./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor866155241 <...> Warning: Permanently added '10.128.1.95' (ED25519) to the list of known hosts. execve("./syz-executor866155241", ["./syz-executor866155241"], 0x7ffc99a5e930 /* 10 vars */) = 0 brk(NULL) = 0x555577ed4000 brk(0x555577ed4e00) = 0x555577ed4e00 arch_prctl(ARCH_SET_FS, 0x555577ed4480) = 0 set_tid_address(0x555577ed4750) = 5834 set_robust_list(0x555577ed4760, 24) = 0 rseq(0x555577ed4da0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor866155241", 4096) = 27 getrandom("\xc9\x0a\x05\x61\x85\x91\xcb\x06", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555577ed4e00 brk(0x555577ef5e00) = 0x555577ef5e00 brk(0x555577ef6000) = 0x555577ef6000 mprotect(0x7f281a0c2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x555577ed4760, 24 [pid 5834] <... clone resumed>, child_tidptr=0x555577ed4750) = 5835 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "10000000000", 11) = 11 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "20", 2) = 2 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "0", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "0", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "100", 3) = 3 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "0", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "0", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "7 4 1 3", 7) = 7 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "0", 1) = 1 [pid 5834] close(3) = 0 [pid 5834] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "5835", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] kill(5835, SIGKILL) = 0 [pid 5835] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5835, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f281a014040, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f281a01bfe0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f281a014040, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f281a01bfe0}, NULL, 8) = 0 mkdir("./syzkaller.uGszbU", 0700) = 0 chmod("./syzkaller.uGszbU", 0777) = 0 chdir("./syzkaller.uGszbU") = 0 executing program write(1, "executing program\n", 18) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2811c00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 munmap(0x7f2811c00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file2", 0777) = 0 [ 58.496984][ T5834] loop0: detected capacity change from 0 to 32768 [ 58.558062][ T5834] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 58.606954][ T5834] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,version_upgrade=none [ 58.621696][ T5834] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 58.629876][ T5834] bcachefs (loop0): insufficient writeable journal devices available: have 0, need 1 [ 58.629876][ T5834] rw journal devs: [ 58.653099][ T5834] bcachefs (loop0): accounting_read... done [ 58.660139][ T5834] bcachefs (loop0): alloc_read... done [ 58.665659][ T5834] bcachefs (loop0): stripes_read... done [ 58.671388][ T5834] bcachefs (loop0): snapshots_read... done [ 58.679013][ T5834] bcachefs (loop0): journal_replay... done [ 58.684859][ T5834] bcachefs (loop0): resume_logged_ops... done [ 58.691007][ T5834] bcachefs (loop0): delete_dead_inodes... done [ 58.697709][ T5834] bcachefs (loop0): going read-write mount("/dev/loop0", "./file2", "bcachefs", MS_STRICTATIME, "errors=continue,errors=fix_safe,journal_transaction_names,version_upgrade=none,smackfshat=*,obj_type"...) = 0 openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 chdir("./file2") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 58.706689][ T5845] ------------[ cut here ]------------ [ 58.707017][ T5834] bcachefs (loop0): done starting filesystem [ 58.712381][ T5845] kernel BUG at fs/bcachefs/bkey_types.h:210! [ 58.724777][ T5845] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 58.731740][ T5845] CPU: 0 UID: 0 PID: 5845 Comm: bch-copygc/loop Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 58.742489][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 ioctl(4, LOOP_CLR_FD) = 0 [ 58.752547][ T5845] RIP: 0010:bch2_get_next_backpointer+0x1316/0x1320 [ 58.759130][ T5845] Code: f9 fd e9 56 f9 ff ff e8 78 58 91 fd 90 0f 0b e8 d0 5a ba 07 e8 6b 58 91 fd 90 0f 0b e8 63 58 91 fd 90 0f 0b e8 5b 58 91 fd 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 [ 58.778731][ T5845] RSP: 0018:ffffc90003d56c80 EFLAGS: 00010293 [ 58.784791][ T5845] RAX: ffffffff84048765 RBX: 00000000000000b3 RCX: ffff88807a44bc00 [ 58.792752][ T5845] RDX: 0000000000000000 RSI: 00000000000000b3 RDI: 000000000000001c [ 58.800710][ T5845] RBP: ffffc90003d56ff8 R08: ffffffff840480a8 R09: 0000000000000000 [ 58.808666][ T5845] R10: 0000000000880000 R11: 0000000000000000 R12: ffff888078b70000 [ 58.816626][ T5845] R13: 1ffff920007aad9c R14: ffffc90003d56ed0 R15: ffff888076540160 [ 58.824588][ T5845] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 58.833507][ T5845] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.840081][ T5845] CR2: 0000556338a96bf0 CR3: 0000000076466000 CR4: 00000000003526f0 [ 58.848045][ T5845] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.856007][ T5845] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.863964][ T5845] Call Trace: [ 58.867230][ T5845] [ 58.870148][ T5845] ? __die_body+0x5f/0xb0 [ 58.874469][ T5845] ? die+0x9e/0xc0 [ 58.878179][ T5845] ? do_trap+0x15a/0x3a0 [ 58.882415][ T5845] ? bch2_get_next_backpointer+0x1316/0x1320 [ 58.888387][ T5845] ? do_error_trap+0x1dc/0x2c0 [ 58.893144][ T5845] ? bch2_get_next_backpointer+0x1316/0x1320 [ 58.899114][ T5845] ? __pfx_do_error_trap+0x10/0x10 [ 58.904219][ T5845] ? handle_invalid_op+0x34/0x40 [ 58.909148][ T5845] ? bch2_get_next_backpointer+0x1316/0x1320 [ 58.915117][ T5845] ? exc_invalid_op+0x38/0x50 [ 58.919792][ T5845] ? asm_exc_invalid_op+0x1a/0x20 [ 58.924806][ T5845] ? bch2_get_next_backpointer+0xc58/0x1320 [ 58.930691][ T5845] ? bch2_get_next_backpointer+0x1315/0x1320 [ 58.936660][ T5845] ? bch2_get_next_backpointer+0x1316/0x1320 [ 58.942628][ T5845] ? __pfx_bch2_get_next_backpointer+0x10/0x10 [ 58.948772][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 58.953785][ T5845] ? __pfx___might_resched+0x10/0x10 [ 58.959063][ T5845] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.964951][ T5845] ? bch2_trans_begin+0x9c5/0x1c00 [ 58.970051][ T5845] ? bch2_trans_begin+0x16c1/0x1c00 [ 58.975240][ T5845] ? bch2_get_next_backpointer+0x3c7/0x1320 [ 58.981125][ T5845] ? __pfx_bch2_move_ratelimit+0x10/0x10 [ 58.986746][ T5845] ? __mutex_unlock_slowpath+0x21e/0x790 [ 58.992369][ T5845] ? bch2_get_next_backpointer+0x845/0x1320 [ 58.998252][ T5845] ? __pfx___bch2_alloc_to_v4+0x10/0x10 [ 59.003788][ T5845] ? bch2_write_ref_put+0x5b/0x5a0 [ 59.008892][ T5845] bch2_evacuate_bucket+0x113c/0x3620 [ 59.014258][ T5845] ? mark_lock+0x9a/0x360 [ 59.018580][ T5845] ? bch2_evacuate_bucket+0x30e/0x3620 [ 59.024032][ T5845] ? __pfx_bch2_evacuate_bucket+0x10/0x10 [ 59.029742][ T5845] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 59.035628][ T5845] ? __pfx_register_lock_class+0x10/0x10 [ 59.041247][ T5845] ? stack_trace_save+0x118/0x1d0 [ 59.046283][ T5845] ? bch2_evacuate_bucket+0x30e/0x3620 [ 59.051741][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 59.056761][ T5845] ? bch2_copygc+0x435/0x4ca0 [ 59.061440][ T5845] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.067421][ T5845] bch2_copygc+0x42c9/0x4ca0 [ 59.072017][ T5845] ? bch2_copygc+0x435/0x4ca0 [ 59.076704][ T5845] ? __pfx_bch2_copygc+0x10/0x10 [ 59.081634][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 59.086658][ T5845] ? __pfx_lock_release+0x10/0x10 [ 59.091683][ T5845] ? bch2_copygc+0x435/0x4ca0 [ 59.096362][ T5845] ? bch2_copygc_wait_amount+0xc90/0xcf0 [ 59.101999][ T5845] ? bch2_copygc+0x435/0x4ca0 [ 59.106669][ T5845] ? bch2_trans_srcu_unlock+0x44d/0x5c0 [ 59.112222][ T5845] bch2_copygc_thread+0x737/0xc20 [ 59.117247][ T5845] ? __pfx_bch2_copygc_thread+0x10/0x10 [ 59.122781][ T5845] ? bch2_copygc_thread+0x1a2/0xc20 [ 59.127983][ T5845] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 59.133869][ T5845] ? lockdep_hardirqs_on+0x99/0x150 [ 59.139064][ T5845] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 59.144956][ T5845] ? __kthread_parkme+0x169/0x1d0 [ 59.149968][ T5845] ? __pfx_bch2_copygc_thread+0x10/0x10 [ 59.155504][ T5845] kthread+0x2f0/0x390 [ 59.159565][ T5845] ? __pfx_bch2_copygc_thread+0x10/0x10 [ 59.165107][ T5845] ? __pfx_kthread+0x10/0x10 [ 59.169692][ T5845] ret_from_fork+0x4b/0x80 [ 59.174100][ T5845] ? __pfx_kthread+0x10/0x10 [ 59.178679][ T5845] ret_from_fork_asm+0x1a/0x30 [ 59.183439][ T5845] [ 59.186448][ T5845] Modules linked in: [ 59.190511][ T5845] ---[ end trace 0000000000000000 ]--- [ 59.196047][ T5845] RIP: 0010:bch2_get_next_backpointer+0x1316/0x1320 close(4) = 0 exit_group(0) = ? +++ exited with 0 +++ [ 59.202662][ T5845] Code: f9 fd e9 56 f9 ff ff e8 78 58 91 fd 90 0f 0b e8 d0 5a