program: bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) (async) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000c00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_es_find_extent_range_enter\x00', r0}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x800) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000000)=0x80000009) (async) r3 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) (async) listen(r3, 0x8957) r4 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0x418) connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r5 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r5, r1, 0x0, 0xb4, &(0x7f00000003c0)='\xc8\xf9\x19\xe2I\x10nK\xbcb|A\xc6\xe4M\x92ir6K\xbe\xdfWH\xfcq\xfb7D\x8f\xfa\x05a\xd1}Ac\xbf\x81<\xa2\xd4 u64s 11 type alloc_v4 0:3:0 len 0 ver 0, fixing [ 69.989999][ T5322] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=alloc level=0 SPOS_MAX due to error [ 69.997421][ T5322] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0 [ 69.997438][ T5322] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 69.997446][ T5322] node offset 0/32: incorrect min_key: got 576460752303423488:0:0 should be POS_MIN [ 70.012986][ T5322] bcachefs (loop0): flagging btree freespace lost data [ 70.016234][ T5322] error reading btree root freespace l=0: btree_node_read_error, fixing [ 70.020027][ T5322] invalid bkey u64s 9 type backpointer 0:8921088:0 len 0 ver 0: bucket=0:34:0 btree=extents l=0 offset=8:160 len=8 pos=536870913:24:U32_MAX [ 70.020044][ T5322] backpointer bucket_offset wrong: delete?, fixing [ 70.031118][ T5322] bcachefs (loop0): scan_for_btree_nodes... [ 70.034379][ T5322] bch2_scan_for_btree_nodes: nodes found after overwrites: [ 70.034402][ T5322] xattrs l=0 seq=1 journal_seq=4 cookie=2285c34bed0abe32 POS_MIN-SPOS_MAX ptr: 0:31:0 gen 0 [ 70.034410][ T5322] lru l=0 seq=1 journal_seq=5 cookie=28f61e078e70b95c POS_MIN-SPOS_MAX ptr: 0:28:0 gen 0 [ 70.034417][ T5322] deleted_inodes l=0 seq=1 journal_seq=0 cookie=1db8f60c84bb244c POS_MIN-SPOS_MAX ptr: 0:42:0 gen 0 [ 70.034424][ T5322] [ 70.054793][ T5322] done [ 70.055857][ T5322] bcachefs (loop0): check_topology... [ 70.055923][ T5322] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 70.063322][ T5322] no nodes found for btree extents, continuing [ 70.066155][ T5322] done [ 70.067406][ T5322] bcachefs (loop0): accounting_read... done [ 70.071131][ T5322] bcachefs (loop0): alloc_read... done [ 70.072982][ T5322] bcachefs (loop0): stripes_read... done [ 70.074994][ T5322] bcachefs (loop0): snapshots_read... done [ 70.077368][ T5322] bcachefs (loop0): check_allocations... [ 70.079277][ T5322] bcachefs (loop0): pointer to nonexistent bucket 0:4294964982 [ 70.086683][ T5322] bcachefs (loop0): bch2_gc_mark_key(): error EIO [ 70.089303][ T5322] bcachefs (loop0): bch2_gc_btree(): error EIO [ 70.094209][ T5322] btree node read error for alloc, fixing [ 70.097938][ T5322] btree ptr not marked in member info btree allocated bitmap [ 70.097960][ T5322] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 70.112299][ T5322] bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 70.112316][ T5322] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 70.125536][ T5322] btree ptr not marked in member info btree allocated bitmap [ 70.125553][ T5322] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 70.137058][ T5322] bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 70.137074][ T5322] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 70.148649][ T5322] btree ptr not marked in member info btree allocated bitmap [ 70.148665][ T5322] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 70.158676][ T5322] bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 70.158692][ T5322] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 70.169305][ T5322] btree ptr not marked in member info btree allocated bitmap [ 70.169321][ T5322] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 70.179403][ T5322] bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.184438][ T5322] bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.189833][ T5322] bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.193563][ T5322] bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.198858][ T5322] bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.204828][ T5322] bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.208855][ T5322] bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.213068][ T5322] bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.216997][ T5322] bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.220115][ T5322] bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.225610][ T5322] bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.229124][ T5322] bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.234069][ T5322] bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.237315][ T5322] bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.243498][ T5322] bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.247087][ T5322] bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 70.251156][ T5322] bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.255044][ T5322] bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.259769][ T5322] bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.264449][ T5322] bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.268666][ T5322] bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.273434][ T5322] bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.277780][ T5322] bucket 0:12 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.282309][ T5322] bucket 0:12 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.286871][ T5322] bucket 0:13 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.290509][ T5322] bucket 0:13 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.296056][ T5322] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.299694][ T5322] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.305192][ T5322] bucket 0:15 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.311416][ T5322] bucket 0:15 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.315470][ T5322] bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.318749][ T5322] bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.324860][ T5322] bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.328120][ T5322] bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.333757][ T5322] bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.337531][ T5322] bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.343516][ T5322] bucket 0:19 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.346517][ T5322] bucket 0:19 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.351568][ T5322] bucket 0:20 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.355148][ T5322] bucket 0:20 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.358964][ T5322] bucket 0:21 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.363364][ T5322] bucket 0:21 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.367610][ T5322] bucket 0:22 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.371717][ T5322] bucket 0:22 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.376035][ T5322] bucket 0:23 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.379745][ T5322] bucket 0:23 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.385081][ T5322] bucket 0:24 gen 0 has wrong data_type: got free, should be journal, fixing [ 70.389086][ T5322] bucket 0:24 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 70.394776][ T5322] bucket 0:27 gen 0 has wrong data_type: got btree, should be need_discard, fixing [ 70.398431][ T5322] bucket 0:27 gen 0 data type need_discard has wrong dirty_sectors: got 256, should be 0, fixing [ 70.404329][ T5322] bucket 0:32 gen 0 has wrong data_type: got sb, should be btree, fixing [ 70.407318][ T5322] bucket 0:34 gen 0 has wrong data_type: got user, should be need_discard, fixing [ 70.414119][ T5322] bucket 0:34 gen 0 data type need_discard has wrong dirty_sectors: got 16, should be 0, fixing [ 70.418488][ T5322] bucket 0:35 gen 0 has wrong data_type: got free, should be btree, fixing [ 70.423065][ T5322] bucket 0:35 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 70.427758][ T5322] bucket 0:38 gen 0 has wrong data_type: got free, should be btree, fixing [ 70.431964][ T5322] bucket 0:38 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 70.435961][ T5322] bucket 0:41 gen 0 has wrong data_type: got free, should be btree, fixing [ 70.439426][ T5322] bucket 0:41 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 70.446172][ T5322] bucket 0:120 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.449683][ T5322] bucket 0:120 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.454610][ T5322] bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.458016][ T5322] bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.464469][ T5322] bucket 0:122 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.467517][ T5322] bucket 0:122 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.471759][ T5322] bucket 0:123 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.475381][ T5322] bucket 0:123 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.479529][ T5322] bucket 0:124 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.483859][ T5322] bucket 0:124 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.488055][ T5322] bucket 0:125 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.504240][ T5322] bucket 0:125 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.508071][ T5322] bucket 0:126 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.521868][ T5322] bucket 0:126 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.525576][ T5322] bucket 0:127 gen 0 has wrong data_type: got free, should be sb, fixing [ 70.529204][ T5322] bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 70.535012][ T5322] done [ 70.536600][ T5322] bcachefs (loop0): going read-write [ 70.549611][ T5322] bcachefs (loop0): journal_replay... [ 70.562699][ T1035] bucket 0:26 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX [ 70.562734][ T1035] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, continuing [ 70.592404][ T1035] bucket 0:26 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX [ 70.592424][ T1035] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, continuing [ 70.614309][ T1035] bucket 0:26 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX [ 70.614325][ T1035] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, continuing [ 70.630392][ T1035] bucket 0:26 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX [ 70.630407][ T1035] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, continuing [ 70.749877][ T5322] done [ 70.754205][ T5322] bcachefs (loop0): check_alloc_info... [ 70.755732][ T5322] incorrect key in need_discard btree (got deleted should be set) [ 70.755756][ T5322] u64s 13 type alloc_v4 0:27:0 len 0 ver 0: [ 70.755763][ T5322] gen 0 oldest_gen 0 data_type need_discard [ 70.755769][ T5322] journal_seq 4 [ 70.755776][ T5322] need_discard 1 [ 70.755783][ T5322] need_inc_gen 1 [ 70.755789][ T5322] dirty_sectors 0 [ 70.755795][ T5322] stripe_sectors 0 [ 70.755800][ T5322] cached_sectors 0 [ 70.755807][ T5322] stripe 0 [ 70.755812][ T5322] stripe_redundancy 0 [ 70.755818][ T5322] io_time[READ] 1 [ 70.755824][ T5322] io_time[WRITE] 256 [ 70.755832][ T5322] fragmentation 0 [ 70.755838][ T5322] bp_start 8 [ 70.755843][ T5322] , fixing [ 70.796353][ T5322] incorrect key in need_discard btree (got deleted should be set) [ 70.796364][ T5322] u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 70.796369][ T5322] gen 0 oldest_gen 0 data_type need_discard [ 70.796375][ T5322] journal_seq 5 [ 70.796382][ T5322] need_discard 1 [ 70.796388][ T5322] need_inc_gen 1 [ 70.796393][ T5322] dirty_sectors 0 [ 70.796399][ T5322] stripe_sectors 0 [ 70.796405][ T5322] cached_sectors 0 [ 70.796411][ T5322] stripe 0 [ 70.796418][ T5322] stripe_redundancy 0 [ 70.796423][ T5322] io_time[READ] 1 [ 70.796429][ T5322] io_time[WRITE] 512 [ 70.796434][ T5322] fragmentation 0 [ 70.796440][ T5322] bp_start 8 [ 70.796445][ T5322] , fixing [ 70.831521][ T5322] hole in alloc btree missing in freespace btree [ 70.831537][ T5322] device 0 buckets 36-37, fixing [ 70.836181][ T5322] hole in alloc btree missing in freespace btree [ 70.836195][ T5322] device 0 buckets 39-41, fixing [ 70.842079][ T5322] hole in alloc btree missing in freespace btree [ 70.842092][ T5322] device 0 buckets 44-120, fixing [ 70.848211][ T5322] done [ 70.850346][ T5322] bcachefs (loop0): check_lrus... [ 70.855345][ T5322] incorrect lru