./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3193535326 <...> Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts. execve("./syz-executor3193535326", ["./syz-executor3193535326"], 0x7ffc0ad14060 /* 10 vars */) = 0 brk(NULL) = 0x55559504b000 brk(0x55559504bd00) = 0x55559504bd00 arch_prctl(ARCH_SET_FS, 0x55559504b380) = 0 set_tid_address(0x55559504b650) = 5828 set_robust_list(0x55559504b660, 24) = 0 rseq(0x55559504bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3193535326", 4096) = 28 getrandom("\xc0\xc2\xd1\x42\x4b\x4e\x9f\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559504bd00 brk(0x55559506cd00) = 0x55559506cd00 brk(0x55559506d000) = 0x55559506d000 mprotect(0x7f4987330000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached , child_tidptr=0x55559504b650) = 5830 [pid 5830] set_robust_list(0x55559504b660, 24) = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 executing program [pid 5830] write(1, "executing program\n", 18) = 18 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f497ee00000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5830] munmap(0x7f497ee00000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file1", 0777) = 0 [ 61.615904][ T5830] loop0: detected capacity change from 0 to 32768 [ 61.711700][ T5830] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=zstd,journal_flush_disabled,fsck,norecovery,reconstruct_alloc,no_data_io [ 61.730922][ T5830] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 61.739386][ T5830] bcachefs (loop0): Version upgrade required: [ 61.739386][ T5830] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 61.739386][ T5830] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 61.739386][ T5830] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 61.812882][ T5830] bcachefs (loop0): dropping and reconstructing all alloc info [ 61.829698][ T5830] bcachefs (loop0): check_topology... done [ 61.835574][ T5830] bcachefs (loop0): accounting_read... done [ 61.842547][ T5830] bcachefs (loop0): alloc_read... done [ 61.848518][ T5830] bcachefs (loop0): stripes_read... done [ 61.854315][ T5830] bcachefs (loop0): snapshots_read... done [ 61.860859][ T5830] bcachefs (loop0): check_allocations... [ 61.863057][ T5830] ------------[ cut here ]------------ [ 61.874824][ T5830] kernel BUG at fs/bcachefs/sb-members.c:453! [ 61.881262][ T5830] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 61.888239][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor319 Not tainted 6.12.0-rc5-syzkaller-00181-g6c52d4da1c74 #0 [ 61.899340][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.909420][ T5830] RIP: 0010:bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 61.915942][ T5830] Code: b3 f1 ff ff e8 7f 57 4f fd 90 0f 0b e8 77 57 4f fd 90 0f 0b e8 6f 57 4f fd 90 0f 0b e8 67 57 4f fd 90 0f 0b e8 5f 57 4f fd 90 <0f> 0b e8 57 57 4f fd 90 0f 0b e8 3f f4 78 07 66 2e 0f 1f 84 00 00 [ 61.935655][ T5830] RSP: 0018:ffffc90003d365a0 EFLAGS: 00010293 [ 61.941726][ T5830] RAX: ffffffff84458261 RBX: 00000000ffffffc8 RCX: ffff888036ec1e00 [ 61.949692][ T5830] RDX: 0000000000000000 RSI: 000000000000003f RDI: 0000000000000039 [ 61.957702][ T5830] RBP: ffffc90003d367b0 R08: ffffffff84457ee1 R09: 0000000000000000 [ 61.965693][ T5830] R10: 0000042098000000 R11: 0000000000000000 R12: 000000000000003f [ 61.973672][ T5830] R13: 0000042098000000 R14: ffff8880332371d0 R15: 000000000000003f [ 61.981660][ T5830] FS: 000055559504b380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 