./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2658253188 <...> Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. execve("./syz-executor2658253188", ["./syz-executor2658253188"], 0x7ffdd53e1620 /* 10 vars */) = 0 brk(NULL) = 0x55557bfcf000 brk(0x55557bfcfd00) = 0x55557bfcfd00 arch_prctl(ARCH_SET_FS, 0x55557bfcf380) = 0 set_tid_address(0x55557bfcf650) = 5826 set_robust_list(0x55557bfcf660, 24) = 0 rseq(0x55557bfcfca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2658253188", 4096) = 28 getrandom("\xd9\xc3\x0d\x93\x29\x01\xa5\x77", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557bfcfd00 brk(0x55557bff0d00) = 0x55557bff0d00 brk(0x55557bff1000) = 0x55557bff1000 mprotect(0x7eff7d68c000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached , child_tidptr=0x55557bfcf650) = 5827 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5827] set_robust_list(0x55557bfcf660, 24) = 0 ./strace-static-x86_64: Process 5828 attached [pid 5828] set_robust_list(0x55557bfcf660, 24 [pid 5826] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5828 [pid 5827] mkdir("./syzkaller.LaCkRr", 0700 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5829 attached [pid 5828] mkdir("./syzkaller.AHIOy2", 0700 [pid 5829] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5827] <... mkdir resumed>) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5829 [pid 5829] mkdir("./syzkaller.9Nudfc", 0700 [pid 5828] chmod("./syzkaller.AHIOy2", 0777 [pid 5827] chmod("./syzkaller.LaCkRr", 0777 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5827] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5830 attached [pid 5829] <... mkdir resumed>) = 0 [pid 5828] <... chmod resumed>) = 0 [pid 5827] chdir("./syzkaller.LaCkRr" [pid 5830] set_robust_list(0x55557bfcf660, 24 [pid 5829] chmod("./syzkaller.9Nudfc", 0777 [pid 5828] chdir("./syzkaller.AHIOy2" [pid 5827] <... chdir resumed>) = 0 [pid 5826] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5830 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5829] <... chmod resumed>) = 0 [pid 5828] <... chdir resumed>) = 0 [pid 5827] mkdir("./0", 0777 [pid 5826] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] mkdir("./syzkaller.ND69OW", 0700) = 0 [pid 5828] mkdir("./0", 0777./strace-static-x86_64: Process 5831 attached [pid 5829] chdir("./syzkaller.9Nudfc" [pid 5827] <... mkdir resumed>) = 0 [pid 5830] chmod("./syzkaller.ND69OW", 0777 [pid 5829] <... chdir resumed>) = 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5826] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5831 [pid 5829] mkdir("./0", 0777 [pid 5831] set_robust_list(0x55557bfcf660, 24 [pid 5830] <... chmod resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5827] <... openat resumed>) = 3 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5830] chdir("./syzkaller.ND69OW" [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5828] <... openat resumed>) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD [pid 5830] <... chdir resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5827] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] mkdir("./syzkaller.zeBwSt", 0700 [pid 5830] mkdir("./0", 0777 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... mkdir resumed>) = 0 [pid 5830] <... mkdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5827] close(3 [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5827] <... close resumed>) = 0 ./strace-static-x86_64: Process 5832 attached [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5832] set_robust_list(0x55557bfcf660, 24 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 5832] <... set_robust_list resumed>) = 0 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5832] chdir("./0" [pid 5830] close(3) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5832 [pid 5832] <... chdir resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] setpgid(0, 0) = 0 [pid 5833] set_robust_list(0x55557bfcf660, 24 [pid 5832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] chdir("./0" [pid 5832] <... openat resumed>) = 3 [pid 5833] <... chdir resumed>) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5833 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5832] write(3, "1000", 4 [pid 5833] <... prctl resumed>) = 0 [pid 5833] setpgid(0, 0 [pid 5832] <... write resumed>) = 4 [pid 5832] close(3 [pid 5833] <... setpgid resumed>) = 0 [pid 5831] chmod("./syzkaller.zeBwSt", 0777 [pid 5829] close(3 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5832] <... close resumed>) = 0 [pid 5829] <... close resumed>) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5833] <... openat resumed>) = 3 [pid 5832] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... chmod resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached [pid 5834] set_robust_list(0x55557bfcf660, 24 [pid 5833] write(3, "1000", 4 [pid 5832] <... symlink resumed>) = 0 [pid 5831] chdir("./syzkaller.zeBwSt" [pid 5827] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5834 [pid 5834] <... set_robust_list resumed>) = 0 [pid 5833] <... write resumed>) = 4 [pid 5831] <... chdir resumed>) = 0 [pid 5834] chdir("./0" [pid 5831] mkdir("./0", 0777 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5836 executing program [pid 5836] set_robust_list(0x55557bfcf660, 24 [pid 5834] <... chdir resumed>) = 0 [pid 5833] close(3 [pid 5832] write(1, "executing program\n", 18 [pid 5831] <... mkdir resumed>) = 0 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5833] <... close resumed>) = 0 [pid 5832] <... write resumed>) = 18 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5833] symlink("/dev/binderfs", "./binderfs" [pid 5832] memfd_create("syzkaller", 0 [pid 5831] <... openat resumed>) = 3 [pid 5833] <... symlink resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5834] <... prctl resumed>) = 0 [pid 5832] <... memfd_create resumed>) = 3 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5836] chdir("./0"executing program [pid 5834] setpgid(0, 0 [pid 5833] write(1, "executing program\n", 18 [pid 5832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] close(3 [pid 5836] <... chdir resumed>) = 0 [pid 5834] <... setpgid resumed>) = 0 [pid 5833] <... write resumed>) = 18 [pid 5832] <... mmap resumed>) = 0x7eff75000000 [pid 5833] memfd_create("syzkaller", 0 [pid 5831] <... close resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... openat resumed>) = 3 [pid 5833] <... memfd_create resumed>) = 3 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] write(3, "1000", 4 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5837 attached [pid 5836] <... prctl resumed>) = 0 [pid 5834] <... write resumed>) = 4 [pid 5833] <... mmap resumed>) = 0x7eff75000000 [pid 5837] set_robust_list(0x55557bfcf660, 24 [pid 5836] setpgid(0, 0 [pid 5834] close(3 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5836] <... setpgid resumed>) = 0 [pid 5834] <... close resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5837 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5834] symlink("/dev/binderfs", "./binderfs" [pid 5837] chdir("./0" [pid 5836] <... openat resumed>) = 3 [pid 5834] <... symlink resumed>) = 0 [pid 5837] <... chdir resumed>) = 0 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 executing program executing program [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5836] write(1, "executing program\n", 18 [pid 5834] write(1, "executing program\n", 18 [pid 5837] <... prctl resumed>) = 0 [pid 5836] <... write resumed>) = 18 [pid 5834] <... write resumed>) = 18 [pid 5837] setpgid(0, 0 [pid 5836] memfd_create("syzkaller", 0 [pid 5834] memfd_create("syzkaller", 0 [pid 5837] <... setpgid resumed>) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... memfd_create resumed>) = 3 [pid 5834] <... memfd_create resumed>) = 3 [pid 5837] <... openat resumed>) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5836] <... mmap resumed>) = 0x7eff75000000 [pid 5837] write(3, "1000", 4 [pid 5834] <... mmap resumed>) = 0x7eff75000000 [pid 5837] <... write resumed>) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5837] write(1, "executing program\n", 18) = 18 [pid 5837] memfd_create("syzkaller", 0) = 3 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5836] <... write resumed>) = 16777216 [pid 5836] munmap(0x7eff75000000, 138412032 [pid 5832] <... write resumed>) = 16777216 [pid 5832] munmap(0x7eff75000000, 138412032 [pid 5836] <... munmap resumed>) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5834] <... write resumed>) = 16777216 [pid 5833] <... write resumed>) = 16777216 [pid 5832] <... munmap resumed>) = 0 [pid 5836] <... openat resumed>) = 4 [pid 5834] munmap(0x7eff75000000, 138412032 [pid 5833] munmap(0x7eff75000000, 138412032 [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5836] ioctl(4, LOOP_SET_FD, 3 [pid 5832] <... openat resumed>) = 4 [pid 5832] ioctl(4, LOOP_SET_FD, 3 [pid 5836] <... ioctl resumed>) = 0 [pid 5837] <... write resumed>) = 16777216 [pid 5834] <... munmap resumed>) = 0 [pid 5832] <... ioctl resumed>) = 0 [pid 5837] munmap(0x7eff75000000, 138412032 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5832] close(3 [pid 5836] close(3 [pid 5834] <... openat resumed>) = 4 [pid 5833] <... munmap resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5836] <... close resumed>) = 0 [pid 5834] ioctl(4, LOOP_SET_FD, 3 [pid 5833] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5832] close(4 [pid 5836] close(4 [pid 5833] <... openat resumed>) = 4 [pid 5837] <... munmap resumed>) = 0 [pid 5836] <... close resumed>) = 0 [pid 5834] <... ioctl resumed>) = 0 [pid 5832] <... close resumed>) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5836] mkdir("./file0", 0777 [pid 5834] close(3 [pid 5832] mkdir("./file0", 0777 [pid 5837] <... openat resumed>) = 4 [pid 5834] <... close resumed>) = 0 [pid 5832] <... mkdir resumed>) = 0 [pid 5837] ioctl(4, LOOP_SET_FD, 3 [pid 5836] <... mkdir resumed>) = 0 [pid 5834] close(4 [pid 5832] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5837] <... ioctl resumed>) = 0 [pid 5836] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5834] <... close resumed>) = 0 [pid 5833] ioctl(4, LOOP_SET_FD, 3 [ 78.079308][ T5836] loop2: detected capacity change from 0 to 32768 [ 78.079524][ T5832] loop1: detected capacity change from 0 to 32768 [ 78.105404][ T5834] loop0: detected capacity change from 0 to 32768 [ 78.118800][ T5837] loop4: detected capacity change from 0 to 32768 [pid 5834] mkdir("./file0", 0777) = 0 [pid 5837] close(3 [pid 5834] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5837] <... close resumed>) = 0 [pid 5837] close(4) = 0 [pid 5837] mkdir("./file0", 0777) = 0 [pid 5833] <... ioctl resumed>) = 0 [pid 5837] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [ 78.130864][ T5833] loop3: detected capacity change from 0 to 32768 [ 78.139769][ T5832] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 78.140191][ T5836] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 78.169588][ T5834] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [pid 5833] mkdir("./file0", 0777) = 0 [ 78.183843][ T5837] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 78.203363][ T5833] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 78.353309][ T5833] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 78.365663][ T5836] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 78.372406][ T5833] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 78.390115][ T5833] bcachefs (loop3): superblock requires following recovery passes to be run: [ 78.390115][ T5833] check_inodes,check_extents,check_dirents [ 78.406196][ T5833] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 78.406196][ T5833] running recovery passes: check_allocations,check_extents_to_backpointers [ 78.424678][ T5836] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 78.430965][ T5837] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 78.446050][ T5834] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 78.463739][ T5834] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 78.467470][ T5832] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 78.481538][ T5833] bcachefs (loop3): error validating btree node at btree inodes level 0/0 [ 78.481566][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5833] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5834] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5834] ioctl(3, LOOP_CLR_FD) = 0 [ 78.481584][ T5833] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [ 78.537098][ T5832] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 78.564904][ T5837] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 78.577544][ T5834] bcachefs: bch2_fs_get_tree() error: EINVAL [ 78.696827][ T5833] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 78.696850][ T5833] mode=40755 [pid 5834] close(3 [pid 5836] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5836] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5836] ioctl(3, LOOP_CLR_FD) = 0 [ 78.696861][ T5833] flags=(16300000) [ 78.696872][ T5833] journal_seq=1 [ 78.696883][ T5833] hash_seed=28e4f092a4fc58ee [ 78.696895][ T5833] hash_type=siphash [pid 5836] close(3 [pid 5832] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5832] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5832] ioctl(3, LOOP_CLR_FD) = 0 [pid 5832] close(3 [pid 5837] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5837] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5837] ioctl(3, LOOP_CLR_FD) = 0 [ 78.696905][ T5833] bi_size=0 [ 78.696916][ T5833] bi_sectors=0 [ 78.696926][ T5833] bi_version=0 [pid 5837] close(3 [pid 5834] <... close resumed>) = 0 [ 78.696936][ T5833] bi_atime=200535484 [ 78.696947][ T5833] bi_ctime=200535484 [ 78.696958][ T5833] bi_mtime=200535484 [ 78.696968][ T5833] bi_otime=200535484 [ 78.696979][ T5833] bi_uid=0 [pid 5834] exit_group(0) = ? [pid 5834] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=45 /* 0.45 s */} --- [pid 5827] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 78.696989][ T5833] bi_gid=0 [ 78.696999][ T5833] bi_nlink=1 [ 78.697010][ T5833] bi_generation=0 [ 78.697020][ T5833] bi_dev=0 [ 78.697030][ T5833] bi_data_checksum=0 [pid 5827] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./0/binderfs") = 0 [pid 5827] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./0/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./0") = 0 [pid 5827] mkdir("./1", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] close(3) = 0 [ 78.697041][ T5833] bi_compression=0 [ 78.697052][ T5833] bi_project=0 [ 78.697062][ T5833] bi_background_compression=0 [ 78.697074][ T5833] bi_data_replicas=0 [ 78.697084][ T5833] bi_promote_target=0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached [pid 5878] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5878] chdir("./1" [pid 5827] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5878 [pid 5878] <... chdir resumed>) = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5836] <... close resumed>) = 0 [pid 5878] <... openat resumed>) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5878] write(1, "executing program\n", 18) = 18 [pid 5878] memfd_create("syzkaller", 0) = 3 [pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- [pid 5837] <... close resumed>) = 0 [pid 5829] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 78.697095][ T5833] bi_foreground_target=0 [ 78.697106][ T5833] bi_background_target=0 [ 78.697117][ T5833] bi_erasure_code=0 [ 78.697127][ T5833] bi_fields_set=0 [ 78.697138][ T5833] bi_dir=0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./0/binderfs") = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./0/file0", [pid 5837] exit_group(0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5837] <... exit_group resumed>) = ? [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5837] +++ exited with 0 +++ [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=43 /* 0.43 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./0/file0" [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] getdents64(3, [pid 5831] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./0") = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./0/binderfs", [ 78.697148][ T5833] bi_dir_offset=0 [ 78.697158][ T5833] bi_subvol=1 [ 78.697169][ T5833] bi_parent_subvol=0 [ 78.697179][ T5833] bi_nocow=0 [ 78.697190][ T5833] bi_depth=0 [ 78.697200][ T5833] bi_inodes_32bit=0 [ 78.697211][ T5833] nonzero k.p.inode: delete?, fixing [pid 5829] mkdir("./1", 0777 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5831] unlink("./0/binderfs" [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... unlink resumed>) = 0 [pid 5829] <... openat resumed>) = 3 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] newfstatat(AT_FDCWD, "./0/file0", [pid 5829] close(3 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... close resumed>) = 0 [pid 5831] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5832] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5832] exit_group(0 [pid 5831] getdents64(4, [pid 5832] <... exit_group resumed>) = ? [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5832] +++ exited with 0 +++ [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5832, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5831] close(4 [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./0/file0") = 0 [pid 5828] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./0" [pid 5828] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] mkdir("./1", 0777 [pid 5828] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... mkdir resumed>) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./0/binderfs"./strace-static-x86_64: Process 5879 attached [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... unlink resumed>) = 0 [pid 5879] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5879 [pid 5828] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] chdir("./1" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] <... chdir resumed>) = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL [ 78.770450][ T5836] bcachefs: bch2_fs_get_tree() error: EINVAL [ 78.812938][ T5832] bcachefs: bch2_fs_get_tree() error: EINVAL [ 78.827202][ T5837] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5831] ioctl(3, LOOP_CLR_FDexecuting program [pid 5828] newfstatat(AT_FDCWD, "./0/file0", [pid 5879] <... prctl resumed>) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5880 attached ) = 4 [pid 5828] newfstatat(4, "", [pid 5880] set_robust_list(0x55557bfcf660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5880 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5880] <... set_robust_list resumed>) = 0 [pid 5828] getdents64(4, [pid 5880] chdir("./1" [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5880] <... chdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5880] <... prctl resumed>) = 0 [pid 5828] close(4 [pid 5880] setpgid(0, 0 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./0/file0") = 0 [pid 5880] <... setpgid resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5828] <... close resumed>) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs" [pid 5828] rmdir("./0" [pid 5880] <... symlink resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] mkdir("./1", 0777) = 0 [pid 5880] write(1, "executing program\n", 18 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5880] <... write resumed>) = 18 [pid 5828] <... openat resumed>) = 3 [pid 5880] memfd_create("syzkaller", 0 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5881 attached [pid 5880] <... memfd_create resumed>) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5881] set_robust_list(0x55557bfcf660, 24 [pid 5879] setpgid(0, 0) = 0 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5881 [pid 5881] chdir("./1" [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5881] <... chdir resumed>) = 0 [pid 5879] <... openat resumed>) = 3 [pid 5881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5881] setpgid(0, 0) = 0 [pid 5881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5881] write(3, "1000", 4) = 4 [pid 5881] close(3) = 0 [pid 5881] symlink("/dev/binderfs", "./binderfs" [pid 5879] write(3, "1000", 4 [pid 5881] <... symlink resumed>) = 0 [pid 5879] <... write resumed>) = 4 [pid 5879] close(3 [pid 5881] write(1, "executing program\n", 18executing program [pid 5879] <... close resumed>) = 0 [pid 5881] <... write resumed>) = 18 [pid 5881] memfd_create("syzkaller", 0 [pid 5879] symlink("/dev/binderfs", "./binderfs" [pid 5881] <... memfd_create resumed>) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5879] <... symlink resumed>) = 0 executing program [pid 5879] write(1, "executing program\n", 18) = 18 [ 79.236791][ T5833] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [ 79.236791][ T5833] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5879] memfd_create("syzkaller", 0) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 79.327675][ T5833] bcachefs (loop3): error validating btree node on loop3 at btree freespace level 0/0 [ 79.327704][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 79.327721][ T5833] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 79.397119][ T5833] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [ 79.397119][ T5833] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 79.487585][ T5833] bcachefs (loop3): accounting_read... done [ 79.494767][ T5833] bcachefs (loop3): alloc_read... done [ 79.516704][ T5833] bcachefs (loop3): stripes_read... done [ 79.522447][ T5833] bcachefs (loop3): snapshots_read... done [pid 5880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 79.556692][ T5833] bcachefs (loop3): check_allocations... [ 79.560217][ T5833] btree ptr not marked in member info btree allocated bitmap [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 79.560249][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 79.690840][ T5833] btree ptr not marked in member info btree allocated bitmap [ 79.690863][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 79.787575][ T5833] btree ptr not marked in member info btree allocated bitmap [ 79.787617][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5878] <... write resumed>) = 16777216 [pid 5878] munmap(0x7eff75000000, 138412032) = 0 [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5880] <... write resumed>) = 16777216 [pid 5880] munmap(0x7eff75000000, 138412032 [pid 5878] <... openat resumed>) = 4 [pid 5881] <... write resumed>) = 16777216 [ 79.867401][ T5833] btree ptr not marked in member info btree allocated bitmap [ 79.867424][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [pid 5878] ioctl(4, LOOP_SET_FD, 3 [pid 5881] munmap(0x7eff75000000, 138412032 [pid 5878] <... ioctl resumed>) = 0 [pid 5878] close(3) = 0 [pid 5878] close(4) = 0 [pid 5878] mkdir("./file0", 0777) = 0 [pid 5878] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5880] <... munmap resumed>) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5879] <... write resumed>) = 16777216 [pid 5880] <... openat resumed>) = 4 [pid 5879] munmap(0x7eff75000000, 138412032 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] close(4) = 0 [ 79.926561][ T5833] btree ptr not marked in member info btree allocated bitmap [ 79.926583][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [pid 5880] mkdir("./file0", 0777 [pid 5881] <... munmap resumed>) = 0 [pid 5880] <... mkdir resumed>) = 0 [pid 5880] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5879] <... munmap resumed>) = 0 [pid 5881] ioctl(4, LOOP_SET_FD, 3 [pid 5879] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3 [pid 5881] <... ioctl resumed>) = 0 [pid 5881] close(3 [pid 5879] <... ioctl resumed>) = 0 [pid 5879] close(3) = 0 [pid 5879] close(4) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [pid 5879] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5881] <... close resumed>) = 0 [pid 5881] close(4) = 0 [pid 5881] mkdir("./file0", 0777) = 0 [ 79.934430][ T5878] loop0: detected capacity change from 0 to 32768 [ 79.939745][ T5878] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 79.964901][ T5880] loop4: detected capacity change from 0 to 32768 [ 79.987159][ T5880] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 80.007341][ T5881] loop1: detected capacity change from 0 to 32768 [ 80.007706][ T5879] loop2: detected capacity change from 0 to 32768 [ 80.028315][ T5879] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 80.034651][ T5881] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 80.053438][ T5878] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 80.053509][ T5878] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 80.135431][ T5833] btree ptr not marked in member info btree allocated bitmap [ 80.135452][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 80.163199][ T5833] done [ 80.170588][ T5833] bcachefs (loop3): going read-write [ 80.188094][ T5833] bcachefs (loop3): journal_replay... [ 80.199364][ T5880] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 80.227787][ T5880] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 80.268681][ T5879] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 80.295737][ T5879] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 80.301551][ T5881] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 5881] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5878] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5878] ioctl(3, LOOP_CLR_FD) = 0 [ 80.313612][ T5878] bcachefs: bch2_fs_get_tree() error: EINVAL [ 80.319692][ T5881] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 80.342126][ T5833] done [ 80.351872][ T5833] bcachefs (loop3): check_extents_to_backpointers... [ 80.353661][ T5833] bcachefs (loop3): scanning for missing backpointers in 4/128 buckets [ 80.414502][ T5833] done [ 80.437545][ T5833] bcachefs (loop3): check_inodes... [ 80.438930][ T5833] inode points to missing dirent [ 80.438958][ T5833] inum: 536870912:4294967295 [pid 5878] close(3) = 0 [pid 5880] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5878] exit_group(0) = ? [pid 5880] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5878] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5878, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=43 /* 0.43 s */} --- [pid 5827] restart_syscall(<... resuming interrupted clone ...