./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2179028768 <...> Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. execve("./syz-executor2179028768", ["./syz-executor2179028768"], 0x7ffe34c037c0 /* 10 vars */) = 0 brk(NULL) = 0x55556ec2e000 brk(0x55556ec2ed40) = 0x55556ec2ed40 arch_prctl(ARCH_SET_FS, 0x55556ec2e3c0) = 0 set_tid_address(0x55556ec2e690) = 5826 set_robust_list(0x55556ec2e6a0, 24) = 0 rseq(0x55556ec2ece0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2179028768", 4096) = 28 getrandom("\x72\x46\x46\xfa\xf9\xd5\x7a\xea", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556ec2ed40 brk(0x55556ec4fd40) = 0x55556ec4fd40 brk(0x55556ec50000) = 0x55556ec50000 mprotect(0x7fd230e4b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.dKjtcm", 0700) = 0 chmod("./syzkaller.dKjtcm", 0777) = 0 chdir("./syzkaller.dKjtcm") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached [pid 5827] set_robust_list(0x55556ec2e6a0, 24 [pid 5826] <... clone resumed>, child_tidptr=0x55556ec2e690) = 5827 [pid 5827] <... set_robust_list resumed>) = 0 [pid 5827] chdir("./0") = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 [pid 5827] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5827] write(1, "executing program\n", 18) = 18 [pid 5827] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5827] rt_sigaction(SIGRT_1, {sa_handler=0x7fd230de9ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd230ddb0a0}, NULL, 8) = 0 [pid 5827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd230d5a000 [pid 5827] mprotect(0x7fd230d5b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd230d7a990, parent_tid=0x7fd230d7a990, exit_signal=0, stack=0x7fd230d5a000, stack_size=0x20300, tls=0x7fd230d7a6c0}./strace-static-x86_64: Process 5829 attached [pid 5829] rseq(0x7fd230d7afe0, 0x20, 0, 0x53053053) = 0 [pid 5829] set_robust_list(0x7fd230d7a9a0, 24 [pid 5827] <... clone3 resumed> => {parent_tid=[5829]}, 88) = 5829 [pid 5829] <... set_robust_list resumed>) = 0 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5827] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] memfd_create("syzkaller", 0 [pid 5827] <... futex resumed>) = 0 [pid 5827] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5829] <... memfd_create resumed>) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd228800000 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5829] munmap(0x7fd228800000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./file0", 0777) = 0 [ 64.458663][ T5829] loop0: detected capacity change from 0 to 32768 [ 64.529702][ T5829] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 64.552580][ T5829] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 64.560920][ T5829] bcachefs (loop0): Version upgrade required: [ 64.560920][ T5829] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 64.560920][ T5829] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 64.560920][ T5829] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 64.634324][ T5829] bcachefs (loop0): dropping and reconstructing all alloc info [ 64.652356][ T5829] bcachefs (loop0): check_topology... done [ 64.658248][ T5829] bcachefs (loop0): accounting_read... done [ 64.665375][ T5829] bcachefs (loop0): alloc_read... done [ 64.671033][ T5829] bcachefs (loop0): stripes_read... done [pid 5829] mount("/dev/loop0", "./file0", "bcachefs", MS_POSIXACL, "fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,a"...) = 0 [pid 5829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5829] chdir("./file0") = 0 [ 64.676780][ T5829] bcachefs (loop0): snapshots_read... done [ 64.683071][ T5829] bcachefs (loop0): check_allocations... done [ 64.702804][ T5829] bcachefs (loop0): going read-write [ 64.714176][ T5829] bcachefs (loop0): done starting filesystem [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] close(4) = 0 [pid 5829] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... futex resumed>) = 0 [pid 5827] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5829] creat("./file1", 044 [pid 5827] <... futex resumed>) = 1 [pid 5827] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] <... creat resumed>) = 4 [pid 5829] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... futex resumed>) = 0 [pid 5827] exit_group(0 [pid 5829] <... futex resumed>) = ? [pid 5827] <... exit_group resumed>) = ? [pid 5829] +++ exited with 0 +++ [pid 5827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5827, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 64.844829][ T5829] syz-executor217 (5829) used greatest stack depth: 12560 bytes