./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4273574839

<...>
Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts.
execve("./syz-executor4273574839", ["./syz-executor4273574839"], 0x7fff6ce5cf10 /* 10 vars */) = 0
brk(NULL)                               = 0x5555919b6000
brk(0x5555919b6d40)                     = 0x5555919b6d40
arch_prctl(ARCH_SET_FS, 0x5555919b63c0) = 0
set_tid_address(0x5555919b6690)         = 5830
set_robust_list(0x5555919b66a0, 24)     = 0
rseq(0x5555919b6ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor4273574839", 4096) = 28
getrandom("\x52\x43\x8e\x2c\x7b\xd4\x3c\x3c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x5555919b6d40
brk(0x5555919d7d40)                     = 0x5555919d7d40
brk(0x5555919d8000)                     = 0x5555919d8000
mprotect(0x7f7f85ffa000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached
 <unfinished ...>
[pid  5831] set_robust_list(0x5555919b66a0, 24 <unfinished ...>
[pid  5830] <... clone resumed>, child_tidptr=0x5555919b6690) = 5831
[pid  5831] <... set_robust_list resumed>) = 0
[pid  5830] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "10000000000", 11) = 11
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "20", 2)           = 2
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "100", 3)          = 3
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "7 4 1 3", 7)      = 7
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "1", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "0", 1)            = 1
[pid  5830] close(3)                    = 0
[pid  5830] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
[pid  5830] write(3, "5831", 4)         = 4
[pid  5830] close(3)                    = 0
[pid  5830] kill(5831, SIGKILL)         = 0
[pid  5831] +++ killed by SIGKILL +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5831, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} ---
chmod("/dev/raw-gadget", 0666)          = 0
mkdir("./syzkaller.VGQGoS", 0700)       = 0
chmod("./syzkaller.VGQGoS", 0777)       = 0
chdir("./syzkaller.VGQGoS")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached
, child_tidptr=0x5555919b6690) = 5832
[pid  5832] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5832] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5832] dup2(4, 202)                = 202
[pid  5832] close(4)                    = 0
[pid  5832] write(202, "\xff\x00", 2)   = 2
[pid  5832] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5832] rt_sigaction(SIGRT_1, {sa_handler=0x7f7f85fa2290, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f7f85f93bd0}, NULL, 8) = 0
[pid  5832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5832] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f7f85728000
[pid  5832] mprotect(0x7f7f85729000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5832] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f7f85f28990, parent_tid=0x7f7f85f28990, exit_signal=0, stack=0x7f7f85728000, stack_size=0x800300, tls=0x7f7f85f286c0}./strace-static-x86_64: Process 5835 attached
 <unfinished ...>
[pid  5835] rseq(0x7f7f85f28fe0, 0x20, 0, 0x53053053) = 0
[pid  5832] <... clone3 resumed> => {parent_tid=[2]}, 88) = 2
[pid  5835] set_robust_list(0x7f7f85f289a0, 24 <unfinished ...>
[pid  5832] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5835] <... set_robust_list resumed>) = 0
[pid  5832] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  5832] ioctl(3, HCIDEVUP <unfinished ...>
[pid  5835] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5835] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5835] read(202, "\x01\x23\x0c\x00", 1024) = 4
[   72.191959][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.201259][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.222335][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x25\x0c\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5835] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4 <unfinished ...>
[pid  5832] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5835] <... writev resumed>)       = 255
[pid  5832] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5835] read(202, "\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5835] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5835] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0
[pid  5835] madvise(0x7f7f85728000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5832] <... ioctl resumed>, 0x7ffd2f5ad620) = 0
[   72.263191][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.292262][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.300198][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5835] <... madvise resumed>)      = 0
[pid  5832] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5835] exit(0 <unfinished ...>
[pid  5832] <... writev resumed>)       = 13
[pid  5835] <... exit resumed>)         = ?
[pid  5835] +++ exited with 0 +++
[pid  5832] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14
[pid  5832] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5832] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5832] close(3)                    = 0
[pid  5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5832] getppid()                   = 0
[pid  5832] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5832] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5832] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5832] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5832] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5832] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5832] unshare(CLONE_NEWNS)        = 0
[pid  5832] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] unshare(CLONE_NEWIPC)       = 0
[pid  5832] unshare(CLONE_NEWCGROUP)    = 0
[pid  5832] unshare(CLONE_NEWUTS)       = 0
[pid  5832] unshare(CLONE_SYSVSEM)      = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "16777216", 8)     = 8
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "536870912", 9)    = 9
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "1024", 4)         = 4
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "8192", 4)         = 4
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "1024", 4)         = 4
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "1024", 4)         = 4
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5832] close(3)                    = 0
[pid  5832] getpid()                    = 1
[pid  5832] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5832] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5832] unshare(CLONE_NEWNET)       = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "0 65535", 7)      = 7
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/dev/rfkill", O_RDWR) = 3
[pid  5832] write(3, "\x00\x00\x00\x00\x00\x03\x00\x00", 8) = 8
[pid  5832] close(3)                    = 0
[pid  5832] socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 3
[pid  5832] sendto(3, [{nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00"], 40, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 40
[pid  5832] recvfrom(3, [{nlmsg_len=244, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x13\x00\x02\x00\x4d\x41\x43\x38\x30\x32\x31\x31\x5f\x48\x57\x53\x49\x4d\x00\x00\x06\x00\x01\x00\x2a\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x1d\x00\x00\x00\x90\x00\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x0a\x00\x00\x00"...], 4096, 0, NULL, NULL) = 244
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=40, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] sendto(3, [{nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5832] recvfrom(3, [{nlmsg_len=2516, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x01\x02\x00\x00\x0c\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x31\x00\x06\x00\x01\x00\x23\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x4c\x01\x00\x00\x00\x09\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x02\x00\x00\x00\x08\x00\x02\x00\x1a\x00\x00\x00\x14\x00\x03\x00\x08\x00\x01\x00"...], 4096, 0, NULL, NULL) = 2516
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=32, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5832] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=2, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x00\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5832] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5832] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[pid  5832] close(4)                    = 0
