n", 18executing program ) = 18 [pid 6274] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6274] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6275 attached => {parent_tid=[6275]}, 88) = 6275 [pid 6275] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6274] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] <... rseq resumed>) = 0 [pid 6274] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] set_robust_list(0x7f836b55f9a0, 24 [pid 6274] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... set_robust_list resumed>) = 0 [pid 6274] <... futex resumed>) = 0 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6274] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] memfd_create("syzkaller", 0) = 3 [pid 6275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6273] <... write resumed>) = 20699119 [pid 6273] munmap(0x7f8363000000, 138412032) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6273] close(3) = 0 [pid 6273] close(4) = 0 [pid 6273] mkdir("./bus", 0777) = 0 [ 223.140222][ T6273] loop1: detected capacity change from 0 to 40427 [ 223.183705][ T6273] F2FS-fs (loop1): invalid crc value [pid 6273] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6275] <... write resumed>) = 20699119 [pid 6275] munmap(0x7f8363000000, 138412032) = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6275] close(3) = 0 [pid 6275] close(4) = 0 [pid 6275] mkdir("./bus", 0777) = 0 [ 223.403900][ T6275] loop0: detected capacity change from 0 to 40427 [ 223.408703][ T6273] F2FS-fs (loop1): Start checkpoint disabled! [ 223.439112][ T6273] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6275] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6273] <... mount resumed>) = 0 [pid 6273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6273] chdir("./bus") = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6273] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] <... futex resumed>) = 0 [pid 6272] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6273] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6273] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6273] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6272] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 223.479293][ T6275] F2FS-fs (loop0): invalid crc value [pid 6272] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6272] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6272] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6279]}, 88) = 6279 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6279 attached [pid 6279] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6279] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 223.523229][ T6132] kworker/u8:8: attempt to access beyond end of device [ 223.523229][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 223.571517][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 223.571552][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.571568][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 223.571603][ T6132] Call Trace: [ 223.571613][ T6132] [ 223.571623][ T6132] dump_stack_lvl+0x189/0x250 [ 223.571661][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.571693][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 6279] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6272] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6272] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6280]}, 88) = 6280 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 223.571714][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 223.571741][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 223.571783][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 223.571824][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 223.571879][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 223.571917][ T6132] __submit_merged_write_cond+0x255/0x530 [ 223.571956][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 223.572034][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6272] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 223.572066][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 223.572154][ T6132] ? __lock_acquire+0xaac/0xd20 [ 223.572195][ T6132] ? __lock_acquire+0xaac/0xd20 [ 223.572281][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 223.572315][ T6132] do_writepages+0x3ae/0x7b0 [ 223.572371][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 223.572432][ T6132] __writeback_single_inode+0x145/0xff0 [ 223.572463][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 223.572495][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 223.572563][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 223.572652][ T6132] ? rcu_is_watching+0x15/0xb0 [ 223.572698][ T6132] wb_writeback+0x43b/0xaf0 [ 223.572740][ T6132] ? queue_io+0x3a1/0x590 [ 223.572774][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 223.572817][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.572850][ T6132] wb_workfn+0x409/0xef0 [ 223.572896][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 223.572918][ T6132] ? register_lock_class+0x51/0x320 [ 223.572958][ T6132] ? __lock_acquire+0xaac/0xd20 [ 223.573001][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.573045][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.573068][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.573101][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.573138][ T6132] process_scheduled_works+0xadb/0x17a0 [ 223.573214][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 223.573273][ T6132] worker_thread+0x8a0/0xda0 [ 223.573299][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 223.573337][ T6132] ? __kthread_parkme+0x7b/0x200 [ 223.573373][ T6132] kthread+0x70e/0x8a0 [ 223.573405][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 223.573430][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.573459][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.573483][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.573508][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.573537][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.573562][ T6132] ret_from_fork+0x4b/0x80 [ 223.573582][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.573609][ T6132] ret_from_fork_asm+0x1a/0x30 [ 223.573676][ T6132] [ 223.573686][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 223.771019][ T6275] F2FS-fs (loop0): Start checkpoint disabled! [ 223.896949][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 223.896983][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 223.896999][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 223.897032][ T6132] Call Trace: [ 223.897041][ T6132] [ 223.897052][ T6132] dump_stack_lvl+0x189/0x250 [ 223.897087][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 ./strace-static-x86_64: Process 6280 attached [ 223.897118][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 223.897137][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 223.897163][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 223.897200][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 223.897238][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 223.897287][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 223.897323][ T6132] __submit_merged_write_cond+0x255/0x530 [ 223.897359][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 223.897424][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 223.897454][ T6132] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 223.897528][ T6132] ? __lock_acquire+0xaac/0xd20 [ 223.897565][ T6132] ? __lock_acquire+0xaac/0xd20 [ 223.897637][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 223.897678][ T6132] do_writepages+0x3ae/0x7b0 [ 223.897727][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 223.897772][ T6132] __writeback_single_inode+0x145/0xff0 [ 223.897800][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 223.897830][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 223.897886][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [pid 6280] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6280] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 223.897960][ T6132] ? rcu_is_watching+0x15/0xb0 [ 223.898002][ T6132] wb_writeback+0x43b/0xaf0 [ 223.898039][ T6132] ? queue_io+0x3a1/0x590 [ 223.898070][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 223.898109][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.898138][ T6132] wb_workfn+0x409/0xef0 [ 223.898179][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 223.898200][ T6132] ? register_lock_class+0x51/0x320 [ 223.898235][ T6132] ? __lock_acquire+0xaac/0xd20 [pid 6280] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6272] exit_group(0) = ? [ 223.898274][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.898313][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.898336][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.898368][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 223.898403][ T6132] process_scheduled_works+0xadb/0x17a0 [ 223.898469][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 223.898522][ T6132] worker_thread+0x8a0/0xda0 [ 223.898546][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 223.898580][ T6132] ? __kthread_parkme+0x7b/0x200 [ 223.898612][ T6132] kthread+0x70e/0x8a0 [ 223.898641][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 223.898668][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.898695][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.898718][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.898742][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.898768][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.898792][ T6132] ret_from_fork+0x4b/0x80 [ 223.898838][ T6132] ? __pfx_kthread+0x10/0x10 [ 223.898863][ T6132] ret_from_fork_asm+0x1a/0x30 [ 223.898914][ T6132] [pid 6275] <... mount resumed>) = 0 [pid 6275] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6275] chdir("./bus") = 0 [pid 6275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6275] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6275] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6274] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6274] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... futex resumed>) = 0 [pid 6274] <... futex resumed>) = 1 [pid 6275] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 223.898923][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 224.214693][ T6275] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 224.216579][ T6273] VFS:Filesystem freeze failed [pid 6280] <... ioctl resumed>) = ? [pid 6279] <... ioctl resumed> ) = ? [pid 6274] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... ioctl resumed>) = ? [pid 6280] +++ exited with 0 +++ [pid 6279] +++ exited with 0 +++ [pid 6275] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] +++ exited with 0 +++ [pid 6272] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=35 /* 0.35 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./35/binderfs") = 0 [pid 5824] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6274] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 224.259818][ T36] kworker/u8:2: attempt to access beyond end of device [ 224.259818][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 224.306525][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 224.306559][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.306574][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 224.306616][ T36] Call Trace: [ 224.306626][ T36] [ 224.306637][ T36] dump_stack_lvl+0x189/0x250 [ 224.306673][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.306704][ T36] ? __pfx_queue_work_on+0x10/0x10 [pid 6274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [ 224.306723][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 224.306748][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.306786][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 224.306826][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 224.306880][ T36] __submit_merged_bio+0x27a/0x6a0 [ 224.306918][ T36] __submit_merged_write_cond+0x255/0x530 [ 224.306957][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 224.306988][ T36] ? __lock_acquire+0xaac/0xd20 [ 224.307056][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.307111][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 224.307180][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 224.307229][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 224.307262][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 224.307299][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 224.307334][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 224.307375][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.307409][ T36] do_writepages+0x3ae/0x7b0 [ 224.307449][ T36] ? __lock_acquire+0xaac/0xd20 [ 224.307488][ T36] ? __pfx_do_writepages+0x10/0x10 [ 224.307538][ T36] __writeback_single_inode+0x145/0xff0 [ 224.307568][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 224.307599][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 224.307671][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 224.307756][ T36] ? rcu_is_watching+0x15/0xb0 [ 224.307801][ T36] wb_writeback+0x43b/0xaf0 [ 224.307842][ T36] ? queue_io+0x3a1/0x590 [ 224.307875][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 224.307916][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.307948][ T36] wb_workfn+0x409/0xef0 [ 224.307994][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 224.308015][ T36] ? register_lock_class+0x51/0x320 [ 224.308053][ T36] ? __lock_acquire+0xaac/0xd20 [ 224.308095][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.308137][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.308160][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.308192][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.308228][ T36] process_scheduled_works+0xadb/0x17a0 [ 224.308302][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 224.308360][ T36] worker_thread+0x8a0/0xda0 [ 224.308385][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.308422][ T36] ? __kthread_parkme+0x7b/0x200 [ 224.308459][ T36] kthread+0x70e/0x8a0 [ 224.308489][ T36] ? __pfx_worker_thread+0x10/0x10 [ 224.308509][ T36] ? __pfx_kthread+0x10/0x10 [ 224.308536][ T36] ? __pfx_kthread+0x10/0x10 [ 224.308561][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.308584][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.308620][ T36] ? __pfx_kthread+0x10/0x10 [ 224.308645][ T36] ret_from_fork+0x4b/0x80 [ 224.308665][ T36] ? __pfx_kthread+0x10/0x10 [ 224.308690][ T36] ret_from_fork_asm+0x1a/0x30 [ 224.308744][ T36] [ 224.635280][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 224.642344][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 224.642376][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.642392][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 224.642426][ T36] Call Trace: [ 224.642435][ T36] [ 224.642446][ T36] dump_stack_lvl+0x189/0x250 [ 224.642482][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.642513][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 224.642533][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 224.642560][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.642604][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 224.642643][ T36] f2fs_write_end_io+0x4e2/0x6d0 [pid 6274] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 224.642695][ T36] __submit_merged_bio+0x27a/0x6a0 [ 224.642732][ T36] __submit_merged_write_cond+0x255/0x530 [ 224.642769][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 224.642801][ T36] ? __lock_acquire+0xaac/0xd20 [ 224.642866][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.642915][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 224.642977][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 224.643023][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 224.643055][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [pid 6274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6282]}, 88) = 6282 [pid 6274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6274] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6282 attached [ 224.643091][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 224.643125][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 224.643166][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.643200][ T36] do_writepages+0x3ae/0x7b0 [ 224.643239][ T36] ? __lock_acquire+0xaac/0xd20 [ 224.643276][ T36] ? __pfx_do_writepages+0x10/0x10 [ 224.643322][ T36] __writeback_single_inode+0x145/0xff0 [ 224.643353][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 224.643383][ T36] writeback_sb_inodes+0x6b5/0x1000 [pid 6282] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6282] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6282] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6274] <... futex resumed>) = 0 [pid 6274] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 224.643441][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 224.643518][ T36] ? rcu_is_watching+0x15/0xb0 [ 224.643562][ T36] wb_writeback+0x43b/0xaf0 [ 224.643608][ T36] ? queue_io+0x3a1/0x590 [ 224.643642][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 224.643682][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.643713][ T36] wb_workfn+0x409/0xef0 [ 224.643754][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 224.643776][ T36] ? register_lock_class+0x51/0x320 [ 224.643814][ T36] ? __lock_acquire+0xaac/0xd20 [pid 6282] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6274] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6274] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 224.643854][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.643896][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.643919][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.643952][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 224.643988][ T36] process_scheduled_works+0xadb/0x17a0 [ 224.644055][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 224.644110][ T36] worker_thread+0x8a0/0xda0 [ 224.644134][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.644169][ T36] ? __kthread_parkme+0x7b/0x200 [ 224.644203][ T36] kthread+0x70e/0x8a0 [ 224.644232][ T36] ? __pfx_worker_thread+0x10/0x10 [ 224.644253][ T36] ? __pfx_kthread+0x10/0x10 [ 224.644280][ T36] ? __pfx_kthread+0x10/0x10 [ 224.644304][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.644329][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.644357][ T36] ? __pfx_kthread+0x10/0x10 [ 224.644382][ T36] ret_from_fork+0x4b/0x80 [ 224.644403][ T36] ? __pfx_kthread+0x10/0x10 [ 224.644428][ T36] ret_from_fork_asm+0x1a/0x30 [ 224.644480][ T36] [pid 6282] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6282] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6282] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6275] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6274] exit_group(0 [pid 6282] <... futex resumed>) = ? [pid 6274] <... exit_group resumed>) = ? [pid 6282] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ [pid 6274] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6274, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=39 /* 0.39 s */} --- [ 224.644489][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 224.973339][ T6275] VFS:Filesystem freeze failed [pid 5823] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./35/binderfs") = 0 [pid 5823] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./35/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./35") = 0 [pid 5824] mkdir("./36", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./35/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./35") = 0 [pid 5823] mkdir("./36", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6283 attached , child_tidptr=0x55558e3aa690) = 6283 [pid 6283] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6283] chdir("./36") = 0 [pid 6283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6283] setpgid(0, 0) = 0 [pid 6283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6283] write(3, "1000", 4) = 4 [pid 6283] close(3) = 0 [pid 6283] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6283] write(1, "executing program\n", 18) = 18 [pid 6283] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6283] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6284 attached => {parent_tid=[6284]}, 88) = 6284 [pid 6284] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], [pid 6284] set_robust_list(0x7f836b55f9a0, 24 [pid 6283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6284] <... set_robust_list resumed>) = 0 [pid 6283] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], [pid 6283] <... futex resumed>) = 0 [pid 6284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6283] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6284] memfd_create("syzkaller", 0) = 3 [pid 6284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6285 attached [pid 6285] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6285 [pid 6285] <... set_robust_list resumed>) = 0 [pid 6285] chdir("./36") = 0 [pid 6285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6285] setpgid(0, 0) = 0 [pid 6285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6285] write(3, "1000", 4) = 4 [pid 6285] close(3) = 0 [pid 6285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6285] write(1, "executing program\n", 18executing program ) = 18 [pid 6285] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6285] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6286 attached => {parent_tid=[6286]}, 88) = 6286 [pid 6286] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], [pid 6286] <... rseq resumed>) = 0 [pid 6285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6286] set_robust_list(0x7f836b55f9a0, 24 [pid 6285] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... set_robust_list resumed>) = 0 [pid 6285] <... futex resumed>) = 0 [pid 6286] rt_sigprocmask(SIG_SETMASK, [], [pid 6285] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6286] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6286] memfd_create("syzkaller", 0) = 3 [pid 6286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6286] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6284] <... write resumed>) = 20699119 [pid 6284] munmap(0x7f8363000000, 138412032) = 0 [pid 6284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6284] close(3) = 0 [pid 6284] close(4) = 0 [pid 6284] mkdir("./bus", 0777) = 0 [ 226.479107][ T6284] loop1: detected capacity change from 0 to 40427 [ 226.513608][ T6284] F2FS-fs (loop1): invalid crc value [pid 6284] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6286] <... write resumed>) = 20699119 [pid 6286] munmap(0x7f8363000000, 138412032) = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6286] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6284] <... mount resumed>) = 0 [pid 6286] close(3) = 0 [pid 6286] close(4) = 0 [pid 6286] mkdir("./bus", 0777) = 0 [pid 6286] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6284] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6284] chdir("./bus") = 0 [pid 6284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6284] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] <... futex resumed>) = 0 [ 226.745833][ T6284] F2FS-fs (loop1): Start checkpoint disabled! [ 226.781157][ T6284] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 226.788642][ T6286] loop0: detected capacity change from 0 to 40427 [pid 6284] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6283] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... openat resumed>) = 4 [pid 6284] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6283] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6283] <... futex resumed>) = 0 [pid 6284] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 1 [pid 6284] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 226.816250][ T6286] F2FS-fs (loop0): invalid crc value [ 226.845435][ T12] kworker/u8:0: attempt to access beyond end of device [ 226.845435][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6283] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6283] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6283] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6290]}, 88) = 6290 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6283] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.888198][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 226.888231][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.888247][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 226.888281][ T12] Call Trace: [ 226.888291][ T12] [ 226.888301][ T12] dump_stack_lvl+0x189/0x250 [ 226.888338][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.888369][ T12] ? __pfx_queue_work_on+0x10/0x10 [pid 6283] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6283] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6283] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6291]}, 88) = 6291 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6283] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.888388][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 226.888415][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 226.888455][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 226.888496][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 226.888549][ T12] __submit_merged_bio+0x27a/0x6a0 [ 226.888588][ T12] __submit_merged_write_cond+0x255/0x530 [ 226.888627][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 226.888658][ T12] ? __lock_acquire+0xaac/0xd20 [ 226.888731][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.888782][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 226.888859][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 226.888907][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 226.888941][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 226.888977][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 226.889013][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 226.889055][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.889089][ T12] do_writepages+0x3ae/0x7b0 [pid 6283] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 226.889130][ T12] ? __lock_acquire+0xaac/0xd20 [ 226.889169][ T12] ? __pfx_do_writepages+0x10/0x10 [ 226.889229][ T12] __writeback_single_inode+0x145/0xff0 [ 226.889259][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 226.889290][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 226.889356][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 226.889441][ T12] ? rcu_is_watching+0x15/0xb0 [ 226.889487][ T12] wb_writeback+0x43b/0xaf0 [ 226.889526][ T12] ? queue_io+0x3a1/0x590 [ 226.889560][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 226.889602][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.889634][ T12] wb_workfn+0x409/0xef0 [ 226.889679][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 226.889700][ T12] ? register_lock_class+0x51/0x320 [ 226.889739][ T12] ? __lock_acquire+0xaac/0xd20 [ 226.889781][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 226.889823][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.889846][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 226.889878][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 226.889914][ T12] process_scheduled_works+0xadb/0x17a0 ./strace-static-x86_64: Process 6291 attached ./strace-static-x86_64: Process 6290 attached [pid 6291] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6290] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6291] <... rseq resumed>) = 0 [pid 6290] <... rseq resumed>) = 0 [pid 6291] set_robust_list(0x7f836b51d9a0, 24 [pid 6290] set_robust_list(0x7f836b53e9a0, 24 [pid 6291] <... set_robust_list resumed>) = 0 [pid 6290] <... set_robust_list resumed>) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], [pid 6290] rt_sigprocmask(SIG_SETMASK, [], [pid 6291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6291] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6290] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6290] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.889989][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 226.890047][ T12] worker_thread+0x8a0/0xda0 [ 226.890100][ T12] kthread+0x70e/0x8a0 [ 226.890130][ T12] ? __pfx_worker_thread+0x10/0x10 [ 226.890150][ T12] ? __pfx_kthread+0x10/0x10 [ 226.890184][ T12] ? __pfx_kthread+0x10/0x10 [ 226.890208][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.890232][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.890260][ T12] ? __pfx_kthread+0x10/0x10 [ 226.890284][ T12] ret_from_fork+0x4b/0x80 [ 226.890305][ T12] ? __pfx_kthread+0x10/0x10 [ 226.890330][ T12] ret_from_fork_asm+0x1a/0x30 [ 226.890385][ T12] [ 