61.990604][ T5830] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.997183][ T5830] CR2: 0000559b3128e6d8 CR3: 0000000035566000 CR4: 00000000003526f0 [ 62.005147][ T5830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.013111][ T5830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.021074][ T5830] Call Trace: [ 62.024364][ T5830] [ 62.027305][ T5830] ? __die_body+0x5f/0xb0 [ 62.031646][ T5830] ? die+0x9e/0xc0 [ 62.035367][ T5830] ? do_trap+0x15a/0x3a0 [ 62.039647][ T5830] ? bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 62.045569][ T5830] ? do_error_trap+0x1dc/0x2c0 [ 62.050344][ T5830] ? bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 62.056252][ T5830] ? __pfx_do_error_trap+0x10/0x10 [ 62.061368][ T5830] ? report_bug+0x3e8/0x500 [ 62.065880][ T5830] ? handle_invalid_op+0x34/0x40 [ 62.070916][ T5830] ? bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 62.076892][ T5830] ? exc_invalid_op+0x38/0x50 [ 62.081596][ T5830] ? asm_exc_invalid_op+0x1a/0x20 [ 62.086627][ T5830] ? bch2_dev_btree_bitmap_mark+0xc51/0xff0 [ 62.092521][ T5830] ? bch2_dev_btree_bitmap_mark+0xfd1/0xff0 [ 62.098453][ T5830] ? bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 62.104384][ T5830] ? __pfx_bch2_dev_btree_bitmap_mark+0x10/0x10 [ 62.110647][ T5830] ? bch2_dev_btree_bitmap_marked+0x2f/0xda0 [ 62.117354][ T5830] ? bch2_bkey_val_to_text+0xf0/0x160 [ 62.122992][ T5830] bch2_gc_mark_key+0xc9b/0x10e0 [ 62.128034][ T5830] ? __pfx_bch2_gc_mark_key+0x10/0x10 [ 62.133686][ T5830] ? gc_pos_set+0x5c0/0x810 [ 62.138213][ T5830] ? __asan_memset+0x23/0x50 [ 62.142820][ T5830] bch2_check_allocations+0x2324/0x7070 [ 62.148366][ T5830] ? prb_first_seq+0x131/0x210 [ 62.153241][ T5830] ? __pfx_prb_first_seq+0x10/0x10 [ 62.158349][ T5830] ? this_cpu_in_panic+0x4f/0x80 [ 62.163279][ T5830] ? bch2_check_allocations+0x798/0x7070 [ 62.168922][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 62.174125][ T5830] ? __pfx_validate_chain+0x10/0x10 [ 62.179317][ T5830] ? do_raw_spin_lock+0x14f/0x370 [ 62.184360][ T5830] ? __pfx_bch2_check_allocations+0x10/0x10 [ 62.190293][ T5830] ? prb_read_valid+0xa9/0xf0 [ 62.194975][ T5830] ? __pfx_prb_read_valid+0x10/0x10 [ 62.200185][ T5830] ? desc_read+0x200/0x3f0 [ 62.204816][ T5830] ? desc_read+0x1a2/0x3f0 [ 62.209322][ T5830] ? prb_first_seq+0x131/0x210 [ 62.214109][ T5830] ? __pfx_prb_first_seq+0x10/0x10 [ 62.219235][ T5830] ? this_cpu_in_panic+0x4f/0x80 [ 62.224180][ T5830] ? _prb_read_valid+0xa39/0xac0 [ 62.229215][ T5830] ? bch2_check_allocations+0x1a47/0x7070 [ 62.235020][ T5830] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.240998][ T5830] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 62.247346][ T5830] ? __console_unlock+0x12d/0x1f0 [ 62.252518][ T5830] ? bch2_check_allocations+0x2119/0x7070 [ 62.258247][ T5830] ? this_cpu_in_panic+0x4f/0x80 [ 62.263187][ T5830] ? __wake_up_klogd+0xd5/0x110 [ 62.268034][ T5830] ? __pfx_lock_release+0x10/0x10 [ 62.273056][ T5830] ? rcu_is_watching+0x15/0xb0 [ 62.277815][ T5830] ? bch2_check_allocations+0x798/0x7070 [ 62.283442][ T5830] ? __bch2_print+0x17a/0x220 [ 62.288131][ T5830] ? local_clock+0x10/0x30 [ 62.292552][ T5830] ? __pfx___bch2_print+0x10/0x10 [ 62.297606][ T5830] bch2_run_recovery_pass+0xf0/0x1e0 [ 62.302931][ T5830] bch2_run_recovery_passes+0x387/0x870 [ 62.308508][ T5830] bch2_fs_recovery+0x25cc/0x39c0 [ 62.313922][ T5830] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 