./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3886684874 <...> [ 99.267105][ T978] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.249' (ED25519) to the list of known hosts. execve("./syz-executor3886684874", ["./syz-executor3886684874"], 0x7ffebad4d5f0 /* 10 vars */) = 0 brk(NULL) = 0x5555655a3000 brk(0x5555655a3d40) = 0x5555655a3d40 arch_prctl(ARCH_SET_FS, 0x5555655a33c0) = 0 set_tid_address(0x5555655a3690) = 5828 set_robust_list(0x5555655a36a0, 24) = 0 rseq(0x5555655a3ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3886684874", 4096) = 28 getrandom("\x98\x38\xd2\x1a\x25\x34\x2e\xf6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555655a3d40 brk(0x5555655c4d40) = 0x5555655c4d40 brk(0x5555655c5000) = 0x5555655c5000 mprotect(0x7f2e8042a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached , child_tidptr=0x5555655a3690) = 5831 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] set_robust_list(0x5555655a36a0, 24) = 0 [pid 5831] mkdir("./syzkaller.237LcE", 0700./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x5555655a36a0, 24 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555655a3690) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5831] chmod("./syzkaller.237LcE", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] mkdir("./syzkaller.MZr6MI", 0700) = 0 [pid 5831] <... chmod resumed>) = 0 [pid 5832] chmod("./syzkaller.MZr6MI", 0777./strace-static-x86_64: Process 5833 attached ) = 0 [pid 5831] chdir("./syzkaller.237LcE" [pid 5832] chdir("./syzkaller.MZr6MI" [pid 5828] <... clone resumed>, child_tidptr=0x5555655a3690) = 5833 [pid 5833] set_robust_list(0x5555655a36a0, 24 [pid 5831] <... chdir resumed>) = 0 [pid 5832] <... chdir resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] <... set_robust_list resumed>) = 0 [pid 5832] mkdir("./0", 0777 [pid 5831] mkdir("./0", 0777 [pid 5832] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5833] mkdir("./syzkaller.5FIqFZ", 0700 [pid 5831] <... mkdir resumed>) = 0 [pid 5834] set_robust_list(0x5555655a36a0, 24 [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5834] <... set_robust_list resumed>) = 0 [pid 5832] <... openat resumed>) = 3 [pid 5828] <... clone resumed>, child_tidptr=0x5555655a3690) = 5834 [pid 5834] mkdir("./syzkaller.DSVPUb", 0700 [pid 5832] ioctl(3, LOOP_CLR_FD [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] <... mkdir resumed>) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(3./strace-static-x86_64: Process 5835 attached [pid 5834] chmod("./syzkaller.DSVPUb", 0777 [pid 5833] chmod("./syzkaller.5FIqFZ", 0777 [pid 5831] <... openat resumed>) = 3 [pid 5832] <... close resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x5555655a3690) = 5835 [pid 5835] set_robust_list(0x5555655a36a0, 24 [pid 5834] <... chmod resumed>) = 0 [pid 5833] <... chmod resumed>) = 0 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5833] chdir("./syzkaller.5FIqFZ" [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] chdir("./syzkaller.DSVPUb" [pid 5833] <... chdir resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5836 attached [pid 5836] set_robust_list(0x5555655a36a0, 24 [pid 5834] <... chdir resumed>) = 0 [pid 5835] mkdir("./syzkaller.yWvmpj", 0700 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5835] <... mkdir resumed>) = 0 [pid 5834] mkdir("./0", 0777 [pid 5833] mkdir("./0", 0777 [pid 5831] close(3 [pid 5836] chdir("./0") = 0 [pid 5831] <... close resumed>) = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] <... mkdir resumed>) = 0 [pid 5832] <... clone resumed>, child_tidptr=0x5555655a3690) = 5836 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5836] setpgid(0, 0 [pid 5835] chmod("./syzkaller.yWvmpj", 0777 [pid 5836] <... setpgid resumed>) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] <... mkdir resumed>) = 0 [pid 5835] <... chmod resumed>) = 0 [pid 5836] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5837 attached [pid 5835] chdir("./syzkaller.yWvmpj" [pid 5834] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5835] <... chdir resumed>) = 0 [pid 5835] mkdir("./0", 0777 [pid 5833] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5836] write(3, "1000", 4 [pid 5833] <... openat resumed>) = 3 [pid 5836] <... write resumed>) = 4 [pid 5835] <... mkdir resumed>) = 0 [pid 5834] <... openat resumed>) = 3 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5837] set_robust_list(0x5555655a36a0, 24 [pid 5834] ioctl(3, LOOP_CLR_FD [pid 5837] <... set_robust_list resumed>) = 0 [pid 5834] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5833] ioctl(3, LOOP_CLR_FD [pid 5837] chdir("./0" [pid 5834] close(3 [pid 5833] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... clone