./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor18024753 <...> Warning: Permanently added '10.128.0.176' (ED25519) to the list of known hosts. execve("./syz-executor18024753", ["./syz-executor18024753"], 0x7ffec8cb5910 /* 10 vars */) = 0 brk(NULL) = 0x555579c50000 brk(0x555579c50d00) = 0x555579c50d00 arch_prctl(ARCH_SET_FS, 0x555579c50380) = 0 set_tid_address(0x555579c50650) = 5094 set_robust_list(0x555579c50660, 24) = 0 rseq(0x555579c50ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor18024753", 4096) = 26 getrandom("\x41\xfe\x9b\x0a\xac\x67\x1e\x4b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555579c50d00 brk(0x555579c71d00) = 0x555579c71d00 brk(0x555579c72000) = 0x555579c72000 mprotect(0x7ff67fd69000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff677800000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7ff677800000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 [ 75.862885][ T5094] loop0: detected capacity change from 0 to 32768 [ 75.958028][ T5094] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,background_compression=zstd,str_hash=crc32c,nojournal_transaction_names [ 75.975915][ T5094] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 75.996632][ T5094] bcachefs (loop0): alloc_read... done [ 76.002827][ T5094] bcachefs (loop0): stripes_read... done [ 76.008669][ T5094] bcachefs (loop0): snapshots_read... done [ 76.018026][ T5094] bcachefs (loop0): journal_replay... done [ 76.023885][ T5094] bcachefs (loop0): resume_logged_ops... done [ 76.031745][ T5094] bcachefs (loop0): going read-write [ 76.039381][ T5094] bcachefs (loop0): done starting filesystem [ 76.049738][ T5094] ------------[ cut here ]------------ [ 76.055393][ T5094] kernel BUG at fs/bcachefs/btree_iter.c:273! [ 76.061737][ T5094] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 76.068674][ T5094] CPU: 0 PID: 5094 Comm: syz-executor180 Not tainted 6.9.0-next-20240515-syzkaller #0 [ 76.078216][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 76.088542][ T5094] RIP: 0010:bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.095686][ T5094] Code: c1 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c c6 fd ff ff be 08 00 00 00 4c 89 e7 e8 60 fe e8 fd e9 b4 fd ff ff e8 66 43 83 fd 90 <0f> 0b e8 5e 43 83 fd 90 0f 0b e8 56 43 83 fd 90 0f 0b e8 4e 43 83 [ 76.115294][ T5094] RSP: 0018:ffffc9000356f1b8 EFLAGS: 00010293 [ 76.121385][ T5094] RAX: ffffffff8413091a RBX: 0000000000000820 RCX: ffff88807cda0000 [ 76.129354][ T5094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.137322][ T5094] RBP: 0000000000000000 R08: ffffffff84130480 R09: 0000000000000000 [ 76.145300][ T5094] R10: ffffc9000356f000 R11: fffff520006ade05 R12: ffffc9000356f680 [ 76.153271][ T5094] R13: ffffc9000356f680 R14: 1ffff1100ed4c808 R15: dffffc0000000000 [ 76.161247][ T5094] FS: 0000555579c50380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 76.170178][ T5094] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.176767][ T5094] CR2: 00007ffdceb1cd94 CR3: 000000002d1d2000 CR4: 00000000003506f0 [ 76.184740][ T5094] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.192705][ T5094] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.200692][ T5094] Call Trace: [ 76.203968][ T5094] [ 76.206908][ T5094] ? __die_body+0x88/0xe0 [ 76.211252][ T5094] ? die+0xcf/0x110 [ 76.215069][ T5094] ? do_trap+0x15a/0x3a0 [ 76.219318][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.225829][ T5094] ? do_error_trap+0x1dc/0x2c0 [ 76.230603][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.237113][ T5094] ? __pfx_do_error_trap+0x10/0x10 [ 76.242235][ T5094] ? handle_invalid_op+0x34/0x40 [ 76.247172][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.253688][ T5094] ? exc_invalid_op+0x38/0x50 [ 76.258383][ T5094] ? asm_exc_invalid_op+0x1a/0x20 [ 76.263410][ T5094] ? bch2_btree_iter_verify_entry_exit+0x80/0x550 [ 76.269833][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51a/0x550 [ 76.276355][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.282873][ T5094] ? bch2_btree_iter_verify_entry_exit+0x51a/0x550 [ 76.289388][ T5094] bch2_btree_iter_peek_slot+0x169/0x26d0 [ 76.295217][ T5094] ? __pfx_bch2_path_get+0x10/0x10 [ 76.300336][ T5094] ? __pfx_bch2_btree_iter_peek_slot+0x10/0x10 [ 76.306505][ T5094] ? __asan_memset+0x23/0x50 [ 76.311101][ T5094] ? bch2_trans_iter_exit+0x295/0x3e0 [ 76.316483][ T5094] ? bch2_trans_iter_init_outlined+0x253/0x4b0 [ 76.322649][ T5094] ? bch2_trans_iter_init_outlined+0x2eb/0x4b0 [ 76.328836][ T5094] ? bch2_inode_peek_nowarn+0x1f5/0x4d0 [ 76.334410][ T5094] ? __pfx_bch2_trans_iter_init_outlined+0x10/0x10 [ 76.340929][ T5094] ? __bch2_bkey_get_iter+0x101/0x2a0 [ 76.346312][ T5094] ? bch2_trans_iter_init_outlined+0x253/0x4b0 [ 76.352479][ T5094] ? bch2_subvolume_get+0x1ab/0x5a0 [ 76.357779][ T5094] ? bch2_path_put+0xe34/0x21d0 [ 76.362642][ T5094] bch2_inode_peek_nowarn+0x201/0x4d0 [ 76.368032][ T5094] ? __pfx_bch2_inode_peek_nowarn+0x10/0x10 [ 76.373951][ T5094] ? bch2_trans_iter_exit+0x295/0x3e0 [ 76.379338][ T5094] ? bch2_subvolume_get+0x30f/0x5a0 [ 76.384569][ T5094] bch2_inode_find_by_inum_trans+0xc4/0x1d0 [ 76.390475][ T5094] ? __pfx_bch2_inode_find_by_inum_trans+0x10/0x10 [ 76.396981][ T5094] ? bch2_inode_peek_nowarn+0x1f5/0x4d0 [ 76.402541][ T5094] ? __bch2_trans_get+0x9d2/0xe00 [ 76.407588][ T5094] ? __bch2_trans_get+0x9b7/0xe00 [ 76.412630][ T5094] bch2_vfs_inode_get+0x2a2/0x680 [ 76.417665][ T5094] ? __pfx_bch2_vfs_inode_get+0x10/0x10 [ 76.423226][ T5094] ? lockdep_hardirqs_on+0x99/0x150 [ 76.428443][ T5094] ? percpu_ref_put+0x18b/0x250 [ 76.433304][ T5094] bch2_mount+0xf32/0x1320 [ 76.437741][ T5094] ? __pfx_bch2_mount+0x10/0x10 [ 76.442637][ T5094] ? aa_get_newest_label+0xff/0x6f0 [ 76.447843][ T5094] ? vfs_parse_fs_string+0x190/0x230 [ 76.453152][ T5094] ? kfree+0x4e/0x360 [ 76.457148][ T5094] ? vfs_parse_fs_string+0x190/0x230 [ 76.462441][ T5094] legacy_get_tree+0xee/0x190 [ 76.467126][ T5094] ? __pfx_bch2_mount+0x10/0x10 [ 76.471996][ T5094] vfs_get_tree+0x90/0x2a0 [ 76.476423][ T5094] do_new_mount+0x2be/0xb40 [ 76.480933][ T5094] ? ns_capable+0x8a/0xf0 [ 76.485266][ T5094] ? __pfx_do_new_mount+0x10/0x10 [ 76.490299][ T5094] __se_sys_mount+0x2d9/0x3c0 [ 76.494988][ T5094] ? __pfx___se_sys_mount+0x10/0x10 [ 76.500197][ T5094] ? do_syscall_64+0x102/0x240 [ 76.504963][ T5094] ? __x64_sys_mount+0x20/0xc0 [ 76.509737][ T5094] do_syscall_64+0xf5/0x240 [ 76.514245][ T5094] ? clear_bhb_loop+0x35/0x90 [ 76.518927][ T5094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.524827][ T5094] RIP: 0033:0x7ff67fcf1bfa [ 76.529243][ T5094] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.548851][ T5094] RSP: 002b:00007fff14da13c8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 76.557271][ T5094] RAX: ffffffffffffffda RBX: 00007fff14da13e0 RCX: 00007ff67fcf1bfa [ 76.565245][ T5094] RDX: 0000000020005b00 RSI: 0000000020000000 RDI: 00007fff14da13e0 [ 76.573226][ T5094] RBP: 0000000000000004 R08: 00007fff14da1420 R09: 0000000000005b22 [ 76.581286][ T5094] R10: 0000000000000098 R11: 0000000000000282 R12: 0000000000000098 [ 76.589261][ T5094] R13: 00007fff14da1420 R14: 0000000000000003 R15: 0000000001000000 [ 76.597242][ T5094] [ 76.600270][ T5094] Modules linked in: [ 76.604375][ T5094] ---[ end trace 0000000000000000 ]--- [ 76.610120][ T5094] RIP: 0010:bch2_btree_iter_verify_entry_exit+0x51b/0x550 [ 76.617300][ T5094] Code: c1 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c c6 fd ff ff be 08 00 00 00 4c 89 e7 e8 60 fe e8 fd e9 b4 fd ff ff e8 66 43 83 fd 90 <0f> 0b e8 5e 43 83 fd 90 0f 0b e8 56 43 83 fd 90 0f 0b e8 4e 43 83 [ 76.636960][ T5094] RSP: 0018:ffffc9000356f1b8 EFLAGS: 00010293 [ 76.643079][ T5094] RAX: ffffffff8413091a RBX: 0000000000000820 RCX: ffff88807cda0000 [ 76.651089][ T5094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.659208][ T5094] RBP: 0000000000000000 R08: ffffffff84130480 R09: 0000000000000000 [ 76.667203][ T5094] R10: ffffc9000356f000 R11: fffff520006ade05 R12: ffffc9000356f680 [ 76.675223][ T5094] R13: ffffc9000356f680 R14: 1ffff1100ed4c808 R15: dffffc0000000000 [ 76.683249][ T5094] FS: 0000555579c50380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 76.692226][ T5094] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.698836][ T5094] CR2: 00007ffdceb1bff0 CR3: 000000002d1d2000 CR4: 00000000003506f0 [ 76.706806][ T5094] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.714851][ T5094] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.722877][ T5094] Kernel panic - not syncing: Fatal exception [ 76.729250][ T5094] Kernel Offset: disabled [ 76.733573][ T5094] Rebooting in 86400 seconds..