./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1894229711 <...> Warning: Permanently added '10.128.0.75' (ED25519) to the list of known hosts. execve("./syz-executor1894229711", ["./syz-executor1894229711"], 0x7ffe12e2f1d0 /* 10 vars */) = 0 brk(NULL) = 0x55557443e000 brk(0x55557443ed00) = 0x55557443ed00 arch_prctl(ARCH_SET_FS, 0x55557443e380) = 0 set_tid_address(0x55557443e650) = 5216 set_robust_list(0x55557443e660, 24) = 0 rseq(0x55557443eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1894229711", 4096) = 28 getrandom("\xff\xb5\x45\x75\x2a\xdc\xce\xc6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557443ed00 brk(0x55557445fd00) = 0x55557445fd00 brk(0x555574460000) = 0x555574460000 mprotect(0x7f0c68c7f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x55557443e660, 24 [pid 5216] <... clone resumed>, child_tidptr=0x55557443e650) = 5217 [pid 5217] <... set_robust_list resumed>) = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] write(1, "executing program\n", 18executing program ) = 18 [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0c60600000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5217] munmap(0x7f0c60600000, 138412032) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] close(4) = 0 [pid 5217] mkdir("./file0", 0777) = 0 [ 70.659289][ T5217] loop0: detected capacity change from 0 to 32768 [ 70.751957][ T5217] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,nojournal_transaction_names [ 70.765288][ T5217] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 70.773460][ T5217] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.12: rebalance_work_acct_fix [ 70.773460][ T5217] running recovery passes: check_allocations [ 70.799910][ T5217] bcachefs (loop0): flagging btree xattrs lost data [ 70.809616][ T5217] error reading btree root xattrs l=0: btree_node_read_error, fixing [ 70.818489][ T5217] bcachefs (loop0): will run btree node scan [ 70.827110][ T5217] invalid bkey u64s 11 type alloc_v4 0:14:0 len 0 ver 0: [ 70.827138][ T5217] gen 0 oldest_gen 0 data_type journal [ 70.827151][ T5217] journal_seq 1 [ 70.827162][ T5217] need_discard 1 [ 70.827174][ T5217] need_inc_gen 1 [ 70.827186][ T5217] dirty_sectors 256 [ 70.827198][ T5217] stripe_sectors 0 [ 70.827210][ T5217] cached_sectors 0 [ 70.827221][ T5217] stripe 67108864 [ 70.827233][ T5217] stripe_redundancy 0 [ 70.827245][ T5217] io_time[READ] 1 [ 70.827257][ T5217] io_time[WRITE] 1 [ 70.827269][ T5217] fragmentation 0 [ 70.827281][ T5217] bp_start 8 [ 70.827293][ T5217] [ 70.827304][ T5217] invalid data type (got 2 should be 7): delete?, fixing [ 70.907997][ T5217] bcachefs (loop0): flagging btree deleted_inodes lost data [ 70.916461][ T5217] error reading btree root deleted_inodes l=0: btree_node_read_error, fixing [ 70.925999][ T5217] bcachefs (loop0): scan_for_btree_nodes... [ 70.931322][ T5217] bch2_scan_for_btree_nodes: nodes found after overwrites: [ 70.931342][ T5217] extents l=0 seq=1 journal_seq=4 cookie=b77ad9ee5a61c7f0 POS_MIN-SPOS_MAX ptr: 0:27:0 gen 0 [ 70.931353][ T5217] xattrs l=0 seq=1 journal_seq=4 cookie=1477538288e6fe55 POS_MIN-POS_MAX ptr: 0:31:0 gen 0 [ 70.931363][ T5217] lru l=0 seq=1 journal_seq=4 cookie=d19419031ca39bdb POS_MIN-SPOS_MAX ptr: 0:28:0 gen 0 [ 70.931373][ T5217] deleted_inodes l=0 seq=1 journal_seq=0 cookie=a34c10fbe2d33ffa 0:1:0-SPOS_MAX ptr: 0:42:0 gen 0 [ 70.931384][ T5217] [ 70.988493][ T5217] done [ 70.991286][ T5217] bcachefs (loop0): check_topology... [ 