./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor70043502 <...> Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. execve("./syz-executor70043502", ["./syz-executor70043502"], 0x7ffc0fd33d80 /* 10 vars */) = 0 brk(NULL) = 0x555559833000 brk(0x555559833d00) = 0x555559833d00 arch_prctl(ARCH_SET_FS, 0x555559833380) = 0 set_tid_address(0x555559833650) = 5828 set_robust_list(0x555559833660, 24) = 0 rseq(0x555559833ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor70043502", 4096) = 26 getrandom("\x7b\x1d\xc7\xcb\x0a\x39\x0d\x65", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555559833d00 brk(0x555559854d00) = 0x555559854d00 brk(0x555559855000) = 0x555559855000 mprotect(0x7fc193864000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x555559833650) = 5829 [pid 5829] set_robust_list(0x555559833660, 24) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] memfd_create("syzkaller", 0) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc18b200000 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5829] munmap(0x7fc18b200000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./file0", 0777) = 0 syzkaller login: [ 88.240480][ T5829] loop0: detected capacity change from 0 to 32768 [ 88.341224][ T5829] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 88.357523][ T5829] bcachefs (loop0): invalid bkey in superblock btree=freespace level=0: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 88.357547][ T5829] size == 0, deleting [ 88.381675][ T5829] bcachefs (loop0): invalid bkey in superblock btree=deleted_inodes level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key 2533274790395904:0:0 durability: 0 (invalid extent entry 0000000000000000) [ 88.381696][ T5829] invalid extent entry type (got 7, max 7), deleting [ 88.411668][ T5829] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 88.420107][ T5829] bcachefs (loop0): Version upgrade required: [ 88.420107][ T5829] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 88.420107][ T5829] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 88.420107][ T5829] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 88.499411][ T5829] bcachefs (loop0): invalid bkey in btree_node btree=alloc level=0: u64s 11 type alloc_v4 0:1:0 len 0 ver 0: [ 88.499431][ T5829] gen 0 oldest_gen 0 data_type sb [ 88.499439][ T5829] journal_seq_nonempty 1 [ 88.499446][ T5829] journal_seq_empty 0 [ 88.499453][ T5829] need_discard 1 [ 88.499460][ T5829] need_inc_gen 1 [ 88.499467][ T5829] dirty_sectors 256 [ 88.499474][ T5829] stripe_sectors 0 [ 88.499481][ T5829] cached_sectors 0 [ 88.499488][ T5829] stripe 0 [ 88.499495][ T5829] stripe_redundancy 0 [ 88.499502][ T5829] io_time[READ] 1 [ 88.499509][ T5829] io_time[WRITE] 1688849860263937 [ 88.499516][ T5829] fragmentation 0 [ 88.499523][ T5829] bp_start 8 [ 88.499530][ T5829] [ 88.499536][ T5829] invalid io_time[write]: 1688849860263937, max 281474976710655, deleting [ 88.593151][ T5829] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 88.604915][ T5829] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree (unknown btree 31) level 0/0 [ 88.604951][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0 [ 88.604968][ T5829] node offset 0/24 bset u64s 0: incorrect btree id, btree topology error: [ 88.639797][ T5829] bcachefs (loop0): flagging btree (unknown btree 31) lost data [ 88.647639][ T5829] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 88.662327][ T5829] bcachefs (loop0): error reading btree root btree=(unknown btree 31) level=0: btree_node_read_error, fixing [ 88.676136][ T5829] bcachefs (loop0): scan_for_btree_nodes... [ 88.698794][ T5829] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 88.712718][ T5829] done [ 88.717248][ T5829] bcachefs (loop0): check_topology... [ 88.717510][ T5829] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] SMP KASAN PTI [ 88.734767][ T5829] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] [ 88.743201][ T5829] CPU: 0 UID: 0 PID: 5829 Comm: syz-executor700 Not tainted 6.15.0-rc1-syzkaller-00288-ge618ee89561b #0 PREEMPT(full) [ 88.755637][ T5829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 88.765709][ T5829] RIP: 0010:kasan_byte_accessible+0x12/0x20 [ 88.771634][ T5829] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 [ 88.791242][ T5829] RSP: 0018:ffffc9000417f010 EFLAGS: 00010202 [ 88.797321][ T5829] RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000001 [ 88.805400][ T5829] RDX: 0000000000000000 RSI: ffffffff8489792e RDI: 000000000000000e [ 88.813385][ T5829] RBP: ffffffff93657020 R08: 0000000000000001 R09: 0000000000000000 [ 88.821374][ T5829] R10: dffffc0000000000 R11: ffffed1006781d43 R12: 0000000000000001 [ 88.829354][ T5829] R13: 0000000000000001 R14: ffffffff8489792e R15: 0000000000000070 [ 88.837321][ T5829] FS: 