./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1235719657 <...> Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. execve("./syz-executor1235719657", ["./syz-executor1235719657"], 0x7ffe4c736440 /* 10 vars */) = 0 brk(NULL) = 0x555581698000 brk(0x555581698d00) = 0x555581698d00 arch_prctl(ARCH_SET_FS, 0x555581698380) = 0 set_tid_address(0x555581698650) = 5835 set_robust_list(0x555581698660, 24) = 0 rseq(0x555581698ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1235719657", 4096) = 28 getrandom("\x24\x58\xcd\xb7\x20\xe0\xb5\x01", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581698d00 brk(0x5555816b9d00) = 0x5555816b9d00 brk(0x5555816ba000) = 0x5555816ba000 mprotect(0x7f297f98f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.UyjmTp", 0700) = 0 chmod("./syzkaller.UyjmTp", 0777) = 0 chdir("./syzkaller.UyjmTp") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x555581698650) = 5836 [pid 5836] set_robust_list(0x555581698660, 24) = 0 [pid 5836] chdir("./0") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] write(1, "executing program\n", 18executing program ) = 18 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5836] munmap(0x7f2977400000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file1", 0777) = 0 [ 78.377596][ T5836] loop0: detected capacity change from 0 to 32768 [ 78.469161][ T5836] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 78.488542][ T5836] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 78.497147][ T5836] bcachefs (loop0): Version upgrade required: [ 78.497147][ T5836] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 78.497147][ T5836] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 78.497147][ T5836] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 78.571099][ T5836] bcachefs (loop0): dropping and reconstructing all alloc info [ 78.590034][ T5836] bcachefs (loop0): check_topology... done [ 78.596151][ T5836] bcachefs (loop0): accounting_read... done [ 78.603500][ T5836] bcachefs (loop0): alloc_read... done [ 78.609065][ T5836] bcachefs (loop0): stripes_read... done [ 78.614897][ T5836] bcachefs (loop0): snapshots_read... done [pid 5836] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5836] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file1") = 0 [ 78.621340][ T5836] bcachefs (loop0): check_allocations... done [ 78.645526][ T5836] bcachefs (loop0): going read-write [ 78.656754][ T5836] bcachefs (loop0): done starting filesystem [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_CLR_FD) = 0 [pid 5836] close(4) = 0 [ 78.722860][ T5836] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 78.722896][ T5836] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 78.752572][ T5836] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5836] creat("./file0/file0", 000) = 4 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [ 78.752608][ T5836] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 78.780654][ T5836] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 78.780672][ T5836] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=42 /* 0.42 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 78.822983][ T5836] syz-executor123 (5836) used greatest stack depth: 12016 bytes left newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 78.928424][ T5835] bcachefs (loop0): shutting down [ 78.933869][ T5835] bcachefs (loop0): going read-only [ 78.939427][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 78.950383][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 78.974754][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 78.987098][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 78.995152][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 79.016829][ T5835] bcachefs (loop0): shutdown complete umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached , child_tidptr=0x555581698650) = 5849 [pid 5849] set_robust_list(0x555581698660, 24) = 0 [pid 5849] chdir("./1") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5849] munmap(0x7f2977400000, 138412032) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] close(4) = 0 [pid 5849] mkdir("./file1", 0777) = 0 [ 80.465249][ T5849] loop0: detected capacity change from 0 to 32768 [ 80.541667][ T5849] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 80.560600][ T5849] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 80.568905][ T5849] bcachefs (loop0): Version upgrade required: [ 80.568905][ T5849] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 80.568905][ T5849] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 80.568905][ T5849] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 80.642698][ T5849] bcachefs (loop0): dropping and reconstructing all alloc info [ 80.660143][ T5849] bcachefs (loop0): check_topology... done [ 80.666320][ T5849] bcachefs (loop0): accounting_read... done [ 80.672981][ T5849] bcachefs (loop0): alloc_read... done [ 80.678532][ T5849] bcachefs (loop0): stripes_read... done [ 80.684287][ T5849] bcachefs (loop0): snapshots_read... done [pid 5849] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5849] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file1") = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_CLR_FD) = 0 [ 80.690277][ T5849] bcachefs (loop0): check_allocations... done [ 80.711949][ T5849] bcachefs (loop0): going read-write [ 80.720306][ T5849] bcachefs (loop0): done starting filesystem [pid 5849] close(4) = 0 [ 80.791196][ T5849] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 80.791220][ T5849] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 80.824943][ T5849] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5849] creat("./file0/file0", 000) = 4 [pid 5849] exit_group(0) = ? [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [ 80.824966][ T5849] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 80.852968][ T5849] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 80.852986][ T5849] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 81.012733][ T5835] bcachefs (loop0): shutting down [ 81.017848][ T5835] bcachefs (loop0): going read-only [ 81.023390][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 81.031222][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 81.043569][ T61] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 81.056938][ T61] bcachefs (loop0): fatal error - emergency read only [ 81.065168][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12 [ 81.074974][ T5835] bcachefs (loop0): unshutdown complete, journal seq 12 [ 81.082798][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 81.102735][ T5835] bcachefs (loop0): shutdown complete umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x555581698650) = 5860 [pid 5860] set_robust_list(0x555581698660, 24) = 0 [pid 5860] chdir("./2") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] write(1, "executing program\n", 18executing program ) = 18 [pid 5860] memfd_create("syzkaller", 0) = 3 [pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5860] munmap(0x7f2977400000, 138412032) = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5860] close(3) = 0 [pid 5860] close(4) = 0 [pid 5860] mkdir("./file1", 0777) = 0 [ 82.542318][ T5860] loop0: detected capacity change from 0 to 32768 [ 82.616148][ T5860] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 82.635390][ T5860] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 82.643775][ T5860] bcachefs (loop0): Version upgrade required: [ 82.643775][ T5860] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 82.643775][ T5860] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 82.643775][ T5860] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 82.716234][ T5860] bcachefs (loop0): dropping and reconstructing all alloc info [ 82.734323][ T5860] bcachefs (loop0): check_topology... done [ 82.740310][ T5860] bcachefs (loop0): accounting_read... done [ 82.746665][ T5860] bcachefs (loop0): alloc_read... done [ 82.752357][ T5860] bcachefs (loop0): stripes_read... done [ 82.758062][ T5860] bcachefs (loop0): snapshots_read... done [pid 5860] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5860] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5860] chdir("./file1") = 0 [pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5860] ioctl(4, LOOP_CLR_FD) = 0 [ 82.764117][ T5860] bcachefs (loop0): check_allocations... done [ 82.785472][ T5860] bcachefs (loop0): going read-write [ 82.795177][ T5860] bcachefs (loop0): done starting filesystem [pid 5860] close(4) = 0 [ 82.868262][ T5860] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 82.868284][ T5860] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 82.896195][ T5860] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5860] creat("./file0/file0", 000) = 4 [pid 5860] exit_group(0) = ? [pid 5860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5860, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.896216][ T5860] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 82.924165][ T5860] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 82.924182][ T5860] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 83.036954][ T5835] bcachefs (loop0): shutting down [ 83.042247][ T5835] bcachefs (loop0): going read-only [ 83.047460][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 83.055816][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 83.078287][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 83.089689][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 83.097529][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 83.115791][ T5835] bcachefs (loop0): shutdown complete umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5871 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5871] chdir("./3") = 0 [pid 5871] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5871] setpgid(0, 0) = 0 [pid 5871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5871] write(3, "1000", 4) = 4 [pid 5871] close(3) = 0 [pid 5871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5871] write(1, "executing program\n", 18executing program ) = 18 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5871] munmap(0x7f2977400000, 138412032) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] close(4) = 0 [pid 5871] mkdir("./file1", 0777) = 0 [ 84.551232][ T5871] loop0: detected capacity change from 0 to 32768 [ 84.626780][ T5871] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 84.647278][ T5871] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 84.655498][ T5871] bcachefs (loop0): Version upgrade required: [ 84.655498][ T5871] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 84.655498][ T5871] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 84.655498][ T5871] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 84.727654][ T5871] bcachefs (loop0): dropping and reconstructing all alloc info [ 84.744864][ T5871] bcachefs (loop0): check_topology... done [ 84.750847][ T5871] bcachefs (loop0): accounting_read... done [ 84.757394][ T5871] bcachefs (loop0): alloc_read... done [ 84.763144][ T5871] bcachefs (loop0): stripes_read... done [ 84.768896][ T5871] bcachefs (loop0): snapshots_read... done [pid 5871] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5871] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./file1") = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_CLR_FD) = 0 [ 84.775061][ T5871] bcachefs (loop0): check_allocations... done [ 84.796356][ T5871] bcachefs (loop0): going read-write [ 84.805694][ T5871] bcachefs (loop0): done starting filesystem [pid 5871] close(4) = 0 [ 84.875947][ T5871] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 84.875969][ T5871] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 84.904011][ T5871] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5871] creat("./file0/file0", 000) = 4 [pid 5871] exit_group(0) = ? [pid 5871] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5871, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.904035][ T5871] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 84.931912][ T5871] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 84.931929][ T5871] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 85.087123][ T5835] bcachefs (loop0): shutting down [ 85.092369][ T5835] bcachefs (loop0): going read-only [ 85.097660][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 85.105988][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 85.127547][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 85.139322][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 85.147590][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 85.165208][ T5835] bcachefs (loop0): shutdown complete umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x555581698660, 24) = 0 [pid 5882] chdir("./4") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5882 [pid 5882] <... write resumed>) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5882] write(1, "executing program\n", 18) = 18 [pid 5882] memfd_create("syzkaller", 0) = 3 [pid 5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5882] munmap(0x7f2977400000, 138412032) = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5882] close(3) = 0 [pid 5882] close(4) = 0 [pid 5882] mkdir("./file1", 0777) = 0 [ 86.523165][ T5882] loop0: detected capacity change from 0 to 32768 [ 86.596740][ T5882] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 86.615975][ T5882] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 86.624262][ T5882] bcachefs (loop0): Version upgrade required: [ 86.624262][ T5882] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 86.624262][ T5882] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 86.624262][ T5882] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 86.696491][ T5882] bcachefs (loop0): dropping and reconstructing all alloc info [ 86.713813][ T5882] bcachefs (loop0): check_topology... done [ 86.719722][ T5882] bcachefs (loop0): accounting_read... done [ 86.726620][ T5882] bcachefs (loop0): alloc_read... done [ 86.732280][ T5882] bcachefs (loop0): stripes_read... done [ 86.738006][ T5882] bcachefs (loop0): snapshots_read... done [pid 5882] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5882] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5882] chdir("./file1") = 0 [pid 5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5882] ioctl(4, LOOP_CLR_FD) = 0 [pid 5882] close(4) = 0 [ 86.744164][ T5882] bcachefs (loop0): check_allocations... done [ 86.764836][ T5882] bcachefs (loop0): going read-write [ 86.774364][ T5882] bcachefs (loop0): done starting filesystem [ 86.808614][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 86.808639][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 86.837956][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5882] creat("./file0/file0", 000) = 4 [pid 5882] exit_group(0) = ? [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.837980][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 86.866344][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 86.866362][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 87.024322][ T5835] bcachefs (loop0): shutting down [ 87.029399][ T5835] bcachefs (loop0): going read-only [ 87.035057][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 87.043251][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 87.064786][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 87.076397][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 87.084580][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 87.108763][ T5835] bcachefs (loop0): shutdown complete umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached [pid 5895] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5895 [pid 5895] <... set_robust_list resumed>) = 0 [pid 5895] chdir("./5") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] write(1, "executing program\n", 18executing program ) = 18 [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5895] munmap(0x7f2977400000, 138412032) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] close(4) = 0 [pid 5895] mkdir("./file1", 0777) = 0 [ 88.487226][ T5895] loop0: detected capacity change from 0 to 32768 [ 88.586470][ T5895] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 88.605274][ T5895] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 88.613749][ T5895] bcachefs (loop0): Version upgrade required: [ 88.613749][ T5895] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 88.613749][ T5895] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 88.613749][ T5895] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 88.686619][ T5895] bcachefs (loop0): dropping and reconstructing all alloc info [ 88.703038][ T5895] bcachefs (loop0): check_topology... done [ 88.709006][ T5895] bcachefs (loop0): accounting_read... done [ 88.715996][ T5895] bcachefs (loop0): alloc_read... done [ 88.721852][ T5895] bcachefs (loop0): stripes_read... done [ 88.727724][ T5895] bcachefs (loop0): snapshots_read... done [pid 5895] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5895] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./file1") = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 88.733717][ T5895] bcachefs (loop0): check_allocations... done [ 88.754640][ T5895] bcachefs (loop0): going read-write [ 88.764549][ T5895] bcachefs (loop0): done starting filesystem [pid 5895] ioctl(4, LOOP_CLR_FD) = 0 [pid 5895] close(4) = 0 [ 88.849844][ T5895] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 88.849868][ T5895] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 88.878486][ T5895] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5895] creat("./file0/file0", 000) = 4 [pid 5895] exit_group(0) = ? [pid 5895] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5895, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.878507][ T5895] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 88.906796][ T5895] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 88.906813][ T5895] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 89.069015][ T5835] bcachefs (loop0): shutting down [ 89.074306][ T5835] bcachefs (loop0): going read-only [ 89.079518][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 89.087811][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 89.108314][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 89.119329][ T5835] bcachefs (loop0): unshutdown complete, journal seq 15 [ 89.127244][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 89.146559][ T5835] bcachefs (loop0): shutdown complete umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5906 attached , child_tidptr=0x555581698650) = 5906 [pid 5906] set_robust_list(0x555581698660, 24) = 0 [pid 5906] chdir("./6") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] write(1, "executing program\n", 18executing program ) = 18 [pid 5906] memfd_create("syzkaller", 0) = 3 [pid 5906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5906] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5906] munmap(0x7f2977400000, 138412032) = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5906] close(3) = 0 [pid 5906] close(4) = 0 [pid 5906] mkdir("./file1", 0777) = 0 [ 90.507294][ T5906] loop0: detected capacity change from 0 to 32768 [ 90.573012][ T5906] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 90.591710][ T5906] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 90.599772][ T5906] bcachefs (loop0): Version upgrade required: [ 90.599772][ T5906] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 90.599772][ T5906] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 90.599772][ T5906] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 90.672938][ T5906] bcachefs (loop0): dropping and reconstructing all alloc info [ 90.688815][ T5906] bcachefs (loop0): check_topology... done [ 90.695234][ T5906] bcachefs (loop0): accounting_read... done [ 90.701603][ T5906] bcachefs (loop0): alloc_read... done [ 90.707149][ T5906] bcachefs (loop0): stripes_read... done [ 90.713106][ T5906] bcachefs (loop0): snapshots_read... done [pid 5906] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5906] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5906] chdir("./file1") = 0 [pid 5906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5906] ioctl(4, LOOP_CLR_FD) = 0 [ 90.719068][ T5906] bcachefs (loop0): check_allocations... done [ 90.739132][ T5906] bcachefs (loop0): going read-write [ 90.748615][ T5906] bcachefs (loop0): done starting filesystem [pid 5906] close(4) = 0 [ 90.818976][ T5906] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 90.818998][ T5906] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 90.848004][ T5906] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5906] creat("./file0/file0", 000) = 4 [pid 5906] exit_group(0) = ? [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- [ 90.848027][ T5906] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 90.875977][ T5906] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 90.875998][ T5906] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 [ 91.041684][ T5835] bcachefs (loop0): shutting down [ 91.046787][ T5835] bcachefs (loop0): going read-only [ 91.052391][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 91.059849][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 91.082041][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 91.093616][ T5835] bcachefs (loop0): unshutdown complete, journal seq 15 [ 91.101915][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 91.122651][ T5835] bcachefs (loop0): shutdown complete umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5918 attached , child_tidptr=0x555581698650) = 5918 [pid 5918] set_robust_list(0x555581698660, 24) = 0 [pid 5918] chdir("./7") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 executing program [ 92.194213][ T25] cfg80211: failed to load regulatory.db [pid 5918] write(1, "executing program\n", 18) = 18 [pid 5918] memfd_create("syzkaller", 0) = 3 [pid 5918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5918] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5918] munmap(0x7f2977400000, 138412032) = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5918] close(3) = 