[pid  5832] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5832] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5832] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5832] close(4)                    = 0
[pid  5832] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] sendto(3, [{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5832] recvfrom(3, [{nlmsg_len=56, nlmsg_type=NLMSG_ERROR, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, {error=3, msg=[{nlmsg_len=36, nlmsg_type=0x2a /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x04\x00\x00\x00\x04\x00\x0e\x00\x0a\x00\x16\x00\x08\x02\x11\x00\x00\x01\x00\x00"]}], 4096, 0, NULL, NULL) = 56
[pid  5832] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[   73.027994][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.036059][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5832] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5832] close(4)                    = 0
[pid  5832] sendto(3, [{nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x06\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x08\x00\x05\x00\x01\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=36, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
[pid  5832] ioctl(4, SIOCGIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5832] ioctl(4, SIOCSIFFLAGS, {ifr_name="wlan1", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_MULTICAST}) = 0
[pid  5832] close(4)                    = 0
[pid  5832] sendto(3, [{nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x2b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x0a\x00\x34\x00\x10\x10\x10\x10\x10\x10\x00\x00\x08\x00\x26\x00\x6c\x09\x00\x00\x0a\x00\x06\x00\x50\x50\x50\x50\x50\x50\x00\x00\x04\x00\x3c\x00"], 64, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 64
[pid  5832] recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=1}, {error=0, msg={nlmsg_len=64, nlmsg_type=0x23 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36
[pid  5832] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5832] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan0", ifr_ifindex=11}) = 0
[   73.173126][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.181195][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[pid  5832] close(4)                    = 0
[pid  5832] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5832] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5832] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0b\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x30\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5832] close(4)                    = 0
[pid  5832] socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
[pid  5832] ioctl(4, SIOCGIFINDEX, {ifr_name="wlan1", ifr_ifindex=12}) = 0
[pid  5832] close(4)                    = 0
[pid  5832] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 4
[pid  5832] sendto(4, [{nlmsg_len=32, nlmsg_type=0x12 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"], 32, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 32
[pid  5832] recvfrom(4, [{nlmsg_len=1460, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=1}, "\x00\x00\x01\x00\x0c\x00\x00\x00\x43\x10\x01\x00\x00\x00\x00\x00\x0a\x00\x03\x00\x77\x6c\x61\x6e\x31\x00\x00\x00\x08\x00\x0d\x00\xe8\x03\x00\x00\x05\x00\x10\x00\x06\x00\x00\x00\x05\x00\x11\x00\x00\x00\x00\x00\x08\x00\x04\x00\xdc\x05\x00\x00\x08\x00\x32\x00\x00\x01\x00\x00\x08\x00\x33\x00\x00\x09\x00\x00\x08\x00\x1b\x00\x00\x00\x00\x00\x08\x00\x1e\x00\x00\x00\x00\x00\x08\x00\x3d\x00\x00\x00\x00\x00"...], 4096, 0, NULL, NULL) = 1460
[pid  5832] close(4)                    = 0
[pid  5832] close(3)                    = 0
[pid  5832] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5832] write(3, "100000", 6)       = 6
[pid  5832] close(3)                    = 0
[pid  5832] mkdir("./syz-tmp", 0777)    = 0
[pid  5832] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5832] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5832] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[pid  5832] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5832] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[pid  5832] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5832] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5832] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5832] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5832] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5832] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5832] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5832] chdir("/")                  = 0
[pid  5832] umount2("./pivot", MNT_DETACH) = 0
[pid  5832] chroot("./newroot")         = 0
[pid  5832] chdir("/")                  = 0
[pid  5832] mkdir("/dev/binderfs", 0777) = 0
[pid  5832] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5832] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5832] mkdir("./0", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5837 attached
 <unfinished ...>
[pid  5837] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5837] chdir("./0")                = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 3
[pid  5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5837] setpgid(0, 0)               = 0
[pid  5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5837] write(3, "1000", 4)         = 4
[pid  5837] close(3)                    = 0
[pid  5837] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5837] write(1, "executing program\n", 18) = 18
[pid  5837] memfd_create("syzkaller", 0) = 3
[pid  5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5837] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5837] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5837] close(3)                    = 0
[pid  5837] close(4)                    = 0
[pid  5837] mkdir("./file1", 0777)      = 0
[   73.873831][ T5837] loop0: detected capacity change from 0 to 32768
[   73.981594][ T5837] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   74.000722][ T5837] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   74.009307][ T5837] bcachefs (loop0): Version upgrade required:
[   74.009307][ T5837] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   74.009307][ T5837] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   74.009307][ T5837]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   74.083736][ T5837] bcachefs (loop0): dropping and reconstructing all alloc info
[   74.102403][ T5837] bcachefs (loop0): check_topology... done
[   74.108465][ T5837] bcachefs (loop0): accounting_read... done
[   74.115485][ T5837] bcachefs (loop0): alloc_read... done
[   74.121031][ T5837] bcachefs (loop0): stripes_read... done
[   74.126784][ T5837] bcachefs (loop0): snapshots_read... done
[pid  5837] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5837] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5837] chdir("./file1")            = 0
[   74.132980][ T5837] bcachefs (loop0): check_allocations... done
[   74.155326][ T5837] bcachefs (loop0): going read-write
[   74.165363][ T5837] bcachefs (loop0): done starting filesystem
[pid  5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5837] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5837] close(4)                    = 0
[   74.252995][ T5837] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   74.253076][ T5837] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   74.282358][ T5837] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5837] creat("./file0/file0", 000) = 4
[pid  5837] close(3)                    = 0
[pid  5837] close(4)                    = 0
[pid  5837] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5837] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5837] close(7)                    = -1 EBADF (Bad file descriptor)
[   74.282379][ T5837] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   74.312010][ T5837] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   74.312034][ T5837] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5837] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5837] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5837] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(20)                   = -1 EBADF (Bad file descriptor)
[   74.414110][ T5144] Bluetooth: hci0: command tx timeout
[pid  5837] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5837] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5837] exit_group(0)               = ?
