./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor497041507 <...> Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts. execve("./syz-executor497041507", ["./syz-executor497041507"], 0x7ffe46ecc910 /* 10 vars */) = 0 brk(NULL) = 0x555591d26000 brk(0x555591d26d00) = 0x555591d26d00 arch_prctl(ARCH_SET_FS, 0x555591d26380) = 0 set_tid_address(0x555591d26650) = 5224 set_robust_list(0x555591d26660, 24) = 0 rseq(0x555591d26ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor497041507", 4096) = 27 getrandom("\xb2\x9e\x3b\xdc\x73\xb6\xfa\xe5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555591d26d00 brk(0x555591d47d00) = 0x555591d47d00 brk(0x555591d48000) = 0x555591d48000 mprotect(0x7fa0c64a7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x555591d26660, 24 [pid 5224] <... clone resumed>, child_tidptr=0x555591d26650) = 5225 [pid 5225] <... set_robust_list resumed>) = 0 [pid 5224] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "10000000000", 11) = 11 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "20", 2) = 2 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "0", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "0", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "100", 3) = 3 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "0", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "0", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "7 4 1 3", 7) = 7 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "0", 1) = 1 [pid 5224] close(3) = 0 [pid 5224] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "5225", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] kill(5225, SIGKILL) = 0 [pid 5225] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5225, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5224}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5224}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 mkdir("./syzkaller.D9mDPV", 0700) = 0 chmod("./syzkaller.D9mDPV", 0777) = 0 chdir("./syzkaller.D9mDPV") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x555591d26650) = 5228 [pid 5228] set_robust_list(0x555591d26660, 24) = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setsid() = 1 [pid 5228] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5228] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5228] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5228] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5228] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5228] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5228] unshare(CLONE_NEWNS) = 0 [pid 5228] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5228] unshare(CLONE_NEWIPC) = 0 [pid 5228] unshare(CLONE_NEWCGROUP) = 0 [pid 5228] unshare(CLONE_NEWUTS) = 0 [pid 5228] unshare(CLONE_SYSVSEM) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "16777216", 8) = 8 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "536870912", 9) = 9 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1024", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "8192", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1024", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1024", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5228] close(3) = 0 [pid 5228] getpid() = 1 [pid 5228] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5230] set_robust_list(0x555591d26660, 24) = 0 [pid 5230] chdir("./0" [pid 5228] <... clone resumed>, child_tidptr=0x555591d26650) = 2 [pid 5230] <... chdir resumed>) = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5230] write(1, "executing program\n", 18) = 18 [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0bde00000 [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5230] munmap(0x7fa0bde00000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] mkdir("./file1", 0777) = 0 syzkaller login: [ 74.205047][ T5230] loop0: detected capacity change from 0 to 32768 [ 74.295299][ T5230] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 74.317093][ T5230] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 74.325621][ T5230] bcachefs (loop0): Version upgrade required: [ 74.325621][ T5230] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 74.325621][ T5230] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 74.325621][ T5230] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 74.400374][ T5230] bcachefs (loop0): dropping and reconstructing all alloc info [ 74.420733][ T5230] bcachefs (loop0): check_topology... done [ 74.427280][ T5230] bcachefs (loop0): accounting_read... done [ 74.434504][ T5230] bcachefs (loop0): alloc_read... done [ 74.440093][ T5230] bcachefs (loop0): stripes_read... done [pid 5230] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "data_checksum=xxhash,direct_io,norecovery,fsck,journal_flush_disabled,norecovery,btree_node_mem_ptr_"...) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file1") = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] openat(AT_FDCWD, NULL, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EFAULT (Bad address) [pid 5230] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 5230] close(3) = 0 [pid 5230] close(4) = 0 [pid 5230] close(5) = -1 EBADF (Bad file descriptor) [pid 5230] close(6) = -1 EBADF (Bad file descriptor) [pid 5230] close(7) = -1 EBADF (Bad file descriptor) [pid 5230] close(8) = -1 EBADF (Bad file descriptor) [pid 5230] close(9) = -1 EBADF (Bad file descriptor) [pid 5230] close(10) = -1 EBADF (Bad file descriptor) [pid 5230] close(11) = -1 EBADF (Bad file descriptor) [pid 5230] close(12) = -1 EBADF (Bad file descriptor) [pid 5230] close(13) = -1 EBADF (Bad file descriptor) [pid 5230] close(14) = -1 EBADF (Bad file descriptor) [pid 5230] close(15) = -1 EBADF (Bad file descriptor) [pid 5230] close(16) = -1 EBADF (Bad file descriptor) [pid 5230] close(17) = -1 EBADF (Bad file descriptor) [pid 5230] close(18) = -1 EBADF (Bad file descriptor) [pid 5230] close(19) = -1 EBADF (Bad file descriptor) [pid 5230] close(20) = -1 EBADF (Bad file descriptor) [pid 5230] close(21) = -1 EBADF (Bad file descriptor) [pid 5230] close(22) = -1 EBADF (Bad file descriptor) [ 74.445874][ T5230] bcachefs (loop0): snapshots_read... done [ 74.452134][ T5230] bcachefs (loop0): check_allocations... done [ 74.475544][ T5230] bcachefs (loop0): going read-write [ 74.486037][ T5230] bcachefs (loop0): done starting filesystem [pid 5230] close(23) = -1 EBADF (Bad file descriptor) [pid 5230] close(24) = -1 EBADF (Bad file descriptor) [pid 5230] close(25) = -1 EBADF (Bad file descriptor) [pid 5230] close(26) = -1 EBADF (Bad file descriptor) [pid 5230] close(27) = -1 EBADF (Bad file descriptor) [pid 5230] close(28) = -1 EBADF (Bad file descriptor) [pid 5230] close(29) = -1 EBADF (Bad file descriptor) [pid 5230] exit_group(0) = ? [pid 5230] +++ exited with 0 +++ [pid 5228] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=33 /* 0.33 s */} --- [pid 5228] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5228] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [ 74.585853][ T5230] syz-executor497 (5230) used greatest stack depth: 18416 bytes left [pid 5228] getdents64(3, 0x555591d276f0 /* 4 entries */, 32768) = 112 [pid 5228] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] unlink("./0/binderfs") = 0 [ 74.713353][ T5228] bcachefs (loop0): shutting down [ 74.718970][ T5228] bcachefs (loop0): going read-only [ 74.724575][ T5228] bcachefs (loop0): finished waiting for writes to stop [ 74.735815][ T5228] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 74.763871][ T1590] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 74.777328][ T1590] bcachefs (loop0): fatal error - emergency read only [ 74.784736][ T5228] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 74.794633][ T5228] bcachefs (loop0): unshutdown complete, journal seq 14 [ 74.802422][ T5228] bcachefs (loop0): done going read-only, filesystem not clean [ 74.828286][ T5228] bcachefs (loop0): shutdown complete [pid 5228] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5228] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5228] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(4, 0x555591d2f730 /* 2 entries */, 32768) = 48 [pid 5228] getdents64(4, 0x555591d2f730 /* 0 entries */, 32768) = 0 [pid 5228] close(4) = 0 [pid 