0 [pid 5918] close(4) = 0 [pid 5918] mkdir("./file1", 0777) = 0 [ 92.575605][ T5918] loop0: detected capacity change from 0 to 32768 [ 92.721722][ T5918] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 92.740683][ T5918] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 92.748939][ T5918] bcachefs (loop0): Version upgrade required: [ 92.748939][ T5918] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 92.748939][ T5918] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 92.748939][ T5918] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 92.821422][ T5918] bcachefs (loop0): dropping and reconstructing all alloc info [ 92.837754][ T5918] bcachefs (loop0): check_topology... done [ 92.843878][ T5918] bcachefs (loop0): accounting_read... done [ 92.850148][ T5918] bcachefs (loop0): alloc_read... done [ 92.856234][ T5918] bcachefs (loop0): stripes_read... done [ 92.862047][ T5918] bcachefs (loop0): snapshots_read... done [pid 5918] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5918] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5918] chdir("./file1") = 0 [pid 5918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5918] ioctl(4, LOOP_CLR_FD) = 0 [ 92.868176][ T5918] bcachefs (loop0): check_allocations... done [ 92.888926][ T5918] bcachefs (loop0): going read-write [ 92.902222][ T5918] bcachefs (loop0): done starting filesystem [pid 5918] close(4) = 0 [ 92.989670][ T5918] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 92.989694][ T5918] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 93.019296][ T5918] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5918] creat("./file0/file0", 000) = 4 [pid 5918] exit_group(0) = ? [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=47 /* 0.47 s */} --- umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 93.019317][ T5918] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 93.047100][ T5918] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 93.047117][ T5918] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 [ 93.182720][ T5835] bcachefs (loop0): shutting down [ 93.187861][ T5835] bcachefs (loop0): going read-only [ 93.193477][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 93.201777][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 93.223895][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 93.235112][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 93.242908][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 93.261371][ T5835] bcachefs (loop0): shutdown complete umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5929 [pid 5929] <... set_robust_list resumed>) = 0 [pid 5929] chdir("./8") = 0 [pid 5929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5929] setpgid(0, 0) = 0 [pid 5929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5929] write(3, "1000", 4) = 4 [pid 5929] close(3) = 0 [pid 5929] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5929] write(1, "executing program\n", 18) = 18 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5929] munmap(0x7f2977400000, 138412032) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] close(4) = 0 [pid 5929] mkdir("./file1", 0777) = 0 [ 94.648473][ T5929] loop0: detected capacity change from 0 to 32768 [ 94.722454][ T5929] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 94.741130][ T5929] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 94.749207][ T5929] bcachefs (loop0): Version upgrade required: [ 94.749207][ T5929] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 94.749207][ T5929] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 94.749207][ T5929] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 94.822936][ T5929] bcachefs (loop0): dropping and reconstructing all alloc info [ 94.844514][ T5929] bcachefs (loop0): check_topology... done [ 94.850498][ T5929] bcachefs (loop0): accounting_read... done [ 94.856959][ T5929] bcachefs (loop0): alloc_read... done [ 94.862568][ T5929] bcachefs (loop0): stripes_read... done [pid 5929] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file1") = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_CLR_FD) = 0 [pid 5929] close(4) = 0 [ 94.868319][ T5929] bcachefs (loop0): snapshots_read... done [ 94.874678][ T5929] bcachefs (loop0): check_allocations... done [ 94.897018][ T5929] bcachefs (loop0): going read-write [ 94.906169][ T5929] bcachefs (loop0): done starting filesystem [ 94.937396][ T5929] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 94.937420][ T5929] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 94.966710][ T5929] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5929] creat("./file0/file0", 000) = 4 [pid 5929] exit_group(0) = ? [pid 5929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5929, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- [ 94.966733][ T5929] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 94.996065][ T5929] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 94.996082][ T5929] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 95.150740][ T5835] bcachefs (loop0): shutting down [ 95.156393][ T5835] bcachefs (loop0): going read-only [ 95.162908][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 95.170499][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 95.190757][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 95.201610][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 95.209253][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 95.227290][ T5835] bcachefs (loop0): shutdown complete umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached , child_tidptr=0x555581698650) = 5940 [pid 5940] set_robust_list(0x555581698660, 24) = 0 [pid 5940] chdir("./9") = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5940] write(1, "executing program\n", 18) = 18 [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5940] munmap(0x7f2977400000, 138412032) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [pid 5940] close(4) = 0 [pid 5940] mkdir("./file1", 0777) = 0 [ 96.727360][ T5940] loop0: detected capacity change from 0 to 32768 [ 96.810565][ T5940] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 96.829326][ T5940] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 96.837763][ T5940] bcachefs (loop0): Version upgrade required: [ 96.837763][ T5940] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 96.837763][ T5940] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 96.837763][ T5940] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 96.909913][ T5940] bcachefs (loop0): dropping and reconstructing all alloc info [ 96.926960][ T5940] bcachefs (loop0): check_topology... done [ 96.932936][ T5940] bcachefs (loop0): accounting_read... done [ 96.939033][ T5940] bcachefs (loop0): alloc_read... done [ 96.944688][ T5940] bcachefs (loop0): stripes_read... done [ 96.950576][ T5940] bcachefs (loop0): snapshots_read... done [pid 5940] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5940] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./file1") = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_CLR_FD) = 0 [ 96.956641][ T5940] bcachefs (loop0): check_allocations... done [ 96.976705][ T5940] bcachefs (loop0): going read-write [ 96.985421][ T5940] bcachefs (loop0): done starting filesystem [pid 5940] close(4) = 0 [ 97.055138][ T5940] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 97.055164][ T5940] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 97.083194][ T5940] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5940] creat("./file0/file0", 000) = 4 [pid 5940] exit_group(0) = ? [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 97.083216][ T5940] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 97.111826][ T5940] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 97.111851][ T5940] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 97.255931][ T5835] bcachefs (loop0): shutting down [ 97.261317][ T5835] bcachefs (loop0): going read-only [ 97.266530][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 97.275300][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 97.295858][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 97.306604][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 97.314821][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 97.333427][ T5835] bcachefs (loop0): shutdown complete umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x555581698660, 24) = 0 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5951 [pid 5951] chdir("./10") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5951] write(1, "executing program\n", 18) = 18 [pid 5951] memfd_create("syzkaller", 0) = 3 [pid 5951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5951] munmap(0x7f2977400000, 138412032) = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5951] close(3) = 0 [pid 5951] close(4) = 0 [pid 5951] mkdir("./file1", 0777) = 0 [ 98.810707][ T5951] loop0: detected capacity change from 0 to 32768 [ 98.889982][ T5951] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 98.909287][ T5951] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 98.917584][ T5951] bcachefs (loop0): Version upgrade required: [ 98.917584][ T5951] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 98.917584][ T5951] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 98.917584][ T5951] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 98.989788][ T5951] bcachefs (loop0): dropping and reconstructing all alloc info [ 99.009144][ T5951] bcachefs (loop0): check_topology... done [ 99.015121][ T5951] bcachefs (loop0): accounting_read... done [ 99.021305][ T5951] bcachefs (loop0): alloc_read... done [ 99.026852][ T5951] bcachefs (loop0): stripes_read... done [ 99.032661][ T5951] bcachefs (loop0): snapshots_read... done [pid 5951] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5951] chdir("./file1") = 0 [pid 5951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5951] ioctl(4, LOOP_CLR_FD) = 0 [pid 5951] close(4) = 0 [ 99.038625][ T5951] bcachefs (loop0): check_allocations... done [ 99.059697][ T5951] bcachefs (loop0): going read-write [ 99.068785][ T5951] bcachefs (loop0): done starting filesystem [ 99.116243][ T5951] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 99.116269][ T5951] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 99.146578][ T5951] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5951] creat("./file0/file0", 000) = 4 [pid 5951] exit_group(0) = ? [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 99.146599][ T5951] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 99.174316][ T5951] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 99.174338][ T5951] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 99.335234][ T5835] bcachefs (loop0): shutting down [ 99.340322][ T5835] bcachefs (loop0): going read-only [ 99.345885][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 99.353382][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 99.373753][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 99.384702][ T5835] bcachefs (loop0): unshutdown complete, journal seq 15 [ 