left getdents64(3, 0x55556ec2f730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 64.957848][ T5826] bcachefs (loop0): shutting down [ 64.963480][ T5826] bcachefs (loop0): going read-only [ 64.968848][ T5826] bcachefs (loop0): finished waiting for writes to stop [ 64.977983][ T5826] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 64.990433][ T2969] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 54) [ 65.003589][ T2969] bcachefs (loop0): fatal error - emergency read only [ 65.010696][ T5826] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 65.021271][ T5826] bcachefs (loop0): unshutdown complete, journal seq 11 [ 65.028852][ T5826] bcachefs (loop0): done going read-only, filesystem not clean [ 65.048145][ T5826] bcachefs (loop0): shutdown complete umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556ec37770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556ec37770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x55556ec2f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5840 attached , child_tidptr=0x55556ec2e690) = 5840 [pid 5840] set_robust_list(0x55556ec2e6a0, 24) = 0 [pid 5840] chdir("./1") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5840] write(1, "executing program\n", 18) = 18 [pid 5840] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] rt_sigaction(SIGRT_1, {sa_handler=0x7fd230de9ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd230ddb0a0}, NULL, 8) = 0 [pid 5840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd230d5a000 [pid 5840] mprotect(0x7fd230d5b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd230d7a990, parent_tid=0x7fd230d7a990, exit_signal=0, stack=0x7fd230d5a000, stack_size=0x20300, tls=0x7fd230d7a6c0}./strace-static-x86_64: Process 5841 attached [pid 5841] rseq(0x7fd230d7afe0, 0x20, 0, 0x53053053) = 0 [pid 5840] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5841] set_robust_list(0x7fd230d7a9a0, 24 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] <... set_robust_list resumed>) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5840] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] memfd_create("syzkaller", 0 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5841] <... memfd_create resumed>) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd228800000 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5841] munmap(0x7fd228800000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] mkdir("./file0", 0777) = 0 [ 66.399501][ T5841] loop0: detected capacity change from 0 to 32768 [ 66.465749][ T5841] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 66.488490][ T5841] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 66.496695][ T5841] bcachefs (loop0): Version upgrade required: [ 66.496695][ T5841] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 66.496695][ T5841] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 66.496695][ T5841] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 66.568629][ T5841] bcachefs (loop0): dropping and reconstructing all alloc info [ 66.584859][ T5841] bcachefs (loop0): check_topology... done [ 66.590888][ T5841] bcachefs (loop0): accounting_read... done [ 66.597405][ T5841] bcachefs (loop0): alloc_read... done [ 66.603033][ T5841] bcachefs (loop0): stripes_read... done [ 66.608792][ T5841] bcachefs (loop0): snapshots_read... done [pid 5841] mount("/dev/loop0", "./file0", "bcachefs", MS_POSIXACL, "fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,a"...) = 0 [pid 5841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./file0") = 0 [ 66.614872][ T5841] bcachefs (loop0): check_allocations... done [ 66.632386][ T5841] bcachefs (loop0): going read-write [ 66.642499][ T5841] bcachefs (loop0): done starting filesystem [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_CLR_FD) = 0 [pid 5841] close(4) = 0 [pid 5841] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] creat("./file1", 044 [pid 5840] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... creat resumed>) = 4 [pid 5841] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5841] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5840] <... futex resumed>) = 0 [pid 5840] exit_group(0 [pid 5841] <... futex resumed>) = ? [pid 5840] <... exit_group resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556ec2f730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 66.853659][ T5826] bcachefs (loop0): shutting down [ 66.858716][ T5826] bcachefs (loop0): going read-only [ 66.864222][ T5826] bcachefs (loop0): finished waiting for writes to stop [ 66.872159][ T5826] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 66.884336][ T2969] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 54) [ 66.897688][ T2969] bcachefs (loop0): fatal error - emergency read only [ 66.905171][ T5826] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 66.915563][ T5826] bcachefs (loop0): unshutdown complete, journal seq 11 [ 66.923472][ T5826] bcachefs (loop0): done going read-only, filesystem not clean [ 66.939335][ T5826] bcachefs (loop0): shutdown complete umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556ec37770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556ec37770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x55556ec2f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x55556ec2e6a0, 24 [pid 5826] <... clone resumed>, child_tidptr=0x55556ec2e690) = 5852 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5852] chdir("./2") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] write(1, "executing program\n", 18executing program ) = 18 [pid 5852] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7fd230de9ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd230ddb0a0}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd230d5a000 [pid 5852] mprotect(0x7fd230d5b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd230d7a990, parent_tid=0x7fd230d7a990, exit_signal=0, stack=0x7fd230d5a000, stack_size=0x20300, tls=0x7fd230d7a6c0}./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7fd230d7afe0, 0x20, 0, 0x53053053) = 0 [pid 5852] <... clone3 resumed> => {parent_tid=[5853]}, 88) = 5853 [pid 5853] set_robust_list(0x7fd230d7a9a0, 24 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5853] memfd_create("syzkaller", 0 [pid 5852] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] <... memfd_create resumed>) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd228800000 [pid 5853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5853] munmap(0x7fd228800000, 138412032) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] close(4) = 0 [pid 5853] mkdir("./file0", 0777) = 0 [ 68.332741][ T5853] loop0: detected capacity change from 0 to 32768 [ 68.418633][ T5853] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 68.441013][ T5853] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 68.449030][ T5853] bcachefs (loop0): Version upgrade required: [ 68.449030][ T5853] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 68.449030][ T5853] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 68.449030][ T5853] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 68.521126][ T5853] bcachefs (loop0): dropping and reconstructing all alloc info [ 68.535602][ T5853] bcachefs (loop0): check_topology... done [ 68.541554][ T5853] bcachefs (loop0): accounting_read... done [ 68.547842][ T5853] bcachefs (loop0): alloc_read... done [ 68.553454][ T5853] bcachefs (loop0): stripes_read... done [ 68.559172][ T5853] bcachefs (loop0): snapshots_read... done [pid 5853] mount("/dev/loop0", "./file0", "bcachefs", MS_POSIXACL, "fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,a"...) = 0 [pid 5853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./file0") = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5853] creat("./file1", 044 [pid 5852] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... creat resumed>) = 4 [ 68.565371][ T5853] bcachefs (loop0): check_allocations... done [ 68.583965][ T5853] bcachefs (loop0): going read-write [ 68.593542][ T5853] bcachefs (loop0): done starting filesystem [pid 5853] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] exit_group(0 [pid 5853] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556ec2f730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 68.762817][ T5826] bcachefs (loop0): shutting down [ 68.767873][ T5826] bcachefs (loop0): going read-only [ 68.773396][ T5826] bcachefs (loop0): finished waiting for writes to stop [ 68.780997][ T5826] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 68.792838][ T3874] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 54) [ 68.806108][ T3874] bcachefs (loop0): fatal error - emergency read only [ 68.813539][ T5826] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 68.823296][ T5826] bcachefs (loop0): unshutdown complete, journal seq 11 [ 68.830841][ T5826] bcachefs (loop0): done going read-only, filesystem not clean [ 68.846225][ T5826] bcachefs (loop0): shutdown complete umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556ec37770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556ec37770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x55556ec2f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x55556ec2e6a0, 