./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4066040715 <...> Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. execve("./syz-executor4066040715", ["./syz-executor4066040715"], 0x7ffe93ffa120 /* 10 vars */) = 0 brk(NULL) = 0x55557baf8000 brk(0x55557baf8d00) = 0x55557baf8d00 arch_prctl(ARCH_SET_FS, 0x55557baf8380) = 0 set_tid_address(0x55557baf8650) = 5830 set_robust_list(0x55557baf8660, 24) = 0 rseq(0x55557baf8ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4066040715", 4096) = 28 getrandom("\x11\xe5\x7e\xba\x35\x93\x1e\x37", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557baf8d00 brk(0x55557bb19d00) = 0x55557bb19d00 brk(0x55557bb1a000) = 0x55557bb1a000 mprotect(0x7fc1adc1d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 mkdir("./syzkaller.H5Drqq", 0700) = 0 chmod("./syzkaller.H5Drqq", 0777) = 0 chdir("./syzkaller.H5Drqq") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x55557baf8660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55557baf8650) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] chdir("./0") = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5831] write(1, "executing program\n", 18) = 18 [pid 5831] memfd_create("syzkaller", 0) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc1a5600000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5831] munmap(0x7fc1a5600000, 138412032) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] close(4) = 0 [pid 5831] mkdir("./file1", 0777) = 0 [ 88.475677][ T5831] loop0: detected capacity change from 0 to 32768 [ 88.581405][ T5831] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 88.598785][ T5831] bcachefs (loop0): initializing new filesystem [ 88.607730][ T5831] bcachefs (loop0): going read-write [ 88.616584][ T5831] bcachefs (loop0): marking superblocks [ 88.636215][ T5831] bcachefs (loop0): initializing freespace [ 88.644114][ T5831] bcachefs (loop0): done initializing freespace [ 88.656253][ T5831] bcachefs (loop0): reading snapshots table [ 88.662658][ T5831] bcachefs (loop0): reading snapshots done [pid 5831] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "\xff\xff\xff\xff\xff\xff\xff\xff\x6d\x15\xcd\xe5\xbb\x85\xa1\xc8\x64\xf2\x9c\x81\xda\x96\x8b\xb7\xc5\x05\xdc\xec\x98\xb7\x11\xd3\xaa\xc0\xd3\xa1\x04\x3e\xbd\xf1\x7b\xee\xbb\x5a\x42\xa4\xc8\x40\x1c\x3d\xff\x9a\xad\xbc\x69\x58\xdd\x1c\xb1\x40\x28\xae\x84\xf1\x35\x04\xcc\xfa\x4b\x7d\x8d\x78\x22\x2b\xbb\xee\x70\x21\xe0\x3f\x6b\xa3\x80\xdb\x83\x1d\xea\x75\xb5\x31\xc2\x9e\x5a\x0d\xa6\x73\xcc\xda\x73\x69"...) = 0 [pid 5831] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./file1") = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_CLR_FD) = 0 [ 88.682481][ T5831] bcachefs (loop0): done starting filesystem [pid 5831] close(4) = 0 [pid 5831] openat(AT_FDCWD, "blkio.bfq.io_queued_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5831] ftruncate(4, 49530) = 0 [pid 5831] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5831] write(5, "8", 1) = 1 [pid 5831] read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 8224 [ 88.759376][ T5831] FAULT_INJECTION: forcing a failure. [ 88.759376][ T5831] name failslab, interval 1, probability 0, space 0, times 1 [ 88.772522][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: syz-executor406 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 88.772549][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 