./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2388812380 <...> Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. execve("./syz-executor2388812380", ["./syz-executor2388812380"], 0x7ffc4b9b69d0 /* 10 vars */) = 0 brk(NULL) = 0x55557288e000 brk(0x55557288ed00) = 0x55557288ed00 arch_prctl(ARCH_SET_FS, 0x55557288e380) = 0 set_tid_address(0x55557288e650) = 5077 set_robust_list(0x55557288e660, 24) = 0 rseq(0x55557288eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2388812380", 4096) = 28 getrandom("\x61\xcb\xe9\xce\x08\xda\xdf\xc5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557288ed00 brk(0x5555728afd00) = 0x5555728afd00 brk(0x5555728b0000) = 0x5555728b0000 mprotect(0x7fc2a639c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x55557288e660, 24 [pid 5077] <... clone resumed>, child_tidptr=0x55557288e650) = 5078 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5078] mkdir("./syzkaller.EeFu3e", 0700 [pid 5077] <... clone resumed>, child_tidptr=0x55557288e650) = 5079 ./strace-static-x86_64: Process 5079 attached [pid 5078] <... mkdir resumed>) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] set_robust_list(0x55557288e660, 24./strace-static-x86_64: Process 5080 attached ) = 0 [pid 5078] chmod("./syzkaller.EeFu3e", 0777 [pid 5080] set_robust_list(0x55557288e660, 24) = 0 [pid 5079] mkdir("./syzkaller.OMxNrA", 0700 [pid 5078] <... chmod resumed>) = 0 [pid 5077] <... clone resumed>, child_tidptr=0x55557288e650) = 5080 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5080] mkdir("./syzkaller.PJg90a", 0700 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] chdir("./syzkaller.EeFu3e" [pid 5079] chmod("./syzkaller.OMxNrA", 0777 [pid 5078] <... chdir resumed>) = 0 [pid 5080] <... mkdir resumed>) = 0 [pid 5079] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5081 attached [pid 5079] chdir("./syzkaller.OMxNrA") = 0 [pid 5081] set_robust_list(0x55557288e660, 24 [pid 5079] mkdir("./0", 0777 [pid 5078] mkdir("./0", 0777 [pid 5077] <... clone resumed>, child_tidptr=0x55557288e650) = 5081 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] chmod("./syzkaller.PJg90a", 0777 [pid 5079] <... mkdir resumed>) = 0 [pid 5078] <... mkdir resumed>) = 0 [pid 5077] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] mkdir("./syzkaller.EVV4C8", 0700 [pid 5080] <... chmod resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 5082 attached [pid 5079] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5082] set_robust_list(0x55557288e660, 24 [pid 5079] <... openat resumed>) = 3 [pid 5079] ioctl(3, LOOP_CLR_FD [pid 5077] <... clone resumed>, child_tidptr=0x55557288e650) = 5082 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 5080] chdir("./syzkaller.PJg90a" [pid 5079] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] <... openat resumed>) = 3 [pid 5081] chmod("./syzkaller.EVV4C8", 0777 [pid 5079] close(3 [pid 5082] mkdir("./syzkaller.lhH6y0", 0700 [pid 5081] <... chmod resumed>) = 0 [pid 5080] <... chdir resumed>) = 0 [pid 5081] chdir("./syzkaller.EVV4C8" [pid 5080] mkdir("./0", 0777 [pid 5079] <... close resumed>) = 0 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5081] <... chdir resumed>) = 0 [pid 5081] mkdir("./0", 0777 [pid 5082] <... mkdir resumed>) = 0 [pid 5080] <... mkdir resumed>) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] close(3./strace-static-x86_64: Process 5083 attached [pid 5082] chmod("./syzkaller.lhH6y0", 0777 [pid 5081] <... mkdir resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] set_robust_list(0x55557288e660, 24 [pid 5082] <... chmod resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5080] ioctl(3, LOOP_CLR_FD [pid 5079] <... clone resumed>, child_tidptr=0x55557288e650) = 5083 [pid 5078] <... close resumed>) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] chdir("./syzkaller.lhH6y0" [pid 5080] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] chdir("./0" [pid 5081] <... openat resumed>) = 3 [pid 5083] <... chdir resumed>) = 0 [pid 5082] <... chdir resumed>) = 0 [pid 5080] close(3./strace-static-x86_64: Process 5085 attached [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5085] set_robust_list(0x55557288e660, 24 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] <... set_robust_list resumed>) = 0 [pid 5081] close(3 [pid 5085] chdir("./0" [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] mkdir("./0", 0777 [pid 5081] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5085] <... chdir resumed>) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] <... prctl resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached [pid 5085] setpgid(0, 0 [pid 5083] setpgid(0, 0./strace-static-x86_64: Process 5087 attached ) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55557288e650) = 5085 [pid 5087] set_robust_list(0x55557288e660, 24 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5087] <... set_robust_list resumed>) = 0 [pid 5086] set_robust_list(0x55557288e660, 24 [pid 5085] <... setpgid resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5087] chdir("./0" [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] <... clone resumed>, child_tidptr=0x55557288e650) = 5086 [pid 5087] <... chdir resumed>) = 0 [pid 5086] chdir("./0" [pid 5085] <... openat resumed>) = 3 [pid 5083] write(3, "1000", 4 [pid 5082] <... openat resumed>) = 3 [pid 5080] <... clone resumed>, child_tidptr=0x55557288e650) = 5087 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... chdir resumed>) = 0 [pid 5085] write(3, "1000", 4 [pid 5083] <... write resumed>) = 4 [pid 5087] <... prctl resumed>) = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] <... write resumed>) = 4 [pid 5083] close(3 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5087] setpgid(0, 0 [pid 5086] <... prctl resumed>) = 0 [pid 5085] close(3 [pid 5083] <... close resumed>) = 0 [pid 5087] <... setpgid resumed>) = 0 [pid 5086] setpgid(0, 0 [pid 5085] <... close resumed>) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs" [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] <... setpgid resumed>) = 0 [pid 5085] symlink("/dev/binderfs", "./binderfs" [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 5088 attached [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] <... symlink resumed>) = 0 [pid 5085] write(1, "executing program\n", 18 [pid 5088] set_robust_list(0x55557288e660, 24 [pid 5087] <... openat resumed>) = 3 [pid 5086] <... openat resumed>) = 3 [pid 5085] <... write resumed>) = 18 [pid 5083] <... symlink resumed>) = 0 [pid 5088] <... set_robust_list resumed>) = 0 executing program [pid 5087] write(3, "1000", 4 [pid 5083] write(1, "executing program\n", 18 [pid 5087] <... write resumed>) = 4 [pid 5085] memfd_create("syzkaller", 0 [pid 5083] <... write resumed>) = 18 [pid 5088] chdir("./0" [pid 5087] close(3 [pid 5086] write(3, "1000", 4 [pid 5085] <... memfd_create resumed>) = 3 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] <... clone resumed>, child_tidptr=0x55557288e650) = 5088 [pid 5088] <... chdir resumed>) = 0 [pid 5087] <... close resumed>) = 0 [pid 5086] <... write resumed>) = 4 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] close(3 [pid 5088] <... prctl resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs" [pid 5086] symlink("/dev/binderfs", "./binderfs" [pid 5088] setpgid(0, 0 [pid 5087] <... symlink resumed>) = 0 [pid 5085] <... mmap resumed>) = 0x7fc29de00000 [pid 5088] <... setpgid resumed>) = 0 [pid 5083] <... memfd_create resumed>) = 3 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... symlink resumed>) = 0 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 5088] <... openat resumed>) = 3 [pid 5087] write(1, "executing program\n", 18 [pid 5083] <... mmap resumed>) = 0x7fc29de00000 [pid 5087] <... write resumed>) = 18 [pid 5088] write(3, "1000", 4 [pid 5086] write(1, "executing program\n", 18 [pid 5087] memfd_create("syzkaller", 0) = 3 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program ) = 0x7fc29de00000 [pid 5088] <... write resumed>) = 4 [pid 5086] <... write resumed>) = 18 [pid 5088] close(3 [pid 5086] memfd_create("syzkaller", 0 [pid 5088] <... close resumed>) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] write(1, "executing program\n", 18executing program ) = 18 [pid 5086] <... memfd_create resumed>) = 3 [pid 5088] memfd_create("syzkaller", 0 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5088] <... memfd_create resumed>) = 3 [pid 5086] <... mmap resumed>) = 0x7fc29de00000 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5087] <... write resumed>) = 16777216 [pid 5087] munmap(0x7fc29de00000, 138412032) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5087] close(3) = 0 [pid 5087] close(4) = 0 [pid 5087] mkdir("./file0", 0777) = 0 [ 60.759038][ T5087] loop2: detected capacity change from 0 to 32768 [pid 