24 [pid 5826] <... clone resumed>, child_tidptr=0x55556ec2e690) = 5864 [pid 5864] <... set_robust_list resumed>) = 0 [pid 5864] chdir("./3") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5864] write(1, "executing program\n", 18) = 18 [pid 5864] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] rt_sigaction(SIGRT_1, {sa_handler=0x7fd230de9ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd230ddb0a0}, NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd230d5a000 [pid 5864] mprotect(0x7fd230d5b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd230d7a990, parent_tid=0x7fd230d7a990, exit_signal=0, stack=0x7fd230d5a000, stack_size=0x20300, tls=0x7fd230d7a6c0}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7fd230d7afe0, 0x20, 0, 0x53053053) = 0 [pid 5864] <... clone3 resumed> => {parent_tid=[5865]}, 88) = 5865 [pid 5865] set_robust_list(0x7fd230d7a9a0, 24 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], [pid 5865] <... set_robust_list resumed>) = 0 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5864] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] memfd_create("syzkaller", 0 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5865] <... memfd_create resumed>) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd228800000 [pid 5865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5865] munmap(0x7fd228800000, 138412032) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] close(4) = 0 [pid 5865] mkdir("./file0", 0777) = 0 [ 70.250555][ T5865] loop0: detected capacity change from 0 to 32768 [ 70.318734][ T5865] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 70.341643][ T5865] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 70.349743][ T5865] bcachefs (loop0): Version upgrade required: [ 70.349743][ T5865] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 70.349743][ T5865] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 70.349743][ T5865] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 70.421823][ T5865] bcachefs (loop0): dropping and reconstructing all alloc info [ 70.436473][ T5865] bcachefs (loop0): check_topology... done [ 70.442438][ T5865] bcachefs (loop0): accounting_read... done [ 70.449095][ T5865] bcachefs (loop0): alloc_read... done [ 70.455147][ T5865] bcachefs (loop0): stripes_read... done [ 70.461251][ T5865] bcachefs (loop0): snapshots_read... done [pid 5865] mount("/dev/loop0", "./file0", "bcachefs", MS_POSIXACL, "fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,a"...) = 0 [pid 5865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./file0") = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_CLR_FD) = 0 [pid 5865] close(4) = 0 [ 70.467325][ T5865] bcachefs (loop0): check_allocations... done [ 70.484432][ T5865] bcachefs (loop0): going read-write [ 70.493842][ T5865] bcachefs (loop0): done starting filesystem [pid 5865] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5864] <... futex resumed>) = 0 [pid 5865] creat("./file1", 044 [pid 5864] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... creat resumed>) = 4 [pid 5865] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5864] exit_group(0 [pid 5865] <... futex resumed>) = ? [pid 5864] <... exit_group resumed>) = ? [pid 5865] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556ec2f730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 70.676841][ T5826] bcachefs (loop0): shutting down [ 70.682184][ T5826] bcachefs (loop0): going read-only [ 70.687427][ T5826] bcachefs (loop0): finished waiting for writes to stop [ 70.696169][ T5826] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 70.711152][ T3874] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock write was silently dropped! (seq 0 expected 54) [ 70.724572][ T3874] bcachefs (loop0): fatal error - emergency read only [ 70.735092][ T5826] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 70.744884][ T5826] bcachefs (loop0): unshutdown complete, journal seq 11 [ 70.752450][ T5826] bcachefs (loop0): done going read-only, filesystem not clean [ 70.770206][ T5826] bcachefs (loop0): shutdown complete umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55556ec37770 /* 2 entries */, 32768) = 48 getdents64(4, 0x55556ec37770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x55556ec2f730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x55556ec2e6a0, 24) = 0 [pid 5876] chdir("./4" [pid 5826] <... clone resumed>, child_tidptr=0x55556ec2e690) = 5876 [pid 5876] <... chdir