resumed>, child_tidptr=0x5555655a3690) = 5837 [pid 5837] <... chdir resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] <... symlink resumed>) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 5833] close(3 [pid 5837] setpgid(0, 0 [pid 5836] write(1, "executing program\n", 18 [pid 5835] <... openat resumed>) = 3 [pid 5833] <... close resumed>) = 0 [pid 5836] <... write resumed>) = 18 [pid 5833] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached [pid 5836] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] ioctl(3, LOOP_CLR_FD [pid 5836] <... futex resumed>) = 0 [pid 5835] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7f2e803bf060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e803b0210}, [pid 5835] close(3 [pid 5836] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5835] <... close resumed>) = 0 [pid 5835] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached [pid 5837] <... setpgid resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5834] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5838] set_robust_list(0x5555655a36a0, 24 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e8032d000 [pid 5833] <... clone resumed>, child_tidptr=0x5555655a3690) = 5838 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5836] mprotect(0x7f2e8032e000, 131072, PROT_READ|PROT_WRITE [pid 5838] chdir("./0" [pid 5836] <... mprotect resumed>) = 0 [pid 5838] <... chdir resumed>) = 0 [pid 5837] <... openat resumed>) = 3 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5837] write(3, "1000", 4./strace-static-x86_64: Process 5840 attached [pid 5839] set_robust_list(0x5555655a36a0, 24 [pid 5838] <... prctl resumed>) = 0 [pid 5837] <... write resumed>) = 4 [pid 5836] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5834] <... clone resumed>, child_tidptr=0x5555655a3690) = 5840 [pid 5840] set_robust_list(0x5555655a36a0, 24 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5838] setpgid(0, 0 [pid 5837] close(3 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e8034d990, parent_tid=0x7f2e8034d990, exit_signal=0, stack=0x7f2e8032d000, stack_size=0x20300, tls=0x7f2e8034d6c0} [pid 5835] <... clone resumed>, child_tidptr=0x5555655a3690) = 5839 [pid 5839] chdir("./0" [pid 5838] <... setpgid resumed>) = 0 [pid 5837] <... close resumed>) = 0 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5837] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5841 attached [pid 5840] chdir("./0" [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5841] rseq(0x7f2e8034dfe0, 0x20, 0, 0x53053053) = 0 [pid 5838] <... openat resumed>) = 3 [pid 5836] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5841] set_robust_list(0x7f2e8034d9a0, 24) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... prctl resumed>) = 0 [pid 5838] write(3, "1000", 4 [pid 5837] <... symlink resumed>) = 0 [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... chdir resumed>) = 0 [pid 5839] setpgid(0, 0 [pid 5838] <... write resumed>) = 4 [pid 5836] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5839] <... setpgid resumed>) = 0 [pid 5838] close(3 [pid 5836] <... futex resumed>) = 0 [pid 5841] memfd_create("syzkaller", 0 [pid 5838] <... close resumed>) = 0 [pid 5836] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 5840] <... prctl resumed>) = 0 [pid 5837] write(1, "executing program\n", 18 [pid 5840] setpgid(0, 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5838] symlink("/dev/binderfs", "./binderfs" [pid 5837] <... write resumed>) = 18 [pid 5841] <... memfd_create resumed>) = 3 [pid 5840] <... setpgid resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5838] <... symlink resumed>) = 0 [pid 5841] <... mmap resumed>) = 0x7f2e77e00000 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5839] write(3, "1000", 4 [pid 5837] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... write resumed>) = 4 [pid 5837] <... futex resumed>) = 0 [pid 5839] close(3 [pid 5837] rt_sigaction(SIGRT_1, {sa_handler=0x7f2e803bf060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e803b0210}, [pid 5839] <... close resumed>) = 0 [pid 5837] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs" [pid 5840] <... openat resumed>) = 3 [pid 5839] <... symlink resumed>) = 0 [pid 5837] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], executing program [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 executing program [pid 5838] rt_sigaction(SIGRT_1, {sa_handler=0x7f2e803bf060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e803b0210}, [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] write(1, "executing program\n", 18 [pid 5840] write(3, "1000", 4 [pid 5839] <... write resumed>) = 18 