./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor864466643 <...> Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts. execve("./syz-executor864466643", ["./syz-executor864466643"], 0x7ffd9812d0a0 /* 10 vars */) = 0 brk(NULL) = 0x55558be0f000 brk(0x55558be0fd00) = 0x55558be0fd00 arch_prctl(ARCH_SET_FS, 0x55558be0f380) = 0 set_tid_address(0x55558be0f650) = 5223 set_robust_list(0x55558be0f660, 24) = 0 rseq(0x55558be0fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor864466643", 4096) = 27 getrandom("\x13\x3c\xe4\x2a\x0f\x81\x84\x28", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558be0fd00 brk(0x55558be30d00) = 0x55558be30d00 brk(0x55558be31000) = 0x55558be31000 mprotect(0x7f929680c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5223}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5223}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 mkdir("./syzkaller.P9Qbws", 0700) = 0 chmod("./syzkaller.P9Qbws", 0777) = 0 chdir("./syzkaller.P9Qbws") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x55558be0f650) = 5226 [pid 5226] set_robust_list(0x55558be0f660, 24) = 0 [pid 5226] chdir("./0") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5226] write(1, "executing program\n", 18) = 18 [pid 5226] memfd_create("syzkaller", 0) = 3 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f928e200000 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5226] munmap(0x7f928e200000, 138412032) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5226] close(3) = 0 [pid 5226] close(4) = 0 [pid 5226] mkdir("./file1", 0777) = 0 [ 69.673904][ T5226] loop0: detected capacity change from 0 to 32768 [ 69.753379][ T5226] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 69.774821][ T5226] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 69.783228][ T5226] bcachefs (loop0): Version upgrade required: [ 69.783228][ T5226] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 69.783228][ T5226] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 69.783228][ T5226] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 69.857057][ T5226] bcachefs (loop0): dropping and reconstructing all alloc info [ 69.875247][ T5226] bcachefs (loop0): check_topology... done [ 69.881213][ T5226] bcachefs (loop0): accounting_read... done [ 69.888328][ T5226] bcachefs (loop0): alloc_read... done [ 69.893849][ T5226] bcachefs (loop0): stripes_read... done [pid 5226] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reco"...) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5226] chdir("./file1") = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5226] ioctl(4, LOOP_CLR_FD) = 0 [pid 5226] close(4) = 0 [pid 5226] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [ 69.899628][ T5226] bcachefs (loop0): snapshots_read... done [ 69.905884][ T5226] bcachefs (loop0): check_allocations... done [ 69.928589][ T5226] bcachefs (loop0): going read-write [ 69.939476][ T5226] bcachefs (loop0): done starting filesystem [pid 5226] exit_group(0) = ? [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 69.968564][ T29] audit: type=1800 audit(1729212484.067:2): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor864" name="bus" dev="loop0" ino=4101 res=0 errno=0 getdents64(3, 0x55558be106f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 70.090543][ T5223] bcachefs (loop0): shutting down [ 70.095727][ T5223] bcachefs (loop0): going read-only [ 70.101193][ T5223] bcachefs (loop0): finished waiting for writes to stop [ 70.110373][ T5223] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 70.137495][ T1101] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 70.150939][ T1101] bcachefs (loop0): fatal error - emergency read only [ 70.158286][ T5223] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 70.168230][ T5223] bcachefs (loop0): unshutdown complete, journal seq 14 [ 70.175986][ T5223] bcachefs (loop0): done going read-only, filesystem not clean [ 70.198199][ T5223] bcachefs (loop0): shutdown complete umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558be18730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558be18730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55558be106f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x55558be0f660, 24) = 0 [pid 5237] chdir("./1" [pid 5223] <... clone resumed>, child_tidptr=0x55558be0f650) = 5237 [pid 5237] <... chdir resumed>) = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5237] write(1, "executing program\n", 18) = 18 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f928e200000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5237] munmap(0x7f928e200000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [ 71.576225][ T5237] loop0: detected capacity change from 0 to 32768 [ 71.660353][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.660357][ T5237] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 71.667084][ T5237] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 71.690698][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.696485][ T5237] bcachefs (loop0): Version upgrade required: [ 