./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3138582024 <...> Warning: Permanently added '10.128.10.34' (ED25519) to the list of known hosts. execve("./syz-executor3138582024", ["./syz-executor3138582024"], 0x7ffe57155870 /* 10 vars */) = 0 brk(NULL) = 0x555588c02000 brk(0x555588c02d00) = 0x555588c02d00 arch_prctl(ARCH_SET_FS, 0x555588c02380) = 0 set_tid_address(0x555588c02650) = 5817 set_robust_list(0x555588c02660, 24) = 0 rseq(0x555588c02ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3138582024", 4096) = 28 getrandom("\x52\x1e\xcd\x24\x1c\x6e\x8a\x6f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555588c02d00 brk(0x555588c23d00) = 0x555588c23d00 brk(0x555588c24000) = 0x555588c24000 mprotect(0x7f3b6e49c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555588c02660, 24) = 0 [pid 5817] <... clone resumed>, child_tidptr=0x555588c02650) = 5819 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] write(1, "executing program\n", 18executing program ) = 18 [pid 5819] memfd_create("syzkaller", 0) = 3 [pid 5819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b65e00000 [pid 5819] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5819] munmap(0x7f3b65e00000, 138412032) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5819] close(3) = 0 [pid 5819] close(4) = 0 [pid 5819] mkdir("./file0", 0777) = 0 [ 64.191018][ T5819] loop0: detected capacity change from 0 to 32768 [ 64.263351][ T5819] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,read_only,reconstruct_alloc [ 64.288263][ T5819] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 64.296691][ T5819] bcachefs (loop0): Version upgrade required: [ 64.296691][ T5819] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 64.296691][ T5819] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [pid 5819] mount("/dev/loop0", "./file0", "bcachefs", MS_RDONLY, "\x69\x6e\x6f\x64\xdd\x73\x5f\x33\x32\x62\x69\x74\x2c\x65\x72\x72\x6f\x72\x73\x3d\x63\x6f\x6e\x74\x69\x6e\x75\x65\x2c\x64\x69\x72\x65\x63\x74\x5f\x69\x6f\x2c\x65\x72\x72\x6f\x72\x3d\x72\x6f\x2c\x72\x65\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x5f\x61\x6c\x6c\x6f\x63\x2c\x72\x65\x63\x6f\x76\x65\x72\x79\x5f\x70\x61\x73\x73\x5f\x6c\x61\x73\x74\x3d\x69\x6e\x69\x74\x69\x61\x6c\x69\x7a\x65\x5f\x73\x75\x62\x76"...) = 0 [pid 5819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] chdir("./file0") = 0 [ 64.296691][ T5819] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 64.370339][ T5819] bcachefs (loop0): dropping and reconstructing all alloc info [ 64.387115][ T5819] bcachefs (loop0): accounting_read... done [ 64.394038][ T5819] bcachefs (loop0): alloc_read... done [ 64.399635][ T5819] bcachefs (loop0): stripes_read... done [ 64.407993][ T5819] bcachefs (loop0): done starting filesystem [pid 5819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5819] ioctl(4, LOOP_CLR_FD) = 0 [pid 5819] close(4) = 0 [pid 5819] openat(AT_FDCWD, "./file0/file0", O_RDONLY|O_SYNC|O_NOATIME) = 4 [pid 5819] ioctl(4, _IOC(_IOC_WRITE, 0xbc, 0xa, 0x70), 0x20000080) = 5 [pid 5819] exit_group(0) = ? [ 64.488407][ T5828] ------------[ cut here ]------------ [ 64.496445][ T5828] kernel