> [pid 5880] <... openat resumed>) = 3 [pid 5880] ioctl(3, LOOP_CLR_FD) = 0 [pid 5827] <... restart_syscall resumed>) = 0 [pid 5827] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5880] close(3 [pid 5827] unlink("./1/binderfs") = 0 [pid 5827] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./1/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./1") = 0 [pid 5827] mkdir("./2", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] close(3) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached , child_tidptr=0x55557bfcf650) = 5910 [pid 5910] set_robust_list(0x55557bfcf660, 24) = 0 [ 80.438971][ T5833] mode=100755 [ 80.438982][ T5833] flags=(15300000) [ 80.438993][ T5833] journal_seq=4 [ 80.439004][ T5833] hash_seed=8469d717004af4ef [ 80.439015][ T5833] hash_type=siphash [pid 5910] chdir("./2") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5881] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5910] <... openat resumed>) = 3 [pid 5881] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5881] ioctl(3, LOOP_CLR_FD) = 0 [pid 5910] write(3, "1000", 4 [pid 5881] close(3 [pid 5910] <... write resumed>) = 4 [pid 5879] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 80.439026][ T5833] bi_size=10 [pid 5910] close(3executing program ) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5910] write(1, "executing program\n", 18 [pid 5879] <... openat resumed>) = 3 [pid 5910] <... write resumed>) = 18 [pid 5879] ioctl(3, LOOP_CLR_FD) = 0 [pid 5910] memfd_create("syzkaller", 0 [pid 5879] close(3 [pid 5910] <... memfd_create resumed>) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 80.439037][ T5833] bi_sectors=8 [ 80.439048][ T5833] bi_version=0 [ 80.439059][ T5833] bi_atime=2780562352 [ 80.439070][ T5833] bi_ctime=2780562352 [ 80.439081][ T5833] bi_mtime=2780562352 [ 80.439092][ T5833] bi_otime=2780562352 [ 80.439103][ T5833] bi_uid=0 [ 80.439113][ T5833] bi_gid=0 [ 80.439124][ T5833] bi_nlink=0 [ 80.439135][ T5833] bi_generation=0 [ 80.439146][ T5833] bi_dev=0 [ 80.439156][ T5833] bi_data_checksum=0 [ 80.439167][ T5833] bi_compression=0 [ 80.439178][ T5833] bi_project=0 [ 80.439189][ T5833] bi_background_compression=0 [pid 5880] <... close resumed>) = 0 [ 80.439201][ T5833] bi_data_replicas=0 [ 80.439212][ T5833] bi_promote_target=0 [ 80.439223][ T5833] bi_foreground_target=0 [pid 5880] exit_group(0) = ? [pid 5880] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5880, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5881] <... close resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5881] exit_group(0 [ 80.439234][ T5833] bi_background_target=0 [ 80.439245][ T5833] bi_erasure_code=0 [ 80.439256][ T5833] bi_fields_set=0 [ 80.439267][ T5833] bi_dir=4096 [ 80.439278][ T5833] bi_dir_offset=4330382808765833931 [ 80.439290][ T5833] bi_subvol=0 [ 80.439301][ T5833] bi_parent_subvol=0 [pid 5831] unlink("./1/binderfs" [pid 5881] <... exit_group resumed>) = ? [pid 5831] <... unlink resumed>) = 0 [pid 5881] +++ exited with 0 +++ [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./1/file0", [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5881, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=36 /* 0.36 s */} --- [pid 5879] exit_group(0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5879] <... exit_group resumed>) = ? [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5879] +++ exited with 0 +++ [pid 5831] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=46 /* 0.46 s */} --- [pid 5828] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5828] getdents64(3, [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(4, [pid 5829] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] getdents64(4, [pid 5828] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 80.439312][ T5833] bi_nocow=0 [ 80.439323][ T5833] bi_depth=0 [ 80.439333][ T5833] bi_inodes_32bit=0, fixing [ 80.568829][ T5880] bcachefs: bch2_fs_get_tree() error: EINVAL [ 80.642883][ T5881] bcachefs: bch2_fs_get_tree() error: EINVAL [ 80.652082][ T5879] bcachefs: bch2_fs_get_tree() error: EINVAL [ 81.024221][ T5833] done [pid 5831] <... close resumed>) = 0 [pid 5829] newfstatat(3, "", [pid 5828] unlink("./1/binderfs" [pid 5831] rmdir("./1/file0") = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... unlink resumed>) = 0 [pid 5831] getdents64(3, [pid 5829] getdents64(3, [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... close resumed>) = 0 [pid 5829] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] rmdir("./1" [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... rmdir resumed>) = 0 [pid 5829] newfstatat(AT_FDCWD, "./1/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] mkdir("./2", 0777 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5829] unlink("./1/binderfs" [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5829] <... unlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] getdents64(4, [pid 5910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./1/file0" [pid 5831] <... openat resumed>) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] getdents64(3, [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3 [ 81.036411][ T5833] bcachefs (loop3): check_extents... done [ 81.049191][ T5833] bcachefs (loop3): check_dirents... [ 81.052840][ T5833] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 81.052865][ T5833] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 5828] close(3 [pid 5831] <... close resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] rmdir("./1" [pid 5829] newfstatat(AT_FDCWD, "./1/file0", [pid 5828] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] mkdir("./2", 0777 [pid 5829] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... mkdir resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5829] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... openat resumed>) = 3 [pid 5829] <... openat resumed>) = 4 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5829] newfstatat(4, "", [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] close(3 [pid 5829] getdents64(4, [pid 5828] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5911 attached [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5911 [pid 5829] close(4) = 0 [pid 5829] rmdir("./1/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./1") = 0 [pid 5829] mkdir("./2", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5911] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... openat resumed>) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5911] <... set_robust_list resumed>) = 0 [pid 5829] close(3 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5912 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5912 attached [ 81.084689][ T5833] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 81.084725][ T5833] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 81.114526][ T5833] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 81.114550][ T5833] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing ./strace-static-x86_64: Process 5913 attached [pid 5912] set_robust_list(0x55557bfcf660, 24 [pid 5911] chdir("./2" [pid 5912] <... set_robust_list resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5913 [pid 5913] set_robust_list(0x55557bfcf660, 24 [pid 5912] chdir("./2" [pid 5911] <... chdir resumed>) = 0 [pid 5913] <... set_robust_list resumed>) = 0 [pid 5912] <... chdir resumed>) = 0 [pid 5911] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5913] chdir("./2" [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] <... chdir resumed>) = 0 [pid 5912] write(3, "1000", 4 [pid 5911] <... prctl resumed>) = 0 [pid 5912] <... write resumed>) = 4 [pid 5912] close(3 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5911] setpgid(0, 0 [pid 5913] <... prctl resumed>) = 0 [pid 5911] <... setpgid resumed>) = 0 [pid 5912] <... close resumed>) = 0 [pid 5913] setpgid(0, 0 [pid 5912] symlink("/dev/binderfs", "./binderfs" [pid 5911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5913] <... setpgid resumed>) = 0 [pid 5912] <... symlink resumed>) = 0 [pid 5911] <... openat resumed>) = 3 executing program [pid 5911] write(3, "1000", 4 [pid 5912] write(1, "executing program\n", 18) = 18 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5912] memfd_create("syzkaller", 0 [pid 5911] <... write resumed>) = 4 [pid 5912] <... memfd_create resumed>) = 3 [pid 5913] <... openat resumed>) = 3 [pid 5911] close(3 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5913] write(3, "1000", 4 [pid 5911] <... close resumed>) = 0 [pid 5913] <... write resumed>) = 4 [pid 5911] symlink("/dev/binderfs", "./binderfs") = 0 [ 81.143699][ T5833] dirent points to inode that does not point back: [ 81.143720][ T5833] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 81.143736][ T5833] inum: 536870912:4294967295 [ 81.143748][ T5833] mode=100755 [ 81.143760][ T5833] flags=(15300000) [ 81.143771][ T5833] journal_seq=18 [ 81.143782][ T5833] hash_seed=8469d717004af4ef [ 81.143803][ T5833] hash_type=siphash [ 81.143815][ T5833] bi_size=10 [pid 5913] close(3executing program executing program ) = 0 [pid 5911] write(1, "executing program\n", 18 [pid 5913] symlink("/dev/binderfs", "./binderfs" [pid 5911] <... write resumed>) = 18 [pid 5913] <... symlink resumed>) = 0 [pid 5911] memfd_create("syzkaller", 0 [pid 5913] write(1, "executing program\n", 18 [pid 5911] <... memfd_create resumed>) = 3 [pid 5913] <... write resumed>) = 18 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 81.143826][ T5833] bi_sectors=8 [ 81.143836][ T5833] bi_version=0 [ 81.143847][ T5833] bi_atime=2780562352 [ 81.143858][ T5833] bi_ctime=2780562352 [ 81.143870][ T5833] bi_mtime=2780562352 [ 81.143881][ T5833] bi_otime=2780562352 [ 81.143892][ T5833] bi_uid=0 [ 81.143903][ T5833] bi_gid=0 [ 81.143914][ T5833] bi_nlink=0 [ 81.143924][ T5833] bi_generation=0 [ 81.143936][ T5833] bi_dev=0 [ 81.143947][ T5833] bi_data_checksum=0 [ 81.143958][ T5833] bi_compression=0 [ 81.143970][ T5833] bi_project=0 [ 81.143981][ T5833] bi_background_compression=0 [ 81.143993][ T5833] bi_data_replicas=0 [ 81.144004][ T5833] bi_promote_target=0 [ 81.144015][ T5833] bi_foreground_target=0 [ 81.144027][ T5833] bi_background_target=0 [ 81.144039][ T5833] bi_erasure_code=0 [ 81.144050][ T5833] bi_fields_set=0 [ 81.144061][ T5833] bi_dir=0 [ 81.144072][ T5833] bi_dir_offset=4330382808765833931 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5910] <... write resumed>) = 16777216 [pid 5913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5910] munmap(0x7eff75000000, 138412032) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] close(4) = 0 [pid 5910] mkdir("./file0", 0777) = 0 [ 81.144084][ T5833] bi_subvol=0 [ 81.144095][ T5833] bi_parent_subvol=0 [ 81.144107][ T5833] bi_nocow=0 [ 81.144118][ T5833] bi_depth=0 [ 81.144129][ T5833] bi_inodes_32bit=0, fixing [ 81.540353][ T5910] loop0: detected capacity change from 0 to 32768 [ 81.565913][ T5833] inode 536870912:4294967295 has wrong backpointer: [ 81.565934][ T5833] got 0:4330382808765833931 [ 81.565947][ T5833] should be 4096:4330382808765833931, fixing [ 81.580181][ T5910] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 81.670655][ T5833] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [pid 5910] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5912] <... write resumed>) = 16777216 [pid 5912] munmap(0x7eff75000000, 138412032) = 0 [ 81.670680][ T5833] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 81.729281][ T5910] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 81.742893][ T5833] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [ 81.742918][ T5833] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5912] close(3) = 0 [pid 5912] close(4) = 0 [pid 5912] mkdir("./file0", 0777) = 0 [ 81.767956][ T5910] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 81.817925][ T5912] loop4: detected capacity change from 0 to 32768 [pid 5912] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5911] <... write resumed>) = 16777216 [ 81.869523][ T5833] bcachefs (loop3): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [ 81.890182][ T5912] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [pid 5911] munmap(0x7eff75000000, 138412032) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] close(4) = 0 [ 81.918064][ T5833] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [ 81.947825][ T5833] done [ 81.950474][ T5911] loop1: detected capacity change from 0 to 32768 [ 81.960249][ T5833] bcachefs (loop3): resume_logged_ops... done [pid 5911] mkdir("./file0", 0777) = 0 [pid 5911] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5913] <... write resumed>) = 16777216 [pid 5913] munmap(0x7eff75000000, 138412032) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [ 81.966440][ T5833] bcachefs (loop3): delete_dead_inodes... done [ 81.972438][ T5911] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 82.009954][ T5913] loop2: detected capacity change from 0 to 32768 [pid 5913] close(3) = 0 [pid 5913] close(4) = 0 [pid 5913] mkdir("./file0", 0777) = 0 [ 82.021255][ T5833] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 82.035198][ T5912] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 82.045077][ T5833] bcachefs (loop3): check_extents_to_backpointers... done [ 82.061662][ T5912] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 82.081478][ T5913] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 82.082889][ T5833] bcachefs (loop3): check_inodes... done [ 82.102002][ T5833] bcachefs (loop3): check_extents... done [ 82.103548][ T5910] bcachefs: bch2_fs_get_tree() error: EINVAL [ 82.109767][ T5833] bcachefs (loop3): check_dirents... [ 82.119627][ T5833] dirent points to missing inode: [pid 5913] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5910] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 82.119646][ T5833] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 82.143523][ T5833] directory 4096:4294967295 with wrong i_size: got 288, should be 352, fixing [ 82.157611][ T5833] done [ 82.161667][ T5833] bcachefs (loop3): resume_logged_ops... done [ 82.168800][ T5833] bcachefs (loop3): delete_dead_inodes... done [ 82.175056][ T5833] bcachefs (loop3): Second fsck run was not clean [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.188688][ T5833] bcachefs (loop3): going read-only [ 82.193118][ T5911] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 82.194337][ T5833] bcachefs (loop3): finished waiting for writes to stop [ 82.210783][ T5911] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 82.211422][ T5833] bcachefs (loop3): flushing journal and stopping allocators, journal seq 22 [pid 5910] ioctl(3, LOOP_CLR_FD) = 0 [ 82.230176][ T5833] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 23 [pid 5910] close(3 [pid 5830] kill(-5833, SIGKILL) = 0 [pid 5830] kill(5833, SIGKILL) = 0 [pid 5833] <... mount resumed>) = ? [ 82.265248][ T5833] bcachefs (loop3): clean shutdown complete, journal seq 24 [ 82.279412][ T5913] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 82.288609][ T5833] bcachefs (loop3): marking filesystem clean [ 82.295600][ T5833] bcachefs (loop3): done starting filesystem [pid 5833] +++ killed by SIGKILL +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5833, si_uid=0, si_status=SIGKILL, si_utime=2 /* 0.02 s */, si_stime=157 /* 1.57 s */} --- [pid 5830] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [ 82.324529][ T5913] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 82.338901][ T5833] syz-executor265 (5833) used greatest stack depth: 10928 bytes left [pid 5830] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./0/binderfs") = 0 [ 82.403476][ T5830] bcachefs (loop3): shutting down [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5913] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5913] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5913] ioctl(3, LOOP_CLR_FD) = 0 [ 82.459434][ T5913] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5913] close(3 [pid 5912] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5912] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5912] ioctl(3, LOOP_CLR_FD) = 0 [pid 5912] close(3 [pid 5911] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5911] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5911] ioctl(3, LOOP_CLR_FD) = 0 [ 82.520358][ T5912] bcachefs: bch2_fs_get_tree() error: EINVAL [ 82.541766][ T5830] bcachefs (loop3): shutdown complete [ 82.561824][ T5911] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5911] close(3 [pid 5910] <... close resumed>) = 0 [pid 5910] exit_group(0) = ? [pid 5910] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5910, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=47 /* 0.47 s */} --- [pid 5827] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5827] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./2/binderfs") = 0 [pid 5827] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./2/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./2") = 0 [pid 5827] mkdir("./3", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] close(3) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 5943 ./strace-static-x86_64: Process 5943 attached [pid 5943] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5943] chdir("./3") = 0 executing program [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5913] <... close resumed>) = 0 [pid 5913] exit_group(0 [pid 5943] <... prctl resumed>) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5943] write(1, "executing program\n", 18) = 18 [pid 5943] memfd_create("syzkaller", 0 [pid 5913] <... exit_group resumed>) = ? [pid 5943] <... memfd_create resumed>) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5913] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5913, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=51 /* 0.51 s */} --- [pid 5912] <... close resumed>) = 0 [pid 5912] exit_group(0 [pid 5829] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5912] <... exit_group resumed>) = ? [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] +++ exited with 0 +++ [pid 5829] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- [pid 5831] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(3, "", [pid 5829] getdents64(3, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] getdents64(3, [pid 5829] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(AT_FDCWD, "./2/binderfs", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./2/binderfs") = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] unlink("./2/binderfs" [pid 5831] <... openat resumed>) = 4 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] newfstatat(AT_FDCWD, "./2/file0", [pid 5831] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] close(4 [pid 5829] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... close resumed>) = 0 [pid 5829] <... openat resumed>) = 4 [pid 5831] rmdir("./2/file0" [pid 5829] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5829] getdents64(4, [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] close(3 [pid 5829] getdents64(4, [pid 5831] <... close resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] rmdir("./2" [pid 5829] close(4 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] <... close resumed>) = 0 [pid 5831] mkdir("./3", 0777 [pid 5829] rmdir("./2/file0") = 0 [pid 5831] <... mkdir resumed>) = 0 [pid 5829] getdents64(3, [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5831] <... openat resumed>) = 3 [pid 5829] <... close resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] rmdir("./2") = 0 [pid 5829] mkdir("./3", 0777) = 0 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 5911] <... close resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] <... close resumed>) = 0 [pid 5911] exit_group(0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... openat resumed>) = 3 [pid 5911] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5944 attached [pid 5911] +++ exited with 0 +++ [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5944] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5911, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5945 attached ) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", [pid 5944] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5944 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5945 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5945] set_robust_list(0x55557bfcf660, 24 [pid 5944] chdir("./3" [pid 5945] <... set_robust_list resumed>) = 0 [pid 5944] <... chdir resumed>) = 0 [pid 5945] chdir("./3" [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5945] <... chdir resumed>) = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5945] <... setpgid resumed>) = 0 [pid 5828] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5945] <... openat resumed>) = 3 [pid 5828] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5945] write(3, "1000", 4 [pid 5828] unlink("./2/binderfs"executing program [pid 5945] <... write resumed>) = 4 [pid 5944] <... prctl resumed>) = 0 [pid 5945] close(3 [pid 5944] setpgid(0, 0) = 0 [pid 5945] <... close resumed>) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs" [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5945] <... symlink resumed>) = 0 [pid 5944] <... openat resumed>) = 3 [pid 5945] write(1, "executing program\n", 18) = 18 [pid 5945] memfd_create("syzkaller", 0 [pid 5944] write(3, "1000", 4 [pid 5945] <... memfd_create resumed>) = 3 [pid 5945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5828] <... unlink resumed>) = 0 [pid 5944] <... write resumed>) = 4 [pid 5828] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5944] close(3 [pid 5828] newfstatat(AT_FDCWD, "./2/file0", [pid 5944] <... close resumed>) = 0 [pid 5944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./2/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./2") = 0 [pid 5828] mkdir("./3", 0777) = 0 executing program [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5944] write(1, "executing program\n", 18) = 18 [pid 5828] <... openat resumed>) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3 [pid 5944] memfd_create("syzkaller", 0 [pid 5828] <... close resumed>) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5944] <... memfd_create resumed>) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 ./strace-static-x86_64: Process 5946 attached [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5946 [pid 5946] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5946] chdir("./3") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] write(1, "executing program\n", 18executing program ) = 18 [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5945] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5943] <... write resumed>) = 16777216 [pid 5943] munmap(0x7eff75000000, 138412032) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] close(4) = 0 [pid 5943] mkdir("./file0", 0777) = 0 [ 83.400967][ T5943] loop0: detected capacity change from 0 to 32768 [ 83.422871][ T5943] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [pid 5943] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5944] <... write resumed>) = 16777216 [pid 5944] munmap(0x7eff75000000, 138412032 [pid 5945] <... write resumed>) = 16777216 [pid 5944] <... munmap resumed>) = 0 [pid 5945] munmap(0x7eff75000000, 138412032 [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3 [pid 5946] <... write resumed>) = 16777216 [pid 5944] <... ioctl resumed>) = 0 [pid 5946] munmap(0x7eff75000000, 138412032 [pid 5945] <... munmap resumed>) = 0 [pid 5944] close(3) = 0 [pid 5944] close(4 [pid 5945] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5944] <... close resumed>) = 0 [pid 5945] <... openat resumed>) = 4 [pid 5944] mkdir("./file0", 0777 [pid 5945] ioctl(4, LOOP_SET_FD, 3 [pid 5944] <... mkdir resumed>) = 0 [pid 5944] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5946] <... munmap resumed>) = 0 [pid 5945] <... ioctl resumed>) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5945] close(3 [ 83.538760][ T5944] loop4: detected capacity change from 0 to 32768 [ 83.567786][ T5945] loop2: detected capacity change from 0 to 32768 [pid 5946] ioctl(4, LOOP_SET_FD, 3 [pid 5945] <... close resumed>) = 0 [pid 5945] close(4) = 0 [pid 5945] mkdir("./file0", 0777 [pid 5946] <... ioctl resumed>) = 0 [pid 5945] <... mkdir resumed>) = 0 [pid 5946] close(3) = 0 [pid 5945] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5946] close(4) = 0 [pid 5946] mkdir("./file0", 0777) = 0 [ 83.581664][ T5944] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 83.582482][ T5946] loop1: detected capacity change from 0 to 32768 [ 83.621465][ T5945] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 83.642877][ T5946] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 83.776597][ T5943] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 83.796076][ T5943] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 83.804634][ T5943] bcachefs (loop0): superblock requires following recovery passes to be run: [ 83.804634][ T5943] check_inodes,check_extents,check_dirents [ 83.821933][ T5943] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 83.821933][ T5943] running recovery passes: check_allocations,check_extents_to_backpointers [ 83.850365][ T5944] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 83.865096][ T5945] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 5946] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 83.874869][ T5945] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 83.875203][ T5946] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 83.894584][ T5944] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 83.906027][ T5946] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 83.916460][ T5943] bcachefs (loop0): error validating btree node at btree inodes level 0/0 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./0/file0") = 0 [ 83.916484][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 83.916501][ T5943] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./0") = 0 [pid 5830] mkdir("./1", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = 0 [ 83.995133][ T5943] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 83.995157][ T5943] mode=40755 [ 83.995168][ T5943] flags=(16300000) [ 83.995180][ T5943] journal_seq=1 [ 83.995190][ T5943] hash_seed=28e4f092a4fc58ee [ 83.995202][ T5943] hash_type=siphash [ 83.995213][ T5943] bi_size=0 [ 83.995224][ T5943] bi_sectors=0 [ 83.995235][ T5943] bi_version=0 [ 83.995246][ T5943] bi_atime=200535484 [ 83.995257][ T5943] bi_ctime=200535484 [ 83.995269][ T5943] bi_mtime=200535484 [ 83.995280][ T5943] bi_otime=200535484 [ 83.995299][ T5943] bi_uid=0 [ 83.995310][ T5943] bi_gid=0 [ 83.995321][ T5943] bi_nlink=1 [ 83.995331][ T5943] bi_generation=0 [pid 5830] close(3 [pid 5945] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 83.995343][ T5943] bi_dev=0 [ 83.995353][ T5943] bi_data_checksum=0 [ 83.995365][ T5943] bi_compression=0 [ 83.995376][ T5943] bi_project=0 [ 83.995387][ T5943] bi_background_compression=0 [pid 5945] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5945] ioctl(3, LOOP_CLR_FD [pid 5946] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5944] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5946] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5944] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5946] <... openat resumed>) = 3 [pid 5944] <... openat resumed>) = 3 [pid 5946] ioctl(3, LOOP_CLR_FD [pid 5945] <... ioctl resumed>) = 0 [pid 5944] ioctl(3, LOOP_CLR_FD [pid 5946] <... ioctl resumed>) = 0 [pid 5945] close(3 [pid 5944] <... ioctl resumed>) = 0 [pid 5946] close(3 [ 83.995398][ T5943] bi_data_replicas=0 [ 83.995410][ T5943] bi_promote_target=0 [ 83.995421][ T5943] bi_foreground_target=0 [ 83.995432][ T5943] bi_background_target=0 [ 83.995444][ T5943] bi_erasure_code=0 [ 83.995455][ T5943] bi_fields_set=0 [ 83.995466][ T5943] bi_dir=0 [ 83.995477][ T5943] bi_dir_offset=0 [ 83.995488][ T5943] bi_subvol=1 [ 83.995499][ T5943] bi_parent_subvol=0 [pid 5944] close(3 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x55557bfcf660, 24 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5976 [pid 5976] <... set_robust_list resumed>) = 0 [pid 5976] chdir("./1") = 0 [pid 5976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5976] setpgid(0, 0) = 0 [ 83.995510][ T5943] bi_nocow=0 [ 83.995521][ T5943] bi_depth=0 [ 83.995532][ T5943] bi_inodes_32bit=0 [pid 5976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5976] write(3, "1000", 4) = 4 [pid 5976] close(3) = 0 [pid 5976] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5976] write(1, "executing program\n", 18) = 18 [pid 5976] memfd_create("syzkaller", 0) = 3 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 83.995543][ T5943] nonzero k.p.inode: delete?, fixing [ 84.227212][ T5945] bcachefs: bch2_fs_get_tree() error: EINVAL [ 84.240423][ T5944] bcachefs: bch2_fs_get_tree() error: EINVAL [ 84.242778][ T5946] bcachefs: bch2_fs_get_tree() error: EINVAL [ 84.494654][ T5943] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 84.494654][ T5943] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5944] <... close resumed>) = 0 [pid 5945] <... close resumed>) = 0 [pid 5944] exit_group(0 [pid 5946] <... close resumed>) = 0 [pid 5944] <... exit_group resumed>) = ? [pid 5946] exit_group(0) = ? [pid 5945] exit_group(0 [pid 5944] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=42 /* 0.42 s */} --- [pid 5946] +++ exited with 0 +++ [pid 5945] <... exit_group resumed>) = ? [pid 5831] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5946, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [pid 5831] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5945] +++ exited with 0 +++ [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=51 /* 0.51 s */} --- [pid 5831] getdents64(3, [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [ 84.593810][ T5943] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 84.593865][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 5831] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5829] <... restart_syscall resumed>) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./3/binderfs" [pid 5828] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5829] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] <... openat resumed>) = 3 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] newfstatat(3, "", [pid 5828] newfstatat(3, "", [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(AT_FDCWD, "./3/file0", [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, [pid 5829] getdents64(3, [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5828] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./3/binderfs") = 0 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5829] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] newfstatat(4, "", [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./3/binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] getdents64(4, [pid 5829] <... openat resumed>) = 4 [pid 5828] <... unlink resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 84.593884][ T5943] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 84.651292][ T5943] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 84.651292][ T5943] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 84.680647][ T5943] bcachefs (loop0): accounting_read... done [pid 5829] close(4) = 0 [pid 5829] rmdir("./3/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5831] getdents64(4, [pid 5829] rmdir("./3" [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5828] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 5829] mkdir("./4", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./3/file0", [pid 5831] rmdir("./3/file0" [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5831] getdents64(3, [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3 [pid 5828] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5829] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./3" [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./4", 0777 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5977 