[pid  5837] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=39 /* 0.39 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   74.541968][ T5837] syz-executor427 (5837) used greatest stack depth: 13696 bytes left
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./0/binderfs")      = 0
[   74.644412][ T5832] bcachefs (loop0): shutting down
[   74.649633][ T5832] bcachefs (loop0): going read-only
[   74.655396][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   74.665176][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   74.689205][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14
[   74.700662][ T5832] bcachefs (loop0): unshutdown complete, journal seq 15
[   74.708725][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   74.733219][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./0/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./0")                = 0
[pid  5832] mkdir("./1", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached
 <unfinished ...>
[pid  5848] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 4
[pid  5848] chdir("./1")                = 0
[pid  5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5848] setpgid(0, 0)               = 0
[pid  5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5848] write(3, "1000", 4)         = 4
[pid  5848] close(3)                    = 0
[pid  5848] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5848] write(1, "executing program\n", 18executing program
) = 18
[pid  5848] memfd_create("syzkaller", 0) = 3
[pid  5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5848] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5848] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5848] close(3)                    = 0
[pid  5848] close(4)                    = 0
[pid  5848] mkdir("./file1", 0777)      = 0
[   76.237168][ T5848] loop0: detected capacity change from 0 to 32768
[   76.317135][ T5848] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   76.336245][ T5848] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   76.345322][ T5848] bcachefs (loop0): Version upgrade required:
[   76.345322][ T5848] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   76.345322][ T5848] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   76.345322][ T5848]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   76.418446][ T5848] bcachefs (loop0): dropping and reconstructing all alloc info
[   76.435059][ T5848] bcachefs (loop0): check_topology... done
[   76.441009][ T5848] bcachefs (loop0): accounting_read... done
[   76.447574][ T5848] bcachefs (loop0): alloc_read... done
[   76.453167][ T5848] bcachefs (loop0): stripes_read... done
[   76.459031][ T5848] bcachefs (loop0): snapshots_read... done
[pid  5848] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5848] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5848] chdir("./file1")            = 0
[pid  5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5848] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5848] close(4)                    = 0
[   76.465021][ T5848] bcachefs (loop0): check_allocations... done
[   76.485036][ T5848] bcachefs (loop0): going read-write
[   76.493305][ T5848] bcachefs (loop0): done starting filesystem
[   76.499976][   T54] Bluetooth: hci0: command tx timeout
[   76.568112][ T5848] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   76.568136][ T5848] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   76.595831][ T5848] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5848] creat("./file0/file0", 000) = 4
[pid  5848] close(3)                    = 0
[pid  5848] close(4)                    = 0
[pid  5848] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5848] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5848] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5848] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5848] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5848] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(11)                   = -1 EBADF (Bad file descriptor)
[   76.595853][ T5848] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   76.623930][ T5848] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   76.623947][ T5848] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5848] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5848] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5848] exit_group(0)               = ?
[pid  5848] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=36 /* 0.36 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./1/binderfs")      = 0
[   76.970970][ T5832] bcachefs (loop0): shutting down
[   76.976403][ T5832] bcachefs (loop0): going read-only
[   76.981631][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   76.989720][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   77.010528][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14
[   77.021760][ T5832] bcachefs (loop0): unshutdown complete, journal seq 15
[   77.030493][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   77.047955][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./1/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./1")                = 0
[pid  5832] mkdir("./2", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached
 <unfinished ...>
[pid  5859] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 5
[pid  5859] chdir("./2")                = 0
[pid  5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5859] setpgid(0, 0)               = 0
[pid  5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5859] write(3, "1000", 4)         = 4
[pid  5859] close(3)                    = 0
[pid  5859] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5859] write(1, "executing program\n", 18executing program
) = 18
[pid  5859] memfd_create("syzkaller", 0) = 3
[pid  5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5859] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5859] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5859] close(3)                    = 0
[pid  5859] close(4)                    = 0
[pid  5859] mkdir("./file1", 0777)      = 0
[   78.459634][ T5859] loop0: detected capacity change from 0 to 32768
[   78.539399][ T5859] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   78.558210][ T5859] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   78.566384][ T5859] bcachefs (loop0): Version upgrade required:
[   78.566384][ T5859] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   78.566384][ T5859] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   78.566384][ T5859]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   78.637562][ T5144] Bluetooth: hci0: command tx timeout
[   78.639217][ T5859] bcachefs (loop0): dropping and reconstructing all alloc info
[   78.659568][ T5859] bcachefs (loop0): check_topology... done
[   78.665964][ T5859] bcachefs (loop0): accounting_read... done
[   78.672696][ T5859] bcachefs (loop0): alloc_read... done
[   78.678310][ T5859] bcachefs (loop0): stripes_read... done
[   78.684088][ T5859] bcachefs (loop0): snapshots_read... done
[pid  5859] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5859] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5859] chdir("./file1")            = 0
[pid  5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   78.690027][ T5859] bcachefs (loop0): check_allocations... done
[   78.710649][ T5859] bcachefs (loop0): going read-write
[   78.719260][ T5859] bcachefs (loop0): done starting filesystem
[pid  5859] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5859] close(4)                    = 0
[   78.792265][ T5859] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   78.792289][ T5859] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   78.820542][ T5859] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5859] creat("./file0/file0", 000) = 4
[pid  5859] close(3)                    = 0
[pid  5859] close(4)                    = 0
[pid  5859] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5859] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5859] close(7)                    = -1 EBADF (Bad file descriptor)
[   78.820562][ T5859] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   78.847952][ T5859] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   78.847968][ T5859] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5859] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5859] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5859] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5859] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5859] exit_group(0)               = ?
