./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2681172383 <...> Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. execve("./syz-executor2681172383", ["./syz-executor2681172383"], 0x7fffb9668900 /* 10 vars */) = 0 brk(NULL) = 0x555585f8b000 brk(0x555585f8bd00) = 0x555585f8bd00 arch_prctl(ARCH_SET_FS, 0x555585f8b380) = 0 set_tid_address(0x555585f8b650) = 5836 set_robust_list(0x555585f8b660, 24) = 0 rseq(0x555585f8bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2681172383", 4096) = 28 getrandom("\x30\x0b\xd4\x26\x55\x29\xa0\x12", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555585f8bd00 brk(0x555585facd00) = 0x555585facd00 brk(0x555585fad000) = 0x555585fad000 mprotect(0x7fa710658000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa708000000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7fa708000000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 66.194293][ T5836] loop0: detected capacity change from 0 to 32768 [ 66.278393][ T5836] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=none,compression=zstd,str_hash=crc64,wide_macs,norecovery,nojournal_transaction_names,reconstruct_alloc [ 66.300042][ T5836] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 66.308300][ T5836] bcachefs (loop0): Version upgrade required: [ 66.308300][ T5836] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 66.308300][ T5836] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 66.308300][ T5836] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 66.382118][ T5836] bcachefs (loop0): dropping and reconstructing all alloc info [ 66.395226][ T5836] bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0 [ 66.395243][ T5836] u64s 11 type btree_ptr_v2 18446744073707239423:U64_MAX:U32_MAX len 0 ver 0: seq c6c25c03258c59c5 written 260 min_key R POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 66.395251][ T5836] node offset 16/260: btree node data missing: expected 260 sectors, found 16, fixing [ 66.431620][ T5836] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=extents level=0 18446744073707239423:U64_MAX:U32_MAX due to error [ 66.447232][ T5836] invalid bkey u64s 18 type inode_v3 0:536870914:U32_MAX len 0 ver 0: [ 66.447243][ T5836] mode=100000 [ 66.447249][ T5836] flags=(80000) [ 66.447254][ T5836] journal_seq=4 [ 66.447259][ T5836] hash_seed=d483206f1ed95abf [ 66.447264][ T5836] hash_type=crc32c [ 66.447270][ T5836] bi_size=100 [ 66.447275][ T5836] bi_sectors=8 [ 66.447280][ T5836] bi_version=1126999418470400 [ 66.447285][ T5836] bi_atime=0 [ 66.447290][ T5836] bi_ctime=0 [ 66.447295][ T5836] bi_mtime=0 [ 66.447300][ T5836] bi_otime=0 [ 66.447305][ T5836] bi_uid=0 [ 66.447310][ T5836] bi_gid=0 [ 66.447315][ T5836] bi_nlink=0 [ 66.447320][ T5836] bi_generation=0 [ 66.447325][ T5836] bi_dev=0 [ 66.447330][ T5836] bi_data_checksum=0 [ 66.447335][ T5836] bi_compression=0 [ 66.447340][ T5836] bi_project=0 [ 66.447345][ T5836] bi_background_compression=0 [ 66.447350][ T5836] bi_data_replicas=0 [ 66.447355][ T5836] bi_promote_target=0 [ 66.447360][ T5836] bi_foreground_target=0 [ 66.447365][ T5836] bi_background_target=0 [ 66.447371][ T5836] bi_erasure_code=0 [ 66.447376][ T5836] bi_fields_set=0 [ 66.447381][ T5836] bi_dir=0 [ 66.447386][ T5836] bi_dir_offset=0 [ 66.447391][ T5836] bi_subvol=0 [ 66.447396][ T5836] bi_parent_subvol=0 [ 66.447401][ T5836] bi_nocow=0 [ 66.447406][ T5836] invalid fields_start (got 0, min 6 max 13): deleting [ 66.588578][ T5836] bcachefs (loop0): accounting_read... done [ 66.595526][ T5836] bcachefs (loop0): alloc_read... done [ 66.601147][ T5836] bcachefs (loop0): stripes_read... done [ 66.606847][ T5836] bcachefs (loop0): snapshots_read... done [ 66.612963][ T5836] bcachefs (loop0): check_allocations... [ 66.614413][ T5836] btree root with incorrect max_key: 18446744073707239423:U64_MAX:U32_MAX, continuing [ 66.629848][ T5836] list_del corruption, ffffc90003f06588->next is NULL [ 66.636871][ T5836] ------------[ cut here ]------------ [ 66.642372][ T5836] kernel BUG at lib/list_debug.c:53! [ 66.647733][ T5836] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 66.654659][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: syz-executor268 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 66.665400][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.675442][ T5836] RIP: 0010:__list_del_entry_valid_or_report+0xd0/0x140 [ 66.682366][ T5836] Code: 56 fe 49 fd 48 8b 13 4c 39 fa 75 6b b0 01 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 48 c7 c7 00 ad 5f 8c 4c 89 fe e8 51 50 08 07 90 <0f> 0b 48 c7 c7 60 ad 5f 8c 4c 89 fe e8 3f 50 08 07 90 0f 0b 48 c7 [ 66.701954][ T5836] RSP: 0018:ffffc90003f06400 EFLAGS: 00010246 [ 66.708001][ T5836] RAX: 0000000000000033 RBX: 0000000000000000 RCX: bdc83a46e3ff8100 [ 66.715953][ T5836] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 66.723910][ T5836] RBP: ffffc90003f06790 R08: ffffffff8175714c R09: 1ffff920007e0c1c [ 66.731872][ T5836] R10: dffffc0000000000 R11: fffff520007e0c1d R12: dffffc0000000000 [ 66.739853][ T5836] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc90003f06588 [ 66.747810][ T5836] FS: 0000555585f8b380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 66.756726][ T5836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.763295][ T5836] CR2: 000055a3fcc540f0 CR3: 00000000746f0000 CR4: 00000000003526f0 [ 66.771259][ T5836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.779220][ T5836] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.787176][ T5836] Call Trace: [ 66.790449][ T5836] [ 66.793370][ T5836] ? __die_body+0x5f/0xb0 [ 66.797690][ T5836] ? die+0x9e/0xc0 [ 66.801397][ T5836] ? do_trap+0x15a/0x3a0 [ 66.805634][ T5836] ? __list_del_entry_valid_or_report+0xd0/0x140 [ 66.811949][ T5836] ? do_error_trap+0x1dc/0x2c0 [ 66.816707][ T5836] ? __list_del_entry_valid_or_report+0xd0/0x140 [ 66.823023][ T5836] ? __pfx_do_error_trap+0x10/0x10 [ 66.828133][ T5836] ? handle_invalid_op+0x34/0x40 [ 66.833068][ T5836] ? __list_del_entry_valid_or_report+0xd0/0x140 [ 66.839383][ T5836] ? exc_invalid_op+0x38/0x50 [ 66.844055][ T5836] ? asm_exc_invalid_op+0x1a/0x20 [ 66.849070][ T5836] ? __wake_up_klogd+0xcc/0x110 [ 66.853912][ T5836] ? __list_del_entry_valid_or_report+0xd0/0x140 [ 66.860256][ T5836] bch2_btree_and_journal_iter_exit+0x2c/0x100 [ 66.866428][ T5836] bch2_btree_node_check_topology+0x13dd/0x2b00 [ 66.872671][ T5836] ? __pfx_bch2_btree_node_check_topology+0x10/0x10 [ 66.879257][ T5836] ? __pfx_lock_acquire+0x10/0x10 [ 66.884272][ T5836] ? __gc_pos_set+0x1a4/0x2c0 [ 66.888949][ T5836] ? gc_pos_set+0x5c0/0x810 [ 66.893443][ T5836] ? __gc_pos_set+0x1e6/0x2c0 [ 66.898109][ T5836] bch2_gc_mark_key+0x1dc/0x10e0 [ 66.903040][ T5836] ? bch2_trans_begin+0x16c1/0x1c00 [ 66.908229][ T5836] ? __pfx_bch2_gc_mark_key+0x10/0x10 [ 66.913591][ T5836] ? gc_pos_set+0x5c0/0x810 [ 66.918084][ T5836] ? bch2_check_allocations+0x1a53/0x7070 [ 66.923796][ T5836] ? __pfx_gc_pos_set+0x10/0x10 [ 66.928636][ T5836] ? __bch2_path_free+0x6ef/0x820 [ 66.933657][ T5836] ? bch2_check_allocations+0x1bbb/0x7070 [ 66.939377][ T5836] bch2_check_allocations+0x1c3e/0x7070 [ 66.944945][ T5836] ? __pfx_prb_first_seq+0x10/0x10 [ 66.950050][ T5836] ? this_cpu_in_panic+0x4f/0x80 [ 66.954983][ T5836] ? bch2_check_allocations+0x798/0x7070 [ 66.960610][ T5836] ? __pfx__prb_read_valid+0x10/0x10 [ 66.965883][ T5836] ? __pfx_validate_chain+0x10/0x10 [ 66.971086][ T5836] ? mark_lock+0x9a/0x360 [ 66.975407][ T5836] ? __pfx_validate_chain+0x10/0x10 [ 66.980600][ T5836] ? __pfx_bch2_check_allocations+0x10/0x10 [ 66.986481][ T5836] ? __pfx_prb_read_valid+0x10/0x10 [ 66.991669][ T5836] ? data_alloc+0x523/0x840 [ 66.996189][ T5836] ? desc_read+0x200/0x3f0 [ 67.000594][ T5836] ? desc_read+0x1a2/0x3f0 [ 67.004999][ T5836] ? prb_first_seq+0x131/0x210 [ 67.009755][ T5836] ? __pfx_prb_first_seq+0x10/0x10 [ 67.014860][ T5836] ? this_cpu_in_panic+0x4f/0x80 [ 67.019787][ T5836] ? _prb_read_valid+0xa39/0xac0 [ 67.024721][ T5836] ? bch2_check_allocations+0x1a47/0x7070 [ 67.030433][ T5836] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 67.036403][ T5836] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 67.042720][ T5836] ? __console_unlock+0x12d/0x1f0 [ 67.047738][ T5836] ? bch2_check_allocations+0x2119/0x7070 [ 67.053447][ T5836] ? this_cpu_in_panic+0x4f/0x80 [ 67.058397][ T5836] ? __wake_up_klogd+0xd5/0x110 [ 67.063283][ T5836] ? bch2_run_recovery_passes+0x42b/0x880 [ 67.068996][ T5836] ? trace_contention_end+0x3c/0x120 [ 67.074277][ T5836] ? bch2_check_allocations+0x798/0x7070 [ 67.079900][ T5836] ? __bch2_print+0x17a/0x220 [ 67.084565][ T5836] ? __mutex_unlock_slowpath+0x21e/0x790 [ 67.090185][ T5836] ? __pfx___bch2_print+0x10/0x10 [ 67.095204][ T5836] bch2_run_recovery_pass+0xf0/0x1e0 [ 67.100487][ T5836] bch2_run_recovery_passes+0x3a7/0x880 [ 67.106027][ T5836] bch2_fs_recovery+0x25cc/0x39d0 [ 67.111049][ T5836] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 67.116423][ T5836] ? __pfx_lock_release+0x10/0x10 [ 67.121438][ T5836] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 67.127059][ T5836] ? __pfx_lock_release+0x10/0x10 [ 67.132076][ T5836] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 67.137701][ T5836] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 