70.991362][ T5217] bcachefs (loop0): btree root xattrs unreadable, must recover from scan [ 71.005637][ T5217] bcachefs (loop0): bch2_get_scanned_nodes(): recovering xattrs l=0 POS_MIN - SPOS_MAX [ 71.015727][ T5217] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 71.035778][ T41] bcachefs (loop0): error validating btree node on loop0 at btree xattrs level 0/0 [ 71.035799][ T41] u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 71.035811][ T41] node offset 0/16 bset u64s 0: checksum error, type crc32c_nonzero: got dc7ab108 should be c5f649bb, fixing [ 71.072030][ T41] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=xattrs level=0 POS_MAX due to error [ 71.084485][ T5217] btree node with incorrect max_keyat btree xattrs level 1: [ 71.084506][ T5217] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 71.084515][ T5217] child: u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 71.114235][ T5217] bcachefs (loop0): bch2_get_scanned_nodes(): recovering xattrs l=0 U64_MAX:U64_MAX:1 - SPOS_MAX [ 71.124957][ T5217] btree node with incorrect max_keyat btree xattrs level 1: [ 71.124971][ T5217] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 71.124980][ T5217] child: u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing [ 71.154339][ T5217] bcachefs (loop0): set_node_max(): u64s 11 type btree_ptr_v2 POS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 -> SPOS_MAX [ 71.171903][ T5217] bcachefs (loop0): btree root deleted_inodes unreadable, must recover from scan [ 71.181174][ T5217] bcachefs (loop0): bch2_get_scanned_nodes(): recovering deleted_inodes l=0 POS_MIN - SPOS_MAX [ 71.191654][ T5217] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a34c10fbe2d33ffa written 8 min_key 0:1:0 durability: 1 ptr: 0:42:0 gen 0 [ 71.211113][ T41] bcachefs (loop0): error validating btree node on loop0 at btree deleted_inodes level 0/0 [ 71.211135][ T41] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a34c10fbe2d33ffa written 8 min_key 0:1:0 durability: 1 ptr: 0:42:0 gen 0 [ 71.211152][ T41] node offset 0/8 bset u64s 0: checksum error, type crc32c_nonzero: got 2eedea0f should be 11f8fd7b, fixing [ 71.246987][ T41] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=deleted_inodes level=0 SPOS_MAX due to error [ 71.259796][ T5217] btree node with incorrect min_key at btree deleted_inodes level 1: [ 71.259811][ T5217] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 71.259821][ T5217] next: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a34c10fbe2d33ffa written 8 min_key 0:1:0 durability: 1 ptr: 0:42:0 gen 0, fixing [ 71.289921][ T5217] bcachefs (loop0): set_node_min(): u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a34c10fbe2d33ffa written 8 min_key 0:1:0 durability: 1 ptr: 0:42:0 gen 0 -> POS_MIN [ 71.307305][ T5217] done [ 71.310109][ T5217] bcachefs (loop0): accounting_read... done [ 71.316361][ T5217] bcachefs (loop0): alloc_read... done [ 71.321948][ T5217] bcachefs (loop0): stripes_read... done [ 71.327850][ T5217] bcachefs (loop0): snapshots_read... done [ 71.334004][ T5217] bcachefs (loop0): check_allocations... [ 71.336771][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.336791][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 71.367533][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.367549][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 71.391248][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.391264][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 