./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3999947866 <...> Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. execve("./syz-executor3999947866", ["./syz-executor3999947866"], 0x7fffe5724c90 /* 10 vars */) = 0 brk(NULL) = 0x55556c009000 brk(0x55556c009d00) = 0x55556c009d00 arch_prctl(ARCH_SET_FS, 0x55556c009380) = 0 set_tid_address(0x55556c009650) = 5835 set_robust_list(0x55556c009660, 24) = 0 rseq(0x55556c009ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3999947866", 4096) = 28 getrandom("\x63\x9c\xc7\x38\xf9\x73\x58\x69", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556c009d00 brk(0x55556c02ad00) = 0x55556c02ad00 brk(0x55556c02b000) = 0x55556c02b000 mprotect(0x7f3dc7177000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dbec00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f3dbec00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 0777) = 0 [ 84.806623][ T5835] loop0: detected capacity change from 0 to 32768 [ 84.947184][ T5835] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 84.962698][ T5835] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 84.971234][ T5835] bcachefs (loop0): Version upgrade required: [ 84.971234][ T5835] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 84.971234][ T5835] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 84.971234][ T5835] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 85.057681][ T5835] bcachefs (loop0): accounting_read... done [ 85.065175][ T5835] bcachefs (loop0): alloc_read... done [ 85.072129][ T5835] bcachefs (loop0): stripes_read... done [ 85.078665][ T5835] bcachefs (loop0): snapshots_read... done [ 85.086487][ T5835] bcachefs (loop0): check_allocations... done [ 85.116731][ T5835] bcachefs (loop0): going read-write [ 85.124580][ T5835] bcachefs (loop0): journal_replay... done [ 85.155237][ T5835] bcachefs (loop0): check_alloc_info... done [ 85.167663][ T5835] bcachefs (loop0): check_lrus... done [ 85.175574][ T5835] bcachefs (loop0): check_btree_backpointers... done [ 85.184162][ T5835] bcachefs (loop0): check_backpointers_to_extents... [ 85.185048][ T5835] ------------[ cut here ]------------ [ 85.197745][ T5835] kernel BUG at fs/bcachefs/bkey_types.h:210! [ 85.204344][ T5835] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 85.211510][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: syz-executor399 Not tainted 6.12.0-rc6-syzkaller #0 [ 85.220935][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 85.231819][ T5835] RIP: 0010:bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.239209][ T5835] Code: 48 8b 4c 24 38 80 e1 07 38 c1 0f 8c b7 dd ff ff be 18 00 00 00 48 8b 7c 24 38 e8 11 51 ee fd e9 a3 dd ff ff e8 47 ad 87 fd 90 <0f> 0b e8 3f ad 87 fd 90 0f 0b e8 e7 79 b1 07 e8 32 ad 87 fd 90 0f [ 85.259624][ T5835] RSP: 0018:ffffc900038eed80 EFLAGS: 00010293 [ 85.265699][ T5835] RAX: ffffffff840d2cb9 RBX: ffff8880763a01d0 RCX: ffff888035edbc00 [ 85.273698][ T5835] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000001c [ 85.281711][ T5835] RBP: ffffc900038ef488 R08: ffffffff840d182e R09: 0000000000000000 [ 85.289713][ T5835] R10: ffffc900038ee780 R11: fffff5200071dcfd R12: 0000000000000003 [ 85.298198][ T5835] R13: ffffc900038ef280 R14: dffffc0000000000 R15: ffff88807cf34000 [ 85.306726][ T5835] FS: 000055556c009380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 85.316203][ T5835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.322800][ T5835] CR2: 000055750aacf8e8 CR3: 0000000075448000 CR4: 00000000003526f0 [ 85.330792][ T5835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.338783][ T5835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.346953][ T5835] Call Trace: [ 85.350499][ T5835] [ 85.354617][ T5835] ? __die_body+0x5f/0xb0 [ 85.360167][ T5835] ? die+0x9e/0xc0 [ 85.364295][ T5835] ? do_trap+0x15a/0x3a0 [ 85.368610][ T5835] ? bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.375493][ T5835] ? do_error_trap+0x1dc/0x2c0 [ 85.380348][ T5835] ? bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.387674][ T5835] ? __pfx_do_error_trap+0x10/0x10 [ 85.392964][ T5835] ? report_bug+0x3e8/0x500 [ 85.403125][ T5835] ? handle_invalid_op+0x34/0x40 [ 85.408706][ T5835] ? bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.415505][ T5835] ? exc_invalid_op+0x38/0x50 [ 85.420221][ T5835] ? asm_exc_invalid_op+0x1a/0x20 [ 85.425289][ T5835] ? bch2_check_backpointers_to_extents+0xf7e/0x2430 [ 85.434017][ T5835] ? bch2_check_backpointers_to_extents+0x2409/0x2430 [ 85.441958][ T5835] ? bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.451827][ T5835] ? __pfx_bch2_check_backpointers_to_extents+0x10/0x10 [ 85.460504][ T5835] ? __pfx__prb_read_valid+0x10/0x10 [ 85.466446][ T5835] ? bch2_backpointer_get_key+0x2b0/0x970 [ 85.472203][ T5835] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 85.478916][ T5835] ? __console_unlock+0x12d/0x1f0 [ 85.483950][ T5835] ? prb_read_valid+0xa9/0xf0 [ 85.489003][ T5835] ? __pfx___console_unlock+0x10/0x10 [ 85.495953][ T5835] ? llist_add_batch+0x143/0x270 [ 85.503611][ T5835] ? __pfx_llist_add_batch+0x10/0x10 [ 85.509671][ T5835] ? __irq_work_queue_local+0x137/0x410 [ 85.517999][ T5835] ? bch2_check_backpointers_to_extents+0xc6a/0x2430 [ 85.525418][ T5835] ? __pfx_lock_release+0x10/0x10 [ 85.530596][ T5835] ? rcu_is_watching+0x15/0xb0 [ 85.535737][ T5835] ? __bch2_print+0x17a/0x220 [ 85.540908][ T5835] ? bch2_run_recovery_pass+0x6d/0x1e0 [ 85.548975][ T5835] ? __pfx___bch2_print+0x10/0x10 [ 85.554991][ T5835] ? __bch2_fs_read_write+0x35c/0x370 [ 85.560399][ T5835] bch2_run_recovery_pass+0xf0/0x1e0 [ 85.567167][ T5835] bch2_run_recovery_passes+0x387/0x870 [ 85.572739][ T5835] bch2_fs_recovery+0x25cc/0x39c0 [ 85.577778][ T5835] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 85.584330][ T5835] ? __pfx_lock_release+0x10/0x10 [ 85.591563][ T5835] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 85.598253][ T5835] ? __pfx_lock_release+0x10/0x10 [ 85.603303][ T5835] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 85.609144][ T5835] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 85.615514][ T5835] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 85.621268][ T5835] ? llist_reverse_order+0x72/0x90 [ 85.626656][ T5835] bch2_fs_start+0x356/0x5b0 [ 85.631470][ T5835] bch2_fs_get_tree+0xd68/0x1710 [ 85.636560][ T5835] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 85.641966][ T5835] ? smack_fs_context_parse_param+0xff/0x170 [ 85.648511][ T5835] ? generic_parse_monolithic+0x387/0x400 [ 85.655336][ T5835] ? cap_capable+0x1b4/0x250 [ 85.661043][ T5835] ? safesetid_security_capable+0xb2/0x1d0 [ 85.669242][ T5835] vfs_get_tree+0x90/0x2b0 [ 85.673781][ T5835] do_new_mount+0x2be/0xb40 [ 85.678759][ T5835] ? __pfx_do_new_mount+0x10/0x10 [ 85.684107][ T5835] __se_sys_mount+0x2d6/0x3c0 [ 85.690091][ T5835] ? __pfx___se_sys_mount+0x10/0x10 [ 85.695334][ T5835] ? do_syscall_64+0x100/0x230 [ 85.700900][ T5835] ? __x64_sys_mount+0x20/0xc0 [ 85.705778][ T5835] do_syscall_64+0xf3/0x230 [ 85.710697][ T5835] ? clear_bhb_loop+0x35/0x90 [ 85.715967][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.723578][ T5835] RIP: 0033:0x7f3dc70ff8fa [ 85.728275][ T5835] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 85.747983][ T5835] RSP: 002b:00007ffca0ac2048 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 85.756418][ T5835] RAX: ffffffffffffffda RBX: 00007ffca0ac2060 RCX: 00007f3dc70ff8fa [ 85.764506][ T5835] RDX: 00000000200058c0 RSI: 0000000020001040 RDI: 00007ffca0ac2060 [ 85.772591][ T5835] RBP: 0000000000000004 R08: 00007ffca0ac20a0 R09: 002c647261637350 [ 85.780582][ T5835] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 85.791069][ T5835] R13: 00007ffca0ac20a0 R14: 0000000000000003 R15: 0000000001000000 [ 85.799650][ T5835] [ 85.802697][ T5835] Modules linked in: [ 85.807047][ T5835] ---[ end trace 0000000000000000 ]--- [ 85.814629][ T5835] RIP: 0010:bch2_check_backpointers_to_extents+0x240a/0x2430 [ 85.822590][ T5835] Code: 48 8b 4c 24 38 80 e1 07 38 c1 0f 8c b7 dd ff ff be 18 00 00 00 48 8b 7c 24 38 e8 11 51 ee fd e9 a3 dd ff ff e8 47 ad 87 fd 90 <0f> 0b e8 3f ad 87 fd 90 0f 0b e8 e7 79 b1 07 e8 32 ad 87 fd 90 0f [ 85.845371][ T5835] RSP: 0018:ffffc900038eed80 EFLAGS: 00010293 [ 85.851535][ T5835] RAX: ffffffff840d2cb9 RBX: ffff8880763a01d0 RCX: ffff888035edbc00 [ 85.859710][ T5835] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000001c [ 85.868564][ T5835] RBP: ffffc900038ef488 R08: ffffffff840d182e R09: 0000000000000000 [ 85.876840][ T5835] R10: ffffc900038ee780 R11: fffff5200071dcfd R12: 0000000000000003 [ 85.886392][ T5835] R13: ffffc900038ef280 R14: dffffc0000000000 R15: ffff88807cf34000 [ 85.896542][ T5835] FS: 000055556c009380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 85.906097][ T5835] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.913271][ T5835] CR2: 000055750ab206c0 CR3: 0000000075448000 CR4: 00000000003526f0 [ 85.921444][ T5835] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.930712][ T5835] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.938939][ T5835] Kernel panic - not syncing: Fatal exception [ 85.945365][ T5835] Kernel Offset: disabled [ 85.950532][ T5835] Rebooting in 86400 seconds..