71.696485][ T5237] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 71.696485][ T5237] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 71.696485][ T5237] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 71.774397][ T5237] bcachefs (loop0): dropping and reconstructing all alloc info [ 71.790254][ T5237] bcachefs (loop0): check_topology... done [ 71.796124][ T5237] bcachefs (loop0): accounting_read... done [ 71.802332][ T5237] bcachefs (loop0): alloc_read... done [pid 5237] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reco"...) = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file1") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [ 71.807990][ T5237] bcachefs (loop0): stripes_read... done [ 71.813667][ T5237] bcachefs (loop0): snapshots_read... done [ 71.819753][ T5237] bcachefs (loop0): check_allocations... done [ 71.841004][ T5237] bcachefs (loop0): going read-write [ 71.849863][ T5237] bcachefs (loop0): done starting filesystem [pid 5237] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 71.880062][ T29] audit: type=1800 audit(1729212485.977:3): pid=5237 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor864" name="bus" dev="loop0" ino=4101 res=0 errno=0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55558be106f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 72.016768][ T5223] bcachefs (loop0): shutting down [ 72.021887][ T5223] bcachefs (loop0): going read-only [ 72.027439][ T5223] bcachefs (loop0): finished waiting for writes to stop [ 72.035757][ T5223] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 72.059700][ T35] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 72.072897][ T35] bcachefs (loop0): fatal error - emergency read only [ 72.080402][ T5223] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 14 [ 72.090310][ T5223] bcachefs (loop0): unshutdown complete, journal seq 14 [ 72.098309][ T5223] bcachefs (loop0): done going read-only, filesystem not clean [ 72.116379][ T5223] bcachefs (loop0): shutdown complete umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55558be18730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55558be18730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55558be106f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x55558be0f650) = 5250 [pid 5250] set_robust_list(0x55558be0f660, 24) = 0 [pid 5250] chdir("./2") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] write(1, "executing program\n", 18executing program ) = 18 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f928e200000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5250] munmap(0x7f928e200000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./file1", 0777) = 0 [ 73.516282][ T5250] loop0: detected capacity change from 0 to 32768 [ 73.588604][ T5250] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 73.609729][ T5250] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 73.617876][ T5250] bcachefs (loop0): Version upgrade required: [ 73.617876][ T5250] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 73.617876][ T5250] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 73.617876][ T5250] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 73.690368][ T5250] bcachefs (loop0): dropping and reconstructing all alloc info [ 73.707243][ T5250] bcachefs (loop0): check_topology... done [ 73.713112][ T5250] bcachefs (loop0): accounting_read... done [ 73.719925][ T5250] bcachefs (loop0): alloc_read... done [ 73.725469][ T5250] bcachefs (loop0): stripes_read... done [ 73.731208][ T5250] bcachefs (loop0): snapshots_read... done [pid 5250] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reco"...) = 0 [pid 5250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file1") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_CLR_FD) = 0 [pid 5250] close(4) = 0 [ 73.737197][ T5250] bcachefs (loop0): check_allocations... done [ 73.757825][ T5250] bcachefs (loop0): going read-write [ 73.766684][ T5250] bcachefs (loop0): done starting filesystem [pid 5250] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_DIRECT|O_NOFOLLOW|O_NOATIME, 000) = 4 [pid 5250] exit_group(0) = ? [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 73.787834][ T29] audit: type=1800 audit(1729212487.887:4): pid=5250 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor864" name="bus" dev="loop0" ino=4101 res=0 errno=0 getdents64(3, 0x55558be106f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 73.888051][ T5223] bcachefs (loop0): shutting down [ 73.893116][ T5223] bcachefs (loop0): going read-only [ 73.898561][ T5223] bcachefs (loop0): finished waiting for writes to stop [ 73.906031][ T5223] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 73.927857][ T5223] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12 [ 73.941675][ T2963] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 53) [ 73.954456][ T5223] bcachefs (loop0): unshutdown complete, journal seq 13 [ 73.955111][ T2963] bcachefs (loop0): fatal error - emergency read only [ 73.969486][ T2963] ------------[ cut here ]------------ [ 73.975040][ T2963] kernel