resumed>) = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5876] write(1, "executing program\n", 18) = 18 [pid 5876] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] rt_sigaction(SIGRT_1, {sa_handler=0x7fd230de9ef0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd230ddb0a0}, NULL, 8) = 0 [pid 5876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd230d5a000 [pid 5876] mprotect(0x7fd230d5b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd230d7a990, parent_tid=0x7fd230d7a990, exit_signal=0, stack=0x7fd230d5a000, stack_size=0x20300, tls=0x7fd230d7a6c0}./strace-static-x86_64: Process 5877 attached [pid 5877] rseq(0x7fd230d7afe0, 0x20, 0, 0x53053053) = 0 [pid 5876] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] set_robust_list(0x7fd230d7a9a0, 24 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] <... set_robust_list resumed>) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5876] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5876] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd228800000 [pid 5877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5877] munmap(0x7fd228800000, 138412032) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] close(4) = 0 [pid 5877] mkdir("./file0", 0777) = 0 [ 72.200945][ T5877] loop0: detected capacity change from 0 to 32768 [ 72.269456][ T5877] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 72.291958][ T5877] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 72.299959][ T5877] bcachefs (loop0): Version upgrade required: [ 72.299959][ T5877] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 72.299959][ T5877] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 72.299959][ T5877] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 72.375987][ T5877] bcachefs (loop0): dropping and reconstructing all alloc info [ 72.390302][ T5877] bcachefs (loop0): check_topology... done [ 72.396553][ T5877] bcachefs (loop0): accounting_read... done [ 72.402746][ T5877] bcachefs (loop0): alloc_read... done [ 72.408268][ T5877] bcachefs (loop0): stripes_read... done [ 72.414053][ T5877] bcachefs (loop0): snapshots_read... done [pid 5877] mount("/dev/loop0", "./file0", "bcachefs", MS_POSIXACL, "fsck,inline_data,nocow,degraded,str_hash=siphash,norecovery,discard,reconstruct_alloc,erasure_code,a"...) = 0 [pid 5877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./file0") = 0 [ 72.420006][ T5877] bcachefs (loop0): check_allocations... done [ 72.437172][ T5877] bcachefs (loop0): going read-write [ 72.446514][ T5877] bcachefs (loop0): done starting filesystem [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] futex(0x7fd230e516a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7fd230e516ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] creat("./file1", 044) = 4 [pid 5877] futex(0x7fd230e516ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7fd230e516a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5876] exit_group(0 [pid 5877] <... futex resumed>) = ? [pid 5876] <... exit_group resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55556ec2f730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 72.551145][ T5826] bcachefs (loop0): shutting down [ 72.556223][ T5826] bcachefs (loop0): going read-only [ 72.561699][ T5826] bcachefs (loop0): finished waiting for writes to stop [ 72.569073][ T5826] bcachefs (loop0): flushing journal and stopping allocators, journal seq 11 [ 72.586587][ T5826] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 12 [ 72.598238][ T5826] bcachefs (loop0): unshutdown complete, journal seq 13 [ 72.605911][ T5826] bcachefs (loop0): done going read-only, filesystem not clean [ 72.621883][ T5826] bcachefs (loop0): shutdown complete [ 73.307923][ T5826] ------------[ cut here ]------------ [ 73.315489][ T5826] kernel BUG at fs/bcachefs/btree_cache.c:594! [ 73.322472][ T5826] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 73.329466][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor217 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 73.340586][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 73.350638][ T5826] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.357143][ T5826] Code: fd 90 0f 0b e8 2d 3c 84 fd 90 0f 0b e8 25 3c 84 fd 90 0f 0b e8 1d 3c 84 fd 90 0f 0b e8 15 3c 84 fd 90 0f 0b e8 0d 3c 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 73.376786][ T5826] RSP: 0018:ffffc90003ce7b20 EFLAGS: 00010293 [ 73.382861][ T5826] RAX: ffffffff84109db3 RBX: 0000000000000002 RCX: ffff8880302dbc00 [ 73.390836][ T5826] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 