5228] rmdir("./0/file1") = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 0 entries */, 32768) = 0 [pid 5228] close(3) = 0 [pid 5228] rmdir("./0") = 0 [pid 5228] mkdir("./1", 0777) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5228] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5228] close(3) = 0 [pid 5228] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x555591d26660, 24) = 0 [pid 5228] <... clone resumed>, child_tidptr=0x555591d26650) = 3 [pid 5241] chdir("./1") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] write(1, "executing program\n", 18) = 18 executing program [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0bde00000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5241] munmap(0x7fa0bde00000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] close(4) = 0 [pid 5241] mkdir("./file1", 0777) = 0 [ 76.280681][ T5241] loop0: detected capacity change from 0 to 32768 [ 76.363647][ T5241] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 76.385133][ T5241] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 76.393194][ T5241] bcachefs (loop0): Version upgrade required: [ 76.393194][ T5241] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 76.393194][ T5241] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 76.393194][ T5241] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 76.465583][ T5241] bcachefs (loop0): dropping and reconstructing all alloc info [ 76.481368][ T5241] bcachefs (loop0): check_topology... done [ 76.487410][ T5241] bcachefs (loop0): accounting_read... done [ 76.494084][ T5241] bcachefs (loop0): alloc_read... done [ 76.499708][ T5241] bcachefs (loop0): stripes_read... done [ 76.505656][ T5241] bcachefs (loop0): snapshots_read... done [pid 5241] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "data_checksum=xxhash,direct_io,norecovery,fsck,journal_flush_disabled,norecovery,btree_node_mem_ptr_"...) = 0 [pid 5241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 76.511630][ T5241] bcachefs (loop0): check_allocations... done [ 76.532589][ T5241] bcachefs (loop0): going read-write [ 76.541174][ T5241] bcachefs (loop0): done starting filesystem [pid 5241] chdir("./file1") = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_CLR_FD) = 0 [pid 5241] close(4) = 0 [pid 5241] openat(AT_FDCWD, NULL, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EFAULT (Bad address) [pid 5241] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 5241] close(3) = 0 [pid 5241] close(4) = 0 [pid 5241] close(5) = -1 EBADF (Bad file descriptor) [pid 5241] close(6) = -1 EBADF (Bad file descriptor) [pid 5241] close(7) = -1 EBADF (Bad file descriptor) [pid 5241] close(8) = -1 EBADF (Bad file descriptor) [pid 5241] close(9) = -1 EBADF (Bad file descriptor) [pid 5241] close(10) = -1 EBADF (Bad file descriptor) [pid 5241] close(11) = -1 EBADF (Bad file descriptor) [pid 5241] close(12) = -1 EBADF (Bad file descriptor) [pid 5241] close(13) = -1 EBADF (Bad file descriptor) [pid 5241] close(14) = -1 EBADF (Bad file descriptor) [pid 5241] close(15) = -1 EBADF (Bad file descriptor) [pid 5241] close(16) = -1 EBADF (Bad file descriptor) [pid 5241] close(17) = -1 EBADF (Bad file descriptor) [pid 5241] close(18) = -1 EBADF (Bad file descriptor) [pid 5241] close(19) = -1 EBADF (Bad file descriptor) [pid 5241] close(20) = -1 EBADF (Bad file descriptor) [pid 5241] close(21) = -1 EBADF (Bad file descriptor) [pid 5241] close(22) = -1 EBADF (Bad file descriptor) [pid 5241] close(23) = -1 EBADF (Bad file descriptor) [pid 5241] close(24) = -1 EBADF (Bad file descriptor) [pid 5241] close(25) = -1 EBADF (Bad file descriptor) [pid 5241] close(26) = -1 EBADF (Bad file descriptor) [pid 5241] close(27) = -1 EBADF (Bad file descriptor) [pid 5241] close(28) = -1 EBADF (Bad file descriptor) [pid 5241] close(29) = -1 EBADF (Bad file descriptor) [pid 5241] exit_group(0) = ? [pid 5241] +++ exited with 0 +++ [pid 5228] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- [pid 5228] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5228] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5228] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 4 entries */, 32768) = 112 [pid 