5087] mount("/dev/loop2", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5083] <... write resumed>) = 16777216 [pid 5083] munmap(0x7fc29de00000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./file0", 0777) = 0 [ 60.944037][ T5083] loop1: detected capacity change from 0 to 32768 [pid 5083] mount("/dev/loop1", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5086] <... write resumed>) = 16777216 [pid 5086] munmap(0x7fc29de00000, 138412032 [pid 5088] <... write resumed>) = 16777216 [pid 5086] <... munmap resumed>) = 0 [pid 5088] munmap(0x7fc29de00000, 138412032) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5085] <... write resumed>) = 16777216 [pid 5086] <... openat resumed>) = 4 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5088] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5085] munmap(0x7fc29de00000, 138412032 [pid 5088] <... openat resumed>) = 4 [ 61.040528][ T5087] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 61.077506][ T5086] loop3: detected capacity change from 0 to 32768 [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] close(4) = 0 [pid 5088] <... ioctl resumed>) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4 [pid 5086] mkdir("./file0", 0777 [pid 5088] <... close resumed>) = 0 [pid 5088] mkdir("./file0", 0777 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... munmap resumed>) = 0 [pid 5086] mount("/dev/loop3", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5088] <... mkdir resumed>) = 0 [pid 5088] mount("/dev/loop4", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 61.089325][ T5088] loop4: detected capacity change from 0 to 32768 [ 61.101055][ T5083] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 61.116121][ T5087] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 61.126859][ T5083] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [ 61.138494][ T5085] loop0: detected capacity change from 0 to 32768 [ 61.208138][ T5087] bcachefs (loop2): alloc_read... done [ 61.209799][ T5086] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 61.237767][ T5087] bcachefs (loop2): stripes_read... done [ 61.245724][ T5086] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 61.255221][ T5088] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 61.255921][ T5087] bcachefs (loop2): snapshots_read... done [ 61.282231][ T5087] bcachefs (loop2): journal_replay... done [ 61.293772][ T5088] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 61.300850][ T5087] bcachefs (loop2): resume_logged_ops... done [ 61.302666][ T5085] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 61.322316][ T5087] bcachefs (loop2): going read-write [ 61.331561][ T5085] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5085] mount("/dev/loop0", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5087] <... mount resumed>) = 0 [pid 5087] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5087] chdir("./file0") = 0 [ 61.372121][ T5087] bcachefs (loop2): done starting filesystem [pid 5087] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5087] close(4 [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5087] <... close resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5087] memfd_create("syzkaller", 0) = 4 [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5088] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5088] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5088] ioctl(3, LOOP_CLR_FD [pid 5085] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5083] <... ioctl resumed>) = 0 [pid 5083] close(3) = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5088] <... ioctl resumed>) = 0 [pid 5087] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5088] close(3) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5085] <... ioctl resumed>) = 0 [pid 5085] close(3) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5087] <... write resumed>) = 16777216 [pid 5087] munmap(0x7fc29de00000, 138412032 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5087] <... munmap resumed>) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 5 [pid 5087] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5087] ioctl(5, LOOP_CLR_FD) = 0 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5087] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5087] close(5 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5087] <... close resumed>) = 0 [pid 5087] close(4) = 0 [pid 5087] exit_group(0) = ? [pid 5087] +++ exited with 0 +++ [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=19 /* 0.19 s */, si_stime=65 /* 0.65 s */} --- [pid 5080] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5080] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5080] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5080] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5080] unlink("./0/binderfs") = 0 [pid 5080] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5083] <... write resumed>) = 16777216 [pid 5085] <... write resumed>) = 16777216 [pid 5083] munmap(0x7fc29de00000, 138412032 [pid 5085] munmap(0x7fc29de00000, 138412032 [pid 5088] <... write resumed>) = 16777216 [pid 5085] <... munmap resumed>) = 0 [ 62.611962][ T5080] bcachefs (loop2): shutting down [ 62.617255][ T5080] bcachefs (loop2): going read-only [ 62.634235][ T5080] bcachefs (loop2): finished waiting for writes to stop [ 62.644589][ T5080] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [pid 5083] <... munmap resumed>) = 0 [pid 5088] munmap(0x7fc29de00000, 138412032 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5083] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5088] <... munmap resumed>) = 0 [pid 5086] <... write resumed>) = 16777216 [pid 5085] <... openat resumed>) = 4 [pid 5088] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5086] munmap(0x7fc29de00000, 138412032 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5088] <... openat resumed>) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... openat resumed>) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3 [pid 5085] <... ioctl resumed>) = 0 [pid 5085] close(3) = 0 [pid 5085] close(4) = 0 [pid 5085] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5085] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5083] <... ioctl resumed>) = 0 [pid 5083] close(3) = 0 [ 62.670964][ T5080] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 62.687114][ T5080] bcachefs (loop2): shutdown complete, journal seq 11 [ 62.695678][ T5080] bcachefs (loop2): marking filesystem clean [ 62.702789][ T5085] loop0: detected capacity change from 0 to 32768 [ 62.709998][ T5083] loop1: detected capacity change from 0 to 32768 [pid 5083] close(4 [pid 5088] <... ioctl resumed>) = 0 [pid 5086] <... munmap resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5088] close(3 [pid 5083] mkdir("./file0", 0777 [pid 5088] <... close resumed>) = 0 [pid 5083] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5088] close(4 [pid 5083] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5088] <... close resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5088] mkdir("./file0", 0777 [pid 5086] <... openat resumed>) = 4 [pid 5088] <... mkdir resumed>) = -1 EEXIST (File exists) [ 62.720171][ T5088] loop4: detected capacity change from 0 to 32768 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5088] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] close(4) = 0 [pid 5086] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 62.746633][ T5086] loop3: detected capacity change from 0 to 32768 [ 62.756166][ T5080] bcachefs (loop2): shutdown complete [ 62.926203][ T5085] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names,read_only [ 62.944752][ T5085] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 62.952153][ T5088] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 62.954863][ T5085] bcachefs (loop0): Version upgrade required: [ 62.954863][ T5085] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 62.954863][ T5085] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap [ 62.954863][ T5085] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance [ 63.043590][ T5088] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 63.062500][ T5083] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 63.071626][ T5086] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 63.087013][ T5083] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 63.092678][ T5085] bcachefs (loop0): alloc_read... done [ 63.097620][ T5086] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 63.101913][ T5085] bcachefs (loop0): stripes_read... done [ 63.131873][ T5085] bcachefs (loop0): snapshots_read... done [ 63.148598][ T5085] bcachefs (loop0): check_allocations... [ 63.151124][ T5085] [ 63.159118][ T5085] ====================================================== [ 63.166136][ T5085] WARNING: possible circular locking dependency detected [ 63.173158][ T5085] 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 Not tainted [ 63.180249][ T5085] ------------------------------------------------------ [ 63.187246][ T5085] syz-executor238/5085 is trying to acquire lock: [ 63.193658][ T5085] ffff888069900988 (&c->sb_lock){+.