./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3910941600

<...>
Warning: Permanently added '10.128.1.196' (ED25519) to the list of known hosts.
execve("./syz-executor3910941600", ["./syz-executor3910941600"], 0x7fff4ed8b0e0 /* 10 vars */) = 0
brk(NULL)                               = 0x555576659000
brk(0x555576659d00)                     = 0x555576659d00
arch_prctl(ARCH_SET_FS, 0x555576659380) = 0
set_tid_address(0x555576659650)         = 5220
set_robust_list(0x555576659660, 24)     = 0
rseq(0x555576659ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3910941600", 4096) = 28
getrandom("\x6b\x8f\x7f\xbc\x78\x95\xf7\xc4", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555576659d00
brk(0x55557667ad00)                     = 0x55557667ad00
brk(0x55557667b000)                     = 0x55557667b000
mprotect(0x7feba4e48000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
chmod("/dev/raw-gadget", 0666)          = 0
mkdir("./syzkaller.RHdUO3", 0700)       = 0
chmod("./syzkaller.RHdUO3", 0777)       = 0
chdir("./syzkaller.RHdUO3")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5221 attached
, child_tidptr=0x555576659650) = 5221
[pid  5221] set_robust_list(0x555576659660, 24) = 0
[pid  5221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5221] setsid()                    = 1
[pid  5221] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5221] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5221] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5221] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5221] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5221] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5221] unshare(CLONE_NEWNS)        = 0
[pid  5221] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] unshare(CLONE_NEWIPC)       = 0
[pid  5221] unshare(CLONE_NEWCGROUP)    = 0
[pid  5221] unshare(CLONE_NEWUTS)       = 0
[pid  5221] unshare(CLONE_SYSVSEM)      = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "16777216", 8)     = 8
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "536870912", 9)    = 9
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "1024", 4)         = 4
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "8192", 4)         = 4
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "1024", 4)         = 4
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "1024", 4)         = 4
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5221] close(3)                    = 0
[pid  5221] getpid()                    = 1
[pid  5221] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5221] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5221] unshare(CLONE_NEWNET)       = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "0 65535", 7)      = 7
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5221] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5221] close(3)                    = 0
[pid  5221] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5221] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5221] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1d\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5221] recvfrom(3, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4c\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5221] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5221] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5221] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5221] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5221] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5221] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5221] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
syzkaller login: [   66.384212][ T2509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.392303][ T2509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5221] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5221] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5221] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5221] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5221] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5221] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5221] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[   66.532182][ T2509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.540709][ T2509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5221] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5221] close(4)                    = 0
[pid  5221] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5221] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5221] close(4)                    = 0
[pid  5221] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5221] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5221] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5221] close(4)                    = 0
[pid  5221] close(3)                    = 0
[pid  5221] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5221] write(3, "100000", 6)       = 6
[pid  5221] close(3)                    = 0
[pid  5221] mkdir("./syz-tmp", 0777)    = 0
[pid  5221] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5221] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5221] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5221] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5221] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5221] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5221] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5221] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5221] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5221] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5221] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5221] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5221] chdir("/")                  = 0
[pid  5221] umount2("./pivot", MNT_DETACH) = 0
[pid  5221] chroot("./newroot")         = 0
[pid  5221] chdir("/")                  = 0
[pid  5221] mkdir("/dev/binderfs", 0777) = 0
[pid  5221] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5221] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5221] mkdir("./0", 0777)          = 0
[pid  5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5221] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5221] close(3)                    = 0
[pid  5221] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached
 <unfinished ...>
[pid  5224] set_robust_list(0x555576659660, 24 <unfinished ...>
[pid  5221] <... clone resumed>, child_tidptr=0x555576659650) = 2
[pid  5224] <... set_robust_list resumed>) = 0
[pid  5224] chdir("./0")                = 0
[pid  5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5224] setpgid(0, 0)               = 0
[pid  5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5224] write(3, "1000", 4)         = 4
[pid  5224] close(3)                    = 0
[pid  5224] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5224] write(1, "executing program\n", 18executing program
) = 18
[pid  5224] memfd_create("syzkaller", 0) = 3
[pid  5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb9c800000
[pid  5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5224] munmap(0x7feb9c800000, 138412032) = 0