226.890394][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 227.176734][ T6286] F2FS-fs (loop0): Start checkpoint disabled! [ 227.184842][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 227.184877][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.184895][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 227.184934][ T12] Call Trace: [ 227.184944][ T12] [ 227.184956][ T12] dump_stack_lvl+0x189/0x250 [ 227.184997][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.185029][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 227.185052][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 227.185093][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 227.185138][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 227.185183][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 227.185242][ T12] __submit_merged_bio+0x27a/0x6a0 [ 227.185284][ T12] __submit_merged_write_cond+0x255/0x530 [ 227.185327][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 227.185362][ T12] ? __lock_acquire+0xaac/0xd20 [ 227.185449][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 227.185505][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 227.185581][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 227.185634][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 227.185670][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 227.185707][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 227.185746][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 227.185793][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 227.185832][ T12] do_writepages+0x3ae/0x7b0 [ 227.185877][ T12] ? __lock_acquire+0xaac/0xd20 [ 227.185918][ T12] ? __pfx_do_writepages+0x10/0x10 [ 227.185975][ T12] __writeback_single_inode+0x145/0xff0 [ 227.186007][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 227.186041][ T12] writeback_sb_inodes+0x6b5/0x1000 [pid 6290] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] exit_group(0 [pid 6290] <... futex resumed>) = ? [pid 6283] <... exit_group resumed>) = ? [pid 6290] +++ exited with 0 +++ [ 227.186111][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 227.186202][ T12] ? rcu_is_watching+0x15/0xb0 [ 227.186253][ T12] wb_writeback+0x43b/0xaf0 [ 227.186297][ T12] ? queue_io+0x3a1/0x590 [ 227.186334][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 227.186379][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.186426][ T12] wb_workfn+0x409/0xef0 [ 227.186476][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 227.186500][ T12] ? register_lock_class+0x51/0x320 [ 227.186541][ T12] ? __lock_acquire+0xaac/0xd20 [ 227.186587][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 227.186634][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.186659][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 227.186694][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 227.186734][ T12] process_scheduled_works+0xadb/0x17a0 [ 227.186813][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 227.186876][ T12] worker_thread+0x8a0/0xda0 [ 227.186949][ T12] kthread+0x70e/0x8a0 [ 227.186983][ T12] ? __pfx_worker_thread+0x10/0x10 [ 227.187004][ T12] ? __pfx_kthread+0x10/0x10 [ 227.187033][ T12] ? __pfx_kthread+0x10/0x10 [ 227.187059][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.187084][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.187114][ T12] ? __pfx_kthread+0x10/0x10 [ 227.187139][ T12] ret_from_fork+0x4b/0x80 [ 227.187160][ T12] ? __pfx_kthread+0x10/0x10 [ 227.187187][ T12] ret_from_fork_asm+0x1a/0x30 [ 227.187243][ T12] [ 227.188293][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6291] <... ioctl resumed>) = ? [pid 6291] +++ exited with 0 +++ [pid 6284] <... ioctl resumed>) = ? [pid 6284] +++ exited with 0 +++ [pid 6283] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6283, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=36 /* 0.36 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./36/binderfs") = 0 [ 227.286580][ T6286] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 227.545744][ T6284] VFS:Filesystem freeze failed [pid 5824] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6286] <... mount resumed>) = 0 [pid 6286] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6286] chdir("./bus") = 0 [pid 6286] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6286] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6286] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6285] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... openat resumed>) = 4 [pid 6286] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6286] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6285] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... openat resumed>) = 5 [pid 6286] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] <... futex resumed>) = 0 [pid 6286] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6285] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6286] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 227.850228][ T6132] kworker/u8:8: attempt to access beyond end of device [ 227.850228][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 227.887551][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 227.887582][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 227.887596][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 227.887638][ T6132] Call Trace: [ 227.887646][ T6132] [ 227.887656][ T6132] dump_stack_lvl+0x189/0x250 [ 227.887686][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.887712][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 227.887728][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 227.887750][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 227.887783][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 227.887818][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 227.887867][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 227.887901][ T6132] __submit_merged_write_cond+0x255/0x530 [ 227.887936][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 227.887966][ T6132] ? __lock_acquire+0xaac/0xd20 [ 227.888050][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 227.888099][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 227.888164][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 227.888241][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 227.888274][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 227.888309][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 227.888342][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 227.888382][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 227.888413][ T6132] do_writepages+0x3ae/0x7b0 [ 227.888451][ T6132] ? __lock_acquire+0xaac/0xd20 [ 227.888487][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 227.888538][ T6132] __writeback_single_inode+0x145/0xff0 [ 227.888568][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 227.888600][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 227.888666][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 227.888747][ T6132] ? rcu_is_watching+0x15/0xb0 [ 227.888789][ T6132] wb_writeback+0x43b/0xaf0 [ 227.888827][ T6132] ? queue_io+0x3a1/0x590 [ 227.888858][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 227.888896][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.888926][ T6132] wb_workfn+0x409/0xef0 [ 227.888968][ T6132] ? __pfx_wb_workfn+0x10/0x10 [pid 6285] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6285] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6285] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6293]}, 88) = 6293 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6285] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6285] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6285] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6285] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6294]}, 88) = 6294 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6285] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 227.888988][ T6132] ? register_lock_class+0x51/0x320 [ 227.889023][ T6132] ? __lock_acquire+0xaac/0xd20 [ 227.889063][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 227.889102][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.889124][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 227.889154][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 227.889197][ T6132] process_scheduled_works+0xadb/0x17a0 [ 227.889265][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 227.889319][ T6132] worker_thread+0x8a0/0xda0 [pid 6285] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6294 attached [pid 6294] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6294] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6294] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6285] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6285] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 227.889343][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 227.889376][ T6132] ? __kthread_parkme+0x7b/0x200 [ 227.889410][ T6132] kthread+0x70e/0x8a0 [ 227.889439][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 227.889457][ T6132] ? __pfx_kthread+0x10/0x10 [ 227.889483][ T6132] ? __pfx_kthread+0x10/0x10 [ 227.889506][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 227.889528][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 227.889554][ T6132] ? __pfx_kthread+0x10/0x10 [ 227.889577][ T6132] ret_from_fork+0x4b/0x80 ./strace-static-x86_64: Process 6293 attached [pid 6293] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6293] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6293] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6293] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 227.889597][ T6132] ? __pfx_kthread+0x10/0x10 [ 227.889623][ T6132] ret_from_fork_asm+0x1a/0x30 [ 227.889681][ T6132] [ 227.889691][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6293] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./36/bus") = 0 [ 228.266661][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 228.266694][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.266710][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 228.266745][ T6132] Call Trace: [ 228.266755][ T6132] [ 228.266765][ T6132] dump_stack_lvl+0x189/0x250 [ 228.266802][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.266832][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./36") = 0 [pid 5824] mkdir("./37", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 228.266852][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 228.266877][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 228.266936][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 228.266977][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 228.267031][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 228.267070][ T6132] __submit_merged_write_cond+0x255/0x530 [ 228.267110][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 228.267141][ T6132] ? __lock_acquire+0xaac/0xd20 [ 228.267214][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 228.267266][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 228.267341][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 228.267390][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 228.267423][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 228.267460][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 228.267496][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 228.267538][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 228.267571][ T6132] do_writepages+0x3ae/0x7b0 [ 228.267612][ T6132] ? __lock_acquire+0xaac/0xd20 [ 228.267651][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 228.267701][ T6132] __writeback_single_inode+0x145/0xff0 [ 228.267730][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 228.267761][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 228.267826][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 228.267911][ T6132] ? rcu_is_watching+0x15/0xb0 [ 228.267957][ T6132] wb_writeback+0x43b/0xaf0 [ 228.267998][ T6132] ? queue_io+0x3a1/0x590 [ 228.268051][ T6132] ? __pfx_wb_writeback+0x10/0x10 [pid 5824] close(3 [pid 6285] exit_group(0 [pid 6293] <... futex resumed>) = ? [pid 6285] <... exit_group resumed>) = ? [pid 6293] +++ exited with 0 +++ [ 228.268101][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.268134][ T6132] wb_workfn+0x409/0xef0 [ 228.268192][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 228.268214][ T6132] ? register_lock_class+0x51/0x320 [ 228.268252][ T6132] ? __lock_acquire+0xaac/0xd20 [ 228.268294][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 228.268346][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.268369][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 228.268401][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 228.268437][ T6132] process_scheduled_works+0xadb/0x17a0 [ 228.268510][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 228.268568][ T6132] worker_thread+0x8a0/0xda0 [ 228.268593][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 228.268629][ T6132] ? __kthread_parkme+0x7b/0x200 [ 228.268665][ T6132] kthread+0x70e/0x8a0 [ 228.268695][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 228.268715][ T6132] ? __pfx_kthread+0x10/0x10 [ 228.268743][ T6132] ? __pfx_kthread+0x10/0x10 [ 228.268767][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.268791][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.268819][ T6132] ? __pfx_kthread+0x10/0x10 [ 228.268843][ T6132] ret_from_fork+0x4b/0x80 [ 228.268863][ T6132] ? __pfx_kthread+0x10/0x10 [ 228.268889][ T6132] ret_from_fork_asm+0x1a/0x30 [ 228.268943][ T6132] [ 228.268953][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6286] <... ioctl resumed>) = ? [pid 6294] <... ioctl resumed>) = ? [pid 6286] +++ exited with 0 +++ [pid 6294] +++ exited with 0 +++ [pid 6285] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6285, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=57 /* 0.57 s */} --- [pid 5823] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./36/binderfs") = 0 [ 228.723551][ T6286] VFS:Filesystem freeze failed [pid 5823] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6295 ./strace-static-x86_64: Process 6295 attached [pid 6295] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6295] chdir("./37") = 0 [pid 6295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6295] setpgid(0, 0) = 0 [pid 6295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6295] write(3, "1000", 4) = 4 [pid 6295] close(3) = 0 [pid 6295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6295] write(1, "executing program\n", 18executing program ) = 18 [pid 6295] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6295] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6296 attached [pid 6296] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6295] <... clone3 resumed> => {parent_tid=[6296]}, 88) = 6296 [pid 6296] <... rseq resumed>) = 0 [pid 6296] set_robust_list(0x7f836b55f9a0, 24 [pid 6295] rt_sigprocmask(SIG_SETMASK, [], [pid 6296] <... set_robust_list resumed>) = 0 [pid 6295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6295] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6295] <... futex resumed>) = 0 [pid 6296] memfd_create("syzkaller", 0 [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6296] <... memfd_create resumed>) = 3 [pid 6296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./36/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./36") = 0 [pid 5823] mkdir("./37", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6297 attached [pid 6297] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6297 [pid 6297] chdir("./37") = 0 [pid 6297] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6297] setpgid(0, 0) = 0 [pid 6297] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6297] write(3, "1000", 4) = 4 [pid 6297] close(3) = 0 [pid 6297] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6297] write(1, "executing program\n", 18executing program ) = 18 [pid 6297] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6297] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6297] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6298]}, 88) = 6298 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6298 attached ) = 0 [pid 6297] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6298] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6298] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6298] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6298] memfd_create("syzkaller", 0) = 3 [pid 6298] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6298] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6296] <... write resumed>) = 20699119 [pid 6296] munmap(0x7f8363000000, 138412032) = 0 [pid 6296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6296] close(3) = 0 [pid 6296] close(4) = 0 [pid 6296] mkdir("./bus", 0777) = 0 [ 230.038119][ T6296] loop1: detected capacity change from 0 to 40427 [ 230.084777][ T6296] F2FS-fs (loop1): invalid crc value [pid 6296] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6296] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6296] chdir("./bus") = 0 [pid 6296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6296] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6295] <... futex resumed>) = 0 [pid 6296] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6295] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6295] <... futex resumed>) = 0 [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6296] <... openat resumed>) = 4 [pid 6296] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6295] <... futex resumed>) = 0 [pid 6296] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6295] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6295] <... futex resumed>) = 1 [pid 6296] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6296] <... openat resumed>) = 5 [pid 6296] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6295] <... futex resumed>) = 0 [pid 6296] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6295] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6295] <... futex resumed>) = 1 [pid 6296] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 230.305401][ T6296] F2FS-fs (loop1): Start checkpoint disabled! [ 230.323643][ T6296] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 230.360561][ T6132] kworker/u8:8: attempt to access beyond end of device [ 230.360561][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 230.386700][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6295] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6295] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6295] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6301]}, 88) = 6301 [pid 6295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6295] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6301 attached [pid 6301] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6301] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6301] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6301] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6295] <... futex resumed>) = 0 [pid 6295] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6295] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6301] <... futex resumed>) = 1 [ 230.386735][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.386751][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 230.386787][ T6132] Call Trace: [ 230.386797][ T6132] [ 230.386807][ T6132] dump_stack_lvl+0x189/0x250 [ 230.386845][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.386877][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 230.386897][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 230.386925][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 230.386966][ T6132] f2fs_handle_critical_error+0x37c/0x540 [pid 6301] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6295] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 230.387021][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 230.387077][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 230.387117][ T6132] __submit_merged_write_cond+0x255/0x530 [ 230.387158][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 230.387190][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.387265][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.387319][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 230.387341][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.387417][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 230.387467][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 230.387501][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 230.387539][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 230.387576][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 230.387620][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.387655][ T6132] do_writepages+0x3ae/0x7b0 [ 230.387698][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.387738][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 230.387790][ T6132] __writeback_single_inode+0x145/0xff0 [ 230.387821][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 230.387853][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 230.387921][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 230.388015][ T6132] ? rcu_is_watching+0x15/0xb0 [ 230.388062][ T6132] wb_writeback+0x43b/0xaf0 [ 230.388104][ T6132] ? queue_io+0x3a1/0x590 [ 230.388139][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 230.388182][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.388215][ T6132] wb_workfn+0x409/0xef0 [ 230.388263][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 230.388285][ T6132] ? register_lock_class+0x51/0x320 [pid 6295] exit_group(0) = ? [ 230.388324][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.388368][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.388412][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.388436][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.388469][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.388506][ T6132] process_scheduled_works+0xadb/0x17a0 [ 230.388583][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 230.388642][ T6132] worker_thread+0x8a0/0xda0 [ 230.388668][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 230.388707][ T6132] ? __kthread_parkme+0x7b/0x200 [ 230.388744][ T6132] kthread+0x70e/0x8a0 [ 230.388775][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 230.388796][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.388825][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.388850][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.388875][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.388904][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.388929][ T6132] ret_from_fork+0x4b/0x80 [ 230.388950][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.388981][ T6132] ret_from_fork_asm+0x1a/0x30 [pid 6298] <... write resumed>) = 20699119 [ 230.389038][ T6132] [ 230.389047][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 230.738429][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6298] munmap(0x7f8363000000, 138412032) = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 230.738465][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.738481][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 230.738517][ T6132] Call Trace: [ 230.738526][ T6132] [ 230.738536][ T6132] dump_stack_lvl+0x189/0x250 [ 230.738575][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.738607][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 230.738628][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 230.738655][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 230.738697][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 230.738738][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 230.738794][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 230.738833][ T6132] __submit_merged_write_cond+0x255/0x530 [ 230.738874][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 230.738906][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.738989][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.739042][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 230.739064][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.739140][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 230.739189][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 230.739223][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 230.739261][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 230.739297][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 230.739340][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.739374][ T6132] do_writepages+0x3ae/0x7b0 [ 230.739416][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.739456][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 230.739508][ T6132] __writeback_single_inode+0x145/0xff0 [ 230.739538][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 230.739571][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 230.739638][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 230.739726][ T6132] ? rcu_is_watching+0x15/0xb0 [ 230.739773][ T6132] wb_writeback+0x43b/0xaf0 [ 230.739814][ T6132] ? queue_io+0x3a1/0x590 [ 230.739849][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 230.739891][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.739924][ T6132] wb_workfn+0x409/0xef0 [ 230.739977][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 230.740000][ T6132] ? register_lock_class+0x51/0x320 [ 230.740039][ T6132] ? __lock_acquire+0xaac/0xd20 [ 230.740083][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.740126][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.740150][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.740183][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 230.740220][ T6132] process_scheduled_works+0xadb/0x17a0 [ 230.740296][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 230.740356][ T6132] worker_thread+0x8a0/0xda0 [ 230.740382][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 230.740420][ T6132] ? __kthread_parkme+0x7b/0x200 [ 230.740457][ T6132] kthread+0x70e/0x8a0 [ 230.740489][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 230.740510][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.740539][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.740564][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.740589][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.740618][ T6132] ? __pfx_kthread+0x10/0x10 [ 230.740643][ T6132] ret_from_fork+0x4b/0x80 [ 230.740664][ T6132] ? __pfx_kthread+0x10/0x10 [pid 6298] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6298] close(3) = 0 [pid 6298] close(4) = 0 [pid 6298] mkdir("./bus", 0777) = 0 [ 230.740690][ T6132] ret_from_fork_asm+0x1a/0x30 [ 230.740747][ T6132] [ 230.740757][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 230.797898][ T6298] loop0: detected capacity change from 0 to 40427 [ 231.081295][ T6296] VFS:Filesystem freeze failed [pid 6298] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6301] <... ioctl resumed>) = ? [pid 6296] <... ioctl resumed>) = ? [pid 6296] +++ exited with 0 +++ [pid 6301] +++ exited with 0 +++ [pid 6295] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6295, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=39 /* 0.39 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./37/binderfs") = 0 [ 231.119793][ T6298] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6298] <... mount resumed>) = 0 [pid 6298] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6298] chdir("./bus") = 0 [pid 6298] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6298] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6297] <... futex resumed>) = 0 [pid 6298] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6297] <... futex resumed>) = 1 [pid 6298] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6297] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... openat resumed>) = 4 [pid 6298] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6298] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 231.286711][ T6298] F2FS-fs (loop0): Start checkpoint disabled! [ 231.306781][ T6298] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6297] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... futex resumed>) = 0 [pid 6297] <... futex resumed>) = 1 [pid 6298] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6297] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6298] <... futex resumed>) = 0 [pid 6298] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6297] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6297] <... futex resumed>) = 0 [ 231.378201][ T6132] kworker/u8:8: attempt to access beyond end of device [ 231.378201][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 