./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor822772810 <...> Warning: Permanently added '10.128.1.190' (ED25519) to the list of known hosts. execve("./syz-executor822772810", ["./syz-executor822772810"], 0x7ffeb9410bf0 /* 10 vars */) = 0 brk(NULL) = 0x5555624ed000 brk(0x5555624edd00) = 0x5555624edd00 arch_prctl(ARCH_SET_FS, 0x5555624ed380) = 0 set_tid_address(0x5555624ed650) = 5823 set_robust_list(0x5555624ed660, 24) = 0 rseq(0x5555624edca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor822772810", 4096) = 27 getrandom("\x59\x37\x0c\x12\xc7\x4c\xed\x2d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555624edd00 brk(0x55556250ed00) = 0x55556250ed00 brk(0x55556250f000) = 0x55556250f000 mprotect(0x7f72f5d6f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached , child_tidptr=0x5555624ed650) = 5824 [pid 5824] set_robust_list(0x5555624ed660, 24) = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] write(1, "executing program\n", 18executing program ) = 18 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f72ed800000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5824] munmap(0x7f72ed800000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file1", 0777) = 0 [ 74.634826][ T5824] loop0: detected capacity change from 0 to 32768 [ 74.709174][ T5824] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 74.726080][ T5824] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 74.734475][ T5824] bcachefs (loop0): Version upgrade required: [ 74.734475][ T5824] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 74.734475][ T5824] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots [ 74.734475][ T5824] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 74.811941][ T5824] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0 [ 74.811961][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 74.811974][ T5824] node offset 16/24: btree node data missing: expected 24 sectors, found 16, fixing [ 74.845123][ T5824] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=dirents level=0 SPOS_MAX due to error [ 74.858020][ T5824] bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 74.858033][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 74.858044][ T5824] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing [ 74.897132][ T5824] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=alloc level=0 SPOS_MAX due to error [ 74.909332][ T5824] bcachefs (loop0): error validating btree node on loop0 at btree subvolumes level 0/0 [ 74.909351][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 74.909362][ T5824] node offset 0/16: got wrong btree node: got [ 74.909370][ T5824] btree=subvolumes l=0 seq 13888808836669638208x [ 74.909378][ T5824] min: POS_MIN [ 74.909384][ T5824] max: SPOS_MAX [ 74.952944][ T5824] bcachefs (loop0): flagging btree subvolumes lost data [ 74.962664][ T5824] error reading btree root subvolumes l=0: btree_node_read_error, fixing [ 74.971641][ T5824] bcachefs (loop0): will run btree node scan [ 74.980477][ T5824] bcachefs (loop0): error validating btree node on loop0 at btree (unknown) level 0/0 [ 74.980490][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0 [ 74.980502][ T5824] node offset 0/8 bset u64s 0: incorrect btree id [ 75.010531][ T5824] bcachefs (loop0): flagging btree (unknown) lost data [ 75.018477][ T5824] error reading btree root (unknown) l=0: btree_node_read_error, fixing [ 75.027352][ T5824] bcachefs (loop0): scan_for_btree_nodes... [ 75.179262][ T5824] bch2_scan_for_btree_nodes: nodes found after overwrites: [ 75.179284][ T5824] extents l=0 seq=1 journal_seq=5 cookie=c6c25c03258c59c5 POS_MIN-SPOS_MAX ptr: 0:27:0 gen 0 [ 75.179294][ T5824] inodes l=0 seq=1 journal_seq=5 cookie=7589ab5e0c11cc7a POS_MIN-SPOS_MAX ptr: 0:38:0 gen 0 [ 75.179303][ T5824] dirents