./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2698420722 <...> Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. execve("./syz-executor2698420722", ["./syz-executor2698420722"], 0x7fff9996bd20 /* 10 vars */) = 0 brk(NULL) = 0x55557bf9c000 brk(0x55557bf9cd00) = 0x55557bf9cd00 arch_prctl(ARCH_SET_FS, 0x55557bf9c380) = 0 set_tid_address(0x55557bf9c650) = 5832 set_robust_list(0x55557bf9c660, 24) = 0 rseq(0x55557bf9cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2698420722", 4096) = 28 getrandom("\x17\x06\xee\xee\x60\xf8\x10\x3c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557bf9cd00 brk(0x55557bfbdd00) = 0x55557bfbdd00 brk(0x55557bfbe000) = 0x55557bfbe000 mprotect(0x7fd730b3e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55557bf9c660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55557bf9c650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd728600000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fd728600000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file0", 0777) = 0 [ 77.845159][ T5833] loop0: detected capacity change from 0 to 32768 [ 77.945579][ T5833] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 77.961277][ T5833] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 77.969539][ T5833] bcachefs (loop0): Version upgrade required: [ 77.969539][ T5833] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 77.969539][ T5833] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 77.969539][ T5833] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 78.055750][ T5833] bcachefs (loop0): accounting_read... done [ 78.063051][ T5833] bcachefs (loop0): alloc_read... done [ 78.069257][ T5833] bcachefs (loop0): stripes_read... done [ 78.075480][ T5833] bcachefs (loop0): snapshots_read... done [ 78.082318][ T5833] bcachefs (loop0): check_allocations... done [ 78.106943][ T5833] bcachefs (loop0): going read-write [ 78.114825][ T5833] bcachefs (loop0): journal_replay... done [ 78.142947][ T5833] bcachefs (loop0): check_alloc_info... done [ 78.154687][ T5833] bcachefs (loop0): check_lrus... done [ 78.162394][ T5833] bcachefs (loop0): check_btree_backpointers... done [ 78.170481][ T5833] bcachefs (loop0): check_backpointers_to_extents... done [ 78.179180][ T5833] bcachefs (loop0): check_extents_to_backpointers... [ 78.180107][ T5833] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 78.180169][ T5833] got: u64s 5 type deleted 0:9961472:0 len 0 ver 0 [ 78.180184][ T5833] want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 78.226556][ T5833] missing backpointer for btree=dirents l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 78.226584][ T5833] got: u64s 5 type deleted 0:10747904:0 len 0 ver 0 [ 78.226674][ T5833] want: u64s 9 type backpointer 0:10747904:0 len 0 ver 0: bucket=0:41:0 btree=dirents l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 78.265130][ T5833] missing backpointer for btree=alloc l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 78.265156][ T5833] got: u64s 5 type deleted 0:6815744:0 len 0 ver 0 [ 78.265169][ T5833] want: u64s 9 type backpointer 0:6815744:0 len 0 ver 0: bucket=0:26:0 btree=alloc l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 78.303716][ T5833] missing backpointer for btree=subvolumes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 78.303736][ T5833] got: u64s 5 type deleted 0:9175040:0 len 0 ver 0 [ 78.303746][ T5833] want: u64s 9 type backpointer 0:9175040:0 len 0 ver 0: bucket=0:35:0 btree=subvolumes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 78.342362][ T5833] missing backpointer for btree=snapshots l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 78.342388][ T5833] got: u64s 5 type deleted 0:8388608:0 len 0 ver 0 [ 78.342402][ T5833] want: u64s 9 type backpointer 0:8388608:0 len 0 ver 0: bucket=0:32:0 btree=snapshots l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 78.382838][ T5833] ------------[ cut here ]------------ [ 78.388465][ T5833] kernel BUG at fs/bcachefs/btree_iter.c:2929! [ 78.394750][ T5833] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 78.401721][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor269 Not tainted 6.12.0-rc6-syzkaller-00110-gff7afaeca1a1 #0 [ 78.412846][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 78.422912][ T5833] RIP: 0010:bch2_trans_node_iter_init+0x61d/0x630 [ 78.429346][ T5833] Code: 89 d9 80 e1 07 fe c1 38 c1 0f 8c aa fd ff ff 48 89 df e8 86 35 e3 fd e9 9d fd ff ff e8 6c 93 7c fd 90 0f 0b e8 64 93 7c fd 90 <0f> 0b e8 5c 93 7c fd 90 0f 0b e8 04 60 a6 07 0f 1f 40 00 90 90 90 [ 78.448970][ T5833] RSP: 0018:ffffc90003e46020 EFLAGS: 00010293 [ 78.455057][ T5833] RAX: ffffffff8418469c RBX: 0000000000000003 RCX: ffff88807c921e00 [ 78.463044][ T5833] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000003 [ 78.471022][ T5833] RBP: ffffc90003e46158 R08: ffffffff8418446b R09: ffffffffffffffff [ 78.479002][ T5833] R10: ffffffffffffffff R11: ffffffffffffffff R12: dffffc0000000000 [ 78.487090][ T5833] R13: 000000000000000b R14: 0000000000000000 R15: 0000000000000000 [ 78.495066][ T5833] FS: 000055557bf9c380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 78.504005][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.510591][ T5833] CR2: 00005581819a0848 CR3: 00000000737e2000 CR4: 00000000003526f0 [ 78.518576][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.526553][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.534527][ T5833] Call Trace: [ 78.537810][ T5833] [ 78.540762][ T5833] ? __die_body+0x5f/0xb0 [ 78.545101][ T5833] ? die+0x9e/0xc0 [ 78.548845][ T5833] ? do_trap+0x15a/0x3a0 [ 78.553102][ T5833] ? bch2_trans_node_iter_init+0x61d/0x630 [ 78.558924][ T5833] ? do_error_trap+0x1dc/0x2c0 [ 78.563701][ T5833] ? bch2_trans_node_iter_init+0x61d/0x630 [ 78.569523][ T5833] ? __pfx_do_error_trap+0x10/0x10 [ 78.574655][ T5833] ? handle_invalid_op+0x34/0x40 [ 78.579604][ T5833] ? bch2_trans_node_iter_init+0x61d/0x630 [ 78.585436][ T5833] ? exc_invalid_op+0x38/0x50 [ 78.590135][ T5833] ? asm_exc_invalid_op+0x1a/0x20 [ 78.595202][ T5833] ? bch2_trans_node_iter_init+0x3eb/0x630 [ 78.601023][ T5833] ? bch2_trans_node_iter_init+0x61c/0x630 [ 78.606840][ T5833] ? bch2_trans_node_iter_init+0x61d/0x630 [ 78.612662][ T5833] ? bch2_backpointer_get_node+0x2c6/0x880 [ 78.618482][ T5833] ? __pfx_bch2_trans_node_iter_init+0x10/0x10 [ 78.624649][ T5833] ? __pfx_bp_pos_to_bucket_nodev_noerror+0x10/0x10 [ 78.631250][ T5833] ? bch2_backpointer_get_node+0x261/0x880 [ 78.637068][ T5833] bch2_backpointer_get_node+0x2c6/0x880 [ 78.642799][ T5833] ? __asan_memset+0x23/0x50 [ 78.647401][ T5833] ? __pfx_bch2_backpointer_get_node+0x10/0x10 [ 78.653565][ T5833] ? bch2_btree_path_peek_slot+0x8e7/0xf90 [ 78.659391][ T5833] ? bch2_btree_iter_peek_slot+0x14a1/0x2550 [ 78.665386][ T5833] bch2_backpointer_get_key+0x61c/0x970 [ 78.670942][ T5833] ? check_extent_to_backpointers+0x6ff/0x46b0 [ 78.677106][ T5833] ? bch2_path_get+0xe8d/0x1520 [ 78.682081][ T5833] ? __pfx_bch2_backpointer_get_key+0x10/0x10 [ 78.688163][ T5833] ? __pfx_bch2_btree_write_buffer_maybe_flush+0x10/0x10 [ 78.695202][ T5833] check_extent_to_backpointers+0x21f9/0x46b0 [ 78.701290][ T5833] ? check_extent_to_backpointers+0x6ff/0x46b0 [ 78.707488][ T5833] ? __pfx_check_extent_to_backpointers+0x10/0x10 [ 78.713912][ T5833] ? __pfx_bch2_btree_path_verify_level+0x10/0x10 [ 78.720335][ T5833] ? __asan_memset+0x23/0x50 [ 78.724936][ T5833] ? __bkey_unpack_pos+0x4da/0x790 [ 78.730060][ T5833] ? check_extent_to_backpointers+0x6ff/0x46b0 [ 78.736229][ T5833] ? bch2_backpointer_get_node+0x2c6/0x880 [ 78.742044][ T5833] ? __bch2_btree_path_set_pos+0xbfa/0x1710 [ 78.747957][ T5833] ? bch2_trans_begin+0x9c5/0x1c00 [ 78.753079][ T5833] ? bch2_btree_path_verify_locks+0x633/0x720 [ 78.759162][ T5833] ? bch2_check_extents_to_backpointers+0xc01/0x1bf0 [ 78.765852][ T5833] ? __asan_memset+0x23/0x50 [ 78.770452][ T5833] bch2_check_extents_to_backpointers+0xeb8/0x1bf0 [ 78.776974][ T5833] ? __pfx_bch2_check_extents_to_backpointers+0x10/0x10 [ 78.783923][ T5833] ? __pfx__prb_read_valid+0x10/0x10 [ 78.789215][ T5833] ? bch2_check_extents_to_backpointers+0xc01/0x1bf0 [ 78.795900][ T5833] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.802262][ T5833] ? __console_unlock+0x12d/0x1f0 [ 78.807359][ T5833] ? prb_read_valid+0xa9/0xf0 [ 78.812074][ T5833] ? bch2_check_extents_to_backpointers+0x10a8/0x1bf0 [ 78.819030][ T5833] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 78.825195][ T5833] ? console_unlock+0x2fc/0x3b0 [ 78.830060][ T5833] ? __pfx_console_unlock+0x10/0x10 [ 78.835273][ T5833] ? irq_work_queue+0xd1/0x150 [ 78.840052][ T5833] ? rcu_is_watching+0x15/0xb0 [ 78.844823][ T5833] ? __bch2_print+0x17a/0x220 [ 78.849509][ T5833] ? local_clock+0x10/0x30 [ 78.853930][ T5833] ? bch2_run_recovery_pass+0x6d/0x1e0 [ 78.859395][ T5833] ? __pfx___bch2_print+0x10/0x10 [ 78.864436][ T5833] ? __bch2_fs_read_write+0x35c/0x370 [ 78.869937][ T5833] bch2_run_recovery_pass+0xf0/0x1e0 [ 78.875236][ T5833] bch2_run_recovery_passes+0x387/0x870 [ 78.880793][ T5833] bch2_fs_recovery+0x25cc/0x39c0 [ 78.885842][ T5833] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 78.891234][ T5833] ? __pfx_lock_release+0x10/0x10 [ 78.896276][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.901914][ T5833] ? __pfx_lock_release+0x10/0x10 [ 78.906957][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.912596][ T5833] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 78.918337][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.923977][ T5833] ? llist_reverse_order+0x72/0x90 [ 78.929098][ T5833] bch2_fs_start+0x356/0x5b0 [ 78.933704][ T5833] bch2_fs_get_tree+0xd68/0x1710 [ 78.938663][ T5833] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.944048][ T5833] ? smack_fs_context_parse_param+0xff/0x170 [ 78.950046][ T5833] ? generic_parse_monolithic+0x387/0x400 [ 78.955798][ T5833] ? cap_capable+0x1b4/0x250 [ 78.960421][ T5833] ? safesetid_security_capable+0xb2/0x1d0 [ 78.966260][ T5833] vfs_get_tree+0x90/0x2b0 [ 78.970715][ T5833] do_new_mount+0x2be/0xb40 [ 78.975247][ T5833] ? __pfx_do_new_mount+0x10/0x10 [ 78.980309][ T5833] __se_sys_mount+0x2d6/0x3c0 [ 78.985021][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 78.990241][ T5833] ? do_syscall_64+0x100/0x230 [ 78.995059][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 78.999852][ T5833] do_syscall_64+0xf3/0x230 [ 79.004377][ T5833] ? clear_bhb_loop+0x35/0x90 [ 79.009103][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.015038][ T5833] RIP: 0033:0x7fd730ac6dba [ 79.019484][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.039101][ T5833] RSP: 002b:00007ffecf0c5a28 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 79.047545][ T5833] RAX: ffffffffffffffda RBX: 00007ffecf0c5a40 RCX: 00007fd730ac6dba [ 79.055532][ T5833] RDX: 0000000020000040 RSI: 0000000020005900 RDI: 00007ffecf0c5a40 [ 79.063521][ T5833] RBP: 0000000000000004 R08: 00007ffecf0c5a80 R09: 002c647261637350 [ 79.071506][ T5833] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 79.079484][ T5833] R13: 00007ffecf0c5a80 R14: 0000000000000003 R15: 0000000001000000 [ 79.087467][ T5833] [ 79.090489][ T5833] Modules linked in: [ 79.094596][ T5833] ---[ end trace 0000000000000000 ]--- [ 79.100174][ T5833] RIP: 0010:bch2_trans_node_iter_init+0x61d/0x630 [ 79.106704][ T5833] Code: 89 d9 80 e1 07 fe c1 38 c1 0f 8c aa fd ff ff 48 89 df e8 86 35 e3 fd e9 9d fd ff ff e8 6c 93 7c fd 90 0f 0b e8 64 93 7c fd 90 <0f> 0b e8 5c 93 7c fd 90 0f 0b e8 04 60 a6 07 0f 1f 40 00 90 90 90 [ 79.126607][ T5833] RSP: 0018:ffffc90003e46020 EFLAGS: 00010293 [ 79.132933][ T5833] RAX: ffffffff8418469c RBX: 0000000000000003 RCX: ffff88807c921e00 [ 79.141013][ T5833] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000003 [ 79.149014][ T5833] RBP: ffffc90003e46158 R08: ffffffff8418446b R09: ffffffffffffffff [ 79.157055][ T5833] R10: ffffffffffffffff R11: ffffffffffffffff R12: dffffc0000000000 [ 79.165090][ T5833] R13: 000000000000000b R14: 0000000000000000 R15: 0000000000000000 [ 79.173105][ T5833] FS: 000055557bf9c380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 79.182130][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.188712][ T5833] CR2: 00005581819a0848 CR3: 00000000737e2000 CR4: 00000000003526f0 [ 79.196729][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.204797][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.212844][ T5833] Kernel panic - not syncing: Fatal exception [ 79.219259][ T5833] Kernel Offset: disabled [ 79.223618][ T5833] Rebooting in 86400 seconds..