./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor138592484 <...> Warning: Permanently added '10.128.0.29' (ED25519) to the list of known hosts. execve("./syz-executor138592484", ["./syz-executor138592484"], 0x7ffc21985000 /* 10 vars */) = 0 brk(NULL) = 0x55558406b000 brk(0x55558406bd00) = 0x55558406bd00 arch_prctl(ARCH_SET_FS, 0x55558406b380) = 0 set_tid_address(0x55558406b650) = 5820 set_robust_list(0x55558406b660, 24) = 0 rseq(0x55558406bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor138592484", 4096) = 27 getrandom("\x13\x75\xb5\x3b\x94\xca\x92\x55", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558406bd00 brk(0x55558408cd00) = 0x55558408cd00 brk(0x55558408d000) = 0x55558408d000 mprotect(0x7ff945cbd000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 mkdir("./syzkaller.2rNHn3", 0700) = 0 chmod("./syzkaller.2rNHn3", 0777) = 0 chdir("./syzkaller.2rNHn3") = 0 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff93d800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7ff93d800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./bus", 0777) = 0 [ 58.041202][ T5820] loop0: detected capacity change from 0 to 32768 [ 58.118220][ T5820] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 2047,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 58.144616][ T5820] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 58.152902][ T5820] bcachefs (loop0): Version upgrade required: [ 58.152902][ T5820] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 58.152902][ T5820] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size [ 58.152902][ T5820] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 58.225284][ T5820] bcachefs (loop0): dropping and reconstructing all alloc info [ 58.238246][ T5820] invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4099:U32_MAX len 0 ver 0: (unpack error) [ 58.238262][ T5820] invalid variable length fields: delete?, fixing [ 58.260835][ T5820] bcachefs (loop0): accounting_read... done [ 58.267626][ T5820] bcachefs (loop0): alloc_read... done [ 58.273236][ T5820] bcachefs (loop0): stripes_read... done [ 58.278898][ T5820] bcachefs (loop0): snapshots_read... done [ 58.284958][ T5820] bcachefs (loop0): check_allocations... done [ 58.304086][ T5820] bcachefs (loop0): going read-write mount("/dev/loop0", "./bus", "bcachefs", 0, "\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x74\x72\x61\x6e\x73\x61\x63\x61\xce\xb3\xa3\x8c\xcb\x22\x80\x65\x73\x2c\x62\x74\x72\x65\x65\x5f\x6e\x6f\x64\x65\x5f\x70\x72\x65\x66\x65\x74\x63\x68\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x66\x6c\x75\x73\x68\x5f\x64\x69\x73\x61\x62\x6c\x65\x64\x2c\x66\x73\x63\x6b\x2c\x6a\x6f\x75\x72\x6e\x61\x6c\x5f\x66\x6c\x75\x73\x68\x5f\x64\x69\x73\x61\x62\x6c\x65\x64\x2c\x72\x61\x74"...) = 0 openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 chdir("./bus") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.318341][ T5820] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 58.330824][ T5820] bcachefs (loop0): done starting filesystem [ 58.337334][ T2974] bucket incorrectly unset in freespace btree [ 58.337359][ T2974] u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing [ 58.352277][ T2974] bucket incorrectly unset in freespace btree [ 58.352289][ T2974] u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing ioctl(4, LOOP_CLR_FD) = 0 close(4) = 0 open("./file1", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE, 000) = 4 [ 58.368073][ T2974] bucket incorrectly unset in freespace btree [ 58.368084][ T2974] u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing [ 58.434041][ T2974] bucket incorrectly unset in freespace btree [ 58.434058][ T2974] u64s 5 type deleted 0:37:0 len 0 ver 0, , continuing [ 58.434667][ T5820] ------------[ cut here ]------------ [ 58.453363][ T5820] kernel BUG at fs/bcachefs/btree_journal_iter.c:83! [ 58.460273][ T5820] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 58.467221][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor138 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 [ 