71.414517][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.414533][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 71.437970][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.437984][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 71.461371][ T5217] btree ptr not marked in member info btree allocated bitmap [ 71.461387][ T5217] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 71.485292][ T5217] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing [ 71.494243][ T5217] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 71.507618][ T5217] done [ 71.511802][ T5217] bcachefs (loop0): going read-write [ 71.520086][ T5217] bcachefs (loop0): journal_replay... [ 71.549914][ T2929] ------------[ cut here ]------------ [ 71.560961][ T2929] kernel BUG at fs/bcachefs/journal.c:105! [ 71.566805][ T2929] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 71.573753][ T2929] CPU: 0 UID: 0 PID: 2929 Comm: kworker/u8:9 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 71.584254][ T2929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 71.594335][ T2929] Workqueue: btree_update btree_interior_update_work [ 71.601032][ T2929] RIP: 0010:bch2_journal_noflush_seq+0x320/0x330 [ 71.607363][ T2929] Code: e8 75 dd 5c fd 48 8b 3c 24 e8 ac 1e 8b 07 44 89 f0 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 51 dd 5c fd 90 <0f> 0b e8 49 dd 5c fd 90 0f 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 [ 71.627082][ T2929] RSP: 0018:ffffc90009606ff8 EFLAGS: 00010293 [ 71.633156][ T2929] RAX: ffffffff8437dc0f RBX: 0000000000000008 RCX: ffff88802f241e00 [ 71.641129][ T2929] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000008 [ 71.649123][ T2929] RBP: ffff88807654a9c0 R08: ffffffff8437da69 R09: 1ffff1100eca9537 [ 71.657105][ T2929] R10: dffffc0000000000 R11: ffffed100eca9538 R12: ffff88807654a488 [ 71.665078][ T2929] R13: dffffc0000000000 R14: 0000040000000001 R15: 0000000000000009 [ 71.673064][ T2929] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 71.681998][ T2929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.688582][ T2929] CR2: 000055f50bbcc0c8 CR3: 0000000079e90000 CR4: 00000000003506f0 [ 71.696561][ T2929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.704527][ T2929] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.712496][ T2929] Call Trace: [ 71.715769][ T2929] [ 71.718701][ T2929] ? __die_body+0x5f/0xb0 [ 71.723055][ T2929] ? die+0x9e/0xc0 [ 71.726817][ T2929] ? do_trap+0x15a/0x3a0 [ 71.731061][ T2929] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.736777][ T2929] ? do_error_trap+0x1dc/0x2c0 [ 71.741543][ T2929] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.747269][ T2929] ? __pfx_do_error_trap+0x10/0x10 [ 71.752395][ T2929] ? handle_invalid_op+0x34/0x40 [ 71.757396][ T2929] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.763133][ T2929] ? exc_invalid_op+0x38/0x50 [ 71.767825][ T2929] ? asm_exc_invalid_op+0x1a/0x20 [ 71.772868][ T2929] ? bch2_journal_noflush_seq+0x179/0x330 [ 71.778634][ T2929] ? bch2_journal_noflush_seq+0x31f/0x330 [ 71.784365][ T2929] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.790085][ T2929] ? bch2_journal_noflush_seq+0x31f/0x330 [ 71.795806][ T2929] bch2_trigger_alloc+0x1a10/0x4090 [ 71.801004][ T2929] ? __pfx_bch2_journal_keys_peek_upto+0x10/0x10 [ 71.807334][ T2929] ? __pfx_validate_chain+0x10/0x10 [ 71.812555][ T2929] ? mark_lock+0x9a/0x360 [ 71.816880][ T2929] ? __pfx_bch2_trigger_alloc+0x10/0x10 [ 71.822422][ T2929] ? __bch2_bkey_unpack_key+0x959/0xdd0 [ 71.828002][ T2929] ? bch2_journal_keys_peek_slot+0x12c/0x1c0 [ 71.834008][ T2929] ? verify_update_old_key+0x394/0x920 [ 71.839481][ T2929] ? verify_update_old_key+0x438/0x920 [ 71.844947][ T2929] ? __pfx_verify_update_old_key+0x10/0x10 [ 71.850778][ T2929] ? rcuwait_wake_up+0x1c/0x230 [ 71.855626][ T2929] ? __pfx_lock_acquire+0x10/0x10 [ 71.860652][ T2929] ? run_one_mem_trigger+0x59b/0xc10 [ 71.865938][ T2929] ? __pfx_bch2_trigger_alloc+0x10/0x10 [ 71.871476][ T2929] run_one_mem_trigger+0x81f/0xc10 [ 71.876613][ T2929] ? __pfx_run_one_mem_trigger+0x10/0x10 [ 71.882247][ T2929] ? rcuwait_wake_up+0x1e5/0x230 [ 71.887180][ T2929] ? percpu_up_read+0xdc/0x1b0 [ 71.891956][ T2929] ? __pfx_bch2_trans_account_disk_usage_change+0x10/0x10 [ 71.899076][ T2929] ? rcuwait_wake_up+0x1e5/0x230 [ 71.904014][ T2929] __bch2_trans_commit+0x5547/0x90d0 [ 71.909316][ T2929] ? __pfx___bch2_trans_commit+0x10/0x10 [ 71.914948][ T2929] ? __bch2_trans_jset_entry_alloc+0x2c7/0x4b0 [ 71.921119][ T2929] ? btree_interior_update_work+0x117a/0x2b00 [ 71.927204][ T2929] btree_interior_update_work+0x1492/0x2b00 [ 71.933116][ T2929] ? __pfx_btree_interior_update_work+0x10/0x10 [ 71.939364][ T2929] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.945368][ T2929] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.951720][ T2929] ? process_scheduled_works+0x976/0x1850 [ 71.957446][ T2929] process_scheduled_works+0xa63/0x1850 [ 71.963009][ T2929] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.968996][ T2929] ? assign_work+0x364/0x3d0 [ 71.973595][ T2929] worker_thread+0x870/0xd30 [ 71.978220][ T2929] ? __kthread_parkme+0x169/0x1d0 [ 71.983274][ T2929] ? __pfx_worker_thread+0x10/0x10 [ 71.988403][ T2929] kthread+0x2f0/0x390 [ 71.992597][ T2929] ? __pfx_worker_thread+0x10/0x10 [ 71.997750][ T2929] ? __pfx_kthread+0x10/0x10 [ 72.002365][ T2929] ret_from_fork+0x4b/0x80 [ 72.006813][ T2929] ? __pfx_kthread+0x10/0x10 [ 72.011411][ T2929] ret_from_fork_asm+0x1a/0x30 [ 72.016187][ T2929] [ 72.019210][ T2929] Modules linked in: [ 72.024384][ T2929] ---[ end trace 0000000000000000 ]--- [ 72.029917][ T2929] RIP: 0010:bch2_journal_noflush_seq+0x320/0x330 [ 72.036252][ T2929] Code: e8 75 dd 5c fd 48 8b 3c 24 e8 ac 1e 8b 07 44 89 f0 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 51 dd 5c fd 90 <0f> 0b e8 49 dd 5c fd 90 0f 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 [ 72.055934][ T2929] RSP: 0018:ffffc90009606ff8 EFLAGS: 00010293 [ 72.062021][ T2929] RAX: ffffffff8437dc0f RBX: 0000000000000008 RCX: ffff88802f241e00 [ 72.070020][ T2929] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000008 [ 72.078042][ T2929] RBP: ffff88807654a9c0 R08: ffffffff8437da69 R09: 1ffff1100eca9537 [ 72.086014][ T2929] R10: dffffc0000000000 R11: ffffed100eca9538 R12: ffff88807654a488 [ 72.094010][ T2929] R13: dffffc0000000000 R14: 0000040000000001 R15: 0000000000000009 [ 72.102001][ T2929] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 72.110965][ T2929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.117570][ T2929] CR2: 000055f50bbcc0c8 CR3: 0000000079e90000 CR4: 00000000003506f0 [ 72.125549][ T2929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.133549][ T2929] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.141556][ T2929] Kernel panic - not syncing: Fatal exception [ 72.147944][ T2929] Kernel Offset: disabled [ 72.152270][ T2929] Rebooting in 86400 seconds..