0000555559833380(0000) GS:ffff888124fc9000(0000) knlGS:0000000000000000 [ 88.846248][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.852829][ T5829] CR2: 00007ffc64bdb988 CR3: 0000000075e52000 CR4: 00000000003526f0 [ 88.860802][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 88.868772][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 88.876743][ T5829] Call Trace: [ 88.880018][ T5829] [ 88.882969][ T5829] __kasan_check_byte+0x14/0x40 [ 88.887847][ T5829] ? bch2_check_topology+0x837/0xe40 [ 88.893162][ T5829] lock_acquire+0x89/0x2f0 [ 88.897586][ T5829] ? __pfx_bch2_prt_printf+0x10/0x10 [ 88.902886][ T5829] ? lock_release+0x4e/0x3e0 [ 88.907481][ T5829] ? bch2_check_topology+0x837/0xe40 [ 88.912777][ T5829] six_lock_ip_waiter+0x9e/0x160 [ 88.917726][ T5829] ? bch2_check_topology+0x837/0xe40 [ 88.923106][ T5829] ? __pfx_bch2_six_check_for_deadlock+0x10/0x10 [ 88.929543][ T5829] bch2_check_topology+0x8b7/0xe40 [ 88.934676][ T5829] ? bch2_check_topology+0x837/0xe40 [ 88.939980][ T5829] ? __pfx_bch2_check_topology+0x10/0x10 [ 88.945644][ T5829] ? do_raw_spin_lock+0x151/0x370 [ 88.950679][ T5829] ? __bch2_print+0x17c/0x220 [ 88.955357][ T5829] ? bch2_run_recovery_pass+0x6d/0x1e0 [ 88.960823][ T5829] ? __pfx___bch2_print+0x10/0x10 [ 88.965852][ T5829] bch2_run_recovery_pass+0xf0/0x1e0 [ 88.971237][ T5829] bch2_run_recovery_passes+0x2ad/0xa90 [ 88.976798][ T5829] bch2_fs_recovery+0x292a/0x3e20 [ 88.981841][ T5829] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 88.987225][ T5829] ? __lock_acquire+0xad5/0xd80 [ 88.992103][ T5829] ? __lock_acquire+0xad5/0xd80 [ 88.996959][ T5829] ? bch2_fs_start+0x279/0x620 [ 89.001727][ T5829] ? up_write+0x1ab/0x590 [ 89.006058][ T5829] ? bch2_get_next_online_dev+0x4ab/0x4e0 [ 89.011774][ T5829] ? bch2_get_next_online_dev+0x2e/0x4e0 [ 89.017414][ T5829] ? __pfx_up_write+0x10/0x10 [ 89.022104][ T5829] ? llist_reverse_order+0x72/0x90 [ 89.027233][ T5829] bch2_fs_start+0x310/0x620 [ 89.031830][ T5829] bch2_fs_get_tree+0x113e/0x18f0 [ 89.036877][ T5829] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.042332][ T5829] ? smack_fs_context_parse_param+0x10e/0x180 [ 89.048410][ T5829] ? vfs_parse_monolithic_sep+0x427/0x460 [ 89.054147][ T5829] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.059786][ T5829] ? rcu_is_watching+0x15/0xb0 [ 89.064657][ T5829] ? cap_capable+0x139/0x450 [ 89.069249][ T5829] ? safesetid_security_capable+0xb2/0x1d0 [ 89.075077][ T5829] vfs_get_tree+0x90/0x2b0 [ 89.079590][ T5829] do_new_mount+0x2cf/0xb70 [ 89.084109][ T5829] ? __pfx_do_new_mount+0x10/0x10 [ 89.089147][ T5829] __se_sys_mount+0x38c/0x400 [ 89.093842][ T5829] ? __pfx___se_sys_mount+0x10/0x10 [ 89.099059][ T5829] ? __x64_sys_mount+0x20/0xc0 [ 89.103832][ T5829] do_syscall_64+0xf3/0x230 [ 89.108360][ T5829] ? clear_bhb_loop+0x45/0xa0 [ 89.113038][ T5829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.118939][ T5829] RIP: 0033:0x7fc1937ece2a [ 89.123376][ T5829] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.143001][ T5829] RSP: 002b:00007ffd66814868 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 89.151440][ T5829] RAX: ffffffffffffffda RBX: 00007ffd66814880 RCX: 00007fc1937ece2a [ 89.159431][ T5829] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 00007ffd66814880 [ 89.167413][ T5829] RBP: 0000200000000040 R08: 00007ffd668148c0 R09: 0000000000005952 [ 89.175406][ T5829] R10: 0000000000000000 R11: 0000000000000282 R12: 00002000000000c0 [ 89.183382][ T5829] R13: 00007ffd668148c0 R14: 0000000000000003 R15: 0000000000000000 [ 89.191376][ T5829] [ 89.194405][ T5829] Modules linked in: [ 89.198499][ T5829] ---[ end trace 0000000000000000 ]--- [ 89.204039][ T5829] RIP: 0010:kasan_byte_accessible+0x12/0x20 [ 89.210085][ T5829] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 [ 89.229795][ T5829] RSP: 0018:ffffc9000417f010 EFLAGS: 00010202 [ 89.235934][ T5829] RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000001 [ 89.243936][ T5829] RDX: 0000000000000000 RSI: ffffffff8489792e RDI: 000000000000000e [ 89.251987][ T5829] RBP: ffffffff93657020 R08: 0000000000000001 R09: 0000000000000000 [ 89.260067][ T5829] R10: dffffc0000000000 R11: ffffed1006781d43 R12: 0000000000000001 [ 89.268111][ T5829] R13: 0000000000000001 R14: ffffffff8489792e R15: 0000000000000070 [ 89.276130][ T5829] FS: 0000555559833380(0000) GS:ffff888124fc9000(0000) knlGS:0000000000000000 [ 89.285069][ T5829] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.291707][ T5829] CR2: 00007ffc64bdb988 CR3: 0000000075e52000 CR4: 00000000003526f0 [ 89.299777][ T5829] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.307837][ T5829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.315923][ T5829] Kernel panic - not syncing: Fatal exception [ 89.322244][ T5829] Kernel Offset: disabled [ 89.326570][ T5829] Rebooting in 86400 seconds..