88.772566][ T5831] Call Trace: [ 88.772574][ T5831] [ 88.772582][ T5831] dump_stack_lvl+0x241/0x360 [ 88.772622][ T5831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.772649][ T5831] ? __pfx__printk+0x10/0x10 [ 88.772680][ T5831] ? __pfx___might_resched+0x10/0x10 [ 88.772709][ T5831] should_fail_ex+0x424/0x570 [ 88.772746][ T5831] should_failslab+0xac/0x100 [ 88.772768][ T5831] __kvmalloc_node_noprof+0x170/0x5a0 [ 88.772790][ T5831] ? __bch2_darray_resize_noprof+0xd2/0x290 [ 88.772826][ T5831] __bch2_darray_resize_noprof+0xd2/0x290 [ 88.772861][ T5831] bch2_readahead+0x611/0x12d0 [ 88.772886][ T5831] ? lockdep_hardirqs_on+0x9d/0x150 [ 88.772937][ T5831] ? __pfx_bch2_readahead+0x10/0x10 [ 88.772965][ T5831] ? folio_batch_move_lru+0x3ae/0x430 [ 88.773025][ T5831] ? blk_start_plug+0x70/0x1b0 [ 88.773053][ T5831] read_pages+0x193/0x590 [ 88.773078][ T5831] ? filemap_add_folio+0x250/0x380 [ 88.773099][ T5831] ? __pfx_read_pages+0x10/0x10 [ 88.773148][ T5831] page_cache_ra_order+0xa37/0xca0 [ 88.773192][ T5831] filemap_get_pages+0x59f/0x1fc0 [ 88.773234][ T5831] ? __lock_acquire+0xad5/0xd80 [ 88.773272][ T5831] ? __pfx_filemap_get_pages+0x10/0x10 [ 88.773304][ T5831] ? __pfx___might_resched+0x10/0x10 [ 88.773334][ T5831] ? do_raw_spin_unlock+0x13c/0x8b0 [ 88.773369][ T5831] filemap_read+0x466/0x1260 [ 88.773420][ T5831] ? __pfx_filemap_read+0x10/0x10 [ 88.773441][ T5831] ? __switch_to+0xe97/0x1c30 [ 88.773509][ T5831] bch2_read_iter+0x1179/0x14b0 [ 88.773539][ T5831] ? finish_task_switch+0x1e5/0x870 [ 88.773574][ T5831] ? rcu_is_watching+0x15/0xb0 [ 88.773599][ T5831] ? trace_sched_exit_tp+0x3c/0x120 [ 88.773628][ T5831] ? __schedule+0x1b51/0x51f0 [ 88.773660][ T5831] ? __pfx_bch2_read_iter+0x10/0x10 [ 88.773694][ T5831] ? __lock_acquire+0xad5/0xd80 [ 88.773717][ T5831] ? do_raw_spin_lock+0x151/0x370 [ 88.773769][ T5831] vfs_read+0x9a0/0xb90 [ 88.773806][ T5831] ? __pfx_vfs_read+0x10/0x10 [ 88.773835][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 88.773861][ T5831] ? lockdep_hardirqs_on+0x9d/0x150 [ 88.773895][ T5831] ? ptrace_notify+0x282/0x390 [ 88.773935][ T5831] ksys_read+0x19d/0x2d0 [ 88.773965][ T5831] ? __pfx_ksys_read+0x10/0x10 [ 88.774004][ T5831] do_syscall_64+0xf3/0x230 [ 88.774025][ T5831] ? clear_bhb_loop+0x45/0xa0 [ 88.774049][ T5831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.774069][ T5831] RIP: 0033:0x7fc1adbabc59 [ 88.774095][ T5831] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5831] exit_group(0) = ? [pid 5831] +++ exited with 0 +++ [ 88.774216][ T5831] RSP: 002b:00007ffd419910a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 88.774238][ T5831] RAX: ffffffffffffffda RBX: 00007ffd419910d0 RCX: 00007fc1adbabc59 [ 88.774252][ T5831] RDX: 0000000000002020 RSI: 0000200000000800 RDI: 0000000000000004 [ 88.774265][ T5831] RBP: 0000000000000001 R08: 00007ffd41990e47 R09: 00007ffd419910f0 [ 88.774278][ T5831] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 88.774289][ T5831] R13: 0000000000000000 R14: 431bde82d7b634db R15: 00007ffd41991110 [ 88.774320][ T5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557baf96f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 89.124367][ T5831] syz-executor406 (5831) used greatest stack depth: 13968 bytes left [ 89.158677][ T5830] bcachefs (loop0): shutting down [ 89.163942][ T5830] bcachefs (loop0): going read-only [ 89.169448][ T5830] bcachefs (loop0): finished waiting for writes to stop [ 89.179738][ T5830] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2 [ 89.201540][ T5830] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 89.212879][ T5830] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 89.221075][ T5830] bcachefs (loop0): marking filesystem clean [ 89.249184][ T5830] bcachefs (loop0): shutdown complete umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557bb01730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557bb01730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55557baf96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached [pid 5843] set_robust_list(0x55557baf8660, 24) = 0 [pid 5843] chdir("./1" [pid 5830] <... clone resumed>, child_tidptr=0x55557baf8650) = 5843 [pid 5843] <... chdir resumed>) = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc1a5600000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5843] munmap(0x7fc1a5600000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] mkdir("./file1", 0777) = 0 [ 90.652399][ T5843] loop0: detected capacity change from 0 to 32768 [ 90.750029][ T5843] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 90.766860][ T5843] bcachefs (loop0): initializing new filesystem [ 90.775316][ T5843] bcachefs (loop0): going read-write [ 90.783590][ T5843] bcachefs (loop0): marking superblocks [pid 5843] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "\xff\xff\xff\xff\xff\xff\xff\xff\x6d\x15\xcd\xe5\xbb\x85\xa1\xc8\x64\xf2\x9c\x81\xda\x96\x8b\xb7\xc5\x05\xdc\xec\x98\xb7\x11\xd3\xaa\xc0\xd3\xa1\x04\x3e\xbd\xf1\x7b\xee\xbb\x5a\x42\xa4\xc8\x40\x1c\x3d\xff\x9a\xad\xbc\x69\x58\xdd\x1c\xb1\x40\x28\xae\x84\xf1\x35\x04\xcc\xfa\x4b\x7d\x8d\x78\x22\x2b\xbb\xee\x70\x21\xe0\x3f\x6b\xa3\x80\xdb\x83\x1d\xea\x75\xb5\x31\xc2\x9e\x5a\x0d\xa6\x73\xcc\xda\x73\x69"...) = 0 [pid 5843] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file1") = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 90.799634][ T5843] bcachefs (loop0): initializing freespace [ 90.807695][ T5843] bcachefs (loop0): done initializing freespace [ 90.816390][ T5843] bcachefs (loop0): reading snapshots table [ 90.822736][ T5843] bcachefs (loop0): reading snapshots done [ 90.839076][ T5843] bcachefs (loop0): done starting filesystem [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] openat(AT_FDCWD, "blkio.bfq.io_queued_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5843] ftruncate(4, 49530) = 0 [pid 5843] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5843] write(5, "8", 1) = 1 [pid 5843] read(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 8224 [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557baf96f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 [ 90.993672][ T5830] bcachefs (loop0): shutting down [ 90.998923][ T5830] bcachefs (loop0): going read-only [ 91.004522][ T5830] bcachefs (loop0): finished waiting for writes to stop [ 91.014257][ T5830] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3 [ 91.034803][ T5830] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3 [ 91.046349][ T5830] bcachefs (loop0): clean shutdown complete, journal seq 4 [ 91.054537][ T5830] bcachefs (loop0): marking filesystem clean [ 91.077679][ T5830] bcachefs (loop0): shutdown complete umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557bb01730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557bb01730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55557baf96f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x55557baf8660, 24) = 0 [pid 5854] chdir("./2" [pid 5830] <... clone resumed>, child_tidptr=0x55557baf8650) = 5854 [pid 5854] <... chdir resumed>) = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5854] write(1, "executing program\n", 18) = 18 [pid 5854] memfd_create("syzkaller", 0) = 3 [pid 5854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc1a5600000 [pid 5854] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5854] munmap(0x7fc1a5600000, 138412032) = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5854] close(3) = 0 [pid 5854] close(4) = 0 [pid 5854] mkdir("./file1", 0777) = 0 [ 92.547454][ T5854] loop0: detected capacity change from 0 to 32768 [ 92.635085][ T5854] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 92.651894][ T5854] bcachefs (loop0): initializing new filesystem [ 92.659647][ T5854] bcachefs (loop0): going read-write [ 92.666933][ T5854] bcachefs (loop0): marking superblocks [pid 5854] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS, "\xff\xff\xff\xff\xff\xff\xff\xff\x6d\x15\xcd\xe5\xbb\x85\xa1\xc8\x64\xf2\x9c\x81\xda\x96\x8b\xb7\xc5\x05\xdc\xec\x98\xb7\x11\xd3\xaa\xc0\xd3\xa1\x04\x3e\xbd\xf1\x7b\xee\xbb\x5a\x42\xa4\xc8\x40\x1c\x3d\xff\x9a\xad\xbc\x69\x58\xdd\x1c\xb1\x40\x28\xae\x84\xf1\x35\x04\xcc\xfa\x4b\x7d\x8d\x78\x22\x2b\xbb\xee\x70\x21\xe0\x3f\x6b\xa3\x80\xdb\x83\x1d\xea\x75\xb5\x31\xc2\x9e\x5a\x0d\xa6\x73\xcc\xda\x73\x69"...) = 0 [pid 5854] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5854] chdir("./file1") = 0 [pid 5854] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5854] ioctl(4, LOOP_CLR_FD) = 0 [ 92.683394][ T5854] bcachefs (loop0): initializing freespace [ 92.691175][ T5854] bcachefs (loop0): done initializing freespace [ 92.700813][ T5854] bcachefs (loop0): reading snapshots table [ 92.707154][ T5854] bcachefs (loop0): reading snapshots done [ 92.724604][ T5854] bcachefs (loop0): done starting filesystem [pid 5854] close(4) = 0 [pid 5854] openat(AT_FDCWD, "blkio.bfq.io_queued_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5854] ftruncate(4, 49530) = 0 [pid 5854] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5854] write(5, "8", 1) = 1 [ 92.810360][ T5854] ================================================================== [ 92.818530][ T5854] BUG: KASAN: slab-use-after-free in bchfs_read+0x2b48/0x3350 [ 92.826010][ T5854] Read of size 4 at addr ffff8880756ac148 by task syz-executor406/5854 [ 92.834265][ T5854] [ 92.836593][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor406 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 92.836613][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 92.836622][ T5854] Call Trace: [ 92.836630][ T5854] [ 92.836637][ T5854] dump_stack_lvl+0x241/0x360 [ 92.836662][ T5854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.836681][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836705][ T5854] ? rcu_is_watching+0x15/0xb0 [ 92.836722][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836739][ T5854] ? lock_release+0x4e/0x3e0 [ 92.836754][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836772][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836790][ T5854] print_report+0x16e/0x5b0 [ 92.836819][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836837][ T5854] ? __virt_addr_valid+0x183/0x530 [ 92.836854][ T5854] ? __virt_addr_valid+0x45f/0x530 [ 92.836871][ T5854] ? __phys_addr+0xba/0x170 [ 92.836889][ T5854] ? bchfs_read+0x2b48/0x3350 [ 92.836907][ T5854] kasan_report+0x143/0x180 [ 92.836921][ T5854] ? bchfs_read+0x2b48/0x3350 [ 92.836941][ T5854] bchfs_read+0x2b48/0x3350 [ 92.836959][ T5854] ? kasan_save_track+0x51/0x80 [ 92.836978][ T5854] ? kasan_save_track+0x3f/0x80 [ 92.837014][ T5854] ? __pfx_bchfs_read+0x10/0x10 [ 92.837032][ T5854] ? _raw_spin_unlock_irqrestore+0x90/0x140 [ 92.837053][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 92.837076][ T5854] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 92.837096][ T5854] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 92.837117][ T5854] ? rcu_is_watching+0x15/0xb0 [ 92.837139][ T5854] ? bchfs_read+0x345/0x3350 [ 92.837165][ T5854] ? __pfx_bio_add_page+0x10/0x10 [ 92.837180][ T5854] ? bio_alloc_bioset+0x80e/0x1130 [ 92.837196][ T5854] bch2_readahead+0xe7a/0x12d0 [ 92.837214][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 92.837241][ T5854] ? __pfx_bch2_readahead+0x10/0x10 [ 92.837259][ T5854] ? folio_batch_move_lru+0x3ae/0x430 [ 92.837290][ T5854] ? blk_start_plug+0x70/0x1b0 [ 92.837309][ T5854] read_pages+0x193/0x590 [ 92.837326][ T5854] ? filemap_add_folio+0x250/0x380 [ 92.837341][ T5854] ? __pfx_read_pages+0x10/0x10 [ 92.837362][ T5854] page_cache_ra_order+0xa37/0xca0 [ 92.837385][ T5854] filemap_get_pages+0x59f/0x1fc0 [ 92.837409][ T5854] ? sched_clock_cpu+0x77/0x4d0 [ 92.837431][ T5854] ? __pfx_filemap_get_pages+0x10/0x10 [ 92.837451][ T5854] ? __pfx___might_resched+0x10/0x10 [ 92.837473][ T5854] filemap_read+0x466/0x1260 [ 92.837490][ T5854] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 92.837512][ T5854] ? xfd_validate_state+0x6e/0x150 [ 92.837530][ T5854] ? __pfx_filemap_read+0x10/0x10 [ 92.837546][ T5854] ? __switch_to+0xe97/0x1c30 [ 92.837579][ T5854] bch2_read_iter+0x1179/0x14b0 [ 92.837600][ T5854] ? finish_task_switch+0x1e5/0x870 [ 92.837623][ T5854] ? rcu_is_watching+0x15/0xb0 [ 92.837640][ T5854] ? trace_sched_exit_tp+0x3c/0x120 [ 92.837661][ T5854] ? __schedule+0x1b51/0x51f0 [ 92.837682][ T5854] ? __pfx_bch2_read_iter+0x10/0x10 [ 92.837709][ T5854] ? __lock_acquire+0xad5/0xd80 [ 92.837723][ T5854] ? do_raw_spin_lock+0x151/0x370 [ 92.837752][ T5854] vfs_read+0x9a0/0xb90 [ 92.837775][ T5854] ? __pfx_vfs_read+0x10/0x10 [ 92.837794][ T5854] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.837814][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 92.837837][ T5854] ? ptrace_notify+0x282/0x390 [ 92.837862][ T5854] ksys_read+0x19d/0x2d0 [ 92.837882][ T5854] ? __pfx_ksys_read+0x10/0x10 [ 92.837906][ T5854] do_syscall_64+0xf3/0x230 [ 92.837920][ T5854] ? clear_bhb_loop+0x45/0xa0 [ 92.837936][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.837951][ T5854] RIP: 0033:0x7fc1adbabc59 [ 92.837965][ T5854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.837977][ T5854] RSP: 002b:00007ffd419910a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 92.837992][ T5854] RAX: ffffffffffffffda RBX: 00007ffd419910d0 RCX: 00007fc1adbabc59 [ 92.838003][ T5854] RDX: 0000000000002020 RSI: 0000200000000800 RDI: 0000000000000004 [ 92.838013][ T5854] RBP: 0000000000000001 