l=0 seq=1 journal_seq=1 cookie=9aa2895aefce4bdf POS_MIN-SPOS_MAX ptr: 0:41:0 gen 0 [ 75.179312][ T5824] xattrs l=0 seq=1 journal_seq=4 cookie=2285c34bed0abe32 POS_MIN-SPOS_MAX ptr: 0:31:0 gen 0 [ 75.179321][ T5824] subvolumes l=0 seq=1 journal_seq=0 cookie=c0bef60d07000640 POS_MIN-SPOS_MAX ptr: 0:35:0 gen 0 [ 75.179330][ T5824] snapshots l=0 seq=1 journal_seq=1 cookie=ebb8d5a9e3463bdb POS_MIN-SPOS_MAX ptr: 0:32:0 gen 0 [ 75.179339][ T5824] lru l=0 seq=1 journal_seq=5 cookie=28f61e078e70b95c POS_MIN-SPOS_MAX ptr: 0:28:0 gen 0 [ 75.179348][ T5824] deleted_inodes l=0 seq=1 journal_seq=0 cookie=1db8f60c84bb244c POS_MIN-SPOS_MAX ptr: 0:42:0 gen 0 [ 75.179364][ T5824] [ 75.278727][ T5824] done [ 75.281587][ T5824] bcachefs (loop0): check_topology... [ 75.281659][ T5824] bcachefs (loop0): btree root subvolumes unreadable, must recover from scan [ 75.296577][ T5824] bcachefs (loop0): bch2_get_scanned_nodes(): recovering subvolumes l=0 POS_MIN - SPOS_MAX [ 75.306739][ T5824] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07000640 written 8 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 75.326950][ T5824] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN PTI [ 75.339540][ T5824] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] [ 75.347958][ T5824] CPU: 1 UID: 0 PID: 5824 Comm: syz-executor822 Not tainted 6.13.0-rc2-syzkaller-00192-g243f750a2df0 #0 [ 75.359059][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 75.369134][ T5824] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 75.374616][ T5824] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d db cf 9d 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 88 95 88 00 48 be 00 00 00 00 00 fc [ 75.394230][ T5824] RSP: 0018:ffffc90003efef50 EFLAGS: 00010002 [ 75.400313][ T5824] RAX: 000000000000000e RBX: 0000000000000001 RCX: 0000000000000001 [ 75.408307][ T5824] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000070 [ 75.416291][ T5824] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 75.424272][ T5824] R10: dffffc0000000000 R11: fffffbfff2030797 R12: ffff888031a9bc00 [ 75.432263][ T5824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000070 [ 75.440236][ T5824] FS: 00005555624ed380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 75.449169][ T5824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.455752][ T5824] CR2: 00005560e5b94008 CR3: 0000000033dc2000 CR4: 00000000003526f0 [ 75.463807][ T5824] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.471778][ T5824] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.479749][ T5824] Call Trace: [ 75.483028][ T5824] [ 75.485961][ T5824] ? __die_body+0x5f/0xb0 [ 75.490293][ T5824] ? die_addr+0xb0/0xe0 [ 75.494464][ T5824] ? exc_general_protection+0x3dd/0x5d0 [ 75.500023][ T5824] ? asm_exc_general_protection+0x26/0x30 [ 75.505752][ T5824] ? __lock_acquire+0x6a/0x2100 [ 75.510625][ T5824] lock_acquire+0x1ed/0x550 [ 75.515134][ T5824] ? bch2_check_topology+0x59b/0xb20 [ 75.520435][ T5824] ? __pfx_lock_acquire+0x10/0x10 [ 75.525459][ T5824] ? __do_six_trylock+0x832/0x9f0 [ 75.530513][ T5824] ? __pfx_lock_release+0x10/0x10 [ 75.535556][ T5824] ? __pfx___do_six_trylock+0x10/0x10 [ 75.541038][ T5824] ? bch2_check_topology+0x59b/0xb20 [ 75.546424][ T5824] six_lock_ip_waiter+0x9e/0x160 [ 75.551399][ T5824] ? bch2_check_topology+0x59b/0xb20 [ 75.556704][ T5824] ? __pfx_bch2_six_check_for_deadlock+0x10/0x10 [ 75.563064][ T5824] bch2_check_topology+0x619/0xb20 [ 75.568193][ T5824] ? irq_work_queue+0xd1/0x150 [ 75.572966][ T5824] ? bch2_check_topology+0x59b/0xb20 [ 75.578265][ T5824] ? __pfx_bch2_check_topology+0x10/0x10 [ 75.583914][ T5824] ? __pfx___mutex_trylock_common+0x10/0x10 [ 75.589824][ T5824] ? __bch2_print+0x17a/0x220 [ 75.594526][ T5824] ? kvm_sched_clock_read+0x11/0x20 [ 