[pid  5859] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   79.094651][ T5859] syz-executor427 (5859) used greatest stack depth: 13176 bytes left
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./2/binderfs")      = 0
[   79.232339][ T5832] bcachefs (loop0): shutting down
[   79.237693][ T5832] bcachefs (loop0): going read-only
[   79.242931][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   79.251102][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 12
[   79.274623][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16
[   79.285699][ T5832] bcachefs (loop0): unshutdown complete, journal seq 17
[   79.293322][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   79.311294][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./2/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./2")                = 0
[pid  5832] mkdir("./3", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5870 attached
 <unfinished ...>
[pid  5870] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 6
[pid  5870] chdir("./3")                = 0
[pid  5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5870] setpgid(0, 0)               = 0
[pid  5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5870] write(3, "1000", 4)         = 4
[pid  5870] close(3)                    = 0
[pid  5870] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5870] write(1, "executing program\n", 18) = 18
[pid  5870] memfd_create("syzkaller", 0) = 3
[pid  5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[   80.653520][ T5144] Bluetooth: hci0: command tx timeout
[pid  5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5870] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5870] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5870] close(3)                    = 0
[pid  5870] close(4)                    = 0
[pid  5870] mkdir("./file1", 0777)      = 0
[   80.770630][ T5870] loop0: detected capacity change from 0 to 32768
[   80.847362][ T5870] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   80.866212][ T5870] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   80.874656][ T5870] bcachefs (loop0): Version upgrade required:
[   80.874656][ T5870] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   80.874656][ T5870] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   80.874656][ T5870]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   80.947983][ T5870] bcachefs (loop0): dropping and reconstructing all alloc info
[   80.963797][ T5870] bcachefs (loop0): check_topology... done
[   80.969679][ T5870] bcachefs (loop0): accounting_read... done
[   80.975798][ T5870] bcachefs (loop0): alloc_read... done
[   80.981347][ T5870] bcachefs (loop0): stripes_read... done
[   80.987205][ T5870] bcachefs (loop0): snapshots_read... done
[pid  5870] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5870] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5870] chdir("./file1")            = 0
[pid  5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[   80.993195][ T5870] bcachefs (loop0): check_allocations... done
[   81.012767][ T5870] bcachefs (loop0): going read-write
[   81.021508][ T5870] bcachefs (loop0): done starting filesystem
[pid  5870] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5870] close(4)                    = 0
[   81.085637][ T5870] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   81.085663][ T5870] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   81.115985][ T5870] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5870] creat("./file0/file0", 000) = 4
[pid  5870] close(3)                    = 0
[pid  5870] close(4)                    = 0
[pid  5870] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5870] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5870] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5870] close(8)                    = -1 EBADF (Bad file descriptor)
[   81.116002][ T5870] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   81.143853][ T5870] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   81.143869][ T5870] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5870] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5870] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5870] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5870] exit_group(0)               = ?
[pid  5870] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=36 /* 0.36 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./3/binderfs")      = 0
[   81.482951][ T5832] bcachefs (loop0): shutting down
[   81.488218][ T5832] bcachefs (loop0): going read-only
[   81.493604][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   81.501312][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   81.515172][   T60] bcachefs (loop0): bch2_write_super(): fatal error  loop0: Superblock write was silently dropped! (seq 0 expected 53)
[   81.528220][   T60] bcachefs (loop0): fatal error - emergency read only
[   81.536704][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11
[   81.546573][ T5832] bcachefs (loop0): unshutdown complete, journal seq 11
[   81.554376][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   81.571484][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./3/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./3")                = 0
[pid  5832] mkdir("./4", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5882 attached
 <unfinished ...>
[pid  5882] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 7
[pid  5882] chdir("./4")                = 0
[pid  5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5882] setpgid(0, 0)               = 0
[pid  5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5882] write(3, "1000", 4)         = 4
[pid  5882] close(3)                    = 0
[pid  5882] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5882] write(1, "executing program\n", 18executing program
) = 18
[pid  5882] memfd_create("syzkaller", 0) = 3
[pid  5882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5882] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5882] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5882] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5882] close(3)                    = 0
[pid  5882] close(4)                    = 0
[pid  5882] mkdir("./file1", 0777)      = 0
[   83.017257][ T5882] loop0: detected capacity change from 0 to 32768
[   83.104014][ T5882] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   83.122730][ T5882] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   83.130881][ T5882] bcachefs (loop0): Version upgrade required:
[   83.130881][ T5882] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   83.130881][ T5882] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   83.130881][ T5882]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   83.203861][ T5882] bcachefs (loop0): dropping and reconstructing all alloc info
[   83.219836][ T5882] bcachefs (loop0): check_topology... done
[   83.226238][ T5882] bcachefs (loop0): accounting_read... done
[   83.232829][ T5882] bcachefs (loop0): alloc_read... done
[   83.239246][ T5882] bcachefs (loop0): stripes_read... done
[   83.245336][ T5882] bcachefs (loop0): snapshots_read... done
[pid  5882] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5882] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5882] chdir("./file1")            = 0
[pid  5882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5882] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5882] close(4)                    = 0
[   83.251809][ T5882] bcachefs (loop0): check_allocations... done
[   83.274458][ T5882] bcachefs (loop0): going read-write
[   83.284072][ T5882] bcachefs (loop0): done starting filesystem
[   83.331201][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   83.331226][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   83.362131][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5882] creat("./file0/file0", 000) = 4
[pid  5882] close(3)                    = 0
[pid  5882] close(4)                    = 0
[pid  5882] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5882] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5882] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5882] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5882] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5882] close(10)                   = -1 EBADF (Bad file descriptor)
[   83.362156][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   83.391166][ T5882] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   83.391183][ T5882] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5882] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5882] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5882] exit_group(0)               = ?