[pid  5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5224] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5224] close(3)                    = 0
[pid  5224] close(4)                    = 0
[pid  5224] mkdir("./file1", 0777)      = 0
[   67.125520][ T5224] loop0: detected capacity change from 0 to 32768
[   67.200502][ T5224] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[   67.222042][ T5224] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   67.230521][ T5224] bcachefs (loop0): Version upgrade required:
[   67.230521][ T5224] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   67.230521][ T5224] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   67.230521][ T5224]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   67.304251][ T5224] bcachefs (loop0): dropping and reconstructing all alloc info
[   67.323267][ T5224] bcachefs (loop0): check_topology... done
[   67.329483][ T5224] bcachefs (loop0): accounting_read... done
[   67.336269][ T5224] bcachefs (loop0): alloc_read... done
[   67.342349][ T5224] bcachefs (loop0): stripes_read... done
[pid  5224] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reco"...) = 0
[pid  5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5224] chdir("./file1")            = 0
[pid  5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5224] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5224] close(4)                    = 0
[pid  5224] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5224] close(3)                    = 0
[   67.348079][ T5224] bcachefs (loop0): snapshots_read... done
[   67.354360][ T5224] bcachefs (loop0): check_allocations... done
[   67.377316][ T5224] bcachefs (loop0): going read-write
[   67.388187][ T5224] bcachefs (loop0): done starting filesystem
[pid  5224] close(4)                    = 0
[pid  5224] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5224] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5224] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5224] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5224] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5224] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5224] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5224] exit_group(0)               = ?
[pid  5224] +++ exited with 0 +++
[pid  5221] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} ---
[pid  5221] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5221] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5221] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5221] getdents64(3, 0x55557665a6f0 /* 4 entries */, 32768) = 112
[pid  5221] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5221] unlink("./0/binderfs")      = 0
[   67.474222][ T5221] bcachefs (loop0): shutting down
[   67.479757][ T5221] bcachefs (loop0): going read-only
[   67.485154][ T5221] bcachefs (loop0): finished waiting for writes to stop
[   67.494816][ T5221] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   67.525291][ T2549] bcachefs (loop0): bch2_write_super(): fatal error  loop0: Superblock write was silently dropped! (seq 0 expected 53)
[   67.538793][ T2549] bcachefs (loop0): fatal error - emergency read only
[   67.545964][ T5221] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15
[   67.555869][ T5221] bcachefs (loop0): unshutdown complete, journal seq 15
[   67.563830][ T5221] bcachefs (loop0): done going read-only, filesystem not clean
[   67.588282][ T5221] bcachefs (loop0): shutdown complete
[pid  5221] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5221] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5221] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5221] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5221] getdents64(4, 0x555576662730 /* 2 entries */, 32768) = 48
[pid  5221] getdents64(4, 0x555576662730 /* 0 entries */, 32768) = 0
[pid  5221] close(4)                    = 0
[pid  5221] rmdir("./0/file1")          = 0
[pid  5221] getdents64(3, 0x55557665a6f0 /* 0 entries */, 32768) = 0
[pid  5221] close(3)                    = 0
[pid  5221] rmdir("./0")                = 0
[pid  5221] mkdir("./1", 0777)          = 0
[pid  5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5221] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5221] close(3)                    = 0
[pid  5221] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5236 attached
 <unfinished ...>
[pid  5236] set_robust_list(0x555576659660, 24 <unfinished ...>
[pid  5221] <... clone resumed>, child_tidptr=0x555576659650) = 3
[pid  5236] <... set_robust_list resumed>) = 0
[pid  5236] chdir("./1")                = 0
[pid  5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5236] setpgid(0, 0)               = 0
[pid  5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5236] write(3, "1000", 4)         = 4
[pid  5236] close(3)                    = 0
[pid  5236] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5236] write(1, "executing program\n", 18executing program
) = 18
[pid  5236] memfd_create("syzkaller", 0) = 3
[pid  5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb9c800000
[pid  5236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5236] munmap(0x7feb9c800000, 138412032) = 0
[pid  5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5236] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5236] close(3)                    = 0
[pid  5236] close(4)                    = 0
[pid  5236] mkdir("./file1", 0777)      = 0
[   69.043162][ T5236] loop0: detected capacity change from 0 to 32768
[   69.122437][ T5236] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[   69.144096][ T5236] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   69.152915][ T5236] bcachefs (loop0): Version upgrade required:
[   69.152915][ T5236] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   69.152915][ T5236] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   69.152915][ T5236]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   69.227389][ T5236] bcachefs (loop0): dropping and reconstructing all alloc info
[   69.244149][ T5236] bcachefs (loop0): check_topology... done
[   69.250336][ T5236] bcachefs (loop0): accounting_read... done
[   69.256903][ T5236] bcachefs (loop0): alloc_read... done
[   69.262555][ T5236] bcachefs (loop0): stripes_read... done
[pid  5236] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reco"...) = 0
[pid  5236] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5236] chdir("./file1")            = 0
[pid  5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   69.269335][ T5236] bcachefs (loop0): snapshots_read... done
[   69.275284][ T5236] bcachefs (loop0): check_allocations... done
[   69.297209][ T5236] bcachefs (loop0): going read-write
[   69.306614][ T5236] bcachefs (loop0): done starting filesystem
[pid  5236] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5236] close(4)                    = 0
[pid  5236] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_SYNC|O_NOATIME, 000) = 4
[pid  5236] close(3)                    = 0
[pid  5236] close(4)                    = 0
[pid  5236] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5236] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5236] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5236] exit_group(0)               = ?