99.392548][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 99.409458][ T5835] bcachefs (loop0): shutdown complete umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5962 attached [pid 5962] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 5962 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5962] chdir("./11") = 0 [pid 5962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5962] setpgid(0, 0) = 0 [pid 5962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5962] write(3, "1000", 4) = 4 [pid 5962] close(3) = 0 [pid 5962] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5962] write(1, "executing program\n", 18) = 18 [pid 5962] memfd_create("syzkaller", 0) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5962] munmap(0x7f2977400000, 138412032) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] close(4) = 0 [pid 5962] mkdir("./file1", 0777) = 0 [ 100.721991][ T5962] loop0: detected capacity change from 0 to 32768 [ 100.800441][ T5962] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 100.819295][ T5962] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 100.828166][ T5962] bcachefs (loop0): Version upgrade required: [ 100.828166][ T5962] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 100.828166][ T5962] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 100.828166][ T5962] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 100.901294][ T5962] bcachefs (loop0): dropping and reconstructing all alloc info [ 100.917923][ T5962] bcachefs (loop0): check_topology... done [ 100.924069][ T5962] bcachefs (loop0): accounting_read... done [ 100.930307][ T5962] bcachefs (loop0): alloc_read... done [ 100.935941][ T5962] bcachefs (loop0): stripes_read... done [ 100.941723][ T5962] bcachefs (loop0): snapshots_read... done [pid 5962] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5962] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file1") = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 100.947727][ T5962] bcachefs (loop0): check_allocations... done [ 100.968322][ T5962] bcachefs (loop0): going read-write [ 100.977513][ T5962] bcachefs (loop0): done starting filesystem [pid 5962] ioctl(4, LOOP_CLR_FD) = 0 [pid 5962] close(4) = 0 [ 101.060695][ T5962] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 101.060718][ T5962] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 101.089469][ T5962] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5962] creat("./file0/file0", 000) = 4 [pid 5962] exit_group(0) = ? [pid 5962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5962, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=34 /* 0.34 s */} --- [ 101.089487][ T5962] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 101.117431][ T5962] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 101.117453][ T5962] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 [ 101.312256][ T5835] bcachefs (loop0): shutting down [ 101.317340][ T5835] bcachefs (loop0): going read-only [ 101.322941][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 101.330679][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 101.351519][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 101.362349][ T5835] bcachefs (loop0): unshutdown complete, journal seq 15 [ 101.370066][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 101.388169][ T5835] bcachefs (loop0): shutdown complete umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5973 attached , child_tidptr=0x555581698650) = 5973 [pid 5973] set_robust_list(0x555581698660, 24) = 0 [pid 5973] chdir("./12") = 0 [pid 5973] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5973] setpgid(0, 0) = 0 [pid 5973] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5973] write(3, "1000", 4) = 4 [pid 5973] close(3) = 0 [pid 5973] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5973] write(1, "executing program\n", 18executing program ) = 18 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5973] munmap(0x7f2977400000, 138412032) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] close(4) = 0 [pid 5973] mkdir("./file1", 0777) = 0 [ 102.899097][ T5973] loop0: detected capacity change from 0 to 32768 [ 102.988222][ T5973] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 103.006948][ T5973] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 103.015330][ T5973] bcachefs (loop0): Version upgrade required: [ 103.015330][ T5973] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 103.015330][ T5973] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 103.015330][ T5973] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 103.089250][ T5973] bcachefs (loop0): dropping and reconstructing all alloc info [ 103.105852][ T5973] bcachefs (loop0): check_topology... done [ 103.112013][ T5973] bcachefs (loop0): accounting_read... done [ 103.118129][ T5973] bcachefs (loop0): alloc_read... done [ 103.123916][ T5973] bcachefs (loop0): stripes_read... done [ 103.129806][ T5973] bcachefs (loop0): snapshots_read... done [pid 5973] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5973] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./file1") = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 103.136399][ T5973] bcachefs (loop0): check_allocations... done [ 103.157937][ T5973] bcachefs (loop0): going read-write [ 103.167478][ T5973] bcachefs (loop0): done starting filesystem [pid 5973] ioctl(4, LOOP_CLR_FD) = 0 [pid 5973] close(4) = 0 [ 103.248794][ T5973] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 103.248819][ T5973] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 103.276702][ T5973] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5973] creat("./file0/file0", 000) = 4 [pid 5973] exit_group(0) = ? [pid 5973] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5973, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 103.276723][ T5973] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 103.306366][ T5973] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 103.306383][ T5973] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 103.458220][ T5835] bcachefs (loop0): shutting down [ 103.464603][ T5835] bcachefs (loop0): going read-only [ 103.470032][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 103.478312][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 103.499914][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 103.512003][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 103.519731][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 103.538333][ T5835] bcachefs (loop0): shutdown complete umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5984 attached , child_tidptr=0x555581698650) = 5984 [pid 5984] set_robust_list(0x555581698660, 24) = 0 [pid 5984] chdir("./13") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5984] write(1, "executing program\n", 18) = 18 [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5984] munmap(0x7f2977400000, 138412032) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] close(4) = 0 [pid 5984] mkdir("./file1", 0777) = 0 [ 104.945553][ T5984] loop0: detected capacity change from 0 to 32768 [ 105.018096][ T5984] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 105.037502][ T5984] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 105.045686][ T5984] bcachefs (loop0): Version upgrade required: [ 105.045686][ T5984] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 105.045686][ T5984] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 105.045686][ T5984] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 105.117740][ T5984] bcachefs (loop0): dropping and reconstructing all alloc info [ 105.134038][ T5984] bcachefs (loop0): check_topology... done [ 105.139963][ T5984] bcachefs (loop0): accounting_read... done [ 105.146525][ T5984] bcachefs (loop0): alloc_read... done [ 105.152222][ T5984] bcachefs (loop0): stripes_read... done [ 105.157951][ T5984] bcachefs (loop0): snapshots_read... done [pid 5984] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5984] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./file1") = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_CLR_FD) = 0 [pid 5984] close(4) = 0 [ 105.164058][ T5984] bcachefs (loop0): check_allocations... done [ 105.184297][ T5984] bcachefs (loop0): going read-write [ 105.193846][ T5984] bcachefs (loop0): done starting filesystem [ 105.224981][ T5984] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 105.225006][ T5984] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 105.254139][ T5984] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5984] creat("./file0/file0", 000) = 4 [pid 5984] exit_group(0) = ? [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.254163][ T5984] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 105.282825][ T5984] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 105.282848][ T5984] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 105.454990][ T5835] bcachefs (loop0): shutting down [ 105.460082][ T5835] bcachefs (loop0): going read-only [ 105.465634][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 105.473347][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 105.494584][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15 [ 105.505692][ T5835] bcachefs (loop0): unshutdown complete, journal seq 16 [ 105.513676][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 105.531946][ T5835] bcachefs (loop0): shutdown complete umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x555581698650) = 5995 [pid 5995] set_robust_list(0x555581698660, 24) = 0 [pid 5995] chdir("./14") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] write(1, "executing program\n", 18executing program ) = 18 [pid 5995] memfd_create("syzkaller", 0) = 3 [pid 5995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 5995] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5995] munmap(0x7f2977400000, 138412032) = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5995] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5995] close(3) = 0 [pid 5995] close(4) = 0 [pid 5995] mkdir("./file1", 0777) = 0 [ 106.983702][ T5995] loop0: detected capacity change from 0 to 32768 [ 107.056018][ T5995] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 107.075074][ T5995] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 107.083295][ T5995] bcachefs (loop0): Version upgrade required: [ 107.083295][ T5995] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 107.083295][ T5995] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 107.083295][ T5995] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 107.155656][ T5995] bcachefs (loop0): dropping and reconstructing all alloc info [ 107.171897][ T5995] bcachefs (loop0): check_topology... done [ 107.177789][ T5995] bcachefs (loop0): accounting_read... done [ 107.184349][ T5995] bcachefs (loop0): alloc_read... done [ 107.190094][ T5995] bcachefs (loop0): stripes_read... done [ 107.196059][ T5995] bcachefs (loop0): snapshots_read... done [pid 5995] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 5995] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 107.202085][ T5995] bcachefs (loop0): check_allocations... done [ 107.222455][ T5995] bcachefs (loop0): going read-write [ 107.231378][ T5995] bcachefs (loop0): done starting filesystem [pid 5995] chdir("./file1") = 0 [pid 5995] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5995] ioctl(4, LOOP_CLR_FD) = 0 [pid 5995] close(4) = 0 [ 107.320541][ T5995] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 107.320565][ T5995] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 107.348378][ T5995] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 5995] creat("./file0/file0", 000) = 4 [pid 5995] exit_group(0) = ? [pid 5995] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.348399][ T5995] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 107.377556][ T5995] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 107.377582][ T5995] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 [ 107.521338][ T5835] bcachefs (loop0): shutting down [ 107.526535][ T5835] bcachefs (loop0): going read-only [ 107.531935][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 107.539620][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 107.562715][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 107.574113][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 107.581983][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 107.599816][ T5835] bcachefs (loop0): shutdown complete umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6006 attached , child_tidptr=0x555581698650) = 6006 [pid 6006] set_robust_list(0x555581698660, 24) = 0 [pid 6006] chdir("./15") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6006] write(1, "executing program\n", 18) = 18 [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6006] munmap(0x7f2977400000, 138412032) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] close(4) = 0 [pid 6006] mkdir("./file1", 0777) = 0 [ 108.953959][ T6006] loop0: detected capacity change from 0 to 32768 [ 109.017293][ T6006] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 109.036597][ T6006] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 109.045238][ T6006] bcachefs (loop0): Version upgrade required: [ 109.045238][ T6006] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 109.045238][ T6006] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 109.045238][ T6006] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 109.118078][ T6006] bcachefs (loop0): dropping and reconstructing all alloc info [ 109.135155][ T6006] bcachefs (loop0): check_topology... done [ 109.141130][ T6006] bcachefs (loop0): accounting_read... done [ 109.147213][ T6006] bcachefs (loop0): alloc_read... done [ 109.152817][ T6006] bcachefs (loop0): stripes_read... done [ 109.158562][ T6006] bcachefs (loop0): snapshots_read... done [pid 6006] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6006] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./file1") = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_CLR_FD) = 0 [pid 6006] close(4) = 0 [ 109.164712][ T6006] bcachefs (loop0): check_allocations... done [ 109.185727][ T6006] bcachefs (loop0): going read-write [ 109.194785][ T6006] bcachefs (loop0): done starting filesystem [ 109.223855][ T6006] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 109.223880][ T6006] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 109.254582][ T6006] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6006] creat("./file0/file0", 000) = 4 [pid 6006] exit_group(0) = ? [pid 6006] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6006, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 109.254604][ T6006] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 109.283176][ T6006] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 109.283195][ T6006] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 109.453232][ T5835] bcachefs (loop0): shutting down [ 109.458352][ T5835] bcachefs (loop0): going read-only [ 109.464118][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 109.471945][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 109.493149][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 109.504375][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 109.512187][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 109.529423][ T5835] bcachefs (loop0): shutdown complete umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6017 attached , child_tidptr=0x555581698650) = 6017 [pid 6017] set_robust_list(0x555581698660, 24) = 0 [pid 6017] chdir("./16") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6017] write(1, "executing program\n", 18) = 18 [pid 6017] memfd_create("syzkaller", 0) = 3 [pid 6017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6017] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6017] munmap(0x7f2977400000, 138412032) = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6017] close(3) = 0 [pid 6017] close(4) = 0 [pid 6017] mkdir("./file1", 0777) = 0 [ 110.908851][ T6017] loop0: detected capacity change from 0 to 32768 [ 110.996509][ T6017] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 111.015444][ T6017] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 111.023590][ T6017] bcachefs (loop0): Version upgrade required: [ 111.023590][ T6017] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 111.023590][ T6017] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 111.023590][ T6017] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 111.095884][ T6017] bcachefs (loop0): dropping and reconstructing all alloc info [ 111.112628][ T6017] bcachefs (loop0): check_topology... done [ 111.118507][ T6017] bcachefs (loop0): accounting_read... done [ 111.124739][ T6017] bcachefs (loop0): alloc_read... done [ 111.130335][ T6017] bcachefs (loop0): stripes_read... done [ 111.136155][ T6017] bcachefs (loop0): snapshots_read... done [pid 6017] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6017] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6017] chdir("./file1") = 0 [pid 6017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6017] ioctl(4, LOOP_CLR_FD) = 0 [pid 6017] close(4) = 0 [ 111.142184][ T6017] bcachefs (loop0): check_allocations... done [ 111.162565][ T6017] bcachefs (loop0): going read-write [ 111.171771][ T6017] bcachefs (loop0): done starting filesystem [ 111.206832][ T6017] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 111.206854][ T6017] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 111.239619][ T6017] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6017] creat("./file0/file0", 000) = 4 [pid 6017] exit_group(0) = ? [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 111.239642][ T6017] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 111.267494][ T6017] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 111.267512][ T6017] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 [ 111.398332][ T5835] bcachefs (loop0): shutting down [ 111.403739][ T5835] bcachefs (loop0): going read-only [ 111.409007][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 111.416800][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 111.430491][ T3117] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 111.444769][ T3117] bcachefs (loop0): fatal error - emergency read only [ 111.452651][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12 [ 111.462566][ T5835] bcachefs (loop0): unshutdown complete, journal seq 12 [ 111.470182][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 111.489285][ T5835] bcachefs (loop0): shutdown complete umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6028 attached [pid 6028] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6028 [pid 6028] <... set_robust_list resumed>) = 0 [pid 6028] chdir("./17") = 0 [pid 6028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6028] setpgid(0, 0) = 0 [pid 6028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6028] write(3, "1000", 4) = 4 [pid 6028] close(3) = 0 [pid 6028] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6028] write(1, "executing program\n", 18executing program ) = 18 [pid 6028] memfd_create("syzkaller", 0) = 3 [pid 6028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6028] munmap(0x7f2977400000, 138412032) = 0 [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6028] close(3) = 0 [pid 6028] close(4) = 0 [pid 6028] mkdir("./file1", 0777) = 0 [ 112.914985][ T6028] loop0: detected capacity change from 0 to 32768 [ 112.999439][ T6028] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 113.018322][ T6028] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 113.026836][ T6028] bcachefs (loop0): Version upgrade required: [ 113.026836][ T6028] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 113.026836][ T6028] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 113.026836][ T6028] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 113.099169][ T6028] bcachefs (loop0): dropping and reconstructing all alloc info [ 113.115669][ T6028] bcachefs (loop0): check_topology... done [ 113.121641][ T6028] bcachefs (loop0): accounting_read... done [ 113.127906][ T6028] bcachefs (loop0): alloc_read... done [ 113.134262][ T6028] bcachefs (loop0): stripes_read... done [ 113.140327][ T6028] bcachefs (loop0): snapshots_read... done [pid 6028] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6028] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6028] chdir("./file1") = 0 [ 113.146344][ T6028] bcachefs (loop0): check_allocations... done [ 113.167095][ T6028] bcachefs (loop0): going read-write [ 113.175784][ T6028] bcachefs (loop0): done starting filesystem [pid 6028] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6028] ioctl(4, LOOP_CLR_FD) = 0 [pid 6028] close(4) = 0 [ 113.254550][ T6028] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 113.254572][ T6028] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 113.283373][ T6028] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6028] creat("./file0/file0", 000) = 4 [pid 6028] exit_group(0) = ? [pid 6028] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6028, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 113.283395][ T6028] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 113.311287][ T6028] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 113.311310][ T6028] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 [ 113.418894][ T5835] bcachefs (loop0): shutting down [ 113.424373][ T5835] bcachefs (loop0): going read-only [ 113.429638][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 113.437483][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 113.459696][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 113.472305][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 113.479942][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 113.498931][ T5835] bcachefs (loop0): shutdown complete umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x555581698650) = 6041 [pid 6041] set_robust_list(0x555581698660, 24) = 0 [pid 6041] chdir("./18") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] write(1, "executing program\n", 18executing program ) = 18 [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6041] munmap(0x7f2977400000, 138412032) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6041] close(3) = 0 [pid 6041] close(4) = 0 [pid 6041] mkdir("./file1", 0777) = 0 [ 114.904200][ T6041] loop0: detected capacity change from 0 to 32768 [ 114.988849][ T6041] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 115.007668][ T6041] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 115.016015][ T6041] bcachefs (loop0): Version upgrade required: [ 115.016015][ T6041] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 115.016015][ T6041] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 115.016015][ T6041] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 115.088520][ T6041] bcachefs (loop0): dropping and reconstructing all alloc info [ 115.105461][ T6041] bcachefs (loop0): check_topology... done [ 115.111542][ T6041] bcachefs (loop0): accounting_read... done [ 115.117914][ T6041] bcachefs (loop0): alloc_read... done [ 115.123640][ T6041] bcachefs (loop0): stripes_read... done [ 115.129667][ T6041] bcachefs (loop0): snapshots_read... done [pid 6041] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6041] chdir("./file1") = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6041] ioctl(4, LOOP_CLR_FD) = 0 [pid 6041] close(4) = 0 [ 115.135822][ T6041] bcachefs (loop0): check_allocations... done [ 115.157067][ T6041] bcachefs (loop0): going read-write [ 115.166416][ T6041] bcachefs (loop0): done starting filesystem [ 115.205742][ T6041] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 115.205766][ T6041] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 115.235353][ T6041] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6041] creat("./file0/file0", 000) = 4 [pid 6041] exit_group(0) = ? [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=37 /* 0.37 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 115.235371][ T6041] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 115.263581][ T6041] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 115.263598][ T6041] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 115.431050][ T5835] bcachefs (loop0): shutting down [ 115.436156][ T5835] bcachefs (loop0): going read-only [ 115.442114][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 115.450557][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 115.472241][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 115.484214][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 115.493020][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 115.519276][ T5835] bcachefs (loop0): shutdown complete umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555581698650) = 6056 ./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x555581698660, 24) = 0 [pid 6056] chdir("./19") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6056] write(1, "executing program\n", 18) = 18 [pid 6056] memfd_create("syzkaller", 0) = 3 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6056] munmap(0x7f2977400000, 138412032) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6056] close(3) = 0 [pid 6056] close(4) = 0 [pid 6056] mkdir("./file1", 0777) = 0 [ 116.998152][ T6056] loop0: detected capacity change from 0 to 32768 [ 117.072826][ T6056] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 117.092143][ T6056] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 117.100491][ T6056] bcachefs (loop0): Version upgrade required: [ 117.100491][ T6056] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 117.100491][ T6056] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 117.100491][ T6056] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 117.173432][ T6056] bcachefs (loop0): dropping and reconstructing all alloc info [ 117.190309][ T6056] bcachefs (loop0): check_topology... done [ 117.197165][ T6056] bcachefs (loop0): accounting_read... done [ 117.203657][ T6056] bcachefs (loop0): alloc_read... done [ 117.209497][ T6056] bcachefs (loop0): stripes_read... done [ 117.215446][ T6056] bcachefs (loop0): snapshots_read... done [pid 6056] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6056] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./file1") = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 6056] close(4) = 0 [ 117.221918][ T6056] bcachefs (loop0): check_allocations... done [ 117.243679][ T6056] bcachefs (loop0): going read-write [ 117.252791][ T6056] bcachefs (loop0): done starting filesystem [ 117.281645][ T6056] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 117.281667][ T6056] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 117.310435][ T6056] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6056] creat("./file0/file0", 000) = 4 [pid 6056] exit_group(0) = ? [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=34 /* 0.34 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 117.310455][ T6056] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 117.339498][ T6056] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 117.339521][ T6056] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 117.485160][ T5835] bcachefs (loop0): shutting down [ 117.490244][ T5835] bcachefs (loop0): going read-only [ 117.495893][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 117.503748][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 117.525019][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15 [ 117.536261][ T5835] bcachefs (loop0): unshutdown complete, journal seq 16 [ 117.544160][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 117.562274][ T5835] bcachefs (loop0): shutdown complete umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x555581698660, 24) = 0 [pid 6067] chdir("./20" [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6067 [pid 6067] <... chdir resumed>) = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6067] setpgid(0, 0) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6067] write(3, "1000", 4) = 4 [pid 6067] close(3) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6067] write(1, "executing program\n", 18executing program ) = 18 [pid 6067] memfd_create("syzkaller", 0) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6067] munmap(0x7f2977400000, 138412032) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6067] close(3) = 0 [pid 6067] close(4) = 0 [pid 6067] mkdir("./file1", 0777) = 0 [ 118.968968][ T6067] loop0: detected capacity change from 0 to 32768 [ 119.050251][ T6067] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 119.069145][ T6067] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 119.077789][ T6067] bcachefs (loop0): Version upgrade required: [ 119.077789][ T6067] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 119.077789][ T6067] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 119.077789][ T6067] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 119.151110][ T6067] bcachefs (loop0): dropping and reconstructing all alloc info [ 119.167915][ T6067] bcachefs (loop0): check_topology... done [ 119.174035][ T6067] bcachefs (loop0): accounting_read... done [ 119.180310][ T6067] bcachefs (loop0): alloc_read... done [ 119.186036][ T6067] bcachefs (loop0): stripes_read... done [ 119.191865][ T6067] bcachefs (loop0): snapshots_read... done [pid 6067] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6067] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./file1") = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_CLR_FD) = 0 [pid 6067] close(4) = 0 [ 119.197808][ T6067] bcachefs (loop0): check_allocations... done [ 119.218689][ T6067] bcachefs (loop0): going read-write [ 119.228593][ T6067] bcachefs (loop0): done starting filesystem [ 119.267079][ T6067] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 119.267104][ T6067] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 119.299564][ T6067] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6067] creat("./file0/file0", 000) = 4 [pid 6067] exit_group(0) = ? [pid 6067] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 119.299589][ T6067] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 119.327634][ T6067] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 119.327651][ T6067] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 119.462637][ T5835] bcachefs (loop0): shutting down [ 119.467706][ T5835] bcachefs (loop0): going read-only [ 119.473019][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 119.480536][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 119.501804][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15 [ 119.512787][ T5835] bcachefs (loop0): unshutdown complete, journal seq 16 [ 119.520384][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 119.539073][ T5835] bcachefs (loop0): shutdown complete umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x555581698660, 24) = 0 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6078 [pid 6078] chdir("./21") = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6078] write(1, "executing program\n", 18) = 18 [pid 6078] memfd_create("syzkaller", 0) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6078] munmap(0x7f2977400000, 138412032) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] close(4) = 0 [pid 6078] mkdir("./file1", 0777) = 0 [ 120.896692][ T6078] loop0: detected capacity change from 0 to 32768 [ 120.987763][ T6078] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 121.006749][ T6078] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 121.015008][ T6078] bcachefs (loop0): Version upgrade required: [ 121.015008][ T6078] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 121.015008][ T6078] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 121.015008][ T6078] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 121.088470][ T6078] bcachefs (loop0): dropping and reconstructing all alloc info [ 121.105721][ T6078] bcachefs (loop0): check_topology... done [ 121.111673][ T6078] bcachefs (loop0): accounting_read... done [ 121.118153][ T6078] bcachefs (loop0): alloc_read... done [ 121.123870][ T6078] bcachefs (loop0): stripes_read... done [ 121.129606][ T6078] bcachefs (loop0): snapshots_read... done [pid 6078] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6078] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./file1") = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_CLR_FD) = 0 [pid 6078] close(4) = 0 [ 121.135684][ T6078] bcachefs (loop0): check_allocations... done [ 121.155522][ T6078] bcachefs (loop0): going read-write [ 121.164109][ T6078] bcachefs (loop0): done starting filesystem [ 121.182864][ T6078] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 121.182888][ T6078] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 121.211026][ T6078] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 121.211047][ T6078] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 121.239021][ T6078] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6078] creat("./file0/file0", 000) = 4 [pid 6078] exit_group(0) = ? [pid 6078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6078, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=35 /* 0.35 s */} --- [ 121.239042][ T6078] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 121.400139][ T5835] bcachefs (loop0): shutting down [ 121.405589][ T5835] bcachefs (loop0): going read-only [ 121.410835][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 121.422550][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 121.448804][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 121.462308][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 121.470745][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 121.488337][ T5835] bcachefs (loop0): shutdown complete umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6089 attached [pid 6089] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6089 [pid 6089] <... set_robust_list resumed>) = 0 [pid 6089] chdir("./22") = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6089] setpgid(0, 0) = 0 [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6089] write(3, "1000", 4) = 4 [pid 6089] close(3) = 0 [pid 6089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6089] write(1, "executing program\n", 18executing program ) = 18 [pid 6089] memfd_create("syzkaller", 0) = 3 [pid 6089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6089] munmap(0x7f2977400000, 138412032) = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6089] close(3) = 0 [pid 6089] close(4) = 0 [pid 6089] mkdir("./file1", 0777) = 0 [ 122.819072][ T6089] loop0: detected capacity change from 0 to 32768 [ 122.893233][ T6089] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 122.912607][ T6089] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 122.920696][ T6089] bcachefs (loop0): Version upgrade required: [ 122.920696][ T6089] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 122.920696][ T6089] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 122.920696][ T6089] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 122.993931][ T6089] bcachefs (loop0): dropping and reconstructing all alloc info [ 123.010675][ T6089] bcachefs (loop0): check_topology... done [ 123.017316][ T6089] bcachefs (loop0): accounting_read... done [ 123.024583][ T6089] bcachefs (loop0): alloc_read... done [ 123.030300][ T6089] bcachefs (loop0): stripes_read... done [ 123.036337][ T6089] bcachefs (loop0): snapshots_read... done [pid 6089] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6089] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6089] chdir("./file1") = 0 [pid 6089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6089] ioctl(4, LOOP_CLR_FD) = 0 [ 123.042447][ T6089] bcachefs (loop0): check_allocations... done [ 123.063567][ T6089] bcachefs (loop0): going read-write [ 123.072369][ T6089] bcachefs (loop0): done starting filesystem [pid 6089] close(4) = 0 [ 123.141061][ T6089] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 123.141084][ T6089] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 123.169877][ T6089] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6089] creat("./file0/file0", 000) = 4 [pid 6089] exit_group(0) = ? [pid 6089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} --- [ 123.169900][ T6089] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 123.198431][ T6089] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 123.198448][ T6089] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 [ 123.380596][ T5835] bcachefs (loop0): shutting down [ 123.385894][ T5835] bcachefs (loop0): going read-only [ 123.391306][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 123.398824][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 123.420112][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 17 [ 123.432157][ T5835] bcachefs (loop0): unshutdown complete, journal seq 18 [ 123.439880][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 123.457790][ T5835] bcachefs (loop0): shutdown complete umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6100 attached [pid 6100] set_robust_list(0x555581698660, 24) = 0 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6100 [pid 6100] chdir("./23") = 0 [pid 6100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6100] setpgid(0, 0) = 0 [pid 6100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6100] write(3, "1000", 4) = 4 [pid 6100] close(3) = 0 [pid 6100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6100] write(1, "executing program\n", 18executing program ) = 18 [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6100] munmap(0x7f2977400000, 138412032) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(3) = 0 [pid 6100] close(4) = 0 [pid 6100] mkdir("./file1", 0777) = 0 [ 124.825711][ T6100] loop0: detected capacity change from 0 to 32768 [ 124.903930][ T6100] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 124.922871][ T6100] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 124.931250][ T6100] bcachefs (loop0): Version upgrade required: [ 124.931250][ T6100] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 124.931250][ T6100] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 124.931250][ T6100] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 125.003720][ T6100] bcachefs (loop0): dropping and reconstructing all alloc info [ 125.019912][ T6100] bcachefs (loop0): check_topology... done [ 125.026038][ T6100] bcachefs (loop0): accounting_read... done [ 125.032313][ T6100] bcachefs (loop0): alloc_read... done [ 125.037850][ T6100] bcachefs (loop0): stripes_read... done [ 125.043867][ T6100] bcachefs (loop0): snapshots_read... done [pid 6100] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./file1") = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_CLR_FD) = 0 [pid 6100] close(4) = 0 [ 125.050034][ T6100] bcachefs (loop0): check_allocations... done [ 125.070086][ T6100] bcachefs (loop0): going read-write [ 125.078501][ T6100] bcachefs (loop0): done starting filesystem [ 125.107744][ T6100] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 125.107769][ T6100] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 125.137307][ T6100] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6100] creat("./file0/file0", 000) = 4 [pid 6100] exit_group(0) = ? [pid 6100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6100, si_uid=0, si_status=0, si_utime=0, si_stime=39 /* 0.39 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.137328][ T6100] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 125.165801][ T6100] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 125.165819][ T6100] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 125.334089][ T5835] bcachefs (loop0): shutting down [ 125.339163][ T5835] bcachefs (loop0): going read-only [ 125.344699][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 125.352595][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 125.373285][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16 [ 125.384762][ T5835] bcachefs (loop0): unshutdown complete, journal seq 17 [ 125.392497][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 125.410139][ T5835] bcachefs (loop0): shutdown complete umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6111 [pid 6111] <... set_robust_list resumed>) = 0 [pid 6111] chdir("./24") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] write(1, "executing program\n", 18executing program ) = 18 [pid 6111] memfd_create("syzkaller", 0) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6111] munmap(0x7f2977400000, 138412032) = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6111] close(3) = 0 [pid 6111] close(4) = 0 [pid 6111] mkdir("./file1", 0777) = 0 [ 126.932998][ T6111] loop0: detected capacity change from 0 to 32768 [ 127.018423][ T6111] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 127.037119][ T6111] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 127.045302][ T6111] bcachefs (loop0): Version upgrade required: [ 127.045302][ T6111] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 127.045302][ T6111] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 127.045302][ T6111] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 127.117624][ T6111] bcachefs (loop0): dropping and reconstructing all alloc info [ 127.134462][ T6111] bcachefs (loop0): check_topology... done [ 127.140462][ T6111] bcachefs (loop0): accounting_read... done [ 127.147110][ T6111] bcachefs (loop0): alloc_read... done [ 127.152740][ T6111] bcachefs (loop0): stripes_read... done [ 127.158482][ T6111] bcachefs (loop0): snapshots_read... done [pid 6111] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6111] chdir("./file1") = 0 [ 127.164576][ T6111] bcachefs (loop0): check_allocations... done [ 127.184534][ T6111] bcachefs (loop0): going read-write [ 127.193202][ T6111] bcachefs (loop0): done starting filesystem [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6111] ioctl(4, LOOP_CLR_FD) = 0 [pid 6111] close(4) = 0 [ 127.264384][ T6111] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 127.264410][ T6111] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 127.293017][ T6111] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6111] creat("./file0/file0", 000) = 4 [pid 6111] exit_group(0) = ? [pid 6111] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 127.293037][ T6111] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 127.321000][ T6111] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 127.321021][ T6111] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 127.459059][ T5835] bcachefs (loop0): shutting down [ 127.464694][ T5835] bcachefs (loop0): going read-only [ 127.470073][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 127.477912][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 127.498931][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 127.510145][ T5835] bcachefs (loop0): unshutdown complete, journal seq 15 [ 127.518027][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 127.535867][ T5835] bcachefs (loop0): shutdown complete umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6122 attached [pid 6122] set_robust_list(0x555581698660, 24 [pid 5835] <... clone resumed>, child_tidptr=0x555581698650) = 6122 [pid 6122] <... set_robust_list resumed>) = 0 [pid 6122] chdir("./25") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6122] write(1, "executing program\n", 18) = 18 [pid 6122] memfd_create("syzkaller", 0) = 3 [pid 6122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6122] munmap(0x7f2977400000, 138412032) = 0 [pid 6122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6122] close(3) = 0 [pid 6122] close(4) = 0 [pid 6122] mkdir("./file1", 0777) = 0 [ 128.870641][ T6122] loop0: detected capacity change from 0 to 32768 [ 128.954495][ T6122] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 128.973113][ T6122] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 128.981526][ T6122] bcachefs (loop0): Version upgrade required: [ 128.981526][ T6122] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 128.981526][ T6122] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 128.981526][ T6122] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 129.054101][ T6122] bcachefs (loop0): dropping and