5228] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] unlink("./1/binderfs") = 0 [ 76.942951][ T5228] bcachefs (loop0): shutting down [ 76.948261][ T5228] bcachefs (loop0): going read-only [ 76.953474][ T5228] bcachefs (loop0): finished waiting for writes to stop [ 76.961678][ T5228] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 76.986210][ T1590] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 76.999482][ T1590] bcachefs (loop0): fatal error - emergency read only [ 77.006874][ T5228] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 77.016776][ T5228] bcachefs (loop0): unshutdown complete, journal seq 14 [ 77.025046][ T5228] bcachefs (loop0): done going read-only, filesystem not clean [ 77.043296][ T5228] bcachefs (loop0): shutdown complete [pid 5228] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5228] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5228] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(4, 0x555591d2f730 /* 2 entries */, 32768) = 48 [pid 5228] getdents64(4, 0x555591d2f730 /* 0 entries */, 32768) = 0 [pid 5228] close(4) = 0 [pid 5228] rmdir("./1/file1") = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 0 entries */, 32768) = 0 [pid 5228] close(3) = 0 [pid 5228] rmdir("./1") = 0 [pid 5228] mkdir("./2", 0777) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5228] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5228] close(3) = 0 [pid 5228] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5252 attached [pid 5252] set_robust_list(0x555591d26660, 24) = 0 [pid 5252] chdir("./2" [pid 5228] <... clone resumed>, child_tidptr=0x555591d26650) = 4 [pid 5252] <... chdir resumed>) = 0 [pid 5252] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5252] setpgid(0, 0) = 0 [pid 5252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5252] write(3, "1000", 4) = 4 [pid 5252] close(3) = 0 [pid 5252] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5252] write(1, "executing program\n", 18executing program ) = 18 [pid 5252] memfd_create("syzkaller", 0) = 3 [pid 5252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0bde00000 [pid 5252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5252] munmap(0x7fa0bde00000, 138412032) = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] mkdir("./file1", 0777) = 0 [ 78.567059][ T5252] loop0: detected capacity change from 0 to 32768 [ 78.621384][ T5252] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 78.642711][ T5252] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 78.650943][ T5252] bcachefs (loop0): Version upgrade required: [ 78.650943][ T5252] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 78.650943][ T5252] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 78.650943][ T5252] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 78.724572][ T5252] bcachefs (loop0): dropping and reconstructing all alloc info [ 78.742519][ T5252] bcachefs (loop0): check_topology... done [ 78.748560][ T5252] bcachefs (loop0): accounting_read... done [ 78.754698][ T5252] bcachefs (loop0): alloc_read... done [ 78.760226][ T5252] bcachefs (loop0): stripes_read... done [ 78.766167][ T5252] bcachefs (loop0): snapshots_read... done [pid 5252] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "data_checksum=xxhash,direct_io,norecovery,fsck,journal_flush_disabled,norecovery,btree_node_mem_ptr_"...) = 0 [pid 5252] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5252] chdir("./file1") = 0 [pid 5252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5252] ioctl(4, LOOP_CLR_FD) = 0 [pid 5252] close(4) = 0 [pid 5252] openat(AT_FDCWD, NULL, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EFAULT (Bad address) [pid 5252] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 5252] close(3) = 0 [pid 5252] close(4) = 0 [pid 5252] close(5) = -1 EBADF (Bad file descriptor) [pid 5252] close(6) = -1 EBADF (Bad file descriptor) [pid 5252] close(7) = -1 EBADF (Bad file descriptor) [pid 5252] close(8) = -1 EBADF (Bad file descriptor) [pid 5252] close(9) = -1 EBADF (Bad file descriptor) [pid 5252] close(10) = -1 EBADF (Bad file descriptor) [pid 5252] close(11) = -1 EBADF (Bad file descriptor) [ 