231.406545][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6297] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6297] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6297] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6304]}, 88) = 6304 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 231.406579][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.406595][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 231.406632][ T6132] Call Trace: [ 231.406641][ T6132] [ 231.406652][ T6132] dump_stack_lvl+0x189/0x250 [ 231.406703][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.406733][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 231.406753][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 231.406779][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 231.406820][ T6132] f2fs_handle_critical_error+0x37c/0x540 [pid 6297] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6297] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6297] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6297] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6297] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6305]}, 88) = 6305 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6297] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6305 attached [pid 6305] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6305] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 231.406868][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 231.406921][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 231.406960][ T6132] __submit_merged_write_cond+0x255/0x530 [ 231.406998][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 231.407029][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.407122][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 231.407175][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 231.407246][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 231.407297][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 231.407332][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 231.407377][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 231.407414][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 231.407458][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 231.407493][ T6132] do_writepages+0x3ae/0x7b0 [ 231.407536][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.407577][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 231.407630][ T6132] __writeback_single_inode+0x145/0xff0 [ 231.407660][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 231.407693][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 231.407761][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 231.407850][ T6132] ? rcu_is_watching+0x15/0xb0 [ 231.407904][ T6132] wb_writeback+0x43b/0xaf0 [ 231.407946][ T6132] ? queue_io+0x3a1/0x590 [ 231.407981][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 231.408024][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.408057][ T6132] wb_workfn+0x409/0xef0 [ 231.408103][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 231.408125][ T6132] ? register_lock_class+0x51/0x320 [ 231.408164][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.408209][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.408253][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.408277][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.408311][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.408348][ T6132] process_scheduled_works+0xadb/0x17a0 [ 231.408425][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 231.408485][ T6132] worker_thread+0x8a0/0xda0 [ 231.408511][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6305] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6297] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 231.408549][ T6132] ? __kthread_parkme+0x7b/0x200 [ 231.408587][ T6132] kthread+0x70e/0x8a0 [ 231.408618][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 231.408639][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.408668][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.408693][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.408718][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.408746][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.408771][ T6132] ret_from_fork+0x4b/0x80 [ 231.408793][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.408820][ T6132] ret_from_fork_asm+0x1a/0x30 ./strace-static-x86_64: Process 6304 attached [pid 6304] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 231.408882][ T6132] [ 231.408892][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 231.741523][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 231.741554][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 231.741569][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 231.741602][ T6132] Call Trace: [ 231.741620][ T6132] [ 231.741630][ T6132] dump_stack_lvl+0x189/0x250 [ 231.741665][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.741694][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 231.741736][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 231.741762][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 231.741800][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 231.741850][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 231.741903][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 231.741938][ T6132] __submit_merged_write_cond+0x255/0x530 [pid 6304] set_robust_list(0x7f836b53e9a0, 24 [pid 6297] exit_group(0) = ? [ 231.741977][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 231.742009][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.742079][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 231.742132][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 231.742203][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 231.742252][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 231.742286][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 231.742323][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 231.742359][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [pid 6304] <... set_robust_list resumed>) = ? [pid 6304] +++ exited with 0 +++ [ 231.742403][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 231.742437][ T6132] do_writepages+0x3ae/0x7b0 [ 231.742479][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.742519][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 231.742570][ T6132] __writeback_single_inode+0x145/0xff0 [ 231.742601][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 231.742632][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 231.742697][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 231.742781][ T6132] ? rcu_is_watching+0x15/0xb0 [ 231.742829][ T6132] wb_writeback+0x43b/0xaf0 [ 231.742881][ T6132] ? queue_io+0x3a1/0x590 [ 231.742917][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 231.742960][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.742994][ T6132] wb_workfn+0x409/0xef0 [ 231.743041][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 231.743063][ T6132] ? register_lock_class+0x51/0x320 [ 231.743102][ T6132] ? __lock_acquire+0xaac/0xd20 [ 231.743146][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.743190][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.743214][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.743247][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 231.743284][ T6132] process_scheduled_works+0xadb/0x17a0 [ 231.743361][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 231.743421][ T6132] worker_thread+0x8a0/0xda0 [ 231.743447][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 231.743486][ T6132] ? __kthread_parkme+0x7b/0x200 [ 231.743523][ T6132] kthread+0x70e/0x8a0 [ 231.743554][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 231.743575][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.743604][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.743629][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 231.743654][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 231.743683][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.743708][ T6132] ret_from_fork+0x4b/0x80 [ 231.743729][ T6132] ? __pfx_kthread+0x10/0x10 [ 231.743755][ T6132] ret_from_fork_asm+0x1a/0x30 [ 231.743812][ T6132] [ 231.744719][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6298] <... ioctl resumed>) = ? [pid 6298] +++ exited with 0 +++ [pid 6305] <... ioctl resumed>) = ? [pid 6305] +++ exited with 0 +++ [pid 6297] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6297, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=64 /* 0.64 s */} --- [pid 5823] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./37/binderfs") = 0 [ 232.086768][ T6298] VFS:Filesystem freeze failed [pid 5823] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./37/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./37") = 0 [pid 5824] mkdir("./38", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./37/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./37") = 0 [pid 5823] mkdir("./38", 0777) = 0 [pid 5824] <... close resumed>) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5823] <... openat resumed>) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3./strace-static-x86_64: Process 6306 attached [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6306 [pid 6306] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6306] chdir("./38") = 0 [pid 6306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6306] setpgid(0, 0) = 0 [pid 6306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6306] write(3, "1000", 4) = 4 [pid 6306] close(3) = 0 executing program [pid 6306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6306] write(1, "executing program\n", 18) = 18 [pid 6306] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6306] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6307 attached => {parent_tid=[6307]}, 88) = 6307 [pid 6307] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6307] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6307] <... futex resumed>) = 0 [pid 6306] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6307] memfd_create("syzkaller", 0) = 3 [pid 6307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached , child_tidptr=0x55558e3aa690) = 6308 [pid 6308] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6308] chdir("./38") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] write(1, "executing program\n", 18) = 18 [pid 6308] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6308] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6309 attached => {parent_tid=[6309]}, 88) = 6309 [pid 6309] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] <... rseq resumed>) = 0 [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] set_robust_list(0x7f836b55f9a0, 24 [pid 6308] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... set_robust_list resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] memfd_create("syzkaller", 0) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6307] <... write resumed>) = 20699119 [pid 6307] munmap(0x7f8363000000, 138412032) = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6307] close(3) = 0 [pid 6307] close(4) = 0 [pid 6307] mkdir("./bus", 0777) = 0 [ 233.538254][ T6307] loop1: detected capacity change from 0 to 40427 [ 233.573470][ T6307] F2FS-fs (loop1): invalid crc value [ 233.805753][ T6307] F2FS-fs (loop1): Start checkpoint disabled! [pid 6307] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6307] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6307] chdir("./bus") = 0 [pid 6307] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6307] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6306] <... futex resumed>) = 0 [pid 6307] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6306] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... openat resumed>) = 4 [pid 6307] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6307] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... write resumed>) = 20699119 [ 233.846571][ T6307] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6306] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = 0 [pid 6307] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6306] <... futex resumed>) = 1 [pid 6306] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] munmap(0x7f8363000000, 138412032 [pid 6307] <... openat resumed>) = 5 [pid 6307] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6306] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6309] <... munmap resumed>) = 0 [pid 6306] <... futex resumed>) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6306] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... openat resumed>) = 4 [ 233.940586][ T36] kworker/u8:2: attempt to access beyond end of device [ 233.940586][ T36] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 233.966536][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 233.966566][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.966581][ T36] Workqueue: writeback wb_workfn (flush-7:1) [ 233.966612][ T36] Call Trace: [ 233.966621][ T36] [ 233.966631][ T36] dump_stack_lvl+0x189/0x250 [ 233.966668][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.966707][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 233.966728][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 233.966754][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 233.966791][ T36] f2fs_handle_critical_error+0x37c/0x540 [pid 6309] ioctl(4, LOOP_SET_FD, 3 [pid 6306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 233.966827][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 233.966896][ T36] __submit_merged_bio+0x27a/0x6a0 [ 233.966933][ T36] __submit_merged_write_cond+0x255/0x530 [ 233.966971][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 233.967001][ T36] ? __lock_acquire+0xaac/0xd20 [ 233.967071][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 233.967120][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 233.967191][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 233.967241][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 233.967275][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 233.967313][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 233.967350][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 233.967393][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 233.967427][ T36] do_writepages+0x3ae/0x7b0 [ 233.967469][ T36] ? __lock_acquire+0xaac/0xd20 [ 233.967509][ T36] ? __pfx_do_writepages+0x10/0x10 [ 233.967561][ T36] __writeback_single_inode+0x145/0xff0 [ 233.967592][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 233.967625][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 233.967715][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 233.967804][ T36] ? rcu_is_watching+0x15/0xb0 [ 233.967852][ T36] wb_writeback+0x43b/0xaf0 [ 233.967893][ T36] ? queue_io+0x3a1/0x590 [ 233.967926][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 233.967969][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.968003][ T36] wb_workfn+0x409/0xef0 [ 233.968050][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 233.968073][ T36] ? register_lock_class+0x51/0x320 [ 233.968112][ T36] ? __lock_acquire+0xaac/0xd20 [ 233.968156][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 233.968200][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.968224][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 233.968257][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 233.968295][ T36] process_scheduled_works+0xadb/0x17a0 [ 233.968371][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 233.968432][ T36] worker_thread+0x8a0/0xda0 [ 233.968458][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 233.968496][ T36] ? __kthread_parkme+0x7b/0x200 [pid 6309] <... ioctl resumed>) = 0 [pid 6306] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.968534][ T36] kthread+0x70e/0x8a0 [ 233.968565][ T36] ? __pfx_worker_thread+0x10/0x10 [ 233.968586][ T36] ? __pfx_kthread+0x10/0x10 [ 233.968614][ T36] ? __pfx_kthread+0x10/0x10 [ 233.968640][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.968665][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.968700][ T36] ? __pfx_kthread+0x10/0x10 [ 233.968725][ T36] ret_from_fork+0x4b/0x80 [ 233.968746][ T36] ? __pfx_kthread+0x10/0x10 [ 233.968772][ T36] ret_from_fork_asm+0x1a/0x30 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6306] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6312]}, 88) = 6312 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.968830][ T36] [ 233.969807][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.017133][ T6309] loop0: detected capacity change from 0 to 40427 [ 234.076562][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 234.076597][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 234.076615][ T36] Workqueue: writeback wb_workfn (flush-7:1) [ 234.076653][ T36] Call Trace: [ 234.076664][ T36] [pid 6306] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6306] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6306] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6313]}, 88) = 6313 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6313 attached [pid 6313] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6313] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6309] close(3 [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] <... close resumed>) = 0 [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] close(4 [pid 6313] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6309] <... close resumed>) = 0 [pid 6309] mkdir("./bus", 0777) = 0 [ 234.076676][ T36] dump_stack_lvl+0x189/0x250 [ 234.076725][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.076760][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 234.076780][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 234.076809][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 234.076853][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 234.076896][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 234.076951][ T36] __submit_merged_bio+0x27a/0x6a0 [ 234.076989][ T36] __submit_merged_write_cond+0x255/0x530 [ 234.077030][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 234.077065][ T36] ? __lock_acquire+0xaac/0xd20 [ 234.077144][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.077202][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 234.077276][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 234.077329][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 234.077366][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 234.077407][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 234.077446][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 234.077492][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.077529][ T36] do_writepages+0x3ae/0x7b0 [ 234.077572][ T36] ? __lock_acquire+0xaac/0xd20 [ 234.077615][ T36] ? __pfx_do_writepages+0x10/0x10 [ 234.077671][ T36] __writeback_single_inode+0x145/0xff0 [ 234.077712][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 234.077746][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 234.077817][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 234.077910][ T36] ? rcu_is_watching+0x15/0xb0 [ 234.077959][ T36] wb_writeback+0x43b/0xaf0 [ 234.078002][ T36] ? queue_io+0x3a1/0x590 [ 234.078039][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 234.078084][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.078118][ T36] wb_workfn+0x409/0xef0 [ 234.078168][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 234.078191][ T36] ? register_lock_class+0x51/0x320 [ 234.078233][ T36] ? __lock_acquire+0xaac/0xd20 [ 234.078279][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 234.078325][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.078350][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 234.078385][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 234.078426][ T36] process_scheduled_works+0xadb/0x17a0 [ 234.078507][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 234.078571][ T36] worker_thread+0x8a0/0xda0 [ 234.078599][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 234.078638][ T36] ? __kthread_parkme+0x7b/0x200 [ 234.078678][ T36] kthread+0x70e/0x8a0 [ 234.078718][ T36] ? __pfx_worker_thread+0x10/0x10 [pid 6309] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"..../strace-static-x86_64: Process 6312 attached [pid 6306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6312] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6312] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6312] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6312] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 234.078741][ T36] ? __pfx_kthread+0x10/0x10 [ 234.078771][ T36] ? __pfx_kthread+0x10/0x10 [ 234.078797][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.078824][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.078855][ T36] ? __pfx_kthread+0x10/0x10 [ 234.078881][ T36] ret_from_fork+0x4b/0x80 [ 234.078904][ T36] ? __pfx_kthread+0x10/0x10 [ 234.078930][ T36] ret_from_fork_asm+0x1a/0x30 [ 234.078990][ T36] [ 234.079000][ T36] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.384694][ T6309] F2FS-fs (loop0): invalid crc value [pid 6312] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6307] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6313] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... futex resumed>) = 0 [pid 6307] <... futex resumed>) = 0 [pid 6313] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6307] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6306] exit_group(0) = ? [pid 6313] <... futex resumed>) = ? [pid 6312] <... futex resumed>) = ? [pid 6312] +++ exited with 0 +++ [pid 6313] +++ exited with 0 +++ [pid 6307] <... futex resumed>) = ? [pid 6307] +++ exited with 0 +++ [pid 6306] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6306, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=39 /* 0.39 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 234.664968][ T6307] VFS:Filesystem freeze failed [pid 5824] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./38/binderfs") = 0 [pid 5824] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6309] <... mount resumed>) = 0 [pid 6309] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6309] chdir("./bus") = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6309] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... futex resumed>) = 0 [ 234.906725][ T6309] F2FS-fs (loop0): Start checkpoint disabled! [ 234.934129][ T6309] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6308] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6309] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6308] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... openat resumed>) = 4 [pid 6309] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6309] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 6309] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6308] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... openat resumed>) = 5 [pid 6309] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6308] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 234.993306][ T36] kworker/u8:2: attempt to access beyond end of device [ 234.993306][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [pid 6308] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./38/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6308] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5824] rmdir("./38" [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} [pid 5824] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6316 attached [pid 6316] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6308] <... clone3 resumed> => {parent_tid=[6316]}, 88) = 6316 [pid 6316] <... rseq resumed>) = 0 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6316] set_robust_list(0x7f836b53e9a0, 24 [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6316] <... set_robust_list resumed>) = 0 [ 235.046984][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 235.047016][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.047030][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 235.047063][ T36] Call Trace: [ 235.047072][ T36] [ 235.047082][ T36] dump_stack_lvl+0x189/0x250 [ 235.047119][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.047148][ T36] ? __pfx_queue_work_on+0x10/0x10 [pid 6308] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] <... futex resumed>) = 0 [pid 6316] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6316] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 5824] mkdir("./39", 0777 [pid 6316] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 5824] <... mkdir resumed>) = 0 [pid 6316] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6316] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6308] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... openat resumed>) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 235.047168][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 235.047193][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 235.047233][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 235.047274][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 235.047328][ T36] __submit_merged_bio+0x27a/0x6a0 [ 235.047366][ T36] __submit_merged_write_cond+0x255/0x530 [ 235.047406][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 235.047437][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.047510][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 235.047562][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 235.047631][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 235.047680][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 235.047713][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 235.047750][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 235.047786][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 235.047828][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 235.047861][ T36] do_writepages+0x3ae/0x7b0 [ 235.047908][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.047948][ T36] ? __pfx_do_writepages+0x10/0x10 [ 235.047995][ T36] __writeback_single_inode+0x145/0xff0 [ 235.048024][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 235.048052][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 235.048133][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 235.048219][ T36] ? rcu_is_watching+0x15/0xb0 [ 235.048264][ T36] wb_writeback+0x43b/0xaf0 [ 235.048305][ T36] ? queue_io+0x3a1/0x590 [ 235.048338][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 235.048375][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.048400][ T36] wb_workfn+0x409/0xef0 [ 235.048436][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 235.048453][ T36] ? register_lock_class+0x51/0x320 [ 235.048484][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.048518][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.048552][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.048570][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.048596][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.048626][ T36] process_scheduled_works+0xadb/0x17a0 [ 235.048685][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 235.048731][ T36] worker_thread+0x8a0/0xda0 [ 235.048751][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 235.048780][ T36] ? __kthread_parkme+0x7b/0x200 [ 235.048809][ T36] kthread+0x70e/0x8a0 [ 235.048833][ T36] ? __pfx_worker_thread+0x10/0x10 [ 235.048849][ T36] ? __pfx_kthread+0x10/0x10 [ 235.048871][ T36] ? __pfx_kthread+0x10/0x10 [ 235.048897][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.048916][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5824] close(3 [pid 6308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 235.048939][ T36] ? __pfx_kthread+0x10/0x10 [ 235.048959][ T36] ret_from_fork+0x4b/0x80 [ 235.048976][ T36] ? __pfx_kthread+0x10/0x10 [ 235.048996][ T36] ret_from_fork_asm+0x1a/0x30 [ 235.049040][ T36] [ 235.049297][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6308] exit_group(0) = ? [ 235.630606][ T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 235.630641][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 235.630665][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 235.630701][ T36] Call Trace: [ 235.630710][ T36] [ 235.630720][ T36] dump_stack_lvl+0x189/0x250 [ 235.630757][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 235.630788][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 235.630807][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 235.630834][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 235.630871][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 235.630909][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 