reconstructing all alloc info [ 129.070560][ T6122] bcachefs (loop0): check_topology... done [ 129.076956][ T6122] bcachefs (loop0): accounting_read... done [ 129.083346][ T6122] bcachefs (loop0): alloc_read... done [ 129.088925][ T6122] bcachefs (loop0): stripes_read... done [ 129.094879][ T6122] bcachefs (loop0): snapshots_read... done [pid 6122] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6122] chdir("./file1") = 0 [ 129.101005][ T6122] bcachefs (loop0): check_allocations... done [ 129.121578][ T6122] bcachefs (loop0): going read-write [ 129.130193][ T6122] bcachefs (loop0): done starting filesystem [pid 6122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6122] ioctl(4, LOOP_CLR_FD) = 0 [pid 6122] close(4) = 0 [ 129.197090][ T6122] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 129.197115][ T6122] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 129.226714][ T6122] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6122] creat("./file0/file0", 000) = 4 [pid 6122] exit_group(0) = ? [pid 6122] +++ exited with 0 +++ [ 129.226747][ T6122] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 129.255214][ T6122] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 129.255232][ T6122] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=32 /* 0.32 s */} --- umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 129.448017][ T5835] bcachefs (loop0): shutting down [ 129.453275][ T5835] bcachefs (loop0): going read-only [ 129.458669][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 129.466486][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 129.487769][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15 [ 129.499340][ T5835] bcachefs (loop0): unshutdown complete, journal seq 16 [ 129.507251][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 129.524277][ T5835] bcachefs (loop0): shutdown complete umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x5555816a1730 /* 2 entries */, 32768) = 48 getdents64(4, 0x5555816a1730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x5555816996f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6133 attached , child_tidptr=0x555581698650) = 6133 [pid 6133] set_robust_list(0x555581698660, 24) = 0 [pid 6133] chdir("./26") = 0 [pid 6133] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6133] setpgid(0, 0) = 0 [pid 6133] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6133] write(3, "1000", 4) = 4 [pid 6133] close(3) = 0 [pid 6133] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6133] write(1, "executing program\n", 18executing program ) = 18 [pid 6133] memfd_create("syzkaller", 0) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2977400000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 6133] munmap(0x7f2977400000, 138412032) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] close(4) = 0 [pid 6133] mkdir("./file1", 0777) = 0 [ 130.926698][ T6133] loop0: detected capacity change from 0 to 32768 [ 131.021676][ T6133] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io [ 131.040761][ T6133] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 131.048941][ T6133] bcachefs (loop0): Version upgrade required: [ 131.048941][ T6133] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 131.048941][ T6133] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 131.048941][ T6133] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 131.121596][ T6133] bcachefs (loop0): dropping and reconstructing all alloc info [ 131.141776][ T6133] bcachefs (loop0): check_topology... done [ 131.147748][ T6133] bcachefs (loop0): accounting_read... done [ 131.154091][ T6133] bcachefs (loop0): alloc_read... done [ 131.159662][ T6133] bcachefs (loop0): stripes_read... done [ 131.165639][ T6133] bcachefs (loop0): snapshots_read... done [pid 6133] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0 [pid 6133] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./file1") = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_CLR_FD) = 0 [pid 6133] close(4) = 0 [ 131.171855][ T6133] bcachefs (loop0): check_allocations... done [ 131.192404][ T6133] bcachefs (loop0): going read-write [ 131.200817][ T6133] bcachefs (loop0): done starting filesystem [ 131.240844][ T6133] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 131.241112][ T6133] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 131.269615][ T6133] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [pid 6133] creat("./file0/file0", 000) = 4 [pid 6133] exit_group(0) = ? [pid 6133] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6133, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=36 /* 0.36 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 131.269639][ T6133] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing [ 131.297678][ T6133] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX [ 131.297701][ T6133] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:34:0 gen 0, continuing openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x5555816996f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 131.453271][ T5835] bcachefs (loop0): shutting down [ 131.458370][ T5835] bcachefs (loop0): going read-only [ 131.464315][ T5835] bcachefs (loop0): finished waiting for writes to stop [ 131.472170][ T5835] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12 [ 131.491329][ T5835] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13 [ 131.502534][ T5835] bcachefs (loop0): unshutdown complete, journal seq 14 [ 131.510130][ T5835] bcachefs (loop0): done going read-only, filesystem not clean [ 131.528261][ T5835] bcachefs (loop0): shutdown complete [ 132.224903][ T5835] ------------[ cut here ]------------ [ 132.232846][ T5835] kernel BUG at fs/bcachefs/btree_cache.c:594! [ 132.243390][ T5835] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 132.250484][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor123 Not tainted 6.12.0-rc6-syzkaller #0 [ 132.259871][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 132.269964][ T5835] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.276557][ T5835] Code: fd 90 0f 0b e8 dd 1e 84 fd 90 0f 0b e8 d5 1e 84 fd 90 0f 0b e8 cd 1e 84 fd 90 0f 0b e8 c5 1e 84 fd 90 0f 0b e8 bd 1e 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 132.296196][ T5835] RSP: 0018:ffffc90003db7b20 EFLAGS: 00010293 [ 132.302272][ T5835] RAX: ffffffff8410bb43 RBX: 0000000000000002 RCX: ffff88807a578000 [ 132.310437][ T5835] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 132.318433][ T5835] RBP: 1ffff11003e7b816 R08: ffffffff8410b1e7 R09: 1ffff1100db703b6 [ 132.326452][ T5835] R10: dffffc0000000000 R11: ffffed100db703b7 R12: ffff88806db81c78 [ 132.334462][ T5835] R13: ffff88806db80000 R14: 0000000000000000 R15: dffffc0000000000 [ 132.342466][ T5835] FS: 0000555581698380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 132.351404][ T5835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.358003][ T5835] CR2: 00007ffd31948a0c CR3: 0000000024748000 CR4: 00000000003526f0 [ 132.366548][ T5835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.374543][ T5835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.382737][ T5835] Call Trace: [ 132.386030][ T5835] [ 132.388981][ T5835] ? __die_body+0x5f/0xb0 [ 132.393321][ T5835] ? die+0x9e/0xc0 [ 132.397049][ T5835] ? do_trap+0x15a/0x3a0 [ 132.401333][ T5835] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.407246][ T5835] ? do_error_trap+0x1dc/0x2c0 [ 132.412035][ T5835] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.417948][ T5835] ? __pfx_do_error_trap+0x10/0x10 [ 132.423099][ T5835] ? report_bug+0x3e8/0x500 [ 132.427628][ T5835] ? handle_invalid_op+0x34/0x40 [ 132.432659][ T5835] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.438601][ T5835] ? exc_invalid_op+0x38/0x50 [ 132.443315][ T5835] ? asm_exc_invalid_op+0x1a/0x20 [ 132.448366][ T5835] ? bch2_fs_btree_cache_exit+0x7c7/0x1130 [ 132.454209][ T5835] ? bch2_fs_btree_cache_exit+0x1123/0x1130 [ 132.460136][ T5835] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.466048][ T5835] bch2_fs_release+0x20e/0x7d0 [ 132.470822][ T5835] ? kobject_put+0x44d/0x480 [ 132.475423][ T5835] kobject_put+0x22f/0x480 [ 132.479932][ T5835] deactivate_locked_super+0xc4/0x130 [ 132.485322][ T5835] cleanup_mnt+0x41f/0x4b0 [ 132.489915][ T5835] ? lockdep_hardirqs_on+0x99/0x150 [ 132.495208][ T5835] task_work_run+0x24f/0x310 [ 132.499817][ T5835] ? __pfx_task_work_run+0x10/0x10 [ 132.505030][ T5835] ? path_umount+0x284/0xf70 [ 132.509629][ T5835] ptrace_notify+0x2d2/0x380 [ 132.514224][ T5835] ? __pfx_path_umount+0x10/0x10 [ 132.519172][ T5835] ? __pfx_ptrace_notify+0x10/0x10 [ 132.524304][ T5835] ? __x64_sys_umount+0x123/0x170 [ 132.529340][ T5835] ? __pfx___x64_sys_umount+0x10/0x10 [ 132.534734][ T5835] syscall_exit_work+0xc6/0x190 [ 132.539704][ T5835] syscall_exit_to_user_mode+0x279/0x370 [ 132.545358][ T5835] do_syscall_64+0x100/0x230 [ 132.549961][ T5835] ? clear_bhb_loop+0x35/0x90 [ 132.554672][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.560577][ T5835] RIP: 0033:0x7f297f9174c7 [ 132.565037][ T5835] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 132.584748][ T5835] RSP: 002b:00007ffd319489f8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 132.593187][ T5835] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f297f9174c7 [ 132.601164][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd31948ab0 [ 132.609156][ T5835] RBP: 00007ffd31948ab0 R08: 0000000000000000 R09: 0000000000000000 [ 132.617167][ T5835] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd31949b20 [ 132.625145][ T5835] R13: 00005555816996c0 R14: 431bde82d7b634db R15: 00007ffd31949b40 [ 132.633130][ T5835] [ 132.636164][ T5835] Modules linked in: [ 132.640663][ T5835] ---[ end trace 0000000000000000 ]--- [ 132.646383][ T5835] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130 [ 132.653085][ T5835] Code: fd 90 0f 0b e8 dd 1e 84 fd 90 0f 0b e8 d5 1e 84 fd 90 0f 0b e8 cd 1e 84 fd 90 0f 0b e8 c5 1e 84 fd 90 0f 0b e8 bd 1e 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 132.675889][ T5835] RSP: 0018:ffffc90003db7b20 EFLAGS: 00010293 [ 132.682032][ T5835] RAX: ffffffff8410bb43 RBX: 0000000000000002 RCX: ffff88807a578000 [ 132.690039][ T5835] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 132.698125][ T5835] RBP: 1ffff11003e7b816 R08: ffffffff8410b1e7 R09: 1ffff1100db703b6 [ 132.706165][ T5835] R10: dffffc0000000000 R11: ffffed100db703b7 R12: ffff88806db81c78 [ 132.714223][ T5835] R13: ffff88806db80000 R14: 0000000000000000 R15: dffffc0000000000 [ 132.722524][ T5835] FS: 0000555581698380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 132.731626][ T5835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 132.738265][ T5835] CR2: 00007ffd31948a0c CR3: 0000000024748000 CR4: 00000000003526f0 [ 132.746310][ T5835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 132.754370][ T5835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 132.762493][ T5835] Kernel panic - not syncing: Fatal exception [ 132.769011][ T5835] Kernel Offset: disabled [ 132.773367][ T5835] Rebooting in 86400 seconds..