./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2863010039 <...> Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. execve("./syz-executor2863010039", ["./syz-executor2863010039"], 0x7fff7c2bc700 /* 10 vars */) = 0 brk(NULL) = 0x55555e045000 brk(0x55555e045d00) = 0x55555e045d00 arch_prctl(ARCH_SET_FS, 0x55555e045380) = 0 set_tid_address(0x55555e045650) = 5842 set_robust_list(0x55555e045660, 24) = 0 rseq(0x55555e045ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2863010039", 4096) = 28 getrandom("\x57\x32\x96\xce\x29\x14\x28\x0c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555e045d00 brk(0x55555e066d00) = 0x55555e066d00 brk(0x55555e067000) = 0x55555e067000 mprotect(0x7f878cbe8000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8784600000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f8784600000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file1", 0777) = 0 [ 91.709102][ T5842] loop0: detected capacity change from 0 to 32768 [ 91.807621][ T5842] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=check_nlinks,nojournal_transaction_names,read_only,version_upgrade=incompatible [ 91.807650][ T5842] allowing incompatible features above 0.0: (unknown version) [ 91.807659][ T5842] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 91.855016][ T5842] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 91.867732][ T5842] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none [ 91.867752][ T5842] has non ptr field, deleting [ 91.897380][ T5842] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 91.905869][ T5842] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete [ 91.905869][ T5842] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive [ 91.905869][ T5842] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents [ 91.939075][ T5842] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version) [ 91.939075][ T5842] [ 91.966314][ T5842] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error) [ 91.966340][ T5842] invalid variable length fields, deleting [ 91.989049][ T5842] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 92.001565][ T5842] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 92.017085][ T5842] bcachefs (loop0): check_topology... [ 92.017242][ T5842] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 92.031638][ T5842] bcachefs (loop0): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding [ 92.043673][ T5842] bcachefs (loop0): bch2_check_root(): error restart_recovery [ 92.051288][ T5842] bcachefs (loop0): scan_for_btree_nodes... [ 92.074055][ T5842] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 92.080751][ T43] cfg80211: failed to load regulatory.db [ 92.088516][ T5842] done [ 92.098317][ T5842] bcachefs (loop0): check_topology... [ 92.098515][ T5842] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 92.113344][ T5842] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - SPOS_MAX [ 92.123945][ T5842] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 92.145298][ T5842] bcachefs (loop0): empty interior btree node at btree=dirents level=1 [ 92.145313][ T5842] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 92.160981][ T5842] bcachefs (loop0): bch2_btree_repair_topology_recurse(): error ECHILD [ 92.169351][ T5842] bcachefs (loop0): empty btree root dirents [ 92.176124][ T5842] done [ 92.178963][ T5842] bcachefs (loop0): accounting_read... done [ 92.186281][ T5842] bcachefs (loop0): alloc_read... done [ 92.192144][ T5842] bcachefs (loop0): snapshots_read... done [ 92.198591][ T5842] bcachefs (loop0): check_allocations... [ 92.200727][ T5842] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 92.200749][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 92.233179][ T5842] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree [ 92.233193][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing [ 92.259604][ T5842] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 92.259625][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 92.285594][ T5842] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 92.285616][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 92.311273][ T5842] bcachefs (loop0): bucket 0:37 data type btree ptr gen 0 missing in alloc btree [ 92.311288][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing [ 92.337191][ T5842] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree [ 92.337206][ T5842] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing [ 92.367028][ T5842] done [ 92.372239][ T5842] bcachefs (loop0): going read-write [ 92.399866][ T5842] bcachefs (loop0): journal_replay... [ 92.401013][ T5842] ------------[ cut here ]------------ [ 92.412314][ T5842] kernel BUG at fs/bcachefs/btree_update.c:339! [ 92.419393][ T5842] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 92.425673][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor286 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 92.437653][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.447717][ T5842] RIP: 0010:__btree_trans_update_by_path+0x1fd3/0x2010 [ 92.454604][ T5842] Code: f6 ff ff 48 8b 7c 24 28 e8 ca dd f5 fd 48 ba 00 00 00 00 00 fc ff df e9 3d f6 ff ff e8 a6 c9 91 fd 90 0f 0b e8 9e c9 91 fd 90 <0f> 0b e8 96 c9 91 fd 90 0f 0b e8 8e c9 91 fd 90 0f 0b e8 86 c9 91 [ 92.474306][ T5842] RSP: 0018:ffffc9000413ea18 EFLAGS: 00010293 [ 92.480381][ T5842] RAX: ffffffff842e0b42 RBX: 0000000000008542 RCX: ffff88802ea71e00 [ 92.488362][ T5842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.496329][ T5842] RBP: ffff888031194010 R08: ffffffff84518baa R09: 0000000000000002 [ 92.504298][ T5842] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888074e00000 [ 92.512271][ T5842] R13: ffff888031194000 R14: 0000000000000088 R15: 1ffff11006232802 [ 92.520247][ T5842] FS: 000055555e045380(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000 [ 92.529174][ T5842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.535754][ T5842] CR2: 000055e03c677168 CR3: 0000000078920000 CR4: 00000000003526f0 [ 92.543728][ T5842] Call Trace: [ 92.547026][ T5842] [ 92.549966][ T5842] ? btree_trans_verify_sorted_refs+0x40c/0x4e0 [ 92.556219][ T5842] ? btree_node_unlock+0x97/0x240 [ 92.561256][ T5842] ? bch2_journal_replay_key+0x4aa/0xb50 [ 92.566901][ T5842] ? __btree_path_up_until_good_node+0xaec/0xb30 [ 92.573238][ T5842] bch2_trans_update_ip+0x8f6/0x1f00 [ 92.578534][ T5842] ? bch2_journal_replay_key+0x4aa/0xb50 [ 92.584172][ T5842] ? bch2_btree_path_traverse_one+0x19fe/0x21d0 [ 92.590442][ T5842] ? __pfx_bch2_path_get+0x10/0x10 [ 92.595562][ T5842] ? __pfx_bch2_trans_update_ip+0x10/0x10 [ 92.601281][ T5842] ? bch2_journal_replay_key+0x1fb/0xb50 [ 92.606920][ T5842] ? bch2_trans_node_iter_init+0x406/0x5e0 [ 92.612742][ T5842] ? bch2_btree_iter_traverse+0x700/0xa50 [ 92.618516][ T5842] ? bch2_journal_replay_key+0x1ec/0xb50 [ 92.624206][ T5842] bch2_journal_replay_key+0x4c1/0xb50 [ 92.629681][ T5842] ? __pfx_bch2_journal_replay_key+0x10/0x10 [ 92.635670][ T5842] ? bch2_journal_replay_key+0x1ec/0xb50 [ 92.641314][ T5842] ? __bch2_trans_get+0x9c2/0xd80 [ 92.646431][ T5842] bch2_journal_replay+0x171d/0x2630 [ 92.651731][ T5842] ? irq_work_queue+0xbc/0x140 [ 92.656505][ T5842] ? __wake_up_klogd+0xd9/0x110 [ 92.661357][ T5842] ? __pfx_vprintk_emit+0x10/0x10 [ 92.666440][ T5842] ? __pfx_bch2_journal_replay+0x10/0x10 [ 92.672081][ T5842] ? do_raw_spin_lock+0x121/0x290 [ 92.677600][ T5842] ? __bch2_print+0x176/0x220 [ 92.682382][ T5842] ? __pfx___bch2_print+0x10/0x10 [ 92.687423][ T5842] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.692646][ T5842] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.697852][ T5842] __bch2_run_recovery_passes+0x392/0x1010 [ 92.703666][ T5842] bch2_run_recovery_passes+0x184/0x210 [ 92.709213][ T5842] bch2_fs_recovery+0x2690/0x3a50 [ 92.714230][ T5842] ? check_noncircular+0xe0/0x160 [ 92.719349][ T5842] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 92.724733][ T5842] ? __lock_acquire+0xab9/0xd20 [ 92.729606][ T5842] ? __lock_acquire+0xab9/0xd20 [ 92.734497][ T5842] ? __lock_acquire+0xab9/0xd20 [ 92.739367][ T5842] ? bch2_fs_start+0xa0f/0xda0 [ 92.744134][ T5842] ? up_write+0x1c4/0x420 [ 92.748474][ T5842] ? bch2_fs_start+0x5e7/0xda0 [ 92.753251][ T5842] bch2_fs_start+0xaaf/0xda0 [ 92.757838][ T5842] ? bch2_fs_start+0x5e7/0xda0 [ 92.762599][ T5842] ? __pfx_bch2_fs_start+0x10/0x10 [ 92.767724][ T5842] ? sget+0x267/0x620 [ 92.771722][ T5842] bch2_fs_get_tree+0xb39/0x1540 [ 92.776666][ T5842] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 92.782038][ T5842] ? aa_get_newest_label+0xf7/0x5d0 [ 92.787236][ T5842] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 92.792965][ T5842] ? apparmor_capable+0x137/0x1b0 [ 92.797987][ T5842] vfs_get_tree+0x92/0x2b0 [ 92.802422][ T5842] do_new_mount+0x24a/0xa40 [ 92.806970][ T5842] __se_sys_mount+0x317/0x410 [ 92.811678][ T5842] ? __pfx___se_sys_mount+0x10/0x10 [ 92.816876][ T5842] ? rcu_is_watching+0x15/0xb0 [ 92.821647][ T5842] ? __x64_sys_mount+0x20/0xc0 [ 92.826411][ T5842] do_syscall_64+0xfa/0x3b0 [ 92.830929][ T5842] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.836129][ T5842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.842372][ T5842] ? clear_bhb_loop+0x60/0xb0 [ 92.847062][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.852980][ T5842] RIP: 0033:0x7f878cb709ba [ 92.857423][ T5842] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.877042][ T5842] RSP: 002b:00007ffc9f662588 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 92.885459][ T5842] RAX: ffffffffffffffda RBX: 00007ffc9f6625a0 RCX: 00007f878cb709ba [ 92.893437][ T5842] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007ffc9f6625a0 [ 92.901408][ T5842] RBP: 0000200000000080 R08: 00007ffc9f6625e0 R09: 00000000000059b9 [ 92.909380][ T5842] R10: 0000000000818001 R11: 0000000000000282 R12: 00002000000000c0 [ 92.917350][ T5842] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffc9f6625e0 [ 92.925322][ T5842] [ 92.928345][ T5842] Modules linked in: [ 92.932478][ T5842] ---[ end trace 0000000000000000 ]--- [ 92.938123][ T5842] RIP: 0010:__btree_trans_update_by_path+0x1fd3/0x2010 [ 92.945366][ T5842] Code: f6 ff ff 48 8b 7c 24 28 e8 ca dd f5 fd 48 ba 00 00 00 00 00 fc ff df e9 3d f6 ff ff e8 a6 c9 91 fd 90 0f 0b e8 9e c9 91 fd 90 <0f> 0b e8 96 c9 91 fd 90 0f 0b e8 8e c9 91 fd 90 0f 0b e8 86 c9 91 [ 92.967086][ T5842] RSP: 0018:ffffc9000413ea18 EFLAGS: 00010293 [ 92.973467][ T5842] RAX: ffffffff842e0b42 RBX: 0000000000008542 RCX: ffff88802ea71e00 [ 92.981746][ T5842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 92.989824][ T5842] RBP: ffff888031194010 R08: ffffffff84518baa R09: 0000000000000002 [ 92.997827][ T5842] R10: 0000000000000003 R11: 0000000000000000 R12: ffff888074e00000 [ 93.005871][ T5842] R13: ffff888031194000 R14: 0000000000000088 R15: 1ffff11006232802 [ 93.013887][ T5842] FS: 000055555e045380(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000 [ 93.022895][ T5842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.029619][ T5842] CR2: 00007f8f8b3a1796 CR3: 0000000078920000 CR4: 00000000003526f0 [ 93.037600][ T5842] Kernel panic - not syncing: Fatal exception [ 93.043942][ T5842] Kernel Offset: disabled [ 93.048269][ T5842] Rebooting in 86400 seconds..