+.}-{3:3}, at: bch2_gc_mark_key+0xc66/0x1010 [ 63.202712][ T5085] [ 63.202712][ T5085] but task is already holding lock: [ 63.210063][ T5085] ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 [ 63.220403][ T5085] [ 63.220403][ T5085] which lock already depends on the new lock. [ 63.220403][ T5085] [ 63.230832][ T5085] [ 63.230832][ T5085] the existing dependency chain (in reverse order) is: [ 63.239836][ T5085] [ 63.239836][ T5085] -> #1 (&c->btree_root_lock){+.+.}-{3:3}: [ 63.247905][ T5085] lock_acquire+0x1ed/0x550 [ 63.252944][ T5085] __mutex_lock+0x136/0xd70 [ 63.257988][ T5085] bch2_btree_roots_to_journal_entries+0xbb/0x980 [ 63.265037][ T5085] bch2_fs_mark_clean+0x2cc/0x6d0 [ 63.270573][ T5085] bch2_fs_read_only+0x1101/0x1210 [ 63.276208][ T5085] __bch2_fs_stop+0x105/0x540 [ 63.281412][ T5085] generic_shutdown_super+0x136/0x2d0 [ 63.287410][ T5085] bch2_kill_sb+0x41/0x50 [ 63.292262][ T5085] deactivate_locked_super+0xc4/0x130 [ 63.298161][ T5085] cleanup_mnt+0x41f/0x4b0 [ 63.303102][ T5085] task_work_run+0x24f/0x310 [ 63.308215][ T5085] ptrace_notify+0x2d2/0x380 [ 63.313323][ T5085] syscall_exit_work+0xc6/0x190 [ 63.318685][ T5085] syscall_exit_to_user_mode+0x273/0x370 [ 63.324836][ T5085] do_syscall_64+0x100/0x230 [ 63.329936][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.336340][ T5085] [ 63.336340][ T5085] -> #0 (&c->sb_lock){+.+.}-{3:3}: [ 63.343629][ T5085] validate_chain+0x18e0/0x5900 [ 63.348993][ T5085] __lock_acquire+0x1346/0x1fd0 [ 63.354349][ T5085] lock_acquire+0x1ed/0x550 [ 63.359447][ T5085] __mutex_lock+0x136/0xd70 [ 63.364458][ T5085] bch2_gc_mark_key+0xc66/0x1010 [ 63.369904][ T5085] bch2_check_allocations+0x3e06/0xcca0 [ 63.375956][ T5085] bch2_run_recovery_pass+0xf0/0x1e0 [ 63.381772][ T5085] bch2_run_recovery_passes+0x19e/0x820 [ 63.387842][ T5085] bch2_fs_recovery+0x2370/0x3720 [ 63.393389][ T5085] bch2_fs_start+0x356/0x5b0 [ 63.398502][ T5085] bch2_fs_open+0xa8d/0xdf0 [ 63.403514][ T5085] bch2_mount+0x6b0/0x13a0 [ 63.408439][ T5085] legacy_get_tree+0xee/0x190 [ 63.413802][ T5085] vfs_get_tree+0x90/0x2a0 [ 63.418723][ T5085] do_new_mount+0x2be/0xb40 [ 63.423729][ T5085] __se_sys_mount+0x2d9/0x3c0 [ 63.428908][ T5085] do_syscall_64+0xf3/0x230 [ 63.433922][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.440328][ T5085] [ 63.440328][ T5085] other info that might help us debug this: [ 63.440328][ T5085] [ 63.450647][ T5085] Possible unsafe locking scenario: [ 63.450647][ T5085] [ 63.458111][ T5085] CPU0 CPU1 [ 63.463470][ T5085] ---- ---- [ 63.468827][ T5085] lock(&c->btree_root_lock); [ 63.473601][ T5085] lock(&c->sb_lock); [ 63.480197][ T5085] lock(&c->btree_root_lock); [ 63.487469][ T5085] lock(&c->sb_lock); [ 63.491531][ T5085] [ 63.491531][ T5085] *** DEADLOCK *** [ 63.491531][ T5085] [ 63.499657][ T5085] 4 locks held by syz-executor238/5085: [ 63.505182][ T5085] #0: ffff888069900278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_start+0x45/0x5b0 [ 63.514508][ T5085] #1: ffff8880699268d0 (&c->gc_lock){++++}-{3:3}, at: bch2_check_allocations+0x258/0xcca0 [ 63.524501][ T5085] #2: ffff8880699042d8 (&c->btree_trans_barrier){.+.+}-{0:0}, at: __bch2_trans_get+0x9b0/0xdf0 [ 63.534948][ T5085] #3: ffff888069901a58 (&c->btree_root_lock){+.+.}-{3:3}, at: bch2_check_allocations+0x2e31/0xcca0 [ 63.545723][ T5085] [ 63.545723][ T5085] stack backtrace: [ 63.551702][ T5085] CPU: 1 PID: 5085 Comm: syz-executor238 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 [ 63.563238][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 63.573480][ T5085] Call Trace: [ 63.576838][ T5085] [ 63.579759][ T5085] dump_stack_lvl+0x241/0x360 [ 63.584445][ T5085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.589637][ T5085] ? print_circular_bug+0x130/0x1a0 [ 63.594827][ T5085] check_noncircular+0x36a/0x4a0 [ 63.599866][ T5085] ? __pfx_check_noncircular+0x10/0x10 [ 63.605323][ T5085] ? lockdep_lock+0x123/0x2b0 [ 63.609987][ T5085] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 63.616042][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.622376][ T5085] validate_chain+0x18e0/0x5900 [ 63.627228][ T5085] ? __pfx_validate_chain+0x10/0x10 [ 63.632524][ T5085] ? vsnprintf+0x1ccd/0x1da0 [ 63.637190][ T5085] ? printbuf_do_indent+0x99a/0x9d0 [ 63.642639][ T5085] ? __pfx_vsnprintf+0x10/0x10 [ 63.647415][ T5085] ? bch2_extent_ptr_to_text+0x58/0x5d0 [ 63.653038][ T5085] ? __pfx_lock_release+0x10/0x10 [ 63.658049][ T5085] ? mark_lock+0x9a/0x350 [ 63.662376][ T5085] __lock_acquire+0x1346/0x1fd0 [ 63.667219][ T5085] lock_acquire+0x1ed/0x550 [ 63.671710][ T5085] ? bch2_gc_mark_key+0xc66/0x1010 [ 63.676811][ T5085] ? __pfx_lock_acquire+0x10/0x10 [ 63.681826][ T5085] ? __pfx___might_resched+0x10/0x10 [ 63.687110][ T5085] ? printbuf_do_indent+0x4d/0x9d0 [ 63.692219][ T5085] __mutex_lock+0x136/0xd70 [ 63.696730][ T5085] ? bch2_gc_mark_key+0xc66/0x1010 [ 63.701835][ T5085] ? bch2_btree_ptr_v2_to_text+0x19a/0x2f0 [ 63.707648][ T5085] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0 [ 63.713448][ T5085] ? bch2_gc_mark_key+0xc66/0x1010 [ 63.718576][ T5085] ? __pfx___mutex_lock+0x10/0x10 [ 63.723765][ T5085] ? bch2_bkey_val_to_text+0xf0/0x160 [ 63.729304][ T5085] bch2_gc_mark_key+0xc66/0x1010 [ 63.734236][ T5085] ? __pfx_bch2_gc_mark_key+0x10/0x10 [ 63.739600][ T5085] ? __mutex_lock+0x2ef/0xd70 [ 63.744264][ T5085] ? __gc_pos_set+0x1a4/0x2c0 [ 63.748929][ T5085] ? bch2_check_allocations+0x3d0f/0xcca0 [ 63.754640][ T5085] ? __pfx_bch2_trans_begin+0x10/0x10 [ 63.760003][ T5085] ? __asan_memset+0x23/0x50 [ 63.764588][ T5085] ? bch2_trans_iter_exit+0x295/0x3e0 [ 63.769958][ T5085] bch2_check_allocations+0x3e06/0xcca0 [ 63.775496][ T5085] ? __asan_memset+0x23/0x50 [ 63.780079][ T5085] ? bch2_btree_node_iter_init+0x36bb/0x4280 [ 63.786053][ T5085] ? validate_chain+0x11e/0x5900 [ 63.791003][ T5085] ? __bch2_journal_key_search+0x9c2/0x10e0 [ 63.796886][ T5085] ? __bch2_btree_node_iter_advance+0x577/0xaa0 [ 63.803126][ T5085] ? __pfx_validate_chain+0x10/0x10 [ 63.808314][ T5085] ? __pfx_bch2_check_allocations+0x10/0x10 [ 63.814216][ T5085] ? desc_read+0x200/0x3f0 [ 63.818645][ T5085] ? desc_read+0x1a2/0x3f0 [ 63.823054][ T5085] ? prb_first_seq+0x131/0x210 [ 63.827832][ T5085] ? __pfx_prb_first_seq+0x10/0x10 [ 63.832968][ T5085] ? this_cpu_in_panic+0x4f/0x80 [ 63.837913][ T5085] ? _prb_read_valid+0xa39/0xac0 [ 63.842853][ T5085] ? validate_chain+0x11e/0x5900 [ 63.847789][ T5085] ? __pfx__prb_read_valid+0x10/0x10 [ 63.853066][ T5085] ? data_push_tail+0x716/0x730 [ 63.857921][ T5085] ? __pfx_validate_chain+0x10/0x10 [ 63.863125][ T5085] ? prb_read_valid+0xa9/0xf0 [ 63.867788][ T5085] ? __pfx_prb_read_valid+0x10/0x10 [ 63.872974][ T5085] ? desc_read+0x200/0x3f0 [ 63.877401][ T5085] ? desc_read+0x1a2/0x3f0 [ 63.881831][ T5085] ? prb_first_seq+0x131/0x210 [ 63.886586][ T5085] ? __pfx_prb_first_seq+0x10/0x10 [ 63.891696][ T5085] ? this_cpu_in_panic+0x4f/0x80 [ 63.896629][ T5085] ? _prb_read_valid+0xa39/0xac0 [ 63.901571][ T5085] ? bch2_check_allocations+0x3197/0xcca0 [ 63.907289][ T5085] ? console_unlock+0x239/0x4d0 [ 63.912133][ T5085] ? console_unlock+0x447/0x4d0 [ 63.916976][ T5085] ? __pfx_console_unlock+0x10/0x10 [ 63.922163][ T5085] ? __bch2_print+0x17a/0x220 [ 63.926836][ T5085] ? __bch2_print+0x17a/0x220 [ 63.931499][ T5085] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 63.937733][ T5085] ? bch2_check_allocations+0x83d/0xcca0 [ 63.943355][ T5085] ? __wake_up_klogd+0xd5/0x110 [ 63.948293][ T5085] ? bch2_check_allocations+0x83d/0xcca0 [ 63.953915][ T5085] ? __bch2_print+0x17a/0x220 [ 63.958755][ T5085] ? __pfx___bch2_print+0x10/0x10 [ 63.963772][ T5085] ? bch2_trans_put+0x8ed/0x1030 [ 63.968699][ T5085] bch2_run_recovery_pass+0xf0/0x1e0 [ 63.973989][ T5085] bch2_run_recovery_passes+0x19e/0x820 [ 63.979530][ T5085] bch2_fs_recovery+0x2370/0x3720 [ 63.984556][ T5085] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 63.989931][ T5085] ? __pfx_lock_release+0x10/0x10 [ 63.994945][ T5085] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 64.000591][ T5085] ? __pfx_lock_release+0x10/0x10 [ 64.005620][ T5085] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 64.011244][ T5085] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 64.016995][ T5085] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 64.022659][ T5085] ? llist_reverse_order+0x72/0x90 [ 64.027772][ T5085] bch2_fs_start+0x356/0x5b0 [ 64.032377][ T5085] bch2_fs_open+0xa8d/0xdf0 [ 64.036893][ T5085] ? __pfx_bch2_fs_open+0x10/0x10 [ 64.041934][ T5085] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.048268][ T5085] ? __pfx_bch2_test_super+0x10/0x10 [ 64.053567][ T5085] ? sget+0x2b8/0x620 [ 64.057564][ T5085] ? __pfx_bch2_noset_super+0x10/0x10 [ 64.062954][ T5085] bch2_mount+0x6b0/0x13a0 [ 64.067388][ T5085] ? __pfx_bch2_mount+0x10/0x10 [ 64.072242][ T5085] ? vfs_parse_fs_string+0x190/0x230 [ 64.077545][ T5085] ? kfree+0x4e/0x360 [ 64.081631][ T5085] ? vfs_parse_fs_string+0x190/0x230 [ 64.086934][ T5085] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 64.092578][ T5085] ? cap_capable+0x1b4/0x250 [ 64.097179][ T5085] legacy_get_tree+0xee/0x190 [ 64.101871][ T5085] ? __pfx_bch2_mount+0x10/0x10 [ 64.106727][ T5085] vfs_get_tree+0x90/0x2a0 [ 64.111144][ T5085] do_new_mount+0x2be/0xb40 [ 64.115649][ T5085] ? __pfx_do_new_mount+0x10/0x10 [ 64.120664][ T5085] __se_sys_mount+0x2d9/0x3c0 [ 64.125330][ T5085] ? __pfx___se_sys_mount+0x10/0x10 [ 64.130514][ T5085] ? do_syscall_64+0x100/0x230 [ 64.135270][ T5085] ? __x64_sys_mount+0x20/0xc0 [ 64.140024][ T5085] do_syscall_64+0xf3/0x230 [ 64.144542][ T5085] ? clear_bhb_loop+0x35/0x90 [ 64.149225][ T5085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.155120][ T5085] RIP: 0033:0x7fc2a630571a [ 64.159526][ T5085] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.179145][ T5085] RSP: 002b:00007fff54862518 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 64.187589][ T5085] RAX: ffffffffffffffda RBX: 00007fff54862570 RCX: 00007fc2a630571a [ 64.195557][ T5085] RDX: 0000000020000040 RSI: 0000000020000fc0 RDI: 00007fff54862570 [ 64.203533][ T5085] RBP: 0000000020000fc0 R08: 00007fff548625b0 R09: 00000000000119f9 [ 64.211524][ T5085] R10: 0000000000200001 R11: 0000000000000282 R12: 0000000020000040 [ 64.219489][ T5085] R13: 00007fff548625b0 R14: 00000000000119fc R15: 00000000200001c0 [ 64.227551][ T5085] [pid 5086] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5088] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5088] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5088] ioctl(3, LOOP_CLR_FD [pid 5086] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] <... openat resumed>) = 3 [pid 5083] <... openat resumed>) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD [ 64.351090][ T5085] done [ 64.356585][ T5085] bcachefs (loop0): going read-write [ 64.363520][ T5085] bcachefs (loop0): journal_replay... done [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5080] <... umount2 resumed>) = 0 [pid 5080] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 64.369422][ T5085] bcachefs (loop0): check_alloc_info... done [ 64.432381][ T5085] bcachefs (loop0): check_lrus... done [pid 5080] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5080] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5080] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5080] close(4) = 0 [pid 5080] rmdir("./0/file0") = 0 [pid 5080] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5080] close(3) = 0 [ 64.452969][ T5085] bcachefs (loop0): check_btree_backpointers... done [ 64.473519][ T5085] bcachefs (loop0): check_backpointers_to_extents... done [pid 5080] rmdir("./0") = 0 [pid 5080] mkdir("./1", 0777) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5080] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5080] close(3) = 0 [ 64.503183][ T5085] bcachefs (loop0): check_extents_to_backpointers... [ 64.504012][ T5085] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5088] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5160 attached [pid 5086] <... ioctl resumed>) = 0 [pid 5083] <... ioctl resumed>) = 0 [pid 5160] set_robust_list(0x55557288e660, 24 [pid 5088] close(3 [pid 5160] <... set_robust_list resumed>) = 0 [pid 5088] <... close resumed>) = 0 [pid 5080] <... clone resumed>, child_tidptr=0x55557288e650) = 5160 [pid 5160] chdir("./1" [pid 5088] exit_group(0 [pid 5160] <... chdir resumed>) = 0 [pid 5088] <... exit_group resumed>) = ? [pid 5086] close(3 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5088] +++ exited with 0 +++ [pid 5086] <... close resumed>) = 0 [pid 5160] <... prctl resumed>) = 0 [pid 5086] exit_group(0 [pid 5083] close(3 [pid 5086] <... exit_group resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=18 /* 0.18 s */, si_stime=82 /* 0.82 s */} --- [pid 5083] <... close resumed>) = 0 [pid 5082] restart_syscall(<... resuming interrupted clone ...> [pid 5160] setpgid(0, 0 [pid 5083] exit_group(0 [pid 5160] <... setpgid resumed>) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] +++ exited with 0 +++ [pid 5083] <... exit_group resumed>) = ? [pid 5160] write(3, "1000", 4 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=15 /* 0.15 s */, si_stime=71 /* 0.71 s */} --- [pid 5160] <... write resumed>) = 4 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs" [pid 5083] +++ exited with 0 +++ [pid 5082] <... restart_syscall resumed>) = 0 [pid 5160] <... symlink resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5079] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=18 /* 0.18 s */, si_stime=83 /* 0.83 s */} --- executing program [pid 5160] write(1, "executing program\n", 18 [pid 5079] restart_syscall(<... resuming interrupted clone ...> [pid 5160] <... write resumed>) = 18 [pid 5082] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5079] <... restart_syscall resumed>) = 0 [pid 5160] memfd_create("syzkaller", 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5160] <... memfd_create resumed>) = 3 [pid 5082] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5079] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5160] <... mmap resumed>) = 0x7fc29de00000 [pid 5082] newfstatat(3, "", [pid 5081] <... openat resumed>) = 3 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(3, "", [pid 5079] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5081] getdents64(3, [pid 5079] newfstatat(3, "", [pid 5082] getdents64(3, [pid 5081] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5079] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5082] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5081] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5079] getdents64(3, [pid 5082] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5079] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(AT_FDCWD, "./0/binderfs", [ 64.504031][ T5085] got: u64s 5 type deleted 0:9961472:0 len 0 ver 0 [ 64.504040][ T5085] want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down [pid 5079] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5082] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5081] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] unlink("./0/binderfs" [pid 5079] newfstatat(AT_FDCWD, "./0/binderfs", [pid 5082] unlink("./0/binderfs") = 0 [pid 5081] <... unlink resumed>) = 0 [pid 5079] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5082] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5079] unlink("./0/binderfs" [pid 5082] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5079] <... unlink resumed>) = 0 [pid 5082] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] newfstatat(AT_FDCWD, "./0/file0", [pid 5079] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5079] newfstatat(AT_FDCWD, "./0/file0", [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5079] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5079] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 4 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(4, "", [pid 5079] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5079] <... openat resumed>) = 4 [pid 5081] getdents64(4, [pid 5079] newfstatat(4, "", [pid 5081] <... getdents64 resumed>0x555572897730 /* 2 entries */, 32768) = 48 [pid 5079] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] getdents64(4, [pid 5079] getdents64(4, [pid 5081] <... getdents64 resumed>0x555572897730 /* 0 entries */, 32768) = 0 [pid 5079] <... getdents64 resumed>0x555572897730 /* 2 entries */, 32768) = 48 [pid 5081] close(4 [pid 5079] getdents64(4, [pid 5081] <... close resumed>) = 0 [pid 5079] <... getdents64 resumed>0x555572897730 /* 0 entries */, 32768) = 0 [pid 5081] rmdir("./0/file0" [pid 5079] close(4 [pid 5081] <... rmdir resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5081] getdents64(3, [pid 5079] rmdir("./0/file0" [pid 5081] <... getdents64 resumed>0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5079] <... rmdir resumed>) = 0 [pid 5081] close(3 [pid 5079] getdents64(3, [pid 5081] <... close resumed>) = 0 [pid 5079] <... getdents64 resumed>0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5081] rmdir("./0" [pid 5079] close(3 [pid 5081] <... rmdir resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5081] mkdir("./1", 0777 [pid 5079] rmdir("./0" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... mkdir resumed>) = 0 [pid 5079] <... rmdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5079] mkdir("./1", 