R08: 00007ffd41990e47 R09: 00007ffd419910f0 [ 92.838023][ T5854] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffd419910cc [ 92.838032][ T5854] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffd41991110 [ 92.838048][ T5854] [ 92.838054][ T5854] [ 93.265477][ T5854] Allocated by task 5854: [ 93.269998][ T5854] kasan_save_track+0x3f/0x80 [ 93.274993][ T5854] __kasan_mempool_unpoison_object+0x9e/0x170 [ 93.281145][ T5854] remove_element+0x129/0x1a0 [ 93.285954][ T5854] mempool_alloc_noprof+0x552/0x5a0 [ 93.291219][ T5854] bio_alloc_bioset+0x26f/0x1130 [ 93.296337][ T5854] bch2_readahead+0xbaf/0x12d0 [ 93.301391][ T5854] read_pages+0x193/0x590 [ 93.305828][ T5854] page_cache_ra_order+0xa37/0xca0 [ 93.311040][ T5854] filemap_get_pages+0x59f/0x1fc0 [ 93.316100][ T5854] filemap_read+0x466/0x1260 [ 93.320699][ T5854] bch2_read_iter+0x1179/0x14b0 [ 93.325570][ T5854] vfs_read+0x9a0/0xb90 [ 93.329933][ T5854] ksys_read+0x19d/0x2d0 [ 93.334186][ T5854] do_syscall_64+0xf3/0x230 [ 93.338693][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.344596][ T5854] [ 93.346919][ T5854] Freed by task 5854: [ 93.350920][ T5854] kasan_save_track+0x3f/0x80 [ 93.355919][ T5854] kasan_save_free_info+0x40/0x50 [ 93.360974][ T5854] __kasan_mempool_poison_object+0xaa/0x120 [ 93.366902][ T5854] mempool_free+0x1c8/0x390 [ 93.371512][ T5854] bch2_readpages_end_io+0x17c/0x1d0 [ 93.376808][ T5854] __bch2_read_extent+0x1348/0x4400 [ 93.382059][ T5854] bchfs_read+0x251a/0x3350 [ 93.386714][ T5854] bch2_readahead+0xe7a/0x12d0 [ 93.391689][ T5854] read_pages+0x193/0x590 [ 93.396055][ T5854] page_cache_ra_order+0xa37/0xca0 [ 93.401372][ T5854] filemap_get_pages+0x59f/0x1fc0 [ 93.406701][ T5854] filemap_read+0x466/0x1260 [ 93.411442][ T5854] bch2_read_iter+0x1179/0x14b0 [ 93.416318][ T5854] vfs_read+0x9a0/0xb90 [ 93.420491][ T5854] ksys_read+0x19d/0x2d0 [ 93.424774][ T5854] do_syscall_64+0xf3/0x230 [ 93.429311][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.435400][ T5854] [ 93.437764][ T5854] The buggy address belongs to the object at ffff8880756ac000 [ 93.437764][ T5854] which belongs to the cache bio-488 of size 488 [ 93.451910][ T5854] The buggy address is located 328 bytes inside of [ 93.451910][ T5854] freed 488-byte region [ffff8880756ac000, ffff8880756ac1e8) [ 93.465923][ T5854] [ 93.468521][ T5854] The buggy address belongs to the physical page: [ 93.474951][ T5854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x756ac [ 93.483729][ T5854] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 93.492229][ T5854] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 93.499875][ T5854] page_type: f5(slab) [ 93.503964][ T5854] raw: 00fff00000000040 ffff888033497a00 dead000000000122 0000000000000000 [ 93.512653][ T5854] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 93.521273][ T5854] head: 00fff00000000040 ffff888033497a00 dead000000000122 0000000000000000 [ 93.529952][ T5854] head: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 93.538636][ T5854] head: 00fff00000000001 ffffea0001d5ab01 00000000ffffffff 00000000ffffffff [ 93.547320][ T5854] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 93.555994][ T5854] page dumped because: kasan: bad access detected [ 93.562427][ T5854] page_owner tracks the page as allocated [ 93.568267][ T5854] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5854, tgid 