./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2866975108 <...> Warning: Permanently added '10.128.1.165' (ED25519) to the list of known hosts. execve("./syz-executor2866975108", ["./syz-executor2866975108"], 0x7ffca44bbfe0 /* 10 vars */) = 0 brk(NULL) = 0x555584d9f000 brk(0x555584d9fd00) = 0x555584d9fd00 arch_prctl(ARCH_SET_FS, 0x555584d9f380) = 0 set_tid_address(0x555584d9f650) = 5828 set_robust_list(0x555584d9f660, 24) = 0 rseq(0x555584d9fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2866975108", 4096) = 28 getrandom("\x66\x97\x31\x51\xea\x6d\xca\x0d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555584d9fd00 brk(0x555584dc0d00) = 0x555584dc0d00 brk(0x555584dc1000) = 0x555584dc1000 mprotect(0x7fe4d5c55000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.SQe6d4", 0700) = 0 chmod("./syzkaller.SQe6d4", 0777) = 0 chdir("./syzkaller.SQe6d4") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached [pid 5830] set_robust_list(0x555584d9f660, 24) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x555584d9f650) = 5830 [pid 5830] chdir("./0") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] write(1, "executing program\n", 18executing program ) = 18 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe4cd600000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5830] munmap(0x7fe4cd600000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file1", 0777) = 0 syzkaller login: [ 79.711998][ T5830] loop0: detected capacity change from 0 to 32768 [ 79.796071][ T5830] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fix_errors=no,norecovery,recovery_pass_last=check_extents,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 79.820443][ T5830] invalid bkey in superblock btree=backpointers level=1: u64s 11 type btree_ptr_v2 6:U64_MAX:U32_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key 678604832768:0:0 durability: 0 (invalid extent entry 0000000000000000) [ 79.820469][ T5830] min_key > key: delete?, fixing [ 79.848039][ T5830] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 79.856689][ T5830] bcachefs (loop0): Version upgrade required: [ 79.856689][ T5830] Version upgrade from 0.8: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 79.856689][ T5830] Doing incompatible version upgrade from 0.8: (unknown version) to 1.20: directory_size [ 79.856689][ T5830] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 79.928800][ T5830] bcachefs (loop0): dropping and reconstructing all alloc info [ 79.943038][ T5830] invalid bkey in btree_node btree=xattrs level=0: u64s 7 type xattr 536870912:3798421620223919902:U32_MAX len 0 ver 0: user.˙˙˙tr2:xattr2 [ 79.943062][ T5830] value too small (2 < 8066): delete?, fixing [ 79.967696][ T5830] bcachefs (loop0): accounting_read... done [ 79.975279][ T5830] bcachefs (loop0): alloc_read... done [ 79.980872][ T5830] bcachefs (loop0): stripes_read... done [ 79.986713][ T5830] bcachefs (loop0): snapshots_read... done [pid 5830] mount("/dev/loop0", "./file1", "bcachefs", MS_I_VERSION, "acl,fi\v_errors=ask,norecovery,fix_errors=no,recovery_pass_last=check_extents,norecovery,error=ro,rec"...) = 0 [pid 5830] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5830] chdir("./file1") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_CLR_FD) = 0 [ 79.993163][ T5830] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 80.003119][ T5830] bcachefs (loop0): done starting filesystem [pid 5830] close(4) = 0 [pid 5830] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_NOCTTY|O_APPEND, 001) = 4 [pid 5830] write(4, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00", 24) = 24 [pid 5830] exit_group(0) = ? [pid 5830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5830, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=33 /* 0.33 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555584da06f0 /* 4 entries */, 32768) = 112 [ 80.099416][ T5830] syz-executor286 (5830) used greatest stack depth: 18016 bytes left umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 80.181077][ T5828] bcachefs (loop0): shutting down [ 80.199732][ T5828] bcachefs (loop0): shutdown complete [ 80.898075][ T5828] ------------[ cut here ]------------ [ 80.903824][ T5828] online_reserved not 0 at shutdown: 1792 [ 80.904274][ T5828] WARNING: CPU: 1 PID: 5828 at fs/bcachefs/super.c:585 bch2_fs_release+0x744/0x7b0 [ 80.919435][ T5828] Modules linked in: [ 80.923467][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor286 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0 [ 80.934701][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 80.944893][ T5828] RIP: 0010:bch2_fs_release+0x744/0x7b0 [ 80.950493][ T5828] Code: 41 5e 41 5f 5d e9 6c 5f 2a fd e8 77 a2 40 fd e9 06 fd ff ff e8 6d a2 40 fd 90 48 c7 c7 20 cc 75 8c 4c 89 ee e8 0d 5d 00 fd 90 <0f> 0b 90 90 e9 13 fd ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 18 fb ff [ 80.970510][ T5828] RSP: 0018:ffffc90003effb68 EFLAGS: 00010246 [ 80.976675][ T5828] RAX: 446aa7d46fd25600 RBX: ffff888077284a10 RCX: ffff888028030000 [ 80.984785][ T5828] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.992926][ T5828] RBP: 1ffff1100ee50942 R08: ffffffff81819d62 R09: 1ffff110170e519a [ 81.000926][ T5828] R10: dffffc0000000000 R11: ffffed10170e519b R12: 00000000fffffff8 [ 81.009003][ T5828] R13: 0000000000000700 R14: dffffc0000000000 R15: 0000607f47623608 [ 81.017054][ T5828] FS: 0000555584d9f380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 81.026092][ T5828] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.032741][ T5828] CR2: 0000555584da86f8 CR3: 000000007bdb4000 CR4: 00000000003526f0 [ 81.040727][ T5828] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.048843][ T5828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.056898][ T5828] Call Trace: [ 81.060188][ T5828] [ 81.063237][ T5828] ? __warn+0x165/0x4d0 [ 81.067436][ T5828] ? bch2_fs_release+0x744/0x7b0 [ 81.072465][ T5828] ? report_bug+0x2b3/0x500 [ 81.077032][ T5828] ? bch2_fs_release+0x744/0x7b0 [ 81.082113][ T5828] ? handle_bug+0x60/0x90 [ 81.086562][ T5828] ? exc_invalid_op+0x1a/0x50 [ 81.091248][ T5828] ? asm_exc_invalid_op+0x1a/0x20 [ 81.096345][ T5828] ? __warn_printk+0x292/0x360 [ 81.101152][ T5828] ? bch2_fs_release+0x744/0x7b0 [ 81.106188][ T5828] ? bch2_fs_release+0x743/0x7b0 [ 81.111177][ T5828] kobject_put+0x22f/0x480 [ 81.115689][ T5828] deactivate_locked_super+0xc4/0x130 [ 81.121106][ T5828] cleanup_mnt+0x41f/0x4b0 [ 81.125650][ T5828] ? lockdep_hardirqs_on+0x99/0x150 [ 81.130903][ T5828] task_work_run+0x24f/0x310 [ 81.135575][ T5828] ? __pfx_task_work_run+0x10/0x10 [ 81.140718][ T5828] ? path_umount+0x211/0xf80 [ 81.145419][ T5828] ptrace_notify+0x2d9/0x380 [ 81.150042][ T5828] ? __x64_sys_umount+0x123/0x170 [ 81.155140][ T5828] ? user_path_at+0x44/0x60 [ 81.159678][ T5828] ? __pfx_ptrace_notify+0x10/0x10 [ 81.164880][ T5828] ? kmem_cache_free+0x195/0x410 [ 81.169857][ T5828] ? __x64_sys_umount+0x123/0x170 [ 81.175022][ T5828] syscall_exit_work+0xc7/0x1d0 [ 81.179929][ T5828] syscall_exit_to_user_mode+0x24a/0x340 [ 81.185736][ T5828] do_syscall_64+0x100/0x230 [ 81.190375][ T5828] ? clear_bhb_loop+0x35/0x90 [ 81.195190][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.201134][ T5828] RIP: 0033:0x7fe4d5bdd407 [ 81.205710][ T5828] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 81.225446][ T5828] RSP: 002b:00007ffe8f35e118 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 81.233964][ T5828] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe4d5bdd407 [ 81.242054][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8f35e1d0 [ 81.250054][ T5828] RBP: 00007ffe8f35e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 