0777 [pid 5081] <... openat resumed>) = 3 [pid 5079] <... mkdir resumed>) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5079] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5079] ioctl(3, LOOP_CLR_FD [pid 5081] close(3 [pid 5079] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... close resumed>) = 0 [pid 5079] close(3 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... clone resumed>, child_tidptr=0x55557288e650) = 5161 [pid 5079] <... clone resumed>, child_tidptr=0x55557288e650) = 5162 [pid 5082] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x55557288e660, 24) = 0 [pid 5161] chdir("./1") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 5162 attached [pid 5161] <... openat resumed>) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs" [pid 5162] set_robust_list(0x55557288e660, 24 [pid 5082] getdents64(4, [pid 5162] <... set_robust_list resumed>) = 0 [pid 5161] <... symlink resumed>) = 0 [pid 5162] chdir("./1" [pid 5082] <... getdents64 resumed>0x555572897730 /* 2 entries */, 32768) = 48 [pid 5161] write(1, "executing program\n", 18executing program ) = 18 [pid 5161] memfd_create("syzkaller", 0 [pid 5082] getdents64(4, [pid 5162] <... chdir resumed>) = 0 [pid 5162] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5161] <... memfd_create resumed>) = 3 [pid 5082] <... getdents64 resumed>0x555572897730 /* 0 entries */, 32768) = 0 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 64.625027][ T5085] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10 [ 64.634966][ T5085] bcachefs (loop0): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed [ 64.660904][ T5085] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [pid 5082] close(4) = 0 [pid 5162] <... prctl resumed>) = 0 [pid 5082] rmdir("./0/file0") = 0 [pid 5162] setpgid(0, 0) = 0 [pid 5082] getdents64(3, [pid 5162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] <... getdents64 resumed>0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5162] <... openat resumed>) = 3 [pid 5082] close(3) = 0 [pid 5162] write(3, "1000", 4 [pid 5082] rmdir("./0" [pid 5162] <... write resumed>) = 4 [pid 5082] <... rmdir resumed>) = 0 [ 64.669242][ T5085] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 64.679489][ T9] bcachefs (loop0): going read-only [ 64.685712][ T5085] bcachefs (loop0): shutting down [ 64.690870][ T9] bcachefs (loop0): finished waiting for writes to stop [ 64.698877][ T9] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10 [ 64.707936][ T9] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 10 [ 64.718353][ T9] bcachefs (loop0): unshutdown complete, journal seq 10 [pid 5162] close(3 [pid 5082] mkdir("./1", 0777) = 0 [pid 5162] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5162] symlink("/dev/binderfs", "./binderfs" [pid 5082] <... openat resumed>) = 3 executing program [pid 5162] <... symlink resumed>) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5162] write(1, "executing program\n", 18 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5162] <... write resumed>) = 18 [pid 5082] close(3 [pid 5162] memfd_create("syzkaller", 0 [pid 5082] <... close resumed>) = 0 [pid 5162] <... memfd_create resumed>) = 3 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5163 attached ) = 0x7fc29de00000 [pid 5163] set_robust_list(0x55557288e660, 24 [pid 5082] <... clone resumed>, child_tidptr=0x55557288e650) = 5163 [pid 5163] <... set_robust_list resumed>) = 0 [pid 5163] chdir("./1") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5163] write(1, "executing program\n", 18) = 18 [ 64.725898][ T9] bcachefs (loop0): done going read-only, filesystem not clean [pid 5163] memfd_create("syzkaller", 0) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 64.793829][ T5085] bcachefs (loop0): shutdown complete [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5162] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5078] kill(-5085, SIGKILL) = 0 [pid 5078] kill(5085, SIGKILL) = 0 [pid 5162] <... write resumed>) = 16777216 [pid 5161] <... write resumed>) = 16777216 [pid 5160] <... write resumed>) = 16777216 [pid 5162] munmap(0x7fc29de00000, 138412032 [pid 5161] munmap(0x7fc29de00000, 138412032 [pid 5160] munmap(0x7fc29de00000, 138412032) = 0 [pid 5162] <... munmap resumed>) = 0 [pid 5161] <... munmap resumed>) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5161] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] <... openat resumed>) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3 [pid 5160] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5160] ioctl(4, LOOP_SET_FD, 3 [pid 5162] close(3 [pid 5161] <... ioctl resumed>) = 0 [pid 5160] <... ioctl resumed>) = 0 [pid 5162] <... close resumed>) = 0 [pid 5162] close(4) = 0 [pid 5162] mkdir("./file0", 0777) = 0 [pid 5161] close(3 [pid 5160] close(3 [pid 5162] mount("/dev/loop1", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5161] <... close resumed>) = 0 [pid 5160] <... close resumed>) = 0 [pid 5161] close(4) = 0 [pid 5160] close(4 [pid 5161] mkdir("./file0", 0777 [pid 5160] <... close resumed>) = 0 [ 65.194747][ T5162] loop1: detected capacity change from 0 to 32768 [ 65.201734][ T5161] loop3: detected capacity change from 0 to 32768 [ 65.209450][ T5160] loop2: detected capacity change from 0 to 32768 [pid 5160] mkdir("./file0", 0777 [pid 5161] <... mkdir resumed>) = 0 [pid 5163] <... write resumed>) = 16777216 [pid 5160] <... mkdir resumed>) = 0 [pid 5163] munmap(0x7fc29de00000, 138412032 [pid 5160] mount("/dev/loop2", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5161] mount("/dev/loop3", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5163] <... munmap resumed>) = 0 [pid 5163] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5163] close(3) = 0 [pid 5163] close(4) = 0 [pid 5163] mkdir("./file0", 0777) = 0 [ 65.295026][ T5163] loop4: detected capacity change from 0 to 32768 [ 65.367168][ T5162] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 65.381650][ T5162] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 65.386253][ T5161] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 65.408196][ T5161] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5163] mount("/dev/loop4", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5085] <... mount resumed>) = ? [pid 5085] +++ killed by SIGKILL +++ [pid 5078] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5085, si_uid=0, si_status=SIGKILL, si_utime=13 /* 0.13 s */, si_stime=103 /* 1.03 s */} --- [pid 5078] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 65.413135][ T5163] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 65.429371][ T5085] syz-executor238 (5085) used greatest stack depth: 18096 bytes left [ 65.439698][ T5160] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 65.450437][ T5160] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5078] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5078] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5078] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5078] unlink("./0/binderfs") = 0 [pid 5078] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5078] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5078] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5078] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5078] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5078] close(4) = 0 [pid 5078] rmdir("./0/file0") = 0 [pid 5078] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5078] close(3) = 0 [pid 5078] rmdir("./0") = 0 [pid 5078] mkdir("./1", 0777) = 0 [ 65.463522][ T5163] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 65.478107][ T5162] bcachefs (loop1): alloc_read... done [ 65.492231][ T5162] bcachefs (loop1): stripes_read... done [ 65.502362][ T5162] bcachefs (loop1): snapshots_read... done [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5161] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5161] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5162] <... mount resumed>) = 0 [pid 5161] <... openat resumed>) = 3 [pid 5162] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] ioctl(3, LOOP_CLR_FD [pid 5162] chdir("./file0") = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] memfd_create("syzkaller", 0) = 4 [pid 5160] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5163] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5162] <... mmap resumed>) = 0x7fc29de00000 [ 65.521122][ T5162] bcachefs (loop1): journal_replay... done [ 65.537259][ T5162] bcachefs (loop1): resume_logged_ops... done [ 65.544336][ T5162] bcachefs (loop1): going read-write [ 65.556811][ T5162] bcachefs (loop1): done starting filesystem [pid 5163] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5163] ioctl(3, LOOP_CLR_FD [pid 5160] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5160] ioctl(3, LOOP_CLR_FD [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(3) = 0 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557288e650) = 5195 ./strace-static-x86_64: Process 5195 attached [pid 5195] set_robust_list(0x55557288e660, 24) = 0 [pid 5195] chdir("./1") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3executing program ) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] write(1, "executing program\n", 18) = 18 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5161] <... ioctl resumed>) = 0 [pid 5161] close(3) = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5163] <... ioctl resumed>) = 0 [pid 5163] close(3) = 0 [pid 5163] memfd_create("syzkaller", 0 [pid 5160] <... ioctl resumed>) = 0 [pid 5163] <... memfd_create resumed>) = 3 [pid 5163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5160] close(3) = 0 [pid 5160] memfd_create("syzkaller", 0) = 3 [pid 5160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5162] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5162] <... write resumed>) = 16777216 [pid 5162] munmap(0x7fc29de00000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 5 [pid 5162] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5162] ioctl(5, LOOP_CLR_FD) = 0 [pid 5162] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5162] close(5) = 0 [pid 5162] close(4 [pid 5195] <... write resumed>) = 16777216 [pid 5195] munmap(0x7fc29de00000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] close(4) = 0 [pid 5195] mkdir("./file0", 0777) = 0 [ 66.314069][ T5195] loop0: detected capacity change from 0 to 32768 [pid 5195] mount("/dev/loop0", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5161] <... write resumed>) = 16777216 [pid 5163] <... write resumed>) = 16777216 [pid 5162] <... close resumed>) = 0 [pid 5160] <... write resumed>) = 16777216 [pid 5161] munmap(0x7fc29de00000, 138412032) = 0 [pid 5162] exit_group(0 [pid 5160] munmap(0x7fc29de00000, 138412032 [pid 5163] munmap(0x7fc29de00000, 138412032 [pid 5160] <... munmap resumed>) = 0 [pid 5163] <... munmap resumed>) = 0 [pid 5162] <... exit_group resumed>) = ? [pid 5161] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5160] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5163] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5162] +++ exited with 0 +++ [pid 5161] <... openat resumed>) = 4 [pid 5160] <... openat resumed>) = 4 [ 66.408389][ T5195] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 66.418478][ T5195] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5163] ioctl(4, LOOP_SET_FD, 3 [pid 5161] ioctl(4, LOOP_SET_FD, 3 [pid 5160] ioctl(4, LOOP_SET_FD, 3 [pid 5163] <... ioctl resumed>) = 0 [pid 5163] close(3) = 0 [pid 5163] close(4) = 0 [pid 5163] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5163] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5161] <... ioctl resumed>) = 0 [pid 5079] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5162, si_uid=0, si_status=0, si_utime=19 /* 0.19 s */, si_stime=41 /* 0.41 s */} --- [pid 5079] restart_syscall(<... resuming interrupted clone ...> [pid 5161] close(3) = 0 [pid 5079] <... restart_syscall resumed>) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./file0", 0777 [pid 5079] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5161] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5161] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5079] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5160] <... ioctl resumed>) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5079] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5079] getdents64(3, [pid 5160] close(3 [pid 5079] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5160] <... close resumed>) = 0 [pid 5160] close(4 [pid 5079] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5160] <... close resumed>) = 0 [pid 5160] mkdir("./file0", 0777 [pid 5079] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5160] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5160] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5079] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] unlink("./1/binderfs") = 0 [ 66.452329][ T5163] loop4: detected capacity change from 0 to 32768 [ 66.452566][ T5160] loop2: detected capacity change from 0 to 32768 [ 66.465790][ T5161] loop3: detected capacity change from 0 to 32768 [pid 5079] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5195] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 66.517551][ T5079] bcachefs (loop1): shutting down [ 66.528038][ T5079] bcachefs (loop1): going read-only [ 66.540847][ T5079] bcachefs (loop1): finished waiting for writes to stop [ 66.553163][ T5161] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 66.570625][ T5161] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 66.578935][ T5163] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 66.579046][ T5163] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 66.580788][ T5079] bcachefs (loop1): flushing journal and stopping allocators, journal seq 10 [pid 5195] ioctl(3, LOOP_CLR_FD [pid 5163] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5163] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5163] ioctl(3, LOOP_CLR_FD [pid 5195] <... ioctl resumed>) = 0 [ 66.685702][ T5160] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 66.702001][ T5079] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 10 [ 66.713227][ T5079] bcachefs (loop1): shutdown complete, journal seq 11 [ 66.720326][ T5079] bcachefs (loop1): marking filesystem clean [pid 5195] close(3) = 0 [pid 5161] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5161] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5161] <... openat resumed>) = 3 [ 66.728914][ T5160] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 66.743140][ T5079] bcachefs (loop1): shutdown complete [pid 5161] ioctl(3, LOOP_CLR_FD [pid 5163] <... ioctl resumed>) = 0 [pid 5163] close(3) = 0 [pid 5163] exit_group(0) = ? [pid 5163] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=15 /* 0.15 s */, si_stime=56 /* 0.56 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5082] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5082] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5082] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5082] unlink("./1/binderfs") = 0 [pid 5082] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5082] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5082] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./1/file0") = 0 [pid 5082] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./1") = 0 [pid 5082] mkdir("./2", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557288e650) = 5224 ./strace-static-x86_64: Process 5224 attached [pid 5224] set_robust_list(0x55557288e660, 24) = 0 [pid 5224] chdir("./2") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] write(1, "executing program\n", 18) = 18 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5160] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5160] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5160] ioctl(3, LOOP_CLR_FD [pid 5161] <... ioctl resumed>) = 0 [pid 5161] close(3) = 0 [pid 5161] exit_group(0) = ? [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5161] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=16 /* 0.16 s */, si_stime=69 /* 0.69 s */} --- [pid 5081] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5081] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] unlink("./1/binderfs") = 0 [pid 5081] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./1/file0") = 0 [pid 5081] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./1") = 0 [pid 5081] mkdir("./2", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557288e650) = 5225 ./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x55557288e660, 24) = 0 [pid 5225] chdir("./2") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] write(1, "executing program\n", 18executing program ) = 18 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5160] <... ioctl resumed>) = 0 [pid 5160] close(3) = 0 [pid 5160] exit_group(0) = ? [pid 5160] +++ exited with 0 +++ [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=19 /* 0.19 s */, si_stime=59 /* 0.59 s */} --- [pid 5080] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5080] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5080] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5080] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5080] unlink("./1/binderfs") = 0 [pid 5080] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5080] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5080] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5080] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5080] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5080] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5080] close(4) = 