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5839] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5837] <... mmap resumed>) = 0x7f2e8032d000 [pid 5840] <... write resumed>) = 4 [pid 5837] mprotect(0x7f2e8032e000, 131072, PROT_READ|PROT_WRITE [pid 5840] close(3 [pid 5839] <... futex resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5840] <... close resumed>) = 0 [pid 5839] rt_sigaction(SIGRT_1, {sa_handler=0x7f2e803bf060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e803b0210}, [pid 5838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5837] <... mprotect resumed>) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs" [pid 5839] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5838] <... mmap resumed>) = 0x7f2e8032d000 [pid 5838] mprotect(0x7f2e8032e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] <... symlink resumed>) = 0 [pid 5839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5838] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e8034d990, parent_tid=0x7f2e8034d990, exit_signal=0, stack=0x7f2e8032d000, stack_size=0x20300, tls=0x7f2e8034d6c0} [pid 5837] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 5843 attached [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 5840] write(1, "executing program\n", 18 [pid 5839] <... mmap resumed>) = 0x7f2e8032d000 [pid 5838] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5837] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5840] <... write resumed>) = 18 [pid 5839] mprotect(0x7f2e8032e000, 131072, PROT_READ|PROT_WRITE [pid 5843] rseq(0x7f2e8034dfe0, 0x20, 0, 0x53053053 [pid 5840] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... mprotect resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e8034d990, parent_tid=0x7f2e8034d990, exit_signal=0, stack=0x7f2e8032d000, stack_size=0x20300, tls=0x7f2e8034d6c0} [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5844 attached [pid 5843] <... rseq resumed>) = 0 [pid 5838] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5844] rseq(0x7f2e8034dfe0, 0x20, 0, 0x53053053 [pid 5843] set_robust_list(0x7f2e8034d9a0, 24) = 0 [pid 5844] <... rseq resumed>) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... futex resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5837] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5844] set_robust_list(0x7f2e8034d9a0, 24 [pid 5840] rt_sigaction(SIGRT_1, {sa_handler=0x7f2e803bf060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e803b0210}, [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e8034d990, parent_tid=0x7f2e8034d990, exit_signal=0, stack=0x7f2e8032d000, stack_size=0x20300, tls=0x7f2e8034d6c0} [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... set_robust_list resumed>) = 0 [pid 5840] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 5845 attached [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] memfd_create("syzkaller", 0 [pid 5840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] rseq(0x7f2e8034dfe0, 0x20, 0, 0x53053053 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] <... clone3 resumed> => {parent_tid=[5845]}, 88) = 5845 [pid 5837] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... rseq resumed>) = 0 [pid 5845] set_robust_list(0x7f2e8034d9a0, 24 [pid 5844] memfd_create("syzkaller", 0 [pid 5843] <... memfd_create resumed>) = 3 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] <... futex resumed>) = 0 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... mmap resumed>) = 0x7f2e8032d000 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5845] <... set_robust_list resumed>) = 0 [pid 5843] <... mmap resumed>) = 0x7f2e77e00000 [pid 5840] mprotect(0x7f2e8032e000, 131072, PROT_READ|PROT_WRITE [pid 5839] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... memfd_create resumed>) = 3 [pid 5840] <... mprotect resumed>) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5845] memfd_create("syzkaller", 0 [pid 5844] <... mmap resumed>) = 0x7f2e77e00000 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5839] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e8034d990, parent_tid=0x7f2e8034d990, exit_signal=0, stack=0x7f2e8032d000, stack_size=0x20300, tls=0x7f2e8034d6c0}./strace-static-x86_64: Process 5846 attached => {parent_tid=[5846]}, 88) = 5846 [pid 5846] rseq(0x7f2e8034dfe0, 0x20, 0, 0x53053053 [pid 5845] <... memfd_create resumed>) = 3 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5846] <... rseq resumed>) = 0 [pid 5845] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] set_robust_list(0x7f2e8034d9a0, 24 [pid 5840] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... set_robust_list resumed>) = 0 [pid 5845] <... mmap resumed>) = 0x7f2e77e00000 [pid 5840] <... futex