235.630961][ T36] __submit_merged_bio+0x27a/0x6a0 [ 235.630997][ T36] __submit_merged_write_cond+0x255/0x530 [ 235.631035][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 235.631067][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.631133][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 235.631182][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 235.631244][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 235.631291][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 235.631324][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 235.631360][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 235.631394][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 235.631436][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 235.631470][ T36] do_writepages+0x3ae/0x7b0 [ 235.631509][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.631546][ T36] ? __pfx_do_writepages+0x10/0x10 [ 235.631593][ T36] __writeback_single_inode+0x145/0xff0 [ 235.631622][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 235.631660][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 235.631719][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 235.631795][ T36] ? rcu_is_watching+0x15/0xb0 [ 235.631839][ T36] wb_writeback+0x43b/0xaf0 [ 235.631878][ T36] ? queue_io+0x3a1/0x590 [ 235.631911][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 235.631950][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.631981][ T36] wb_workfn+0x409/0xef0 [ 235.632023][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 235.632045][ T36] ? register_lock_class+0x51/0x320 [ 235.632082][ T36] ? __lock_acquire+0xaac/0xd20 [ 235.632123][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.632164][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.632188][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.632221][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 235.632257][ T36] process_scheduled_works+0xadb/0x17a0 [ 235.632324][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 235.632379][ T36] worker_thread+0x8a0/0xda0 [ 235.632404][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 235.632439][ T36] ? __kthread_parkme+0x7b/0x200 [ 235.632473][ T36] kthread+0x70e/0x8a0 [ 235.632502][ T36] ? __pfx_worker_thread+0x10/0x10 [ 235.632522][ T36] ? __pfx_kthread+0x10/0x10 [ 235.632550][ T36] ? __pfx_kthread+0x10/0x10 [ 235.632574][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 235.632599][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6317 ./strace-static-x86_64: Process 6317 attached [pid 6317] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6317] chdir("./39") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6317] write(1, "executing program\n", 18) = 18 [pid 6317] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6317] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6318]}, 88) = 6318 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6317] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6318 attached [pid 6318] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [ 235.632627][ T36] ? __pfx_kthread+0x10/0x10 [ 235.632657][ T36] ret_from_fork+0x4b/0x80 [ 235.632678][ T36] ? __pfx_kthread+0x10/0x10 [ 235.632704][ T36] ret_from_fork_asm+0x1a/0x30 [ 235.632756][ T36] [ 235.632765][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6318] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6316] <... ioctl resumed>) = ? [pid 6318] memfd_create("syzkaller", 0 [pid 6316] +++ exited with 0 +++ [pid 6318] <... memfd_create resumed>) = 3 [pid 6318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6309] <... ioctl resumed>) = ? [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=64 /* 0.64 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 236.008322][ T6309] VFS:Filesystem freeze failed [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./38/binderfs") = 0 [pid 5823] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./38/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./38") = 0 [pid 5823] mkdir("./39", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6319 ./strace-static-x86_64: Process 6319 attached [pid 6319] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6318] <... write resumed>) = 20699119 [pid 6319] chdir("./39") = 0 [pid 6319] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6319] setpgid(0, 0) = 0 [pid 6318] munmap(0x7f8363000000, 138412032 [pid 6319] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6319] write(3, "1000", 4) = 4 [pid 6319] close(3) = 0 [pid 6319] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6319] write(1, "executing program\n", 18) = 18 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6319] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6319] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6320 attached => {parent_tid=[6320]}, 88) = 6320 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6319] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6320] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6320] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6320] memfd_create("syzkaller", 0) = 3 [pid 6320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6318] <... munmap resumed>) = 0 [pid 6320] <... mmap resumed>) = 0x7f8363000000 [pid 6318] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6318] close(3) = 0 [pid 6318] close(4) = 0 [pid 6318] mkdir("./bus", 0777) = 0 [ 237.007555][ T6318] loop1: detected capacity change from 0 to 40427 [ 237.029658][ T6318] F2FS-fs (loop1): invalid crc value [ 237.246774][ T6318] F2FS-fs (loop1): Start checkpoint disabled! [pid 6318] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6318] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [ 237.296508][ T6318] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6318] chdir("./bus") = 0 [pid 6318] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6318] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6318] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6317] <... futex resumed>) = 1 [pid 6318] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6317] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... openat resumed>) = 4 [pid 6318] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6318] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6318] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6317] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... openat resumed>) = 5 [pid 6320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6318] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6318] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6317] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 237.410810][ T6132] kworker/u8:8: attempt to access beyond end of device [ 237.410810][ T6132] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 237.446517][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 237.446552][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.446567][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 237.446603][ T6132] Call Trace: [ 237.446613][ T6132] [ 237.446623][ T6132] dump_stack_lvl+0x189/0x250 [ 237.446662][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.446693][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 237.446714][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 237.446749][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6317] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6317] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6323]}, 88) = 6323 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6317] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 237.446788][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 237.446828][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 237.446878][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 237.446917][ T6132] __submit_merged_write_cond+0x255/0x530 [ 237.446955][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 237.446987][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.447054][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.447105][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 237.447161][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [pid 6317] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6317] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} => {parent_tid=[6324]}, 88) = 6324 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6324 attached [pid 6317] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6324] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 237.447203][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 237.447235][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 237.447271][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 237.447306][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 237.447354][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.447389][ T6132] do_writepages+0x3ae/0x7b0 [ 237.447428][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.447467][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 237.447510][ T6132] __writeback_single_inode+0x145/0xff0 [ 237.447541][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 237.447572][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 237.447631][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 237.447708][ T6132] ? rcu_is_watching+0x15/0xb0 [ 237.447760][ T6132] wb_writeback+0x43b/0xaf0 [ 237.447799][ T6132] ? queue_io+0x3a1/0x590 [ 237.447832][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 237.447872][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.447904][ T6132] wb_workfn+0x409/0xef0 [ 237.447946][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 237.447968][ T6132] ? register_lock_class+0x51/0x320 [ 237.448006][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.448047][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.448089][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.448113][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.448146][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.448182][ T6132] process_scheduled_works+0xadb/0x17a0 [ 237.448249][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 237.448304][ T6132] worker_thread+0x8a0/0xda0 [pid 6324] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 237.448329][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.448365][ T6132] ? __kthread_parkme+0x7b/0x200 [ 237.448399][ T6132] kthread+0x70e/0x8a0 [ 237.448441][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 237.448461][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.448487][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.448511][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.448535][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.448562][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.448586][ T6132] ret_from_fork+0x4b/0x80 [ 237.448606][ T6132] ? __pfx_kthread+0x10/0x10 ./strace-static-x86_64: Process 6323 attached [pid 6323] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6323] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6323] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6323] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 237.448630][ T6132] ret_from_fork_asm+0x1a/0x30 [ 237.448680][ T6132] [ 237.448690][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6323] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] exit_group(0 [pid 6323] <... futex resumed>) = ? [pid 6317] <... exit_group resumed>) = ? [pid 6323] +++ exited with 0 +++ [ 237.919352][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 237.919387][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 237.919403][ T6132] Workqueue: writeback wb_workfn (flush-7:1) [ 237.919439][ T6132] Call Trace: [ 237.919448][ T6132] [ 237.919459][ T6132] dump_stack_lvl+0x189/0x250 [ 237.919497][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.919528][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 237.919548][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 237.919574][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.919612][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 237.919651][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 237.919709][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 237.919747][ T6132] __submit_merged_write_cond+0x255/0x530 [ 237.919784][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 237.919816][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.919883][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.919932][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 237.919993][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 237.920040][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 237.920073][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 237.920109][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 237.920143][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 237.920185][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.920218][ T6132] do_writepages+0x3ae/0x7b0 [ 237.920257][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.920295][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 237.920342][ T6132] __writeback_single_inode+0x145/0xff0 [ 237.920372][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 237.920403][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 237.920467][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 237.920544][ T6132] ? rcu_is_watching+0x15/0xb0 [ 237.920589][ T6132] wb_writeback+0x43b/0xaf0 [ 237.920627][ T6132] ? queue_io+0x3a1/0x590 [ 237.920661][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 237.920706][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.920737][ T6132] wb_workfn+0x409/0xef0 [ 237.920779][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 237.920802][ T6132] ? register_lock_class+0x51/0x320 [ 237.920839][ T6132] ? __lock_acquire+0xaac/0xd20 [ 237.920880][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.920921][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.920945][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.920978][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 237.921014][ T6132] process_scheduled_works+0xadb/0x17a0 [ 237.921082][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 237.921137][ T6132] worker_thread+0x8a0/0xda0 [ 237.921162][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.921197][ T6132] ? __kthread_parkme+0x7b/0x200 [ 237.921231][ T6132] kthread+0x70e/0x8a0 [ 237.921280][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 237.921301][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.921329][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.921354][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.921378][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [pid 6320] <... write resumed>) = 20699119 [pid 6320] munmap(0x7f8363000000, 138412032) = 0 [pid 6320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6320] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6320] close(3) = 0 [pid 6320] close(4) = 0 [pid 6320] mkdir("./bus", 0777) = 0 [ 237.921406][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.921430][ T6132] ret_from_fork+0x4b/0x80 [ 237.921452][ T6132] ? __pfx_kthread+0x10/0x10 [ 237.921478][ T6132] ret_from_fork_asm+0x1a/0x30 [ 237.921529][ T6132] [ 237.921539][ T6132] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 238.261626][ T6320] loop0: detected capacity change from 0 to 40427 [ 238.309074][ T6320] F2FS-fs (loop0): invalid crc value [pid 6320] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6324] <... ioctl resumed>) = ? [pid 6324] +++ exited with 0 +++ [pid 6318] <... ioctl resumed>) = ? [pid 6318] +++ exited with 0 +++ [pid 6317] +++ exited with 0 +++ [ 238.350487][ T6318] VFS:Filesystem freeze failed [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=34 /* 0.34 s */} --- [pid 5824] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./39/binderfs") = 0 [pid 5824] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6320] <... mount resumed>) = 0 [pid 6320] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6320] chdir("./bus") = 0 [pid 6320] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 238.626798][ T6320] F2FS-fs (loop0): Start checkpoint disabled! [ 238.666911][ T6320] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6320] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] <... futex resumed>) = 0 [pid 6319] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6320] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6319] <... futex resumed>) = 0 [pid 6320] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6320] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6319] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6320] <... futex resumed>) = 1 [pid 6319] <... futex resumed>) = 0 [pid 6320] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6319] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=46000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6319] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6319] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6319] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6319] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6319] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6327]}, 88) = 6327 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6319] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6327 attached [pid 6319] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 238.749575][ T6132] kworker/u8:8: attempt to access beyond end of device [ 238.749575][ T6132] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 238.808251][ T6132] CPU: 1 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 238.808287][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.808302][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 238.808337][ T6132] Call Trace: [ 238.808347][ T6132] [ 238.808356][ T6132] dump_stack_lvl+0x189/0x250 [ 238.808394][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.808424][ T6132] ? __pfx_queue_work_on+0x10/0x10 [pid 6327] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6327] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6327] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6327] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6327] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6319] <... futex resumed>) = 0 [pid 6319] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = 0 [pid 6319] <... futex resumed>) = 1 [pid 6327] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6319] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6319] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6319] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 238.808443][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 238.808470][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 238.808510][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 238.808550][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 238.808612][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 238.808650][ T6132] __submit_merged_write_cond+0x255/0x530 [ 238.808689][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 238.808720][ T6132] ? __lock_acquire+0xaac/0xd20 [ 238.808792][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 238.808843][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 238.808912][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 238.808960][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 238.808993][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 238.809029][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 238.809065][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 238.809107][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 238.809140][ T6132] do_writepages+0x3ae/0x7b0 [ 238.809181][ T6132] ? __lock_acquire+0xaac/0xd20 [ 238.809220][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 238.809270][ T6132] __writeback_single_inode+0x145/0xff0 [ 238.809300][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 238.809331][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 238.809396][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 238.809481][ T6132] ? rcu_is_watching+0x15/0xb0 [ 238.809527][ T6132] wb_writeback+0x43b/0xaf0 [ 238.809566][ T6132] ? queue_io+0x3a1/0x590 [ 238.809605][ T6132] ? __pfx_wb_writeback+0x10/0x10 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 238.809647][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 238.809678][ T6132] wb_workfn+0x409/0xef0 [ 238.809723][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 238.809745][ T6132] ? register_lock_class+0x51/0x320 [ 238.809783][ T6132] ? __lock_acquire+0xaac/0xd20 [ 238.809826][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 238.809868][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 238.809905][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 238.809937][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 238.809999][ T6132] process_scheduled_works+0xadb/0x17a0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./39/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./39") = 0 [pid 5824] mkdir("./40", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [pid 5824] close(3 [pid 6319] exit_group(0) = ? [ 238.810081][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 238.810141][ T6132] worker_thread+0x8a0/0xda0 [ 238.810174][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 238.810212][ T6132] ? __kthread_parkme+0x7b/0x200 [ 238.810249][ T6132] kthread+0x70e/0x8a0 [ 238.810280][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 238.810300][ T6132] ? __pfx_kthread+0x10/0x10 [ 238.810337][ T6132] ? __pfx_kthread+0x10/0x10 [ 238.810362][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 238.810393][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.810426][ T6132] ? __pfx_kthread+0x10/0x10 [ 238.810450][ T6132] ret_from_fork+0x4b/0x80 [ 238.810471][ T6132] ? __pfx_kthread+0x10/0x10 [ 238.810498][ T6132] ret_from_fork_asm+0x1a/0x30 [ 238.810554][ T6132] [ 238.810563][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 239.224454][ T6132] CPU: 0 UID: 0 PID: 6132 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 239.224489][ T6132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.224505][ T6132] Workqueue: writeback wb_workfn (flush-7:0) [ 239.224540][ T6132] Call Trace: [ 239.224549][ T6132] [ 239.224559][ T6132] dump_stack_lvl+0x189/0x250 [ 239.224596][ T6132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.224625][ T6132] ? __pfx_queue_work_on+0x10/0x10 [ 239.224653][ T6132] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 239.224680][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 239.224717][ T6132] f2fs_handle_critical_error+0x37c/0x540 [ 239.224756][ T6132] f2fs_write_end_io+0x4e2/0x6d0 [ 239.224818][ T6132] __submit_merged_bio+0x27a/0x6a0 [ 239.224852][ T6132] __submit_merged_write_cond+0x255/0x530 [ 239.224888][ T6132] f2fs_write_data_pages+0x2854/0x31f0 [ 239.224918][ T6132] ? __lock_acquire+0xaac/0xd20 [ 239.224980][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 239.225028][ T6132] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 239.225087][ T6132] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 239.225132][ T6132] ? trace_f2fs_writepages+0x7f/0x200 [ 239.225163][ T6132] ? f2fs_write_node_pages+0x478/0x6e0 [ 239.225196][ T6132] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 239.225230][ T6132] ? has_not_enough_free_secs+0xd8b/0x1640 [ 239.225269][ T6132] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 239.225301][ T6132] do_writepages+0x3ae/0x7b0 [ 239.225339][ T6132] ? __lock_acquire+0xaac/0xd20 [ 239.225376][ T6132] ? __pfx_do_writepages+0x10/0x10 [ 239.225421][ T6132] __writeback_single_inode+0x145/0xff0 [ 239.225450][ T6132] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 239.225480][ T6132] writeback_sb_inodes+0x6b5/0x1000 [ 239.225537][ T6132] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 239.225611][ T6132] ? rcu_is_watching+0x15/0xb0 [ 239.225661][ T6132] wb_writeback+0x43b/0xaf0 [ 239.225698][ T6132] ? queue_io+0x3a1/0x590 [ 239.225730][ T6132] ? __pfx_wb_writeback+0x10/0x10 [ 239.225768][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 239.225798][ T6132] wb_workfn+0x409/0xef0 [ 239.225838][ T6132] ? __pfx_wb_workfn+0x10/0x10 [ 239.225860][ T6132] ? register_lock_class+0x51/0x320 [ 239.225895][ T6132] ? __lock_acquire+0xaac/0xd20 [ 239.225934][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 239.225974][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 239.225997][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 239.226028][ T6132] ? process_scheduled_works+0x9ec/0x17a0 [ 239.226063][ T6132] process_scheduled_works+0xadb/0x17a0 [ 239.226129][ T6132] ? __pfx_process_scheduled_works+0x10/0x10 [ 239.226201][ T6132] worker_thread+0x8a0/0xda0 [ 239.226226][ T6132] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 239.226262][ T6132] ? __kthread_parkme+0x7b/0x200 [ 239.226296][ T6132] kthread+0x70e/0x8a0 [ 239.226326][ T6132] ? __pfx_worker_thread+0x10/0x10 [ 239.226347][ T6132] ? __pfx_kthread+0x10/0x10 [ 239.226375][ T6132] ? __pfx_kthread+0x10/0x10 [ 239.226401][ T6132] ? _raw_spin_unlock_irq+0x23/0x50 [ 239.226427][ T6132] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.226454][ T6132] ? __pfx_kthread+0x10/0x10 [ 239.226478][ T6132] ret_from_fork+0x4b/0x80 [ 239.226499][ T6132] ? __pfx_kthread+0x10/0x10 [ 239.226524][ T6132] ret_from_fork_asm+0x1a/0x30 [ 239.226575][ T6132] [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6328 ./strace-static-x86_64: Process 6328 attached [pid 6328] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6328] chdir("./40") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6328] write(1, "executing program\n", 18) = 18 [pid 6328] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6328] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6329 attached [pid 6329] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6328] <... clone3 resumed> => {parent_tid=[6329]}, 88) = 6329 [pid 6329] <... rseq resumed>) = 0 [pid 6329] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6328] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 239.798556][ T6132] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 6327] <... ioctl resumed>) = ? [pid 6320] <... ioctl resumed>) = ? [pid 6327] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ [pid 6319] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6319, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=35 /* 0.35 s */} --- [pid 5823] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./39/binderfs") = 0 [ 239.960129][ T6320] VFS:Filesystem freeze failed [pid 5823] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./39/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./39") = 0 [pid 5823] mkdir("./40", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6329] <... write resumed>) = 20699119 [pid 6329] munmap(0x7f8363000000, 138412032) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] close(4) = 0 [pid 6329] mkdir("./bus", 0777) = 0 [pid 6329] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6331 attached [ 240.769460][ T6329] loop1: detected capacity change from 0 to 40427 [ 240.807695][ T6329] F2FS-fs (loop1): invalid crc value [pid 6331] set_robust_list(0x55558e3aa6a0, 24 [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6331 [pid 6331] <... set_robust_list resumed>) = 0 [pid 6331] chdir("./40") = 0 [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0) = 0 [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6331] write(3, "1000", 4) = 4 [pid 6331] close(3) = 0 [pid 6331] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6331] write(1, "executing program\n", 18) = 18 [pid 6331] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6331] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6332 attached => {parent_tid=[6332]}, 88) = 6332 [pid 6332] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] <... rseq resumed>) = 0 [pid 6331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] set_robust_list(0x7f836b55f9a0, 24 [pid 6331] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... set_robust_list resumed>) = 0 [pid 6331] <... futex resumed>) = 0 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6331] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] memfd_create("syzkaller", 0) = 3 [pid 6332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 241.096761][ T6329] F2FS-fs (loop1): Start checkpoint disabled! [pid 6329] <... mount resumed>) = 0 [pid 6329] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6329] chdir("./bus") = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6329] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] <... futex resumed>) = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6328] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... openat