./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3667111417 <...> Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts. execve("./syz-executor3667111417", ["./syz-executor3667111417"], 0x7ffcabf91400 /* 10 vars */) = 0 brk(NULL) = 0x555563627000 brk(0x555563627d00) = 0x555563627d00 arch_prctl(ARCH_SET_FS, 0x555563627380) = 0 set_tid_address(0x555563627650) = 5092 set_robust_list(0x555563627660, 24) = 0 rseq(0x555563627ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3667111417", 4096) = 28 getrandom("\xa3\x10\x33\x53\xcf\x36\x9d\xd6", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555563627d00 brk(0x555563648d00) = 0x555563648d00 brk(0x555563649000) = 0x555563649000 mprotect(0x7fa6f005f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached , child_tidptr=0x555563627650) = 5093 [pid 5093] set_robust_list(0x555563627660, 24) = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] write(1, "executing program\n", 18executing program ) = 18 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6e7a00000 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5093] munmap(0x7fa6e7a00000, 138412032) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5093] close(3) = 0 [pid 5093] close(4) = 0 [pid 5093] mkdir("./file1", 0777) = 0 [ 69.800699][ T5093] loop0: detected capacity change from 0 to 32768 [ 69.840379][ T5093] bcachefs (/dev/loop0): error reading default superblock: checksum error, type crc32c_nonzero: got 2859f616 should be 29d2fb78 [ 69.888302][ T5093] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=compression=lz4,nojournal_transaction_names [ 69.900223][ T5093] bcachefs (loop0): recovering from clean shutdown, journal seq 7 [ 69.908528][ T5093] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2 [ 69.908528][ T5093] running recovery passes: check_allocations [ 69.941145][ T5093] bcachefs (loop0): accounting_read... done [ 69.947526][ T5093] bcachefs (loop0): alloc_read... done [ 69.953288][ T5093] bcachefs (loop0): stripes_read... done [ 69.959208][ T5093] bcachefs (loop0): snapshots_read... done [ 69.965580][ T5093] bcachefs (loop0): check_allocations... [ 69.967050][ T5093] ------------[ cut here ]------------ [ 69.978721][ T5093] kernel BUG at fs/bcachefs/buckets.h:96! [ 69.984581][ T5093] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 69.984604][ T5093] CPU: 1 PID: 5093 Comm: syz-executor366 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0 [ 69.984620][ T5093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 69.984630][ T5093] RIP: 0010:gc_bucket+0x250/0x260 [ 69.984674][ T5093] Code: 8c e8 34 e1 62 fd e9 29 ff ff ff 89 f9 80 e1 07 fe c1 38 c1 0f 8c 36 ff ff ff e8 9b 71 ec fd e9 2c ff ff ff e8 71 84 86 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 [ 69.984692][ T5093] RSP: 0018:ffffc900035be208 EFLAGS: 00010293 [ 69.984706][ T5093] RAX: ffffffff840ff77f RBX: 000000000001007c RCX: ffff88807cc70000 [ 69.984719][ T5093] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000001007c [ 69.984728][ T5093] RBP: ffff888021e84000 R08: ffffffff840ff6e1 R09: 0000000000000000 [ 69.984738][ T5093] R10: ffffc900035befd0 R11: fffff520006b7dfc R12: ffff888053ddd130 [ 69.984749][ T5093] R13: ffff888053ddd118 R14: 000000000001007c R15: 0000000000000080 [ 69.984761][ T5093] FS: 0000555563627380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 69.984775][ T5093] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.984787][ T5093] CR2: 000055cce0302c88 CR3: 000000007a7f6000 CR4: 00000000003506f0 [ 69.984802][ T5093] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.984812][ T5093] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.984822][ T5093] Call Trace: [ 69.984833][ T5093] [ 69.984839][ T5093] ? __die_body+0x88/0xe0 [ 69.984861][ T5093] ? die+0xcf/0x110 [ 69.984882][ T5093] ? do_trap+0x15a/0x3a0 [ 69.984901][ T5093] ? gc_bucket+0x250/0x260 [ 69.984920][ T5093] ? do_error_trap+0x1dc/0x2c0 [ 69.984938][ T5093] ? gc_bucket+0x250/0x260 [ 69.984962][ T5093] ? __pfx_do_error_trap+0x10/0x10 [ 69.984989][ T5093] ? report_bug+0x3e8/0x500 [ 69.985015][ T5093] ? handle_invalid_op+0x34/0x40 [ 69.985035][ T5093] ? gc_bucket+0x250/0x260 [ 69.985054][ T5093] ? exc_invalid_op+0x38/0x50 [ 69.985074][ T5093] ? asm_exc_invalid_op+0x1a/0x20 [ 69.985097][ T5093] ? gc_bucket+0x1b1/0x260 [ 69.985122][ T5093] ? gc_bucket+0x24f/0x260 [ 69.985141][ T5093] ? gc_bucket+0x250/0x260 [ 69.985161][ T5093] ? gc_bucket+0x24f/0x260 [ 69.985181][ T5093] bch2_check_allocations+0xc63/0xb9d0 [ 69.985202][ T5093] ? bch2_check_allocations+0x67e/0xb9d0 [ 69.985227][ T5093] ? bch2_btree_node_iter_init+0x36bb/0x4280 [ 69.985249][ T5093] ? validate_chain+0x11e/0x5920 [ 69.985273][ T5093] ? bch2_btree_path_verify_level+0x369/0x1950 [ 69.985290][ T5093] ? __bch2_journal_key_search+0x9c2/0x10e0 [ 69.985313][ T5093] ? __bch2_btree_node_iter_advance+0x577/0xaa0 [ 69.985334][ T5093] ? __pfx_validate_chain+0x10/0x10 [ 69.985353][ T5093] ? __pfx___bch2_journal_key_search+0x10/0x10 [ 69.985375][ T5093] ? bch2_btree_node_iter_advance+0x3c8/0xc70 [ 69.985392][ T5093] ? desc_read+0x200/0x3f0 [ 69.985410][ T5093] ? __pfx_bch2_check_allocations+0x10/0x10 [ 69.985432][ T5093] ? desc_read+0x1a2/0x3f0 [ 69.985451][ T5093] ? prb_first_seq+0x131/0x210 [ 69.985469][ T5093] ? __pfx_prb_first_seq+0x10/0x10 [ 69.985495][ T5093] ? this_cpu_in_panic+0x4f/0x80 [ 69.985515][ T5093] ? _prb_read_valid+0xa39/0xac0 [ 69.985534][ T5093] ? validate_chain+0x11e/0x5920 [ 69.985553][ T5093] ? __pfx__prb_read_valid+0x10/0x10 [ 69.985564][ T5093] ? data_push_tail+0x716/0x730 [ 69.985578][ T5093] ? __pfx_validate_chain+0x10/0x10 [ 69.985589][ T5093] ? do_raw_spin_lock+0x14f/0x370 [ 69.985604][ T5093] ? prb_read_valid+0xa9/0xf0 [ 69.985615][ T5093] ? __pfx_prb_read_valid+0x10/0x10 [ 69.985626][ T5093] ? desc_read+0x200/0x3f0 [ 69.985638][ T5093] ? desc_read+0x1a2/0x3f0 [ 69.985650][ T5093] ? prb_first_seq+0x131/0x210 [ 69.985662][ T5093] ? __pfx_prb_first_seq+0x10/0x10 [ 69.985676][ T5093] ? this_cpu_in_panic+0x4f/0x80 [ 69.985687][ T5093] ? _prb_read_valid+0xa39/0xac0 [ 69.985701][ T5093] ? __pfx__prb_read_valid+0x10/0x10 [ 69.985715][ T5093] ? mark_lock+0x9a/0x360 [ 69.985726][ T5093] ? prb_read_valid+0xa9/0xf0 [ 69.985738][ T5093] ? __pfx_prb_read_valid+0x10/0x10 [ 69.985749][ T5093] ? console_unlock+0x239/0x4d0 [ 69.985762][ T5093] ? console_unlock+0x447/0x4d0 [ 69.985775][ T5093] ? __pfx_console_unlock+0x10/0x10 [ 69.985786][ T5093] ? __bch2_print+0x17a/0x220 [ 69.985800][ T5093] ? __bch2_print+0x17a/0x220 [ 69.985812][ T5093] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 69.985827][ T5093] ? irq_work_queue+0xd1/0x150 [ 69.985839][ T5093] ? __wake_up_klogd+0x112/0x140 [ 69.985847][ T5093] ? vprintk_emit+0x7ce/0x900 [ 69.985866][ T5093] ? bch2_check_allocations+0x67e/0xb9d0 [ 69.985880][ T5093] ? __bch2_print+0x17a/0x220 [ 69.985894][ T5093] ? __pfx___bch2_print+0x10/0x10 [ 69.985909][ T5093] bch2_run_recovery_pass+0xf0/0x1e0 [ 69.985922][ T5093] bch2_run_recovery_passes+0x19e/0x820 [ 69.985937][ T5093] bch2_fs_recovery+0x238b/0x3730 [ 69.985952][ T5093] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 69.985968][ T5093] ? __pfx_lock_release+0x10/0x10 [ 69.985978][ T5093] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 