resumed>) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2e77e00000 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5845] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5843] <... write resumed>) = 16777216 [pid 5843] munmap(0x7f2e77e00000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [ 102.262470][ T5843] loop2: detected capacity change from 0 to 32768 [pid 5843] mkdir("./file0", 0777) = 0 [pid 5843] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_POSIXACL|MS_STRICTATIME, "errors=fix_safe,version_upgrade=none,noexcl,shard_inode_numbers," [pid 5841] <... write resumed>) = 16777216 [ 102.317142][ T5843] ======================================================= [ 102.317142][ T5843] WARNING: The mand mount option has been deprecated and [ 102.317142][ T5843] and is ignored by this kernel. Remove the mand [ 102.317142][ T5843] option from the mount to silence this warning. [ 102.317142][ T5843] ======================================================= [pid 5841] munmap(0x7f2e77e00000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5844] <... write resumed>) = 16777216 [pid 5841] ioctl(4, LOOP_SET_FD, 3 [pid 5844] munmap(0x7f2e77e00000, 138412032 [pid 5846] <... write resumed>) = 16777216 [pid 5846] munmap(0x7f2e77e00000, 138412032 [pid 5844] <... munmap resumed>) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5846] <... munmap resumed>) = 0 [pid 5845] <... write resumed>) = 16777216 [pid 5841] <... ioctl resumed>) = 0 [pid 5845] munmap(0x7f2e77e00000, 138412032 [pid 5841] close(3 [pid 5844] <... openat resumed>) = 4 [pid 5841] <... close resumed>) = 0 [pid 5841] close(4 [ 102.431847][ T5841] loop1: detected capacity change from 0 to 32768 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5841] <... close resumed>) = 0 [pid 5841] mkdir("./file0", 0777) = 0 [pid 5845] <... munmap resumed>) = 0 [pid 5845] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5844] <... ioctl resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5845] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3 [pid 5846] <... openat resumed>) = 4 [pid 5841] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_POSIXACL|MS_STRICTATIME, "errors=fix_safe,version_upgrade=none,noexcl,shard_inode_numbers," [pid 5846] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... close resumed>) = 0 [ 102.472225][ T5844] loop0: detected capacity change from 0 to 32768 [ 102.496120][ T5845] loop4: detected capacity change from 0 to 32768 [pid 5845] close(3 [pid 5844] close(4 [pid 5845] <... close resumed>) = 0 [pid 5845] close(4) = 0 [ 102.522683][ T5846] loop3: detected capacity change from 0 to 32768 [ 102.528453][ T5843] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [ 102.552434][ T5843] allowing incompatible features above 0.0: (unknown version) [pid 5845] mkdir("./file0", 0777) = 0 [pid 5846] <... ioctl resumed>) = 0 [pid 5844] <... close resumed>) = 0 [pid 5844] mkdir("./file0", 0777 [pid 5845] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_POSIXACL|MS_STRICTATIME, "errors=fix_safe,version_upgrade=none,noexcl,shard_inode_numbers," [pid 5844] <... mkdir resumed>) = 0 [pid 5844] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_POSIXACL|MS_STRICTATIME, "errors=fix_safe,version_upgrade=none,noexcl,shard_inode_numbers," [pid 5846] close(3) = 0 [pid 5846] close(4) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [ 102.560245][ T5843] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 102.578976][ T5843] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 102.588931][ T5843] bcachefs (loop2): recovering from clean shutdown, journal seq 13 [ 102.717607][ T5843] bcachefs (loop2): accounting_read... done [ 102.741071][ T5843] bcachefs (loop2): alloc_read... done [ 102.754283][ T5843] bcachefs (loop2): snapshots_read... done [ 102.798942][ T5841] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [pid 5846] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_SYNCHRONOUS|MS_MANDLOCK|MS_POSIXACL|MS_STRICTATIME, "errors=fix_safe,version_upgrade=none,noexcl,shard_inode_numbers," [pid 5843] <... mount resumed>) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... futex resumed>) = 0 [pid 5838] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] mount(NULL, ".", NULL, MS_NODEV|MS_REMOUNT|MS_MOVE|MS_POSIXACL|MS_LAZYTIME, NULL [ 102.798973][ T5841] allowing incompatible features above 0.0: (unknown version) [ 102.798984][ T5841] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [pid 5838] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5844] <... mount resumed>) = 0 [ 102.840180][ T5843] bcachefs (loop2): journal_replay... done [ 102.851147][ T5843] bcachefs (loop2): resume_logged_ops... done [pid 5844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 