5854 (syz-executor406), ts 92613750343, free_ts 91077243774 [ 93.590250][ T5854] post_alloc_hook+0x1f4/0x240 [ 93.595036][ T5854] get_page_from_freelist+0x351d/0x36b0 [ 93.600698][ T5854] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 93.606587][ T5854] alloc_pages_mpol+0x339/0x690 [ 93.611438][ T5854] allocate_slab+0x8f/0x3a0 [ 93.615971][ T5854] ___slab_alloc+0xc3b/0x1500 [ 93.620654][ T5854] __slab_alloc+0x58/0xa0 [ 93.624989][ T5854] kmem_cache_alloc_noprof+0x270/0x390 [ 93.630476][ T5854] mempool_init_node+0x1ee/0x4e0 [ 93.635431][ T5854] mempool_init_noprof+0x3a/0x50 [ 93.640468][ T5854] bioset_init+0x2ea/0x820 [ 93.645006][ T5854] bch2_fs_io_read_init+0x29/0xc0 [ 93.650054][ T5854] bch2_fs_open+0x2f2f/0x32a0 [ 93.654745][ T5854] bch2_fs_get_tree+0x77b/0x18f0 [ 93.659773][ T5854] vfs_get_tree+0x90/0x2b0 [ 93.664471][ T5854] do_new_mount+0x2cf/0xb70 [ 93.669013][ T5854] page last free pid 5830 tgid 5830 stack trace: [ 93.675434][ T5854] __free_pages_ok+0xb17/0xd90 [ 93.680243][ T5854] __folio_put+0x2b5/0x360 [ 93.684856][ T5854] free_large_kmalloc+0x143/0x1e0 [ 93.690003][ T5854] kfree+0x216/0x430 [ 93.694015][ T5854] bch2_dev_journal_exit+0x2ba/0x4a0 [ 93.699412][ T5854] bch2_dev_free+0x14d/0x230 [ 93.704028][ T5854] bch2_fs_free+0x27b/0x3c0 [ 93.708556][ T5854] deactivate_locked_super+0xc4/0x130 [ 93.713952][ T5854] cleanup_mnt+0x422/0x4c0 [ 93.718381][ T5854] task_work_run+0x251/0x310 [ 93.722982][ T5854] ptrace_notify+0x2dc/0x390 [ 93.727583][ T5854] syscall_exit_work+0xc7/0x1d0 [ 93.732449][ T5854] syscall_exit_to_user_mode+0x24a/0x340 [ 93.738265][ T5854] do_syscall_64+0x100/0x230 [ 93.742869][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.748770][ T5854] [ 93.751183][ T5854] Memory state around the buggy address: [ 93.756994][ T5854] ffff8880756ac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.765241][ T5854] ffff8880756ac080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.773526][ T5854] >ffff8880756ac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 93.781773][ T5854] ^ [ 93.788274][ T5854] ffff8880756ac180: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 93.796609][ T5854] ffff8880756ac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 93.804771][ T5854] ================================================================== [ 93.814581][ T5854] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 93.822385][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor406 Not tainted 6.14.0-syzkaller-12456-gacc4d5ff0b61 #0 PREEMPT(full) [ 93.834548][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 93.844726][ T5854] Call Trace: [ 93.848051][ T5854] [ 93.850998][ T5854] dump_stack_lvl+0x241/0x360 [ 93.855709][ T5854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.860912][ T5854] ? __pfx__printk+0x10/0x10 [ 93.865542][ T5854] ? vscnprintf+0x5d/0x90 [ 93.869944][ T5854] panic+0x349/0x880 [ 93.873973][ T5854] ? check_panic_on_warn+0x21/0xb0 [ 93.879101][ T5854] ? __pfx_panic+0x10/0x10 [ 93.883541][ T5854] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 93.889545][ T5854] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.895886][ T5854] ? print_report+0x519/0x5b0 [ 93.900577][ T5854] check_panic_on_warn+0x86/0xb0 [ 93.905544][ T5854] ? bchfs_read+0x2b48/0x3350 [ 93.910226][ T5854] end_report+0x77/0x160 [ 93.914479][ T5854] kasan_report+0x154/0x180 [ 93.919002][ T5854] ? bchfs_read+0x2b48/0x3350 [ 93.923716][ T5854] bchfs_read+0x2b48/0x3350 [ 93.928228][ T5854] ? kasan_save_track+0x51/0x80 [ 93.933181][ T5854] ? kasan_save_track+0x3f/0x80 [ 93.938134][ T5854] ? __pfx_bchfs_read+0x10/0x10 [ 93.943006][ T5854] ? _raw_spin_unlock_irqrestore+0x90/0x140 [ 93.948908][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 93.954143][ T5854] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 93.960064][ T5854] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 93.966416][ T5854] ? rcu_is_watching+0x15/0xb0 [ 93.971208][ T5854] ? bchfs_read+0x345/0x3350 [ 93.975819][ T5854] ? __pfx_bio_add_page+0x10/0x10 [ 93.980849][ T5854] ? bio_alloc_bioset+0x80e/0x1130 [ 93.985966][ T5854] bch2_readahead+0xe7a/0x12d0 [ 93.991083][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 93.996385][ T5854] ? __pfx_bch2_readahead+0x10/0x10 [ 94.001594][ T5854] ? folio_batch_move_lru+0x3ae/0x430 [ 94.006992][ T5854] ? blk_start_plug+0x70/0x1b0 [ 94.011782][ T5854] read_pages+0x193/0x590 [ 94.016467][ T5854] ? filemap_add_folio+0x250/0x380 [ 94.021576][ T5854] ? __pfx_read_pages+0x10/0x10 [ 94.026661][ T5854] page_cache_ra_order+0xa37/0xca0 [ 94.031803][ T5854] filemap_get_pages+0x59f/0x1fc0 [ 94.036964][ T5854] ? sched_clock_cpu+0x77/0x4d0 [ 94.041851][ T5854] ? __pfx_filemap_get_pages+0x10/0x10 [ 94.047642][ T5854] ? __pfx___might_resched+0x10/0x10 [ 94.052959][ T5854] filemap_read+0x466/0x1260 [ 94.057587][ T5854] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 94.063763][ T5854] ? xfd_validate_state+0x6e/0x150 [ 94.068920][ T5854] ? __pfx_filemap_read+0x10/0x10 [ 94.073962][ T5854] ? __switch_to+0xe97/0x1c30 [ 94.078666][ T5854] bch2_read_iter+0x1179/0x14b0 [ 94.083733][ T5854] ? finish_task_switch+0x1e5/0x870 [ 94.089048][ T5854] ? rcu_is_watching+0x15/0xb0 [ 94.093942][ T5854] ? trace_sched_exit_tp+0x3c/0x120 [ 94.099159][ T5854] ? __schedule+0x1b51/0x51f0 [ 94.103981][ T5854] ? __pfx_bch2_read_iter+0x10/0x10 [ 94.109432][ T5854] ? __lock_acquire+0xad5/0xd80 [ 94.114317][ T5854] ? do_raw_spin_lock+0x151/0x370 [ 94.119375][ T5854] vfs_read+0x9a0/0xb90 [ 94.123554][ T5854] ? __pfx_vfs_read+0x10/0x10 [ 94.128242][ T5854] ? _raw_spin_unlock_irq+0x23/0x50 [ 94.133545][ T5854] ? lockdep_hardirqs_on+0x9d/0x150 [ 94.138880][ T5854] ? ptrace_notify+0x282/0x390 [ 94.143777][ T5854] ksys_read+0x19d/0x2d0 [ 94.148126][ T5854] ? __pfx_ksys_read+0x10/0x10 [ 94.152904][ T5854] do_syscall_64+0xf3/0x230 [ 94.157408][ T5854] ? clear_bhb_loop+0x45/0xa0 [ 94.162097][ T5854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.168011][ T5854] RIP: 0033:0x7fc1adbabc59 [ 94.172546][ T5854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 94.192191][ T5854] RSP: 002b:00007ffd419910a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 94.201000][ T5854] RAX: ffffffffffffffda RBX: 00007ffd419910d0 RCX: 00007fc1adbabc59 [ 94.208981][ T5854] RDX: 0000000000002020 RSI: 0000200000000800 RDI: 0000000000000004 [ 94.217049][ T5854] RBP: 0000000000000001 R08: 00007ffd41990e47 R09: 00007ffd419910f0 [ 94.225207][ T5854] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffd419910cc [ 94.233570][ T5854] R13: 0000000000000002 R14: 431bde82d7b634db R15: 00007ffd41991110 [ 94.241580][ T5854] [ 94.245045][ T5854] Kernel Offset: disabled [ 94.249411][ T5854] Rebooting in 86400 seconds..