[pid  5236] +++ exited with 0 +++
[pid  5221] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} ---
[pid  5221] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5221] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[   69.628320][ T5236] syz-executor391 (5236) used greatest stack depth: 17376 bytes left
[pid  5221] getdents64(3, 0x55557665a6f0 /* 4 entries */, 32768) = 112
[pid  5221] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5221] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5221] unlink("./1/binderfs")      = 0
[   69.754866][ T5221] bcachefs (loop0): shutting down
[   69.760079][ T5221] bcachefs (loop0): going read-only
[   69.765310][ T5221] bcachefs (loop0): finished waiting for writes to stop
[   69.773819][ T5221] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   69.783003][ T5221] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11
[   69.798111][ T5221] bcachefs (loop0): unshutdown complete, journal seq 12
[   69.804443][ T2509] ------------[ cut here ]------------
[   69.810931][ T2509] kernel BUG at fs/bcachefs/journal.h:375!
[   69.816795][ T2509] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[   69.823753][ T2509] CPU: 0 UID: 0 PID: 2509 Comm: kworker/u8:7 Not tainted 6.12.0-rc4-syzkaller #0
[   69.832878][ T2509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   69.842957][ T2509] Workqueue: btree_update btree_interior_update_work
[   69.849664][ T2509] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0
[   69.855766][ T2509] Code: fd 90 0f 0b e8 df ba 78 fd 90 0f 0b e8 d7 ba 78 fd 90 0f 0b e8 cf ba 78 fd 90 0f 0b e8 c7 ba 78 fd 90 0f 0b e8 bf ba 78 fd 90 <0f> 0b e8 b7 ba 78 fd 90 0f 0b e8 af ba 78 fd 90 0f 0b e8 a7 ba 78
[   69.875475][ T2509] RSP: 0018:ffffc90008e576c0 EFLAGS: 00010293
[   69.881555][ T2509] RAX: ffffffff841c2cd1 RBX: 0000000000000000 RCX: ffff88802de01e00
[   69.889529][ T2509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   69.897525][ T2509] RBP: ffffc90008e57890 R08: ffffffff841bd008 R09: 1ffff1100e2894a8
[   69.905518][ T2509] R10: dffffc0000000000 R11: ffffed100e2894a9 R12: ffff888071400000
[   69.913525][ T2509] R13: ffff88807144a500 R14: 0000000000000044 R15: ffff888026cf40d0
[   69.921514][ T2509] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   69.930450][ T2509] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.937147][ T2509] CR2: 00007fffe60c61bc CR3: 000000002cdee000 CR4: 00000000003526f0
[   69.945141][ T2509] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.953147][ T2509] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   69.961156][ T2509] Call Trace:
[   69.964454][ T2509]  <TASK>
[   69.967395][ T2509]  ? __die_body+0x5f/0xb0
[   69.971834][ T2509]  ? die+0x9e/0xc0
[   69.975656][ T2509]  ? do_trap+0x15a/0x3a0
[   69.979916][ T2509]  ? __bch2_trans_commit+0x9232/0x93c0
[   69.985471][ T2509]  ? do_error_trap+0x1dc/0x2c0
[   69.990241][ T2509]  ? __bch2_trans_commit+0x9232/0x93c0
[   69.995704][ T2509]  ? __pfx_do_error_trap+0x10/0x10
[   70.001282][ T2509]  ? report_bug+0x3e8/0x500