[pid  5882] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=7, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./4/binderfs")      = 0
[   83.576705][ T5832] bcachefs (loop0): shutting down
[   83.582634][ T5832] bcachefs (loop0): going read-only
[   83.588898][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   83.603763][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   83.647136][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 13
[   83.663202][ T5832] bcachefs (loop0): unshutdown complete, journal seq 14
[   83.672042][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   83.698967][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./4/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./4")                = 0
[pid  5832] mkdir("./5", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5893 attached
 <unfinished ...>
[pid  5893] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 8
[pid  5893] chdir("./5")                = 0
[pid  5893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5893] setpgid(0, 0)               = 0
[pid  5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5893] write(3, "1000", 4)         = 4
[pid  5893] close(3)                    = 0
[pid  5893] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5893] write(1, "executing program\n", 18executing program
) = 18
[pid  5893] memfd_create("syzkaller", 0) = 3
[pid  5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5893] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5893] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5893] close(3)                    = 0
[pid  5893] close(4)                    = 0
[pid  5893] mkdir("./file1", 0777)      = 0
[   85.135685][ T5893] loop0: detected capacity change from 0 to 32768
[   85.220221][ T5893] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   85.238790][ T5893] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   85.247069][ T5893] bcachefs (loop0): Version upgrade required:
[   85.247069][ T5893] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   85.247069][ T5893] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   85.247069][ T5893]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   85.319179][ T5893] bcachefs (loop0): dropping and reconstructing all alloc info
[   85.335319][ T5893] bcachefs (loop0): check_topology... done
[   85.341311][ T5893] bcachefs (loop0): accounting_read... done
[   85.347864][ T5893] bcachefs (loop0): alloc_read... done
[   85.353473][ T5893] bcachefs (loop0): stripes_read... done
[   85.359145][ T5893] bcachefs (loop0): snapshots_read... done
[pid  5893] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5893] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[   85.365098][ T5893] bcachefs (loop0): check_allocations... done
[   85.384907][ T5893] bcachefs (loop0): going read-write
[   85.393993][ T5893] bcachefs (loop0): done starting filesystem
[pid  5893] chdir("./file1")            = 0
[pid  5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5893] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5893] close(4)                    = 0
[   85.486857][ T5893] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   85.486879][ T5893] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   85.515141][ T5893] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5893] creat("./file0/file0", 000) = 4
[pid  5893] close(3)                    = 0
[pid  5893] close(4)                    = 0
[pid  5893] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5893] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5893] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5893] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5893] close(9)                    = -1 EBADF (Bad file descriptor)
[   85.515163][ T5893] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   85.542921][ T5893] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   85.542936][ T5893] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5893] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5893] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5893] exit_group(0)               = ?
[pid  5893] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} ---
[pid  5832] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[   85.788414][ T5893] syz-executor427 (5893) used greatest stack depth: 12376 bytes left
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./5/binderfs")      = 0
[   85.886418][ T5832] bcachefs (loop0): shutting down
[   85.891494][ T5832] bcachefs (loop0): going read-only
[   85.896918][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   85.904638][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   85.924794][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14
[   85.935625][ T5832] bcachefs (loop0): unshutdown complete, journal seq 15
[   85.943206][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   85.960186][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./5/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[   86.974611][ T1206] cfg80211: failed to load regulatory.db
[pid  5832] rmdir("./5")                = 0
[pid  5832] mkdir("./6", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached
 <unfinished ...>
[pid  5904] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 9
[pid  5904] chdir("./6")                = 0
[pid  5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5904] setpgid(0, 0)               = 0
[pid  5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5904] write(3, "1000", 4)         = 4
[pid  5904] close(3)                    = 0
[pid  5904] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5904] write(1, "executing program\n", 18) = 18
[pid  5904] memfd_create("syzkaller", 0) = 3
[pid  5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5904] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5904] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5904] close(3)                    = 0
[pid  5904] close(4)                    = 0
[pid  5904] mkdir("./file1", 0777)      = 0
[   87.382187][ T5904] loop0: detected capacity change from 0 to 32768
[   87.455148][ T5904] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   87.474277][ T5904] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   87.482417][ T5904] bcachefs (loop0): Version upgrade required:
[   87.482417][ T5904] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   87.482417][ T5904] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   87.482417][ T5904]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   87.555756][ T5904] bcachefs (loop0): dropping and reconstructing all alloc info
[   87.572734][ T5904] bcachefs (loop0): check_topology... done
[   87.579284][ T5904] bcachefs (loop0): accounting_read... done
[   87.585506][ T5904] bcachefs (loop0): alloc_read... done
[   87.591059][ T5904] bcachefs (loop0): stripes_read... done
[   87.596893][ T5904] bcachefs (loop0): snapshots_read... done
[pid  5904] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5904] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5904] chdir("./file1")            = 0
[pid  5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5904] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5904] close(4)                    = 0
[   87.602854][ T5904] bcachefs (loop0): check_allocations... done
[   87.622609][ T5904] bcachefs (loop0): going read-write
[   87.631084][ T5904] bcachefs (loop0): done starting filesystem
[   87.670267][ T5904] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   87.670290][ T5904] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   87.700389][ T5904] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5904] creat("./file0/file0", 000) = 4
[pid  5904] close(3)                    = 0
[pid  5904] close(4)                    = 0
[pid  5904] close(5)                    = -1 EBADF (Bad file descriptor)
[   87.700406][ T5904] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   87.728369][ T5904] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   87.728388][ T5904] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5904] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5904] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5904] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5904] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5904] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5904] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5904] exit_group(0)               = ?