entry: lru fragmentation time 134217728 [ 70.855360][ T5322] u64s 5 type set 18446462598867058688:34:0 len 0 ver 0 [ 70.855365][ T5322] for u64s 13 type alloc_v4 0:34:0 len 0 ver 0: [ 70.855369][ T5322] gen 1 oldest_gen 0 data_type free [ 70.855374][ T5322] journal_seq 5 [ 70.855378][ T5322] need_discard 0 [ 70.855382][ T5322] need_inc_gen 0 [ 70.855386][ T5322] dirty_sectors 0 [ 70.855390][ T5322] stripe_sectors 0 [ 70.855394][ T5322] cached_sectors 0 [ 70.855399][ T5322] stripe 0 [ 70.855403][ T5322] stripe_redundancy 0 [ 70.855407][ T5322] io_time[READ] 1 [ 70.855411][ T5322] io_time[WRITE] 512 [ 70.855414][ T5322] fragmentation 0 [ 70.855418][ T5322] bp_start 8 [ 70.855422][ T5322] , fixing [ 70.893769][ T5322] done [ 70.895780][ T5322] bcachefs (loop0): check_extents_to_backpointers... [ 70.896350][ T5322] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 70.896367][ T5322] got: u64s 5 type deleted 0:9961472:0 len 0 ver 0 [ 70.896376][ T5322] want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 70.916138][ T5322] missing backpointer for btree=dirents l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 70.916155][ T5322] got: u64s 5 type deleted 0:10747904:0 len 0 ver 0 [ 70.916162][ T5322] want: u64s 9 type backpointer 0:10747904:0 len 0 ver 0: bucket=0:41:0 btree=dirents l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 70.936358][ T5322] missing backpointer for btree=subvolumes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 70.936372][ T5322] got: u64s 5 type deleted 0:9175040:0 len 0 ver 0 [ 70.936378][ T5322] want: u64s 9 type backpointer 0:9175040:0 len 0 ver 0: bucket=0:35:0 btree=subvolumes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 70.954449][ T5322] missing backpointer for btree=snapshots l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 70.954470][ T5322] got: u64s 5 type deleted 0:8388608:0 len 0 ver 0 [ 70.954480][ T5322] want: u64s 9 type backpointer 0:8388608:0 len 0 ver 0: bucket=0:32:0 btree=snapshots l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing [ 70.970427][ T5322] done [ 70.973403][ T5322] bcachefs (loop0): check_alloc_to_lru_refs... done [ 70.976536][ T5322] bcachefs (loop0): check_inodes... done [ 70.979415][ T5322] bcachefs (loop0): resume_logged_ops... done [ 70.982545][ T5322] bcachefs (loop0): delete_dead_inodes... done [ 70.991806][ T5322] bcachefs (loop0): scanning for old btree nodes: min_version 0.11: inode_btree_change [ 71.019870][ T30] ------------[ cut here ]------------ [ 71.022437][ T30] kernel BUG at fs/bcachefs/journal.c:105! [ 71.025044][ T30] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 71.027984][ T30] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 71.032301][ T30] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.036061][ T30] Workqueue: btree_update btree_interior_update_work [ 71.038463][ T30] RIP: 0010:bch2_journal_noflush_seq+0x320/0x330 [ 71.040907][ T30] Code: e8 d5 6b 5c fd 48 8b 3c 24 e8 6c a5 88 07 44 89 f0 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 b1 6b 5c fd 90 <0f> 0b e8 a9 6b 5c fd 90 0f 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 [ 71.048517][ T30] RSP: 0018:ffffc90000516ff8 EFLAGS: 00010293 [ 71.050954][ T30] RAX: ffffffff844316bf RBX: 00000000000000f8 RCX: ffff88801e044880 [ 71.053963][ T30] RDX: 0000000000000000 RSI: 00000000000000f9 RDI: 00000000000000f8 [ 71.056998][ T30] RBP: ffff8880531cab40 R08: ffffffff84431519 R09: 1ffff1100a639567 [ 71.060154][ T30] R10: dffffc0000000000 R11: ffffed100a639568 R12: ffff8880531ca608 [ 71.063313][ T30] R13: dffffc0000000000 R14: 0009000000000001 R15: 00000000000000f9 [ 71.066333][ T30] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.070083][ T30] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.073182][ T30] CR2: 0000562a7b998048 CR3: 0000000043016000 CR4: 0000000000352ef0 [ 71.076791][ T30] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.079914][ T30] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.083062][ T30] Call Trace: [ 71.084405][ T30] [ 71.085665][ T30] ? __die_body+0x5f/0xb0 [ 71.087487][ T30] ? die+0x9e/0xc0 [ 71.089174][ T30] ? do_trap+0x15a/0x3a0 [ 71.090987][ T30] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.093259][ T30] ? do_error_trap+0x1dc/0x2c0 [ 71.095049][ T30] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.097054][ T30] ? __pfx_do_error_trap+0x10/0x10 [ 71.098865][ T30] ? handle_invalid_op+0x34/0x40 [ 71.100881][ T30] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.103434][ T30] ? exc_invalid_op+0x38/0x50 [ 71.105414][ T30] ? asm_exc_invalid_op+0x1a/0x20 [ 71.107149][ T30] ? bch2_journal_noflush_seq+0x179/0x330 [ 71.109073][ T30] ? bch2_journal_noflush_seq+0x31f/0x330 [ 71.111109][ T30] ? bch2_journal_noflush_seq+0x320/0x330 [ 71.113205][ T30] ? bch2_journal_noflush_seq+0x31f/0x330 [ 71.115656][ T30] bch2_trigger_alloc+0x16d9/0x41e0 [ 71.118084][ T30] ? mark_lock+0x9a/0x360 [ 71.120032][ T30] ? __pfx_validate_chain+0x10/0x10 [ 71.122005][ T30] ? __pfx_validate_chain+0x10/0x10 [ 71.123984][ T30] ? __pfx_bch2_trigger_alloc+0x10/0x10 [ 71.126152][ T30] ? __bch2_bkey_unpack_key+0x959/0xdd0 [ 71.128560][ T30] ? __asan_memcpy+0x40/0x70 [ 71.130566][ T30] ? mark_lock+0x9a/0x360 [ 71.132456][ T30] ? verify_update_old_key+0x394/0x920 [ 71.134488][ T30] ? verify_update_old_key+0x438/0x920 [ 71.136469][ T30] ? __pfx_verify_update_old_key+0x10/0x10 [ 71.138915][ T30] ? rcuwait_wake_up+0x1c/0x230 [ 71.141310][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 71.143533][ T30] ? run_one_mem_trigger+0x59b/0xc10 [ 71.145403][ T30] ? __pfx_bch2_trigger_alloc+0x10/0x10 [ 71.147529][ T30] run_one_mem_trigger+0x81f/0xc10 [ 71.149499][ T30] ? __pfx_run_one_mem_trigger+0x10/0x10 [ 71.151473][ T30] ? rcuwait_wake_up+0x1e5/0x230 [ 71.153669][ T30] ? percpu_up_read+0xdc/0x1b0 [ 71.155879][ T30] ? __pfx_bch2_trans_account_disk_usage_change+0x10/0x10 [ 71.159603][ T30] ? rcuwait_wake_up+0x1e5/0x230 [ 71.161737][ T30] __bch2_trans_commit+0x473b/0x93c0 [ 71.163619][ T30] ? __pfx___bch2_trans_commit+0x10/0x10 [ 71.165787][ T30] ? __bch2_trans_jset_entry_alloc+0x2c7/0x4b0 [ 71.168312][ T30] ? btree_interior_update_work+0x117a/0x2b10 [ 71.170528][ T30] btree_interior_update_work+0x1492/0x2b10 [ 71.173026][ T30] ? __pfx_btree_interior_update_work+0x10/0x10 [ 71.175315][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 71.178087][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 71.180781][ T30] ? process_scheduled_works+0x976/0x1840 [ 71.182997][ T30] process_scheduled_works+0xa66/0x1840 [ 71.185193][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 71.187739][ T30] ? assign_work+0x364/0x3d0 [ 71.189866][ T30] worker_thread+0x870/0xd30 [ 71.192084][ T30] ? __kthread_parkme+0x169/0x1d0 [ 71.194611][ T30] ? __pfx_worker_thread+0x10/0x10 [ 71.197248][ T30] kthread+0x2f0/0x390 [ 71.199441][ T30] ? __pfx_worker_thread+0x10/0x10 [ 71.202105][ T30] ? __pfx_kthread+0x10/0x10 [ 71.204283][ T30] ret_from_fork+0x4b/0x80 [ 71.206219][ T30] ? __pfx_kthread+0x10/0x10 [ 71.208090][ T30] ret_from_fork_asm+0x1a/0x30 [ 71.209951][ T30] [ 71.211156][ T30] Modules linked in: [ 71.213526][ T30] ---[ end trace 0000000000000000 ]--- [ 71.215656][ T30] RIP: 0010:bch2_journal_noflush_seq+0x320/0x330 [ 71.218208][ T30] Code: e8 d5 6b 5c fd 48 8b 3c 24 e8 6c a5 88 07 44 89 f0 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 b1 6b 5c fd 90 <0f> 0b e8 a9 6b 5c fd 90 0f 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 [ 71.226240][ T30] RSP: 0018:ffffc90000516ff8 EFLAGS: 00010293 [ 71.228883][ T30] RAX: ffffffff844316bf RBX: 00000000000000f8 RCX: ffff88801e044880 [ 71.232632][ T30] RDX: 0000000000000000 RSI: 00000000000000f9 RDI: 00000000000000f8 [ 71.236111][ T30] RBP: ffff8880531cab40 R08: ffffffff84431519 R09: 1ffff1100a639567 [ 71.239002][ T30] R10: dffffc0000000000 R11: ffffed100a639568 R12: ffff8880531ca608 [ 71.242235][ T30] R13: dffffc0000000000 R14: 0009000000000001 R15: 00000000000000f9 [ 71.245675][ T30] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 71.249659][ T30] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.252016][ T30] CR2: 0000562a7b998048 CR3: 0000000043016000 CR4: 0000000000352ef0 [ 71.255088][ T30] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.258203][ T30] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.261972][ T30] Kernel panic - not syncing: Fatal exception [ 71.265012][ T30] Kernel Offset: disabled [ 71.266523][ T30] Rebooting in 86400 seconds..