resumed>) = 4 [pid 6329] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] <... futex resumed>) = 0 [pid 6329] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6328] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... openat resumed>) = 5 [ 241.143866][ T6329] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6329] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6328] <... futex resumed>) = 0 [pid 6329] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 241.218465][ T12] kworker/u8:0: attempt to access beyond end of device [ 241.218465][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 241.257089][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 241.257123][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.257139][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 241.257196][ T12] Call Trace: [ 241.257210][ T12] [ 241.257221][ T12] dump_stack_lvl+0x189/0x250 [ 241.257257][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.257287][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 241.257307][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.257333][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.257382][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 241.257419][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 241.257468][ T12] __submit_merged_bio+0x27a/0x6a0 [ 241.257522][ T12] __submit_merged_write_cond+0x255/0x530 [ 241.257560][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 241.257590][ T12] ? __lock_acquire+0xaac/0xd20 [ 241.257657][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [pid 6329] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6328] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6334]}, 88) = 6334 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6328] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6328] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6335 attached => {parent_tid=[6335]}, 88) = 6335 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6335] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 241.257705][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 241.257768][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 241.257813][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 241.257845][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 241.257881][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 241.257915][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 241.257955][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.257988][ T12] do_writepages+0x3ae/0x7b0 [ 241.258027][ T12] ? __lock_acquire+0xaac/0xd20 [pid 6335] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6328] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 241.258064][ T12] ? __pfx_do_writepages+0x10/0x10 [ 241.258110][ T12] __writeback_single_inode+0x145/0xff0 [ 241.258139][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 241.258176][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 241.258235][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 241.258312][ T12] ? rcu_is_watching+0x15/0xb0 [ 241.258355][ T12] wb_writeback+0x43b/0xaf0 [ 241.258393][ T12] ? queue_io+0x3a1/0x590 [ 241.258427][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 241.258466][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.258496][ T12] wb_workfn+0x409/0xef0 [ 241.258538][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 241.258559][ T12] ? register_lock_class+0x51/0x320 [ 241.258595][ T12] ? __lock_acquire+0xaac/0xd20 [ 241.258635][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.258675][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.258698][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.258729][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.258764][ T12] process_scheduled_works+0xadb/0x17a0 [ 241.258831][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 241.258884][ T12] worker_thread+0x8a0/0xda0 [ 241.258936][ T12] kthread+0x70e/0x8a0 [ 241.258965][ T12] ? __pfx_worker_thread+0x10/0x10 [ 241.258985][ T12] ? __pfx_kthread+0x10/0x10 [ 241.259012][ T12] ? __pfx_kthread+0x10/0x10 [ 241.259036][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.259059][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.259086][ T12] ? __pfx_kthread+0x10/0x10 [ 241.259109][ T12] ret_from_fork+0x4b/0x80 ./strace-static-x86_64: Process 6334 attached [pid 6334] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6328] exit_group(0) = ? [pid 6334] <... rseq resumed>) = ? [pid 6334] +++ exited with 0 +++ [ 241.259129][ T12] ? __pfx_kthread+0x10/0x10 [ 241.259154][ T12] ret_from_fork_asm+0x1a/0x30 [ 241.259210][ T12] [ 241.259219][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 241.585366][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 241.585398][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.585415][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 241.585449][ T12] Call Trace: [ 241.585458][ T12] [ 241.585469][ T12] dump_stack_lvl+0x189/0x250 [ 241.585506][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.585538][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 241.585558][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.585586][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.585627][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 241.585668][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 241.585723][ T12] __submit_merged_bio+0x27a/0x6a0 [ 241.585764][ T12] __submit_merged_write_cond+0x255/0x530 [ 241.585816][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 241.585846][ T12] ? __lock_acquire+0xaac/0xd20 [ 241.585938][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.585992][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 241.586064][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 241.586114][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 241.586148][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 241.586198][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 241.586235][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 241.586278][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.586312][ T12] do_writepages+0x3ae/0x7b0 [ 241.586354][ T12] ? __lock_acquire+0xaac/0xd20 [ 241.586395][ T12] ? __pfx_do_writepages+0x10/0x10 [ 241.586449][ T12] __writeback_single_inode+0x145/0xff0 [ 241.586479][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 241.586512][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 241.586580][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 241.586678][ T12] ? rcu_is_watching+0x15/0xb0 [ 241.586724][ T12] wb_writeback+0x43b/0xaf0 [ 241.586764][ T12] ? queue_io+0x3a1/0x590 [ 241.586797][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 241.586838][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.586870][ T12] wb_workfn+0x409/0xef0 [ 241.586916][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 241.586936][ T12] ? register_lock_class+0x51/0x320 [ 241.586974][ T12] ? __lock_acquire+0xaac/0xd20 [ 241.587016][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.587058][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.587080][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.587112][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 241.587148][ T12] process_scheduled_works+0xadb/0x17a0 [ 241.587227][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 241.587285][ T12] worker_thread+0x8a0/0xda0 [ 241.587343][ T12] kthread+0x70e/0x8a0 [ 241.587373][ T12] ? __pfx_worker_thread+0x10/0x10 [ 241.587393][ T12] ? __pfx_kthread+0x10/0x10 [ 241.587421][ T12] ? __pfx_kthread+0x10/0x10 [ 241.587446][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.587470][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.587497][ T12] ? __pfx_kthread+0x10/0x10 [ 241.587522][ T12] ret_from_fork+0x4b/0x80 [ 241.587542][ T12] ? __pfx_kthread+0x10/0x10 [ 241.587567][ T12] ret_from_fork_asm+0x1a/0x30 [ 241.587622][ T12] [ 242.196456][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6335] <... ioctl resumed>) = ? [pid 6335] +++ exited with 0 +++ [pid 6329] <... ioctl resumed>) = ? [pid 6329] +++ exited with 0 +++ [pid 6328] +++ exited with 0 +++ [ 242.257013][ T6329] VFS:Filesystem freeze failed [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6328, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=33 /* 0.33 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6332] <... write resumed>) = 20699119 [pid 5824] <... openat resumed>) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6332] munmap(0x7f8363000000, 138412032 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./40/binderfs" [pid 6332] <... munmap resumed>) = 0 [pid 5824] <... unlink resumed>) = 0 [pid 5824] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6332] close(3) = 0 [pid 6332] close(4) = 0 [pid 6332] mkdir("./bus", 0777) = 0 [ 242.358203][ T6332] loop0: detected capacity change from 0 to 40427 [ 242.399883][ T6332] F2FS-fs (loop0): invalid crc value [ 242.626925][ T6332] F2FS-fs (loop0): Start checkpoint disabled! [pid 6332] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6332] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6332] chdir("./bus") = 0 [pid 6332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6332] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6332] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6332] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [ 242.676537][ T6332] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6331] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... openat resumed>) = 4 [pid 5824] <... umount2 resumed>) = 0 [pid 6332] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] <... futex resumed>) = 1 [pid 6332] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... futex resumed>) = 0 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./40/bus", [pid 6331] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6332] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 5824] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5824] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6331] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... openat resumed>) = 5 [pid 5824] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6332] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 5824] <... openat resumed>) = 4 [pid 6332] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6331] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] newfstatat(4, "", [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./40/bus") = 0 [ 242.752277][ T12] kworker/u8:0: attempt to access beyond end of device [ 242.752277][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 242.789995][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 242.790028][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.790044][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 242.790078][ T12] Call Trace: [ 242.790088][ T12] [ 242.790098][ T12] dump_stack_lvl+0x189/0x250 [ 242.790136][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.790168][ T12] ? __pfx_queue_work_on+0x10/0x10 [pid 5824] getdents64(3, [pid 6331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6331] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6331] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6338]}, 88) = 6338 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6331] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6338 attached [pid 6338] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6338] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6338] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6338] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6331] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 242.790188][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 242.790215][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 242.790253][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 242.790293][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 242.790357][ T12] __submit_merged_bio+0x27a/0x6a0 [ 242.790396][ T12] __submit_merged_write_cond+0x255/0x530 [ 242.790441][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 242.790473][ T12] ? __lock_acquire+0xaac/0xd20 [ 242.790544][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 242.790597][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 242.790666][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 242.790716][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 242.790749][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 242.790786][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 242.790823][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 242.790866][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 242.790900][ T12] do_writepages+0x3ae/0x7b0 [pid 6338] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6331] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6331] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5824] <... getdents64 resumed>0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./40") = 0 [pid 5824] mkdir("./41", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 242.790943][ T12] ? __lock_acquire+0xaac/0xd20 [ 242.790983][ T12] ? __pfx_do_writepages+0x10/0x10 [ 242.791035][ T12] __writeback_single_inode+0x145/0xff0 [ 242.791067][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 242.791098][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 242.791166][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 242.791255][ T12] ? rcu_is_watching+0x15/0xb0 [ 242.791303][ T12] wb_writeback+0x43b/0xaf0 [ 242.791351][ T12] ? queue_io+0x3a1/0x590 [ 242.791386][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 242.791429][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 242.791462][ T12] wb_workfn+0x409/0xef0 [ 242.791509][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 242.791530][ T12] ? register_lock_class+0x51/0x320 [ 242.791569][ T12] ? __lock_acquire+0xaac/0xd20 [ 242.791613][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 242.791656][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 242.791679][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 242.791711][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 242.791748][ T12] process_scheduled_works+0xadb/0x17a0 [ 242.791824][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 242.791883][ T12] worker_thread+0x8a0/0xda0 [ 242.791942][ T12] kthread+0x70e/0x8a0 [ 242.791973][ T12] ? __pfx_worker_thread+0x10/0x10 [ 242.791994][ T12] ? __pfx_kthread+0x10/0x10 [ 242.792023][ T12] ? __pfx_kthread+0x10/0x10 [ 242.792048][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 242.792072][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.792101][ T12] ? __pfx_kthread+0x10/0x10 [ 242.792126][ T12] ret_from_fork+0x4b/0x80 [ 242.792147][ T12] ? __pfx_kthread+0x10/0x10 [ 242.792173][ T12] ret_from_fork_asm+0x1a/0x30 [ 242.792231][ T12] [ 242.856525][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] close(3 [pid 6331] exit_group(0) = ? [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6339 attached , child_tidptr=0x55558e3aa690) = 6339 [pid 6339] set_robust_list(0x55558e3aa6a0, 24) = 0 [ 243.366626][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 243.366662][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.366678][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 243.366713][ T12] Call Trace: [ 243.366723][ T12] [ 243.366733][ T12] dump_stack_lvl+0x189/0x250 [ 243.366770][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.366801][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 243.366820][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 243.366847][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 243.366884][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 243.366923][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 243.366974][ T12] __submit_merged_bio+0x27a/0x6a0 [ 243.367011][ T12] __submit_merged_write_cond+0x255/0x530 [ 243.367049][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 243.367080][ T12] ? __lock_acquire+0xaac/0xd20 [ 243.367150][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 243.367199][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 243.367262][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 243.367315][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 243.367348][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 243.367384][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 243.367419][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 243.367460][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 243.367495][ T12] do_writepages+0x3ae/0x7b0 [ 243.367533][ T12] ? __lock_acquire+0xaac/0xd20 executing program [pid 6339] chdir("./41") = 0 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6339] setpgid(0, 0) = 0 [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6339] write(3, "1000", 4) = 4 [pid 6339] close(3) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6339] write(1, "executing program\n", 18) = 18 [pid 6339] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6339] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0} => {parent_tid=[6340]}, 88) = 6340 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 243.367571][ T12] ? __pfx_do_writepages+0x10/0x10 [ 243.367618][ T12] __writeback_single_inode+0x145/0xff0 [ 243.367648][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 243.367678][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 243.367738][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 243.367815][ T12] ? rcu_is_watching+0x15/0xb0 [ 243.367858][ T12] wb_writeback+0x43b/0xaf0 [ 243.367897][ T12] ? queue_io+0x3a1/0x590 [ 243.367930][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 243.367969][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 243.368000][ T12] wb_workfn+0x409/0xef0 [ 243.368042][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 243.368065][ T12] ? register_lock_class+0x51/0x320 [ 243.368102][ T12] ? __lock_acquire+0xaac/0xd20 [ 243.368142][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 243.368184][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 243.368207][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 243.368239][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 243.368275][ T12] process_scheduled_works+0xadb/0x17a0 [ 243.368348][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 243.368402][ T12] worker_thread+0x8a0/0xda0 [ 243.368453][ T12] kthread+0x70e/0x8a0 [ 243.368483][ T12] ? __pfx_worker_thread+0x10/0x10 [ 243.368504][ T12] ? __pfx_kthread+0x10/0x10 [ 243.368531][ T12] ? __pfx_kthread+0x10/0x10 [ 243.368556][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 243.368580][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.368607][ T12] ? __pfx_kthread+0x10/0x10 [ 243.368632][ T12] ret_from_fork+0x4b/0x80 [pid 6339] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6340 attached [pid 6340] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6340] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6340] memfd_create("syzkaller", 0 [pid 6338] <... ioctl resumed>) = ? [pid 6332] <... ioctl resumed>) = ? [pid 6340] <... memfd_create resumed>) = 3 [pid 6338] +++ exited with 0 +++ [pid 6332] +++ exited with 0 +++ [pid 6331] +++ exited with 0 +++ [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6331, si_uid=0, si_status=0, si_utime=14 /* 0.14 s */, si_stime=36 /* 0.36 s */} --- [pid 5823] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./40/binderfs") = 0 [ 243.368653][ T12] ? __pfx_kthread+0x10/0x10 [ 243.368678][ T12] ret_from_fork_asm+0x1a/0x30 [ 243.368730][ T12] [ 243.370978][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 243.688951][ T6332] VFS:Filesystem freeze failed [pid 5823] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./40/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./40") = 0 [pid 5823] mkdir("./41", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6340] <... write resumed>) = 20699119 [pid 6340] munmap(0x7f8363000000, 138412032./strace-static-x86_64: Process 6341 attached [pid 5823] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6341 [pid 6340] <... munmap resumed>) = 0 [pid 6341] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6341] chdir("./41" [pid 6340] <... openat resumed>) = 4 [pid 6341] <... chdir resumed>) = 0 [pid 6340] ioctl(4, LOOP_SET_FD, 3 [pid 6341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6341] setpgid(0, 0 [pid 6340] <... ioctl resumed>) = 0 [pid 6341] <... setpgid resumed>) = 0 [pid 6341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6340] close(3 [pid 6341] write(3, "1000", 4 [pid 6340] <... close resumed>) = 0 [pid 6341] <... write resumed>) = 4 [pid 6340] close(4 [pid 6341] close(3 [pid 6340] <... close resumed>) = 0 [pid 6341] <... close resumed>) = 0 [pid 6340] mkdir("./bus", 0777 [pid 6341] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6340] <... mkdir resumed>) = 0 [pid 6341] write(1, "executing program\n", 18) = 18 [pid 6341] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6341] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6342 attached => {parent_tid=[6342]}, 88) = 6342 [pid 6341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6340] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6342] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6341] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... rseq resumed>) = 0 [ 244.593578][ T6340] loop1: detected capacity change from 0 to 40427 [pid 6342] set_robust_list(0x7f836b55f9a0, 24 [pid 6341] <... futex resumed>) = 0 [pid 6342] <... set_robust_list resumed>) = 0 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6342] memfd_create("syzkaller", 0 [pid 6341] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6342] <... memfd_create resumed>) = 3 [pid 6342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [ 244.634950][ T6340] F2FS-fs (loop1): invalid crc value [pid 6340] <... mount resumed>) = 0 [pid 6340] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] chdir("./bus") = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6340] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6340] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6339] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... openat resumed>) = 4 [pid 6339] <... futex resumed>) = 0 [pid 6340] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6340] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6339] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] <... openat resumed>) = 5 [pid 6339] <... futex resumed>) = 0 [pid 6340] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6340] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6340] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6339] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 244.858683][ T6340] F2FS-fs (loop1): Start checkpoint disabled! [ 244.868236][ T6340] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 244.904133][ T12] kworker/u8:0: attempt to access beyond end of device [ 244.904133][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 244.936531][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [pid 6339] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6339] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6339] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6345]}, 88) = 6345 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 244.936564][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.936579][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 244.936614][ T12] Call Trace: [ 244.936624][ T12] [ 244.936633][ T12] dump_stack_lvl+0x189/0x250 [ 244.936669][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.936699][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 244.936718][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 244.936744][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [pid 6339] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6339] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6339] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [ 244.936782][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 244.936821][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 244.936871][ T12] __submit_merged_bio+0x27a/0x6a0 [ 244.936908][ T12] __submit_merged_write_cond+0x255/0x530 [ 244.936954][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 244.936984][ T12] ? __lock_acquire+0xaac/0xd20 [ 244.937050][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 244.937098][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 244.937160][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [pid 6339] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6346 attached => {parent_tid=[6346]}, 88) = 6346 [pid 6346] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] <... rseq resumed>) = 0 [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] set_robust_list(0x7f836b51d9a0, 24 [pid 6339] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... set_robust_list resumed>) = 0 [pid 6339] <... futex resumed>) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 244.937205][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 244.937237][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 244.937272][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 244.937307][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 244.937347][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 244.937380][ T12] do_writepages+0x3ae/0x7b0 [ 244.937419][ T12] ? __lock_acquire+0xaac/0xd20 [ 244.937455][ T12] ? __pfx_do_writepages+0x10/0x10 [ 244.937502][ T12] __writeback_single_inode+0x145/0xff0 [pid 6346] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6339] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 244.937531][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 244.937561][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 244.937620][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 244.937697][ T12] ? rcu_is_watching+0x15/0xb0 [ 244.937740][ T12] wb_writeback+0x43b/0xaf0 [ 244.937778][ T12] ? queue_io+0x3a1/0x590 [ 244.937810][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 244.937849][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 244.937879][ T12] wb_workfn+0x409/0xef0 [ 244.937926][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 244.937948][ T12] ? register_lock_class+0x51/0x320 [ 244.937984][ T12] ? __lock_acquire+0xaac/0xd20 [ 244.938023][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 244.938064][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 244.938087][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 244.938118][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 244.938153][ T12] process_scheduled_works+0xadb/0x17a0 [ 244.938219][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 244.938272][ T12] worker_thread+0x8a0/0xda0 [ 244.938324][ T12] kthread+0x70e/0x8a0 [pid 6342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119./strace-static-x86_64: Process 6345 attached [ 244.938353][ T12] ? __pfx_worker_thread+0x10/0x10 [ 244.938373][ T12] ? __pfx_kthread+0x10/0x10 [ 244.938400][ T12] ? __pfx_kthread+0x10/0x10 [ 244.938422][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 244.938446][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.938473][ T12] ? __pfx_kthread+0x10/0x10 [ 244.938496][ T12] ret_from_fork+0x4b/0x80 [ 244.938517][ T12] ? __pfx_kthread+0x10/0x10 [ 244.938541][ T12] ret_from_fork_asm+0x1a/0x30 [ 244.938593][ T12] [ 244.938603][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6345] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6345] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6345] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6345] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] exit_group(0 [pid 6345] <... futex resumed>) = ? [pid 6339] <... exit_group resumed>) = ? [pid 6345] +++ exited with 0 +++ [ 245.407201][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 245.407235][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.407250][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 245.407284][ T12] Call Trace: [ 245.407293][ T12] [ 245.407304][ T12] dump_stack_lvl+0x189/0x250 [ 245.407340][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.407372][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 245.407392][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 245.407419][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 245.407460][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 245.407502][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 245.407558][ T12] __submit_merged_bio+0x27a/0x6a0 [ 245.407598][ T12] __submit_merged_write_cond+0x255/0x530 [ 245.407638][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 245.407670][ T12] ? __lock_acquire+0xaac/0xd20 [ 