62.319440][ T5830] ? __pfx_lock_release+0x10/0x10 [ 62.324482][ T5830] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 62.330203][ T5830] ? __pfx_lock_release+0x10/0x10 [ 62.335234][ T5830] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 62.340881][ T5830] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 62.346590][ T5830] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 62.352240][ T5830] ? llist_reverse_order+0x72/0x90 [ 62.357359][ T5830] bch2_fs_start+0x356/0x5b0 [ 62.361958][ T5830] bch2_fs_get_tree+0xd68/0x1710 [ 62.366942][ T5830] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 62.372432][ T5830] ? smack_fs_context_parse_param+0xff/0x170 [ 62.378513][ T5830] ? generic_parse_monolithic+0x387/0x400 [ 62.384326][ T5830] ? cap_capable+0x1b4/0x250 [ 62.388913][ T5830] ? safesetid_security_capable+0xb2/0x1d0 [ 62.394801][ T5830] vfs_get_tree+0x90/0x2b0 [ 62.399214][ T5830] do_new_mount+0x2be/0xb40 [ 62.403715][ T5830] ? __pfx_do_new_mount+0x10/0x10 [ 62.408739][ T5830] __se_sys_mount+0x2d6/0x3c0 [ 62.413436][ T5830] ? __pfx___se_sys_mount+0x10/0x10 [ 62.418717][ T5830] ? do_syscall_64+0x100/0x230 [ 62.423499][ T5830] ? __x64_sys_mount+0x20/0xc0 [ 62.428321][ T5830] do_syscall_64+0xf3/0x230 [ 62.432827][ T5830] ? clear_bhb_loop+0x35/0x90 [ 62.437527][ T5830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.443414][ T5830] RIP: 0033:0x7f49872b8f2a [ 62.447868][ T5830] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 62.468390][ T5830] RSP: 002b:00007ffe2d0b3ed8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 62.476835][ T5830] RAX: ffffffffffffffda RBX: 00007ffe2d0b3ef0 RCX: 00007f49872b8f2a [ 62.484832][ T5830] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 00007ffe2d0b3ef0 [ 62.492827][ T5830] RBP: 0000000000000004 R08: 00007ffe2d0b3f30 R09: 0000000000005901 [ 62.500899][ T5830] R10: 0000000000808016 R11: 0000000000000282 R12: 0000000000808016 [ 62.508895][ T5830] R13: 00007ffe2d0b3f30 R14: 0000000000000003 R15: 0000000001000000 [ 62.516955][ T5830] [ 62.519966][ T5830] Modules linked in: [ 62.524275][ T5830] ---[ end trace 0000000000000000 ]--- [ 62.530147][ T5830] RIP: 0010:bch2_dev_btree_bitmap_mark+0xfd2/0xff0 [ 62.536761][ T5830] Code: b3 f1 ff ff e8 7f 57 4f fd 90 0f 0b e8 77 57 4f fd 90 0f 0b e8 6f 57 4f fd 90 0f 0b e8 67 57 4f fd 90 0f 0b e8 5f 57 4f fd 90 <0f> 0b e8 57 57 4f fd 90 0f 0b e8 3f f4 78 07 66 2e 0f 1f 84 00 00 [ 62.556555][ T5830] RSP: 0018:ffffc90003d365a0 EFLAGS: 00010293 [ 62.562763][ T5830] RAX: ffffffff84458261 RBX: 00000000ffffffc8 RCX: ffff888036ec1e00 [ 62.570816][ T5830] RDX: 0000000000000000 RSI: 000000000000003f RDI: 0000000000000039 [ 62.579030][ T5830] RBP: ffffc90003d367b0 R08: ffffffff84457ee1 R09: 0000000000000000 [ 62.587014][ T5830] R10: 0000042098000000 R11: 0000000000000000 R12: 000000000000003f [ 62.595022][ T5830] R13: 0000042098000000 R14: ffff8880332371d0 R15: 000000000000003f [ 62.603146][ T5830] FS: 000055559504b380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 62.612129][ T5830] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.618765][ T5830] CR2: 0000559b3128e6d8 CR3: 0000000035566000 CR4: 00000000003526f0 [ 62.626753][ T5830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.634860][ T5830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.642869][ T5830] Kernel panic - not syncing: Fatal exception [ 62.649653][ T5830] Kernel Offset: disabled [ 62.654019][ T5830] Rebooting in 86400 seconds..