75.599736][ T5824] ? local_clock_noinstr+0xe/0xe0 [ 75.604775][ T5824] ? __pfx___bch2_print+0x10/0x10 [ 75.609815][ T5824] ? __mutex_unlock_slowpath+0x21e/0x790 [ 75.615457][ T5824] bch2_run_recovery_pass+0xf0/0x1e0 [ 75.620754][ T5824] bch2_run_recovery_passes+0x3a7/0x880 [ 75.626318][ T5824] bch2_fs_recovery+0x25cc/0x39d0 [ 75.631356][ T5824] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 75.636743][ T5824] ? __pfx_lock_release+0x10/0x10 [ 75.641770][ T5824] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 75.647410][ T5824] ? __pfx_lock_release+0x10/0x10 [ 75.652468][ T5824] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 75.658101][ T5824] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 75.663821][ T5824] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 75.669460][ T5824] ? llist_reverse_order+0x72/0x90 [ 75.674579][ T5824] bch2_fs_start+0x356/0x5b0 [ 75.679175][ T5824] bch2_fs_get_tree+0xd68/0x1710 [ 75.684132][ T5824] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 75.689510][ T5824] ? generic_parse_monolithic+0x387/0x400 [ 75.695260][ T5824] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 75.700898][ T5824] ? cap_capable+0x1b4/0x250 [ 75.705501][ T5824] ? safesetid_security_capable+0xb2/0x1d0 [ 75.711309][ T5824] vfs_get_tree+0x90/0x2b0 [ 75.715734][ T5824] do_new_mount+0x2be/0xb40 [ 75.720245][ T5824] ? __pfx_do_new_mount+0x10/0x10 [ 75.725276][ T5824] __se_sys_mount+0x2d6/0x3c0 [ 75.729957][ T5824] ? __pfx___se_sys_mount+0x10/0x10 [ 75.735150][ T5824] ? do_syscall_64+0x100/0x230 [ 75.739920][ T5824] ? __x64_sys_mount+0x20/0xc0 [ 75.744685][ T5824] do_syscall_64+0xf3/0x230 [ 75.749194][ T5824] ? clear_bhb_loop+0x35/0x90 [ 75.753875][ T5824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.759774][ T5824] RIP: 0033:0x7f72f5cf7dea [ 75.764200][ T5824] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.783810][ T5824] RSP: 002b:00007ffe190ae978 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 75.792227][ T5824] RAX: ffffffffffffffda RBX: 00007ffe190ae990 RCX: 00007f72f5cf7dea [ 75.800200][ T5824] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007ffe190ae990 [ 75.808173][ T5824] RBP: 0000000000000010 R08: 00007ffe190ae9d0 R09: 0000000000005953 [ 75.816141][ T5824] R10: 0000000000000010 R11: 0000000000000282 R12: 0000000000000004 [ 75.824105][ T5824] R13: 00007ffe190ae9d0 R14: 0000000000000003 R15: 0000000001000000 [ 75.832082][ T5824] [ 75.835098][ T5824] Modules linked in: [ 75.839005][ T5824] ---[ end trace 0000000000000000 ]--- [ 75.844458][ T5824] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 75.849924][ T5824] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d db cf 9d 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 88 95 88 00 48 be 00 00 00 00 00 fc [ 75.869531][ T5824] RSP: 0018:ffffc90003efef50 EFLAGS: 00010002 [ 75.875609][ T5824] RAX: 000000000000000e RBX: 0000000000000001 RCX: 0000000000000001 [ 75.883576][ T5824] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000070 [ 75.891550][ T5824] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 75.899517][ T5824] R10: dffffc0000000000 R11: fffffbfff2030797 R12: ffff888031a9bc00 [ 75.907510][ T5824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000070 [ 75.915499][ T5824] FS: 00005555624ed380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 75.924434][ T5824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.931017][ T5824] CR2: 00005560e5b94008 CR3: 0000000033dc2000 CR4: 00000000003526f0 [ 75.938993][ T5824] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.946965][ T5824] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.954944][ T5824] Kernel panic - not syncing: Fatal exception [ 75.961356][ T5824] Kernel Offset: disabled [ 75.965676][ T5824] Rebooting in 86400 seconds..