attached [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5977 [pid 5828] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5828] <... openat resumed>) = 4 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] newfstatat(4, "", [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5977] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5831] close(3 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5977] chdir("./4" [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... close resumed>) = 0 [pid 5828] getdents64(4, [pid 5977] <... chdir resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5977] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5978 attached [pid 5977] setpgid(0, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 5978 [pid 5828] getdents64(4, [pid 5978] set_robust_list(0x55557bfcf660, 24 [pid 5977] <... setpgid resumed>) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5978] <... set_robust_list resumed>) = 0 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5977] write(3, "1000", 4 [pid 5828] close(4 [pid 5977] <... write resumed>) = 4 [pid 5828] <... close resumed>) = 0 [pid 5977] close(3 [pid 5828] rmdir("./3/file0" [pid 5978] chdir("./4" [pid 5977] <... close resumed>) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5978] <... chdir resumed>) = 0 [pid 5977] <... symlink resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] getdents64(3, [pid 5978] <... prctl resumed>) = 0 [pid 5977] write(1, "executing program\n", 18 [pid 5978] setpgid(0, 0 [pid 5977] <... write resumed>) = 18 [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5978] <... setpgid resumed>) = 0 [pid 5977] memfd_create("syzkaller", 0 [pid 5828] close(3 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] <... memfd_create resumed>) = 3 [pid 5978] <... openat resumed>) = 3 [ 84.691525][ T5943] bcachefs (loop0): alloc_read... done [ 84.706759][ T5943] bcachefs (loop0): stripes_read... done [ 84.726476][ T5943] bcachefs (loop0): snapshots_read... done [pid 5977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... close resumed>) = 0 [pid 5977] <... mmap resumed>) = 0x7eff75000000 executing program [pid 5828] rmdir("./3" [pid 5978] write(3, "1000", 4) = 4 [pid 5828] <... rmdir resumed>) = 0 [pid 5978] close(3) = 0 [pid 5828] mkdir("./4", 0777 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] write(1, "executing program\n", 18) = 18 [pid 5978] memfd_create("syzkaller", 0 [pid 5828] <... mkdir resumed>) = 0 [pid 5978] <... memfd_create resumed>) = 3 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... openat resumed>) = 3 [pid 5978] <... mmap resumed>) = 0x7eff75000000 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 5979 [ 84.740035][ T5943] bcachefs (loop0): check_allocations... [ 84.745587][ T5943] btree ptr not marked in member info btree allocated bitmap [ 84.745610][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing ./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5979] chdir("./4") = 0 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5979] setpgid(0, 0) = 0 [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5979] write(3, "1000", 4) = 4 [pid 5979] close(3) = 0 [pid 5979] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5979] write(1, "executing program\n", 18) = 18 [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 84.839972][ T5943] btree ptr not marked in member info btree allocated bitmap [ 84.839995][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 84.908489][ T5943] btree ptr not marked in member info btree allocated bitmap [ 84.908511][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 84.973502][ T5943] btree ptr not marked in member info btree allocated bitmap [ 84.973523][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [pid 5977] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 85.047144][ T5943] btree ptr not marked in member info btree allocated bitmap [ 85.047166][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5976] <... write resumed>) = 16777216 [pid 5976] munmap(0x7eff75000000, 138412032) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 85.107810][ T5943] btree ptr not marked in member info btree allocated bitmap [ 85.107834][ T5943] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [pid 5976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5976] close(3) = 0 [pid 5976] close(4) = 0 [pid 5976] mkdir("./file0", 0777) = 0 [ 85.178225][ T5976] loop3: detected capacity change from 0 to 32768 [ 85.191141][ T5976] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 85.233853][ T5943] done [ 85.261375][ T5943] bcachefs (loop0): going read-write [ 85.293449][ T5943] bcachefs (loop0): journal_replay... [ 85.310335][ T5976] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 85.327866][ T5976] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 5976] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5977] <... write resumed>) = 16777216 [pid 5977] munmap(0x7eff75000000, 138412032) = 0 [pid 5978] <... write resumed>) = 16777216 [pid 5978] munmap(0x7eff75000000, 138412032 [pid 5977] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5977] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5977] close(3) = 0 [ 85.451711][ T5943] done [ 85.455734][ T5943] bcachefs (loop0): check_extents_to_backpointers... [ 85.457528][ T5943] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 85.486769][ T5943] done [ 85.491423][ T5943] bcachefs (loop0): check_inodes... [pid 5978] <... munmap resumed>) = 0 [pid 5977] close(4) = 0 [pid 5977] mkdir("./file0", 0777 [pid 5978] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5977] <... mkdir resumed>) = 0 [pid 5977] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5978] <... openat resumed>) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3 [pid 5976] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5978] <... close resumed>) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5976] ioctl(3, LOOP_CLR_FD) = 0 [pid 5976] close(3 [pid 5978] close(4) = 0 [pid 5978] mkdir("./file0", 0777) = 0 [ 85.492247][ T5943] inode points to missing dirent [ 85.492263][ T5943] inum: 536870912:4294967295 [ 85.492275][ T5943] mode=100755 [ 85.492285][ T5943] flags=(15300000) [ 85.492295][ T5943] journal_seq=4 [ 85.492305][ T5943] hash_seed=8469d717004af4ef [pid 5978] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5979] <... write resumed>) = 16777216 [pid 5979] munmap(0x7eff75000000, 138412032) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] close(4) = 0 [pid 5979] mkdir("./file0", 0777) = 0 [ 85.492316][ T5943] hash_type=siphash [ 85.492326][ T5943] bi_size=10 [ 85.492336][ T5943] bi_sectors=8 [pid 5979] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5976] <... close resumed>) = 0 [pid 5976] exit_group(0) = ? [pid 5976] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5976, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=40 /* 0.40 s */} --- [pid 5830] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./1/binderfs") = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 85.492346][ T5943] bi_version=0 [ 85.492356][ T5943] bi_atime=2780562352 [ 85.492366][ T5943] bi_ctime=2780562352 [ 85.492376][ T5943] bi_mtime=2780562352 [ 85.492387][ T5943] bi_otime=2780562352 [ 85.492397][ T5943] bi_uid=0 [ 85.492407][ T5943] bi_gid=0 [ 85.492416][ T5943] bi_nlink=0 [ 85.492426][ T5943] bi_generation=0 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./1/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [ 85.492436][ T5943] bi_dev=0 [ 85.492446][ T5943] bi_data_checksum=0 [ 85.492464][ T5943] bi_compression=0 [ 85.492474][ T5943] bi_project=0 [ 85.492484][ T5943] bi_background_compression=0 [ 85.492495][ T5943] bi_data_replicas=0 [ 85.492505][ T5943] bi_promote_target=0 [ 85.492515][ T5943] bi_foreground_target=0 [ 85.492526][ T5943] bi_background_target=0 [ 85.492554][ T5943] bi_erasure_code=0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./1") = 0 [ 85.492565][ T5943] bi_fields_set=0 [ 85.492576][ T5943] bi_dir=4096 [ 85.492586][ T5943] bi_dir_offset=4330382808765833931 [ 85.492598][ T5943] bi_subvol=0 [ 85.492609][ T5943] bi_parent_subvol=0 [ 85.492620][ T5943] bi_nocow=0 [ 85.492630][ T5943] bi_depth=0 [ 85.492641][ T5943] bi_inodes_32bit=0, fixing [ 85.506876][ T5977] loop2: detected capacity change from 0 to 32768 [ 85.535968][ T5976] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5830] mkdir("./2", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6008] chdir("./2") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 85.537379][ T5978] loop4: detected capacity change from 0 to 32768 [ 85.537567][ T5977] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 85.588536][ T5978] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 85.657486][ T5979] loop1: detected capacity change from 0 to 32768 [ 85.674953][ T5977] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 85.675025][ T5977] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete executing program [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] write(1, "executing program\n", 18) = 18 [pid 6008] memfd_create("syzkaller", 0) = 3 [pid 6008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6008 [ 85.686880][ T5979] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 85.822544][ T5978] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 85.823872][ T5943] done [ 85.876748][ T5978] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 85.915950][ T5979] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 85.979993][ T5943] bcachefs (loop0): check_extents... done [ 85.986768][ T5979] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 86.034931][ T5943] bcachefs (loop0): check_dirents... [pid 5977] <... mount resumed>) = -1 EINVAL (Invalid argument) [ 86.036083][ T5943] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 86.036105][ T5943] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 5977] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5977] ioctl(3, LOOP_CLR_FD) = 0 [ 86.117091][ T5977] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5977] close(3 [ 86.171123][ T5943] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 6008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5979] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5979] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5979] ioctl(3, LOOP_CLR_FD) = 0 [ 86.171144][ T5943] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 86.249670][ T5943] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 5979] close(3 [pid 5978] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5978] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5978] ioctl(3, LOOP_CLR_FD) = 0 [ 86.249695][ T5943] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 5978] close(3 [pid 5977] <... close resumed>) = 0 [pid 5977] exit_group(0) = ? [pid 5977] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.291169][ T5979] bcachefs: bch2_fs_get_tree() error: EINVAL [ 86.330447][ T5978] bcachefs: bch2_fs_get_tree() error: EINVAL [ 86.404050][ T5943] dirent points to inode that does not point back: [pid 5829] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./4/binderfs") = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./4/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./4") = 0 [pid 5829] mkdir("./5", 0777) = 0 [ 86.404071][ T5943] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x55557bfcf650) = 6009 [pid 6009] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6009] chdir("./5") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [ 86.404087][ T5943] inum: 536870912:4294967295 [ 86.404100][ T5943] mode=100755 [ 86.404111][ T5943] flags=(15300000) [ 86.404122][ T5943] journal_seq=19 [ 86.404133][ T5943] hash_seed=8469d717004af4ef [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6009] write(1, "executing program\n", 18) = 18 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 86.404145][ T5943] hash_type=siphash [ 86.404157][ T5943] bi_size=10 [ 86.404168][ T5943] bi_sectors=8 [ 86.404179][ T5943] bi_version=0 [ 86.404190][ T5943] bi_atime=2780562352 [pid 5979] <... close resumed>) = 0 [pid 5978] <... close resumed>) = 0 [pid 5979] exit_group(0 [pid 5978] exit_group(0) = ? [pid 5978] +++ exited with 0 +++ [pid 5979] <... exit_group resumed>) = ? [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=50 /* 0.50 s */} --- [pid 5979] +++ exited with 0 +++ [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=45 /* 0.45 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] getdents64(3, [pid 5831] newfstatat(3, "", [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5831] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] unlink("./4/binderfs" [pid 5831] newfstatat(AT_FDCWD, "./4/binderfs", [pid 5828] <... unlink resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./4/binderfs" [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./4/file0", [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... openat resumed>) = 4 [pid 5831] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] newfstatat(4, "", [pid 5831] <... openat resumed>) = 4 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] newfstatat(4, "", [pid 5828] getdents64(4, [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5828] getdents64(4, [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(4, [pid 5828] close(4 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] <... close resumed>) = 0 [pid 5831] close(4 [pid 5828] rmdir("./4/file0" [pid 5831] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] rmdir("./4/file0" [pid 5828] getdents64(3, [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5831] close(3 [pid 5828] <... close resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] rmdir("./4") = 0 [pid 5831] rmdir("./4") = 0 [pid 5828] mkdir("./5", 0777) = 0 [pid 5831] mkdir("./5", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... openat resumed>) = 3 [ 86.404202][ T5943] bi_ctime=2780562352 [ 86.404214][ T5943] bi_mtime=2780562352 [ 86.404225][ T5943] bi_otime=2780562352 [ 86.404237][ T5943] bi_uid=0 [ 86.404248][ T5943] bi_gid=0 [ 86.404259][ T5943] bi_nlink=0 [ 86.404270][ T5943] bi_generation=0 [ 86.404281][ T5943] bi_dev=0 [pid 5831] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6010 attached ) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 6011 ./strace-static-x86_64: Process 6011 attached [pid 6010] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6010] chdir("./5") = 0 [pid 6010] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6010] setpgid(0, 0) = 0 [pid 6010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6010 [ 86.404292][ T5943] bi_data_checksum=0 executing program [pid 6011] set_robust_list(0x55557bfcf660, 24 [pid 6010] <... openat resumed>) = 3 [pid 6010] write(3, "1000", 4) = 4 [pid 6010] close(3) = 0 [pid 6010] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6010] write(1, "executing program\n", 18) = 18 [pid 6010] memfd_create("syzkaller", 0) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6008] <... write resumed>) = 16777216 [pid 6011] chdir("./5" [pid 6008] munmap(0x7eff75000000, 138412032 [pid 6011] <... chdir resumed>) = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] <... munmap resumed>) = 0 [pid 6011] setpgid(0, 0 [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6011] <... setpgid resumed>) = 0 [pid 6008] <... openat resumed>) = 4 [pid 6008] ioctl(4, LOOP_SET_FD, 3 [ 86.404304][ T5943] bi_compression=0 [ 86.404315][ T5943] bi_project=0 [ 86.404327][ T5943] bi_background_compression=0 [ 86.404339][ T5943] bi_data_replicas=0 [ 86.404350][ T5943] bi_promote_target=0 [ 86.404362][ T5943] bi_foreground_target=0 [ 86.404374][ T5943] bi_background_target=0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] <... ioctl resumed>) = 0 [pid 6008] close(3 [pid 6011] write(3, "1000", 4) = 4 [pid 6008] <... close resumed>) = 0 [pid 6008] close(4 [pid 6011] close(3) = 0 [pid 6008] <... close resumed>) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs" [pid 6008] mkdir("./file0", 0777 [pid 6011] <... symlink resumed>) = 0 [pid 6008] <... mkdir resumed>) = 0 [pid 6011] write(1, "executing program\n", 18 [pid 6008] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29"executing program [pid 6011] <... write resumed>) = 18 [pid 6011] memfd_create("syzkaller", 0) = 3 [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 86.404393][ T5943] bi_erasure_code=0 [ 86.404405][ T5943] bi_fields_set=0 [ 86.404417][ T5943] bi_dir=0 [ 86.404428][ T5943] bi_dir_offset=4330382808765833931 [ 86.404440][ T5943] bi_subvol=0 [ 86.404451][ T5943] bi_parent_subvol=0 [ 86.404462][ T5943] bi_nocow=0 [ 86.404473][ T5943] bi_depth=0 [ 86.404484][ T5943] bi_inodes_32bit=0, fixing [ 86.744461][ T6008] loop3: detected capacity change from 0 to 32768 [ 86.786563][ T6008] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 86.890976][ T6008] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 86.891049][ T6008] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 86.986885][ T5943] inode 536870912:4294967295 has wrong backpointer: [ 86.986902][ T5943] got 0:4330382808765833931 [ 86.986912][ T5943] should be 4096:4330382808765833931, fixing [ 87.008580][ T119] cfg80211: failed to load regulatory.db [pid 6009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 87.030956][ T5943] dirent points to inode that does not point back: [ 87.030978][ T5943] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 87.030994][ T5943] inum: 536870912:4294967295 [ 87.031006][ T5943] mode=100755 [ 87.031017][ T5943] flags=(15300000) [ 87.031028][ T5943] journal_seq=19 [ 87.031040][ T5943] hash_seed=8469d717004af4ef [ 87.031051][ T5943] hash_type=siphash [ 87.031063][ T5943] bi_size=10 [ 87.031086][ T5943] bi_sectors=8 [ 87.031096][ T5943] bi_version=0 [ 87.031107][ T5943] bi_atime=2780562352 [ 87.031118][ T5943] bi_ctime=2780562352 [ 87.031129][ T5943] bi_mtime=2780562352 [ 87.031140][ T5943] bi_otime=2780562352 [ 87.031151][ T5943] bi_uid=0 [ 87.031161][ T5943] bi_gid=0 [ 87.031172][ T5943] bi_nlink=0 [ 87.031182][ T5943] bi_generation=0 [ 87.031193][ T5943] bi_dev=0 [ 87.031203][ T5943] bi_data_checksum=0 [ 87.031214][ T5943] bi_compression=0 [ 87.031225][ T5943] bi_project=0 [ 87.031236][ T5943] bi_background_compression=0 [ 87.031247][ T5943] bi_data_replicas=0 [ 87.031258][ T5943] bi_promote_target=0 [ 87.031269][ T5943] bi_foreground_target=0 [ 87.031280][ T5943] bi_background_target=0 [ 87.031291][ T5943] bi_erasure_code=0 [ 87.031302][ T5943] bi_fields_set=0 [ 87.031313][ T5943] bi_dir=0 [ 87.031323][ T5943] bi_dir_offset=4330382808765833931 [ 87.031335][ T5943] bi_subvol=0 [ 87.031346][ T5943] bi_parent_subvol=0 [ 87.031384][ T5943] bi_nocow=0 [ 87.031395][ T5943] bi_depth=0 [ 87.031406][ T5943] bi_inodes_32bit=0, fixing [ 87.214849][ T6008] bcachefs: bch2_fs_get_tree() error: EINVAL [ 87.336743][ T5943] inode 536870912:4294967295 has wrong backpointer: [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6009] <... write resumed>) = 16777216 [pid 6009] munmap(0x7eff75000000, 138412032) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [ 87.336766][ T5943] got 0:4330382808765833931 [pid 6009] close(3) = 0 [pid 6009] close(4) = 0 [pid 6009] mkdir("./file0", 0777) = 0 [ 87.336777][ T5943] should be 4096:4330382808765833931, fixing [ 87.377901][ T6009] loop2: detected capacity change from 0 to 32768 [ 87.418965][ T5943] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [pid 6009] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6011] <... write resumed>) = 16777216 [pid 6011] munmap(0x7eff75000000, 138412032 [pid 6008] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6008] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6008] ioctl(3, LOOP_CLR_FD) = 0 [ 87.419012][ T5943] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 87.443775][ T6009] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6008] close(3 [pid 6011] <... munmap resumed>) = 0 [pid 6011] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6011] ioctl(4, LOOP_SET_FD, 3) = 0 [ 87.527979][ T5943] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [ 87.560296][ T5943] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [pid 6011] close(3) = 0 [pid 6011] close(4) = 0 [pid 6011] mkdir("./file0", 0777 [pid 6010] <... write resumed>) = 16777216 [pid 6011] <... mkdir resumed>) = 0 [ 87.575587][ T6009] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 87.575659][ T6009] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 87.581701][ T6011] loop4: detected capacity change from 0 to 32768 [pid 6011] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6010] munmap(0x7eff75000000, 138412032) = 0 [ 87.649378][ T6011] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 87.691336][ T5943] done [ 87.699019][ T5943] bcachefs (loop0): resume_logged_ops... done [pid 6010] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [ 87.706265][ T5943] bcachefs (loop0): delete_dead_inodes... done [ 87.717238][ T6010] loop1: detected capacity change from 0 to 32768 [pid 6010] close(3) = 0 [pid 6010] close(4 [pid 5827] kill(-5943, SIGKILL [pid 6010] <... close resumed>) = 0 [pid 5827] <... kill resumed>) = 0 [pid 5827] kill(5943, SIGKILL [pid 6010] mkdir("./file0", 0777 [pid 5827] <... kill resumed>) = 0 [pid 6010] <... mkdir resumed>) = 0 [ 87.749238][ T5943] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 87.784816][ T6011] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6010] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6009] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6009] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 87.795443][ T6010] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 87.810718][ T5943] bcachefs (loop0): check_extents_to_backpointers... done [ 87.821099][ T5943] bcachefs (loop0): check_inodes... done [ 87.829341][ T6009] bcachefs: bch2_fs_get_tree() error: EINVAL [ 87.838650][ T5943] bcachefs (loop0): check_extents... done [pid 6009] ioctl(3, LOOP_CLR_FD) = 0 [pid 6009] close(3 [pid 6008] <... close resumed>) = 0 [pid 6008] exit_group(0) = ? [pid 6008] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=52 /* 0.52 s */} --- [ 87.845295][ T5943] bcachefs (loop0): check_dirents... [ 87.847724][ T5943] dirent points to missing inode: [ 87.847744][ T5943] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [pid 5830] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./2/binderfs") = 0 [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 87.860150][ T6011] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 87.922540][ T5943] directory 4096:4294967295 with wrong i_size: got 288, should be 352, fixing [pid 5830] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 87.977109][ T5943] done [ 87.987340][ T5943] bcachefs (loop0): resume_logged_ops... done [ 87.993511][ T5943] bcachefs (loop0): delete_dead_inodes... done [ 88.005861][ T6010] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./2/file0") = 0 [ 88.050318][ T5943] bcachefs (loop0): Second fsck run was not clean [ 88.062186][ T6010] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./2") = 0 [pid 5830] mkdir("./3", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6041 attached , child_tidptr=0x55557bfcf650) = 6041 [pid 6041] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6041] chdir("./3") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [ 88.102746][ T5943] bcachefs (loop0): going read-only [ 88.108287][ T5943] bcachefs (loop0): finished waiting for writes to stop [ 88.127718][ T5943] bcachefs (loop0): flushing journal and stopping allocators, journal seq 24 executing program [pid 6009] <... close resumed>) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] write(1, "executing program\n", 18) = 18 [pid 6041] memfd_create("syzkaller", 0) = 3 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6009] exit_group(0) = ? [pid 6009] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=46 /* 0.46 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 88.187011][ T5943] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 25 [pid 5829] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./5/binderfs") = 0 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./5/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./5") = 0 [pid 5829] mkdir("./6", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 88.228859][ T5943] bcachefs (loop0): clean shutdown complete, journal seq 26 [ 88.268067][ T5943] bcachefs (loop0): marking filesystem clean [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x55557bfcf650) = 6042 [pid 6042] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6042] chdir("./6") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4executing program ) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6042] write(1, "executing program\n", 18) = 18 [pid 6042] memfd_create("syzkaller", 0 [pid 5943] <... mount resumed>) = ? [pid 6042] <... memfd_create resumed>) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 88.282563][ T5943] bcachefs (loop0): done starting filesystem [ 88.295779][ T6011] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5943] +++ killed by SIGKILL +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5943, si_uid=0, si_status=SIGKILL, si_utime=6 /* 0.06 s */, si_stime=163 /* 1.63 s */} --- [pid 5827] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./3/binderfs") = 0 [pid 5827] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6011] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6011] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6011] ioctl(3, LOOP_CLR_FD) = 0 [ 88.324131][ T5943] syz-executor265 (5943) used greatest stack depth: 10256 bytes left [ 88.347064][ T5827] bcachefs (loop0): shutting down [pid 6011] close(3 [pid 6010] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6010] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6010] ioctl(3, LOOP_CLR_FD) = 0 [ 88.409277][ T6010] bcachefs: bch2_fs_get_tree() error: EINVAL [ 88.528488][ T5827] bcachefs (loop0): shutdown complete [pid 6010] close(3 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6011] <... close resumed>) = 0 [pid 6011] exit_group(0) = ? [pid 6011] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=41 /* 0.41 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6010] <... close resumed>) = 0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6010] exit_group(0 [pid 5831] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6010] <... exit_group resumed>) = ? [pid 5831] <... openat resumed>) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6010] +++ exited with 0 +++ [pid 5831] unlink("./5/binderfs") = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6010, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=49 /* 0.49 s */} --- [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... restart_syscall resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 4 [pid 5828] newfstatat(AT_FDCWD, "./5/binderfs", [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] getdents64(4, [pid 5828] unlink("./5/binderfs" [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] <... unlink resumed>) = 0 [pid 5831] getdents64(4, [pid 5828] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./5/file0", [pid 5831] rmdir("./5/file0" [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 5828] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] getdents64(3, [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] close(3) = 0 [pid 5828] <... openat resumed>) = 4 [pid 5831] rmdir("./5" [pid 5828] newfstatat(4, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] mkdir("./6", 0777 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] <... mkdir resumed>) = 0 [pid 5828] getdents64(4, [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] close(4) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] rmdir("./5/file0" [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5828] getdents64(3, [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6043 attached [pid 6043] set_robust_list(0x55557bfcf660, 24 [pid 5828] close(3 [pid 6043] <... set_robust_list resumed>) = 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6043 [pid 6043] chdir("./6" [pid 5828] <... close resumed>) = 0 [pid 6043] <... chdir resumed>) = 0 [pid 6043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] rmdir("./5") = 0 [pid 5828] mkdir("./6", 0777) = 0 [pid 6043] <... prctl resumed>) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6043] setpgid(0, 0 [pid 5828] ioctl(3, LOOP_CLR_FD [pid 6043] <... setpgid resumed>) = 0 [pid 5828] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] close(3 [pid 6043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... close resumed>) = 0 [pid 6043] <... openat resumed>) = 3 [pid 6041] <... write resumed>) = 16777216 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6043] write(3, "1000", 4 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6044 [pid 6043] <... write resumed>) = 4 [pid 6043] close(3 [pid 6041] munmap(0x7eff75000000, 138412032 [pid 6043] <... close resumed>) = 0 ./strace-static-x86_64: Process 6044 attached [pid 6043] symlink("/dev/binderfs", "./binderfs" [pid 6041] <... munmap resumed>) = 0 [pid 