[pid  5904] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=9, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=32 /* 0.32 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./6/binderfs")      = 0
[   88.114715][ T5832] bcachefs (loop0): shutting down
[   88.119797][ T5832] bcachefs (loop0): going read-only
[   88.125292][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   88.133127][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   88.153738][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 16
[   88.164586][ T5832] bcachefs (loop0): unshutdown complete, journal seq 17
[   88.172179][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   88.191502][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./6/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./6")                = 0
[pid  5832] mkdir("./7", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5915 attached
 <unfinished ...>
[pid  5915] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5915] chdir("./7" <unfinished ...>
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 10
[pid  5915] <... chdir resumed>)        = 0
[pid  5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5915] setpgid(0, 0)               = 0
[pid  5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5915] write(3, "1000", 4)         = 4
[pid  5915] close(3)                    = 0
[pid  5915] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5915] write(1, "executing program\n", 18) = 18
[pid  5915] memfd_create("syzkaller", 0) = 3
[pid  5915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5915] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5915] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5915] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5915] close(3)                    = 0
[pid  5915] close(4)                    = 0
[pid  5915] mkdir("./file1", 0777)      = 0
[   89.638344][ T5915] loop0: detected capacity change from 0 to 32768
[   89.715063][ T5915] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   89.735240][ T5915] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   89.743763][ T5915] bcachefs (loop0): Version upgrade required:
[   89.743763][ T5915] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   89.743763][ T5915] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   89.743763][ T5915]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   89.816283][ T5915] bcachefs (loop0): dropping and reconstructing all alloc info
[   89.832757][ T5915] bcachefs (loop0): check_topology... done
[   89.838836][ T5915] bcachefs (loop0): accounting_read... done
[   89.845270][ T5915] bcachefs (loop0): alloc_read... done
[   89.850970][ T5915] bcachefs (loop0): stripes_read... done
[   89.856814][ T5915] bcachefs (loop0): snapshots_read... done
[pid  5915] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5915] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5915] chdir("./file1")            = 0
[   89.862791][ T5915] bcachefs (loop0): check_allocations... done
[   89.883054][ T5915] bcachefs (loop0): going read-write
[   89.892077][ T5915] bcachefs (loop0): done starting filesystem
[pid  5915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5915] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5915] close(4)                    = 0
[   89.964251][ T5915] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   89.964275][ T5915] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   89.992622][ T5915] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5915] creat("./file0/file0", 000) = 4
[pid  5915] close(3)                    = 0
[pid  5915] close(4)                    = 0
[pid  5915] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5915] close(6)                    = -1 EBADF (Bad file descriptor)
[   89.992646][ T5915] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   90.020262][ T5915] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   90.020283][ T5915] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5915] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5915] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5915] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5915] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5915] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5915] exit_group(0)               = ?
[pid  5915] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=10, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=34 /* 0.34 s */} ---
[pid  5832] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./7/binderfs")      = 0
[   90.389027][ T5832] bcachefs (loop0): shutting down
[   90.394298][ T5832] bcachefs (loop0): going read-only
[   90.399529][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   90.407366][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   90.428147][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 15
[   90.439243][ T5832] bcachefs (loop0): unshutdown complete, journal seq 16
[   90.446960][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   90.464201][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./7/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./7")                = 0
[pid  5832] mkdir("./8", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5926 attached
 <unfinished ...>
[pid  5926] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5832] <... clone resumed>, child_tidptr=0x5555919b6690) = 11
[pid  5926] chdir("./8")                = 0
[pid  5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5926] setpgid(0, 0)               = 0
[pid  5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5926] write(3, "1000", 4)         = 4
[pid  5926] close(3)                    = 0
[pid  5926] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5926] write(1, "executing program\n", 18) = 18
[pid  5926] memfd_create("syzkaller", 0) = 3
[pid  5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5926] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5926] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5926] close(3)                    = 0
[pid  5926] close(4)                    = 0
[pid  5926] mkdir("./file1", 0777)      = 0
[   91.931181][ T5926] loop0: detected capacity change from 0 to 32768
[   91.997208][ T5926] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   92.015798][ T5926] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   92.023995][ T5926] bcachefs (loop0): Version upgrade required:
[   92.023995][ T5926] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   92.023995][ T5926] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   92.023995][ T5926]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   92.097103][ T5926] bcachefs (loop0): dropping and reconstructing all alloc info
[   92.113227][ T5926] bcachefs (loop0): check_topology... done
[   92.119570][ T5926] bcachefs (loop0): accounting_read... done
[   92.125979][ T5926] bcachefs (loop0): alloc_read... done
[   92.131573][ T5926] bcachefs (loop0): stripes_read... done
[   92.137339][ T5926] bcachefs (loop0): snapshots_read... done
[pid  5926] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5926] chdir("./file1")            = 0
[pid  5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5926] ioctl(4, LOOP_CLR_FD)       = 0
[   92.143293][ T5926] bcachefs (loop0): check_allocations... done
[   92.162833][ T5926] bcachefs (loop0): going read-write
[   92.171541][ T5926] bcachefs (loop0): done starting filesystem
[pid  5926] close(4)                    = 0
[   92.243868][ T5926] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   92.243893][ T5926] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   92.272061][ T5926] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5926] creat("./file0/file0", 000) = 4
[pid  5926] close(3)                    = 0
[pid  5926] close(4)                    = 0
[pid  5926] close(5)                    = -1 EBADF (Bad file descriptor)
[   92.272077][ T5926] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   92.299997][ T5926] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   92.300018][ T5926] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5926] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5926] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5926] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5926] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5926] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5926] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5926] exit_group(0)               = ?