102.854228][ T5843] bcachefs (loop2): delete_dead_inodes... done [ 102.869812][ T5843] bcachefs (loop2): done starting filesystem [ 102.871074][ T5844] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [ 102.871099][ T5844] allowing incompatible features above 0.0: (unknown version) [pid 5844] chdir("./file0") = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 102.871113][ T5844] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 102.871144][ T5844] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 102.871260][ T5844] bcachefs (loop0): recovering from clean shutdown, journal seq 13 [ 102.916203][ T5843] bcachefs (loop2): going read-write [ 102.964670][ T5844] bcachefs (loop0): accounting_read... done [ 102.992242][ T5844] bcachefs (loop0): alloc_read... [ 102.992844][ T5845] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [ 102.992869][ T5845] allowing incompatible features above 0.0: (unknown version) [ 102.992882][ T5845] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 102.992912][ T5845] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 102.993040][ T5845] bcachefs (loop4): recovering from clean shutdown, journal seq 13 [ 102.993140][ T5844] done [ 102.993151][ T5844] bcachefs (loop0): snapshots_read... done [ 103.000808][ T5844] bcachefs (loop0): journal_replay... done [ 103.005063][ T5844] bcachefs (loop0): resume_logged_ops... done [ 103.005951][ T5844] bcachefs (loop0): delete_dead_inodes... done [ 103.008285][ T5844] bcachefs (loop0): done starting filesystem [ 103.054293][ T5846] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [pid 5844] ioctl(4, LOOP_CLR_FD) = 0 [pid 5844] close(4) = 0 [pid 5844] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5837] <... futex resumed>) = 0 [ 103.057516][ T5841] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 103.063165][ T5846] allowing incompatible features above 0.0: (unknown version) [ 103.125951][ T5841] bcachefs (loop1): recovering from clean shutdown, journal seq 13 [ 103.131191][ T5846] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [pid 5837] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5837] <... futex resumed>) = 1 [ 103.188075][ T5845] bcachefs (loop4): accounting_read... [ 103.304857][ T5841] bcachefs (loop1): accounting_read... [ 103.311692][ T5846] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 103.327185][ T5846] bcachefs (loop3): recovering from clean shutdown, journal seq 13 [ 103.339120][ T5841] done [ 103.341946][ T5841] bcachefs (loop1): alloc_read... done [pid 5844] mount(NULL, ".", NULL, MS_NODEV|MS_REMOUNT|MS_MOVE|MS_POSIXACL|MS_LAZYTIME, NULL [ 103.349124][ T5841] bcachefs (loop1): snapshots_read... done [ 103.352080][ T5844] bcachefs (loop0): going read-write [ 103.361917][ T5841] bcachefs (loop1): journal_replay... done [ 103.371959][ T5866] bcachefs (loop2): backpointer doesn't match extent it points to: [ 103.372013][ T5866] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX [pid 5837] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... mount resumed>) = 0 [pid 5837] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5843] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 103.372031][ T5866] u64s 8 type extent 1073741825:24:U32_MAX len 24 ver 2: durability: 1 crc: c_size 8 size 24 offset 0 nonce 0 csum chacha20_poly1305_80 5c1d:75853c64f7009f9d compress lz4 ptr: 0:34:8 gen 0 [ 103.372052][ T5866] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX, fixing [ 103.374942][ T5841] bcachefs (loop1): resume_logged_ops... [pid 5838] exit_group(0 [pid 5845] <... mount resumed>) = 0 [pid 5843] <... futex resumed>) = ? [pid 5841] <... mount resumed>) = 0 [pid 5838] <... exit_group resumed>) = ? [pid 5843] +++ exited with 0 +++ [pid 5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5845] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5841] <... openat resumed>) = 3 [pid 5838] +++ exited with 0 +++ [pid 5845] <... openat resumed>) = 3 [pid 5841] chdir("./file0" [pid 5845] chdir("./file0" [pid 5841] <... chdir resumed>) = 0 [pid 5833] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=43 /* 0.43 s */} --- [pid 5845] <... chdir resumed>) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5833] restart_syscall(<... resuming interrupted clone ...