78.772148][ T5252] bcachefs (loop0): check_allocations... done [ 78.795024][ T5252] bcachefs (loop0): going read-write [ 78.804060][ T5252] bcachefs (loop0): done starting filesystem [pid 5252] close(12) = -1 EBADF (Bad file descriptor) [pid 5252] close(13) = -1 EBADF (Bad file descriptor) [pid 5252] close(14) = -1 EBADF (Bad file descriptor) [pid 5252] close(15) = -1 EBADF (Bad file descriptor) [pid 5252] close(16) = -1 EBADF (Bad file descriptor) [pid 5252] close(17) = -1 EBADF (Bad file descriptor) [pid 5252] close(18) = -1 EBADF (Bad file descriptor) [pid 5252] close(19) = -1 EBADF (Bad file descriptor) [pid 5252] close(20) = -1 EBADF (Bad file descriptor) [pid 5252] close(21) = -1 EBADF (Bad file descriptor) [pid 5252] close(22) = -1 EBADF (Bad file descriptor) [pid 5252] close(23) = -1 EBADF (Bad file descriptor) [pid 5252] close(24) = -1 EBADF (Bad file descriptor) [pid 5252] close(25) = -1 EBADF (Bad file descriptor) [pid 5252] close(26) = -1 EBADF (Bad file descriptor) [pid 5252] close(27) = -1 EBADF (Bad file descriptor) [pid 5252] close(28) = -1 EBADF (Bad file descriptor) [pid 5252] close(29) = -1 EBADF (Bad file descriptor) [pid 5252] exit_group(0) = ? [pid 5252] +++ exited with 0 +++ [pid 5228] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- [pid 5228] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5228] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 4 entries */, 32768) = 112 [pid 5228] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] unlink("./2/binderfs") = 0 [ 79.124732][ T5228] bcachefs (loop0): shutting down [ 79.129814][ T5228] bcachefs (loop0): going read-only [ 79.135373][ T5228] bcachefs (loop0): finished waiting for writes to stop [ 79.143277][ T5228] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 79.168604][ T12] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 79.181739][ T12] bcachefs (loop0): fatal error - emergency read only [ 79.189011][ T5228] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 79.198876][ T5228] bcachefs (loop0): unshutdown complete, journal seq 14 [ 79.206740][ T5228] bcachefs (loop0): done going read-only, filesystem not clean [ 79.225167][ T5228] bcachefs (loop0): shutdown complete [pid 5228] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5228] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5228] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(4, 0x555591d2f730 /* 2 entries */, 32768) = 48 [pid 5228] getdents64(4, 0x555591d2f730 /* 0 entries */, 32768) = 0 [pid 5228] close(4) = 0 [pid 5228] rmdir("./2/file1") = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 0 entries */, 32768) = 0 [pid 5228] close(3) = 0 [pid 5228] rmdir("./2") = 0 [pid 5228] mkdir("./3", 0777) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5228] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5228] close(3) = 0 [pid 5228] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5264 attached , child_tidptr=0x555591d26650) = 5 [pid 5264] set_robust_list(0x555591d26660, 24) = 0 [pid 5264] chdir("./3") = 0 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5264] setpgid(0, 0) = 0 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5264] write(3, "1000", 4) = 4 [pid 5264] close(3) = 0 [pid 5264] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5264] write(1, "executing program\n", 18executing program ) = 18 [pid 5264] memfd_create("syzkaller", 0) = 3 [pid 5264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0bde00000 [pid 5264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5264] munmap(0x7fa0bde00000, 138412032) = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5264] close(3) = 0 [pid 5264] close(4) = 0 [pid 5264] mkdir("./file1", 0777) = 0 [ 80.666955][ T5264] loop0: detected capacity change from 0 to 32768 [ 80.738846][ T5264] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 80.760319][ T5264] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 80.768531][ T5264] bcachefs (loop0): Version upgrade required: [ 80.768531][ T5264] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 80.768531][ T5264] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 80.768531][ T5264] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 80.841413][ T5264] bcachefs (loop0): dropping and reconstructing all alloc info [ 80.858731][ T5264] bcachefs (loop0): check_topology... done [ 80.864783][ T5264] bcachefs (loop0): accounting_read... done [ 80.871040][ T5264] bcachefs (loop0): alloc_read... done [ 80.876659][ T5264] bcachefs (loop0): stripes_read... done [ 80.882389][ T5264] bcachefs (loop0): snapshots_read... done [pid 5264] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "data_checksum=xxhash,direct_io,norecovery,fsck,journal_flush_disabled,norecovery,btree_node_mem_ptr_"...) = 0 [pid 5264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5264] chdir("./file1") = 0 [pid 5264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5264] ioctl(4, LOOP_CLR_FD) = 0 [pid 5264] close(4) = 0 [ 80.888443][ T5264] bcachefs (loop0): check_allocations... done [ 80.909342][ T5264] bcachefs (loop0): going read-write [ 80.918374][ T5264] bcachefs (loop0): done starting filesystem [pid 5264] openat(AT_FDCWD, NULL, O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 EFAULT (Bad address) [pid 5264] creat("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000) = 4 [pid 5264] close(3) = 0 [pid 5264] close(4) = 0 [pid 5264] close(5) = -1 EBADF (Bad file descriptor) [pid 5264] close(6) = -1 EBADF (Bad file descriptor) [pid 5264] close(7) = -1 EBADF (Bad file descriptor) [pid 5264] close(8) = -1 EBADF (Bad file descriptor) [pid 5264] close(9) = -1 EBADF (Bad file descriptor) [pid 5264] close(10) = -1 EBADF (Bad file descriptor) [pid 5264] close(11) = -1 EBADF (Bad file descriptor) [pid 5264] close(12) = -1 EBADF (Bad file descriptor) [pid 5264] close(13) = -1 EBADF (Bad file descriptor) [pid 5264] close(14) = -1 EBADF (Bad file descriptor) [pid 5264] close(15) = -1 EBADF (Bad file descriptor) [pid 5264] close(16) = -1 EBADF (Bad file descriptor) [pid 5264] close(17) = -1 EBADF (Bad file descriptor) [pid 5264] close(18) = -1 EBADF (Bad file descriptor) [pid 5264] close(19) = -1 EBADF (Bad file descriptor) [pid 5264] close(20) = -1 EBADF (Bad file descriptor) [pid 5264] close(21) = -1 EBADF (Bad file descriptor) [pid 5264] close(22) = -1 EBADF (Bad file descriptor) [pid 5264] close(23) = -1 EBADF (Bad file descriptor) [pid 5264] close(24) = -1 EBADF (Bad file descriptor) [pid 5264] close(25) = -1 EBADF (Bad file descriptor) [pid 5264] close(26) = -1 EBADF (Bad file descriptor) [pid 5264] close(27) = -1 EBADF (Bad file descriptor) [pid 5264] close(28) = -1 EBADF (Bad file descriptor) [pid 5264] close(29) = -1 EBADF (Bad file descriptor) [pid 5264] exit_group(0) = ? [pid 5264] +++ exited with 0 +++ [pid 5228] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- [pid 5228] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5228] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5228] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0 [pid 5228] getdents64(3, 0x555591d276f0 /* 4 entries */, 32768) = 112 [pid 5228] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5228] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5228] unlink("./3/binderfs") = 0 [ 81.329126][ T5228] bcachefs (loop0): shutting down [ 81.334368][ T5228] bcachefs (loop0): going read-only [ 81.339592][ T5228] bcachefs (loop0): finished waiting for writes to stop [ 81.347203][ T5228] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 81.356301][ T5228] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 81.372336][ T5228] bcachefs (loop0): unshutdown complete, journal seq 12 [ 81.376290][ T12] ------------[ cut here ]------------ [ 81.385231][ T12] kernel BUG at fs/bcachefs/journal.h:375! [ 81.391112][ T12] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 81.398077][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 81.408746][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 81.418806][ T12] Workqueue: btree_update btree_interior_update_work [ 81.425526][ T12] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0 [ 81.431700][ T12] Code: fd 90 0f 0b e8 6f d2 78 fd 90 0f 0b e8 67 d2 78 fd 90 0f 0b e8 5f d2 78 fd 90 0f 0b e8 57 d2 78 fd 90 0f 0b e8 4f d2 78 fd 90 <0f> 0b e8 47 d2 78 