[pid  5926] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=35 /* 0.35 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./8/binderfs")      = 0
[   92.711930][ T5832] bcachefs (loop0): shutting down
[   92.717320][ T5832] bcachefs (loop0): going read-only
[   92.722548][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   92.730113][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   92.749322][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14
[   92.759893][ T5832] bcachefs (loop0): unshutdown complete, journal seq 15
[   92.767716][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   92.785387][ T5832] bcachefs (loop0): shutdown complete
[pid  5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
[pid  5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[pid  5832] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=40, ...}, AT_EMPTY_PATH) = 0
[pid  5832] getdents64(4, 0x5555919bf890 /* 2 entries */, 32768) = 48
[pid  5832] getdents64(4, 0x5555919bf890 /* 0 entries */, 32768) = 0
[pid  5832] close(4)                    = 0
[pid  5832] rmdir("./8/file1")          = 0
[pid  5832] getdents64(3, 0x5555919b7850 /* 0 entries */, 32768) = 0
[pid  5832] close(3)                    = 0
[pid  5832] rmdir("./8")                = 0
[pid  5832] mkdir("./9", 0777)          = 0
[pid  5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[pid  5832] ioctl(3, LOOP_CLR_FD)       = -1 ENXIO (No such device or address)
[pid  5832] close(3)                    = 0
[pid  5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached
, child_tidptr=0x5555919b6690) = 12
[pid  5937] set_robust_list(0x5555919b66a0, 24) = 0
[pid  5937] chdir("./9")                = 0
[pid  5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5937] setpgid(0, 0)               = 0
[pid  5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5937] write(3, "1000", 4)         = 4
[pid  5937] close(3)                    = 0
[pid  5937] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5937] write(1, "executing program\n", 18executing program
) = 18
[pid  5937] memfd_create("syzkaller", 0) = 3
[pid  5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7f7d200000
[pid  5937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5937] munmap(0x7f7f7d200000, 138412032) = 0
[pid  5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5937] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5937] close(3)                    = 0
[pid  5937] close(4)                    = 0
[pid  5937] mkdir("./file1", 0777)      = 0
[   94.195769][ T5937] loop0: detected capacity change from 0 to 32768
[   94.269331][ T5937] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,reconstruct_alloc,nocow,no_data_io
[   94.288236][ T5937] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   94.296697][ T5937] bcachefs (loop0): Version upgrade required:
[   94.296697][ T5937] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   94.296697][ T5937] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[   94.296697][ T5937]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[   94.369016][ T5937] bcachefs (loop0): dropping and reconstructing all alloc info
[   94.385420][ T5937] bcachefs (loop0): check_topology... done
[   94.391272][ T5937] bcachefs (loop0): accounting_read... done
[   94.397412][ T5937] bcachefs (loop0): alloc_read... done
[   94.402929][ T5937] bcachefs (loop0): stripes_read... done
[   94.408769][ T5937] bcachefs (loop0): snapshots_read... done
[pid  5937] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "errors=continue,direct_io,norecovery,nocow,fsck,norecovery,journal_transaction_names,reconstruct_all"...) = 0
[pid  5937] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5937] chdir("./file1")            = 0
[pid  5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5937] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5937] close(4)                    = 0
[   94.414828][ T5937] bcachefs (loop0): check_allocations... done
[   94.434168][ T5937] bcachefs (loop0): going read-write
[   94.444094][ T5937] bcachefs (loop0): done starting filesystem
[   94.470198][ T5937] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   94.470220][ T5937] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   94.500175][ T5937] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[pid  5937] creat("./file0/file0", 000) = 4
[pid  5937] close(3)                    = 0
[pid  5937] close(4)                    = 0
[pid  5937] close(5)                    = -1 EBADF (Bad file descriptor)
[pid  5937] close(6)                    = -1 EBADF (Bad file descriptor)
[   94.500191][ T5937] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[   94.529108][ T5937] bucket 0:34 gen 0 data type user sector count overflow: 0 + -8 > U32_MAX
[   94.529126][ T5937] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, continuing
[pid  5937] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5937] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5937] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5937] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5937] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5937] exit_group(0)               = ?
[pid  5937] +++ exited with 0 +++
[pid  5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=12, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=31 /* 0.31 s */} ---
[pid  5832] restart_syscall(<... resuming interrupted clone ...>) = 0
[pid  5832] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5832] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=80, ...}, AT_EMPTY_PATH) = 0
[   94.764719][ T5937] syz-executor427 (5937) used greatest stack depth: 11936 bytes left
[pid  5832] getdents64(3, 0x5555919b7850 /* 4 entries */, 32768) = 112
[pid  5832] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[pid  5832] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
[pid  5832] unlink("./9/binderfs")      = 0
[   94.895566][ T5832] bcachefs (loop0): shutting down
[   94.900652][ T5832] bcachefs (loop0): going read-only
[   94.906139][ T5832] bcachefs (loop0): finished waiting for writes to stop
[   94.913971][ T5832] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11
[   94.933147][ T5832] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12
[   94.944073][ T5832] bcachefs (loop0): unshutdown complete, journal seq 13
[   94.952259][ T5832] bcachefs (loop0): done going read-only, filesystem not clean
[   94.970589][ T5832] bcachefs (loop0): shutdown complete
[   95.637196][ T5832] ------------[ cut here ]------------
[   95.644408][ T5832] kernel BUG at fs/bcachefs/btree_cache.c:594!