58.478313][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 58.488358][ T5820] RIP: 0010:bch2_journal_keys_peek_max+0x164f/0x1660 [ 58.495030][ T5820] Code: 10 48 8d 5c 08 18 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 ff b1 e1 fd 4c 8b 33 e9 d7 fe ff ff e8 12 a0 7d fd 90 <0f> 0b e8 2a 49 ac 07 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 58.514618][ T5820] RSP: 0018:ffffc90003fae620 EFLAGS: 00010293 [ 58.520671][ T5820] RAX: ffffffff8441af2e RBX: 000000000000003b RCX: ffff88807f1c1e00 [ 58.528626][ T5820] RDX: 0000000000000000 RSI: 000000000000003b RDI: ffffffffffffffff [ 58.536585][ T5820] RBP: ffffc90003fae7e0 R08: ffffffff84419a25 R09: 0000000000000000 [ 58.544542][ T5820] R10: 00000001ffffffff R11: 2000000000000000 R12: dffffc0000000000 [ 58.552514][ T5820] R13: ffff888074e00000 R14: ffffffffffffffff R15: ffffc90003faf018 [ 58.560481][ T5820] FS: 000055558406b380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 58.569401][ T5820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.575974][ T5820] CR2: 00007fffdf737ed0 CR3: 0000000076148000 CR4: 00000000003526f0 [ 58.583939][ T5820] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.591908][ T5820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.599864][ T5820] Call Trace: [ 58.603137][ T5820] [ 58.606054][ T5820] ? __die_body+0x5f/0xb0 [ 58.610378][ T5820] ? die+0x9e/0xc0 [ 58.614088][ T5820] ? do_trap+0x15a/0x3a0 [ 58.618316][ T5820] ? bch2_journal_keys_peek_max+0x164f/0x1660 [ 58.624374][ T5820] ? do_error_trap+0x1dc/0x2c0 [ 58.629124][ T5820] ? bch2_journal_keys_peek_max+0x164f/0x1660 [ 58.635187][ T5820] ? __pfx_do_error_trap+0x10/0x10 [ 58.640280][ T5820] ? report_bug+0x3e8/0x500 [ 58.644785][ T5820] ? handle_invalid_op+0x34/0x40 [ 58.649707][ T5820] ? bch2_journal_keys_peek_max+0x164f/0x1660 [ 58.655760][ T5820] ? exc_invalid_op+0x38/0x50 [ 58.660424][ T5820] ? asm_exc_invalid_op+0x1a/0x20 [ 58.665437][ T5820] ? bch2_journal_keys_peek_max+0x145/0x1660 [ 58.671404][ T5820] ? bch2_journal_keys_peek_max+0x164e/0x1660 [ 58.677460][ T5820] ? bch2_journal_keys_peek_max+0x164f/0x1660 [ 58.683538][ T5820] ? __pfx_bch2_btree_path_verify_level+0x10/0x10 [ 58.689950][ T5820] ? __bch2_bkey_cmp_left_packed+0x301/0x790 [ 58.695920][ T5820] ? __pfx_bch2_journal_keys_peek_max+0x10/0x10 [ 58.702159][ T5820] ? __asan_memset+0x23/0x50 [ 58.706739][ T5820] ? bch2_btree_path_verify_level+0x36e/0x19a0 [ 58.712896][ T5820] btree_trans_peek_journal+0x342/0x5a0 [ 58.718437][ T5820] ? __pfx_btree_trans_peek_journal+0x10/0x10 [ 58.724494][ T5820] ? bch2_btree_path_verify_locks+0x854/0xb30 [ 58.730548][ T5820] ? bch2_btree_iter_peek_max+0xf06/0x6320 [ 58.736346][ T5820] bch2_btree_iter_peek_max+0x1502/0x6320 [ 58.742067][ T5820] ? __pfx_bch2_btree_iter_peek_max+0x10/0x10 [ 58.748124][ T5820] ? bch2_btree_node_relock+0x22a/0x440 [ 58.753662][ T5820] ? bch2_btree_iter_peek_prev_min+0x1f3/0x6390 [ 58.759896][ T5820] ? __pfx_bch2_btree_path_traverse_one+0x10/0x10 [ 58.766300][ T5820] ? __bch2_btree_path_set_pos+0xe90/0x17e0 [ 58.772197][ T5820] ? __pfx___bch2_btree_path_set_pos+0x10/0x10 [ 58.778339][ T5820] ? bch2_trans_copy_iter+0x56/0x5e0 [ 58.783611][ T5820] ? bch2_trans_copy_iter+0x3df/0x5e0 [ 58.788971][ T5820] bch2_btree_iter_peek_slot+0xe0a/0x27c0 [ 58.794687][ T5820] ? __bch2_resume_logged_op_finsert+0x5ca/0x3650 [ 58.801092][ T5820] ? __pfx_bch2_btree_iter_peek_slot+0x10/0x10 [ 58.807240][ T5820] ? __asan_memset+0x23/0x50 [ 58.811823][ T5820] ? bch2_btree_iter_peek_slot+0xdbe/0x27c0 [ 58.817703][ T5820] ? __pfx_btree_trans_peek_slot_journal+0x10/0x10 [ 58.824192][ T5820] ? __pfx_bch2_btree_path_peek_slot+0x10/0x10 [ 58.830330][ T5820] ? bch2_btree_path_verify_locks+0x854/0xb30 [ 58.836383][ T5820] bch2_btree_iter_peek_prev_min+0x1f3/0x6390 [ 58.842442][ T5820] ? __bch2_subvolume_get_snapshot+0x1e1/0x930 [ 58.848591][ T5820] ? __pfx_bch2_btree_iter_peek_slot+0x10/0x10 [ 58.854732][ T5820] ? bch2_path_get+0xf03/0x15d0 [ 58.859569][ T5820] ? __pfx_bch2_btree_iter_peek_prev_min+0x10/0x10 [ 58.866059][ T5820] ? bch2_path_put+0xe1d/0x2290 [ 58.870899][ T5820] ? __asan_memset+0x23/0x50 [ 58.875489][ T5820] ? bch2_trans_iter_exit+0x16f/0x230 [ 58.880859][ T5820] ? __bch2_subvolume_get_snapshot+0x652/0x930 [ 58.887004][ T5820] ? __bch2_subvolume_get_snapshot+0x1e1/0x930 [ 58.893154][ T5820] ? __pfx___bch2_subvolume_get_snapshot+0x10/0x10 [ 58.899660][ T5820] ? __bch2_subvolume_get_snapshot+0x1e1/0x930 [ 58.905799][ T5820] ? bch2_bkey_set_needs_rebalance+0x84/0x870 [ 58.911859][ T5820] ? __bch2_resume_logged_op_finsert+0x17df/0x3650 [ 58.918352][ T5820] __bch2_resume_logged_op_finsert+0xd5c/0x3650 [ 58.924595][ T5820] ? __pfx___bch2_resume_logged_op_finsert+0x10/0x10 [ 58.931256][ T5820] ? __pfx___bch2_trans_commit+0x10/0x10 [ 58.936883][ T5820] ? __bch2_resume_logged_op_finsert+0x5ca/0x3650 [ 58.943287][ T5820] ? __pfx_bch2_logged_op_start+0x10/0x10 [ 58.948996][ T5820] ? lockdep_init_map_type+0xa1/0x910 [ 58.954363][ T5820] bch2_fcollapse_finsert+0x257/0x380 [ 58.959723][ T5820] ? __pfx_bch2_fcollapse_finsert+0x10/0x10 [ 58.965601][ T5820] ? inode_set_ctime_current+0x2e7/0xe60 [ 58.971263][ T5820] ? __pfx_inode_set_ctime_current+0x10/0x10 [ 58.977244][ T5820] ? bch2_write_invalidate_inode_pages_range+0x100/0x120 [ 58.984255][ T5820] bchfs_fcollapse_finsert+0x3a8/0x630 [ 58.989708][ T5820] ? __pfx_bchfs_fcollapse_finsert+0x10/0x10 [ 58.995690][ T5820] ? mnt_put_write_access_file+0xbf/0x100 [ 59.001402][ T5820] bch2_fallocate_dispatch+0x3c9/0x540 [ 59.006886][ T5820] ? __pfx_bch2_fallocate_dispatch+0x10/0x10 [ 59.012888][ T5820] ? __pfx_bch2_fallocate_dispatch+0x10/0x10 [ 59.018865][ T5820] vfs_fallocate+0x623/0x7a0 [ 59.023443][ T5820] ? __pfx_vfs_fallocate+0x10/0x10 [ 59.028542][ T5820] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.034862][ T5820] __x64_sys_fallocate+0xbc/0x110 [ 59.039872][ T5820] do_syscall_64+0xf3/0x230 [ 59.044366][ T5820] ? clear_bhb_loop+0x35/0x90 [ 59.049031][ T5820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.054912][ T5820] RIP: 0033:0x7ff945c437d9 [ 59.059322][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.078912][ T5820] RSP: 002b:00007fff0aa22888 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 59.087323][ T5820] RAX: ffffffffffffffda RBX: 00007fff0aa22890 RCX: 00007ff945c437d9 [ 59.095282][ T5820] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000000000004 [ 59.103246][ T5820] RBP: 0000400000000000 R08: 6c616b7a79732f2e R09: 6c616b7a79732f2e [ 59.111206][ T5820] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.119161][ T5820] R13: 00007fff0aa22a78 R14: 0000000000000001 R15: 0000000000000001 [ 59.127118][ T5820] [ 59.130122][ T5820] Modules linked in: [ 59.134158][ T5820] ---[ end trace 0000000000000000 ]--- [ 59.139747][ T5820] RIP: 0010:bch2_journal_keys_peek_max+0x164f/0x1660 [ 59.146589][ T5820] Code: 10 48 8d 5c 08 18 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 ff b1 e1 fd 4c 8b 33 e9 d7 fe ff ff e8 12 a0 7d fd 90 <0f> 0b e8 2a 49 ac 07 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 59.166230][ T5820] RSP: 0018:ffffc90003fae620 EFLAGS: 00010293 [ 59.172278][ T5820] RAX: ffffffff8441af2e RBX: 000000000000003b RCX: ffff88807f1c1e00 [ 59.180258][ T5820] RDX: 0000000000000000 RSI: 000000000000003b RDI: ffffffffffffffff [ 59.188241][ T5820] RBP: ffffc90003fae7e0 R08: ffffffff84419a25 R09: 0000000000000000 [ 59.196228][ T5820] R10: 00000001ffffffff R11: 2000000000000000 R12: dffffc0000000000 [ 59.204217][ T5820] R13: ffff888074e00000 R14: ffffffffffffffff R15: ffffc90003faf018 [ 59.212166][ T5820] FS: 000055558406b380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 59.221128][ T5820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.227730][ T5820] CR2: 00005572817bb0e8 CR3: 0000000076148000 CR4: 00000000003526f0 [ 59.235713][ T5820] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.243775][ T5820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.251771][ T5820] Kernel panic - not syncing: Fatal exception [ 59.258051][ T5820] Kernel Offset: disabled [ 59.262362][ T5820] Rebooting in 86400 seconds..