69.985988][ T5093] ? __pfx_lock_release+0x10/0x10 [ 69.986004][ T5093] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 69.986013][ T5093] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 69.986022][ T5093] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 69.986032][ T5093] ? llist_reverse_order+0x72/0x90 [ 69.986047][ T5093] bch2_fs_start+0x356/0x5b0 [ 69.986058][ T5093] bch2_fs_open+0xa8d/0xdf0 [ 69.986073][ T5093] ? __pfx_bch2_fs_open+0x10/0x10 [ 69.986087][ T5093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 69.986102][ T5093] ? __pfx_bch2_test_super+0x10/0x10 [ 69.986121][ T5093] ? sget+0x2b8/0x620 [ 69.986134][ T5093] ? __pfx_bch2_noset_super+0x10/0x10 [ 69.986146][ T5093] bch2_fs_get_tree+0x75e/0x14d0 [ 69.986160][ T5093] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.986176][ T5093] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 69.986197][ T5093] ? __pfx_generic_parse_monolithic+0x10/0x10 [ 69.986212][ T5093] ? apparmor_capable+0x138/0x1b0 [ 69.986224][ T5093] ? bpf_lsm_capable+0x9/0x10 [ 69.986238][ T5093] vfs_get_tree+0x90/0x2a0 [ 69.986252][ T5093] do_new_mount+0x2be/0xb40 [ 69.986267][ T5093] ? __pfx_do_new_mount+0x10/0x10 [ 69.986282][ T5093] __se_sys_mount+0x2d9/0x3c0 [ 69.986296][ T5093] ? __pfx___se_sys_mount+0x10/0x10 [ 69.986310][ T5093] ? do_syscall_64+0x100/0x230 [ 69.986322][ T5093] ? __x64_sys_mount+0x20/0xc0 [ 69.986335][ T5093] do_syscall_64+0xf3/0x230 [ 69.986346][ T5093] ? clear_bhb_loop+0x35/0x90 [ 69.986359][ T5093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.986370][ T5093] RIP: 0033:0x7fa6effe7dea [ 69.986386][ T5093] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.986393][ T5093] RSP: 002b:00007ffc6f97a5d8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 69.986405][ T5093] RAX: ffffffffffffffda RBX: 00007ffc6f97a5f0 RCX: 00007fa6effe7dea [ 69.986412][ T5093] RDX: 0000000020005d80 RSI: 0000000020005dc0 RDI: 00007ffc6f97a5f0 [ 69.986418][ T5093] RBP: 0000000000000004 R08: 00007ffc6f97a630 R09: 0000000000005dff [ 69.986425][ T5093] R10: 0000000000000400 R11: 0000000000000282 R12: 0000000000000400 [ 69.986431][ T5093] R13: 00007ffc6f97a630 R14: 0000000000000003 R15: 0000000001000000 [ 69.986441][ T5093] [ 69.986444][ T5093] Modules linked in: [ 69.986458][ T5093] ---[ end trace 0000000000000000 ]--- [ 70.699152][ T5093] RIP: 0010:gc_bucket+0x250/0x260 [ 70.704221][ T5093] Code: 8c e8 34 e1 62 fd e9 29 ff ff ff 89 f9 80 e1 07 fe c1 38 c1 0f 8c 36 ff ff ff e8 9b 71 ec fd e9 2c ff ff ff e8 71 84 86 fd 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 [ 70.724373][ T5093] RSP: 0018:ffffc900035be208 EFLAGS: 00010293 [ 70.730606][ T5093] RAX: ffffffff840ff77f RBX: 000000000001007c RCX: ffff88807cc70000 [ 70.738801][ T5093] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000001007c [ 70.746823][ T5093] RBP: ffff888021e84000 R08: ffffffff840ff6e1 R09: 0000000000000000 [ 70.754913][ T5093] R10: ffffc900035befd0 R11: fffff520006b7dfc R12: ffff888053ddd130 [ 70.763381][ T5093] R13: ffff888053ddd118 R14: 000000000001007c R15: 0000000000000080 [ 70.771440][ T5093] FS: 0000555563627380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 70.781231][ T5093] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.787994][ T5093] CR2: 000055cce0302c88 CR3: 000000007a7f6000 CR4: 00000000003506f0 [ 70.796464][ T5093] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.804496][ T5093] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.812712][ T5093] Kernel panic - not syncing: Fatal exception [ 70.819185][ T5093] Kernel Offset: disabled [ 70.823605][ T5093] Rebooting in 86400 seconds..