0 [pid 5080] rmdir("./1/file0") = 0 [pid 5080] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5080] close(3) = 0 [pid 5080] rmdir("./1") = 0 [pid 5080] mkdir("./2", 0777 [pid 5195] <... write resumed>) = 16777216 [pid 5080] <... mkdir resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5080] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5195] munmap(0x7fc29de00000, 138412032 [pid 5080] close(3 [pid 5195] <... munmap resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5080] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5195] <... openat resumed>) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3 [pid 5080] <... clone resumed>, child_tidptr=0x55557288e650) = 5226 ./strace-static-x86_64: Process 5226 attached [pid 5226] set_robust_list(0x55557288e660, 24) = 0 [pid 5195] <... ioctl resumed>) = 0 [pid 5226] chdir("./2" [pid 5195] close(3 [pid 5226] <... chdir resumed>) = 0 [pid 5195] <... close resumed>) = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5195] close(4 [pid 5226] <... prctl resumed>) = 0 [pid 5195] <... close resumed>) = 0 [pid 5195] mkdir("./file0", 0777 [pid 5226] setpgid(0, 0 [pid 5195] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5226] <... setpgid resumed>) = 0 [pid 5195] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5226] write(1, "executing program\n", 18) = 18 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 67.350629][ T5195] loop0: detected capacity change from 0 to 32768 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5224] <... write resumed>) = 16777216 [ 67.530373][ T5195] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names,read_only [pid 5224] munmap(0x7fc29de00000, 138412032 [pid 5079] <... umount2 resumed>) = 0 [pid 5079] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5079] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5079] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5079] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5079] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5079] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5079] close(4) = 0 [pid 5079] rmdir("./1/file0") = 0 [pid 5079] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5079] close(3) = 0 [pid 5079] rmdir("./1") = 0 [pid 5079] mkdir("./2", 0777) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5079] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5079] close(3) = 0 [pid 5079] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557288e650) = 5234 ./strace-static-x86_64: Process 5234 attached [pid 5234] set_robust_list(0x55557288e660, 24) = 0 [pid 5234] chdir("./2") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] <... munmap resumed>) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3executing program [pid 5234] write(1, "executing program\n", 18 [pid 5224] <... ioctl resumed>) = 0 [pid 5234] <... write resumed>) = 18 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5224] close(3) = 0 [pid 5224] close(4) = 0 [pid 5224] mkdir("./file0", 0777) = 0 [ 67.574737][ T5195] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 67.584436][ T5224] loop4: detected capacity change from 0 to 32768 [ 67.605924][ T5195] bcachefs (loop0): Version upgrade required: [ 67.605924][ T5195] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [pid 5224] mount("/dev/loop4", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5225] <... write resumed>) = 16777216 [pid 5225] munmap(0x7fc29de00000, 138412032) = 0 [ 67.605924][ T5195] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap [ 67.605924][ T5195] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance [pid 5225] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file0", 0777) = 0 [ 67.682345][ T5225] loop3: detected capacity change from 0 to 32768 [pid 5225] mount("/dev/loop3", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5226] <... write resumed>) = 16777216 [pid 5226] munmap(0x7fc29de00000, 138412032) = 0 [ 67.775532][ T5224] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 67.784816][ T5224] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 67.787081][ T5195] bcachefs (loop0): alloc_read... done [pid 5226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5226] <... ioctl resumed>) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file0", 0777) = 0 [ 67.829334][ T5226] loop2: detected capacity change from 0 to 32768 [ 67.836336][ T5195] bcachefs (loop0): stripes_read... done [ 67.852022][ T5195] bcachefs (loop0): snapshots_read... done [ 67.862867][ T5225] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 67.872607][ T5225] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5226] mount("/dev/loop2", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5224] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5224] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 67.886859][ T5195] bcachefs (loop0): check_allocations... done [ 67.956993][ T5195] bcachefs (loop0): going read-write [ 67.972288][ T5195] bcachefs (loop0): journal_replay... done [ 67.978142][ T5195] bcachefs (loop0): check_alloc_info... [pid 5224] ioctl(3, LOOP_CLR_FD [pid 5225] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5225] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5225] ioctl(3, LOOP_CLR_FD [pid 5234] <... write resumed>) = 16777216 [pid 5234] munmap(0x7fc29de00000, 138412032) = 0 [ 67.983023][ T5226] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 68.002179][ T5195] done [ 68.006276][ T5195] bcachefs (loop0): check_lrus... done [ 68.012823][ T5226] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 68.013202][ T5195] bcachefs (loop0): check_btree_backpointers... done [pid 5234] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [ 68.043095][ T5195] bcachefs (loop0): check_backpointers_to_extents... done [ 68.069814][ T5234] loop1: detected capacity change from 0 to 32768 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [pid 5234] mount("/dev/loop1", "./file0", "bcachefs", MS_NODEV|MS_SYNCHRONOUS|MS_RELATIME|MS_STRICTATIME, "\xff\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x54\xf7\x79\x0e\xf1\x39\x3f\xe1\x82\xef\xfd\xca\x16\x5b\x10\x87\x9d\x75\x65\x3a\x83\xf9\x12\x21\x21\x31\x49\xfc\xa0\xb7\xf3\x95\x20\x3a\x28\xb4\x3b\xc9\xa4\x9e\xbf\x99\x18\xb0\xef\xc4\xd9\xc6\x87\xce\x47\xb1\xea\xdf\x27\x08\xf8\x24\xdd\xe8\xd4\x14\xa0\xdc\xf2\x56\x9c\x89\xb4\x7f\xe8\x8c\x4d\xb4\xbe\x3a\xda\x21\xbd"... [pid 5224] <... ioctl resumed>) = 0 [pid 5224] close(3) = 0 [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 68.113534][ T5195] bcachefs (loop0): check_extents_to_backpointers... [ 68.114290][ T5195] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5226] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 68.114308][ T5195] got: u64s 5 type deleted 0:9961472:0 len 0 ver 0 [ 68.114317][ T5195] want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, shutting down [ 68.206515][ T5195] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10 [pid 5226] ioctl(3, LOOP_CLR_FD [pid 5225] <... ioctl resumed>) = 0 [pid 5225] close(3) = 0 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 68.222316][ T5195] bcachefs (loop0): bch2_check_extents_to_backpointers(): error fsck_errors_not_fixed [ 68.245088][ T5234] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 68.279360][ T5195] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 68.289082][ T5234] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 68.341774][ T5195] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 68.371771][ T5195] bcachefs (loop0): shutting down [ 68.371776][ T930] bcachefs (loop0): going read-only [ 68.382394][ T930] bcachefs (loop0): finished waiting for writes to stop [pid 5234] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5234] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 68.389775][ T930] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10 [ 68.399144][ T930] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 10 [ 68.409035][ T930] bcachefs (loop0): unshutdown complete, journal seq 10 [ 68.416683][ T930] bcachefs (loop0): done going read-only, filesystem not clean [pid 5234] ioctl(3, LOOP_CLR_FD [ 68.444306][ T5195] bcachefs (loop0): shutdown complete [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5226] <... ioctl resumed>) = 0 [pid 5226] close(3) = 0 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5224] <... write resumed>) = 16777216 [pid 5224] munmap(0x7fc29de00000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3 [pid 5234] <... ioctl resumed>) = 0 [pid 5224] <... close resumed>) = 0 [pid 5234] close(3 [pid 5224] close(4) = 0 [ 68.682982][ T5224] loop4: detected capacity change from 0 to 32768 [pid 5234] <... close resumed>) = 0 [pid 5224] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 5224] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5225] <... write