245.407745][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 245.407798][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 245.407867][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 245.407928][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 245.407963][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 245.408001][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 245.408038][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 245.408081][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 245.408116][ T12] do_writepages+0x3ae/0x7b0 [ 245.408159][ T12] ? __lock_acquire+0xaac/0xd20 [ 245.408200][ T12] ? __pfx_do_writepages+0x10/0x10 [ 245.408252][ T12] __writeback_single_inode+0x145/0xff0 [ 245.408283][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 245.408316][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 245.408384][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 245.408473][ T12] ? rcu_is_watching+0x15/0xb0 [ 245.408521][ T12] wb_writeback+0x43b/0xaf0 [ 245.408563][ T12] ? queue_io+0x3a1/0x590 [ 245.408597][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 245.408640][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 245.408673][ T12] wb_workfn+0x409/0xef0 [ 245.408720][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 245.408742][ T12] ? register_lock_class+0x51/0x320 [ 245.408781][ T12] ? __lock_acquire+0xaac/0xd20 [ 245.408825][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 245.408868][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 245.408899][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 245.408932][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 245.408970][ T12] process_scheduled_works+0xadb/0x17a0 [ 245.409053][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 245.409113][ T12] worker_thread+0x8a0/0xda0 [ 245.409173][ T12] kthread+0x70e/0x8a0 [ 245.409204][ T12] ? __pfx_worker_thread+0x10/0x10 [ 245.409225][ T12] ? __pfx_kthread+0x10/0x10 [ 245.409254][ T12] ? __pfx_kthread+0x10/0x10 [ 245.409279][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 245.409304][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.409333][ T12] ? __pfx_kthread+0x10/0x10 [ 245.409357][ T12] ret_from_fork+0x4b/0x80 [ 245.409378][ T12] ? __pfx_kthread+0x10/0x10 [ 245.409405][ T12] ret_from_fork_asm+0x1a/0x30 [ 245.409461][ T12] [ 245.409471][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6342] <... write resumed>) = 20699119 [pid 6342] munmap(0x7f8363000000, 138412032) = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6346] <... ioctl resumed>) = ? [pid 6342] ioctl(4, LOOP_SET_FD, 3 [pid 6340] <... ioctl resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6342] <... ioctl resumed>) = 0 [pid 6342] close(3) = 0 [pid 6342] close(4) = 0 [pid 6342] mkdir("./bus", 0777) = 0 [pid 6342] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6340] +++ exited with 0 +++ [pid 6339] +++ exited with 0 +++ [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6339, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=36 /* 0.36 s */} --- [pid 5824] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5824] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./41/binderfs") = 0 [ 245.818174][ T6340] VFS:Filesystem freeze failed [ 245.823752][ T6342] loop0: detected capacity change from 0 to 40427 [ 245.883727][ T6342] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6342] <... mount resumed>) = 0 [pid 6342] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6342] chdir("./bus") = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 246.096715][ T6342] F2FS-fs (loop0): Start checkpoint disabled! [ 246.123981][ T6342] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6342] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6342] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... openat resumed>) = 4 [pid 6342] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 0 [pid 6342] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6342] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6342] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 0 [ 246.188987][ T12] kworker/u8:0: attempt to access beyond end of device [ 246.188987][ T12] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 246.216509][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 246.216542][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.216558][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 246.216592][ T12] Call Trace: [ 246.216603][ T12] [ 246.216613][ T12] dump_stack_lvl+0x189/0x250 [ 246.216651][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.216682][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 246.216702][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 246.216729][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 246.216771][ T12] f2fs_handle_critical_error+0x37c/0x540 [pid 6342] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6341] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6341] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6349]}, 88) = 6349 [pid 6341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6341] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6349 attached [pid 6349] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6349] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6349] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6349] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 5824] <... umount2 resumed>) = 0 [pid 6341] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 5824] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./41/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./41") = 0 [pid 5824] mkdir("./42", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 246.216812][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 246.216867][ T12] __submit_merged_bio+0x27a/0x6a0 [ 246.216907][ T12] __submit_merged_write_cond+0x255/0x530 [ 246.216948][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 246.216980][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.217055][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 246.217114][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 246.217186][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 246.217236][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 246.217270][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 246.217308][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 246.217344][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 246.217388][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 246.217422][ T12] do_writepages+0x3ae/0x7b0 [ 246.217464][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.217503][ T12] ? __pfx_do_writepages+0x10/0x10 [ 246.217555][ T12] __writeback_single_inode+0x145/0xff0 [ 246.217586][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [pid 6341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 246.217618][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 246.217685][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 246.217773][ T12] ? rcu_is_watching+0x15/0xb0 [ 246.217821][ T12] wb_writeback+0x43b/0xaf0 [ 246.217862][ T12] ? queue_io+0x3a1/0x590 [ 246.217897][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 246.217940][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.217973][ T12] wb_workfn+0x409/0xef0 [ 246.218020][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 246.218043][ T12] ? register_lock_class+0x51/0x320 [ 246.218082][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.218133][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.218176][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.218200][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.218233][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.218270][ T12] process_scheduled_works+0xadb/0x17a0 [ 246.218345][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 246.218405][ T12] worker_thread+0x8a0/0xda0 [ 246.218463][ T12] kthread+0x70e/0x8a0 [ 246.218494][ T12] ? __pfx_worker_thread+0x10/0x10 [ 246.218515][ T12] ? __pfx_kthread+0x10/0x10 [ 246.218543][ T12] ? __pfx_kthread+0x10/0x10 [ 246.218568][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.218593][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.218622][ T12] ? __pfx_kthread+0x10/0x10 [ 246.218646][ T12] ret_from_fork+0x4b/0x80 [ 246.218667][ T12] ? __pfx_kthread+0x10/0x10 [ 246.218693][ T12] ret_from_fork_asm+0x1a/0x30 [ 246.218749][ T12] [ 246.218758][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 246.539983][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 246.540015][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.540030][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 246.540064][ T12] Call Trace: [ 246.540074][ T12] [ 246.540090][ T12] dump_stack_lvl+0x189/0x250 [ 246.540129][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.540161][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 246.540178][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 246.540203][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 246.540241][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 246.540280][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 246.540334][ T12] __submit_merged_bio+0x27a/0x6a0 [ 246.540373][ T12] __submit_merged_write_cond+0x255/0x530 [ 246.540412][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 246.540444][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.540519][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 246.540570][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 246.540638][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 246.540708][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 246.540741][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 246.540779][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 246.540815][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 246.540857][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 246.540894][ T12] do_writepages+0x3ae/0x7b0 [ 246.540935][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.540974][ T12] ? __pfx_do_writepages+0x10/0x10 [ 246.541025][ T12] __writeback_single_inode+0x145/0xff0 [ 246.541055][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 246.541093][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 246.541157][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 246.541240][ T12] ? rcu_is_watching+0x15/0xb0 [ 246.541285][ T12] wb_writeback+0x43b/0xaf0 [ 246.541326][ T12] ? queue_io+0x3a1/0x590 [ 246.541361][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 246.541404][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.541438][ T12] wb_workfn+0x409/0xef0 [ 246.541484][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 246.541507][ T12] ? register_lock_class+0x51/0x320 [ 246.541547][ T12] ? __lock_acquire+0xaac/0xd20 [ 246.541591][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.541635][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.541659][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.541693][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 246.541731][ T12] process_scheduled_works+0xadb/0x17a0 [ 246.541808][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 246.541877][ T12] worker_thread+0x8a0/0xda0 [ 246.541935][ T12] kthread+0x70e/0x8a0 [ 246.541965][ T12] ? __pfx_worker_thread+0x10/0x10 [ 246.541984][ T12] ? __pfx_kthread+0x10/0x10 [ 246.542012][ T12] ? __pfx_kthread+0x10/0x10 [ 246.542036][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.542060][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.542095][ T12] ? __pfx_kthread+0x10/0x10 [ 246.542119][ T12] ret_from_fork+0x4b/0x80 [pid 5824] close(3 [pid 6349] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6342] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6342] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] <... futex resumed>) = 0 [pid 6349] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] exit_group(0 [pid 6349] <... futex resumed>) = ? [pid 6342] <... futex resumed>) = ? [pid 6341] <... exit_group resumed>) = ? [pid 6349] +++ exited with 0 +++ [pid 6342] +++ exited with 0 +++ [pid 6341] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6341, si_uid=0, si_status=0, si_utime=10 /* 0.10 s */, si_stime=39 /* 0.39 s */} --- [pid 5823] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./41/binderfs") = 0 [ 246.542140][ T12] ? __pfx_kthread+0x10/0x10 [ 246.542165][ T12] ret_from_fork_asm+0x1a/0x30 [ 246.542220][ T12] [ 246.543209][ T12] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 246.866686][ T6342] VFS:Filesystem freeze failed [pid 5823] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6350 attached , child_tidptr=0x55558e3aa690) = 6350 [pid 6350] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6350] chdir("./42") = 0 [pid 6350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6350] setpgid(0, 0) = 0 [pid 6350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6350] write(3, "1000", 4) = 4 [pid 6350] close(3) = 0 [pid 6350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6350] write(1, "executing program\n", 18executing program ) = 18 [pid 6350] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6350] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6351 attached => {parent_tid=[6351]}, 88) = 6351 [pid 6351] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], [pid 6351] <... rseq resumed>) = 0 [pid 6350] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6351] set_robust_list(0x7f836b55f9a0, 24 [pid 6350] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... set_robust_list resumed>) = 0 [pid 6350] <... futex resumed>) = 0 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], [pid 6350] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6351] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6351] memfd_create("syzkaller", 0) = 3 [pid 6351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./41/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./41") = 0 [pid 5823] mkdir("./42", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6352 ./strace-static-x86_64: Process 6352 attached [pid 6352] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6352] chdir("./42"executing program ) = 0 [pid 6352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6352] setpgid(0, 0) = 0 [pid 6352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6352] write(3, "1000", 4) = 4 [pid 6352] close(3) = 0 [pid 6352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6352] write(1, "executing program\n", 18) = 18 [pid 6352] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6352] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6353 attached => {parent_tid=[6353]}, 88) = 6353 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6353] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053) = 0 [pid 6353] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6353] memfd_create("syzkaller", 0) = 3 [pid 6353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6351] <... write resumed>) = 20699119 [pid 6351] munmap(0x7f8363000000, 138412032) = 0 [pid 6351] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6351] close(3) = 0 [pid 6351] close(4) = 0 [pid 6351] mkdir("./bus", 0777) = 0 [ 247.960652][ T6351] loop1: detected capacity change from 0 to 40427 [ 247.997219][ T6351] F2FS-fs (loop1): invalid crc value [pid 6351] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6351] <... mount resumed>) = 0 [pid 6351] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6351] chdir("./bus") = 0 [pid 6351] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6351] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6350] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6351] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6350] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6351] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6350] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 248.257410][ T6351] F2FS-fs (loop1): Start checkpoint disabled! [ 248.268645][ T6351] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6351] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6350] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6350] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6356]}, 88) = 6356 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6350] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 248.327934][ T12] kworker/u8:0: attempt to access beyond end of device [ 248.327934][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 248.375153][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 248.375187][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.375203][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 248.375238][ T12] Call Trace: [ 248.375248][ T12] [ 248.375258][ T12] dump_stack_lvl+0x189/0x250 [ 248.375295][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.375326][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 248.375346][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 248.375373][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 248.375411][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 248.375450][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 248.375506][ T12] __submit_merged_bio+0x27a/0x6a0 [ 248.375544][ T12] __submit_merged_write_cond+0x255/0x530 [ 248.375587][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 248.375618][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.375685][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 248.375734][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 248.375804][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 248.375850][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 248.375883][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 248.375919][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 248.375954][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 248.375995][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 248.376029][ T12] do_writepages+0x3ae/0x7b0 [ 248.376068][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.376106][ T12] ? __pfx_do_writepages+0x10/0x10 [ 248.376153][ T12] __writeback_single_inode+0x145/0xff0 [ 248.376183][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 248.376214][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 248.376274][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 248.376351][ T12] ? rcu_is_watching+0x15/0xb0 [ 248.376398][ T12] wb_writeback+0x43b/0xaf0 [ 248.376434][ T12] ? queue_io+0x3a1/0x590 [ 248.376466][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 248.376503][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.376534][ T12] wb_workfn+0x409/0xef0 [ 248.376576][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 248.376598][ T12] ? register_lock_class+0x51/0x320 [ 248.376635][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.376676][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.376716][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.376740][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.376780][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.376816][ T12] process_scheduled_works+0xadb/0x17a0 [ 248.376883][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 248.376937][ T12] worker_thread+0x8a0/0xda0 [ 248.376988][ T12] kthread+0x70e/0x8a0 [ 248.377018][ T12] ? __pfx_worker_thread+0x10/0x10 [ 248.377038][ T12] ? __pfx_kthread+0x10/0x10 [ 248.377065][ T12] ? __pfx_kthread+0x10/0x10 [ 248.377089][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.377113][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.377142][ T12] ? __pfx_kthread+0x10/0x10 [ 248.377166][ T12] ret_from_fork+0x4b/0x80 [ 248.377188][ T12] ? __pfx_kthread+0x10/0x10 [ 248.377213][ T12] ret_from_fork_asm+0x1a/0x30 [ 248.377265][ T12] [pid 6350] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6356 attached [pid 6356] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6356] set_robust_list(0x7f836b53e9a0, 24 [ 248.966526][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 248.986622][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 248.986657][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.986674][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 248.986710][ T12] Call Trace: [ 248.986719][ T12] [ 248.986729][ T12] dump_stack_lvl+0x189/0x250 [ 248.986766][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.986797][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 248.986818][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 248.986844][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 248.986882][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 248.986927][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 248.986978][ T12] __submit_merged_bio+0x27a/0x6a0 [ 248.987015][ T12] __submit_merged_write_cond+0x255/0x530 [ 248.987053][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 248.987085][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.987151][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 248.987200][ T12] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 248.987262][ T12] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 248.987308][ T12] ? trace_f2fs_writepages+0x7f/0x200 [ 248.987341][ T12] ? f2fs_write_node_pages+0x478/0x6e0 [ 248.987377][ T12] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 248.987412][ T12] ? has_not_enough_free_secs+0xd8b/0x1640 [ 248.987453][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 248.987488][ T12] do_writepages+0x3ae/0x7b0 [ 248.987527][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.987565][ T12] ? __pfx_do_writepages+0x10/0x10 [ 248.987613][ T12] __writeback_single_inode+0x145/0xff0 [ 248.987643][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 248.987674][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 248.987733][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 248.987809][ T12] ? rcu_is_watching+0x15/0xb0 [ 248.987853][ T12] wb_writeback+0x43b/0xaf0 [ 248.987892][ T12] ? queue_io+0x3a1/0x590 [ 248.987936][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 248.987976][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.988007][ T12] wb_workfn+0x409/0xef0 [ 248.988049][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 248.988071][ T12] ? register_lock_class+0x51/0x320 [ 248.988108][ T12] ? __lock_acquire+0xaac/0xd20 [ 248.988149][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.988191][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.988215][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.988248][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 248.988284][ T12] process_scheduled_works+0xadb/0x17a0 [ 248.988352][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 248.988407][ T12] worker_thread+0x8a0/0xda0 [ 248.988458][ T12] kthread+0x70e/0x8a0 [ 248.988488][ T12] ? __pfx_worker_thread+0x10/0x10 [ 248.988509][ T12] ? __pfx_kthread+0x10/0x10 [ 248.988536][ T12] ? __pfx_kthread+0x10/0x10 [pid 6350] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... set_robust_list resumed>) = 0 [pid 6350] <... futex resumed>) = 0 [ 248.988560][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.988585][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.988612][ T12] ? __pfx_kthread+0x10/0x10 [ 248.988636][ T12] ret_from_fork+0x4b/0x80 [ 248.988658][ T12] ? __pfx_kthread+0x10/0x10 [ 248.988680][ T12] ret_from_fork_asm+0x1a/0x30 [ 248.988731][ T12] [ 248.988741][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [pid 6350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], [pid 6353] <... write resumed>) = 20699119 [pid 6350] <... mmap resumed>) = 0x7f836b4fd000 [pid 6356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6353] munmap(0x7f8363000000, 138412032 [pid 6350] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE [pid 6356] ioctl(4, F2FS_IOC_SET_PIN_FILE [pid 6353] <... munmap resumed>) = 0 [pid 6350] <... mprotect resumed>) = 0 [pid 6350] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6353] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6356] <... ioctl resumed>, 0x200000000180) = -1 EIO (Input/output error) [pid 6353] <... openat resumed>) = 4 [pid 6356] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6356] <... futex resumed>) = 0 [pid 6353] ioctl(4, LOOP_SET_FD, 3 [pid 6350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0} [pid 6356] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] <... clone3 resumed> => {parent_tid=[6357]}, 88) = 6357 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6350] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6357 attached [pid 6357] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053) = 0 [pid 6357] set_robust_list(0x7f836b51d9a0, 24) = 0 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6357] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0) = -1 EIO (Input/output error) [pid 6353] <... ioctl resumed>) = 0 [pid 6351] <... ioctl resumed>) = -1 EIO (Input/output error) [pid 6357] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6350] <... futex resumed>) = 0 [pid 6357] futex(0x7f836b6386e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] exit_group(0 [pid 6357] <... futex resumed>) = ? [pid 6356] <... futex resumed>) = ? [pid 6353] close(3 [pid 6351] <... futex resumed>) = ? [pid 6350] <... exit_group resumed>) = ? [pid 6357] +++ exited with 0 +++ [pid 6356] +++ exited with 0 +++ [pid 6353] <... close resumed>) = 0 [pid 6351] +++ exited with 0 +++ [pid 6350] +++ exited with 0 +++ [pid 6353] close(4 [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6350, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=33 /* 0.33 s */} --- [pid 6353] <... close resumed>) = 0 [pid 5824] restart_syscall(<... resuming interrupted clone ...