> [pid 5845] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5841] <... openat resumed>) = 4 [pid 5833] <... restart_syscall resumed>) = 0 [pid 5845] <... openat resumed>) = 4 [pid 5841] ioctl(4, LOOP_CLR_FD [pid 5845] ioctl(4, LOOP_CLR_FD [pid 5841] <... ioctl resumed>) = 0 [pid 5845] <... ioctl resumed>) = 0 [pid 5841] close(4 [pid 5833] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5845] close(4 [pid 5841] <... close resumed>) = 0 [pid 5833] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5845] <... close resumed>) = 0 [pid 5841] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5845] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5833] <... openat resumed>) = 3 [pid 5845] <... futex resumed>) = 1 [pid 5841] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] newfstatat(3, "", [pid 5845] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5833] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5841] mount(NULL, ".", NULL, MS_NODEV|MS_REMOUNT|MS_MOVE|MS_POSIXACL|MS_LAZYTIME, NULL [pid 5836] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5833] getdents64(3, [pid 5839] <... futex resumed>) = 0 [pid 5833] <... getdents64 resumed>0x5555655a4730 /* 4 entries */, 32768) = 112 [pid 5833] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5839] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [ 103.452566][ T5866] bcachefs (loop2): Detected missing backpointers in bucket 34, now have 1/128 with missing [ 103.452642][ T5866] scheduling recovery pass check_extents_to_backpointers (17) [ 103.465503][ T5845] done [pid 5845] mount(NULL, ".", NULL, MS_NODEV|MS_REMOUNT|MS_MOVE|MS_POSIXACL|MS_LAZYTIME, NULL [ 103.465525][ T5845] bcachefs (loop4): alloc_read... done [ 103.475216][ T5845] bcachefs (loop4): snapshots_read... done [ 103.484030][ T5845] bcachefs (loop4): journal_replay... done [ 103.487743][ T5845] bcachefs (loop4): resume_logged_ops... done [ 103.493371][ T5845] bcachefs (loop4): delete_dead_inodes... [ 103.498635][ T5846] bcachefs (loop3): accounting_read... [ 103.499832][ T5845] done [ 103.501887][ T5841] done [ 103.501903][ T5841] bcachefs (loop1): delete_dead_inodes... [pid 5839] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 103.502916][ T5845] bcachefs (loop4): done starting filesystem [ 103.508848][ T5841] done [ 103.510348][ T5841] bcachefs (loop1): done starting filesystem [ 103.547701][ T5841] bcachefs (loop1): going read-write [ 103.567044][ T5846] done [ 103.567066][ T5846] bcachefs (loop3): alloc_read... done [ 103.567997][ T5846] bcachefs (loop3): snapshots_read... done [ 103.579940][ T5846] bcachefs (loop3): journal_replay... done [ 103.581975][ T5846] bcachefs (loop3): resume_logged_ops... [ 103.589614][ T5845] bcachefs (loop4): going read-write [pid 5846] <... mount resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5844] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5844] <... futex resumed>) = 0 [pid 5837] exit_group(0 [pid 5846] <... openat resumed>) = 3 [pid 5837] <... exit_group resumed>) = ? [ 103.718127][ T5880] bcachefs (loop0): backpointer doesn't match extent it points to: [ 103.718154][ T5880] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX [ 103.718172][ T5880] u64s 8 type extent 1073741825:24:U32_MAX len 24 ver 2: durability: 1 crc: c_size 8 size 24 offset 0 nonce 0 csum chacha20_poly1305_80 5c1d:75853c64f7009f9d compress lz4 ptr: 0:34:8 gen 0 [pid 5846] chdir("./file0" [pid 5844] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=41 /* 0.41 s */} --- [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x5555655a4730 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] <... chdir resumed>) = 0 [pid 5841] <... mount resumed>) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 103.718192][ T5880] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX, fixing [ 103.726395][ T5846] done [ 103.726419][ T5846] bcachefs (loop3): delete_dead_inodes... done [ 103.736760][ T5846] bcachefs (loop3): done starting filesystem [ 103.760091][ T5884] bcachefs (loop1): backpointer doesn't match extent it points to: [ 103.797536][ T5880] bcachefs (loop0): Detected missing backpointers in bucket 34, now have 1/128 with missing [ 103.853048][ T5833] bcachefs (loop2): shutting down [pid 5841] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... openat resumed>) = 4 [pid 5841] <... futex resumed>) = 0 [pid 5836] exit_group(0 [pid 5846] ioctl(4, LOOP_CLR_FD [pid 5836] <... exit_group resumed>) = ? [pid 5841] +++ exited with 0 +++ [ 103.860462][ T5833] bcachefs (loop2): going read-only [ 103.866758][ T5884] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX [ 103.871424][ T5833] bcachefs (loop2): finished waiting for writes to stop [pid 5846] <... ioctl resumed>) = 0 [pid 5836] +++ exited with 0 +++ [pid 5846] close(4 [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=11 /* 0.11 s */, si_stime=54 /* 0.54 s */} --- [pid 5846] <... close resumed>) = 0 [pid 5846] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5846] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5832] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] getdents64(3, 0x5555655a4730 /* 4 entries */, 