67.143412][ T5836] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 67.149038][ T5836] ? llist_reverse_order+0x72/0x90 [ 67.154140][ T5836] bch2_fs_start+0x356/0x5b0 [ 67.158729][ T5836] bch2_fs_get_tree+0xd68/0x1710 [ 67.163676][ T5836] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 67.169054][ T5836] ? generic_parse_monolithic+0x387/0x400 [ 67.174767][ T5836] ? cap_capable+0x1b4/0x250 [ 67.179346][ T5836] ? safesetid_security_capable+0xb2/0x1d0 [ 67.185143][ T5836] vfs_get_tree+0x90/0x2b0 [ 67.189558][ T5836] do_new_mount+0x2be/0xb40 [ 67.194049][ T5836] ? __pfx_do_new_mount+0x10/0x10 [ 67.199063][ T5836] __se_sys_mount+0x2d6/0x3c0 [ 67.203730][ T5836] ? __pfx___se_sys_mount+0x10/0x10 [ 67.208915][ T5836] ? do_syscall_64+0x100/0x230 [ 67.213667][ T5836] ? __x64_sys_mount+0x20/0xc0 [ 67.218420][ T5836] do_syscall_64+0xf3/0x230 [ 67.222911][ T5836] ? clear_bhb_loop+0x35/0x90 [ 67.227595][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.233503][ T5836] RIP: 0033:0x7fa7105e0a7a [ 67.237929][ T5836] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.257532][ T5836] RSP: 002b:00007ffe1b2a6168 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 67.265937][ T5836] RAX: ffffffffffffffda RBX: 00007ffe1b2a6180 RCX: 00007fa7105e0a7a [ 67.273896][ T5836] RDX: 0000000020000040 RSI: 0000000020000000 RDI: 00007ffe1b2a6180 [ 67.281855][ T5836] RBP: 0000000000000004 R08: 00007ffe1b2a61c0 R09: 0000000000005993 [ 67.289818][ T5836] R10: 0000000000800000 R11: 0000000000000282 R12: 0000000000800000 [ 67.297776][ T5836] R13: 00007ffe1b2a61c0 R14: 0000000000000003 R15: 0000000001000000 [ 67.305757][ T5836] [ 67.308770][ T5836] Modules linked in: [ 67.312847][ T5836] ---[ end trace 0000000000000000 ]--- [ 67.318379][ T5836] RIP: 0010:__list_del_entry_valid_or_report+0xd0/0x140 [ 67.325346][ T5836] Code: 56 fe 49 fd 48 8b 13 4c 39 fa 75 6b b0 01 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 48 c7 c7 00 ad 5f 8c 4c 89 fe e8 51 50 08 07 90 <0f> 0b 48 c7 c7 60 ad 5f 8c 4c 89 fe e8 3f 50 08 07 90 0f 0b 48 c7 [ 67.345078][ T5836] RSP: 0018:ffffc90003f06400 EFLAGS: 00010246 [ 67.351205][ T5836] RAX: 0000000000000033 RBX: 0000000000000000 RCX: bdc83a46e3ff8100 [ 67.359259][ T5836] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 67.367237][ T5836] RBP: ffffc90003f06790 R08: ffffffff8175714c R09: 1ffff920007e0c1c [ 67.375253][ T5836] R10: dffffc0000000000 R11: fffff520007e0c1d R12: dffffc0000000000 [ 67.383272][ T5836] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc90003f06588 [ 67.391258][ T5836] FS: 0000555585f8b380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 67.400217][ T5836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.406783][ T5836] CR2: 000055a3fcc540f0 CR3: 00000000746f0000 CR4: 00000000003526f0 [ 67.414785][ T5836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.422806][ T5836] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.430805][ T5836] Kernel panic - not syncing: Fatal exception [ 67.437132][ T5836] Kernel Offset: disabled [ 67.441451][ T5836] Rebooting in 86400 seconds..