./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor954236699 <...> Warning: Permanently added '10.128.0.249' (ED25519) to the list of known hosts. execve("./syz-executor954236699", ["./syz-executor954236699"], 0x7ffd4f943f10 /* 10 vars */) = 0 brk(NULL) = 0x55556398f000 brk(0x55556398fd00) = 0x55556398fd00 arch_prctl(ARCH_SET_FS, 0x55556398f380) = 0 set_tid_address(0x55556398f650) = 5836 set_robust_list(0x55556398f660, 24) = 0 rseq(0x55556398fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor954236699", 4096) = 27 getrandom("\x31\x37\x13\x3d\x07\xc1\x7f\xc5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556398fd00 brk(0x5555639b0d00) = 0x5555639b0d00 brk(0x5555639b1000) = 0x5555639b1000 mprotect(0x7f36608c9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5838 attached , child_tidptr=0x55556398f650) = 5838 [pid 5838] set_robust_list(0x55556398f660, 24) = 0 [pid 5838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5838] setpgid(0, 0) = 0 [pid 5838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5838] write(3, "1000", 4) = 4 [pid 5838] close(3) = 0 executing program [pid 5838] write(1, "executing program\n", 18) = 18 [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3658400000 [pid 5838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5838] munmap(0x7f3658400000, 138412032) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] close(4) = 0 [pid 5838] mkdir("./file2", 0777) = 0 [ 61.549403][ T5838] loop0: detected capacity change from 0 to 32768 [ 61.588645][ T5838] bcachefs (/dev/loop0): error reading default superblock: checksum error, type none: got should be [ 61.628401][ T5838] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,version_upgrade=none [ 61.643258][ T5838] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 61.651448][ T5838] bcachefs (loop0): insufficient writeable journal devices available: have 0, need 1 [ 61.651448][ T5838] rw journal devs: [ 61.676305][ T5838] bcachefs (loop0): accounting_read... done [ 61.683233][ T5838] bcachefs (loop0): alloc_read... done [ 61.689040][ T5838] bcachefs (loop0): stripes_read... done [ 61.694911][ T5838] bcachefs (loop0): snapshots_read... done [ 61.702943][ T5838] bcachefs (loop0): journal_replay... done [ 61.708914][ T5838] bcachefs (loop0): resume_logged_ops... done [ 61.715096][ T5838] bcachefs (loop0): delete_dead_inodes... done [ 61.721783][ T5838] bcachefs (loop0): going read-write [pid 5838] mount("/dev/loop0", "./file2", "bcachefs", MS_STRICTATIME, "errors=continue,errors=fix_safe,journal_transaction_names,version_upgrade=none,smackfshat=*,obj_type"...) = 0 [pid 5838] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./file2") = 0 [ 61.731161][ T5838] bcachefs (loop0): done starting filesystem [ 61.731475][ T5847] ------------[ cut here ]------------ [ 61.742839][ T5847] kernel BUG at fs/bcachefs/bkey_types.h:210! [ 61.749236][ T5847] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 61.756195][ T5847] CPU: 1 UID: 0 PID: 5847 Comm: bch-copygc/loop Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 61.767033][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.777277][ T5847] RIP: 0010:bch2_get_next_backpointer+0x1316/0x1320 [ 61.783964][ T5847] Code: f9 fd e9 56 f9 