BUG at fs/bcachefs/journal.c:359! [ 64.502740][ T5828] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 64.509741][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor313 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0 [ 64.520848][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 64.530912][ T5828] RIP: 0010:__journal_res_get+0x24cb/0x2660 [ 64.536812][ T5828] Code: 89 f9 80 e1 07 38 c1 0f 8c 0d fe ff ff e8 ad 02 c3 fd e9 03 fe ff ff e8 53 7b 80 07 e8 9e 25 5f fd 90 0f 0b e8 96 25 5f fd 90 <0f> 0b e8 8e 25 5f fd 90 0f 0b e8 86 25 5f fd 90 0f 0b e8 7e 25 5f [ 64.556416][ T5828] RSP: 0018:ffffc90003e36e60 EFLAGS: 00010293 [ 64.562484][ T5828] RAX: ffffffff84404e4a RBX: 0000000000000002 RCX: ffff88807eb55a00 [ 64.570468][ T5828] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 64.578432][ T5828] RBP: ffffc90003e37130 R08: ffffffff844030b4 R09: 1ffff1100ef29567 [ 64.586401][ T5828] R10: dffffc0000000000 R11: ffffed100ef29568 R12: 000000000000000a [ 64.594373][ T5828] R13: 0000000000effffe R14: ffff88807794a500 R15: 1ffff1100ef29545 [ 64.602340][ T5828] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 64.611347][ T5828] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.617923][ T5828] CR2: 00007f3b6e4a00f8 CR3: 000000000e736000 CR4: 00000000003526f0 [ 64.625891][ T5828] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.633865][ T5828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.641831][ T5828] Call Trace: [ 64.645102][ T5828] [ 64.648025][ T5828] ? __die_body+0x5f/0xb0 [ 64.652348][ T5828] ? die+0x9e/0xc0 [ 64.656064][ T5828] ? do_trap+0x15a/0x3a0 [ 64.660304][ T5828] ? __journal_res_get+0x24cb/0x2660 [ 64.665591][ T5828] ? do_error_trap+0x1dc/0x2c0 [ 64.670350][ T5828] ? __journal_res_get+0x24cb/0x2660 [ 64.675632][ T5828] ? __sanitizer_cov_trace_cmp8+0x8/0x90 [ 64.681257][ T5828] ? __pfx_do_error_trap+0x10/0x10 [ 64.686376][ T5828] ? handle_invalid_op+0x34/0x40 [ 64.691314][ T5828] ? __journal_res_get+0x24cb/0x2660 [ 64.696599][ T5828] ? exc_invalid_op+0x38/0x50 [ 64.701303][ T5828] ? asm_exc_invalid_op+0x1a/0x20 [ 64.706346][ T5828] ? __journal_res_get+0x734/0x2660 [ 64.711550][ T5828] ? __journal_res_get+0x24ca/0x2660 [ 64.716841][ T5828] ? __journal_res_get+0x24cb/0x2660 [ 64.722136][ T5828] ? __pfx___journal_res_get+0x10/0x10 [ 64.727589][ T5828] ? stack_trace_save+0x118/0x1d0 [ 64.732614][ T5828] ? stack_depot_save_flags+0x7b4/0x940 [ 64.738154][ T5828] ? kasan_save_track+0x51/0x80 [ 64.743041][ T5828] bch2_journal_res_get_slowpath+0xe6/0x710 [ 64.748938][ T5828] ? __pfx_bch2_journal_res_get_slowpath+0x10/0x10 [ 64.755435][ T5828] ? __pfx_lock_release+0x10/0x10 [ 64.760455][ T5828] ? journal_res_get_fast+0x156/0x720 [ 64.765842][ T5828] ? __mutex_unlock_slowpath+0x21e/0x790 [ 64.771478][ T5828] ? __pfx_journal_res_get_fast+0x10/0x10 [ 64.777201][ T5828] ? eytzinger0_sort_r+0x2cc/0x490 [ 64.782311][ T5828] bch2_journal_res_get+0x12b/0x1c0 [ 64.787513][ T5828] bch2_journal_meta+0x8d/0x290 [ 64.792359][ T5828] ? bch2_replicas_gc_start+0x648/0x7f0 [ 64.797898][ T5828] ? __pfx_bch2_journal_meta+0x10/0x10 [ 64.803357][ T5828] bch2_journal_flush_device_pins+0x4de/0x820 [ 64.809422][ T5828] ? vsnprintf+0x1ccd/0x1da0 [ 64.814007][ T5828] ? __pfx_vsnprintf+0x10/0x10 [ 64.818762][ T5828] ? __pfx_bch2_journal_flush_device_pins+0x10/0x10 [ 64.825350][ T5828] ? scnprintf+0x109/0x170 [ 64.829763][ T5828] ? __pfx_scnprintf+0x10/0x10 [ 64.834522][ T5828] ? validate_chain+0x11e/0x5920 [ 64.839453][ T5828] ? __pfx_validate_chain+0x10/0x10 [ 64.844650][ T5828] ? bch2_data_job+0x1b7/0xf70 [ 64.849415][ T5828] bch2_data_job+0x72c/0xf70 [ 64.854025][ T5828] ? mark_lock+0x9a/0x360 [ 64.858348][ T5828] ? validate_chain+0x11e/0x5920 [ 64.863281][ T5828] ? __pfx_bch2_data_job+0x10/0x10 [ 64.868388][ T5828] ? __pfx_validate_chain+0x10/0x10 [ 64.873582][ T5828] ? __lock_acquire+0x1397/0x2100 [ 64.878605][ T5828] ? validate_chain+0x11e/0x5920 [ 64.883556][ T5828] ? mark_lock+0x9a/0x360 [ 64.887889][ T5828] ? __pfx_validate_chain+0x10/0x10 [ 64.893082][ T5828] ? __lock_acquire+0x1397/0x2100 [ 64.898119][ T5828] ? __pfx_lock_acquire+0x10/0x10 [ 64.903136][ T5828] ? mark_lock+0x9a/0x360 [ 64.907463][ T5828] ? __lock_acquire+0x1397/0x2100 [ 64.912496][ T5828] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.918467][ T5828] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.924802][ T5828] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.930691][ T5828] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 64.937048][ T5828] bch2_data_thread+0x8f/0x160 [ 64.941819][ T5828] ? __pfx_bch2_data_thread+0x10/0x10 [ 64.947191][ T5828] kthread+0x2f0/0x390 [ 64.951254][ T5828] ? __pfx_bch2_data_thread+0x10/0x10 [ 64.956621][ T5828] ? __pfx_kthread+0x10/0x10 [ 64.961203][ T5828] ret_from_fork+0x4b/0x80 [ 64.965611][ T5828] ? __pfx_kthread+0x10/0x10 [ 64.970202][ T5828] ret_from_fork_asm+0x1a/0x30 [ 64.974968][ T5828] [ 64.977988][ T5828] Modules linked in: [ 64.982181][ T5828] ---[ end trace 0000000000000000 ]--- [ 64.987853][ T5828] RIP: 0010:__journal_res_get+0x24cb/0x2660 [ 64.993900][ T5828] Code: 89 f9 80 e1 07 38 c1 0f 8c 0d fe ff ff e8 ad 02 c3 fd e9 03 fe ff ff e8 53 7b 80 07 e8 9e 25 5f fd 90 0f 0b e8 96 25 5f fd 90 <0f> 0b e8 8e 25 5f fd 90 0f 0b e8 86 25 5f fd 90 0f 0b e8 7e 25 5f [ 65.013591][ T5828] RSP: 0018:ffffc90003e36e60 EFLAGS: 00010293 [ 65.019695][ T5828] RAX: ffffffff84404e4a RBX: 0000000000000002 RCX: ffff88807eb55a00 [ 65.027704][ T5828] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 65.035718][ T5828] RBP: ffffc90003e37130 R08: ffffffff844030b4 R09: 1ffff1100ef29567 [ 65.043675][ T5828] R10: dffffc0000000000 R11: ffffed100ef29568 R12: 000000000000000a [ 65.051698][ T5828] R13: 0000000000effffe R14: ffff88807794a500 R15: 1ffff1100ef29545 [ 65.059707][ T5828] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 65.068691][ T5828] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.075302][ T5828] CR2: 00007f3b6e4a00f8 CR3: 000000000e736000 CR4: 00000000003526f0 [ 65.083267][ T5828] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.091300][ T5828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.099326][ T5828] Kernel panic - not syncing: Fatal exception [ 65.105652][ T5828] Kernel Offset: disabled [ 65.109968][ T5828] Rebooting in 86400 seconds..