81.258109][ T5828] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe8f35f240 [ 81.266174][ T5828] R13: 0000555584da06c0 R14: 0000000000000001 R15: 431bde82d7b634db [ 81.274230][ T5828] [ 81.277379][ T5828] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 81.284688][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor286 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0 [ 81.296146][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 81.306208][ T5828] Call Trace: [ 81.309493][ T5828] [ 81.312427][ T5828] dump_stack_lvl+0x241/0x360 [ 81.317161][ T5828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.322389][ T5828] ? __pfx__printk+0x10/0x10 [ 81.327002][ T5828] ? _printk+0xd5/0x120 [ 81.331171][ T5828] ? __init_begin+0x41000/0x41000 [ 81.336227][ T5828] ? vscnprintf+0x5d/0x90 [ 81.340584][ T5828] panic+0x349/0x880 [ 81.344508][ T5828] ? __warn+0x174/0x4d0 [ 81.348713][ T5828] ? __pfx_panic+0x10/0x10 [ 81.353174][ T5828] __warn+0x344/0x4d0 [ 81.357173][ T5828] ? bch2_fs_release+0x744/0x7b0 [ 81.362124][ T5828] report_bug+0x2b3/0x500 [ 81.366472][ T5828] ? bch2_fs_release+0x744/0x7b0 [ 81.371421][ T5828] handle_bug+0x60/0x90 [ 81.375592][ T5828] exc_invalid_op+0x1a/0x50 [ 81.380193][ T5828] asm_exc_invalid_op+0x1a/0x20 [ 81.385096][ T5828] RIP: 0010:bch2_fs_release+0x744/0x7b0 [ 81.390662][ T5828] Code: 41 5e 41 5f 5d e9 6c 5f 2a fd e8 77 a2 40 fd e9 06 fd ff ff e8 6d a2 40 fd 90 48 c7 c7 20 cc 75 8c 4c 89 ee e8 0d 5d 00 fd 90 <0f> 0b 90 90 e9 13 fd ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 18 fb ff [ 81.410293][ T5828] RSP: 0018:ffffc90003effb68 EFLAGS: 00010246 [ 81.416378][ T5828] RAX: 446aa7d46fd25600 RBX: ffff888077284a10 RCX: ffff888028030000 [ 81.424369][ T5828] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.432352][ T5828] RBP: 1ffff1100ee50942 R08: ffffffff81819d62 R09: 1ffff110170e519a [ 81.440428][ T5828] R10: dffffc0000000000 R11: ffffed10170e519b R12: 00000000fffffff8 [ 81.448413][ T5828] R13: 0000000000000700 R14: dffffc0000000000 R15: 0000607f47623608 [ 81.456505][ T5828] ? __warn_printk+0x292/0x360 [ 81.461298][ T5828] ? bch2_fs_release+0x743/0x7b0 [ 81.466253][ T5828] kobject_put+0x22f/0x480 [ 81.470689][ T5828] deactivate_locked_super+0xc4/0x130 [ 81.476087][ T5828] cleanup_mnt+0x41f/0x4b0 [ 81.480521][ T5828] ? lockdep_hardirqs_on+0x99/0x150 [ 81.485744][ T5828] task_work_run+0x24f/0x310 [ 81.490355][ T5828] ? __pfx_task_work_run+0x10/0x10 [ 81.495482][ T5828] ? path_umount+0x211/0xf80 [ 81.500371][ T5828] ptrace_notify+0x2d9/0x380 [ 81.504974][ T5828] ? __x64_sys_umount+0x123/0x170 [ 81.510018][ T5828] ? user_path_at+0x44/0x60 [ 81.514710][ T5828] ? __pfx_ptrace_notify+0x10/0x10 [ 81.519828][ T5828] ? kmem_cache_free+0x195/0x410 [ 81.524783][ T5828] ? __x64_sys_umount+0x123/0x170 [ 81.529936][ T5828] syscall_exit_work+0xc7/0x1d0 [ 81.534838][ T5828] syscall_exit_to_user_mode+0x24a/0x340 [ 81.540530][ T5828] do_syscall_64+0x100/0x230 [ 81.545155][ T5828] ? clear_bhb_loop+0x35/0x90 [ 81.549859][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.555859][ T5828] RIP: 0033:0x7fe4d5bdd407 [ 81.560284][ T5828] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 81.579904][ T5828] RSP: 002b:00007ffe8f35e118 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 [ 81.588335][ T5828] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe4d5bdd407 [ 81.596315][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8f35e1d0 [ 81.604295][ T5828] RBP: 00007ffe8f35e1d0 R08: 0000000000000000 R09: 0000000000000000 [ 81.612274][ T5828] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffe8f35f240 [ 81.620255][ T5828] R13: 0000555584da06c0 R14: 0000000000000001 R15: 431bde82d7b634db [ 81.628249][ T5828] [ 81.631595][ T5828] Kernel Offset: disabled [ 81.635948][ T5828] Rebooting in 86400 seconds..