./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1489397095 <...> Warning: Permanently added '10.128.0.131' (ED25519) to the list of known hosts. execve("./syz-executor1489397095", ["./syz-executor1489397095"], 0x7ffdfcf233a0 /* 10 vars */) = 0 brk(NULL) = 0x55557c511000 brk(0x55557c511d00) = 0x55557c511d00 arch_prctl(ARCH_SET_FS, 0x55557c511380) = 0 set_tid_address(0x55557c511650) = 5782 set_robust_list(0x55557c511660, 24) = 0 rseq(0x55557c511ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1489397095", 4096) = 28 getrandom("\x67\x8c\x27\x78\xe0\x59\xde\x85", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557c511d00 brk(0x55557c532d00) = 0x55557c532d00 brk(0x55557c533000) = 0x55557c533000 mprotect(0x7f0d4a526000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557c511650) = 5783 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5783 attached ) = 3 [pid 5782] write(3, "10000000000", 11) = 11 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 5782] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 5782] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "0", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) [pid 5782] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC [pid 5783] set_robust_list(0x55557c511660, 24) = 0 [pid 5782] <... openat resumed>) = 3 [pid 5782] write(3, "100", 3) = 3 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "0", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "0", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "7 4 1 3", 7) = 7 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "1", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "0", 1) = 1 [pid 5782] close(3) = 0 [pid 5782] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5782] write(3, "5783", 4) = 4 [pid 5782] close(3) = 0 [pid 5782] kill(5783, SIGKILL) = 0 [pid 5783] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5783, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5784 attached , child_tidptr=0x55557c511650) = 5784 [pid 5784] set_robust_list(0x55557c511660, 24) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] write(1, "executing program\n", 18) = 18 [pid 5784] prlimit64(0, RLIMIT_RTPRIO, {rlim_cur=8, rlim_max=16777355}, NULL) = 0 [pid 5784] sched_setscheduler(0, SCHED_FIFO, [7]) = 0 [pid 5784] memfd_create("syzkaller", 0) = 3 [pid 5784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0d42000000 [pid 5784] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5784] munmap(0x7f0d42000000, 138412032) = 0 [pid 5784] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5784] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5784] close(3) = 0 [pid 5784] close(4) = 0 [pid 5784] mkdir("./file1", 0777) = 0 [ 183.170561][ T5784] loop0: detected capacity change from 0 to 32768 [ 183.306576][ T5784] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only [ 183.325394][ T5784] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 183.334245][ T5784] bcachefs (loop0): Version upgrade from 1.13: inode_has_child_snapshots to 1.7: mi_btree_bitmap incomplete [ 183.334245][ T5784] Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.20: directory_size [ 183.334245][ T5784] running recovery passes: check_allocations,check_extents_to_backpointers,check_dirents [ 183.376972][ T5784] bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0 [ 183.377037][ T5784] u64s 11 type btree_ptr_v2 18446744073707239423:U64_MAX:U32_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 183.377115][ T5784] node offset 0/16 bset u64s 0: incorrect max key SPOS_MAX [ 183.410670][ T5784] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 183.422825][ T5784] bcachefs (loop0): flagging btree extents lost data [ 183.429813][ T5784] bcachefs (loop0): running explicit recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 183.441296][ T5784] bcachefs (loop0): running explicit recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 183.454522][ T5784] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 183.470258][ T5784] error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 183.492032][ T5784] bcachefs (loop0): error validating btree node at btree dirents level 0/0 [ 183.492095][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 183.492157][ T5784] node offset 16/24 bset u64s 36 bset byte offset 288: invalid bkey format 5, fixing [ 183.525890][ T5784] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 183.525890][ T5784] btree=dirents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 183.560101][ T5784] bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 183.560163][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 183.560230][ T5784] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing [ 183.600844][ T5784] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 183.600844][ T5784] btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 183.648390][ T5784] bcachefs (loop0): error validating btree node on loop0 at btree backpointers level 0/0 [ 183.648456][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key 1095216660480:0:0 durability: 1 ptr: 0:37:0 gen 0 [ 183.648525][ T5784] node offset 0/24: incorrect min_key: got POS_MIN should be 1095216660480:0:0 [ 183.684267][ T5784] bcachefs (loop0): flagging btree backpointers lost data [ 183.691794][ T5784] bcachefs (loop0): running explicit recovery pass check_btree_backpointers (15), currently at recovery_pass_empty (0) [ 183.708828][ T5784] error reading btree root btree=backpointers level=0: btree_node_read_error, fixing [ 183.726960][ T5784] bcachefs (loop0): scan_for_btree_nodes... [ 183.736961][ T5784] bcachefs (loop0): btree node scan found 3 nodes after overwrites [ 183.751209][ T5784] done [ 183.759057][ T5784] bcachefs (loop0): check_topology... [ 183.762541][ T5784] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 183.777929][ T5784] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 183.789375][ T5784] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 183.813121][ T5784] done [ 183.820276][ T5784] bcachefs (loop0): accounting_read... done [ 183.827334][ T5784] bcachefs (loop0): alloc_read... done [ 183.833300][ T5784] bcachefs (loop0): stripes_read... done [ 183.839464][ T5784] bcachefs (loop0): snapshots_read... done [ 183.845978][ T5784] bcachefs (loop0): check_allocations... [ 183.849771][ T5784] btree ptr not marked in member info btree allocated bitmap [ 183.849834][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 183.881718][ T5784] bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 183.881779][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 183.908378][ T5784] bucket 0:0 gen 0 different types of data in same bucket: sb, user [ 183.908442][ T5784] while marking u64s 7 type extent 4099:8:U32_MAX len 8 ver 0: durability: 0 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0 compress incompressible ptr: 0:0:0 gen 0 cached, fixing [ 183.941774][ T5784] btree ptr not marked in member info btree allocated bitmap [ 183.941835][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 183.968799][ T5784] bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 183.968881][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 183.994589][ T5784] btree ptr not marked in member info btree allocated bitmap [ 183.994650][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 184.020912][ T5784] bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 184.020973][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 184.048791][ T5784] btree ptr not marked in member info btree allocated bitmap [ 184.048879][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 184.075733][ T5784] bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 184.075817][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 184.101122][ T5784] btree ptr not marked in member info btree allocated bitmap [ 184.101181][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 184.130427][ T5784] btree ptr not marked in member info btree allocated bitmap [ 184.130486][ T5784] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 184.156940][ T5784] bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 184.157002][ T5784] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 184.187456][ T5784] bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.196470][ T5784] bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.207855][ T5784] bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.216762][ T5784] bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.227303][ T5784] bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.236144][ T5784] bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.246674][ T5784] bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.255359][ T5784] bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.266312][ T5784] bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.274894][ T5784] bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.285844][ T5784] bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.294421][ T5784] bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.305272][ T5784] bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.314143][ T5784] bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.324639][ T5784] bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.333356][ T5784] bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 