[   95.651828][ T5832] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[   95.658801][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz-executor427 Not tainted 6.12.0-rc6-syzkaller #0
[   95.668172][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   95.678239][ T5832] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130
[   95.684756][ T5832] Code: fd 90 0f 0b e8 dd 1e 84 fd 90 0f 0b e8 d5 1e 84 fd 90 0f 0b e8 cd 1e 84 fd 90 0f 0b e8 c5 1e 84 fd 90 0f 0b e8 bd 1e 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90
[   95.704373][ T5832] RSP: 0018:ffffc90003847b20 EFLAGS: 00010293
[   95.710451][ T5832] RAX: ffffffff8410bb43 RBX: 0000000000000002 RCX: ffff88807e635a00
[   95.718430][ T5832] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   95.726433][ T5832] RBP: 1ffff11004f44216 R08: ffffffff8410b1e7 R09: 1ffff1100f2f03b6
[   95.734441][ T5832] R10: dffffc0000000000 R11: ffffed100f2f03b7 R12: ffff888079781c78
[   95.742448][ T5832] R13: ffff888079780000 R14: 0000000000000000 R15: dffffc0000000000
[   95.750426][ T5832] FS:  00005555919b63c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   95.759362][ T5832] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   95.765945][ T5832] CR2: 00007ffd2f5ac31c CR3: 000000007b52c000 CR4: 00000000003526f0
[   95.773917][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   95.781888][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   95.789858][ T5832] Call Trace:
[   95.793138][ T5832]  <TASK>
[   95.796072][ T5832]  ? __die_body+0x5f/0xb0
[   95.800424][ T5832]  ? die+0x9e/0xc0
[   95.804149][ T5832]  ? do_trap+0x15a/0x3a0
[   95.808423][ T5832]  ? bch2_fs_btree_cache_exit+0x1124/0x1130
[   95.814329][ T5832]  ? do_error_trap+0x1dc/0x2c0
[   95.819100][ T5832]  ? bch2_fs_btree_cache_exit+0x1124/0x1130
[   95.825026][ T5832]  ? __pfx_do_error_trap+0x10/0x10
[   95.830144][ T5832]  ? report_bug+0x3e8/0x500
[   95.834663][ T5832]  ? handle_invalid_op+0x34/0x40
[   95.839609][ T5832]  ? bch2_fs_btree_cache_exit+0x1124/0x1130
[   95.845509][ T5832]  ? exc_invalid_op+0x38/0x50
[   95.850198][ T5832]  ? asm_exc_invalid_op+0x1a/0x20
[   95.855229][ T5832]  ? bch2_fs_btree_cache_exit+0x7c7/0x1130
[   95.861045][ T5832]  ? bch2_fs_btree_cache_exit+0x1123/0x1130
[   95.866944][ T5832]  ? bch2_fs_btree_cache_exit+0x1124/0x1130
[   95.872872][ T5832]  bch2_fs_release+0x20e/0x7d0
[   95.877641][ T5832]  ? kobject_put+0x44d/0x480
[   95.882237][ T5832]  kobject_put+0x22f/0x480
[   95.886665][ T5832]  deactivate_locked_super+0xc4/0x130
[   95.892044][ T5832]  cleanup_mnt+0x41f/0x4b0
[   95.896466][ T5832]  ? lockdep_hardirqs_on+0x99/0x150
[   95.901669][ T5832]  task_work_run+0x24f/0x310
[   95.906269][ T5832]  ? __pfx_task_work_run+0x10/0x10
[   95.911390][ T5832]  ? path_umount+0x284/0xf70
[   95.916009][ T5832]  ptrace_notify+0x2d2/0x380
[   95.920608][ T5832]  ? __pfx_path_umount+0x10/0x10
[   95.925553][ T5832]  ? __pfx_ptrace_notify+0x10/0x10
[   95.930675][ T5832]  ? __x64_sys_umount+0x123/0x170
[   95.935706][ T5832]  ? __pfx___x64_sys_umount+0x10/0x10
[   95.941091][ T5832]  syscall_exit_work+0xc6/0x190
[   95.945955][ T5832]  syscall_exit_to_user_mode+0x279/0x370
[   95.951603][ T5832]  do_syscall_64+0x100/0x230
[   95.956194][ T5832]  ? clear_bhb_loop+0x35/0x90
[   95.960893][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.966790][ T5832] RIP: 0033:0x7f7f85f7bca7
[   95.971221][ T5832] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   95.990836][ T5832] RSP: 002b:00007ffd2f5ac308 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[   95.999258][ T5832] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7f85f7bca7
[   96.007254][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2f5ac3c0
[   96.015234][ T5832] RBP: 00007ffd2f5ac3c0 R08: 0000000000000000 R09: 0000000000000000
[   96.023216][ T5832] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffd2f5ad430
[   96.031189][ T5832] R13: 00005555919b7820 R14: 431bde82d7b634db R15: 00007ffd2f5ad450
[   96.039193][ T5832]  </TASK>
[   96.042218][ T5832] Modules linked in:
[   96.046545][ T5832] ---[ end trace 0000000000000000 ]---
[   96.052398][ T5832] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130
[   96.058971][ T5832] Code: fd 90 0f 0b e8 dd 1e 84 fd 90 0f 0b e8 d5 1e 84 fd 90 0f 0b e8 cd 1e 84 fd 90 0f 0b e8 c5 1e 84 fd 90 0f 0b e8 bd 1e 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90
[   96.079355][ T5832] RSP: 0018:ffffc90003847b20 EFLAGS: 00010293
[   96.085524][ T5832] RAX: ffffffff8410bb43 RBX: 0000000000000002 RCX: ffff88807e635a00
[   96.093623][ T5832] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[   96.101595][ T5832] RBP: 1ffff11004f44216 R08: ffffffff8410b1e7 R09: 1ffff1100f2f03b6
[   96.109655][ T5832] R10: dffffc0000000000 R11: ffffed100f2f03b7 R12: ffff888079781c78
[   96.117672][ T5832] R13: ffff888079780000 R14: 0000000000000000 R15: dffffc0000000000
[   96.125677][ T5832] FS:  00005555919b63c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   96.134645][ T5832] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   96.141230][ T5832] CR2: 00007ffd2f5ac31c CR3: 000000007b52c000 CR4: 00000000003526f0
[   96.149241][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   96.157271][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   96.165393][ T5832] Kernel panic - not syncing: Fatal exception
[   96.171926][ T5832] Kernel Offset: disabled
[   96.176280][ T5832] Rebooting in 86400 seconds..