32768) = 112 [pid 5832] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f2e804306a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5846] mount(NULL, ".", NULL, MS_NODEV|MS_REMOUNT|MS_MOVE|MS_POSIXACL|MS_LAZYTIME, NULL [ 103.892751][ T5884] u64s 8 type extent 1073741825:24:U32_MAX len 24 ver 2: durability: 1 crc: c_size 8 size 24 offset 0 nonce 0 csum chacha20_poly1305_80 5c1d:75853c64f7009f9d compress lz4 ptr: 0:34:8 gen 0 [ 103.895693][ T5831] bcachefs (loop0): shutting down [ 103.918657][ T5831] bcachefs (loop0): going read-only [ 103.924411][ T5880] scheduling recovery pass check_extents_to_backpointers (17) [ 103.933992][ T5833] bcachefs (loop2): flushing journal and stopping allocators, journal seq 14 [ 103.934429][ T5846] bcachefs (loop3): going read-write [ 103.946608][ T5832] bcachefs (loop1): shutting down [ 103.953371][ T5832] bcachefs (loop1): going read-only [pid 5840] futex(0x7f2e804306ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 103.959673][ T5831] bcachefs (loop0): finished waiting for writes to stop [ 103.967971][ T5832] bcachefs (loop1): finished waiting for writes to stop [ 103.975764][ T5833] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 14 [ 103.987555][ T5831] bcachefs (loop0): flushing journal and stopping allocators, journal seq 15 [ 103.999198][ T5831] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15 [ 104.012624][ T5884] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX, fixing [ 104.029532][ T5831] bcachefs (loop0): clean shutdown complete, journal seq 16 [ 104.037023][ T5833] bcachefs (loop2): clean shutdown complete, journal seq 15 [ 104.046544][ T5831] bcachefs (loop0): marking filesystem clean [pid 5839] exit_group(0) = ? [ 104.065440][ T5833] bcachefs (loop2): marking filesystem clean [ 104.081608][ T5845] workqueue: Failed to create a rescuer kthread for wq "bcachefs_journal": -EINTR [ 104.082863][ T5845] bcachefs (loop4): flushing journal and stopping allocators, journal seq 13 [pid 5846] <... mount resumed>) = 0 [pid 5846] futex(0x7f2e804306ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.108267][ T5832] bcachefs (loop1): flushing journal and stopping allocators, journal seq 13 [ 104.114617][ T5845] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 13 [ 104.127282][ T5832] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 13 [ 104.143547][ T5901] bcachefs (loop3): backpointer doesn't match extent it points to: [pid 5846] futex(0x7f2e804306a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] exit_group(0 [pid 5846] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [ 104.143568][ T5901] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX [ 104.143588][ T5901] u64s 8 type extent 1073741825:24:U32_MAX len 24 ver 2: durability: 1 crc: c_size 8 size 24 offset 0 nonce 0 csum chacha20_poly1305_80 5c1d:75853c64f7009f9d compress lz4 ptr: 0:34:8 gen 0 [ 104.143609][ T5901] u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:8 btree=extents level=0 data_type=user suboffset=0 len=8 gen=0 pos=1073741825:24:U32_MAX, fixing [ 104.144531][ T5845] ------------[ cut here ]------------ [ 104.209731][ T5845] kernel BUG at fs/bcachefs/journal.c:397! [pid 5846] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ [ 104.215961][ T5845] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 104.218750][ T5832] bcachefs (loop1): clean shutdown complete, journal seq 14 [ 104.222284][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor388 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) [ 104.242070][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.252141][ T5845] RIP: 0010:__journal_res_get+0x25cd/0x27f0 [ 104.258092][ T5845] Code: ff ff e9 2b db ff ff e8 01 7c 7e fd 41 be eb f6 ff ff e9 1b db ff ff e8 11 58 1d 07 e8 ec 7b 7e fd 90 0f 0b e8 e4 7b 7e fd 90 <0f> 0b e8 dc 7b 7e fd 90 0f 0b e8 d4 7b 7e fd 90 0f 0b e8 cc 7b 7e [ 104.277821][ T5845] RSP: 0018:ffffc900044af4c0 EFLAGS: 00010293 [ 104.284185][ T5845] RAX: ffffffff8441cf5c RBX: 1ffff1100dda951b RCX: ffff888011a10000 [ 104.292170][ T5845] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 104.300248][ T5845] RBP: ffffc900044af790 R08: ffff88806ed4a9f7 R09: 1ffff1100dda953e [ 104.308228][ T5845] R10: dffffc0000000000 R11: ffffed100dda953f R12: ffff88806ed49800 [ 104.316211][ T5845] R13: 1ffff1100dda953e R14: 0000000000000002 R15: 00000000007ffffe [ 104.324200][ T5845] FS: 00007f2e8034d6c0(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 104.333137][ T5845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.339727][ T5845] CR2: 00007f2e803ec758 CR3: 0000000074850000 CR4: 00000000003526f0 [ 104.347711][ T5845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 104.355729][ T5845] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 104.363727][ T5845] Call Trace: [ 104.367055][ T5845] [ 104.370034][ T5845] ? __pfx___journal_res_get+0x10/0x10 [ 104.375557][ T5845] ? __journal_entry_close+0x1cc/0xeb0 [ 104.381052][ T5845] ? journal_flush_done+0x675/0x810 [ 104.386274][ T5845] bch2_journal_res_get_slowpath+0xdc/0xaf0 [ 104.392198][ T5845] ? __pfx_bch2_journal_res_get_slowpath+0x10/0x10 [ 104.398722][ T5845] ? do_raw_spin_lock+0x121/0x290 [ 104.403820][ T5845] ? __journal_entry_close+0x1cc/0xeb0 [ 104.409297][ T5845] ? journal_res_get_fast+0x12e/0x6a0 [ 104.414692][ T5845] ? __lock_acquire+0xab9/0xd20 [ 104.419560][ T5845] ? __pfx_journal_res_get_fast+0x10/0x10 [ 104.425318][ T5845] bch2_journal_res_get+0x14f/0x1f0 [ 104.430537][ T5845] __bch2_journal_meta+0x40/0x1d0 [ 104.435589][ T5845] bch2_fs_journal_stop+0x1dd/0x440 [ 104.440897][ T5845] ? __pfx_bch2_fs_journal_stop+0x10/0x10 [ 104.446731][ T5845] ? __pfx___bch2_print+0x10/0x10 [ 104.451774][ T5845] ? __bch2_btree_flush_all+0x54/0x6f0 [ 104.457259][ T5845] ? __bch2_btree_flush_all+0x6ce/0x6f0 [ 104.462814][ T5845] ? __bch2_btree_flush_all+0x54/0x6f0 [ 104.468284][ T5845] __bch2_fs_read_only+0x343/0x5b0 [ 104.473414][ T5845] __bch2_fs_read_write+0x5cd/0x830 [ 104.478627][ T5845] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 104.484088][ T5845] bch2_fs_reconfigure+0x29a/0x400 [ 104.489257][ T5845] reconfigure_super+0x224/0x890 [ 104.494262][ T5845] path_mount+0xd18/0xfe0 [ 104.498627][ T5845] ? user_path_at+0x44/0x60 [ 104.503153][ T5845] __se_sys_mount+0x317/0x410 [ 104.507894][ T5845] ? __pfx___se_sys_mount+0x10/0x10 [ 104.513137][ T5845] ? rcu_is_watching+0x15/0xb0 [ 104.517976][ T5845] ? __x64_sys_mount+0x20/0xc0 [ 104.522768][ T5845] do_syscall_64+0xfa/0x3b0 [ 104.527358][ T5845] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.532610][ T5845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.538723][ T5845] ? clear_bhb_loop+0x60/0xb0 [ 104.543420][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.549374][ T5845] RIP: 0033:0x7f2e80398c49 [ 104.553845][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 104.573563][ T5845] RSP: 002b:00007f2e8034d218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 104.582000][ T5845] RAX: ffffffffffffffda RBX: 00007f2e804306a8 RCX: 00007f2e80398c49 [ 104.589983][ T5845] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000 [ 104.597971][ T5845] RBP: 00007f2e804306a0 R08: 0000000000000000 R09: 0000000000000000 [ 104.605950][ T5845] R10: 0000000002012024 R11: 0000000000000246 R12: 0000200000000000 [ 104.613947][ T5845] R13: 0030656c69662f2e R14: 7366656863616362 R15: 0000200000000080 [ 104.621949][ T5845] [ 104.624976][ T5845] Modules linked in: [ 104.629228][ T5845] ---[ end trace 0000000000000000 ]--- [ 104.634833][ T5832] bcachefs (loop1): marking filesystem clean [ 104.641610][ T5845] RIP: 0010:__journal_res_get+0x25cd/0x27f0 [ 104.641975][ T5901] bcachefs (loop3): Detected missing backpointers in bucket 34, now have 1/128 with missing [pid 5834] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=42 /* 0.42 s */} --- [pid 5834] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5834] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 104.647770][ T5845] Code: ff ff e9 2b db ff ff e8 01 7c 7e fd 41 be eb f6 ff ff e9 1b db ff ff e8 11 58 1d 07 e8 ec 7b 7e fd 90 0f 0b e8 e4 7b 7e fd 90 <0f> 0b e8 dc 7b 7e fd 90 0f 0b e8 d4 7b 7e fd 90 0f 0b e8 cc 7b 7e [ 104.657711][ T5901] scheduling recovery pass check_extents_to_backpointers (17) [ 104.685693][ T5845] RSP: 0018:ffffc900044af4c0 EFLAGS: 00010293 [ 104.692432][ T5845] RAX: ffffffff8441cf5c RBX: 1ffff1100dda951b RCX: ffff888011a10000 [ 104.700630][ T5845] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 104.708797][ T5845] RBP: ffffc900044af790 R08: ffff88806ed4a9f7 R09: 1ffff1100dda953e [pid 5834] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5834] getdents64(3, 0x5555655a4730 /* 4 entries */, 32768) = 112 [ 104.717231][ T5845] R10: dffffc0000000000 R11: ffffed100dda953f R12: ffff88806ed49800 [ 104.725400][ T5845] R13: 1ffff1100dda953e R14: 0000000000000002 R15: 00000000007ffffe [ 104.733382][ T5845] FS: 00007f2e8034d6c0(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 104.743615][ T5845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.750445][ T5845] CR2: 00007f2e803ec758 CR3: 0000000074850000 CR4: 00000000003526f0 [ 104.758622][ T5845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 104.766807][ T5845] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 104.774982][ T5845] Kernel panic - not syncing: Fatal exception [ 104.781382][ T5845] Kernel Offset: disabled [ 104.785720][ T5845] Rebooting in 86400 seconds..