184.343592][ T5784] bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.352737][ T5784] bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.363598][ T5784] bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.372947][ T5784] bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.383851][ T5784] bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.393089][ T5784] bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.404124][ T5784] bucket 0:12 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.413613][ T5784] bucket 0:12 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.424519][ T5784] bucket 0:13 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.433759][ T5784] bucket 0:13 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.444657][ T5784] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.453971][ T5784] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.464937][ T5784] bucket 0:15 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.474199][ T5784] bucket 0:15 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.485343][ T5784] bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.494164][ T5784] bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.504751][ T5784] bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.513603][ T5784] bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.524595][ T5784] bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.533474][ T5784] bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.544060][ T5784] bucket 0:19 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.552869][ T5784] bucket 0:19 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.563538][ T5784] bucket 0:20 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.572526][ T5784] bucket 0:20 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.583131][ T5784] bucket 0:21 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.591965][ T5784] bucket 0:21 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.602547][ T5784] bucket 0:22 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.611455][ T5784] bucket 0:22 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.622046][ T5784] bucket 0:23 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.631908][ T5784] bucket 0:23 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.642755][ T5784] bucket 0:24 gen 0 has wrong data_type: got free, should be journal, fixing [ 184.652095][ T5784] bucket 0:24 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 184.663577][ T5784] bucket 0:26 gen 0 has wrong data_type: got free, should be btree, fixing [ 184.672697][ T5784] bucket 0:26 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 184.683623][ T5784] bucket 0:29 gen 0 has wrong data_type: got free, should be btree, fixing [ 184.692710][ T5784] bucket 0:29 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 184.703790][ T5784] bucket 0:32 gen 0 has wrong data_type: got sb, should be btree, fixing [ 184.713222][ T5784] bucket 0:34 gen 0 data type user has wrong dirty_sectors: got 16, should be 8, fixing [ 184.723965][ T5784] bucket 0:35 gen 0 has wrong data_type: got free, should be btree, fixing [ 184.733094][ T5784] bucket 0:35 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 184.745071][ T5784] bucket 0:37 gen 0 has wrong data_type: got btree, should be need_discard, fixing [ 184.755036][ T5784] bucket 0:37 gen 0 data type need_discard has wrong dirty_sectors: got 256, should be 0, fixing [ 184.766735][ T5784] bucket 0:38 gen 0 has wrong data_type: got free, should be btree, fixing [ 184.775922][ T5784] bucket 0:38 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 184.787210][ T5784] bucket 0:41 gen 0 has wrong data_type: got free, should be btree, fixing [ 184.796296][ T5784] bucket 0:41 gen 0 data type btree has wrong dirty_sectors: got 0, should be 256, fixing [ 184.811175][ T5784] bucket 0:120 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.820082][ T5784] bucket 0:120 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.830770][ T5784] bucket 0:121 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.839670][ T5784] bucket 0:121 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.850501][ T5784] bucket 0:122 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.859378][ T5784] bucket 0:122 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.870079][ T5784] bucket 0:123 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.878974][ T5784] bucket 0:123 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.889779][ T5784] bucket 0:124 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.898705][ T5784] bucket 0:124 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.909374][ T5784] bucket 0:125 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.918356][ T5784] bucket 0:125 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.929007][ T5784] bucket 0:126 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.937898][ T5784] bucket 0:126 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.948557][ T5784] bucket 0:127 gen 0 has wrong data_type: got free, should be sb, fixing [ 184.957445][ T5784] bucket 0:127 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 184.972340][ T5784] done [ 184.982055][ T5784] bcachefs (loop0): going read-write [ 184.991575][ T5784] bcachefs (loop0): journal_replay... [ 185.031515][ T5784] ===================================================== [ 185.044311][ T5784] BUG: KMSAN: uninit-value in bch2_btree_node_get+0x5ed/0x1970 [ 185.052314][ T5784] bch2_btree_node_get+0x5ed/0x1970 [ 185.057836][ T5784] bch2_btree_path_traverse_one+0x283d/0x4790 [ 185.064142][ T5784] bch2_btree_iter_traverse+0xbb8/0x1110 [ 185.070166][ T5784] bch2_journal_replay_key+0x28a/0x13f0 [ 185.076070][ T5784] bch2_journal_replay+0x301d/0x4e20 [ 185.081574][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 185.087583][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 185.092819][ T5784] bch2_fs_start+0x7ca/0xc20 [ 185.097816][ T5784] bch2_fs_get_tree+0x1564/0x24e0 [ 185.103042][ T5784] vfs_get_tree+0xb1/0x5a0 [ 185.107717][ T5784] do_new_mount+0x71f/0x15e0 [ 185.112487][ T5784] path_mount+0x742/0x1f10 [ 185.117168][ T5784] __se_sys_mount+0x71f/0x800 [ 185.122052][ T5784] __x64_sys_mount+0xe4/0x150 [ 185.127004][ T5784] x64_sys_call+0x39bf/0x3c30 [ 185.131881][ T5784] do_syscall_64+0xcd/0x1e0 [ 185.136673][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.142778][ T5784] [ 185.145181][ T5784] Uninit was stored to memory at: [ 185.150581][ T5784] btree_node_iter_and_journal_peek+0x889/0x2560 [ 185.157232][ T5784] bch2_btree_path_traverse_one+0x2131/0x4790 [ 185.163448][ T5784] bch2_btree_iter_traverse+0xbb8/0x1110 [ 185.169335][ T5784] bch2_journal_replay_key+0x28a/0x13f0 [ 185.175098][ T5784] bch2_journal_replay+0x301d/0x4e20 [ 185.180701][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 185.186610][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 185.191773][ T5784] bch2_fs_start+0x7ca/0xc20 [ 185.196603][ T5784] bch2_fs_get_tree+0x1564/0x24e0 [ 185.201845][ T5784] vfs_get_tree+0xb1/0x5a0 [ 185.206567][ T5784] do_new_mount+0x71f/0x15e0 [ 185.211327][ T5784] path_mount+0x742/0x1f10 [ 185.216001][ T5784] __se_sys_mount+0x71f/0x800 [ 185.220859][ T5784] __x64_sys_mount+0xe4/0x150 [ 185.225788][ T5784] x64_sys_call+0x39bf/0x3c30 [ 185.230618][ T5784] do_syscall_64+0xcd/0x1e0 [ 185.235244][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.241446][ T5784] [ 185.243843][ T5784] Uninit was created at: [ 185.248401][ T5784] ___kmalloc_large_node+0x22c/0x370 [ 185.253861][ T5784] __kmalloc_large_node_noprof+0x3f/0x1e0 [ 185.259808][ T5784] __kmalloc_node_noprof+0xc96/0x1250 [ 185.265352][ T5784] __kvmalloc_node_noprof+0xc0/0x2d0 [ 185.271020][ T5784] bch2_btree_node_mem_alloc+0xa72/0x2ee0 [ 185.277062][ T5784] bch2_btree_reserve_get+0x37f/0x2290 [ 185.282648][ T5784] bch2_btree_update_start+0x2b0e/0x2d60 [ 185.288531][ T5784] bch2_btree_split_leaf+0x120/0xc90 [ 185.294067][ T5784] bch2_trans_commit_error+0x1c0/0x1d60 [ 185.299902][ T5784] __bch2_trans_commit+0x1d5f/0xd310 [ 185.305429][ T5784] bch2_journal_replay+0x3125/0x4e20 [ 185.311067][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 185.316953][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 185.322184][ T5784] bch2_fs_start+0x7ca/0xc20 [ 185.327219][ T5784] bch2_fs_get_tree+0x1564/0x24e0 [ 185.332447][ T5784] vfs_get_tree+0xb1/0x5a0 [ 185.337168][ T5784] do_new_mount+0x71f/0x15e0 [ 185.341958][ T5784] path_mount+0x742/0x1f10 [ 185.346690][ T5784] __se_sys_mount+0x71f/0x800 [ 185.351579][ T5784] __x64_sys_mount+0xe4/0x150 [ 185.356535][ T5784] x64_sys_call+0x39bf/0x3c30 [ 185.361371][ T5784] do_syscall_64+0xcd/0x1e0 [ 185.366121][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.372201][ T5784] [ 185.374584][ T5784] CPU: 0 UID: 0 PID: 5784 Comm: syz-executor148 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 185.386001][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 185.396272][ T5784] ===================================================== [ 185.403271][ T5784] Disabling lock debugging due to kernel taint [ 185.409636][ T5784] Kernel panic - not syncing: kmsan.panic set ... [ 185.416187][ T5784] CPU: 0 UID: 0 PID: 5784 Comm: syz-executor148 Tainted: G B 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 [ 185.428905][ T5784] Tainted: [B]=BAD_PAGE [ 185.433111][ T5784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 185.443271][ T5784] Call Trace: [ 185.446656][ T5784] [ 185.449682][ T5784] dump_stack_lvl+0x216/0x2d0 [ 185.454456][ T5784] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.460412][ T5784] dump_stack+0x1e/0x24 [ 185.464665][ T5784] panic+0x4e2/0xcf0 [ 185.468703][ T5784] ? kmsan_get_metadata+0x51/0x1c0 [ 185.474001][ T5784] kmsan_report+0x2c7/0x2d0 [ 185.478699][ T5784] ? __msan_warning+0x95/0x120 [ 185.483612][ T5784] ? bch2_btree_node_get+0x5ed/0x1970 [ 185.489164][ T5784] ? bch2_btree_path_traverse_one+0x283d/0x4790 [ 185.495576][ T5784] ? bch2_btree_iter_traverse+0xbb8/0x1110 [ 185.501541][ T5784] ? bch2_journal_replay_key+0x28a/0x13f0 [ 185.507430][ T5784] ? bch2_journal_replay+0x301d/0x4e20 [ 185.513051][ T5784] ? bch2_run_recovery_passes+0x5a2/0x1160 [ 185.519013][ T5784] ? bch2_fs_recovery+0x489c/0x6230 [ 185.524369][ T5784] ? bch2_fs_start+0x7ca/0xc20 [ 185.529286][ T5784] ? bch2_fs_get_tree+0x1564/0x24e0 [ 185.534643][ T5784] ? vfs_get_tree+0xb1/0x5a0 [ 185.539370][ T5784] ? do_new_mount+0x71f/0x15e0 [ 185.544281][ T5784] ? path_mount+0x742/0x1f10 [ 185.549013][ T5784] ? __se_sys_mount+0x71f/0x800 [ 185.554011][ T5784] ? __x64_sys_mount+0xe4/0x150 [ 185.559013][ T5784] ? x64_sys_call+0x39bf/0x3c30 [ 185.564193][ T5784] ? do_syscall_64+0xcd/0x1e0 [ 185.569045][ T5784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.575322][ T5784] ? bch2_btree_and_journal_iter_exit+0x14f/0x240 [ 185.581908][ T5784] ? btree_node_iter_and_journal_peek+0x2417/0x2560 [ 185.588690][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.594052][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.599399][ T5784] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 185.605378][ T5784] __msan_warning+0x95/0x120 [ 185.610162][ T5784] bch2_btree_node_get+0x5ed/0x1970 [ 185.615573][ T5784] ? bch2_journal_replay_key+0x28a/0x13f0 [ 185.621489][ T5784] ? kmsan_get_metadata+0x50/0x1c0 [ 185.626762][ T5784] bch2_btree_path_traverse_one+0x283d/0x4790 [ 185.633025][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.638498][ T5784] ? bch2_journal_replay_key+0x28a/0x13f0 [ 185.644445][ T5784] ? bch2_journal_replay_key+0x28a/0x13f0 [ 185.650334][ T5784] bch2_btree_iter_traverse+0xbb8/0x1110 [ 185.656188][ T5784] ? bch2_journal_replay_key+0x26d/0x13f0 [ 185.662102][ T5784] bch2_journal_replay_key+0x28a/0x13f0 [ 185.667838][ T5784] ? bch2_journal_replay_key+0x26d/0x13f0 [ 185.673748][ T5784] bch2_journal_replay+0x301d/0x4e20 [ 185.679196][ T5784] ? irq_work_queue+0x1c3/0x260 [ 185.684205][ T5784] ? vprintk_emit+0xd5c/0xea0 [ 185.689049][ T5784] ? stack_depot_save_flags+0x2c/0x750 [ 185.695133][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.700578][ T5784] ? vprintk+0x35/0x40 [ 185.704801][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.710154][ T5784] ? __pfx_bch2_journal_replay+0x10/0x10 [ 185.715989][ T5784] bch2_run_recovery_passes+0x5a2/0x1160 [ 185.721903][ T5784] bch2_fs_recovery+0x489c/0x6230 [ 185.727135][ T5784] ? kmsan_internal_set_shadow_origin+0x69/0x100 [ 185.733656][ T5784] ? __closure_wake_up+0x16a/0x180 [ 185.738931][ T5784] bch2_fs_start+0x7ca/0xc20 [ 185.743692][ T5784] bch2_fs_get_tree+0x1564/0x24e0 [ 185.748927][ T5784] vfs_get_tree+0xb1/0x5a0 [ 185.753486][ T5784] ? mount_capable+0x97/0x120 [ 185.758319][ T5784] do_new_mount+0x71f/0x15e0 [ 185.763074][ T5784] ? kmsan_get_metadata+0x13e/0x1c0 [ 185.768456][ T5784] path_mount+0x742/0x1f10 [ 185.773024][ T5784] ? user_path_at+0x374/0x3e0 [ 185.777844][ T5784] __se_sys_mount+0x71f/0x800 [ 185.782685][ T5784] __x64_sys_mount+0xe4/0x150 [ 185.787526][ T5784] x64_sys_call+0x39bf/0x3c30 [ 185.792342][ T5784] do_syscall_64+0xcd/0x1e0 [ 185.796978][ T5784] ? clear_bhb_loop+0x25/0x80 [ 185.801944][ T5784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.808121][ T5784] RIP: 0033:0x7f0d4a4ae15a [ 185.812651][ T5784] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 185.832423][ T5784] RSP: 002b:00007ffd7ff35b58 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 185.840973][ T5784] RAX: ffffffffffffffda RBX: 00007ffd7ff35b70 RCX: 00007f0d4a4ae15a [ 185.849147][ T5784] RDX: 00004000000000c0 RSI: 0000400000000040 RDI: 00007ffd7ff35b70 [ 185.857260][ T5784] RBP: 0000400000000040 R08: 00007ffd7ff35bb0 R09: 0000000000005963 [ 185.865408][ T5784] R10: 0000000000800001 R11: 0000000000000282 R12: 00004000000000c0 [ 185.873519][ T5784] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd7ff35bb0 [ 185.881722][ T5784] [ 187.265537][ T5784] Shutting down cpus with NMI [ 187.270620][ T5784] Kernel Offset: disabled [ 187.275008][ T5784] Rebooting in 86400 seconds..