./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3197647574 <...> DUID 00:04:7b:a2:e0:73:6b:5f:a9:8e:d4:f6:53:82:b5:31:a7:5e forked to background, child pid 4740 [ 34.603779][ T4741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.618184][ T4741] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. execve("./syz-executor3197647574", ["./syz-executor3197647574"], 0x7ffc3dc81180 /* 10 vars */) = 0 brk(NULL) = 0x55556b42e000 brk(0x55556b42ed00) = 0x55556b42ed00 arch_prctl(ARCH_SET_FS, 0x55556b42e380) = 0 set_tid_address(0x55556b42e650) = 5071 set_robust_list(0x55556b42e660, 24) = 0 rseq(0x55556b42eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3197647574", 4096) = 28 getrandom("\xe0\x5c\x87\x78\x0d\x90\x9c\x99", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556b42ed00 brk(0x55556b44fd00) = 0x55556b44fd00 brk(0x55556b450000) = 0x55556b450000 mprotect(0x7fee630dd000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee5ac00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 munmap(0x7fee5ac00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 syzkaller login: [ 57.099304][ T5071] loop0: detected capacity change from 0 to 1024 [ 57.134106][ T5071] EXT4-fs: Ignoring removed mblk_io_submit option mount("/dev/loop0", "./file1", "ext4", MS_SYNCHRONOUS|MS_RELATIME, "journal_async_commit,nombcache,dax,norecovery,barrier=0x000000000000004c,lazytime,init_itable=0x0000"...) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 57.143589][ T5071] EXT4-fs (loop0): Cannot use DAX on a filesystem that may contain inline data ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee5ac00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7fee5ac00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = -1 EEXIST (File exists) [ 57.415491][ T5071] loop0: detected capacity change from 0 to 32768 [ 57.494262][ T5071] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,norecovery,nojournal_transaction_names [ 57.508301][ T5071] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 57.522816][ T5071] bcachefs (loop0): error validating btree node on loop0 at btree alloc level 0/0 [ 57.522837][ T5071] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 57.522845][ T5071] node offset 16/32 bset u64s 50: checksum error, type crc32c_nonzero: got 45a85fce should be 96c22aac, fixing [ 57.558788][ T5071] bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 57.558801][ T5071] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 57.558808][ T5071] node offset 16/32 bset u64s 50: invalid bkey: nonzero snapshot [ 57.558815][ T5071] u64s 12 type alloc_v4 0:36:8 len 0 ver 0: [ 57.558820][ T5071] gen 0 oldest_gen 0 data_type user [ 57.558826][ T5071] journal_seq 4 [ 57.558831][ T5071] need_discard 1 [ 57.558836][ T5071] need_inc_gen 1 [ 57.558840][ T5071] dirty_sectors 8 [ 57.558845][ T5071] cached_sectors 0 [ 57.558850][ T5071] stripe 0 [ 57.558855][ T5071] stripe_redundancy 0 [ 57.558860][ T5071] io_time[READ] 1 [ 57.558865][ T5071] io_time[WRITE] 512 [ 57.558870][ T5071] fragmentation 67108864 [ 57.558875][ T5071] bp_start 7, fixing [ 57.651853][ T5071] bcachefs (loop0): alloc_read... done [ 57.657641][ T5071] bcachefs (loop0): stripes_read... done [ 57.663393][ T5071] bcachefs (loop0): snapshots_read... done [ 57.672361][ T5071] ------------[ cut here ]------------ [ 57.677924][ T5071] kernel BUG at fs/bcachefs/journal.c:370! [ 57.683799][ T5071] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 