BUG at fs/bcachefs/journal.h:375! [ 73.980991][ T2963] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 73.987957][ T2963] CPU: 0 UID: 0 PID: 2963 Comm: kworker/u8:8 Not tainted 6.12.0-rc3-syzkaller-00183-g6efbea77b390 #0 [ 73.998828][ T2963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 74.008974][ T2963] Workqueue: btree_update btree_interior_update_work [ 74.015664][ T2963] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0 [ 74.021768][ T2963] Code: fd 90 0f 0b e8 6f d2 78 fd 90 0f 0b e8 67 d2 78 fd 90 0f 0b e8 5f d2 78 fd 90 0f 0b e8 57 d2 78 fd 90 0f 0b e8 4f d2 78 fd 90 <0f> 0b e8 47 d2 78 fd 90 0f 0b e8 3f d2 78 fd 90 0f 0b e8 37 d2 78 [ 74.041398][ T2963] RSP: 0018:ffffc900098276c0 EFLAGS: 00010293 [ 74.047480][ T2963] RAX: ffffffff841c1561 RBX: 0000000000000000 RCX: ffff88802f418000 [ 74.055475][ T2963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 74.063448][ T2963] RBP: ffffc90009827890 R08: ffffffff841bb898 R09: 1ffff1100de094a8 [ 74.071430][ T2963] R10: dffffc0000000000 R11: ffffed100de094a9 R12: ffff88806f000000 [ 74.079407][ T2963] R13: ffff88806f04a500 R14: 0000000000000044 R15: ffff88802fe640d0 [ 74.087384][ T2963] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 74.096317][ T2963] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.102991][ T2963] CR2: 000055558be186f8 CR3: 00000000316b8000 CR4: 00000000003526f0 [ 74.110969][ T2963] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.118943][ T2963] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.126917][ T2963] Call Trace: [ 74.130198][ T2963] [ 74.133132][ T2963] ? __die_body+0x5f/0xb0 [ 74.137470][ T2963] ? die+0x9e/0xc0 [ 74.141194][ T2963] ? do_trap+0x15a/0x3a0 [ 74.145449][ T2963] ? __bch2_trans_commit+0x9232/0x93c0 [ 74.150920][ T2963] ? do_error_trap+0x1dc/0x2c0 [ 74.155694][ T2963] ? __bch2_trans_commit+0x9232/0x93c0 [ 74.161167][ T2963] ? __pfx___do_six_trylock+0x10/0x10 [ 74.166551][ T2963] ? __pfx_do_error_trap+0x10/0x10 [ 74.171675][ T2963] ? handle_invalid_op+0x34/0x40 [ 74.176641][ T2963] ? __bch2_trans_commit+0x9232/0x93c0 [ 74.182113][ T2963] ? exc_invalid_op+0x38/0x50 [ 74.186805][ T2963] ? asm_exc_invalid_op+0x1a/0x20 [ 74.191845][ T2963] ? __bch2_trans_commit+0x3568/0x93c0 [ 74.197313][ T2963] ? __bch2_trans_commit+0x9231/0x93c0 [ 74.202780][ T2963] ? __bch2_trans_commit+0x9232/0x93c0 [ 74.208259][ T2963] ? __pfx___bch2_trans_commit+0x10/0x10 [ 74.213899][ T2963] ? bch2_dev_btree_bitmap_marked+0x2f/0xda0 [ 74.219885][ T2963] ? __bch2_trans_jset_entry_alloc+0x2c7/0x4b0 [ 74.226050][ T2963] ? btree_interior_update_work+0x117a/0x2b10 [ 74.232124][ T2963] btree_interior_update_work+0x1492/0x2b10 [ 74.238039][ T2963] ? __pfx_btree_interior_update_work+0x10/0x10 [ 74.244289][ T2963] ? __pfx_lock_acquire+0x10/0x10 [ 74.249332][ T2963] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.255330][ T2963] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.261676][ T2963] ? process_scheduled_works+0x976/0x1850 [ 74.267407][ T2963] process_scheduled_works+0xa63/0x1850 [ 74.272977][ T2963] ? __pfx_process_scheduled_works+0x10/0x10 [ 74.278976][ T2963] ? assign_work+0x364/0x3d0 [ 74.283575][ T2963] worker_thread+0x870/0xd30 [ 74.288179][ T2963] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 74.294088][ T2963] ? __kthread_parkme+0x169/0x1d0 [ 74.299145][ T2963] ? __pfx_worker_thread+0x10/0x10 [ 74.304269][ T2963] kthread+0x2f0/0x390 [ 74.308344][ T2963] ? __pfx_worker_thread+0x10/0x10 [ 74.313464][ T2963] ? __pfx_kthread+0x10/0x10 [ 74.318052][ T2963] ret_from_fork+0x4b/0x80 [ 74.322475][ T2963] ? __pfx_kthread+0x10/0x10 [ 74.327066][ T2963] ret_from_fork_asm+0x1a/0x30 [ 74.331853][ T2963] [ 74.334869][ T2963] Modules linked in: [ 74.339097][ T2963] ---[ end trace 0000000000000000 ]--- [ 74.344655][ T2963] RIP: 0010:__bch2_trans_commit+0x9232/0x93c0 [ 74.350848][ T2963] Code: fd 90 0f 0b e8 6f d2 78 fd 90 0f 0b e8 67 d2 78 fd 90 0f 0b e8 5f d2 78 fd 90 0f 0b e8 57 d2 78 fd 90 0f 0b e8 4f d2 78 fd 90 <0f> 0b e8 47 d2 78 fd 90 0f 0b e8 3f d2 78 fd 90 0f 0b e8 37 d2 78 [ 74.370659][ T2963] RSP: 0018:ffffc900098276c0 EFLAGS: 00010293 [ 74.376854][ T2963] RAX: ffffffff841c1561 RBX: 0000000000000000 RCX: ffff88802f418000 [ 74.384844][ T2963] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 74.392867][ T2963] RBP: ffffc90009827890 R08: ffffffff841bb898 R09: 1ffff1100de094a8 [ 74.401102][ T2963] R10: dffffc0000000000 R11: ffffed100de094a9 R12: ffff88806f000000 [ 74.409108][ T2963] R13: ffff88806f04a500 R14: 0000000000000044 R15: ffff88802fe640d0 [ 74.417120][ T2963] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 74.426069][ T2963] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.432690][ T2963] CR2: 00007ffc7fe21d2c CR3: 000000000e734000 CR4: 00000000003526f0 [ 74.440715][ T2963] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.448770][ T2963] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.456795][ T2963] Kernel panic - not syncing: Fatal exception [ 74.463191][ T2963] Kernel Offset: disabled [ 74.467514][ T2963] Rebooting in 86400 seconds..