73.398803][ T5826] RBP: 1ffff1100f379716 R08: ffffffff84109457 R09: 1ffff1100e6e03b6 [ 73.406852][ T5826] R10: dffffc0000000000 R11: ffffed100e6e03b7 R12: ffff888073701c78 [ 73.414817][ T5826] R13: ffff888073700000 R14: 0000000000000000 R15: dffffc0000000000 [ 73.422779][ T5826] FS: 000055556ec2e3c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 73.431700][ T5826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.438274][ T5826] CR2: 00007fd230e175d8 CR3: 0000000075972000 CR4: 00000000003526f0 [ 73.446240][ T5826] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.454201][ T5826] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.462161][ T5826] Call Trace: [ 73.465430][ T5826] [ 73.468351][ T5826] ? __die_body+0x5f/0xb0 [ 73.472676][ T5826] ? die+0x9e/0xc0 [ 73.476385][ T5826] ? do_trap+0x15a/0x3a0 [ 73.480617][ T5826] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.486523][ T5826] ? do_error_trap+0x1dc/0x2c0 [ 73.491277][ T5826] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.497164][ T5826] ? __pfx_do_error_trap+0x10/0x10 [ 73.502266][ T5826] ? report_bug+0x3e8/0x500 [ 73.506774][ T5826] ? handle_invalid_op+0x34/0x40 [ 73.511702][ T5826] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.517586][ T5826] ? exc_invalid_op+0x38/0x50 [ 73.522253][ T5826] ? asm_exc_invalid_op+0x1a/0x20 [ 73.527269][ T5826] ? bch2_fs_btree_cache_exit+0x7c7/0x1130 [ 73.533066][ T5826] ? bch2_fs_btree_cache_exit+0x1123/0x1130 [ 73.538953][ T5826] ? bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.544872][ T5826] bch2_fs_release+0x20e/0x7d0 [ 73.549652][ T5826] ? kobject_put+0x44d/0x480 [ 73.554258][ T5826] kobject_put+0x22f/0x480 [ 73.558688][ T5826] deactivate_locked_super+0xc4/0x130 [ 73.564062][ T5826] cleanup_mnt+0x41f/0x4b0 [ 73.568477][ T5826] ? lockdep_hardirqs_on+0x99/0x150 [ 73.573670][ T5826] task_work_run+0x24f/0x310 [ 73.578251][ T5826] ? __pfx_task_work_run+0x10/0x10 [ 73.583354][ T5826] ? path_umount+0x284/0xf70 [ 73.587941][ T5826] ptrace_notify+0x2d2/0x380 [ 73.592522][ T5826] ? __pfx_path_umount+0x10/0x10 [ 73.597467][ T5826] ? __pfx_ptrace_notify+0x10/0x10 [ 73.602573][ T5826] ? __x64_sys_umount+0x123/0x170 [ 73.607607][ T5826] ? __pfx___x64_sys_umount+0x10/0x10 [ 73.612971][ T5826] syscall_exit_work+0xc6/0x190 [ 73.617818][ T5826] syscall_exit_to_user_mode+0x279/0x370 [ 73.623444][ T5826] do_syscall_64+0x100/0x230 [ 73.628026][ T5826] ? clear_bhb_loop+0x35/0x90 [ 73.632703][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.638587][ T5826] RIP: 0033:0x7fd230dc4d37 [ 73.643005][ T5826] Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 73.662600][ T5826] RSP: 002b:00007ffc0bb1afd8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 73.671004][ T5826] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd230dc4d37 [ 73.678975][ T5826] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc0bb1b090 [ 73.686939][ T5826] RBP: 00007ffc0bb1b090 R08: 0000000000000000 R09: 0000000000000000 [ 73.694931][ T5826] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc0bb1c150 [ 73.702908][ T5826] R13: 000055556ec2f700 R14: 00007ffc0bb1c0f4 R15: 00007ffc0bb1c170 [ 73.710881][ T5826] [ 73.713887][ T5826] Modules linked in: [ 73.717999][ T5826] ---[ end trace 0000000000000000 ]--- [ 73.723794][ T5826] RIP: 0010:bch2_fs_btree_cache_exit+0x1124/0x1130 [ 73.730294][ T5826] Code: fd 90 0f 0b e8 2d 3c 84 fd 90 0f 0b e8 25 3c 84 fd 90 0f 0b e8 1d 3c 84 fd 90 0f 0b e8 15 3c 84 fd 90 0f 0b e8 0d 3c 84 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 73.750032][ T5826] RSP: 0018:ffffc90003ce7b20 EFLAGS: 00010293 [ 73.756291][ T5826] RAX: ffffffff84109db3 RBX: 0000000000000002 RCX: ffff8880302dbc00 [ 73.764323][ T5826] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 73.772333][ T5826] RBP: 1ffff1100f379716 R08: ffffffff84109457 R09: 1ffff1100e6e03b6 [ 73.780298][ T5826] R10: dffffc0000000000 R11: ffffed100e6e03b7 R12: ffff888073701c78 [ 73.788309][ T5826] R13: ffff888073700000 R14: 0000000000000000 R15: dffffc0000000000 [ 73.796315][ T5826] FS: 000055556ec2e3c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 73.805323][ T5826] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.811964][ T5826] CR2: 00007fd230e175d8 CR3: 0000000075972000 CR4: 00000000003526f0 [ 73.819925][ T5826] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.827968][ T5826] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.835977][ T5826] Kernel panic - not syncing: Fatal exception [ 73.842317][ T5826] Kernel Offset: disabled [ 73.846627][ T5826] Rebooting in 86400 seconds..