6043] <... symlink resumed>) = 0 [pid 6041] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 executing program executing program [pid 6044] set_robust_list(0x55557bfcf660, 24 [pid 6043] write(1, "executing program\n", 18 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... write resumed>) = 18 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6044] chdir("./6") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6044] write(1, "executing program\n", 18) = 18 [pid 6044] memfd_create("syzkaller", 0) = 3 [pid 6043] memfd_create("syzkaller", 0 [pid 6041] <... ioctl resumed>) = 0 [pid 6043] <... memfd_create resumed>) = 3 [pid 6041] close(3) = 0 [pid 6041] close(4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] <... close resumed>) = 0 [pid 6044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6041] mkdir("./file0", 0777 [pid 6043] <... mmap resumed>) = 0x7eff75000000 [pid 6041] <... mkdir resumed>) = 0 [ 88.867591][ T6041] loop3: detected capacity change from 0 to 32768 [ 88.926782][ T6041] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [pid 6041] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6042] <... write resumed>) = 16777216 [pid 6042] munmap(0x7eff75000000, 138412032) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] close(4) = 0 [pid 6042] mkdir("./file0", 0777) = 0 [ 89.018036][ T6042] loop2: detected capacity change from 0 to 32768 [pid 6042] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 89.067149][ T6042] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6044] <... write resumed>) = 16777216 [pid 6044] munmap(0x7eff75000000, 138412032) = 0 [pid 6044] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6044] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... write resumed>) = 16777216 [pid 6044] <... ioctl resumed>) = 0 [pid 6044] close(3 [pid 6043] munmap(0x7eff75000000, 138412032 [pid 6044] <... close resumed>) = 0 [pid 6044] close(4) = 0 [pid 6044] mkdir("./file0", 0777) = 0 [pid 6044] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6043] <... munmap resumed>) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [ 89.298195][ T6044] loop1: detected capacity change from 0 to 32768 [ 89.332437][ T6044] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [pid 6043] close(4) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [ 89.347109][ T6043] loop4: detected capacity change from 0 to 32768 [ 89.385074][ T6043] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 89.409842][ T6041] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 89.427856][ T6041] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 89.441720][ T6041] bcachefs (loop3): superblock requires following recovery passes to be run: [ 89.441720][ T6041] check_inodes,check_extents,check_dirents [ 89.456775][ T6041] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 89.456775][ T6041] running recovery passes: check_allocations,check_extents_to_backpointers [ 89.477403][ T6042] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 89.486821][ T6042] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 89.512773][ T6041] bcachefs (loop3): error validating btree node at btree inodes level 0/0 [ 89.512797][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 89.512815][ T6041] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [ 89.559540][ T6041] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 89.559564][ T6041] mode=40755 [ 89.559575][ T6041] flags=(16300000) [ 89.559585][ T6041] journal_seq=1 [ 89.559595][ T6041] hash_seed=28e4f092a4fc58ee [ 89.559606][ T6041] hash_type=siphash [ 89.559616][ T6041] bi_size=0 [pid 6043] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5827] <... umount2 resumed>) = 0 [pid 5827] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 89.559626][ T6041] bi_sectors=0 [ 89.559636][ T6041] bi_version=0 [ 89.559647][ T6041] bi_atime=200535484 [ 89.559657][ T6041] bi_ctime=200535484 [ 89.559668][ T6041] bi_mtime=200535484 [ 89.559678][ T6041] bi_otime=200535484 [pid 5827] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6042] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./3/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5827] close(3) = 0 [pid 5827] rmdir("./3" [pid 6042] <... openat resumed>) = 3 [pid 5827] <... rmdir resumed>) = 0 [pid 5827] mkdir("./4", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = 0 [pid 5827] close(3 [ 89.559689][ T6041] bi_uid=0 [ 89.559698][ T6041] bi_gid=0 [ 89.559708][ T6041] bi_nlink=1 [ 89.559719][ T6041] bi_generation=0 [ 89.559729][ T6041] bi_dev=0 [ 89.559739][ T6041] bi_data_checksum=0 [pid 6042] ioctl(3, LOOP_CLR_FD) = 0 [ 89.559749][ T6041] bi_compression=0 [ 89.559759][ T6041] bi_project=0 [ 89.559770][ T6041] bi_background_compression=0 [ 89.559780][ T6041] bi_data_replicas=0 [pid 6042] close(3 [pid 6043] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6044] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6043] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 89.559791][ T6041] bi_promote_target=0 [ 89.559802][ T6041] bi_foreground_target=0 [pid 6044] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6043] <... openat resumed>) = 3 [pid 6043] ioctl(3, LOOP_CLR_FD) = 0 [pid 6043] close(3 [pid 6044] <... openat resumed>) = 3 [pid 6044] ioctl(3, LOOP_CLR_FD) = 0 [ 89.559813][ T6041] bi_background_target=0 [ 89.559824][ T6041] bi_erasure_code=0 [ 89.559834][ T6041] bi_fields_set=0 [ 89.559845][ T6041] bi_dir=0 [ 89.559855][ T6041] bi_dir_offset=0 [ 89.559865][ T6041] bi_subvol=1 [ 89.559875][ T6041] bi_parent_subvol=0 [ 89.559886][ T6041] bi_nocow=0 [ 89.559896][ T6041] bi_depth=0 [ 89.559906][ T6041] bi_inodes_32bit=0 [pid 6044] close(3 [pid 5827] <... close resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 6074 ./strace-static-x86_64: Process 6074 attached [ 89.559916][ T6041] nonzero k.p.inode: delete?, fixing [ 89.596101][ T6043] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6074] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6074] chdir("./4") = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6074] write(1, "executing program\n", 18executing program ) = 18 [pid 6074] memfd_create("syzkaller", 0) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6042] <... close resumed>) = 0 [ 89.596175][ T6043] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 89.603297][ T6044] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6043] <... close resumed>) = 0 [pid 6042] exit_group(0) = ? [pid 6042] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6042, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=40 /* 0.40 s */} --- [pid 6043] exit_group(0) = ? [ 89.603368][ T6044] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 89.740633][ T6042] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 6043] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6043, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- [pid 5831] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... openat resumed>) = 3 [pid 6044] <... close resumed>) = 0 [pid 5831] newfstatat(3, "", [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6044] exit_group(0 [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 6044] <... exit_group resumed>) = ? [pid 5831] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] getdents64(3, [pid 6044] +++ exited with 0 +++ [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=47 /* 0.47 s */} --- [pid 5831] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5829] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] unlink("./6/binderfs" [pid 5829] newfstatat(AT_FDCWD, "./6/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... unlink resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] unlink("./6/binderfs" [pid 5828] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... unlink resumed>) = 0 [pid 5828] newfstatat(3, "", [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] getdents64(3, [pid 5831] newfstatat(AT_FDCWD, "./6/file0", [pid 5829] newfstatat(AT_FDCWD, "./6/file0", [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 89.884403][ T6043] bcachefs: bch2_fs_get_tree() error: EINVAL [ 89.885035][ T6044] bcachefs: bch2_fs_get_tree() error: EINVAL [ 90.233030][ T6041] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [ 90.233030][ T6041] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5828] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./6/binderfs") = 0 [pid 5828] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] close(4 [pid 5829] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5828] <... close resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] rmdir("./6/file0" [pid 5831] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... openat resumed>) = 4 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... openat resumed>) = 4 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./6" [pid 5831] newfstatat(4, "", [pid 5829] newfstatat(4, "", [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] mkdir("./7", 0777 [pid 5831] close(4) = 0 [pid 5829] getdents64(4, [pid 5828] <... mkdir resumed>) = 0 [pid 5831] rmdir("./6/file0" [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... rmdir resumed>) = 0 [pid 5829] close(4 [ 90.290848][ T6041] bcachefs (loop3): error validating btree node on loop3 at btree freespace level 0/0 [ 90.290872][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 90.290890][ T6041] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] getdents64(3, [pid 5829] <... close resumed>) = 0 [pid 5828] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] rmdir("./6/file0" [pid 5831] close(3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] <... rmdir resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 5829] getdents64(3, [pid 5831] rmdir("./6" [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3 [pid 5831] <... rmdir resumed>) = 0 [pid 5829] close(3 [pid 5831] mkdir("./7", 0777 [pid 5829] <... close resumed>) = 0 [pid 5829] rmdir("./6" [pid 5828] <... close resumed>) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./7", 0777 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... mkdir resumed>) = 0 [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6075 attached [pid 6075] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... openat resumed>) = 3 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6075 [pid 6075] <... set_robust_list resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] ioctl(3, LOOP_CLR_FD [pid 6075] chdir("./7" [pid 5831] <... openat resumed>) = 3 [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6075] <... chdir resumed>) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] close(3 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5829] <... close resumed>) = 0 [pid 6075] <... prctl resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6075] setpgid(0, 0./strace-static-x86_64: Process 6076 attached ) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6076 [pid 6076] set_robust_list(0x55557bfcf660, 24 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6076] <... set_robust_list resumed>) = 0 [pid 6075] <... openat resumed>) = 3 [pid 6076] chdir("./7" [pid 6075] write(3, "1000", 4 [pid 6076] <... chdir resumed>) = 0 [pid 6075] <... write resumed>) = 4 [pid 6076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6075] close(3 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6076] <... prctl resumed>) = 0 [pid 6075] <... close resumed>) = 0 [pid 5831] close(3 [pid 6076] setpgid(0, 0 [pid 6075] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... close resumed>) = 0 [pid 6076] <... setpgid resumed>) = 0 [pid 6075] <... symlink resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6075] write(1, "executing program\n", 18executing program [pid 6076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6075] <... write resumed>) = 18 ./strace-static-x86_64: Process 6077 attached [pid 6076] <... openat resumed>) = 3 [pid 6075] memfd_create("syzkaller", 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6077 [pid 6076] write(3, "1000", 4) = 4 [pid 6075] <... memfd_create resumed>) = 3 [pid 6076] close(3 [ 90.339073][ T6041] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [ 90.339073][ T6041] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6076] <... close resumed>) = 0 [pid 6075] <... mmap resumed>) = 0x7eff75000000 [pid 6076] symlink("/dev/binderfs", "./binderfs" [pid 6077] set_robust_list(0x55557bfcf660, 24 [pid 6076] <... symlink resumed>) = 0 [pid 6076] write(1, "executing program\n", 18executing program [pid 6077] <... set_robust_list resumed>) = 0 [pid 6076] <... write resumed>) = 18 [pid 6077] chdir("./7" [pid 6076] memfd_create("syzkaller", 0 [pid 6077] <... chdir resumed>) = 0 executing program [pid 6076] <... memfd_create resumed>) = 3 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6077] <... prctl resumed>) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] write(1, "executing program\n", 18) = 18 [pid 6077] memfd_create("syzkaller", 0) = 3 [pid 6076] <... mmap resumed>) = 0x7eff75000000 [ 90.397336][ T6041] bcachefs (loop3): accounting_read... done [ 90.406364][ T6041] bcachefs (loop3): alloc_read... done [pid 6077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 90.446161][ T6041] bcachefs (loop3): stripes_read... done [ 90.463110][ T6041] bcachefs (loop3): snapshots_read... done [ 90.479910][ T6041] bcachefs (loop3): check_allocations... [ 90.483375][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.483395][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 90.570957][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.570980][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [pid 6074] <... write resumed>) = 16777216 [pid 6074] munmap(0x7eff75000000, 138412032) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 90.640082][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.640105][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [pid 6076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] close(4 [pid 6077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6074] <... close resumed>) = 0 [pid 6074] mkdir("./file0", 0777) = 0 [ 90.695380][ T6074] loop0: detected capacity change from 0 to 32768 [ 90.712019][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.712041][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 90.767426][ T6074] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 90.786835][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.786858][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 90.867925][ T6041] btree ptr not marked in member info btree allocated bitmap [ 90.867949][ T6041] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [pid 6074] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6076] <... write resumed>) = 16777216 [ 90.942816][ T6041] done [pid 6076] munmap(0x7eff75000000, 138412032) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 90.975509][ T6041] bcachefs (loop3): going read-write [ 90.994061][ T6074] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 91.006407][ T6074] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6076] close(3) = 0 [pid 6076] close(4) = 0 [pid 6076] mkdir("./file0", 0777) = 0 [ 91.018155][ T6041] bcachefs (loop3): journal_replay... [ 91.026291][ T6076] loop2: detected capacity change from 0 to 32768 [ 91.081498][ T6076] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6076] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6077] <... write resumed>) = 16777216 [pid 6077] munmap(0x7eff75000000, 138412032) = 0 [pid 6077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6077] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6077] close(3) = 0 [pid 6077] close(4) = 0 [pid 6077] mkdir("./file0", 0777) = 0 [ 91.188869][ T6077] loop4: detected capacity change from 0 to 32768 [ 91.217537][ T6077] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 91.233315][ T6074] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 6077] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6074] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6074] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6074] ioctl(3, LOOP_CLR_FD) = 0 [ 91.240185][ T6041] done [ 91.247505][ T6041] bcachefs (loop3): check_extents_to_backpointers... [ 91.249241][ T6041] bcachefs (loop3): scanning for missing backpointers in 4/128 buckets [ 91.249415][ T6076] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 91.259074][ T6041] done [ 91.283497][ T6076] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6074] close(3 [pid 6075] <... write resumed>) = 16777216 [ 91.316007][ T6041] bcachefs (loop3): check_inodes... [ 91.320609][ T6041] inode points to missing dirent [pid 6075] munmap(0x7eff75000000, 138412032) = 0 [pid 6074] <... close resumed>) = 0 [pid 6074] exit_group(0) = ? [pid 6075] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 91.320628][ T6041] inum: 536870912:4294967295 [ 91.320640][ T6041] mode=100755 [ 91.320650][ T6041] flags=(15300000) [ 91.320660][ T6041] journal_seq=4 [ 91.320671][ T6041] hash_seed=8469d717004af4ef [ 91.320681][ T6041] hash_type=siphash [ 91.320692][ T6041] bi_size=10 [ 91.320702][ T6041] bi_sectors=8 [ 91.320713][ T6041] bi_version=0 [ 91.320723][ T6041] bi_atime=2780562352 [ 91.320733][ T6041] bi_ctime=2780562352 [ 91.320743][ T6041] bi_mtime=2780562352 [ 91.320753][ T6041] bi_otime=2780562352 [ 91.320763][ T6041] bi_uid=0 [ 91.320792][ T6041] bi_gid=0 [ 91.320803][ T6041] bi_nlink=0 [ 91.320814][ T6041] bi_generation=0 [ 91.320824][ T6041] bi_dev=0 [ 91.320835][ T6041] bi_data_checksum=0 [ 91.320845][ T6041] bi_compression=0 [ 91.320856][ T6041] bi_project=0 [pid 6075] ioctl(4, LOOP_SET_FD, 3 [pid 6074] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=45 /* 0.45 s */} --- [pid 5827] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6075] <... ioctl resumed>) = 0 [pid 5827] <... openat resumed>) = 3 [pid 6075] close(3 [pid 5827] newfstatat(3, "", [pid 6075] <... close resumed>) = 0 [ 91.320875][ T6041] bi_background_compression=0 [ 91.320886][ T6041] bi_data_replicas=0 [ 91.320897][ T6041] bi_promote_target=0 [ 91.320908][ T6041] bi_foreground_target=0 [ 91.320919][ T6041] bi_background_target=0 [ 91.320930][ T6041] bi_erasure_code=0 [ 91.320942][ T6041] bi_fields_set=0 [ 91.320952][ T6041] bi_dir=4096 [ 91.320962][ T6041] bi_dir_offset=4330382808765833931 [ 91.320974][ T6041] bi_subvol=0 [ 91.320984][ T6041] bi_parent_subvol=0 [ 91.320995][ T6041] bi_nocow=0 [ 91.321006][ T6041] bi_depth=0 [pid 5827] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 91.321017][ T6041] bi_inodes_32bit=0, fixing [ 91.426003][ T6075] loop1: detected capacity change from 0 to 32768 [ 91.429748][ T6041] done [ 91.547333][ T6076] bcachefs: bch2_fs_get_tree() error: EINVAL [ 91.549440][ T6077] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 91.562884][ T6077] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6075] close(4 [pid 5827] getdents64(3, [pid 6076] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6075] <... close resumed>) = 0 [pid 6075] mkdir("./file0", 0777 [pid 5827] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 6075] <... mkdir resumed>) = 0 [pid 6075] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5827] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6076] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5827] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6076] ioctl(3, LOOP_CLR_FD [pid 5827] unlink("./4/binderfs" [pid 6076] <... ioctl resumed>) = 0 [pid 5827] <... unlink resumed>) = 0 [pid 5827] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./4/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./4") = 0 [pid 6076] close(3 [pid 5827] mkdir("./5", 0777) = 0 [ 91.572872][ T6041] bcachefs (loop3): check_extents... done [ 91.574687][ T6075] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 91.605460][ T6041] bcachefs (loop3): check_dirents... [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] close(3) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 6104 ./strace-static-x86_64: Process 6104 attached [pid 6104] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6104] chdir("./5") = 0 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6104] setpgid(0, 0) = 0 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6104] write(1, "executing program\n", 18) = 18 [pid 6104] memfd_create("syzkaller", 0) = 3 [pid 6104] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 91.606537][ T6041] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 91.606557][ T6041] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 91.737581][ T6041] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 91.737604][ T6041] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 91.763298][ T6041] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 91.763321][ T6041] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 91.788166][ T6041] dirent points to inode that does not point back: [ 91.788185][ T6041] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 91.788200][ T6041] inum: 536870912:4294967295 [ 91.788211][ T6041] mode=100755 [ 91.788220][ T6041] flags=(15300000) [ 91.788230][ T6041] journal_seq=18 [ 91.788240][ T6041] hash_seed=8469d717004af4ef [ 91.788250][ T6041] hash_type=siphash [ 91.788261][ T6041] bi_size=10 [ 91.788271][ T6041] bi_sectors=8 [ 91.788281][ T6041] bi_version=0 [ 91.788291][ T6041] bi_atime=2780562352 [ 91.788300][ T6041] bi_ctime=2780562352 [ 91.788309][ T6041] bi_mtime=2780562352 [ 91.788319][ T6041] bi_otime=2780562352 [ 91.788329][ T6041] bi_uid=0 [ 91.788338][ T6041] bi_gid=0 [ 91.788347][ T6041] bi_nlink=0 [ 91.788356][ T6041] bi_generation=0 [ 91.788365][ T6041] bi_dev=0 [ 91.788374][ T6041] bi_data_checksum=0 [ 91.788384][ T6041] bi_compression=0 [ 91.788394][ T6041] bi_project=0 [ 91.788404][ T6041] bi_background_compression=0 [ 91.788414][ T6041] bi_data_replicas=0 [ 91.788424][ T6041] bi_promote_target=0 [ 91.788435][ T6041] bi_foreground_target=0 [ 91.788445][ T6041] bi_background_target=0 [ 91.788456][ T6041] bi_erasure_code=0 [ 91.788466][ T6041] bi_fields_set=0 [ 91.788476][ T6041] bi_dir=0 [ 91.788486][ T6041] bi_dir_offset=4330382808765833931 [ 91.788497][ T6041] bi_subvol=0 [ 91.788506][ T6041] bi_parent_subvol=0 [ 91.788517][ T6041] bi_nocow=0 [ 91.788526][ T6041] bi_depth=0 [ 91.788536][ T6041] bi_inodes_32bit=0, fixing [ 91.812660][ T6077] bcachefs: bch2_fs_get_tree() error: EINVAL [ 91.951468][ T6041] inode 536870912:4294967295 has wrong backpointer: [ 91.951487][ T6041] got 0:4330382808765833931 [pid 6104] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6077] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6077] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6077] ioctl(3, LOOP_CLR_FD) = 0 [pid 6077] close(3 [pid 6076] <... close resumed>) = 0 [ 91.951499][ T6041] should be 4096:4330382808765833931, fixing [ 91.954178][ T6075] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 91.979570][ T6075] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 91.988008][ T6041] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [pid 6076] exit_group(0) = ? [pid 6076] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6076, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=55 /* 0.55 s */} --- [ 91.988032][ T6041] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 92.052000][ T6041] bcachefs (loop3): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./7/binderfs") = 0 [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 92.063383][ T6041] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [ 92.078158][ T6041] done [ 92.087691][ T6041] bcachefs (loop3): resume_logged_ops... done [ 92.106717][ T6041] bcachefs (loop3): delete_dead_inodes... done [pid 5829] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 92.132424][ T6041] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 92.156774][ T6041] bcachefs (loop3): check_extents_to_backpointers... done [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./7/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [ 92.181098][ T6041] bcachefs (loop3): check_inodes... done [ 92.196727][ T6041] bcachefs (loop3): check_extents... done [ 92.203612][ T6041] bcachefs (loop3): check_dirents... [ 92.204392][ T6041] dirent points to missing inode: [pid 5829] close(3) = 0 [pid 5829] rmdir("./7") = 0 [pid 5829] mkdir("./8", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 92.204408][ T6041] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 92.257604][ T6041] directory 4096:4294967295 with wrong i_size: got 288, should be 352, fixing [ 92.268358][ T6041] done [pid 5829] close(3 [pid 6075] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... close resumed>) = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6075] ioctl(3, LOOP_CLR_FD) = 0 [pid 6075] close(3 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6108 [pid 6108] <... set_robust_list resumed>) = 0 [pid 6108] chdir("./8") = 0 [pid 6077] <... close resumed>) = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs" [pid 6077] exit_group(0 [pid 6108] <... symlink resumed>) = 0 [pid 6108] write(1, "executing program\n", 18executing program [pid 6077] <... exit_group resumed>) = ? [pid 6108] <... write resumed>) = 18 [ 92.284045][ T6041] bcachefs (loop3): resume_logged_ops... done [ 92.297189][ T6075] bcachefs: bch2_fs_get_tree() error: EINVAL [ 92.301370][ T6041] bcachefs (loop3): delete_dead_inodes... done [pid 6108] memfd_create("syzkaller", 0 [pid 6077] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=60 /* 0.60 s */} --- [pid 6108] <... memfd_create resumed>) = 3 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5831] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.347371][ T6041] bcachefs (loop3): Second fsck run was not clean [ 92.381979][ T6041] bcachefs (loop3): going read-only [ 92.388958][ T6041] bcachefs (loop3): finished waiting for writes to stop [pid 5831] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [ 92.396173][ T6041] bcachefs (loop3): flushing journal and stopping allocators, journal seq 22 [ 92.418512][ T6041] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 23 [pid 5831] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./7/binderfs", [pid 6104] <... write resumed>) = 16777216 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./7/binderfs" [pid 6104] munmap(0x7eff75000000, 138412032 [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6104] <... munmap resumed>) = 0 [pid 6041] <... mount resumed>) = 0 [pid 5831] newfstatat(AT_FDCWD, "./7/file0", [pid 6104] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6041] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 6104] <... openat resumed>) = 4 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6104] ioctl(4, LOOP_SET_FD, 3 [pid 6041] <... openat resumed>) = 3 [pid 5831] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6041] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 92.448937][ T6041] bcachefs (loop3): clean shutdown complete, journal seq 24 [ 92.461095][ T6041] bcachefs (loop3): marking filesystem clean [ 92.474939][ T6041] bcachefs (loop3): done starting filesystem [pid 5831] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6041] ioctl(4, LOOP_CLR_FD [pid 5831] <... openat resumed>) = 4 [pid 6104] <... ioctl resumed>) = 0 [pid 6041] <... ioctl resumed>) = 0 [pid 5831] newfstatat(4, "", [pid 6104] close(3 [pid 6041] close(4) = 0 [pid 6104] <... close resumed>) = 0 [pid 6075] <... close resumed>) = 0 [pid 6104] close(4 [pid 6041] exit_group(0) = ? [pid 6104] <... close resumed>) = 0 [pid 6075] exit_group(0 [pid 6104] mkdir("./file0", 0777 [pid 6041] +++ exited with 0 +++ [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6104] <... mkdir resumed>) = 0 [pid 5831] getdents64(4, [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=123 /* 1.23 s */} --- [pid 6104] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 6075] <... exit_group resumed>) = ? [pid 6075] +++ exited with 0 +++ [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6075, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=47 /* 0.47 s */} --- [pid 5830] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(4 [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] rmdir("./7/file0" [pid 5830] newfstatat(3, "", [pid 5831] <... rmdir resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 5830] getdents64(3, [pid 5828] <... restart_syscall resumed>) = 0 [pid 5830] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5830] newfstatat(AT_FDCWD, "./3/binderfs", [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5830] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] rmdir("./7" [pid 5828] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... rmdir resumed>) = 0 [pid 5831] mkdir("./8", 0777 [pid 5828] <... openat resumed>) = 3 [pid 6108] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... mkdir resumed>) = 0 [pid 5830] unlink("./3/binderfs" [pid 5828] newfstatat(3, "", [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] <... openat resumed>) = 3 [pid 5828] getdents64(3, [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5830] <... unlink resumed>) = 0 [pid 5828] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5828] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] close(3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... close resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./7/binderfs", [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./7/binderfs") = 0 [pid 5828] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6109 ./strace-static-x86_64: Process 6109 attached [ 92.527460][ T6104] loop0: detected capacity change from 0 to 32768 [ 92.562764][ T6104] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [pid 6109] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6109] chdir("./8") = 0 [pid 5828] newfstatat(AT_FDCWD, "./7/file0", [pid 6109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6109] setpgid(0, 0) = 0 [pid 5828] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6109] write(3, "1000", 4 [pid 5828] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, [pid 6109] <... write resumed>) = 4 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 6109] close(3 [pid 5828] close(4) = 0 [pid 5828] rmdir("./7/file0" [pid 6109] <... close resumed>) = 0 [pid 5828] <... rmdir resumed>) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 6109] symlink("/dev/binderfs", "./binderfs" [pid 5828] close(3) = 0 [pid 6109] <... symlink resumed>) = 0 [ 92.602629][ T5830] bcachefs (loop3): shutting down [pid 6109] write(1, "executing program\n", 18executing program [pid 5828] rmdir("./7" [pid 6109] <... write resumed>) = 18 [pid 6109] memfd_create("syzkaller", 0) = 3 [pid 5828] <... rmdir resumed>) = 0 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5828] mkdir("./8", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached , child_tidptr=0x55557bfcf650) = 6117 [pid 6117] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6117] chdir("./8") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [ 92.674912][ T5830] bcachefs (loop3): shutdown complete [pid 6117] write(1, "executing program\n", 18executing program ) = 18 [pid 6117] memfd_create("syzkaller", 0) = 3 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6108] <... write resumed>) = 16777216 [pid 6108] munmap(0x7eff75000000, 138412032) = 0 [pid 6108] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6108] <... openat resumed>) = 4 [pid 6108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6108] close(3) = 0 [pid 6108] close(4) = 0 [pid 6108] mkdir("./file0", 0777) = 0 [ 92.867188][ T6108] loop2: detected capacity change from 0 to 32768 [pid 6108] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 92.927618][ T6108] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6109] <... write resumed>) = 16777216 [pid 6109] munmap(0x7eff75000000, 138412032) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 93.051071][ T6104] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 93.076961][ T6104] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 93.085220][ T6104] bcachefs (loop0): superblock requires following recovery passes to be run: [ 93.085220][ T6104] check_inodes,check_extents,check_dirents [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] close(4) = 0 [pid 6109] mkdir("./file0", 0777) = 0 [ 93.107477][ T6109] loop4: detected capacity change from 0 to 32768 [ 93.108795][ T6108] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 93.125238][ T6108] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 93.156849][ T6104] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 93.156849][ T6104] running recovery passes: check_allocations,check_extents_to_backpointers [ 93.190346][ T6109] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 93.259943][ T6104] bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 93.259965][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 6109] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6117] <... write resumed>) = 16777216 [ 93.259984][ T6104] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [pid 6117] munmap(0x7eff75000000, 138412032) = 0 [pid 6117] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6117] close(3) = 0 [pid 6117] close(4) = 0 [pid 6117] mkdir("./file0", 0777) = 0 [pid 6117] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6108] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6108] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6108] ioctl(3, LOOP_CLR_FD) = 0 [ 93.340274][ T6109] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 93.340360][ T6109] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6108] close(3 [pid 5830] <... umount2 resumed>) = 0 [ 93.408429][ T6117] loop1: detected capacity change from 0 to 32768 [ 93.447261][ T6108] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./3/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [ 93.449237][ T6117] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [pid 5830] rmdir("./3") = 0 [pid 5830] mkdir("./4", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6140 attached , child_tidptr=0x55557bfcf650) = 6140 [pid 6140] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6140] chdir("./4") = 0 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [ 93.593546][ T6104] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 93.593570][ T6104] mode=40755 [ 93.593595][ T6104] flags=(16300000) [ 93.593606][ T6104] journal_seq=1 [ 93.593617][ T6104] hash_seed=28e4f092a4fc58ee [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6140] write(1, "executing program\n", 18) = 18 [pid 6140] memfd_create("syzkaller", 0) = 3 [pid 6140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6109] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6108] <... close resumed>) = 0 [ 93.593628][ T6104] hash_type=siphash [ 93.593639][ T6104] bi_size=0 [ 93.593649][ T6104] bi_sectors=0 [ 93.593678][ T6104] bi_version=0 [ 93.593688][ T6104] bi_atime=200535484 [pid 6108] exit_group(0) = ? [pid 6109] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6108] +++ exited with 0 +++ [pid 6109] <... openat resumed>) = 3 [pid 6109] ioctl(3, LOOP_CLR_FD [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- [pid 6109] <... ioctl resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 6109] close(3 [pid 5829] <... restart_syscall resumed>) = 0 [ 93.593702][ T6104] bi_ctime=200535484 [pid 5829] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./8/binderfs") = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./8/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./8") = 0 [pid 5829] mkdir("./9", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached [ 93.593713][ T6104] bi_mtime=200535484 [ 93.593724][ T6104] bi_otime=200535484 [ 93.593736][ T6104] bi_uid=0 [pid 6141] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6141 [pid 6141] <... set_robust_list resumed>) = 0 [pid 6141] chdir("./9") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 executing program [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] write(1, "executing program\n", 18) = 18 [pid 6141] memfd_create("syzkaller", 0) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 93.593746][ T6104] bi_gid=0 [ 93.593757][ T6104] bi_nlink=1 [ 93.593768][ T6104] bi_generation=0 [ 93.593779][ T6104] bi_dev=0 [ 93.593789][ T6104] bi_data_checksum=0 [ 93.593800][ T6104] bi_compression=0 [ 93.593811][ T6104] bi_project=0 [ 93.593822][ T6104] bi_background_compression=0 [ 93.593834][ T6104] bi_data_replicas=0 [ 93.593845][ T6104] bi_promote_target=0 [ 93.593856][ T6104] bi_foreground_target=0 [ 93.593867][ T6104] bi_background_target=0 [ 93.593878][ T6104] bi_erasure_code=0 [ 93.593889][ T6104] bi_fields_set=0 [ 93.593900][ T6104] bi_dir=0 [ 93.593911][ T6104] bi_dir_offset=0 [ 93.593922][ T6104] bi_subvol=1 [ 93.593932][ T6104] bi_parent_subvol=0 [ 93.593952][ T6104] bi_nocow=0 [ 93.593962][ T6104] bi_depth=0 [pid 6140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6117] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6117] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6117] ioctl(3, LOOP_CLR_FD) = 0 [pid 6117] close(3 [pid 6109] <... close resumed>) = 0 [pid 6109] exit_group(0) = ? [pid 6109] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6109, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=48 /* 0.48 s */} --- [ 93.593973][ T6104] bi_inodes_32bit=0 [ 93.593984][ T6104] nonzero k.p.inode: delete?, fixing [ 93.704692][ T6117] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [ 93.704776][ T6117] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 93.717838][ T6109] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5831] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./8/binderfs") = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 94.090053][ T6117] bcachefs: bch2_fs_get_tree() error: EINVAL [ 94.224107][ T6104] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 94.224107][ T6104] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./8/file0") = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./8") = 0 [pid 5831] mkdir("./9", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6142 attached , child_tidptr=0x55557bfcf650) = 6142 [pid 6142] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6142] chdir("./9") = 0 [pid 6142] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6142] setpgid(0, 0) = 0 [pid 6142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6142] write(3, "1000", 4) = 4 [pid 6142] close(3) = 0 [pid 6142] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6142] write(1, "executing program\n", 18executing program ) = 18 [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 94.321099][ T6104] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 94.321121][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 6117] <... close resumed>) = 0 [pid 6117] exit_group(0) = ? [pid 6117] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6117, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.321137][ T6104] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 94.427644][ T6104] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 94.427644][ T6104] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 5828] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./8/binderfs") = 0 [pid 5828] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 6140] <... write resumed>) = 16777216 [pid 5828] close(4) = 0 [pid 5828] rmdir("./8/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./8") = 0 [pid 5828] mkdir("./9", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6143 attached , child_tidptr=0x55557bfcf650) = 6143 [pid 6140] munmap(0x7eff75000000, 138412032 [ 94.499016][ T6104] bcachefs (loop0): accounting_read... done [ 94.505357][ T6104] bcachefs (loop0): alloc_read... done [ 94.511163][ T6104] bcachefs (loop0): stripes_read... done [ 94.524546][ T6104] bcachefs (loop0): snapshots_read... done [ 94.534721][ T6104] bcachefs (loop0): check_allocations... [pid 6143] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6140] <... munmap resumed>) = 0 [pid 6143] chdir("./9" [pid 6140] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6140] ioctl(4, LOOP_SET_FD, 3 [pid 6143] <... chdir resumed>) = 0 [pid 6143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6143] setpgid(0, 0) = 0 [pid 6143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6143] write(3, "1000", 4) = 4 [pid 6143] close(3) = 0 [pid 6143] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6143] write(1, "executing program\n", 18) = 18 [pid 6143] memfd_create("syzkaller", 0) = 3 [pid 6143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6140] <... ioctl resumed>) = 0 [pid 6140] close(3) = 0 [pid 6140] close(4) = 0 [ 94.536495][ T6104] btree ptr not marked in member info btree allocated bitmap [ 94.536513][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 94.592202][ T6140] loop3: detected capacity change from 0 to 32768 [pid 6140] mkdir("./file0", 0777) = 0 [pid 6140] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 94.639113][ T6104] btree ptr not marked in member info btree allocated bitmap [ 94.639134][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6141] <... write resumed>) = 16777216 [ 94.655721][ T6140] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [pid 6141] munmap(0x7eff75000000, 138412032) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 94.739891][ T6104] btree ptr not marked in member info btree allocated bitmap [ 94.739913][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 94.746173][ T6141] loop2: detected capacity change from 0 to 32768 [ 94.769279][ T6104] btree ptr not marked in member info btree allocated bitmap [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6141] close(3) = 0 [pid 6141] close(4) = 0 [pid 6141] mkdir("./file0", 0777) = 0 [ 94.769319][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 94.794159][ T6140] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 94.794226][ T6140] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6141] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 94.839186][ T6141] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 94.929616][ T6104] btree ptr not marked in member info btree allocated bitmap [ 94.929639][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 94.965246][ T6141] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 94.965321][ T6141] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6142] <... write resumed>) = 16777216 [ 95.040204][ T6104] btree ptr not marked in member info btree allocated bitmap [ 95.040227][ T6104] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 95.057145][ T6140] bcachefs: bch2_fs_get_tree() error: EINVAL [ 95.098410][ T6104] done [pid 6142] munmap(0x7eff75000000, 138412032) = 0 [pid 6140] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6142] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6140] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6142] <... openat resumed>) = 4 [pid 6140] <... openat resumed>) = 3 [pid 6142] ioctl(4, LOOP_SET_FD, 3 [pid 6140] ioctl(3, LOOP_CLR_FD) = 0 [ 95.119966][ T6104] bcachefs (loop0): going read-write [pid 6140] close(3 [pid 6142] <... ioctl resumed>) = 0 [ 95.132073][ T6104] bcachefs (loop0): journal_replay... [ 95.150149][ T6142] loop4: detected capacity change from 0 to 32768 [pid 6142] close(3) = 0 [pid 6142] close(4) = 0 [pid 6142] mkdir("./file0", 0777) = 0 [pid 6142] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6141] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6141] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6141] ioctl(3, LOOP_CLR_FD) = 0 [ 95.219499][ T6141] bcachefs: bch2_fs_get_tree() error: EINVAL [ 95.234586][ T6142] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [pid 6141] close(3 [pid 6143] <... write resumed>) = 16777216 [pid 6143] munmap(0x7eff75000000, 138412032) = 0 [pid 6143] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 95.361618][ T6104] done [ 95.365784][ T6104] bcachefs (loop0): check_extents_to_backpointers... [ 95.367637][ T6104] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 95.389895][ T6142] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 95.395498][ T6143] loop1: detected capacity change from 0 to 32768 [pid 6143] ioctl(4, LOOP_SET_FD, 3 [pid 6140] <... close resumed>) = 0 [pid 6143] <... ioctl resumed>) = 0 [pid 6143] close(3) = 0 [pid 6143] close(4) = 0 [pid 6143] mkdir("./file0", 0777) = 0 [pid 6140] exit_group(0) = ? [pid 6143] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6140] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- [pid 5830] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 95.402479][ T6142] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 95.422602][ T6143] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 95.436491][ T6104] done [ 95.442111][ T6104] bcachefs (loop0): check_inodes... [ 95.443040][ T6104] inode points to missing dirent [pid 5830] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./4/binderfs") = 0 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 95.443058][ T6104] inum: 536870912:4294967295 [ 95.443070][ T6104] mode=100755 [ 95.443082][ T6104] flags=(15300000) [pid 5830] close(4) = 0 [pid 5830] rmdir("./4/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./4") = 0 [pid 5830] mkdir("./5", 0777) = 0 [pid 6141] <... close resumed>) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6141] exit_group(0 [pid 5830] <... openat resumed>) = 3 [pid 6141] <... exit_group resumed>) = ? [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6141] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6141, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6172 attached [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6172 [pid 6172] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6172] chdir("./5") = 0 [ 95.443093][ T6104] journal_seq=4 [ 95.443105][ T6104] hash_seed=8469d717004af4ef [ 95.443116][ T6104] hash_type=siphash [ 95.443128][ T6104] bi_size=10 [ 95.443139][ T6104] bi_sectors=8 [ 95.443150][ T6104] bi_version=0 [ 95.443161][ T6104] bi_atime=2780562352 [pid 6172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 6172] setpgid(0, 0) = 0 [pid 6172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] <... openat resumed>) = 3 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6172] write(3, "1000", 4 [pid 5829] <... openat resumed>) = 3 [pid 5829] newfstatat(3, "", [pid 6172] <... write resumed>) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6172] close(3 [pid 5829] newfstatat(AT_FDCWD, "./9/binderfs", [pid 6172] <... close resumed>) = 0 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6172] symlink("/dev/binderfs", "./binderfs" [pid 5829] unlink("./9/binderfs" [pid 6172] <... symlink resumed>) = 0 [pid 5829] <... unlink resumed>) = 0 executing program [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6172] write(1, "executing program\n", 18 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6172] <... write resumed>) = 18 [pid 5829] <... openat resumed>) = 4 [pid 6172] memfd_create("syzkaller", 0 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6172] <... memfd_create resumed>) = 3 [pid 5829] getdents64(4, [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 6172] <... mmap resumed>) = 0x7eff75000000 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 95.443172][ T6104] bi_ctime=2780562352 [ 95.443184][ T6104] bi_mtime=2780562352 [ 95.443195][ T6104] bi_otime=2780562352 [ 95.443206][ T6104] bi_uid=0 [ 95.443217][ T6104] bi_gid=0 [ 95.443228][ T6104] bi_nlink=0 [ 95.443239][ T6104] bi_generation=0 [ 95.443250][ T6104] bi_dev=0 [ 95.443261][ T6104] bi_data_checksum=0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./9/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./9") = 0 [pid 5829] mkdir("./10", 0777) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6173 attached [pid 6173] set_robust_list(0x55557bfcf660, 24) = 0 [ 95.443272][ T6104] bi_compression=0 [ 95.443284][ T6104] bi_project=0 [ 95.443295][ T6104] bi_background_compression=0 [ 95.443307][ T6104] bi_data_replicas=0 [ 95.443318][ T6104] bi_promote_target=0 [ 95.443330][ T6104] bi_foreground_target=0 [ 95.443341][ T6104] bi_background_target=0 [ 95.443353][ T6104] bi_erasure_code=0 [pid 6173] chdir("./10" [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6173 [pid 6173] <... chdir resumed>) = 0 [pid 6173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6173] setpgid(0, 0) = 0 [pid 6173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6173] write(3, "1000", 4) = 4 [pid 6173] close(3) = 0 [pid 6173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6173] write(1, "executing program\n", 18) = 18 [pid 6173] memfd_create("syzkaller", 0) = 3 [pid 6173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 95.443365][ T6104] bi_fields_set=0 [ 95.443376][ T6104] bi_dir=4096 [ 95.443387][ T6104] bi_dir_offset=4330382808765833931 [ 95.443399][ T6104] bi_subvol=0 [ 95.443410][ T6104] bi_parent_subvol=0 [ 95.443422][ T6104] bi_nocow=0 [ 95.443449][ T6104] bi_depth=0 [ 95.443461][ T6104] bi_inodes_32bit=0, fixing [pid 6142] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6142] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6142] ioctl(3, LOOP_CLR_FD) = 0 [ 95.575993][ T6143] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 95.576082][ T6143] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6142] close(3 [pid 6143] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6143] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6143] ioctl(3, LOOP_CLR_FD) = 0 [ 95.796807][ T6142] bcachefs: bch2_fs_get_tree() error: EINVAL [ 95.854999][ T6143] bcachefs: bch2_fs_get_tree() error: EINVAL [ 95.918637][ T6104] done [ 95.930970][ T6104] bcachefs (loop0): check_extents... done [ 95.967098][ T6104] bcachefs (loop0): check_dirents... [ 95.968281][ T6104] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 6143] close(3 [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6142] <... close resumed>) = 0 [ 95.968303][ T6104] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 6142] exit_group(0) = ? [pid 6142] +++ exited with 0 +++ [pid 6173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6142, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./9/binderfs") = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./9/file0") = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [ 96.057188][ T6104] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 5831] rmdir("./9" [pid 6143] <... close resumed>) = 0 [pid 5831] <... rmdir resumed>) = 0 [pid 6143] exit_group(0 [pid 5831] mkdir("./10", 0777 [pid 6143] <... exit_group resumed>) = ? [pid 5831] <... mkdir resumed>) = 0 [pid 6143] +++ exited with 0 +++ [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6143, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} --- [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 5828] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5828] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 6174 attached [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6174 [pid 5828] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6174] set_robust_list(0x55557bfcf660, 24 [pid 5828] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./9/binderfs" [pid 6174] <... set_robust_list resumed>) = 0 [pid 6174] chdir("./10" [pid 5828] <... unlink resumed>) = 0 [pid 6174] <... chdir resumed>) = 0 [pid 5828] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6174] <... prctl resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./9/file0", [pid 6174] setpgid(0, 0) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6174] write(3, "1000", 4 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6174] <... write resumed>) = 4 [pid 5828] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6174] close(3) = 0 [pid 5828] <... openat resumed>) = 4 [pid 6174] symlink("/dev/binderfs", "./binderfs" [pid 5828] newfstatat(4, "", executing program [pid 6174] <... symlink resumed>) = 0 [pid 5828] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6174] write(1, "executing program\n", 18 [pid 5828] getdents64(4, [pid 6174] <... write resumed>) = 18 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 6174] memfd_create("syzkaller", 0 [pid 5828] getdents64(4, [pid 6174] <... memfd_create resumed>) = 3 [pid 5828] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 6174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] close(4 [pid 6174] <... mmap resumed>) = 0x7eff75000000 [pid 5828] <... close resumed>) = 0 [pid 5828] rmdir("./9/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [ 96.057212][ T6104] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 96.129386][ T6104] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 5828] close(3) = 0 [pid 5828] rmdir("./9") = 0 [pid 5828] mkdir("./10", 0777) = 0 [ 96.129411][ T6104] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 96.198007][ T6104] dirent points to inode that does not point back: [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6175 attached [ 96.198028][ T6104] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [pid 6175] set_robust_list(0x55557bfcf660, 24 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6175 [pid 6175] <... set_robust_list resumed>) = 0 [pid 6175] chdir("./10") = 0 [pid 6175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6175] setpgid(0, 0) = 0 [pid 6175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6175] write(3, "1000", 4) = 4 [pid 6175] close(3) = 0 [ 96.198044][ T6104] inum: 536870912:4294967295 [ 96.198056][ T6104] mode=100755 [ 96.198068][ T6104] flags=(15300000) [ 96.198079][ T6104] journal_seq=18 [ 96.198090][ T6104] hash_seed=8469d717004af4ef [pid 6175] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6175] write(1, "executing program\n", 18) = 18 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 96.198102][ T6104] hash_type=siphash [ 96.198114][ T6104] bi_size=10 [ 96.198125][ T6104] bi_sectors=8 [ 96.198136][ T6104] bi_version=0 [ 96.198147][ T6104] bi_atime=2780562352 [ 96.198158][ T6104] bi_ctime=2780562352 [ 96.198170][ T6104] bi_mtime=2780562352 [ 96.198181][ T6104] bi_otime=2780562352 [ 96.198193][ T6104] bi_uid=0 [ 96.198204][ T6104] bi_gid=0 [ 96.198214][ T6104] bi_nlink=0 [ 96.198225][ T6104] bi_generation=0 [ 96.198236][ T6104] bi_dev=0 [pid 6174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6172] <... write resumed>) = 16777216 [pid 6172] munmap(0x7eff75000000, 138412032) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] close(4) = 0 [pid 6172] mkdir("./file0", 0777) = 0 [pid 6172] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6173] <... write resumed>) = 16777216 [ 96.198247][ T6104] bi_data_checksum=0 [ 96.198259][ T6104] bi_compression=0 [ 96.198271][ T6104] bi_project=0 [ 96.198282][ T6104] bi_background_compression=0 [ 96.198294][ T6104] bi_data_replicas=0 [pid 6173] munmap(0x7eff75000000, 138412032) = 0 [pid 6173] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6173] close(3) = 0 [pid 6173] close(4) = 0 [pid 6173] mkdir("./file0", 0777) = 0 [ 96.198305][ T6104] bi_promote_target=0 [ 96.198317][ T6104] bi_foreground_target=0 [ 96.198328][ T6104] bi_background_target=0 [ 96.198340][ T6104] bi_erasure_code=0 [ 96.198351][ T6104] bi_fields_set=0 [ 96.198362][ T6104] bi_dir=0 [ 96.198379][ T6104] bi_dir_offset=4330382808765833931 [ 96.198391][ T6104] bi_subvol=0 [ 96.198402][ T6104] bi_parent_subvol=0 [ 96.198413][ T6104] bi_nocow=0 [pid 6173] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5827] kill(-6104, SIGKILL) = 0 [pid 5827] kill(6104, SIGKILL) = 0 [ 96.198424][ T6104] bi_depth=0 [ 96.198435][ T6104] bi_inodes_32bit=0, fixing [ 96.482555][ T6172] loop3: detected capacity change from 0 to 32768 [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6174] <... write resumed>) = 16777216 [ 96.497429][ T6172] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 96.557648][ T6173] loop2: detected capacity change from 0 to 32768 [ 96.590051][ T6173] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6174] munmap(0x7eff75000000, 138412032) = 0 [pid 6174] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 96.598840][ T6172] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 96.598922][ T6172] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 96.778063][ T6173] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6172] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6174] close(3 [pid 6172] <... openat resumed>) = 3 [pid 6174] <... close resumed>) = 0 [pid 6172] ioctl(3, LOOP_CLR_FD [pid 6174] close(4 [pid 6172] <... ioctl resumed>) = 0 [pid 6172] close(3 [pid 6174] <... close resumed>) = 0 [pid 6174] mkdir("./file0", 0777) = 0 [ 96.778136][ T6173] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 96.820516][ T6172] bcachefs: bch2_fs_get_tree() error: EINVAL [ 96.832766][ T6174] loop4: detected capacity change from 0 to 32768 [ 96.840749][ T6104] inode 536870912:4294967295 has wrong backpointer: [ 96.840767][ T6104] got 0:4330382808765833931 [ 96.840779][ T6104] should be 4096:4330382808765833931, fixing [ 96.888821][ T6174] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [pid 6174] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 96.958131][ T6104] dirent points to inode that does not point back: [ 96.958151][ T6104] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [pid 5827] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 6173] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6173] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 96.958166][ T6104] inum: 536870912:4294967295 [ 96.958178][ T6104] mode=100755 [ 96.958188][ T6104] flags=(15300000) [ 96.958199][ T6104] journal_seq=18 [ 96.958210][ T6104] hash_seed=8469d717004af4ef [pid 6173] ioctl(3, LOOP_CLR_FD) = 0 [pid 6173] close(3 [pid 6172] <... close resumed>) = 0 [pid 6172] exit_group(0) = ? [ 96.958222][ T6104] hash_type=siphash [ 96.958233][ T6104] bi_size=10 [ 96.958243][ T6104] bi_sectors=8 [pid 6172] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6172, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=47 /* 0.47 s */} --- [pid 5830] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./5/binderfs") = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./5/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./5") = 0 [pid 5830] mkdir("./6", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6175] <... write resumed>) = 16777216 [ 96.958254][ T6104] bi_version=0 [ 96.958265][ T6104] bi_atime=2780562352 [ 96.958276][ T6104] bi_ctime=2780562352 [ 96.958287][ T6104] bi_mtime=2780562352 [pid 5830] ioctl(3, LOOP_CLR_FD [pid 6175] munmap(0x7eff75000000, 138412032 [pid 5830] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6175] <... munmap resumed>) = 0 [ 96.958298][ T6104] bi_otime=2780562352 [ 96.958309][ T6104] bi_uid=0 [ 96.958319][ T6104] bi_gid=0 [ 96.958329][ T6104] bi_nlink=0 [ 96.958340][ T6104] bi_generation=0 [pid 5830] close(3 [pid 6175] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6175] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6197 attached [pid 6197] set_robust_list(0x55557bfcf660, 24 [pid 6175] ioctl(4, LOOP_SET_FD, 3 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6197 [pid 6197] <... set_robust_list resumed>) = 0 [pid 6175] <... ioctl resumed>) = 0 [pid 6197] chdir("./6" [pid 6175] close(3 [pid 6197] <... chdir resumed>) = 0 [pid 6175] <... close resumed>) = 0 [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL [ 96.958351][ T6104] bi_dev=0 [pid 6175] close(4 [pid 6197] <... prctl resumed>) = 0 [pid 6173] <... close resumed>) = 0 [pid 6175] <... close resumed>) = 0 [pid 6175] mkdir("./file0", 0777 [pid 6197] setpgid(0, 0 [pid 6175] <... mkdir resumed>) = 0 [pid 6175] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6197] <... setpgid resumed>) = 0 [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6197] write(3, "1000", 4) = 4 [pid 6173] exit_group(0 [pid 6197] close(3 [pid 6173] <... exit_group resumed>) = ? [pid 6197] <... close resumed>) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs" [pid 6173] +++ exited with 0 +++ [pid 6197] <... symlink resumed>) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6173, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=44 /* 0.44 s */} --- [pid 6197] write(1, "executing program\n", 18executing program ) = 18 [pid 6197] memfd_create("syzkaller", 0) = 3 [pid 5829] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 96.958361][ T6104] bi_data_checksum=0 [ 96.958372][ T6104] bi_compression=0 [ 96.958383][ T6104] bi_project=0 [ 96.958394][ T6104] bi_background_compression=0 [ 96.958405][ T6104] bi_data_replicas=0 [ 96.958416][ T6104] bi_promote_target=0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./10/binderfs") = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 96.958427][ T6104] bi_foreground_target=0 [ 96.958438][ T6104] bi_background_target=0 [ 96.958449][ T6104] bi_erasure_code=0 [ 96.958460][ T6104] bi_fields_set=0 [ 96.958470][ T6104] bi_dir=0 [ 96.958481][ T6104] bi_dir_offset=4330382808765833931 [ 96.958493][ T6104] bi_subvol=0 [ 96.958503][ T6104] bi_parent_subvol=0 [ 96.958514][ T6104] bi_nocow=0 [ 96.958525][ T6104] bi_depth=0 [ 96.958535][ T6104] bi_inodes_32bit=0, fixing [ 97.072262][ T6174] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 97.072359][ T6174] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 97.080200][ T6173] bcachefs: bch2_fs_get_tree() error: EINVAL [ 97.287877][ T6175] loop1: detected capacity change from 0 to 32768 [ 97.317823][ T6175] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 97.387744][ T6174] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5829] close(4) = 0 [pid 5829] rmdir("./10/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [ 97.450984][ T6104] inode 536870912:4294967295 has wrong backpointer: [ 97.451005][ T6104] got 0:4330382808765833931 [ 97.451017][ T6104] should be 4096:4330382808765833931, fixing [ 97.473552][ T6104] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [ 97.473574][ T6104] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [pid 5829] rmdir("./10") = 0 [pid 6174] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5829] mkdir("./11", 0777 [pid 6174] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... mkdir resumed>) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6174] <... openat resumed>) = 3 [pid 6174] ioctl(3, LOOP_CLR_FD) = 0 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6205 [pid 6174] close(3./strace-static-x86_64: Process 6205 attached [pid 6205] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6205] chdir("./11") = 0 [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 97.480329][ T6175] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 97.489560][ T6104] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [ 97.517209][ T6104] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [ 97.527783][ T6104] done [ 97.531927][ T6175] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6205] setpgid(0, 0) = 0 [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6205] write(3, "1000", 4) = 4 [pid 6205] close(3) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6205] write(1, "executing program\n", 18executing program ) = 18 [pid 6205] memfd_create("syzkaller", 0) = 3 [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 97.553766][ T6104] bcachefs (loop0): resume_logged_ops... done [ 97.579950][ T6104] bcachefs (loop0): delete_dead_inodes... done [ 97.619934][ T6104] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 97.646720][ T6104] bcachefs (loop0): check_extents_to_backpointers... done [ 97.667780][ T6104] bcachefs (loop0): check_inodes... done [ 97.674217][ T6104] bcachefs (loop0): check_extents... done [ 97.698063][ T6104] bcachefs (loop0): check_dirents... [ 97.698876][ T6104] dirent points to missing inode: [ 97.698893][ T6104] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 97.755021][ T6104] directory 4096:4294967295 with wrong i_size: got 288, should be 352, fixing [pid 6197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6174] <... close resumed>) = 0 [pid 6174] exit_group(0) = ? [pid 6174] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6174, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=53 /* 0.53 s */} --- [ 97.777363][ T6104] done [ 97.788807][ T6104] bcachefs (loop0): resume_logged_ops... done [ 97.794969][ T6104] bcachefs (loop0): delete_dead_inodes... done [ 97.813871][ T6104] bcachefs (loop0): Second fsck run was not clean [pid 5831] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5831] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6175] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./10/binderfs" [pid 6175] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6175] <... openat resumed>) = 3 [pid 6175] ioctl(3, LOOP_CLR_FD [pid 5831] newfstatat(4, "", [pid 6175] <... ioctl resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6175] close(3 [pid 5831] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 97.832544][ T6104] bcachefs (loop0): going read-only [ 97.840754][ T6175] bcachefs: bch2_fs_get_tree() error: EINVAL [ 97.850505][ T6104] bcachefs (loop0): finished waiting for writes to stop [ 97.859012][ T6104] bcachefs (loop0): flushing journal and stopping allocators, journal seq 24 [pid 5831] close(4) = 0 [pid 5831] rmdir("./10/file0") = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./10") = 0 [pid 5831] mkdir("./11", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6206 attached [pid 6206] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6206] chdir("./11") = 0 [pid 6206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6206] setpgid(0, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6206 [pid 6206] <... setpgid resumed>) = 0 [pid 6206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 97.887581][ T6104] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 24 [ 97.921069][ T6104] bcachefs (loop0): clean shutdown complete, journal seq 25 [pid 6206] write(3, "1000", 4) = 4 [pid 6197] <... write resumed>) = 16777216 [pid 6206] close(3) = 0 [pid 6206] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6206] write(1, "executing program\n", 18 [pid 6197] munmap(0x7eff75000000, 138412032 [pid 6206] <... write resumed>) = 18 [pid 6206] memfd_create("syzkaller", 0) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6197] <... munmap resumed>) = 0 [pid 6197] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6104] <... mount resumed>) = ? [pid 6197] <... openat resumed>) = 4 [pid 6197] ioctl(4, LOOP_SET_FD, 3 [pid 6205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6104] +++ killed by SIGKILL +++ [pid 6197] <... ioctl resumed>) = 0 [pid 6197] close(3 [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6104, si_uid=0, si_status=SIGKILL, si_utime=3 /* 0.03 s */, si_stime=173 /* 1.73 s */} --- [pid 6197] <... close resumed>) = 0 [pid 5827] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6197] close(4) = 0 [pid 5827] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 97.976377][ T6104] bcachefs (loop0): marking filesystem clean [ 98.002393][ T6104] bcachefs (loop0): done starting filesystem [ 98.020093][ T6197] loop3: detected capacity change from 0 to 32768 [pid 6197] mkdir("./file0", 0777 [pid 5827] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6197] <... mkdir resumed>) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./5/binderfs") = 0 [pid 5827] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [ 98.062878][ T6197] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 98.076930][ T5827] bcachefs (loop0): shutting down [pid 6197] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6175] <... close resumed>) = 0 [pid 6175] exit_group(0) = ? [pid 6175] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6175, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=49 /* 0.49 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./10/binderfs") = 0 [pid 5828] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./10/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./10") = 0 [pid 5828] mkdir("./11", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [ 98.135190][ T5827] bcachefs (loop0): shutdown complete [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6212 attached , child_tidptr=0x55557bfcf650) = 6212 [pid 6212] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6212] chdir("./11") = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [pid 6212] close(3) = 0 [pid 6212] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6212] write(1, "executing program\n", 18) = 18 [pid 6212] memfd_create("syzkaller", 0) = 3 [pid 6212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6205] <... write resumed>) = 16777216 [pid 6205] munmap(0x7eff75000000, 138412032 [pid 6212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6205] <... munmap resumed>) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6205] close(3) = 0 [pid 6205] close(4) = 0 [pid 6205] mkdir("./file0", 0777) = 0 [ 98.387466][ T6205] loop2: detected capacity change from 0 to 32768 [ 98.444128][ T6205] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6205] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6206] <... write resumed>) = 16777216 [pid 6206] munmap(0x7eff75000000, 138412032) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] <... write resumed>) = 16777216 [pid 6206] close(3) = 0 [pid 6212] munmap(0x7eff75000000, 138412032 [pid 6206] close(4) = 0 [pid 6206] mkdir("./file0", 0777) = 0 [ 98.566457][ T6206] loop4: detected capacity change from 0 to 32768 [pid 6206] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6212] <... munmap resumed>) = 0 [pid 6212] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6212] close(3) = 0 [pid 6212] close(4) = 0 [pid 6212] mkdir("./file0", 0777) = 0 [ 98.633810][ T6212] loop1: detected capacity change from 0 to 32768 [ 98.644494][ T6197] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 98.664317][ T6206] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 98.675627][ T6205] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 98.696848][ T6212] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 98.720619][ T6197] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 98.728949][ T6205] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 98.742036][ T6197] bcachefs (loop3): superblock requires following recovery passes to be run: [ 98.742036][ T6197] check_inodes,check_extents,check_dirents [ 98.759068][ T6197] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 98.759068][ T6197] running recovery passes: check_allocations,check_extents_to_backpointers [ 98.786430][ T6197] bcachefs (loop3): error validating btree node at btree inodes level 0/0 [ 98.786445][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 98.786456][ T6197] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [pid 6212] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 5827] <... umount2 resumed>) = 0 [pid 5827] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 98.828984][ T6197] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 98.829012][ T6197] mode=40755 [ 98.829023][ T6197] flags=(16300000) [ 98.829034][ T6197] journal_seq=1 [ 98.829044][ T6197] hash_seed=28e4f092a4fc58ee [ 98.829059][ T6197] hash_type=siphash [ 98.829069][ T6197] bi_size=0 [ 98.829080][ T6197] bi_sectors=0 [ 98.829090][ T6197] bi_version=0 [ 98.829104][ T6197] bi_atime=200535484 [ 98.829114][ T6197] bi_ctime=200535484 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./5/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [ 98.829124][ T6197] bi_mtime=200535484 [ 98.829135][ T6197] bi_otime=200535484 [ 98.829145][ T6197] bi_uid=0 [ 98.829155][ T6197] bi_gid=0 [ 98.829165][ T6197] bi_nlink=1 [ 98.829174][ T6197] bi_generation=0 [ 98.829184][ T6197] bi_dev=0 [ 98.829193][ T6197] bi_data_checksum=0 [ 98.829204][ T6197] bi_compression=0 [ 98.829214][ T6197] bi_project=0 [ 98.829224][ T6197] bi_background_compression=0 [ 98.829234][ T6197] bi_data_replicas=0 [ 98.829244][ T6197] bi_promote_target=0 [pid 5827] rmdir("./5") = 0 [pid 5827] mkdir("./6", 0777) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = 0 [ 98.829260][ T6197] bi_foreground_target=0 [ 98.829270][ T6197] bi_background_target=0 [ 98.829281][ T6197] bi_erasure_code=0 [ 98.829291][ T6197] bi_fields_set=0 [ 98.829319][ T6197] bi_dir=0 [ 98.829328][ T6197] bi_dir_offset=0 [ 98.829338][ T6197] bi_subvol=1 [ 98.829348][ T6197] bi_parent_subvol=0 [ 98.829358][ T6197] bi_nocow=0 [ 98.829368][ T6197] bi_depth=0 [ 98.829377][ T6197] bi_inodes_32bit=0 [ 98.829388][ T6197] nonzero k.p.inode: delete?, fixing [ 98.984180][ T6206] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 98.984256][ T6206] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 98.993751][ T6212] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 98.993823][ T6212] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 99.091380][ T6205] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 5827] close(3 [pid 6205] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6205] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 99.095369][ T6197] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [ 99.095369][ T6197] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [pid 6205] ioctl(3, LOOP_CLR_FD) = 0 [pid 6205] close(3 [pid 5827] <... close resumed>) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6237 attached , child_tidptr=0x55557bfcf650) = 6237 [pid 6237] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6237] chdir("./6") = 0 [pid 6237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6237] setpgid(0, 0) = 0 [pid 6237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6237] write(3, "1000", 4) = 4 [pid 6237] close(3) = 0 [pid 6237] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6237] write(1, "executing program\n", 18) = 18 [pid 6212] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6237] memfd_create("syzkaller", 0) = 3 [pid 6212] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6206] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6212] ioctl(3, LOOP_CLR_FD) = 0 [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6206] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6212] close(3 [pid 6206] <... openat resumed>) = 3 [pid 6206] ioctl(3, LOOP_CLR_FD) = 0 [ 99.316527][ T6206] bcachefs: bch2_fs_get_tree() error: EINVAL [ 99.325055][ T6212] bcachefs: bch2_fs_get_tree() error: EINVAL [ 99.378085][ T6197] bcachefs (loop3): error validating btree node on loop3 at btree freespace level 0/0 [ 99.378109][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 99.378126][ T6197] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 99.499366][ T6197] bcachefs (loop3): btree_node_read_work: rewriting btree node at due to error [pid 6206] close(3 [pid 6205] <... close resumed>) = 0 [pid 6205] exit_group(0) = ? [pid 6205] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=9 /* 0.09 s */, si_stime=48 /* 0.48 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 99.499366][ T6197] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 5829] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./11/binderfs") = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./11/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./11" [pid 6212] <... close resumed>) = 0 [pid 6212] exit_group(0) = ? [pid 6212] +++ exited with 0 +++ [pid 6206] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=42 /* 0.42 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... rmdir resumed>) = 0 [pid 5829] mkdir("./12", 0777) = 0 [pid 5828] <... restart_syscall resumed>) = 0 [pid 6206] exit_group(0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6206] <... exit_group resumed>) = ? [pid 5829] <... openat resumed>) = 3 [pid 5828] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6206] +++ exited with 0 +++ [pid 5829] ioctl(3, LOOP_CLR_FD [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6206, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=46 /* 0.46 s */} --- [pid 5829] close(3 [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 5828] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./11/binderfs") = 0 [pid 5828] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./11/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./11") = 0 [pid 5828] mkdir("./12", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... restart_syscall resumed>) = 0 [pid 5828] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6238 ./strace-static-x86_64: Process 6238 attached [pid 5831] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] <... close resumed>) = 0 [pid 6238] set_robust_list(0x55557bfcf660, 24 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6239 [ 99.635410][ T6197] bcachefs (loop3): accounting_read... done [ 99.641991][ T6197] bcachefs (loop3): alloc_read... done [ 99.651522][ T6197] bcachefs (loop3): stripes_read... done [ 99.657763][ T6197] bcachefs (loop3): snapshots_read... done [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6238] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6239 attached [pid 6238] chdir("./12" [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 6238] <... chdir resumed>) = 0 [pid 6238] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6238] <... prctl resumed>) = 0 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6238] setpgid(0, 0 [pid 5831] newfstatat(AT_FDCWD, "./11/binderfs", [pid 6238] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6239] set_robust_list(0x55557bfcf660, 24 [pid 5831] unlink("./11/binderfs" [pid 6239] <... set_robust_list resumed>) = 0 [pid 6238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6239] chdir("./12" [pid 5831] <... unlink resumed>) = 0 [pid 6239] <... chdir resumed>) = 0 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6239] <... prctl resumed>) = 0 [pid 6239] setpgid(0, 0 [pid 6238] <... openat resumed>) = 3 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./11/file0", [pid 6239] <... setpgid resumed>) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6238] write(3, "1000", 4 [pid 5831] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6239] <... openat resumed>) = 3 [pid 6238] <... write resumed>) = 4 [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6238] close(3 [pid 5831] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6239] write(3, "1000", 4) = 4 [pid 5831] <... openat resumed>) = 4 [pid 6238] <... close resumed>) = 0 [pid 5831] newfstatat(4, "", executing program [pid 6238] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6239] close(3 [pid 5831] getdents64(4, [pid 6239] <... close resumed>) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 6239] symlink("/dev/binderfs", "./binderfs" [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 6239] <... symlink resumed>) = 0 [pid 5831] close(4 [pid 6239] write(1, "executing program\n", 18) = 18 [pid 6239] memfd_create("syzkaller", 0) = 3 [pid 6239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6238] <... symlink resumed>) = 0 [pid 5831] <... close resumed>) = 0 [pid 6238] write(1, "executing program\n", 18 [pid 5831] rmdir("./11/file0"executing program [pid 6238] <... write resumed>) = 18 [pid 5831] <... rmdir resumed>) = 0 [pid 6238] memfd_create("syzkaller", 0 [pid 5831] getdents64(3, [pid 6238] <... memfd_create resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 6238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] close(3 [pid 6238] <... mmap resumed>) = 0x7eff75000000 [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./11") = 0 [ 99.698492][ T6197] bcachefs (loop3): check_allocations... [ 99.701919][ T6197] btree ptr not marked in member info btree allocated bitmap [ 99.701940][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [pid 5831] mkdir("./12", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557bfcf650) = 6240 ./strace-static-x86_64: Process 6240 attached [pid 6240] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6240] chdir("./12") = 0 [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6240] setpgid(0, 0) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6240] write(3, "1000", 4) = 4 [pid 6240] close(3) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6240] write(1, "executing program\n", 18) = 18 [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 99.839563][ T6197] btree ptr not marked in member info btree allocated bitmap [ 99.839587][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 99.912433][ T6197] btree ptr not marked in member info btree allocated bitmap [ 99.912458][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 99.957912][ T6197] btree ptr not marked in member info btree allocated bitmap [ 99.957935][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 100.000895][ T6197] btree ptr not marked in member info btree allocated bitmap [pid 6239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 100.000917][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [pid 6238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6237] <... write resumed>) = 16777216 [ 100.077377][ T6197] btree ptr not marked in member info btree allocated bitmap [ 100.077401][ T6197] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [pid 6237] munmap(0x7eff75000000, 138412032 [pid 6240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6237] <... munmap resumed>) = 0 [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6237] close(3) = 0 [pid 6237] close(4) = 0 [pid 6237] mkdir("./file0", 0777) = 0 [ 100.127323][ T6197] done [ 100.144704][ T6237] loop0: detected capacity change from 0 to 32768 [ 100.159709][ T6197] bcachefs (loop3): going read-write [ 100.190997][ T6197] bcachefs (loop3): journal_replay... [ 100.203216][ T6237] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [pid 6237] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6239] <... write resumed>) = 16777216 [ 100.313863][ T6197] done [ 100.321721][ T6237] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 100.324379][ T6197] bcachefs (loop3): check_extents_to_backpointers... [ 100.342082][ T6237] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6239] munmap(0x7eff75000000, 138412032) = 0 [pid 6239] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6239] close(3) = 0 [pid 6239] close(4) = 0 [pid 6239] mkdir("./file0", 0777) = 0 [ 100.352427][ T6197] bcachefs (loop3): scanning for missing backpointers in 4/128 buckets [ 100.366423][ T6197] done [ 100.371052][ T6197] bcachefs (loop3): check_inodes... [ 100.371917][ T6197] inode points to missing dirent [ 100.371935][ T6197] inum: 536870912:4294967295 [ 100.371947][ T6197] mode=100755 [ 100.371958][ T6197] flags=(15300000) [ 100.371969][ T6197] journal_seq=4 [ 100.371980][ T6197] hash_seed=8469d717004af4ef [ 100.371992][ T6197] hash_type=siphash [ 100.372003][ T6197] bi_size=10 [ 100.372014][ T6197] bi_sectors=8 [ 100.372025][ T6197] bi_version=0 [ 100.372036][ T6197] bi_atime=2780562352 [ 100.372048][ T6197] bi_ctime=2780562352 [ 100.372059][ T6197] bi_mtime=2780562352 [ 100.372070][ T6197] bi_otime=2780562352 [ 100.372081][ T6197] bi_uid=0 [ 100.372092][ T6197] bi_gid=0 [ 100.372103][ T6197] bi_nlink=0 [ 100.372113][ T6197] bi_generation=0 [ 100.372125][ T6197] bi_dev=0 [ 100.372135][ T6197] bi_data_checksum=0 [ 100.372147][ T6197] bi_compression=0 [ 100.372158][ T6197] bi_project=0 [ 100.372169][ T6197] bi_background_compression=0 [ 100.372181][ T6197] bi_data_replicas=0 [ 100.372192][ T6197] bi_promote_target=0 [ 100.372203][ T6197] bi_foreground_target=0 [ 100.372215][ T6197] bi_background_target=0 [ 100.372226][ T6197] bi_erasure_code=0 [ 100.372237][ T6197] bi_fields_set=0 [ 100.372248][ T6197] bi_dir=4096 [ 100.372266][ T6197] bi_dir_offset=4330382808765833931 [ 100.372278][ T6197] bi_subvol=0 [ 100.372289][ T6197] bi_parent_subvol=0 [ 100.372300][ T6197] bi_nocow=0 [ 100.372311][ T6197] bi_depth=0 [ 100.372322][ T6197] bi_inodes_32bit=0, fixing [ 100.378548][ T6239] loop2: detected capacity change from 0 to 32768 [ 100.399126][ T6239] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 100.401757][ T6197] done [pid 6239] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6238] <... write resumed>) = 16777216 [pid 6238] munmap(0x7eff75000000, 138412032) = 0 [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6238] ioctl(4, LOOP_SET_FD, 3 [pid 6240] <... write resumed>) = 16777216 [pid 6238] <... ioctl resumed>) = 0 [pid 6238] close(3 [pid 6240] munmap(0x7eff75000000, 138412032 [pid 6238] <... close resumed>) = 0 [pid 6238] close(4 [pid 6240] <... munmap resumed>) = 0 [pid 6238] <... close resumed>) = 0 [pid 6238] mkdir("./file0", 0777) = 0 [ 100.613385][ T6197] bcachefs (loop3): check_extents... [ 100.613661][ T6238] loop1: detected capacity change from 0 to 32768 [ 100.614446][ T6197] done [ 100.659902][ T6238] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 100.664861][ T6239] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 100.681552][ T6197] bcachefs (loop3): check_dirents... [ 100.682648][ T6197] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 6238] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6240] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 100.682669][ T6197] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 100.696160][ T6240] loop4: detected capacity change from 0 to 32768 [ 100.703874][ T6239] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 100.730933][ T6197] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 100.730955][ T6197] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 6240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6240] close(3) = 0 [pid 6240] close(4) = 0 [pid 6240] mkdir("./file0", 0777) = 0 [ 100.759840][ T6197] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 100.759863][ T6197] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 100.785481][ T6197] dirent points to inode that does not point back: [ 100.785500][ T6197] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 100.785515][ T6197] inum: 536870912:4294967295 [ 100.785527][ T6197] mode=100755 [ 100.785538][ T6197] flags=(15300000) [ 100.785549][ T6197] journal_seq=18 [ 100.785559][ T6197] hash_seed=8469d717004af4ef [ 100.785570][ T6197] hash_type=siphash [ 100.785581][ T6197] bi_size=10 [ 100.785591][ T6197] bi_sectors=8 [ 100.785601][ T6197] bi_version=0 [ 100.785612][ T6197] bi_atime=2780562352 [ 100.785623][ T6197] bi_ctime=2780562352 [ 100.785633][ T6197] bi_mtime=2780562352 [ 100.785643][ T6197] bi_otime=2780562352 [ 100.785654][ T6197] bi_uid=0 [ 100.785664][ T6197] bi_gid=0 [ 100.785674][ T6197] bi_nlink=0 [ 100.785685][ T6197] bi_generation=0 [ 100.785695][ T6197] bi_dev=0 [ 100.785706][ T6197] bi_data_checksum=0 [ 100.785716][ T6197] bi_compression=0 [ 100.785727][ T6197] bi_project=0 [ 100.785738][ T6197] bi_background_compression=0 [ 100.785750][ T6197] bi_data_replicas=0 [ 100.785761][ T6197] bi_promote_target=0 [ 100.785773][ T6197] bi_foreground_target=0 [ 100.785784][ T6197] bi_background_target=0 [ 100.785794][ T6197] bi_erasure_code=0 [ 100.785805][ T6197] bi_fields_set=0 [ 100.785816][ T6197] bi_dir=0 [ 100.785826][ T6197] bi_dir_offset=4330382808765833931 [ 100.785838][ T6197] bi_subvol=0 [ 100.785848][ T6197] bi_parent_subvol=0 [ 100.785859][ T6197] bi_nocow=0 [ 100.785870][ T6197] bi_depth=0 [ 100.785880][ T6197] bi_inodes_32bit=0, fixing [ 100.814581][ T6240] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 100.959122][ T6197] inode 536870912:4294967295 has wrong backpointer: [ 100.959142][ T6197] got 0:4330382808765833931 [ 100.959153][ T6197] should be 4096:4330382808765833931, fixing [ 100.977312][ T6197] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [ 100.977327][ T6197] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 100.996425][ T6238] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6240] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6237] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6237] ioctl(3, LOOP_CLR_FD) = 0 [ 101.001577][ T6197] bcachefs (loop3): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [ 101.022110][ T6197] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [ 101.028742][ T6237] bcachefs: bch2_fs_get_tree() error: EINVAL [ 101.031367][ T6197] done [ 101.040455][ T6238] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 101.046731][ T6197] bcachefs (loop3): resume_logged_ops... done [ 101.062128][ T6197] bcachefs (loop3): delete_dead_inodes... done [ 101.082264][ T6197] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 101.092082][ T6239] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 6237] close(3 [pid 6239] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6239] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6239] ioctl(3, LOOP_CLR_FD) = 0 [ 101.127653][ T6197] bcachefs (loop3): check_extents_to_backpointers... done [ 101.136236][ T6197] bcachefs (loop3): check_inodes... done [ 101.163038][ T6240] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 101.166275][ T6197] bcachefs (loop3): check_extents... done [ 101.217192][ T6197] bcachefs (loop3): check_dirents... [ 101.217994][ T6197] dirent points to missing inode: [ 101.218013][ T6197] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 101.248716][ T6197] directory 4096:4294967295 with wrong i_size: got 288, should be 352, fixing [ 101.257201][ T6240] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 101.259899][ T6197] done [ 101.269551][ T6197] bcachefs (loop3): resume_logged_ops... done [ 101.275728][ T6197] bcachefs (loop3): delete_dead_inodes... done [ 101.295331][ T6197] bcachefs (loop3): Second fsck run was not clean [pid 6239] close(3 [pid 6237] <... close resumed>) = 0 [pid 6237] exit_group(0) = ? [pid 6237] +++ exited with 0 +++ [pid 5827] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6237, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=48 /* 0.48 s */} --- [ 101.327045][ T6197] bcachefs (loop3): going read-only [ 101.338540][ T6197] bcachefs (loop3): finished waiting for writes to stop [ 101.367205][ T6197] bcachefs (loop3): flushing journal and stopping allocators, journal seq 22 [pid 5827] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5827] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5827] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5827] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] unlink("./6/binderfs") = 0 [pid 5827] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5827] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5827] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5827] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5827] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5827] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5827] close(4) = 0 [pid 5827] rmdir("./6/file0") = 0 [pid 5827] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5827] close(3) = 0 [pid 5827] rmdir("./6") = 0 [pid 6238] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6238] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5827] mkdir("./7", 0777 [pid 6238] <... openat resumed>) = 3 [pid 5827] <... mkdir resumed>) = 0 [pid 5827] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6238] ioctl(3, LOOP_CLR_FD [pid 5827] <... openat resumed>) = 3 [pid 5827] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5827] close(3) = 0 [pid 5827] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6238] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6269 attached [pid 5827] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6269 [pid 6269] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6269] chdir("./7") = 0 [pid 6269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6269] setpgid(0, 0) = 0 [ 101.397051][ T6238] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 6269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6238] close(3 [pid 6269] <... openat resumed>) = 3 [pid 6269] write(3, "1000", 4) = 4 [pid 6269] close(3) = 0 [pid 6269] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6269] write(1, "executing program\n", 18) = 18 [pid 6269] memfd_create("syzkaller", 0) = 3 [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 101.438988][ T6197] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 22 [pid 6239] <... close resumed>) = 0 [ 101.494996][ T6197] bcachefs (loop3): clean shutdown complete, journal seq 23 [ 101.518371][ T6197] bcachefs (loop3): marking filesystem clean [pid 6239] exit_group(0) = ? [pid 6239] +++ exited with 0 +++ [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=47 /* 0.47 s */} --- [pid 6197] <... mount resumed>) = 0 [pid 5829] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5829] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", [pid 6197] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6197] <... openat resumed>) = 3 [pid 5829] newfstatat(AT_FDCWD, "./12/binderfs", [pid 6197] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5829] unlink("./12/binderfs" [pid 6197] close(4 [pid 5829] <... unlink resumed>) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6197] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 6240] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5829] close(4) = 0 [pid 5829] rmdir("./12/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./12") = 0 [pid 5829] mkdir("./13", 0777 [pid 6240] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] <... mkdir resumed>) = 0 [pid 6240] <... openat resumed>) = 3 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6240] ioctl(3, LOOP_CLR_FD [pid 5829] <... openat resumed>) = 3 [pid 6240] <... ioctl resumed>) = 0 [pid 6240] close(3 [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6197] exit_group(0) = ? [pid 6197] +++ exited with 0 +++ [pid 5829] close(3) = 0 [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=132 /* 1.32 s */} --- [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5830] restart_syscall(<... resuming interrupted clone ...> [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6270 [ 101.542973][ T6197] bcachefs (loop3): done starting filesystem [ 101.556545][ T6240] bcachefs: bch2_fs_get_tree() error: EINVAL ./strace-static-x86_64: Process 6270 attached [pid 5830] <... restart_syscall resumed>) = 0 [pid 5830] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6270] set_robust_list(0x55557bfcf660, 24 [pid 5830] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./6/binderfs" [pid 6270] <... set_robust_list resumed>) = 0 [pid 5830] <... unlink resumed>) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6270] chdir("./13") = 0 [pid 6270] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6270] setpgid(0, 0) = 0 [pid 6270] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6270] write(3, "1000", 4) = 4 [pid 6270] close(3) = 0 [pid 6270] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6238] <... close resumed>) = 0 [pid 6270] write(1, "executing program\n", 18executing program ) = 18 [ 101.646964][ T5830] bcachefs (loop3): shutting down [pid 6270] memfd_create("syzkaller", 0) = 3 [pid 6270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6238] exit_group(0) = ? [pid 6238] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6238, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=47 /* 0.47 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./12/binderfs") = 0 [pid 5828] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./12/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./12") = 0 [pid 5828] mkdir("./13", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6271 attached , child_tidptr=0x55557bfcf650) = 6271 [pid 6271] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6271] chdir("./13") = 0 [pid 6271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6271] setpgid(0, 0) = 0 [pid 6271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6271] write(3, "1000", 4) = 4 [pid 6271] close(3) = 0 [pid 6271] symlink("/dev/binderfs", "./binderfs") = 0 [ 101.759116][ T5830] bcachefs (loop3): shutdown complete executing program [pid 6271] write(1, "executing program\n", 18 [pid 6269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6271] <... write resumed>) = 18 [pid 6271] memfd_create("syzkaller", 0) = 3 [pid 6271] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6240] <... close resumed>) = 0 [pid 6240] exit_group(0) = ? [pid 6240] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=64 /* 0.64 s */} --- [pid 5831] umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, [pid 6270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./12/binderfs") = 0 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./12/file0") = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5831] close(3) = 0 [pid 5831] rmdir("./12") = 0 [pid 5831] mkdir("./13", 0777) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5831] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5831] close(3) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6272 attached , child_tidptr=0x55557bfcf650) = 6272 [pid 6272] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6272] chdir("./13") = 0 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3) = 0 [pid 6272] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6272] write(1, "executing program\n", 18) = 18 [pid 6272] memfd_create("syzkaller", 0) = 3 [pid 6272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 6271] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6269] <... write resumed>) = 16777216 [pid 6269] munmap(0x7eff75000000, 138412032) = 0 [pid 6269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6269] close(3) = 0 [pid 6269] close(4) = 0 [pid 6269] mkdir("./file0", 0777) = 0 [ 102.197294][ T6269] loop0: detected capacity change from 0 to 32768 [pid 6269] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6270] <... write resumed>) = 16777216 [pid 6270] munmap(0x7eff75000000, 138412032) = 0 [pid 6270] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 102.238024][ T6269] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [pid 6270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6270] close(3) = 0 [pid 6270] close(4) = 0 [pid 6270] mkdir("./file0", 0777) = 0 [ 102.296984][ T6270] loop2: detected capacity change from 0 to 32768 [pid 6270] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6271] <... write resumed>) = 16777216 [pid 6271] munmap(0x7eff75000000, 138412032) = 0 [pid 6271] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 102.362247][ T6270] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [pid 6271] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6271] close(3) = 0 [pid 6271] close(4) = 0 [pid 6271] mkdir("./file0", 0777) = 0 [ 102.412513][ T6271] loop1: detected capacity change from 0 to 32768 [pid 6271] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6272] <... write resumed>) = 16777216 [pid 6272] munmap(0x7eff75000000, 138412032) = 0 [pid 6272] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6272] close(3) = 0 [pid 6272] close(4) = 0 [pid 6272] mkdir("./file0", 0777) = 0 [ 102.452742][ T6271] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [ 102.490856][ T6272] loop4: detected capacity change from 0 to 32768 [ 102.516292][ T6272] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 102.719546][ T6269] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 102.723651][ T6270] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 102.738242][ T6269] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 102.754664][ T6269] bcachefs (loop0): superblock requires following recovery passes to be run: [ 102.754664][ T6269] check_inodes,check_extents,check_dirents [ 102.766825][ T6270] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 102.794374][ T6271] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 102.811527][ T6269] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size [ 102.811527][ T6269] running recovery passes: check_allocations,check_extents_to_backpointers [ 102.832035][ T6271] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 102.840822][ T6272] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 102.850169][ T6272] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 102.880239][ T6269] bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 102.880262][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 102.880279][ T6269] node offset 8/24 bset u64s 29 bset byte offset 152: keys out of order: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0 > u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0, fixing [ 102.951098][ T6269] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 5:4096:U32_MAX len 0 ver 0: [ 102.951121][ T6269] mode=40755 [ 102.951131][ T6269] flags=(16300000) [ 102.951142][ T6269] journal_seq=1 [ 102.951153][ T6269] hash_seed=28e4f092a4fc58ee [pid 6272] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6270] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6270] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6270] ioctl(3, LOOP_CLR_FD) = 0 [ 102.951164][ T6269] hash_type=siphash [ 102.951174][ T6269] bi_size=0 [ 102.951184][ T6269] bi_sectors=0 [ 102.951194][ T6269] bi_version=0 [ 102.951205][ T6269] bi_atime=200535484 [pid 6270] close(3 [pid 6272] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6272] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6272] ioctl(3, LOOP_CLR_FD) = 0 [ 102.951215][ T6269] bi_ctime=200535484 [ 102.951226][ T6269] bi_mtime=200535484 [ 102.951236][ T6269] bi_otime=200535484 [ 102.951247][ T6269] bi_uid=0 [ 102.951257][ T6269] bi_gid=0 [ 102.951266][ T6269] bi_nlink=1 [pid 6272] close(3 [pid 6271] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6271] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [ 102.951276][ T6269] bi_generation=0 [ 102.951287][ T6269] bi_dev=0 [ 102.951297][ T6269] bi_data_checksum=0 [ 102.951307][ T6269] bi_compression=0 [pid 6271] ioctl(3, LOOP_CLR_FD) = 0 [pid 6271] close(3 [pid 5830] <... umount2 resumed>) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./6/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./6") = 0 [pid 5830] mkdir("./7", 0777) = 0 [ 102.951318][ T6269] bi_project=0 [ 102.951328][ T6269] bi_background_compression=0 [ 102.951339][ T6269] bi_data_replicas=0 [ 102.951349][ T6269] bi_promote_target=0 [ 102.951360][ T6269] bi_foreground_target=0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6302 attached [pid 6302] set_robust_list(0x55557bfcf660, 24) = 0 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6302 [pid 6302] chdir("./7") = 0 [pid 6302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6302] setpgid(0, 0) = 0 [pid 6302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6302] write(3, "1000", 4) = 4 [pid 6302] close(3) = 0 [pid 6302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6302] write(1, "executing program\n", 18) = 18 [pid 6302] memfd_create("syzkaller", 0) = 3 [pid 6302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 102.951390][ T6269] bi_background_target=0 [ 102.951401][ T6269] bi_erasure_code=0 [ 102.951412][ T6269] bi_fields_set=0 [ 102.951422][ T6269] bi_dir=0 [ 102.951438][ T6269] bi_dir_offset=0 [ 102.951448][ T6269] bi_subvol=1 [ 102.951458][ T6269] bi_parent_subvol=0 [ 102.951468][ T6269] bi_nocow=0 [ 102.951478][ T6269] bi_depth=0 [ 102.951488][ T6269] bi_inodes_32bit=0 [ 102.951498][ T6269] nonzero k.p.inode: delete?, fixing [pid 6272] <... close resumed>) = 0 [pid 6270] <... close resumed>) = 0 [pid 6272] exit_group(0) = ? [pid 6272] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=53 /* 0.53 s */} --- [pid 5831] restart_syscall(<... resuming interrupted clone ...> [pid 6270] exit_group(0 [pid 5831] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6270] <... exit_group resumed>) = ? [pid 5831] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./13/binderfs" [pid 6270] +++ exited with 0 +++ [pid 5831] <... unlink resumed>) = 0 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6270, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=49 /* 0.49 s */} --- [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5831] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5829] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5829] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5829] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... openat resumed>) = 4 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 103.079028][ T6270] bcachefs: bch2_fs_get_tree() error: EINVAL [ 103.158558][ T6272] bcachefs: bch2_fs_get_tree() error: EINVAL [ 103.242632][ T6271] bcachefs: bch2_fs_get_tree() error: EINVAL [ 103.513589][ T6269] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [pid 5829] newfstatat(AT_FDCWD, "./13/binderfs", [pid 5831] newfstatat(4, "", [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] unlink("./13/binderfs") = 0 [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4) = 0 [pid 5829] rmdir("./13/file0") = 0 [pid 5829] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] close(3) = 0 [pid 5829] rmdir("./13") = 0 [pid 5829] mkdir("./14", 0777) = 0 [pid 5831] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5831] getdents64(4, [pid 5829] <... openat resumed>) = 3 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3) = 0 [pid 5831] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [ 103.513589][ T6269] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 103.548774][ T6269] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [pid 5831] close(4 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] <... close resumed>) = 0 [pid 5831] rmdir("./13/file0") = 0 ./strace-static-x86_64: Process 6303 attached [ 103.548796][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 103.548813][ T6269] node offset 0/32 bset u64s 0: checksum error, type none: got should be , fixing [ 103.593549][ T6269] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 103.593549][ T6269] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [pid 6271] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6303] set_robust_list(0x55557bfcf660, 24 [pid 6271] exit_group(0 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6303 [pid 6303] <... set_robust_list resumed>) = 0 [pid 6271] <... exit_group resumed>) = ? [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 6271] +++ exited with 0 +++ [pid 5831] close(3 [pid 6303] chdir("./14" [pid 5831] <... close resumed>) = 0 [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6271, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=40 /* 0.40 s */} --- [pid 6303] <... chdir resumed>) = 0 [pid 6303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5831] rmdir("./13") = 0 [pid 6303] <... prctl resumed>) = 0 [pid 6303] setpgid(0, 0 [pid 5831] mkdir("./14", 0777) = 0 [pid 6303] <... setpgid resumed>) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6303] <... openat resumed>) = 3 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6303] write(3, "1000", 4) = 4 [pid 5828] <... openat resumed>) = 3 [pid 6303] close(3 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 6303] <... close resumed>) = 0 [pid 6303] symlink("/dev/binderfs", "./binderfs" [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 103.622573][ T6269] bcachefs (loop0): accounting_read... done [pid 6303] <... symlink resumed>) = 0 [pid 5831] close(3 [pid 5828] getdents64(3, executing program 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 6303] write(1, "executing program\n", 18 [pid 5831] <... close resumed>) = 0 [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6303] <... write resumed>) = 18 [pid 6303] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6304 attached ) = 3 [pid 5828] umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6304] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6304] chdir("./14" [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6304 [pid 5828] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6304] <... chdir resumed>) = 0 [pid 5828] newfstatat(AT_FDCWD, "./13/binderfs", [pid 6303] <... mmap resumed>) = 0x7eff75000000 [pid 6304] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program ) = 0 [pid 6304] setpgid(0, 0) = 0 [pid 6304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6304] write(3, "1000", 4) = 4 [pid 6304] close(3) = 0 [pid 6304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6304] write(1, "executing program\n", 18) = 18 [pid 6304] memfd_create("syzkaller", 0) = 3 [pid 6304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 5828] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6304] <... mmap resumed>) = 0x7eff75000000 [pid 5828] unlink("./13/binderfs") = 0 [pid 5828] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 103.650191][ T6269] bcachefs (loop0): alloc_read... done [ 103.656436][ T6269] bcachefs (loop0): stripes_read... done [ 103.662642][ T6269] bcachefs (loop0): snapshots_read... done [ 103.671410][ T6269] bcachefs (loop0): check_allocations... [ 103.673297][ T6269] btree ptr not marked in member info btree allocated bitmap [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./13/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./13") = 0 [pid 5828] mkdir("./14", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [ 103.673317][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6305 attached , child_tidptr=0x55557bfcf650) = 6305 [pid 6305] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6305] chdir("./14") = 0 [pid 6305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6305] setpgid(0, 0) = 0 [pid 6305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 103.761625][ T6269] btree ptr not marked in member info btree allocated bitmap [ 103.761649][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [pid 6305] write(3, "1000", 4) = 4 [pid 6305] close(3) = 0 [pid 6305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6305] write(1, "executing program\n", 18executing program ) = 18 [pid 6305] memfd_create("syzkaller", 0) = 3 [pid 6305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 103.817631][ T6269] btree ptr not marked in member info btree allocated bitmap [ 103.817654][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 103.907485][ T6269] btree ptr not marked in member info btree allocated bitmap [ 103.907510][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [pid 6303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 103.973116][ T6269] btree ptr not marked in member info btree allocated bitmap [ 103.973138][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [pid 6304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6302] <... write resumed>) = 16777216 [pid 6302] munmap(0x7eff75000000, 138412032 [pid 6305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6302] <... munmap resumed>) = 0 [ 104.058668][ T6269] btree ptr not marked in member info btree allocated bitmap [ 104.058691][ T6269] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [pid 6302] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6302] close(3) = 0 [pid 6302] close(4) = 0 [pid 6302] mkdir("./file0", 0777) = 0 [ 104.134091][ T6269] done [ 104.135528][ T6302] loop3: detected capacity change from 0 to 32768 [ 104.184093][ T6302] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 104.185112][ T6269] bcachefs (loop0): going read-write [ 104.207658][ T6269] bcachefs (loop0): journal_replay... done [ 104.304848][ T6269] bcachefs (loop0): check_extents_to_backpointers... [ 104.307084][ T6269] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets [ 104.331829][ T6302] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 104.333739][ T6269] done [pid 6302] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6303] <... write resumed>) = 16777216 [ 104.347292][ T6302] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6303] munmap(0x7eff75000000, 138412032) = 0 [ 104.387559][ T6269] bcachefs (loop0): check_inodes... [ 104.388625][ T6269] inode points to missing dirent [ 104.388643][ T6269] inum: 536870912:4294967295 [ 104.388656][ T6269] mode=100755 [pid 6304] <... write resumed>) = 16777216 [pid 6304] munmap(0x7eff75000000, 138412032 [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6304] <... munmap resumed>) = 0 [pid 6303] <... openat resumed>) = 4 [pid 6303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6304] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6303] close(3) = 0 [pid 6304] <... openat resumed>) = 4 [pid 6303] close(4 [pid 6304] ioctl(4, LOOP_SET_FD, 3 [pid 6303] <... close resumed>) = 0 [pid 6303] mkdir("./file0", 0777 [pid 6304] <... ioctl resumed>) = 0 [pid 6304] close(3) = 0 [pid 6304] close(4) = 0 [pid 6304] mkdir("./file0", 0777 [pid 6303] <... mkdir resumed>) = 0 [pid 6304] <... mkdir resumed>) = 0 [pid 6303] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 104.388667][ T6269] flags=(15300000) [ 104.388678][ T6269] journal_seq=4 [ 104.388689][ T6269] hash_seed=8469d717004af4ef [ 104.388701][ T6269] hash_type=siphash [ 104.388712][ T6269] bi_size=10 [ 104.388724][ T6269] bi_sectors=8 [ 104.388734][ T6269] bi_version=0 [ 104.388746][ T6269] bi_atime=2780562352 [ 104.388757][ T6269] bi_ctime=2780562352 [ 104.388769][ T6269] bi_mtime=2780562352 [pid 6304] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6305] <... write resumed>) = 16777216 [pid 6305] munmap(0x7eff75000000, 138412032) = 0 [pid 6305] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6305] close(3) = 0 [pid 6305] close(4) = 0 [pid 6305] mkdir("./file0", 0777) = 0 [pid 6305] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6302] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6302] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6302] ioctl(3, LOOP_CLR_FD) = 0 [ 104.388780][ T6269] bi_otime=2780562352 [ 104.388791][ T6269] bi_uid=0 [ 104.388802][ T6269] bi_gid=0 [ 104.388813][ T6269] bi_nlink=0 [ 104.388824][ T6269] bi_generation=0 [ 104.388835][ T6269] bi_dev=0 [ 104.388846][ T6269] bi_data_checksum=0 [ 104.388857][ T6269] bi_compression=0 [ 104.388868][ T6269] bi_project=0 [ 104.388880][ T6269] bi_background_compression=0 [ 104.388891][ T6269] bi_data_replicas=0 [ 104.388903][ T6269] bi_promote_target=0 [ 104.388913][ T6269] bi_foreground_target=0 [ 104.388924][ T6269] bi_background_target=0 [ 104.388936][ T6269] bi_erasure_code=0 [ 104.388947][ T6269] bi_fields_set=0 [ 104.388959][ T6269] bi_dir=4096 [ 104.388970][ T6269] bi_dir_offset=4330382808765833931 [ 104.388982][ T6269] bi_subvol=0 [ 104.388993][ T6269] bi_parent_subvol=0 [ 104.389004][ T6269] bi_nocow=0 [ 104.389015][ T6269] bi_depth=0 [ 104.389026][ T6269] bi_inodes_32bit=0, fixing [ 104.445728][ T6303] loop2: detected capacity change from 0 to 32768 [ 104.462290][ T6304] loop4: detected capacity change from 0 to 32768 [ 104.469396][ T6304] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [pid 6302] close(3) = 0 [pid 6302] exit_group(0) = ? [pid 6304] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6304] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6304] ioctl(3, LOOP_CLR_FD) = 0 [pid 6304] close(3 [pid 6302] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6302, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=55 /* 0.55 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", [pid 6303] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 104.469541][ T6303] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 104.608580][ T6305] loop1: detected capacity change from 0 to 32768 [ 104.615720][ T6304] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 5830] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./7/binderfs") = 0 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./7/file0", [pid 6303] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5830] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6303] <... openat resumed>) = 3 [pid 5830] <... openat resumed>) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./7/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5830] close(3) = 0 [pid 5830] rmdir("./7") = 0 [pid 5830] mkdir("./8", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6303] ioctl(3, LOOP_CLR_FD [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5830] close(3 [pid 6303] <... ioctl resumed>) = 0 [pid 5830] <... close resumed>) = 0 [pid 5830] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6303] close(3 [pid 5830] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6334 ./strace-static-x86_64: Process 6334 attached [pid 6334] set_robust_list(0x55557bfcf660, 24) = 0 [ 104.615792][ T6304] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 104.620260][ T6305] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [pid 6334] chdir("./8") = 0 [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6334] setpgid(0, 0) = 0 [ 104.628052][ T6302] bcachefs: bch2_fs_get_tree() error: EINVAL [ 104.640668][ T6303] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 104.640734][ T6303] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete executing program [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6334] write(3, "1000", 4) = 4 [pid 6334] close(3) = 0 [pid 6334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6334] write(1, "executing program\n", 18) = 18 [pid 6334] memfd_create("syzkaller", 0) = 3 [pid 6334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 104.780727][ T6305] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [pid 6305] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6305] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6305] ioctl(3, LOOP_CLR_FD) = 0 [ 104.780799][ T6305] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 104.909919][ T6304] bcachefs: bch2_fs_get_tree() error: EINVAL [ 104.948954][ T6303] bcachefs: bch2_fs_get_tree() error: EINVAL [pid 6305] close(3 [pid 6304] <... close resumed>) = 0 [pid 6304] exit_group(0) = ? [pid 6304] +++ exited with 0 +++ [pid 5831] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6304, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=41 /* 0.41 s */} --- [ 105.137689][ T6305] bcachefs: bch2_fs_get_tree() error: EINVAL [ 105.193501][ T6269] done [pid 5831] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] unlink("./14/binderfs") = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5831] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5831] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5831] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5831] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5831] close(4) = 0 [pid 5831] rmdir("./14/file0") = 0 [ 105.236021][ T6269] bcachefs (loop0): check_extents... done [ 105.271299][ T6269] bcachefs (loop0): check_dirents... [pid 6303] <... close resumed>) = 0 [pid 5831] getdents64(3, [pid 6303] exit_group(0) = ? [pid 6303] +++ exited with 0 +++ [pid 5831] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5829] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6303, si_uid=0, si_status=0, si_utime=8 /* 0.08 s */, si_stime=50 /* 0.50 s */} --- [pid 5829] restart_syscall(<... resuming interrupted clone ...