> [pid 6353] mkdir("./bus", 0777) = 0 [pid 5824] <... restart_syscall resumed>) = 0 [pid 5824] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", [pid 6353] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 5824] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./42/binderfs") = 0 [ 249.499901][ T6353] loop0: detected capacity change from 0 to 40427 [ 249.536924][ T6351] VFS:Filesystem freeze failed [ 249.577738][ T6353] F2FS-fs (loop0): invalid crc value [pid 5824] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6353] <... mount resumed>) = 0 [pid 6353] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6353] chdir("./bus") = 0 [pid 6353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6353] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] <... futex resumed>) = 0 [pid 6353] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6353] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [pid 6353] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] <... futex resumed>) = 0 [pid 6353] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6352] <... futex resumed>) = 0 [pid 6353] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6352] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... openat resumed>) = 5 [ 249.813551][ T6353] F2FS-fs (loop0): Start checkpoint disabled! [ 249.838614][ T6353] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [pid 6353] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] <... futex resumed>) = 0 [pid 6353] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6352] <... futex resumed>) = 0 [pid 6353] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 249.907576][ T36] kworker/u8:2: attempt to access beyond end of device [ 249.907576][ T36] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 249.952117][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 249.952150][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.952167][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 249.952201][ T36] Call Trace: [ 249.952210][ T36] [ 249.952220][ T36] dump_stack_lvl+0x189/0x250 [ 249.952255][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.952286][ T36] ? __pfx_queue_work_on+0x10/0x10 [pid 6352] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6352] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6352] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6360]}, 88) = 6360 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6360 attached [pid 6360] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6360] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6360] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6360] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6352] <... futex resumed>) = 0 [pid 6352] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6352] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 249.952305][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 249.952330][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 249.952368][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 249.952405][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 249.952454][ T36] __submit_merged_bio+0x27a/0x6a0 [ 249.952490][ T36] __submit_merged_write_cond+0x255/0x530 [ 249.952526][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 249.952564][ T36] ? __lock_acquire+0xaac/0xd20 [ 249.952628][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 249.952675][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 249.952734][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 249.952779][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 249.952811][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 249.952845][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 249.952879][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 249.952919][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 249.952951][ T36] do_writepages+0x3ae/0x7b0 [ 249.952989][ T36] ? __lock_acquire+0xaac/0xd20 [ 249.953026][ T36] ? __pfx_do_writepages+0x10/0x10 [ 249.953071][ T36] __writeback_single_inode+0x145/0xff0 [ 249.953100][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 249.953130][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 249.953187][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 249.953262][ T36] ? rcu_is_watching+0x15/0xb0 [ 249.953305][ T36] wb_writeback+0x43b/0xaf0 [ 249.953342][ T36] ? queue_io+0x3a1/0x590 [ 249.953374][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 249.953412][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.953442][ T36] wb_workfn+0x409/0xef0 [ 249.953481][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 249.953502][ T36] ? register_lock_class+0x51/0x320 [ 249.953538][ T36] ? __lock_acquire+0xaac/0xd20 [ 249.953585][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 249.953626][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.953649][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 249.953681][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 249.953717][ T36] process_scheduled_works+0xadb/0x17a0 [pid 6352] exit_group(0) = ? [ 249.953783][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 249.953836][ T36] worker_thread+0x8a0/0xda0 [ 249.953860][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 249.953894][ T36] ? __kthread_parkme+0x7b/0x200 [ 249.953927][ T36] kthread+0x70e/0x8a0 [ 249.953955][ T36] ? __pfx_worker_thread+0x10/0x10 [ 249.953974][ T36] ? __pfx_kthread+0x10/0x10 [ 249.954000][ T36] ? __pfx_kthread+0x10/0x10 [ 249.954024][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.954048][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./42/bus") = 0 [ 249.954075][ T36] ? __pfx_kthread+0x10/0x10 [ 249.954099][ T36] ret_from_fork+0x4b/0x80 [ 249.954119][ T36] ? __pfx_kthread+0x10/0x10 [ 249.954143][ T36] ret_from_fork_asm+0x1a/0x30 [ 249.954194][ T36] [ 249.954203][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [pid 5824] rmdir("./42") = 0 [pid 5824] mkdir("./43", 0777) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 250.426749][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 250.426782][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.426798][ T36] Workqueue: writeback wb_workfn (flush-7:0) [ 250.426834][ T36] Call Trace: [ 250.426843][ T36] [ 250.426854][ T36] dump_stack_lvl+0x189/0x250 [ 250.426892][ T36] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.426923][ T36] ? __pfx_queue_work_on+0x10/0x10 [ 250.426944][ T36] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 250.426970][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 250.427011][ T36] f2fs_handle_critical_error+0x37c/0x540 [ 250.427052][ T36] f2fs_write_end_io+0x4e2/0x6d0 [ 250.427109][ T36] __submit_merged_bio+0x27a/0x6a0 [ 250.427149][ T36] __submit_merged_write_cond+0x255/0x530 [ 250.427189][ T36] f2fs_write_data_pages+0x2854/0x31f0 [ 250.427221][ T36] ? __lock_acquire+0xaac/0xd20 [ 250.427296][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 250.427350][ T36] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 250.427421][ T36] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 250.427471][ T36] ? trace_f2fs_writepages+0x7f/0x200 [ 250.427506][ T36] ? f2fs_write_node_pages+0x478/0x6e0 [ 250.427551][ T36] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 250.427589][ T36] ? has_not_enough_free_secs+0xd8b/0x1640 [ 250.427632][ T36] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 250.427667][ T36] do_writepages+0x3ae/0x7b0 [ 250.427709][ T36] ? __lock_acquire+0xaac/0xd20 [ 250.427749][ T36] ? __pfx_do_writepages+0x10/0x10 [ 250.427802][ T36] __writeback_single_inode+0x145/0xff0 [ 250.427832][ T36] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 250.427865][ T36] writeback_sb_inodes+0x6b5/0x1000 [ 250.427932][ T36] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 250.428021][ T36] ? rcu_is_watching+0x15/0xb0 [ 250.428068][ T36] wb_writeback+0x43b/0xaf0 [ 250.428110][ T36] ? queue_io+0x3a1/0x590 [ 250.428145][ T36] ? __pfx_wb_writeback+0x10/0x10 [ 250.428188][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.428221][ T36] wb_workfn+0x409/0xef0 [ 250.428268][ T36] ? __pfx_wb_workfn+0x10/0x10 [ 250.428290][ T36] ? register_lock_class+0x51/0x320 [ 250.428329][ T36] ? __lock_acquire+0xaac/0xd20 [ 250.428373][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 250.428417][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.428441][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 250.428474][ T36] ? process_scheduled_works+0x9ec/0x17a0 [ 250.428512][ T36] process_scheduled_works+0xadb/0x17a0 [ 250.428593][ T36] ? __pfx_process_scheduled_works+0x10/0x10 [ 250.428652][ T36] worker_thread+0x8a0/0xda0 [ 250.428678][ T36] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 250.428716][ T36] ? __kthread_parkme+0x7b/0x200 [ 250.428754][ T36] kthread+0x70e/0x8a0 [ 250.428784][ T36] ? __pfx_worker_thread+0x10/0x10 [ 250.428805][ T36] ? __pfx_kthread+0x10/0x10 [ 250.428834][ T36] ? __pfx_kthread+0x10/0x10 [ 250.428859][ T36] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.428884][ T36] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.428912][ T36] ? __pfx_kthread+0x10/0x10 [ 250.428938][ T36] ret_from_fork+0x4b/0x80 [ 250.428959][ T36] ? __pfx_kthread+0x10/0x10 [ 250.428985][ T36] ret_from_fork_asm+0x1a/0x30 [ 250.429041][ T36] [ 250.429051][ T36] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [pid 5824] close(3 [pid 6353] <... ioctl resumed>) = ? [pid 6360] <... ioctl resumed>) = ? [pid 6360] +++ exited with 0 +++ [pid 6353] +++ exited with 0 +++ [pid 6352] +++ exited with 0 +++ [pid 5823] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6352, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=37 /* 0.37 s */} --- [pid 5823] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5823] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 250.782982][ T6353] VFS:Filesystem freeze failed [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5823] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] unlink("./42/binderfs") = 0 [pid 5823] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5824] <... close resumed>) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55558e3aa690) = 6361 ./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6361] chdir("./43") = 0 [pid 6361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6361] setpgid(0, 0) = 0 [pid 6361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6361] write(3, "1000", 4) = 4 [pid 6361] close(3) = 0 [pid 6361] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6361] write(1, "executing program\n", 18) = 18 [pid 6361] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6361] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6362 attached [pid 6362] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6361] <... clone3 resumed> => {parent_tid=[6362]}, 88) = 6362 [pid 6362] <... rseq resumed>) = 0 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6362] set_robust_list(0x7f836b55f9a0, 24 [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6362] <... set_robust_list resumed>) = 0 [pid 6361] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] rt_sigprocmask(SIG_SETMASK, [], [pid 6361] <... futex resumed>) = 0 [pid 6362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6361] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6362] memfd_create("syzkaller", 0) = 3 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] <... umount2 resumed>) = 0 [pid 5823] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5823] umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5823] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5823] close(4) = 0 [pid 5823] rmdir("./42/bus") = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [pid 5823] rmdir("./42") = 0 [pid 5823] mkdir("./43", 0777) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5823] ioctl(3, LOOP_CLR_FD) = 0 [pid 5823] close(3 [pid 6362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 5823] <... close resumed>) = 0 [pid 5823] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6363 attached , child_tidptr=0x55558e3aa690) = 6363 [pid 6363] set_robust_list(0x55558e3aa6a0, 24) = 0 [pid 6363] chdir("./43") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6363] write(1, "executing program\n", 18) = 18 [pid 6363] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6363] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6364 attached [pid 6364] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6363] <... clone3 resumed> => {parent_tid=[6364]}, 88) = 6364 [pid 6364] <... rseq resumed>) = 0 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6364] set_robust_list(0x7f836b55f9a0, 24) = 0 [pid 6363] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] <... futex resumed>) = 0 [pid 6364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6363] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6364] memfd_create("syzkaller", 0) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 6362] <... write resumed>) = 20699119 [pid 6362] munmap(0x7f8363000000, 138412032) = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6362] close(3) = 0 [pid 6362] close(4) = 0 [pid 6362] mkdir("./bus", 0777) = 0 [ 251.978758][ T6362] loop1: detected capacity change from 0 to 40427 [ 252.019786][ T6362] F2FS-fs (loop1): invalid crc value [pid 6362] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"... [pid 6364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119 [pid 6362] <... mount resumed>) = 0 [pid 6362] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6362] chdir("./bus") = 0 [ 252.236825][ T6362] F2FS-fs (loop1): Start checkpoint disabled! [ 252.255756][ T6362] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6362] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6362] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] <... futex resumed>) = 0 [pid 6362] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6361] <... futex resumed>) = 0 [pid 6362] <... openat resumed>) = 4 [pid 6361] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] <... futex resumed>) = 0 [pid 6362] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] <... futex resumed>) = 0 [pid 6362] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6361] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] <... openat resumed>) = 5 [pid 6362] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 252.429649][ T12] kworker/u8:0: attempt to access beyond end of device [ 252.429649][ T12] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 252.467513][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 252.467550][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.467567][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 252.467603][ T12] Call Trace: [ 252.467613][ T12] [ 252.467623][ T12] dump_stack_lvl+0x189/0x250 [ 252.467661][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.467694][ T12] ? __pfx_queue_work_on+0x10/0x10 [ 252.467714][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 252.467741][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 252.467782][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 252.467824][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 252.467879][ T12] __submit_merged_bio+0x27a/0x6a0 [ 252.467918][ T12] __submit_merged_write_cond+0x255/0x530 [ 252.467959][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 252.468039][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 252.468070][ T12] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 252.468158][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.468199][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.468259][ T12] ? rcu_read_lock_sched_held+0x89/0x100 [ 252.468294][ T12] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 252.468349][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 252.468385][ T12] do_writepages+0x3ae/0x7b0 [ 252.468434][ T12] ? __switch_to+0xd70/0x1600 [ 252.468476][ T12] ? __pfx_do_writepages+0x10/0x10 [ 252.468528][ T12] __writeback_single_inode+0x145/0xff0 [ 252.468559][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 252.468592][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 252.468659][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 252.468748][ T12] ? rcu_is_watching+0x15/0xb0 [ 252.468795][ T12] wb_writeback+0x43b/0xaf0 [ 252.468837][ T12] ? queue_io+0x3a1/0x590 [ 252.468871][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 252.468914][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.468947][ T12] wb_workfn+0x409/0xef0 [ 252.468994][ T12] ? __pfx_wb_workfn+0x10/0x10 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6361] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6368]}, 88) = 6368 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6361] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6361] futex(0x7f836b6386ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b4fd000 [pid 6361] mprotect(0x7f836b4fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b51d990, parent_tid=0x7f836b51d990, exit_signal=0, stack=0x7f836b4fd000, stack_size=0x20300, tls=0x7f836b51d6c0}./strace-static-x86_64: Process 6369 attached => {parent_tid=[6369]}, 88) = 6369 [pid 6369] rseq(0x7f836b51dfe0, 0x20, 0, 0x53053053 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6369] <... rseq resumed>) = 0 [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] set_robust_list(0x7f836b51d9a0, 24 [pid 6361] futex(0x7f836b6386e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... set_robust_list resumed>) = 0 [pid 6361] <... futex resumed>) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6361] futex(0x7f836b6386ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6361] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 252.469017][ T12] ? register_lock_class+0x51/0x320 [ 252.469055][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.469099][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.469143][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.469167][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.469199][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.469237][ T12] process_scheduled_works+0xadb/0x17a0 [ 252.469312][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 252.469372][ T12] worker_thread+0x8a0/0xda0 [ 252.469437][ T12] kthread+0x70e/0x8a0 [ 252.469468][ T12] ? __pfx_worker_thread+0x10/0x10 [ 252.469489][ T12] ? __pfx_kthread+0x10/0x10 [ 252.469518][ T12] ? __pfx_kthread+0x10/0x10 [ 252.469543][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.469568][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.469596][ T12] ? __pfx_kthread+0x10/0x10 [ 252.469621][ T12] ret_from_fork+0x4b/0x80 [ 252.469642][ T12] ? __pfx_kthread+0x10/0x10 [ 252.469668][ T12] ret_from_fork_asm+0x1a/0x30 [ 252.469725][ T12] [ 252.471034][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 ./strace-static-x86_64: Process 6368 attached [pid 6368] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [ 252.867177][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 252.867213][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 252.867230][ T12] Workqueue: writeback wb_workfn (flush-7:1) [ 252.867265][ T12] Call Trace: [ 252.867274][ T12] [ 252.867284][ T12] dump_stack_lvl+0x189/0x250 [ 252.867321][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.867359][ T12] ? __pfx_queue_work_on+0x10/0x10 [pid 6368] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6368] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = -1 EIO (Input/output error) [pid 6368] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] exit_group(0 [pid 6368] <... futex resumed>) = ? [pid 6361] <... exit_group resumed>) = ? [pid 6368] +++ exited with 0 +++ [ 252.867379][ T12] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 252.867405][ T12] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 252.867443][ T12] f2fs_handle_critical_error+0x37c/0x540 [ 252.867483][ T12] f2fs_write_end_io+0x4e2/0x6d0 [ 252.867534][ T12] __submit_merged_bio+0x27a/0x6a0 [ 252.867571][ T12] __submit_merged_write_cond+0x255/0x530 [ 252.867608][ T12] f2fs_write_data_pages+0x2854/0x31f0 [ 252.867679][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 252.867710][ T12] ? f2fs_sync_node_pages+0x1385/0x14a0 [ 252.867787][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.867825][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.867879][ T12] ? rcu_read_lock_sched_held+0x89/0x100 [ 252.867914][ T12] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 252.867965][ T12] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 252.867999][ T12] do_writepages+0x3ae/0x7b0 [ 252.868039][ T12] ? __switch_to+0xd70/0x1600 [ 252.868078][ T12] ? __pfx_do_writepages+0x10/0x10 [ 252.868126][ T12] __writeback_single_inode+0x145/0xff0 [ 252.868156][ T12] ? wbc_attach_and_unlock_inode+0x3f0/0x5d0 [ 252.868187][ T12] writeback_sb_inodes+0x6b5/0x1000 [ 252.868246][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 252.868322][ T12] ? rcu_is_watching+0x15/0xb0 [ 252.868372][ T12] wb_writeback+0x43b/0xaf0 [ 252.868411][ T12] ? queue_io+0x3a1/0x590 [ 252.868444][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 252.868483][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.868514][ T12] wb_workfn+0x409/0xef0 [ 252.868555][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 252.868577][ T12] ? register_lock_class+0x51/0x320 [ 252.868614][ T12] ? __lock_acquire+0xaac/0xd20 [ 252.868655][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.868697][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.868720][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.868753][ T12] ? process_scheduled_works+0x9ec/0x17a0 [ 252.868797][ T12] process_scheduled_works+0xadb/0x17a0 [ 252.868870][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 252.868928][ T12] worker_thread+0x8a0/0xda0 [ 252.868979][ T12] kthread+0x70e/0x8a0 [ 252.869008][ T12] ? __pfx_worker_thread+0x10/0x10 [ 252.869028][ T12] ? __pfx_kthread+0x10/0x10 [ 252.869055][ T12] ? __pfx_kthread+0x10/0x10 [ 252.869080][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 252.869103][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 252.869132][ T12] ? __pfx_kthread+0x10/0x10 [ 252.869156][ T12] ret_from_fork+0x4b/0x80 [ 252.869177][ T12] ? __pfx_kthread+0x10/0x10 [ 252.869202][ T12] ret_from_fork_asm+0x1a/0x30 [ 252.869254][ T12] [pid 6364] <... write resumed>) = 20699119 [pid 6369] <... ioctl resumed>) = ? [pid 6364] munmap(0x7f8363000000, 138412032 [pid 6362] <... ioctl resumed>) = ? [pid 6369] +++ exited with 0 +++ [pid 6364] <... munmap resumed>) = 0 [pid 6362] +++ exited with 0 +++ [pid 6361] +++ exited with 0 +++ [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6361, si_uid=0, si_status=0, si_utime=12 /* 0.12 s */, si_stime=30 /* 0.30 s */} --- [pid 6364] ioctl(4, LOOP_SET_FD, 3 [ 252.869263][ T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 253.190862][ T6362] VFS:Filesystem freeze failed [ 253.196780][ T31] INFO: task syz-executor328:5836 blocked for more than 143 seconds. [ 253.205336][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [pid 5824] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5824] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 4 entries */, 32768) = 104 [pid 5824] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./43/binderfs", [pid 6364] <... ioctl resumed>) = 0 [pid 5824] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] unlink("./43/binderfs" [pid 6364] close(3 [pid 5824] <... unlink resumed>) = 0 [pid 6364] <... close resumed>) = 0 [pid 6364] close(4 [pid 5824] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6364] <... close resumed>) = 0 [pid 6364] mkdir("./bus", 0777) = 0 [ 253.239280][ T6364] loop0: detected capacity change from 0 to 40427 [ 253.247941][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 253.274552][ T6364] F2FS-fs (loop0): invalid crc value [ 253.281390][ T31] task:syz-executor328 state:D stack:23432 pid:5836 tgid:5832 ppid:5826 task_flags:0x400140 flags:0x00004006 [ 253.318750][ T31] Call Trace: [ 253.326482][ T31] [ 253.330026][ T31] __schedule+0x168f/0x4c70 [ 253.356581][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.361880][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 253.386446][ T31] ? schedule+0x165/0x360 [ 253.396740][ T31] ? __pfx___schedule+0x10/0x10 [ 253.416451][ T31] ? schedule+0x91/0x360 [ 253.420771][ T31] schedule+0x165/0x360 [ 253.447234][ T31] percpu_down_write+0x28e/0x330 [ 253.452279][ T31] ? percpu_down_write+0x110/0x330 [ 253.476504][ T31] freeze_super+0x4c2/0xeb0 [ 253.486693][ T31] ? __pfx_freeze_super+0x10/0x10 [pid 6364] mount("/dev/loop0", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [pid 6364] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6364] chdir("./bus") = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6364] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6364] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000 [pid 6363] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... openat resumed>) = 4 [pid 6364] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 1 [pid 6364] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6363] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... openat resumed>) = 5 [pid 6364] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6364] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 253.506434][ T31] ? fs_bdev_freeze+0x11b/0x310 [ 253.511464][ T31] ? up_write+0x1c4/0x420 [ 253.515496][ T6364] F2FS-fs (loop0): Start checkpoint disabled! [ 253.524985][ T6364] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 253.537204][ T31] fs_bdev_freeze+0x19f/0x310 [ 253.541958][ T31] bdev_freeze+0xd8/0x220 [ 253.546338][ T31] f2fs_do_shutdown+0x23d/0x5c0 [ 253.588502][ T31] __f2fs_ioctl+0x3de9/0xae80 [ 253.593261][ T31] ? __se_sys_ioctl+0x47/0x170 [ 253.606858][ T31] ? do_syscall_64+0xf6/0x210 [ 253.611674][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 253.626741][ T31] ? __pfx___f2fs_ioctl+0x10/0x10 [pid 6363] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6363] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6363] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0}./strace-static-x86_64: Process 6374 attached [pid 6374] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053 [pid 6363] <... clone3 resumed> => {parent_tid=[6374]}, 88) = 6374 [pid 6374] <... rseq resumed>) = 0 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], [pid 6374] set_robust_list(0x7f836b53e9a0, 24 [pid 6363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6374] <... set_robust_list resumed>) = 0 [pid 6363] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] <... futex resumed>) = 0 [pid 6374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6363] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = 0 [pid 6374] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6374] futex(0x7f836b6386d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6374] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [ 253.642675][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 253.666574][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 253.673641][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 253.686457][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 253.692169][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [pid 6363] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6363] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 253.726481][ T31] ? smack_log+0xef/0x3f0 [ 253.734909][ T31] ? __pfx_smack_log+0x10/0x10 [ 253.753706][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 253.762252][ T31] ? smk_access+0x14c/0x4e0 [ 253.776545][ T31] ? smk_tskacc+0x2fc/0x370 [ 253.781531][ T31] ? smack_file_ioctl+0x2a9/0x340 [ 253.796556][ T31] ? has_not_enough_free_secs+0xd90/0x1680 [ 253.806771][ T31] ? f2fs_ioctl+0x184/0x250 [ 253.811407][ T31] ? __pfx_f2fs_ioctl+0x10/0x10 [ 253.826977][ T31] __se_sys_ioctl+0xf9/0x170 [ 253.831671][ T31] do_syscall_64+0xf6/0x210 [ 253.836209][ T31] ? clear_bhb_loop+0x60/0xb0 [ 253.864079][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.886597][ T31] RIP: 0033:0x7f836b5ab109 [ 253.891110][ T31] RSP: 002b:00007f836b55f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.913511][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386c8 RCX: 00007f836b5ab109 [ 253.932670][ T31] RDX: 0000200000000080 RSI: 000000008004587d RDI: 0000000000000005 [ 253.949039][ T31] RBP: 00007f836b6386c0 R08: 0000000000000000 R09: 0000000000000000 [ 253.966593][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [ 253.996051][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 254.026556][ T31] [ 254.029677][ T31] INFO: task syz-executor328:5856 blocked for more than 144 seconds. [ 254.050075][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [ 254.071128][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 254.102613][ T31] task:syz-executor328 state:D stack:24392 pid:5856 tgid:5832 ppid:5826 task_flags:0x400040 flags:0x00004006 [ 254.136456][ T31] Call Trace: [ 254.139827][ T31] [ 254.142789][ T31] __schedule+0x168f/0x4c70 [ 254.166490][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 254.186457][ T31] ? schedule+0x165/0x360 [ 254.190916][ T31] ? __lock_acquire+0xaac/0xd20 [ 254.206853][ T31] ? __pfx___schedule+0x10/0x10 [ 254.211828][ T31] ? schedule+0x91/0x360 [ 254.229271][ T31] schedule+0x165/0x360 [ 254.236797][ T31] io_schedule+0x81/0xe0 [ 254.251341][ T31] f2fs_balance_fs+0x4b4/0x780 [ 254.256753][ T31] ? __pfx___update_extent_tree_range+0x10/0x10 [ 254.286469][ T31] ? f2fs_map_blocks+0x3af1/0x43b0 [ 254.291677][ T31] ? __pfx_f2fs_balance_fs+0x10/0x10 [ 254.309616][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 254.315848][ T31] ? __pfx___up_read+0x10/0x10 [ 254.331448][ T31] f2fs_map_blocks+0x3af1/0x43b0 [pid 6363] exit_group(0) = ? [ 254.346640][ T31] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 254.352005][ T31] ? __up_read+0x280/0x680 [ 254.376451][ T31] ? __pfx___up_read+0x10/0x10 [ 254.391785][ T31] ? f2fs_allocate_pinning_section+0x1a7/0x5d0 [ 254.416438][ T31] f2fs_expand_inode_data+0x653/0xaf0 [ 254.422024][ T31] ? __pfx_f2fs_expand_inode_data+0x10/0x10 [ 254.436467][ T31] ? f2fs_fallocate+0x4e3/0x990 [ 254.441381][ T31] f2fs_fallocate+0x4f5/0x990 [ 254.446096][ T31] vfs_fallocate+0x6a0/0x830 [ 254.466575][ T31] ? __pfx_vfs_fallocate+0x10/0x10 [ 254.471779][ T31] do_vfs_ioctl+0x1b8f/0x1eb0 [ 254.486471][ T31] ? __se_sys_ioctl+0x47/0x170 [ 254.491410][ T31] ? do_syscall_64+0xf6/0x210 [ 254.496133][ T31] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 254.511787][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 254.526443][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 254.532222][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 254.548659][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 254.554466][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 254.576438][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 254.596430][ T31] ? smack_log+0xef/0x3f0 [ 254.606797][ T31] ? __pfx_smack_log+0x10/0x10 [ 254.611698][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 254.626561][ T31] ? smk_access+0x14c/0x4e0 [ 254.631299][ T31] ? smk_tskacc+0x2fc/0x370 [ 254.635863][ T31] ? smack_file_ioctl+0x24a/0x340 [ 254.666531][ T31] ? __pfx_smack_file_ioctl+0x10/0x10 [ 254.671985][ T31] ? __fget_files+0x3a0/0x420 [ 254.706544][ T31] ? __fget_files+0x2a/0x420 [ 254.711234][ T31] ? bpf_lsm_file_ioctl+0x9/0x20 [ 254.716302][ T31] __se_sys_ioctl+0x82/0x170 [ 254.746449][ T31] do_syscall_64+0xf6/0x210 [ 254.751035][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 254.756013][ T31] ? clear_bhb_loop+0x60/0xb0 [ 254.800442][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.816440][ T31] RIP: 0033:0x7f836b5ab109 [ 254.820907][ T31] RSP: 002b:00007f836b53e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.856429][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386d8 RCX: 00007f836b5ab109 [ 254.864475][ T31] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 