[   70.005809][ T2509]  ? handle_invalid_op+0x34/0x40
[   70.010770][ T2509]  ? __bch2_trans_commit+0x9232/0x93c0
[   70.016233][ T2509]  ? exc_invalid_op+0x38/0x50
[   70.020921][ T2509]  ? asm_exc_invalid_op+0x1a/0x20
[   70.025971][ T2509]  ? __bch2_trans_commit+0x3568/0x93c0
[   70.031433][ T2509]  ? __bch2_trans_commit+0x9231/0x93c0
[   70.036894][ T2509]  ? __bch2_trans_commit+0x9232/0x93c0
[   70.042382][ T2509]  ? __pfx___bch2_trans_commit+0x10/0x10
[   70.048019][ T2509]  ? __bch2_trans_jset_entry_alloc+0x2c7/0x4b0
[   70.054180][ T2509]  ? btree_interior_update_work+0x117a/0x2b10
[   70.060265][ T2509]  btree_interior_update_work+0x1492/0x2b10
[   70.066177][ T2509]  ? __pfx_btree_interior_update_work+0x10/0x10
[   70.072419][ T2509]  ? __pfx_lock_acquire+0x10/0x10
[   70.077457][ T2509]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   70.083638][ T2509]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   70.090005][ T2509]  ? process_scheduled_works+0x976/0x1850
[   70.095764][ T2509]  process_scheduled_works+0xa63/0x1850
[   70.101334][ T2509]  ? __pfx_process_scheduled_works+0x10/0x10
[   70.107338][ T2509]  ? assign_work+0x364/0x3d0
[   70.112024][ T2509]  worker_thread+0x870/0xd30
[   70.116659][ T2509]  ? __kthread_parkme+0x169/0x1d0
[   70.121710][ T2509]  ? __pfx_worker_thread+0x10/0x10
[   70.126849][ T2509]  kthread+0x2f0/0x390
[   70.130952][ T2509]  ? __pfx_worker_thread+0x10/0x10
[   70.136081][ T2509]  ? __pfx_kthread+0x10/0x10
[   70.140720][ T2509]  ret_from_fork+0x4b/0x80
[   70.145167][ T2509]  ? __pfx_kthread+0x10/0x10
[   70.149769][ T2509]  ret_from_fork_asm+0x1a/0x30
[   70.154552][ T2509]  </TASK>
[   70.157573][ T2509] Modules linked in:
[   70.161714][ T2509] ---[ end trace 0000000000000000 ]---
[   70.167961][ T2509] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0
[   70.174115][ T2509] Code: fd 90 0f 0b e8 df ba 78 fd 90 0f 0b e8 d7 ba 78 fd 90 0f 0b e8 cf ba 78 fd 90 0f 0b e8 c7 ba 78 fd 90 0f 0b e8 bf ba 78 fd 90 <0f> 0b e8 b7 ba 78 fd 90 0f 0b e8 af ba 78 fd 90 0f 0b e8 a7 ba 78
[   70.194195][ T2509] RSP: 0018:ffffc90008e576c0 EFLAGS: 00010293
[   70.200372][ T2509] RAX: ffffffff841c2cd1 RBX: 0000000000000000 RCX: ffff88802de01e00
[   70.208681][ T2509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   70.216660][ T2509] RBP: ffffc90008e57890 R08: ffffffff841bd008 R09: 1ffff1100e2894a8
[   70.224877][ T2509] R10: dffffc0000000000 R11: ffffed100e2894a9 R12: ffff888071400000
[   70.233077][ T2509] R13: ffff88807144a500 R14: 0000000000000044 R15: ffff888026cf40d0
[   70.241206][ T2509] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   70.250188][ T2509] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.256776][ T2509] CR2: 00007fffe60c61bc CR3: 00000000203ba000 CR4: 00000000003526f0
[   70.265007][ T2509] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.273120][ T2509] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.281262][ T2509] Kernel panic - not syncing: Fatal exception
[   70.287708][ T2509] Kernel Offset: disabled
[   70.292176][ T2509] Rebooting in 86400 seconds..