ff ff e8 78 58 91 fd 90 0f 0b e8 d0 5a ba 07 e8 6b 58 91 fd 90 0f 0b e8 63 58 91 fd 90 0f 0b e8 5b 58 91 fd 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 [ 61.803610][ T5847] RSP: 0018:ffffc90003dd6c80 EFLAGS: 00010293 [ 61.809677][ T5847] RAX: ffffffff84048765 RBX: 00000000000000b3 RCX: ffff888033fc5a00 [ 61.817640][ T5847] RDX: 0000000000000000 RSI: 00000000000000b3 RDI: 000000000000001c [ 61.825691][ T5847] RBP: ffffc90003dd6ff8 R08: ffffffff840480a8 R09: 0000000000000000 [ 61.833759][ T5847] R10: 0000000000880000 R11: 0000000000000000 R12: ffff88807dae4000 [ 61.841817][ T5847] R13: 1ffff920007bad9c R14: ffffc90003dd6ed0 R15: ffff88806f8c0160 [ 61.849800][ T5847] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 61.858722][ T5847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.865302][ T5847] CR2: 000055f337ebb000 CR3: 000000007db9a000 CR4: 00000000003526f0 [ 61.873261][ T5847] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.881219][ T5847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.889180][ T5847] Call Trace: [ 61.892462][ T5847] [ 61.895392][ T5847] ? __die_body+0x5f/0xb0 [ 61.899721][ T5847] ? die+0x9e/0xc0 [ 61.903435][ T5847] ? do_trap+0x15a/0x3a0 [ 61.907675][ T5847] ? bch2_get_next_backpointer+0x1316/0x1320 [ 61.913660][ T5847] ? do_error_trap+0x1dc/0x2c0 [ 61.918422][ T5847] ? bch2_get_next_backpointer+0x1316/0x1320 [ 61.924402][ T5847] ? __pfx_do_error_trap+0x10/0x10 [ 61.929513][ T5847] ? handle_invalid_op+0x34/0x40 [ 61.934443][ T5847] ? bch2_get_next_backpointer+0x1316/0x1320 [ 61.940423][ T5847] ? exc_invalid_op+0x38/0x50 [ 61.945105][ T5847] ? asm_exc_invalid_op+0x1a/0x20 [ 61.950118][ T5847] ? bch2_get_next_backpointer+0xc58/0x1320 [ 61.956000][ T5847] ? bch2_get_next_backpointer+0x1315/0x1320 [ 61.961969][ T5847] ? bch2_get_next_backpointer+0x1316/0x1320 [ 61.967944][ T5847] ? __pfx_bch2_get_next_backpointer+0x10/0x10 [ 61.974085][ T5847] ? __pfx_lock_acquire+0x10/0x10 [ 61.979101][ T5847] ? __pfx___might_resched+0x10/0x10 [ 61.984382][ T5847] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 61.990269][ T5847] ? bch2_trans_begin+0x9c5/0x1c00 [ 61.995372][ T5847] ? bch2_trans_begin+0x16c1/0x1c00 [ 62.000557][ T5847] ? bch2_get_next_backpointer+0x3c7/0x1320 [ 62.006442][ T5847] ? __pfx_bch2_move_ratelimit+0x10/0x10 [ 62.012066][ T5847] ? __mutex_unlock_slowpath+0x21e/0x790 [ 62.017690][ T5847] ? bch2_get_next_backpointer+0x845/0x1320 [ 62.023574][ T5847] ? __pfx___bch2_alloc_to_v4+0x10/0x10 [ 62.029116][ T5847] ? bch2_write_ref_put+0x5b/0x5a0 [ 62.034227][ T5847] bch2_evacuate_bucket+0x113c/0x3620 [ 62.039598][ T5847] ? mark_lock+0x9a/0x360 [ 62.043924][ T5847] ? bch2_evacuate_bucket+0x30e/0x3620 [ 62.049373][ T5847] ? __pfx_bch2_evacuate_bucket+0x10/0x10 [ 62.055080][ T5847] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 62.061052][ T5847] ? __pfx_register_lock_class+0x10/0x10 [ 62.066670][ T5847] ? stack_trace_save+0x118/0x1d0 [ 62.071690][ T5847] ? bch2_evacuate_bucket+0x30e/0x3620 [ 62.077140][ T5847] ? __pfx_lock_acquire+0x10/0x10 [ 62.082158][ T5847] ? bch2_copygc+0x435/0x4ca0 [ 62.086820][ T5847] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 62.092788][ T5847] bch2_copygc+0x42c9/0x4ca0 [ 62.097369][ T5847] ? bch2_copygc+0x435/0x4ca0 [ 62.102043][ T5847] ? __pfx_bch2_copygc+0x10/0x10 [ 62.106968][ T5847] ? __pfx_lock_acquire+0x10/0x10 [ 62.111979][ T5847] ? __pfx_lock_release+0x10/0x10 [ 62.116994][ T5847] ? bch2_copygc+0x435/0x4ca0 [ 62.121656][ T5847] ? bch2_copygc_wait_amount+0xc90/0xcf0 [ 62.127283][ T5847] ? bch2_copygc+0x435/0x4ca0 [ 62.131948][ T5847] ? bch2_trans_srcu_unlock+0x44d/0x5c0 [ 62.137485][ T5847] bch2_copygc_thread+0x737/0xc20 [ 62.142501][ T5847] ? __pfx_bch2_copygc_thread+0x10/0x10 [ 62.148035][ T5847] ? bch2_copygc_thread+0x1a2/0xc20 [ 62.153229][ T5847] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 62.159113][ T5847] ? lockdep_hardirqs_on+0x99/0x150 [ 62.164304][ T5847] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 62.170187][ T5847] ? __kthread_parkme+0x169/0x1d0 [ 62.175198][ T5847] ? __pfx_bch2_copygc_thread+0x10/0x10 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_CLR_FD) = 0 [pid 5838] close(4) = 0 [pid 5838] exit_group(0) = ? [pid 5838] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5838, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=24 /* 0.24 s */} --- [ 62.180729][ T5847] kthread+0x2f0/0x390 [ 62.184788][ T5847] ? __pfx_bch2_copygc_thread+0x10/0x10 [ 62.190322][ T5847] ? __pfx_kthread+0x10/0x10 [ 62.194903][ T5847] ret_from_fork+0x4b/0x80 [ 62.199307][ T5847] ? __pfx_kthread+0x10/0x10 [ 62.203884][ T5847] ret_from_fork_asm+0x1a/0x30 [ 62.208644][ T5847] [ 62.211649][ T5847] Modules linked in: [ 62.215693][ T5847] ---[ end trace 0000000000000000 ]--- [ 62.221837][ T5847] RIP: 0010:bch2_get_next_backpointer+0x1316/0x1320 restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556398f650) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x55556398f660, 24) = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] write(1, "executing program\n", 18) = 18 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3658400000 [ 62.222587][ T5838] syz-executor954 (5838) used greatest stack depth: 19312 bytes left [ 62.228995][ T5847] Code: f9 fd e9 56 f9 ff ff e8 78 58 91 fd 90 0f 0b e8 d0 5a ba 07 e8 6b 58 91 fd 90 0f 0b e8 63 58 91 fd 90 0f 0b e8 5b 58 91 fd 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 [ 62.267762][ T5847] RSP: 0018:ffffc90003dd6c80 EFLAGS: 00010293 [ 62.273929][ T5847] RAX: ffffffff84048765 RBX: 00000000000000b3 RCX: ffff888033fc5a00 [ 62.282317][ T5847] RDX: 0000000000000000 RSI: 00000000000000b3 RDI: 000000000000001c [ 62.290521][ T5847] RBP: ffffc90003dd6ff8 R08: ffffffff840480a8 R09: 0000000000000000 [ 62.298757][ T5847] R10: 0000000000880000 R11: 0000000000000000 R12: ffff88807dae4000 [ 62.307212][ T5847] R13: 1ffff920007bad9c R14: ffffc90003dd6ed0 R15: ffff88806f8c0160 [ 62.315399][ T5847] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 62.324474][ T5847] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.331228][ T5847] CR2: 000055f337c9a518 CR3: 000000007ce96000 CR4: 00000000003526f0 [ 62.339316][ T5847] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.347338][ T5847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.355368][ T5847] Kernel panic - not syncing: Fatal exception [ 62.361572][ T5847] Kernel Offset: disabled [ 62.365910][ T5847] Rebooting in 86400 seconds..