fd 90 0f 0b e8 3f d2 78 fd 90 0f 0b e8 37 d2 78 [ 81.451326][ T12] RSP: 0018:ffffc900001176c0 EFLAGS: 00010293 [ 81.457401][ T12] RAX: ffffffff841c1561 RBX: 0000000000000000 RCX: ffff88801bee5a00 [ 81.465372][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.473338][ T12] RBP: ffffc90000117890 R08: ffffffff841bb898 R09: 1ffff1100eb194a8 [ 81.481328][ T12] R10: dffffc0000000000 R11: ffffed100eb194a9 R12: ffff888075880000 [ 81.489317][ T12] R13: ffff8880758ca500 R14: 0000000000000044 R15: ffff8880792200d0 [ 81.497303][ T12] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 81.506235][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.512816][ T12] CR2: 00007ffdf2e89d78 CR3: 000000007aa40000 CR4: 00000000003526f0 [ 81.520786][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.528755][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.536723][ T12] Call Trace: [ 81.540000][ T12] [ 81.542927][ T12] ? __die_body+0x5f/0xb0 [ 81.547281][ T12] ? die+0x9e/0xc0 [ 81.551005][ T12] ? do_trap+0x15a/0x3a0 [ 81.555268][ T12] ? __bch2_trans_commit+0x9232/0x93c0 [ 81.560731][ T12] ? do_error_trap+0x1dc/0x2c0 [ 81.565517][ T12] ? __bch2_trans_commit+0x9232/0x93c0 [ 81.570986][ T12] ? __pfx___do_six_trylock+0x10/0x10 [ 81.576368][ T12] ? __pfx_do_error_trap+0x10/0x10 [ 81.581484][ T12] ? handle_invalid_op+0x34/0x40 [ 81.586447][ T12] ? __bch2_trans_commit+0x9232/0x93c0 [ 81.591906][ T12] ? exc_invalid_op+0x38/0x50 [ 81.596598][ T12] ? asm_exc_invalid_op+0x1a/0x20 [ 81.601638][ T12] ? __bch2_trans_commit+0x3568/0x93c0 [ 81.607296][ T12] ? __bch2_trans_commit+0x9231/0x93c0 [ 81.612780][ T12] ? __bch2_trans_commit+0x9232/0x93c0 [ 81.618271][ T12] ? __pfx___bch2_trans_commit+0x10/0x10 [ 81.623913][ T12] ? __bch2_trans_jset_entry_alloc+0x2c7/0x4b0 [ 81.630102][ T12] ? btree_interior_update_work+0x117a/0x2b10 [ 81.636175][ T12] btree_interior_update_work+0x1492/0x2b10 [ 81.642098][ T12] ? __pfx_btree_interior_update_work+0x10/0x10 [ 81.648375][ T12] ? __pfx_lock_acquire+0x10/0x10 [ 81.653526][ T12] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.659519][ T12] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.665862][ T12] ? process_scheduled_works+0x976/0x1850 [ 81.671587][ T12] process_scheduled_works+0xa63/0x1850 [ 81.677176][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 81.683179][ T12] ? assign_work+0x364/0x3d0 [ 81.687803][ T12] worker_thread+0x870/0xd30 [ 81.692412][ T12] ? __kthread_parkme+0x169/0x1d0 [ 81.697448][ T12] ? __pfx_worker_thread+0x10/0x10 [ 81.702582][ T12] kthread+0x2f0/0x390 [ 81.706657][ T12] ? __pfx_worker_thread+0x10/0x10 [ 81.711774][ T12] ? __pfx_kthread+0x10/0x10 [ 81.716362][ T12] ret_from_fork+0x4b/0x80 [ 81.720784][ T12] ? __pfx_kthread+0x10/0x10 [ 81.725371][ T12] ret_from_fork_asm+0x1a/0x30 [ 81.730177][ T12] [ 81.733279][ T12] Modules linked in: [ 81.737283][ T12] ---[ end trace 0000000000000000 ]--- [ 81.742832][ T12] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0 [ 81.749008][ T12] Code: fd 90 0f 0b e8 6f d2 78 fd 90 0f 0b e8 67 d2 78 fd 90 0f 0b e8 5f d2 78 fd 90 0f 0b e8 57 d2 78 fd 90 0f 0b e8 4f d2 78 fd 90 <0f> 0b e8 47 d2 78 fd 90 0f 0b e8 3f d2 78 fd 90 0f 0b e8 37 d2 78 [ 81.768846][ T12] RSP: 0018:ffffc900001176c0 EFLAGS: 00010293 [ 81.775010][ T12] RAX: ffffffff841c1561 RBX: 0000000000000000 RCX: ffff88801bee5a00 [ 81.782983][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.791014][ T12] RBP: ffffc90000117890 R08: ffffffff841bb898 R09: 1ffff1100eb194a8 [ 81.799047][ T12] R10: dffffc0000000000 R11: ffffed100eb194a9 R12: ffff888075880000 [ 81.807079][ T12] R13: ffff8880758ca500 R14: 0000000000000044 R15: ffff8880792200d0 [ 81.815109][ T12] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 81.824106][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.830720][ T12] CR2: 00007ffdf2e89d78 CR3: 000000007aa40000 CR4: 00000000003526f0 [ 81.838754][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.846829][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.854885][ T12] Kernel panic - not syncing: Fatal exception [ 81.861280][ T12] Kernel Offset: disabled [ 81.865617][ T12] Rebooting in 86400 seconds..