> [pid 5831] close(3) = 0 [pid 5831] rmdir("./14") = 0 [pid 5829] <... restart_syscall resumed>) = 0 [pid 5831] mkdir("./15", 0777) = 0 [pid 5829] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5831] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5829] newfstatat(3, "", [pid 5831] <... openat resumed>) = 3 [pid 5829] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5831] ioctl(3, LOOP_CLR_FD [pid 5829] getdents64(3, [pid 5831] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5831] close(3 [pid 5829] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5831] <... close resumed>) = 0 [pid 5829] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./14/binderfs", [pid 5831] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5829] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6335 attached [pid 6334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [ 105.272450][ T6269] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 5829] unlink("./14/binderfs") = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5829] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5829] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5831] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6335 [pid 5829] <... openat resumed>) = 4 [pid 5829] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5829] getdents64(4, [pid 6335] set_robust_list(0x55557bfcf660, 24 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5829] getdents64(4, [pid 6335] <... set_robust_list resumed>) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5829] close(4 [pid 6335] chdir("./15" [pid 5829] <... close resumed>) = 0 [pid 6335] <... chdir resumed>) = 0 [pid 5829] rmdir("./14/file0" [pid 6335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] <... rmdir resumed>) = 0 [pid 5829] getdents64(3, [pid 6335] setpgid(0, 0) = 0 [pid 5829] <... getdents64 resumed>0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 6335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5829] close(3) = 0 [pid 5829] rmdir("./14") = 0 [pid 5829] mkdir("./15", 0777 [pid 6335] <... openat resumed>) = 3 [pid 6335] write(3, "1000", 4 [pid 5829] <... mkdir resumed>) = 0 [pid 6335] <... write resumed>) = 4 [pid 5829] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6335] close(3) = 0 [pid 5829] <... openat resumed>) = 3 [pid 6335] symlink("/dev/binderfs", "./binderfs" [pid 5829] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5829] close(3 [pid 6335] <... symlink resumed>) = 0 executing program [pid 6335] write(1, "executing program\n", 18) = 18 [pid 5829] <... close resumed>) = 0 [pid 5829] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6335] memfd_create("syzkaller", 0) = 3 [pid 6335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [pid 5829] <... clone resumed>, child_tidptr=0x55557bfcf650) = 6336 ./strace-static-x86_64: Process 6336 attached [ 105.272472][ T6269] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 105.363141][ T6269] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [pid 6336] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6336] chdir("./15") = 0 [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6336] write(3, "1000", 4) = 4 [pid 6336] close(3) = 0 [pid 6336] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6336] write(1, "executing program\n", 18executing program ) = 18 [ 105.363165][ T6269] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [pid 6336] memfd_create("syzkaller", 0) = 3 [pid 6336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6305] <... close resumed>) = 0 [pid 6336] <... mmap resumed>) = 0x7eff75000000 [pid 6305] exit_group(0) = ? [pid 6305] +++ exited with 0 +++ [pid 5828] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6305, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=52 /* 0.52 s */} --- [pid 5828] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5828] umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5828] umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] unlink("./14/binderfs") = 0 [pid 5828] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.446074][ T6269] hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765825483, hashed to 4330382808765833931 [ 105.446099][ T6269] u64s 7 type dirent 4096:4330382808765825483:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing [ 105.488988][ T6269] dirent points to inode that does not point back: [pid 5828] newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5828] umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5828] openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5828] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5828] close(4) = 0 [pid 5828] rmdir("./14/file0") = 0 [pid 5828] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [pid 5828] rmdir("./14") = 0 [pid 5828] mkdir("./15", 0777) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5828] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5828] close(3) = 0 [pid 5828] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6337 attached , child_tidptr=0x55557bfcf650) = 6337 [ 105.489007][ T6269] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [pid 6337] set_robust_list(0x55557bfcf660, 24) = 0 [pid 6337] chdir("./15") = 0 [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6337] setpgid(0, 0) = 0 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6337] write(3, "1000", 4) = 4 [pid 6337] close(3) = 0 [pid 6337] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6337] write(1, "executing program\n", 18) = 18 [pid 6337] memfd_create("syzkaller", 0) = 3 [pid 6337] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7eff75000000 [ 105.489021][ T6269] inum: 536870912:4294967295 [ 105.489032][ T6269] mode=100755 [ 105.489042][ T6269] flags=(15300000) [ 105.489052][ T6269] journal_seq=19 [ 105.489062][ T6269] hash_seed=8469d717004af4ef [ 105.489073][ T6269] hash_type=siphash [ 105.489082][ T6269] bi_size=10 [ 105.489092][ T6269] bi_sectors=8 [ 105.489101][ T6269] bi_version=0 [ 105.489112][ T6269] bi_atime=2780562352 [ 105.489121][ T6269] bi_ctime=2780562352 [ 105.489132][ T6269] bi_mtime=2780562352 [ 105.489142][ T6269] bi_otime=2780562352 [ 105.489152][ T6269] bi_uid=0 [ 105.489162][ T6269] bi_gid=0 [ 105.489171][ T6269] bi_nlink=0 [ 105.489180][ T6269] bi_generation=0 [ 105.489190][ T6269] bi_dev=0 [ 105.489200][ T6269] bi_data_checksum=0 [ 105.489210][ T6269] bi_compression=0 [ 105.489219][ T6269] bi_project=0 [ 105.489230][ T6269] bi_background_compression=0 [ 105.489240][ T6269] bi_data_replicas=0 [ 105.489250][ T6269] bi_promote_target=0 [ 105.489265][ T6269] bi_foreground_target=0 [ 105.489276][ T6269] bi_background_target=0 [ 105.489286][ T6269] bi_erasure_code=0 [ 105.489296][ T6269] bi_fields_set=0 [ 105.489324][ T6269] bi_dir=0 [ 105.489335][ T6269] bi_dir_offset=4330382808765833931 [ 105.489346][ T6269] bi_subvol=0 [pid 6335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216 [pid 6334] <... write resumed>) = 16777216 [ 105.489357][ T6269] bi_parent_subvol=0 [ 105.489368][ T6269] bi_nocow=0 [ 105.489378][ T6269] bi_depth=0 [ 105.489389][ T6269] bi_inodes_32bit=0, fixing [ 105.786040][ T6269] inode 536870912:4294967295 has wrong backpointer: [ 105.786060][ T6269] got 0:4330382808765833931 [pid 6334] munmap(0x7eff75000000, 138412032) = 0 [ 105.786072][ T6269] should be 4096:4330382808765833931, fixing [ 105.828511][ T6269] dirent points to inode that does not point back: [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6334] close(3) = 0 [pid 6334] close(4) = 0 [pid 6334] mkdir("./file0", 0777) = 0 [pid 6334] mount("/dev/loop3", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [ 105.828532][ T6269] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg [ 105.828547][ T6269] inum: 536870912:4294967295 [ 105.828559][ T6269] mode=100755 [ 105.828569][ T6269] flags=(15300000) [ 105.828581][ T6269] journal_seq=19 [ 105.828591][ T6269] hash_seed=8469d717004af4ef [ 105.828603][ T6269] hash_type=siphash [ 105.828614][ T6269] bi_size=10 [ 105.828624][ T6269] bi_sectors=8 [ 105.828635][ T6269] bi_version=0 [ 105.828657][ T6269] bi_atime=2780562352 [ 105.828668][ T6269] bi_ctime=2780562352 [ 105.828678][ T6269] bi_mtime=2780562352 [ 105.828688][ T6269] bi_otime=2780562352 [ 105.828698][ T6269] bi_uid=0 [ 105.828708][ T6269] bi_gid=0 [ 105.828718][ T6269] bi_nlink=0 [ 105.828728][ T6269] bi_generation=0 [ 105.828738][ T6269] bi_dev=0 [pid 6337] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [ 105.828747][ T6269] bi_data_checksum=0 [ 105.828758][ T6269] bi_compression=0 [ 105.828768][ T6269] bi_project=0 [ 105.828778][ T6269] bi_background_compression=0 [ 105.828789][ T6269] bi_data_replicas=0 [pid 6337] munmap(0x7eff75000000, 138412032) = 0 [pid 6336] <... write resumed>) = 16777216 [pid 6336] munmap(0x7eff75000000, 138412032 [pid 6337] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 105.828799][ T6269] bi_promote_target=0 [ 105.828809][ T6269] bi_foreground_target=0 [ 105.828820][ T6269] bi_background_target=0 [ 105.828830][ T6269] bi_erasure_code=0 [ 105.828840][ T6269] bi_fields_set=0 [ 105.828850][ T6269] bi_dir=0 [ 105.828860][ T6269] bi_dir_offset=4330382808765833931 [ 105.828871][ T6269] bi_subvol=0 [pid 6337] ioctl(4, LOOP_SET_FD, 3 [pid 6336] <... munmap resumed>) = 0 [pid 6335] <... write resumed>) = 16777216 [pid 6336] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6336] ioctl(4, LOOP_SET_FD, 3 [pid 6337] <... ioctl resumed>) = 0 [pid 6335] munmap(0x7eff75000000, 138412032 [ 105.828881][ T6269] bi_parent_subvol=0 [ 105.828891][ T6269] bi_nocow=0 [ 105.828901][ T6269] bi_depth=0 [ 105.828911][ T6269] bi_inodes_32bit=0, fixing [ 105.868049][ T6334] loop3: detected capacity change from 0 to 32768 [ 105.887232][ T6334] bcachefs (/dev/loop3): error reading default superblock: checksum error, type none: got should be [ 106.020604][ T6334] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 106.020680][ T6334] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6337] close(3) = 0 [pid 6335] <... munmap resumed>) = 0 [pid 6337] close(4) = 0 [pid 6337] mkdir("./file0", 0777) = 0 [ 106.213987][ T6337] loop1: detected capacity change from 0 to 32768 [ 106.225810][ T6336] loop2: detected capacity change from 0 to 32768 [ 106.291778][ T6269] inode 536870912:4294967295 has wrong backpointer: [ 106.291801][ T6269] got 0:4330382808765833931 [ 106.291814][ T6269] should be 4096:4330382808765833931, fixing [ 106.303292][ T6337] bcachefs (/dev/loop1): error reading default superblock: checksum error, type none: got should be [pid 6337] mount("/dev/loop1", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6336] <... ioctl resumed>) = 0 [pid 6335] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6334] <... mount resumed>) = -1 EINVAL (Invalid argument) [pid 6336] close(3 [pid 6335] <... openat resumed>) = 4 [pid 6336] <... close resumed>) = 0 [pid 6335] ioctl(4, LOOP_SET_FD, 3 [pid 6336] close(4) = 0 [pid 6336] mkdir("./file0", 0777) = 0 [pid 6334] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6336] mount("/dev/loop2", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6335] <... ioctl resumed>) = 0 [pid 6334] <... openat resumed>) = 3 [pid 6335] close(3) = 0 [pid 6335] close(4) = 0 [ 106.320741][ T6269] hash table key at wrong offset: btree dirents inode 4096 offset 8130059955150870709, hashed to 6728544935518790663 [ 106.320763][ T6269] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 106.321098][ T6334] bcachefs: bch2_fs_get_tree() error: EINVAL [ 106.334886][ T6269] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 2 [ 106.368127][ T6335] loop4: detected capacity change from 0 to 32768 [pid 6335] mkdir("./file0", 0777) = 0 [pid 6334] ioctl(3, LOOP_CLR_FD [pid 6335] mount("/dev/loop4", "./file0", "bcachefs", MS_RDONLY|MS_STRICTATIME, "\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x65\x72\x72\x6f\x72\x5f\x73\x61\x66\x65\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x73\x6f\x6e\x5f\x75\x70\x67\x72\x61\x64\x65\x3d\x6e\x6f\x6e\x65\x2c\x73\x6d\x61\x63\x6b\x66\x73\x68\x61\x74\x3d\x2a\x2c\x6f\x62\x6a\x5f\x74\x79\x70\x65\x3d\x28\xaa\x29" [pid 6334] <... ioctl resumed>) = 0 [pid 6334] close(3 [pid 5827] kill(-6269, SIGKILL) = 0 [pid 5827] kill(6269, SIGKILL) = 0 [ 106.388420][ T6269] directory 4096:4294967295 with wrong i_size: got 0, should be 288, fixing [ 106.398711][ T6336] bcachefs (/dev/loop2): error reading default superblock: checksum error, type none: got should be [ 106.407593][ T6335] bcachefs (/dev/loop4): error reading default superblock: checksum error, type none: got should be [ 106.508602][ T6269] done [ 106.518713][ T6269] bcachefs (loop0): resume_logged_ops... done [ 106.535478][ T6337] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 106.548225][ T6269] bcachefs (loop0): delete_dead_inodes... done [ 106.554560][ T6337] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 106.563192][ T6335] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 106.579638][ T6269] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 106.588080][ T6335] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [pid 6334] <... close resumed>) = 0 [pid 6334] exit_group(0) = ? [pid 6334] +++ exited with 0 +++ [pid 5830] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6334, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=36 /* 0.36 s */} --- [pid 5830] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5830] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5830] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 4 entries */, 32768) = 112 [pid 5830] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] unlink("./8/binderfs") = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5830] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5830] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5830] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5830] getdents64(4, 0x55557bfd8730 /* 2 entries */, 32768) = 48 [pid 5830] getdents64(4, 0x55557bfd8730 /* 0 entries */, 32768) = 0 [pid 5830] close(4) = 0 [pid 5830] rmdir("./8/file0") = 0 [pid 5830] getdents64(3, 0x55557bfd06f0 /* 0 entries */, 32768) = 0 [ 106.595698][ T6269] bcachefs (loop0): check_extents_to_backpointers... done [ 106.609406][ T6336] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): filesystem UUID already open [ 106.621855][ T6269] bcachefs (loop0): check_inodes... done [ 106.624442][ T6336] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): shutdown complete [ 106.635332][ T6269] bcachefs (loop0): check_extents... done [pid 5830] close(3) = 0 [ 106.657180][ T6269] bcachefs (loop0): check_dirents... [ 106.657928][ T6269] dirent points to missing inode: [ 106.657945][ T6269] u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing [ 106.684235][ T6269] ================================================================== [ 106.692340][ T6269] BUG: KASAN: use-after-free in bch2_check_dirents+0x2b68/0x3e90 [ 106.700096][ T6269] Read of size 1 at addr ffff88805d564048 by task syz-executor265/6269 [ 106.708391][ T6269] [ 106.710749][ T6269] CPU: 1 UID: 0 PID: 6269 Comm: syz-executor265 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0 [ 106.710772][ T6269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 106.710788][ T6269] Call Trace: [ 106.710799][ T6269] [ 106.710807][ T6269] dump_stack_lvl+0x241/0x360 [ 106.710838][ T6269] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.710857][ T6269] ? __pfx__printk+0x10/0x10 [ 106.710899][ T6269] ? _printk+0xd5/0x120 [ 106.710925][ T6269] ? __virt_addr_valid+0x183/0x530 [ 106.710952][ T6269] ? __virt_addr_valid+0x183/0x530 [ 106.710979][ T6269] print_report+0x16e/0x5b0 [ 106.711005][ T6269] ? __virt_addr_valid+0x183/0x530 [ 106.711031][ T6269] ? __virt_addr_valid+0x183/0x530 [ 106.711056][ T6269] ? __virt_addr_valid+0x45f/0x530 [ 106.711082][ T6269] ? __phys_addr+0xba/0x170 [ 106.711107][ T6269] ? bch2_check_dirents+0x2b68/0x3e90 [ 106.711139][ T6269] kasan_report+0x143/0x180 [ 106.711166][ T6269] ? bch2_check_dirents+0x2b68/0x3e90 [ 106.711192][ T6269] bch2_check_dirents+0x2b68/0x3e90 [ 106.711253][ T6269] ? __pfx_bch2_check_dirents+0x10/0x10 [ 106.711280][ T6269] ? desc_read+0x1a2/0x3f0 [ 106.711313][ T6269] ? prb_first_seq+0x131/0x210 [ 106.711342][ T6269] ? __pfx_prb_first_seq+0x10/0x10 [ 106.711377][ T6269] ? this_cpu_in_panic+0x4f/0x80 [ 106.711418][ T6269] ? _prb_read_valid+0xa4c/0xad0 [ 106.711440][ T6269] ? __pfx__prb_read_valid+0x10/0x10 [ 106.711460][ T6269] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.711488][ T6269] ? prb_read_valid+0xa9/0xf0 [ 106.711504][ T6269] ? __pfx___console_unlock+0x10/0x10 [ 106.711524][ T6269] ? __pfx_prb_read_valid+0x10/0x10 [ 106.711541][ T6269] ? is_printk_cpu_sync_owner+0x32/0x40 [ 106.711566][ T6269] ? console_unlock+0x2fc/0x3b0 [ 106.711584][ T6269] ? __pfx_console_unlock+0x10/0x10 [ 106.711607][ T6269] ? vprintk_emit+0x7ed/0xa10 [ 106.711634][ T6269] ? __bch2_print+0x17a/0x220 [ 106.711660][ T6269] ? bch2_check_dirents+0x345/0x3e90 [ 106.711683][ T6269] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 106.711710][ T6269] bch2_run_recovery_pass+0xf0/0x1e0 [ 106.711728][ T6269] bch2_run_recovery_passes+0x2ad/0xa90 [ 106.711752][ T6269] bch2_fs_recovery+0x2c48/0x3de0 [ 106.711785][ T6269] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 106.711824][ T6269] ? __pfx_lock_release+0x10/0x10 [ 106.711848][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 106.711890][ T6269] ? __pfx_lock_release+0x10/0x10 [ 106.711920][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 106.711946][ T6269] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 106.711970][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 106.711998][ T6269] ? llist_reverse_order+0x72/0x90 [ 106.712027][ T6269] bch2_fs_start+0x37c/0x610 [ 106.712056][ T6269] bch2_fs_get_tree+0xdb7/0x17a0 [ 106.712089][ T6269] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 106.712116][ T6269] ? vfs_parse_monolithic_sep+0x423/0x460 [ 106.712139][ T6269] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 106.712155][ T6269] ? rcu_is_watching+0x15/0xb0 [ 106.712170][ T6269] ? cap_capable+0x139/0x450 [ 106.712205][ T6269] ? safesetid_security_capable+0xb2/0x1d0 [ 106.712229][ T6269] vfs_get_tree+0x90/0x2b0 [ 106.712253][ T6269] do_new_mount+0x2be/0xb40 [ 106.712281][ T6269] ? __pfx_do_new_mount+0x10/0x10 [ 106.712310][ T6269] __se_sys_mount+0x2d6/0x3c0 [ 106.712329][ T6269] ? __pfx___se_sys_mount+0x10/0x10 [ 106.712345][ T6269] ? do_syscall_64+0x100/0x230 [ 106.712376][ T6269] ? __x64_sys_mount+0x20/0xc0 [ 106.712392][ T6269] do_syscall_64+0xf3/0x230 [ 106.712414][ T6269] ? clear_bhb_loop+0x35/0x90 [ 106.712441][ T6269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.712465][ T6269] RIP: 0033:0x7eff7d61461a [ 106.712486][ T6269] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 106.712501][ T6269] RSP: 002b:00007ffd68e9c008 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 106.712520][ T6269] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff7d61461a [ 106.712533][ T6269] RDX: 0000400000000000 RSI: 0000400000000040 RDI: 00007ffd68e9c050 [ 106.712545][ T6269] RBP: 0000000000000004 R08: 00007ffd68e9c090 R09: 0000000000005956 [ 106.712557][ T6269] R10: 0000000001000001 R11: 0000000000000282 R12: 0000000001000000 [ 106.712585][ T6269] R13: 00007ffd68e9c090 R14: 0000400000000000 R15: 0000000000000003 [ 106.712605][ T6269] [ 106.712612][ T6269] [ 107.132160][ T6269] The buggy address belongs to the physical page: [ 107.138583][ T6269] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d564 [ 107.147785][ T6269] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 107.154905][ T6269] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 107.163488][ T6269] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 107.172062][ T6269] page dumped because: kasan: bad access detected [ 107.178486][ T6269] page_owner tracks the page as freed [ 107.183851][ T6269] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 6269, tgid 6269 (syz-executor265), ts 106334437847, free_ts 106682597280 [ 107.202523][ T6269] post_alloc_hook+0x1f4/0x240 [ 107.207298][ T6269] get_page_from_freelist+0x3651/0x37a0 [ 107.212853][ T6269] __alloc_frozen_pages_noprof+0x292/0x710 [ 107.218662][ T6269] __alloc_pages_noprof+0xa/0x30 [ 107.223606][ T6269] ___kmalloc_large_node+0x8b/0x1d0 [ 107.228805][ T6269] __kmalloc_large_node_noprof+0x1a/0x80 [ 107.234462][ T6269] __kmalloc_node_noprof+0x33a/0x4d0 [ 107.239749][ T6269] __kvmalloc_node_noprof+0x72/0x190 [ 107.245049][ T6269] btree_node_sort+0x620/0x1830 [ 107.249917][ T6269] bch2_btree_post_write_cleanup+0x11a/0xa70 [ 107.255911][ T6269] bch2_btree_node_prep_for_write+0x345/0x660 [ 107.261985][ T6269] bch2_trans_lock_write+0x68e/0xc60 [ 107.267280][ T6269] __bch2_trans_commit+0x258c/0x9790 [ 107.272572][ T6269] __bch2_str_hash_check_key+0x1ea4/0x3ac0 [ 107.278382][ T6269] bch2_check_dirents+0x2eb0/0x3e90 [ 107.283585][ T6269] bch2_run_recovery_pass+0xf0/0x1e0 [ 107.288880][ T6269] page last free pid 6269 tgid 6269 stack trace: [ 107.295200][ T6269] __free_pages_ok+0xbbc/0xe40 [ 107.299965][ T6269] __folio_put+0x2b3/0x360 [ 107.304384][ T6269] free_large_kmalloc+0xfe/0x180 [ 107.309318][ T6269] kfree+0x212/0x430 [ 107.313229][ T6269] btree_node_sort+0x1100/0x1830 [ 107.318181][ T6269] bch2_btree_post_write_cleanup+0x11a/0xa70 [ 107.324169][ T6269] bch2_btree_node_prep_for_write+0x345/0x660 [ 107.330244][ T6269] bch2_trans_lock_write+0x68e/0xc60 [ 107.335529][ T6269] __bch2_trans_commit+0x258c/0x9790 [ 107.340815][ T6269] bch2_check_dirents+0x28be/0x3e90 [ 107.346012][ T6269] bch2_run_recovery_pass+0xf0/0x1e0 [ 107.351293][ T6269] bch2_run_recovery_passes+0x2ad/0xa90 [ 107.356857][ T6269] bch2_fs_recovery+0x2c48/0x3de0 [ 107.361891][ T6269] bch2_fs_start+0x37c/0x610 [ 107.366483][ T6269] bch2_fs_get_tree+0xdb7/0x17a0 [ 107.371421][ T6269] vfs_get_tree+0x90/0x2b0 [ 107.375842][ T6269] [ 107.378160][ T6269] Memory state around the buggy address: [ 107.383788][ T6269] ffff88805d563f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 107.391846][ T6269] ffff88805d563f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 107.399922][ T6269] >ffff88805d564000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [pid 5830] rmdir("./8") = 0 [pid 5830] mkdir("./9", 0777) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5830] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 107.407992][ T6269] ^ [ 107.414406][ T6269] ffff88805d564080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 107.422468][ T6269] ffff88805d564100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 107.430539][ T6269] ================================================================== [ 107.486702][ T6269] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 107.493942][ T6269] CPU: 1 UID: 0 PID: 6269 Comm: syz-executor265 Not tainted 6.14.0-rc3-syzkaller-00166-g334426094588 #0 [ 107.505071][ T6269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.515145][ T6269] Call Trace: [ 107.518440][ T6269] [ 107.521372][ T6269] dump_stack_lvl+0x241/0x360 [ 107.526059][ T6269] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.531259][ T6269] ? __pfx__printk+0x10/0x10 [ 107.535862][ T6269] ? preempt_schedule+0xe1/0xf0 [ 107.540720][ T6269] ? vscnprintf+0x5d/0x90 [ 107.545048][ T6269] panic+0x349/0x880 [ 107.548981][ T6269] ? check_panic_on_warn+0x21/0xb0 [ 107.554206][ T6269] ? __pfx_panic+0x10/0x10 [ 107.558650][ T6269] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 107.564662][ T6269] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 107.571045][ T6269] ? print_report+0x519/0x5b0 [ 107.575738][ T6269] check_panic_on_warn+0x86/0xb0 [ 107.580700][ T6269] ? bch2_check_dirents+0x2b68/0x3e90 [ 107.586085][ T6269] end_report+0x77/0x160 [ 107.590353][ T6269] kasan_report+0x154/0x180 [ 107.594876][ T6269] ? bch2_check_dirents+0x2b68/0x3e90 [ 107.600263][ T6269] bch2_check_dirents+0x2b68/0x3e90 [ 107.605500][ T6269] ? __pfx_bch2_check_dirents+0x10/0x10 [ 107.611059][ T6269] ? desc_read+0x1a2/0x3f0 [ 107.615493][ T6269] ? prb_first_seq+0x131/0x210 [ 107.620278][ T6269] ? __pfx_prb_first_seq+0x10/0x10 [ 107.625413][ T6269] ? this_cpu_in_panic+0x4f/0x80 [ 107.630374][ T6269] ? _prb_read_valid+0xa4c/0xad0 [ 107.635320][ T6269] ? __pfx__prb_read_valid+0x10/0x10 [ 107.640618][ T6269] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.646968][ T6269] ? prb_read_valid+0xa9/0xf0 [ 107.651651][ T6269] ? __pfx___console_unlock+0x10/0x10 [ 107.657029][ T6269] ? __pfx_prb_read_valid+0x10/0x10 [ 107.662240][ T6269] ? is_printk_cpu_sync_owner+0x32/0x40 [ 107.667815][ T6269] ? console_unlock+0x2fc/0x3b0 [ 107.672686][ T6269] ? __pfx_console_unlock+0x10/0x10 [ 107.677910][ T6269] ? vprintk_emit+0x7ed/0xa10 [ 107.682606][ T6269] ? __bch2_print+0x17a/0x220 [ 107.687309][ T6269] ? bch2_check_dirents+0x345/0x3e90 [ 107.692604][ T6269] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.698964][ T6269] bch2_run_recovery_pass+0xf0/0x1e0 [ 107.704260][ T6269] bch2_run_recovery_passes+0x2ad/0xa90 [ 107.709824][ T6269] bch2_fs_recovery+0x2c48/0x3de0 [ 107.714868][ T6269] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 107.720260][ T6269] ? __pfx_lock_release+0x10/0x10 [ 107.725314][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 107.730959][ T6269] ? __pfx_lock_release+0x10/0x10 [ 107.736005][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 107.741642][ T6269] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 107.747365][ T6269] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 107.753000][ T6269] ? llist_reverse_order+0x72/0x90 [ 107.758121][ T6269] bch2_fs_start+0x37c/0x610 [ 107.762725][ T6269] bch2_fs_get_tree+0xdb7/0x17a0 [ 107.767687][ T6269] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 107.773071][ T6269] ? vfs_parse_monolithic_sep+0x423/0x460 [ 107.778788][ T6269] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 107.784423][ T6269] ? rcu_is_watching+0x15/0xb0 [ 107.789182][ T6269] ? cap_capable+0x139/0x450 [ 107.793785][ T6269] ? safesetid_security_capable+0xb2/0x1d0 [ 107.799605][ T6269] vfs_get_tree+0x90/0x2b0 [ 107.804032][ T6269] do_new_mount+0x2be/0xb40 [ 107.808554][ T6269] ? __pfx_do_new_mount+0x10/0x10 [ 107.813598][ T6269] __se_sys_mount+0x2d6/0x3c0 [ 107.818276][ T6269] ? __pfx___se_sys_mount+0x10/0x10 [ 107.823497][ T6269] ? do_syscall_64+0x100/0x230 [ 107.828273][ T6269] ? __x64_sys_mount+0x20/0xc0 [ 107.833170][ T6269] do_syscall_64+0xf3/0x230 [ 107.837684][ T6269] ? clear_bhb_loop+0x35/0x90 [ 107.842387][ T6269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.848288][ T6269] RIP: 0033:0x7eff7d61461a [ 107.852703][ T6269] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 107.872325][ T6269] RSP: 002b:00007ffd68e9c008 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 107.880753][ T6269] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007eff7d61461a [ 107.888721][ T6269] RDX: 0000400000000000 RSI: 0000400000000040 RDI: 00007ffd68e9c050 [ 107.896694][ T6269] RBP: 0000000000000004 R08: 00007ffd68e9c090 R09: 0000000000005956 [ 107.904840][ T6269] R10: 0000000001000001 R11: 0000000000000282 R12: 0000000001000000 [ 107.912986][ T6269] R13: 00007ffd68e9c090 R14: 0000400000000000 R15: 0000000000000003 [ 107.920965][ T6269] [ 107.924316][ T6269] Kernel Offset: disabled [ 107.928637][ T6269] Rebooting in 86400 seconds..