254.915669][ T31] RBP: 00007f836b6386d0 R08: 0000000000000000 R09: 0000000000000000 [ 254.936662][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [ 254.944710][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 254.984688][ T31] [ 254.995144][ T31] INFO: task syz-executor328:5894 blocked for more than 145 seconds. [ 255.026709][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [ 255.034409][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 255.074940][ T31] task:syz-executor328 state:D stack:24152 pid:5894 tgid:5892 ppid:5825 task_flags:0x400140 flags:0x00004006 [ 255.106486][ T31] Call Trace: [ 255.111195][ T31] [ 255.114175][ T31] __schedule+0x168f/0x4c70 [ 255.126469][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.136479][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 255.153395][ T31] ? schedule+0x165/0x360 [ 255.158088][ T31] ? __pfx___schedule+0x10/0x10 [ 255.163009][ T31] ? schedule+0x91/0x360 [ 255.176440][ T31] schedule+0x165/0x360 [ 255.186612][ T31] percpu_down_write+0x28e/0x330 [ 255.202471][ T31] ? percpu_down_write+0x110/0x330 [ 255.216486][ T31] freeze_super+0x4c2/0xeb0 [ 255.221079][ T31] ? __pfx_freeze_super+0x10/0x10 [ 255.246902][ T31] ? fs_bdev_freeze+0x11b/0x310 [ 255.251829][ T31] ? up_write+0x1c4/0x420 [ 255.256210][ T31] fs_bdev_freeze+0x19f/0x310 [ 255.296440][ T31] bdev_freeze+0xd8/0x220 [ 255.300864][ T31] f2fs_do_shutdown+0x23d/0x5c0 [ 255.305750][ T31] __f2fs_ioctl+0x3de9/0xae80 [ 255.336433][ T31] ? __se_sys_ioctl+0x47/0x170 [ 255.341366][ T31] ? do_syscall_64+0xf6/0x210 [ 255.346126][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 255.366499][ T31] ? __pfx___f2fs_ioctl+0x10/0x10 [ 255.371697][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 255.386437][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 255.392220][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 255.416470][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 255.422270][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 255.446427][ T31] ? smack_log+0xef/0x3f0 [ 255.450929][ T31] ? __pfx_smack_log+0x10/0x10 [ 255.455733][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 255.486437][ T31] ? smk_access+0x14c/0x4e0 [ 255.491027][ T31] ? smk_tskacc+0x2fc/0x370 [ 255.495578][ T31] ? smack_file_ioctl+0x2a9/0x340 [ 255.526434][ T31] ? has_not_enough_free_secs+0xd90/0x1680 [ 255.532340][ T31] ? f2fs_ioctl+0x184/0x250 [ 255.546432][ T31] ? __pfx_f2fs_ioctl+0x10/0x10 [ 255.551566][ T31] __se_sys_ioctl+0xf9/0x170 [ 255.566503][ T31] do_syscall_64+0xf6/0x210 [ 255.571089][ T31] ? clear_bhb_loop+0x60/0xb0 [ 255.575800][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.596449][ T31] RIP: 0033:0x7f836b5ab109 [ 255.601007][ T31] RSP: 002b:00007f836b55f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 255.616434][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386c8 RCX: 00007f836b5ab109 [ 255.624458][ T31] RDX: 0000200000000080 RSI: 000000008004587d RDI: 0000000000000005 [ 255.676440][ T31] RBP: 00007f836b6386c0 R08: 0000000000000000 R09: 0000000000000000 [ 255.684493][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [ 255.706905][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 255.714962][ T31] [ 255.757640][ T31] INFO: task syz-executor328:5907 blocked for more than 145 seconds. [ 255.765785][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [ 255.816471][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 255.825203][ T31] task:syz-executor328 state:D stack:25432 pid:5907 tgid:5892 ppid:5825 task_flags:0x400040 flags:0x00004006 [pid 5824] <... umount2 resumed>) = 0 [pid 5824] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5824] umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5824] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5824] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 255.880865][ T31] Call Trace: [ 255.884274][ T31] [ 255.889050][ T31] __schedule+0x168f/0x4c70 [ 255.894746][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 255.907106][ T31] ? schedule+0x165/0x360 [ 255.911768][ T31] ? __lock_acquire+0xaac/0xd20 [pid 5824] getdents64(4, 0x55558e3b3770 /* 2 entries */, 32768) = 48 [pid 5824] getdents64(4, 0x55558e3b3770 /* 0 entries */, 32768) = 0 [pid 5824] close(4) = 0 [pid 5824] rmdir("./43/bus") = 0 [pid 5824] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5824] close(3) = 0 [ 255.933712][ T31] ? __pfx___schedule+0x10/0x10 [ 255.939515][ T31] ? schedule+0x91/0x360 [ 255.944056][ T31] schedule+0x165/0x360 [ 255.965427][ T31] io_schedule+0x81/0xe0 [ 255.971331][ T31] f2fs_balance_fs+0x4b4/0x780 [pid 5824] rmdir("./43") = 0 [pid 5824] mkdir("./44", 0777) = 0 [ 255.986524][ T31] ? __pfx___update_extent_tree_range+0x10/0x10 [ 255.993670][ T31] ? f2fs_map_blocks+0x3af1/0x43b0 [ 255.999940][ T31] ? __pfx_f2fs_balance_fs+0x10/0x10 [ 256.005319][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [pid 5824] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5824] ioctl(3, LOOP_CLR_FD) = 0 [ 256.026892][ T31] ? __pfx___up_read+0x10/0x10 [ 256.032028][ T31] f2fs_map_blocks+0x3af1/0x43b0 [ 256.046491][ T31] ? __pfx_f2fs_map_blocks+0x10/0x10 [ 256.052671][ T31] ? __up_read+0x280/0x680 [ 256.076509][ T31] ? __pfx___up_read+0x10/0x10 [ 256.081373][ T31] ? f2fs_allocate_pinning_section+0x1a7/0x5d0 [ 256.126456][ T31] f2fs_expand_inode_data+0x653/0xaf0 [ 256.131944][ T31] ? __pfx_f2fs_expand_inode_data+0x10/0x10 [ 256.176463][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 256.181767][ T31] ? file_modified_flags+0x4bb/0x560 [ 256.216473][ T31] f2fs_fallocate+0x4f5/0x990 [ 256.221282][ T31] vfs_fallocate+0x6a0/0x830 [ 256.225952][ T31] ? __pfx_vfs_fallocate+0x10/0x10 [ 256.266454][ T31] do_vfs_ioctl+0x1b8f/0x1eb0 [ 256.271238][ T31] ? __se_sys_ioctl+0x47/0x170 [ 256.276039][ T31] ? do_syscall_64+0xf6/0x210 [ 256.316868][ T31] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 256.322112][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 256.356887][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 256.362725][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 256.386538][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 256.403228][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 256.424152][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 256.436436][ T31] ? smack_log+0xef/0x3f0 [ 256.440851][ T31] ? __pfx_smack_log+0x10/0x10 [ 256.466869][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 256.472502][ T31] ? smk_access+0x14c/0x4e0 [ 256.506501][ T31] ? smk_tskacc+0x2fc/0x370 [pid 5824] close(3) = 0 [pid 5824] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6378 attached [pid 6378] set_robust_list(0x55558e3aa6a0, 24 [pid 5824] <... clone resumed>, child_tidptr=0x55558e3aa690) = 6378 [pid 6378] <... set_robust_list resumed>) = 0 [ 256.516453][ T31] ? smack_file_ioctl+0x24a/0x340 [ 256.526608][ T31] ? __pfx_smack_file_ioctl+0x10/0x10 [ 256.546711][ T31] ? __fget_files+0x3a0/0x420 [pid 6378] chdir("./44") = 0 [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6378] setpgid(0, 0) = 0 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6378] write(3, "1000", 4) = 4 [pid 6378] close(3) = 0 [ 256.564134][ T31] ? __fget_files+0x2a/0x420 [ 256.574804][ T31] ? bpf_lsm_file_ioctl+0x9/0x20 [ 256.595987][ T31] __se_sys_ioctl+0x82/0x170 [ 256.606805][ T31] do_syscall_64+0xf6/0x210 [ 256.611401][ T31] ? ret_from_fork_asm+0x1a/0x30 [pid 6378] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6378] write(1, "executing program\n", 18) = 18 [pid 6378] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] rt_sigaction(SIGRT_1, {sa_handler=0x7f836b5d1520, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f836b5c26d0}, NULL, 8) = 0 [pid 6378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b53f000 [pid 6378] mprotect(0x7f836b540000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b55f990, parent_tid=0x7f836b55f990, exit_signal=0, stack=0x7f836b53f000, stack_size=0x20300, tls=0x7f836b55f6c0}./strace-static-x86_64: Process 6379 attached => {parent_tid=[6379]}, 88) = 6379 [ 256.637003][ T31] ? clear_bhb_loop+0x60/0xb0 [ 256.641776][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.676440][ T31] RIP: 0033:0x7f836b5ab109 [pid 6379] rseq(0x7f836b55ffe0, 0x20, 0, 0x53053053 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], [pid 6379] <... rseq resumed>) = 0 [pid 6379] set_robust_list(0x7f836b55f9a0, 24 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6379] <... set_robust_list resumed>) = 0 [pid 6379] rt_sigprocmask(SIG_SETMASK, [], [pid 6378] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] <... futex resumed>) = 0 [pid 6379] memfd_create("syzkaller", 0 [pid 6378] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6379] <... memfd_create resumed>) = 3 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8363000000 [pid 5823] kill(-6363, SIGKILL) = 0 [pid 5823] kill(6363, SIGKILL) = 0 [ 256.686501][ T31] RSP: 002b:00007f836b53e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.716993][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386d8 RCX: 00007f836b5ab109 [ 256.725049][ T31] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 256.769157][ T31] RBP: 00007f836b6386d0 R08: 0000000000000000 R09: 0000000000000000 [ 256.795319][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [ 256.826883][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 256.849951][ T31] [ 256.863616][ T31] INFO: task syz-executor328:5896 blocked for more than 147 seconds. [ 256.898732][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [ 256.927024][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 256.953442][ T31] task:syz-executor328 state:D stack:25144 pid:5896 tgid:5893 ppid:5827 task_flags:0x400140 flags:0x00004006 [ 256.994028][ T31] Call Trace: [ 257.006822][ T31] [ 257.020550][ T31] __schedule+0x168f/0x4c70 [ 257.036495][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [pid 5823] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5823] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5823] getdents64(3, 0x55558e3ab730 /* 2 entries */, 32768) = 48 [pid 5823] getdents64(3, 0x55558e3ab730 /* 0 entries */, 32768) = 0 [pid 5823] close(3) = 0 [ 257.059871][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 257.086577][ T31] ? schedule+0x165/0x360 [ 257.090992][ T31] ? __pfx___schedule+0x10/0x10 [ 257.095891][ T31] ? schedule+0x91/0x360 [ 257.126458][ T31] schedule+0x165/0x360 [ 257.130711][ T31] percpu_down_write+0x28e/0x330 [ 257.135718][ T31] ? percpu_down_write+0x110/0x330 [ 257.166454][ T31] freeze_super+0x4c2/0xeb0 [ 257.171149][ T31] ? __pfx_freeze_super+0x10/0x10 [ 257.176214][ T31] ? fs_bdev_freeze+0x11b/0x310 [ 257.206465][ T31] ? up_write+0x1c4/0x420 [ 257.210988][ T31] fs_bdev_freeze+0x19f/0x310 [ 257.215890][ T31] bdev_freeze+0xd8/0x220 [ 257.236540][ T31] f2fs_do_shutdown+0x23d/0x5c0 [ 257.241481][ T31] __f2fs_ioctl+0x3de9/0xae80 [ 257.246198][ T31] ? __se_sys_ioctl+0x47/0x170 [ 257.276553][ T31] ? do_syscall_64+0xf6/0x210 [ 257.281369][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 257.306459][ T31] ? __pfx___f2fs_ioctl+0x10/0x10 [ 257.311667][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 257.346461][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 257.352174][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 257.379293][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 257.385009][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 257.416466][ T31] ? smack_log+0xef/0x3f0 [ 257.420887][ T31] ? __pfx_smack_log+0x10/0x10 [ 257.447246][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 257.452863][ T31] ? smk_access+0x14c/0x4e0 [ 257.476477][ T31] ? smk_tskacc+0x2fc/0x370 [ 257.491989][ T31] ? smack_file_ioctl+0x2a9/0x340 [ 257.506462][ T31] ? has_not_enough_free_secs+0xd90/0x1680 [ 257.512357][ T31] ? f2fs_ioctl+0x184/0x250 [ 257.546479][ T31] ? __pfx_f2fs_ioctl+0x10/0x10 [ 257.556746][ T31] __se_sys_ioctl+0xf9/0x170 [ 257.561408][ T31] do_syscall_64+0xf6/0x210 [ 257.586869][ T31] ? clear_bhb_loop+0x60/0xb0 [ 257.591637][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.619049][ T31] RIP: 0033:0x7f836b5ab109 [ 257.623543][ T31] RSP: 002b:00007f836b55f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 257.664056][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386c8 RCX: 00007f836b5ab109 [ 257.695477][ T31] RDX: 0000200000000080 RSI: 000000008004587d RDI: 0000000000000005 [ 257.726456][ T31] RBP: 00007f836b6386c0 R08: 0000000000000000 R09: 0000000000000000 [ 257.734964][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [pid 6379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 20699119) = 20699119 [pid 6379] munmap(0x7f8363000000, 138412032) = 0 [ 257.766942][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 257.775024][ T31] [ 257.794518][ T31] INFO: task syz-executor328:5908 blocked for more than 147 seconds. [pid 6379] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6379] close(3) = 0 [pid 6379] close(4) = 0 [pid 6379] mkdir("./bus", 0777) = 0 [ 257.826452][ T31] Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 [ 257.834153][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 257.857574][ T6379] loop1: detected capacity change from 0 to 40427 [ 257.888223][ T31] task:syz-executor328 state:D stack:24984 pid:5908 tgid:5893 ppid:5827 task_flags:0x400040 flags:0x00004006 [ 257.890985][ T6379] F2FS-fs (loop1): invalid crc value [ 257.921852][ T31] Call Trace: [ 257.925201][ T31] [ 257.946461][ T31] __schedule+0x168f/0x4c70 [ 257.951095][ T31] ? preempt_schedule+0xae/0xc0 [ 257.976945][ T31] ? __pfx_preempt_schedule+0x10/0x10 [ 257.982534][ T31] ? schedule+0x165/0x360 [ 258.026469][ T31] ? __lock_acquire+0xaac/0xd20 [ 258.042515][ T31] ? __pfx___schedule+0x10/0x10 [ 258.063553][ T31] ? schedule+0x91/0x360 [ 258.084470][ T31] schedule+0x165/0x360 [ 258.105591][ T31] io_schedule+0x81/0xe0 [ 258.116067][ T31] f2fs_balance_fs+0x4b4/0x780 [ 258.136524][ T31] ? __pfx___update_extent_tree_range+0x10/0x10 [ 258.146680][ T31] ? f2fs_map_blocks+0x3af1/0x43b0 [pid 6379] mount("/dev/loop1", "./bus", "f2fs", 0, "nodiscard,background_gc=sync,background_gc=on,alloc_mode=reuse,noquota,disable_roll_forward,gc_merge"...) = 0 [ 258.151873][ T31] ? __pfx_f2fs_balance_fs+0x10/0x10 [ 258.167219][ T6379] F2FS-fs (loop1): Start checkpoint disabled! [ 258.186483][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 258.193396][ T6379] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [pid 6379] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6379] chdir("./bus") = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6379] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] openat(AT_FDCWD, "./file0", O_WRONLY|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_CLOEXEC|FASYNC, 000) = 4 [ 258.214115][ T31] ? __pfx___up_read+0x10/0x10 [pid 6379] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] openat(AT_FDCWD, "blkio.bfq.idle_time", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 6379] futex(0x7f836b6386cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] futex(0x7f836b6386c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] futex(0x7f836b6386c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6378] <... futex resumed>) = 0 [pid 6379] ioctl(5, F2FS_IOC_SHUTDOWN, 0x200000000080 [ 258.238877][ T31] f2fs_map_blocks+0x3af1/0x43b0 [ 258.243989][ T31] ? __pfx_f2fs_map_blocks+0x10/0x10 [pid 6378] futex(0x7f836b6386cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6378] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f836b51e000 [pid 6378] mprotect(0x7f836b51f000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f836b53e990, parent_tid=0x7f836b53e990, exit_signal=0, stack=0x7f836b51e000, stack_size=0x20300, tls=0x7f836b53e6c0} => {parent_tid=[6382]}, 88) = 6382 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6378] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6382 attached [pid 6382] rseq(0x7f836b53efe0, 0x20, 0, 0x53053053) = 0 [pid 6382] set_robust_list(0x7f836b53e9a0, 24) = 0 [pid 6382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6382] ioctl(4, F2FS_IOC_SET_PIN_FILE, 0x200000000180) = 0 [pid 6382] futex(0x7f836b6386dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f836b6386d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f836b6386dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 258.286458][ T31] ? __up_read+0x280/0x680 [ 258.290953][ T31] ? __pfx___up_read+0x10/0x10 [ 258.295767][ T31] ? f2fs_allocate_pinning_section+0x1a7/0x5d0 [pid 6382] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x2000000000c0 [pid 6378] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 258.336496][ T31] f2fs_expand_inode_data+0x653/0xaf0 [ 258.341969][ T31] ? __pfx_f2fs_expand_inode_data+0x10/0x10 [ 258.376488][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 258.381786][ T31] ? file_modified_flags+0x4bb/0x560 [ 258.416483][ T31] f2fs_fallocate+0x4f5/0x990 [ 258.421264][ T31] vfs_fallocate+0x6a0/0x830 [ 258.425918][ T31] ? __pfx_vfs_fallocate+0x10/0x10 [ 258.456522][ T31] do_vfs_ioctl+0x1b8f/0x1eb0 [ 258.461287][ T31] ? __se_sys_ioctl+0x47/0x170 [ 258.466177][ T31] ? do_syscall_64+0xf6/0x210 [pid 6378] exit_group(0) = ? [ 258.496472][ T31] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 258.501619][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 258.526460][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 258.532165][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 258.566465][ T31] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 258.572167][ T31] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 258.606450][ T31] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 258.612505][ T31] ? smack_log+0xef/0x3f0 [ 258.636467][ T31] ? __pfx_smack_log+0x10/0x10 [ 258.641304][ T31] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 258.666447][ T31] ? smk_access+0x14c/0x4e0 [ 258.671040][ T31] ? smk_tskacc+0x2fc/0x370 [ 258.675589][ T31] ? smack_file_ioctl+0x24a/0x340 [ 258.706450][ T31] ? __pfx_smack_file_ioctl+0x10/0x10 [ 258.711916][ T31] ? __fget_files+0x3a0/0x420 [ 258.736484][ T31] ? __fget_files+0x2a/0x420 [ 258.741159][ T31] ? bpf_lsm_file_ioctl+0x9/0x20 [ 258.746146][ T31] __se_sys_ioctl+0x82/0x170 [ 258.776483][ T31] do_syscall_64+0xf6/0x210 [ 258.781066][ T31] ? ret_from_fork_asm+0x1a/0x30 [ 258.786043][ T31] ? clear_bhb_loop+0x60/0xb0 [ 258.816471][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.822444][ T31] RIP: 0033:0x7f836b5ab109 [ 258.856465][ T31] RSP: 002b:00007f836b53e218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 258.864984][ T31] RAX: ffffffffffffffda RBX: 00007f836b6386d8 RCX: 00007f836b5ab109 [ 258.906463][ T31] RDX: 00002000000000c0 RSI: 0000000040305828 RDI: 0000000000000004 [ 258.914592][ T31] RBP: 00007f836b6386d0 R08: 0000000000000000 R09: 0000000000000000 [ 258.956480][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f836b604668 [ 258.964613][ T31] R13: 00002000000000c0 R14: 0000200000000180 R15: 00002000000000e0 [ 259.006472][ T31] [ 259.016654][ T31] [ 259.016654][ T31] Showing all locks held in the system: [ 259.024407][ T31] 3 locks held by kworker/u8:1/13: [ 259.056461][ T31] #0: ffff888143ad3148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 259.086497][ T31] #1: ffffc90000127c60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 259.126535][ T31] #2: ffff888079b0a0e0 (&type->s_umount_key#43){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 [ 259.156437][ T31] 1 lock held by khungtaskd/31: [ 259.161355][ T31] #0: ffffffff8df3dce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 259.206481][ T31] 5 locks held by kworker/u8:2/36: [ 259.211671][ T31] 3 locks held by kworker/u8:3/53: [ 259.236433][ T31] #0: ffff888143ad3148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 259.276430][ T31] #1: ffffc90000be7c60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 259.306507][ T31] #2: ffff8880240c40e0 (&type->s_umount_key#43){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 [ 259.336442][ T31] 3 locks held by kworker/u8:5/969: [ 259.341730][ T31] #0: ffff888143ad3148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 259.396430][ T31] #1: ffffc90003787c60 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 259.426495][ T31] #2: ffff8880230a20e0 (&type->s_umount_key#43){++++}-{4:4}, at: super_trylock_shared+0x20/0xf0 [ 259.466525][ T31] 2 locks held by getty/5576: [ 259.471348][ T31] #0: ffff888030c370a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 259.506486][ T31] #1: ffffc900036e32f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 259.536840][ T31] 2 locks held by syz-executor328/5836: [ 259.542445][ T31] #0: ffff888022856930 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 [ 259.586536][ T31] #1: ffff8880230a2420 (sb_writers#9){++++}-{0:0}, at: freeze_super+0x4c2/0xeb0 [ 259.616442][ T31] 3 locks held by syz-executor328/5856: [ 259.636432][ T31] #0: ffff8880230a2420 (sb_writers#9){++++}-{0:0}, at: vfs_fallocate+0x62a/0x830 [ 259.666474][ T31] #1: ffff888078bcbfd8 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: f2fs_fallocate+0x24e/0x990 [ 259.696430][ T31] #2: ffff888033c5d4f8 (&sbi->pin_sem){+.+.}-{4:4}, at: f2fs_expand_inode_data+0x430/0xaf0 [ 259.726878][ T31] 2 locks held by syz-executor328/5894: [ 259.732487][ T31] #0: ffff888022855db0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 [ 259.776431][ T31] #1: ffff888079b0a420 (sb_writers#9){++++}-{0:0}, at: freeze_super+0x4c2/0xeb0 [ 259.806515][ T31] 3 locks held by syz-executor328/5907: [ 259.826531][ T31] #0: ffff888079b0a420 (sb_writers#9){++++}-{0:0}, at: vfs_fallocate+0x62a/0x830 [ 259.856454][ T31] #1: ffff888074156398 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: f2fs_fallocate+0x24e/0x990 [ 259.886492][ T31] #2: ffff888079f554f8 (&sbi->pin_sem){+.+.}-{4:4}, at: f2fs_expand_inode_data+0x430/0xaf0 [ 259.916870][ T31] 2 locks held by syz-executor328/5896: [ 259.922479][ T31] #0: ffff8880228574b0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 [ 259.974881][ T31] #1: ffff8880240c4420 (sb_writers#9){++++}-{0:0}, at: freeze_super+0x4c2/0xeb0 [ 260.006256][ T31] 3 locks held by syz-executor328/5908: [ 260.016873][ T31] #0: ffff8880240c4420 (sb_writers#9){++++}-{0:0}, at: vfs_fallocate+0x62a/0x830 [ 260.026273][ T31] #1: ffff888074157578 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: f2fs_fallocate+0x24e/0x990 [ 260.076888][ T31] #2: ffff88807f9ad4f8 (&sbi->pin_sem){+.+.}-{4:4}, at: f2fs_expand_inode_data+0x430/0xaf0 [ 260.116490][ T31] 2 locks held by syz-executor328/6364: [ 260.126635][ T31] #0: ffff8880228546b0 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 [ 260.156962][ T31] #1: ffff88807dedc420 (sb_writers#9){++++}-{0:0}, at: freeze_super+0x4c2/0xeb0 [ 260.166250][ T31] 3 locks held by syz-executor328/6374: [ 260.206427][ T31] #0: ffff88807dedc420 (sb_writers#9){++++}-{0:0}, at: vfs_fallocate+0x62a/0x830 [ 260.236510][ T31] #1: ffff88806d35a508 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: f2fs_fallocate+0x24e/0x990 [ 260.266438][ T31] #2: ffff888079e4d4f8 (&sbi->pin_sem){+.+.}-{4:4}, at: f2fs_expand_inode_data+0x430/0xaf0 [ 260.306437][ T31] 2 locks held by syz-executor328/6379: [ 260.316704][ T31] #0: ffff888022855230 (&bdev->bd_fsfreeze_mutex){+.+.}-{4:4}, at: bdev_freeze+0x2a/0x220 [ 260.356478][ T31] #1: ffff888033604420 (sb_writers#9){++++}-{0:0}, at: freeze_super+0x4c2/0xeb0 [ 260.386431][ T31] 3 locks held by syz-executor328/6382: [ 260.396689][ T31] #0: ffff888033604420 (sb_writers#9){++++}-{0:0}, at: vfs_fallocate+0x62a/0x830 [ 260.426799][ T31] #1: ffff88806d037578 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: f2fs_fallocate+0x24e/0x990 [ 260.459040][ T31] #2: ffff8880286b14f8 (&sbi->pin_sem){+.+.}-{4:4}, at: f2fs_expand_inode_data+0x430/0xaf0 [ 260.490678][ T31] [ 260.493067][ T31] ============================================= [ 260.493067][ T31] [ 260.526446][ T31] NMI backtrace for cpu 0 [ 260.526469][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 260.526497][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.526511][ T31] Call Trace: [ 260.526521][ T31] [ 260.526532][ T31] dump_stack_lvl+0x189/0x250 [ 260.526565][ T31] ? __wake_up_klogd+0xd9/0x110 [ 260.526594][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.526624][ T31] ? __pfx__printk+0x10/0x10 [ 260.526672][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 260.526699][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 260.526718][ T31] ? _printk+0xcf/0x120 [ 260.526757][ T31] ? __pfx__printk+0x10/0x10 [ 260.526793][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 260.526824][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 260.526851][ T31] watchdog+0xfee/0x1030 [ 260.526880][ T31] ? watchdog+0x1de/0x1030 [ 260.526916][ T31] kthread+0x70e/0x8a0 [ 260.526945][ T31] ? __pfx_watchdog+0x10/0x10 [ 260.526971][ T31] ? __pfx_kthread+0x10/0x10 [ 260.526997][ T31] ? __pfx_kthread+0x10/0x10 [ 260.527021][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 260.527045][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 260.527073][ T31] ? __pfx_kthread+0x10/0x10 [ 260.527097][ T31] ret_from_fork+0x4b/0x80 [ 260.527118][ T31] ? __pfx_kthread+0x10/0x10 [ 260.527144][ T31] ret_from_fork_asm+0x1a/0x30 [ 260.527193][ T31] [ 260.527202][ T31] Sending NMI from CPU 0 to CPUs 1: [ 260.674442][ C1] NMI backtrace for cpu 1 [ 260.674460][ C1] CPU: 1 UID: 0 PID: 5905 Comm: f2fs_gc-7:4 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 260.674483][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.674495][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 [ 260.674520][ C1] Code: 89 fb e8 23 00 00 00 48 8b 3d 5c c3 d5 0b 48 89 de 5b e9 33 41 55 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 70 72 92 65 8b 15 18 7f [ 260.674538][ C1] RSP: 0018:ffffc90004697b90 EFLAGS: 00000206 [ 260.674555][ C1] RAX: ffffffff818dcd2c RBX: ffff88802fa49e00 RCX: 0000000000000000 [ 260.674569][ C1] RDX: ffff88802fa49e00 RSI: 0000000000200000 RDI: 0000000000000000 [ 260.674582][ C1] RBP: 0000000000200000 R08: ffff88803342a007 R09: 1ffff11006685400 [ 260.674596][ C1] R10: dffffc0000000000 R11: ffffed1006685401 R12: ffff88807f9ac000 [ 260.674610][ C1] R13: dffffc0000000000 R14: ffff88802fa49e2c R15: dffffc0000000000 [ 260.674625][ C1] FS: 0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000 [ 260.674640][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 260.674653][ C1] CR2: 00007f836b5fec18 CR3: 000000000dd38000 CR4: 00000000003526f0 [ 260.674670][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 260.674681][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 260.674693][ C1] Call Trace: [ 260.674702][ C1] [ 260.674709][ C1] kthread_should_stop+0x59/0xf0 [ 260.674730][ C1] gc_thread_func+0x344/0x2b30 [ 260.674771][ C1] ? __pfx_gc_thread_func+0x10/0x10 [ 260.674789][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 260.674812][ C1] ? __kthread_parkme+0x7b/0x200 [ 260.674829][ C1] ? __kthread_parkme+0x1a1/0x200 [ 260.674850][ C1] kthread+0x70e/0x8a0 [ 260.674872][ C1] ? __pfx_gc_thread_func+0x10/0x10 [ 260.674889][ C1] ? __pfx_kthread+0x10/0x10 [ 260.674910][ C1] ? __pfx_kthread+0x10/0x10 [ 260.674929][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 260.674949][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 260.674970][ C1] ? __pfx_kthread+0x10/0x10 [ 260.674990][ C1] ret_from_fork+0x4b/0x80 [ 260.675007][ C1] ? __pfx_kthread+0x10/0x10 [ 260.675026][ C1] ret_from_fork_asm+0x1a/0x30 [ 260.675069][ C1] [ 260.970199][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 260.977138][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) [ 260.988973][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.999056][ T31] Call Trace: [ 261.002356][ T31] [ 261.005314][ T31] dump_stack_lvl+0x99/0x250 [ 261.009944][ T31] ? __asan_memcpy+0x40/0x70 [ 261.014573][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.019804][ T31] ? __pfx__printk+0x10/0x10 [ 261.024445][ T31] panic+0x2db/0x790 [ 261.028374][ T31] ? __pfx_panic+0x10/0x10 [ 261.032824][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 261.038690][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 261.044119][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 261.050321][ T31] watchdog+0x102d/0x1030 [ 261.054703][ T31] ? watchdog+0x1de/0x1030 [ 261.059166][ T31] kthread+0x70e/0x8a0 [ 261.063268][ T31] ? __pfx_watchdog+0x10/0x10 [ 261.067971][ T31] ? __pfx_kthread+0x10/0x10 [ 261.072594][ T31] ? __pfx_kthread+0x10/0x10 [ 261.077211][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 261.082430][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.087699][ T31] ? __pfx_kthread+0x10/0x10 [ 261.092325][ T31] ret_from_fork+0x4b/0x80 [ 261.096761][ T31] ? __pfx_kthread+0x10/0x10 [ 261.101379][ T31] ret_from_fork_asm+0x1a/0x30 [ 261.106195][ T31] [ 261.109593][ T31] Kernel Offset: disabled [ 261.113929][ T31] Rebooting in 86400 seconds..