57.690225][ T5071] CPU: 0 PID: 5071 Comm: syz-executor319 Not tainted 6.9.0-rc7-syzkaller-00056-g45db3ab70092 #0 [ 57.700644][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 57.710718][ T5071] RIP: 0010:__journal_res_get+0x21a7/0x2320 [ 57.716600][ T5071] Code: 8c 03 fe ff ff e8 e9 45 c8 fd 48 8d 9c 24 c0 01 00 00 e9 f1 fd ff ff e8 a7 5e 48 07 e8 92 e9 66 fd 90 0f 0b e8 8a e9 66 fd 90 <0f> 0b e8 82 e9 66 fd 90 0f 0b e8 7a e9 66 fd 90 0f 0b e8 72 e9 66 [ 57.736197][ T5071] RSP: 0018:ffffc90003356d20 EFLAGS: 00010293 [ 57.742246][ T5071] RAX: ffffffff842f1e06 RBX: 0000000000000002 RCX: ffff888027970000 [ 57.750199][ T5071] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 57.758169][ T5071] RBP: ffffc90003356fd0 R08: ffffffff842f03ac R09: 1ffff1100ef594f7 [ 57.766125][ T5071] R10: dffffc0000000000 R11: ffffed100ef594f8 R12: dffffc0000000000 [ 57.774076][ T5071] R13: 1ffff1100ef594f8 R14: ffff888077a80870 R15: 00000000003ffffe [ 57.782056][ T5071] FS: 000055556b42e380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 57.791053][ T5071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.797614][ T5071] CR2: 0000559021ca6b80 CR3: 0000000077b18000 CR4: 00000000003506f0 [ 57.805566][ T5071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.813521][ T5071] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.821474][ T5071] Call Trace: [ 57.824735][ T5071] [ 57.827652][ T5071] ? __die_body+0x88/0xe0 [ 57.831965][ T5071] ? die+0xcf/0x110 [ 57.835748][ T5071] ? do_trap+0x15a/0x3a0 [ 57.839971][ T5071] ? __journal_res_get+0x21a7/0x2320 [ 57.845239][ T5071] ? do_error_trap+0x1dc/0x2c0 [ 57.849985][ T5071] ? __journal_res_get+0x21a7/0x2320 [ 57.855250][ T5071] ? __pfx_do_error_trap+0x10/0x10 [ 57.860345][ T5071] ? handle_invalid_op+0x34/0x40 [ 57.865262][ T5071] ? __journal_res_get+0x21a7/0x2320 [ 57.870526][ T5071] ? exc_invalid_op+0x38/0x50 [ 57.875192][ T5071] ? asm_exc_invalid_op+0x1a/0x20 [ 57.880197][ T5071] ? __journal_res_get+0x74c/0x2320 [ 57.885373][ T5071] ? __journal_res_get+0x21a6/0x2320 [ 57.890639][ T5071] ? __journal_res_get+0x21a7/0x2320 [ 57.895912][ T5071] ? __pfx___journal_res_get+0x10/0x10 [ 57.901355][ T5071] ? __mutex_unlock_slowpath+0x21d/0x750 [ 57.906966][ T5071] ? journal_flush_done+0x21c/0x260 [ 57.912149][ T5071] bch2_journal_res_get_slowpath+0x93/0x310 [ 57.918027][ T5071] ? __pfx_bch2_journal_res_get_slowpath+0x10/0x10 [ 57.924509][ T5071] ? journal_entry_want_write+0xf3/0x250 [ 57.930126][ T5071] ? journal_res_get_fast+0x3d3/0x540 [ 57.935479][ T5071] ? journal_flush_done+0x224/0x260 [ 57.940678][ T5071] bch2_journal_res_get+0x12b/0x1c0 [ 57.945890][ T5071] bch2_journal_meta+0x8d/0x280 [ 57.950723][ T5071] ? bch2_run_recovery_passes+0x7a5/0x7f0 [ 57.956422][ T5071] ? __pfx_bch2_journal_meta+0x10/0x10 [ 57.961884][ T5071] bch2_fs_recovery+0x455b/0x63b0 [ 57.966913][ T5071] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 57.972277][ T5071] ? __pfx_lock_acquire+0x10/0x10 [ 57.977310][ T5071] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 57.982922][ T5071] ? __pfx_lock_release+0x10/0x10 [ 57.987927][ T5071] ? __mutex_lock+0x2ef/0xd70 [ 57.992584][ T5071] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 57.998211][ T5071] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 58.003931][ T5071] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 58.009560][ T5071] ? llist_reverse_order+0x72/0x90 [ 58.014798][ T5071] bch2_fs_start+0x356/0x5b0 [ 58.019418][ T5071] bch2_fs_open+0xa8d/0xdf0 [ 58.023996][ T5071] ? __pfx_bch2_fs_open+0x10/0x10 [ 58.029055][ T5071] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.035379][ T5071] ? __pfx_bch2_test_super+0x10/0x10 [ 58.040643][ T5071] ? sget+0x2b8/0x620 [ 58.044609][ T5071] ? __pfx_bch2_noset_super+0x10/0x10 [ 58.049962][ T5071] bch2_mount+0x71d/0x1320 [ 58.054366][ T5071] ? __pfx_bch2_mount+0x10/0x10 [ 58.059228][ T5071] ? vfs_parse_fs_string+0x190/0x230 [ 58.064581][ T5071] ? kfree+0x4e/0x3b0 [ 58.068549][ T5071] ? vfs_parse_fs_string+0x190/0x230 [ 58.073813][ T5071] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 58.079426][ T5071] ? cap_capable+0x1b4/0x250 [ 58.084007][ T5071] legacy_get_tree+0xee/0x190 [ 58.088675][ T5071] ? __pfx_bch2_mount+0x10/0x10 [ 58.093506][ T5071] vfs_get_tree+0x90/0x2a0 [ 58.097904][ T5071] do_new_mount+0x2be/0xb40 [ 58.102387][ T5071] ? ns_capable+0x8a/0xf0 [ 58.106696][ T5071] ? __pfx_do_new_mount+0x10/0x10 [ 58.111713][ T5071] __se_sys_mount+0x2d9/0x3c0 [ 58.116374][ T5071] ? __pfx___se_sys_mount+0x10/0x10 [ 58.121554][ T5071] ? do_syscall_64+0x102/0x240 [ 58.126306][ T5071] ? __x64_sys_mount+0x20/0xc0 [ 58.131053][ T5071] do_syscall_64+0xf5/0x240 [ 58.135540][ T5071] ? clear_bhb_loop+0x35/0x90 [ 58.140204][ T5071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.146087][ T5071] RIP: 0033:0x7fee63065dfa [ 58.150485][ T5071] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 58.170073][ T5071] RSP: 002b:00007ffc36e16f18 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 58.178465][ T5071] RAX: ffffffffffffffda RBX: 00007ffc36e16f60 RCX: 00007fee63065dfa [ 58.186418][ T5071] RDX: 0000000020005d80 RSI: 0000000020005dc0 RDI: 00007ffc36e16f60 [ 58.194368][ T5071] RBP: 0000000020005dc0 R08: 00007ffc36e16fa0 R09: 0000000000005d73 [ 58.202318][ T5071] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000020005d80 [ 58.210286][ T5071] R13: 0000000000005d79 R14: 00007ffc36e16fa0 R15: 0000000000000004 [ 58.218247][ T5071] [ 58.221249][ T5071] Modules linked in: [ 58.225271][ T5071] ---[ end trace 0000000000000000 ]--- [ 58.230764][ T5071] RIP: 0010:__journal_res_get+0x21a7/0x2320 [ 58.236689][ T5071] Code: 8c 03 fe ff ff e8 e9 45 c8 fd 48 8d 9c 24 c0 01 00 00 e9 f1 fd ff ff e8 a7 5e 48 07 e8 92 e9 66 fd 90 0f 0b e8 8a e9 66 fd 90 <0f> 0b e8 82 e9 66 fd 90 0f 0b e8 7a e9 66 fd 90 0f 0b e8 72 e9 66 [ 58.256339][ T5071] RSP: 0018:ffffc90003356d20 EFLAGS: 00010293 [ 58.262482][ T5071] RAX: ffffffff842f1e06 RBX: 0000000000000002 RCX: ffff888027970000 [ 58.270499][ T5071] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 58.278500][ T5071] RBP: ffffc90003356fd0 R08: ffffffff842f03ac R09: 1ffff1100ef594f7 [ 58.286583][ T5071] R10: dffffc0000000000 R11: ffffed100ef594f8 R12: dffffc0000000000 [ 58.294619][ T5071] R13: 1ffff1100ef594f8 R14: ffff888077a80870 R15: 00000000003ffffe [ 58.302622][ T5071] FS: 000055556b42e380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 58.311602][ T5071] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.318174][ T5071] CR2: 0000559021ca6b80 CR3: 0000000077b18000 CR4: 00000000003506f0 [ 58.326176][ T5071] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.334195][ T5071] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.342205][ T5071] Kernel panic - not syncing: Fatal exception [ 58.348537][ T5071] Kernel Offset: disabled [ 58.352857][ T5071] Rebooting in 86400 seconds..