resumed>) = 16777216 [pid 5225] munmap(0x7fc29de00000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 68.835092][ T5225] loop3: detected capacity change from 0 to 32768 [pid 5225] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [ 68.956112][ T5224] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=none,data_checksum=none,nojournal_transaction_names,read_only [ 68.972426][ T5224] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 68.980560][ T5224] bcachefs (loop4): Version upgrade required: [ 68.980560][ T5224] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 68.980560][ T5224] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap [ 68.980560][ T5224] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_subvolume_structure,check_directory_structure,check_nlinks,delete_dead_inodes,set_fs_needs_rebalance [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5195] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5226] <... write resumed>) = 16777216 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5195] ioctl(3, LOOP_CLR_FD [pid 5226] munmap(0x7fc29de00000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 68.986503][ T5225] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 69.059619][ T5225] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file0", 0777) = -1 EEXIST (File exists) [ 69.108704][ T5226] loop2: detected capacity change from 0 to 32768 [ 69.142318][ T5224] bcachefs (loop4): alloc_read... done [ 69.148136][ T5224] bcachefs (loop4): stripes_read... done [pid 5226] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5225] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5225] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 69.178430][ T5224] bcachefs (loop4): snapshots_read... done [pid 5225] ioctl(3, LOOP_CLR_FD [pid 5195] <... ioctl resumed>) = 0 [pid 5234] <... write resumed>) = 16777216 [pid 5195] close(3 [pid 5234] munmap(0x7fc29de00000, 138412032 [pid 5195] <... close resumed>) = 0 [pid 5195] exit_group(0) = ? [pid 5195] +++ exited with 0 +++ [pid 5078] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5195, si_uid=0, si_status=0, si_utime=20 /* 0.20 s */, si_stime=75 /* 0.75 s */} --- [pid 5078] restart_syscall(<... resuming interrupted clone ...> [pid 5234] <... munmap resumed>) = 0 [pid 5078] <... restart_syscall resumed>) = 0 [pid 5078] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5078] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5078] getdents64(3, 0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5078] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5078] unlink("./1/binderfs") = 0 [pid 5078] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5078] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5078] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5078] getdents64(4, 0x555572897730 /* 2 entries */, 32768) = 48 [pid 5078] getdents64(4, 0x555572897730 /* 0 entries */, 32768) = 0 [pid 5078] close(4) = 0 [pid 5078] rmdir("./1/file0") = 0 [pid 5078] getdents64(3, 0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5078] close(3) = 0 [pid 5078] rmdir("./1") = 0 [pid 5078] mkdir("./2", 0777) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5078] ioctl(3, LOOP_CLR_FD [pid 5234] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5078] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5234] <... openat resumed>) = 4 [pid 5078] close(3) = 0 [ 69.184562][ T5224] bcachefs (loop4): check_allocations... [ 69.224981][ T5226] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 69.240658][ T5226] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 69.249597][ T5224] done [ 69.267040][ T5224] bcachefs (loop4): going read-write [pid 5234] ioctl(4, LOOP_SET_FD, 3 [pid 5078] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5234] <... ioctl resumed>) = 0 [pid 5078] <... clone resumed>, child_tidptr=0x55557288e650) = 5286 ./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x55557288e660, 24) = 0 [pid 5286] chdir("./2") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4 [pid 5234] close(3 [pid 5226] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5286] <... write resumed>) = 4 [pid 5226] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5234] <... close resumed>) = 0 [pid 5234] close(4 [pid 5286] close(3 [pid 5234] <... close resumed>) = 0 [pid 5226] <... openat resumed>) = 3 [pid 5286] <... close resumed>) = 0 [pid 5234] mkdir("./file0", 0777 [pid 5226] ioctl(3, LOOP_CLR_FD [pid 5286] symlink("/dev/binderfs", "./binderfs" [pid 5234] <... mkdir resumed>) = -1 EEXIST (File exists) [pid 5234] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_RELATIME, "\xff\xff" [pid 5286] <... symlink resumed>) = 0 [pid 5286] write(1, "executing program\n", 18executing program ) = 18 [pid 5286] memfd_create("syzkaller", 0) = 3 [ 69.304040][ T5234] loop1: detected capacity change from 0 to 32768 [ 69.325819][ T5224] bcachefs (loop4): journal_replay... done [pid 5286] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc29de00000 [ 69.340431][ T5224] bcachefs (loop4): check_alloc_info... done [ 69.373593][ T5224] bcachefs (loop4): check_lrus... done [ 69.412968][ T5224] bcachefs (loop4): check_btree_backpointers... done [ 69.419085][ T5234] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open [ 69.442477][ T5224] bcachefs (loop4): check_backpointers_to_extents... done [pid 5226] <... ioctl resumed>) = 0 [pid 5225] <... ioctl resumed>) = 0 [pid 5226] close(3) = 0 [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ [pid 5080] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=13 /* 0.13 s */, si_stime=56 /* 0.56 s */} --- [pid 5080] restart_syscall(<... resuming interrupted clone ...> [pid 5225] close(3) = 0 [pid 5225] exit_group(0) = ? [ 69.466802][ T5234] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete [ 69.492237][ T5224] bcachefs (loop4): check_extents_to_backpointers... [ 69.492982][ T5224] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a22d880bb51b703b written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5225] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=18 /* 0.18 s */, si_stime=58 /* 0.58 s */} --- [pid 5080] <... restart_syscall resumed>) = 0 [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5080] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5080] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] <... openat resumed>) = 3 [pid 5081] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5080] newfstatat(3, "", [pid 5081] <... openat resumed>) = 3 [pid 5080] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] newfstatat(3, "", [pid 5080] getdents64(3, [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5081] getdents64(3, [pid 5080] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... getdents64 resumed>0x55557288f6f0 /* 4 entries */, 32768) = 112 [pid 5080] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5080] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5080] unlink("./2/binderfs" [pid 5081] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] unlink("./2/binderfs" [pid 5080] <... unlink resumed>) = 0 [pid 5081] <... unlink resumed>) = 0 [pid 5081] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5080] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] newfstatat(AT_FDCWD, "./2/file0", [pid 5080] newfstatat(AT_FDCWD, "./2/file0", [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5080] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5081] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5080] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5080] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... openat resumed>) = 4 [pid 5080] <... openat resumed>) = 4 [pid 5081] newfstatat(4, "", [pid 5080] newfstatat(4, "", [pid 5081] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5080] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5081] getdents64(4, [pid 5080] getdents64(4, [pid 5081] <... getdents64 resumed>0x555572897730 /* 2 entries */, 32768) = 48 [pid 5080] <... getdents64 resumed>0x555572897730 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, [pid 5080] getdents64(4, [pid 5081] <... getdents64 resumed>0x555572897730 /* 0 entries */, 32768) = 0 [pid 5080] <... getdents64 resumed>0x555572897730 /* 0 entries */, 32768) = 0 [pid 5081] close(4 [pid 5080] close(4 [pid 5081] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5081] rmdir("./2/file0" [pid 5080] rmdir("./2/file0" [pid 5081] <... rmdir resumed>) = 0 [pid 5080] <... rmdir resumed>) = 0 [pid 5081] getdents64(3, [pid 5080] getdents64(3, [pid 5081] <... getdents64 resumed>0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5080] <... getdents64 resumed>0x55557288f6f0 /* 0 entries */, 32768) = 0 [pid 5081] close(3 [pid 5080] close(3 [pid 5081] <... close resumed>) = 0 [pid 5080] <... close resumed>) = 0 [pid 5081] rmdir("./2"