./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor478107399
<...>
Warning: Permanently added '10.128.10.11' (ED25519) to the list of known hosts.
execve("./syz-executor478107399", ["./syz-executor478107399"], 0x7ffcdff58bc0 /* 10 vars */) = 0
brk(NULL) = 0x555583992000
brk(0x555583992d00) = 0x555583992d00
arch_prctl(ARCH_SET_FS, 0x555583992380) = 0
set_tid_address(0x555583992650) = 5838
set_robust_list(0x555583992660, 24) = 0
rseq(0x555583992ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor478107399", 4096) = 27
getrandom("\x67\xba\x3e\xfb\x66\x7d\x2e\x9b", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555583992d00
brk(0x5555839b3d00) = 0x5555839b3d00
brk(0x5555839b4000) = 0x5555839b4000
mprotect(0x7f5e639d2000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached
, child_tidptr=0x555583992650) = 5839
[pid 5839] set_robust_list(0x555583992660, 24) = 0
[pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5839] setpgid(0, 0) = 0
[pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5839] write(3, "1000", 4) = 4
[pid 5839] close(3) = 0
executing program
[pid 5839] write(1, "executing program\n", 18) = 18
[pid 5839] memfd_create("syzkaller", 0) = 3
[pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5e5b400000
[pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5839] munmap(0x7f5e5b400000, 138412032) = 0
[pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5839] close(3) = 0
[pid 5839] close(4) = 0
[pid 5839] mkdir("./bus", 0777) = 0
[ 72.237661][ T5839] loop0: detected capacity change from 0 to 32768
[ 72.327470][ T5839] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[ 72.327495][ T5839] allowing incompatible features above 0.0: (unknown version)
[ 72.327505][ T5839] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 72.377670][ T5839] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 72.385928][ T5839] bcachefs (loop0): initializing new filesystem
[ 72.399413][ T5839] bcachefs (loop0): going read-write
[ 72.409955][ T5839] bcachefs (loop0): marking superblocks
[pid 5839] mount("/dev/loop0", "./bus", "bcachefs", MS_I_VERSION|MS_LAZYTIME, "\xff\xff\xff\xff\xff\xff\xff\xff\x1a\x86\x55\xd2\x6e\x06\xc6\x45\x0b\xdb\x93\x03\x03\x2f\x6e\xb1\xd1\x4d\x2a\x1a\x97\x77\x8c\x70\x1e\x02\xcb\x65\xe9\x3f\x8c\x2c\x55\xac\xc8\xd8\xb2\x29\x05\x76\x58\x09\x29\x50\xd3\x6f\x5a\x77\x08\x72\x60\x18\xc2\x0d\x7d\xd7\xd4\x02\x98\x2b\x10\x67\x9e\x4c\xaf\x71\xba\x5b\x11\x79\xe2\xee\xcb\x16\x78\x6d\xc1\x12\xf9\x60\x1d\x78\x3f\x85\xbb\xe5\x4d\xd6\x9c\xf8\x20\x90"...) = 0
[pid 5839] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3
[pid 5839] chdir("./bus") = 0
[ 72.425839][ T5839] bcachefs (loop0): initializing freespace
[ 72.434434][ T5839] bcachefs (loop0): done initializing freespace
[ 72.443884][ T5839] bcachefs (loop0): reading snapshots table
[ 72.450213][ T5839] bcachefs (loop0): reading snapshots done
[ 72.467823][ T5839] bcachefs (loop0): done starting filesystem
[pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5839] ioctl(4, LOOP_CLR_FD) = 0
[pid 5839] close(4) = 0
[pid 5839] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_LARGEFILE, 000) = 4
[ 72.541281][ T5839] ==================================================================
[ 72.549393][ T5839] BUG: KASAN: slab-out-of-bounds in bch2_dirent_init_name+0x396/0x8b0
[ 72.557568][ T5839] Write of size 1985 at addr ffff8881496a3041 by task syz-executor478/5839
[ 72.566154][ T5839]
[ 72.568483][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor478 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full)
[ 72.568501][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 72.568516][ T5839] Call Trace:
[ 72.568526][ T5839]
[ 72.568533][ T5839] dump_stack_lvl+0x189/0x250
[ 72.568551][ T5839] ? __kasan_check_byte+0x12/0x40
[ 72.568566][ T5839] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.568575][ T5839] ? lock_release+0x4b/0x3e0
[ 72.568586][ T5839] ? __virt_addr_valid+0x4a5/0x5c0
[ 72.568597][ T5839] print_report+0xca/0x230
[ 72.568610][ T5839] ? bch2_dirent_init_name+0x396/0x8b0
[ 72.568621][ T5839] kasan_report+0x118/0x150
[ 72.568634][ T5839] ? bch2_dirent_init_name+0x396/0x8b0
[ 72.568646][ T5839] kasan_check_range+0x2b0/0x2c0
[ 72.568659][ T5839] __asan_memset+0x22/0x50
[ 72.568670][ T5839] bch2_dirent_init_name+0x396/0x8b0
[ 72.568682][ T5839] bch2_dirent_create_key+0x2a1/0x5f0
[ 72.568695][ T5839] bch2_dirent_create+0xc5/0xc80
[ 72.568705][ T5839] ? __pfx_bch2_btree_iter_peek_slot+0x10/0x10
[ 72.568720][ T5839] ? bch2_trans_iter_init_outlined+0x1fe/0x400
[ 72.568730][ T5839] ? bch2_varint_decode_fast+0x88/0x190
[ 72.568744][ T5839] ? bch2_inode_unpack+0x264e/0x2810
[ 72.568758][ T5839] ? __pfx_bch2_dirent_create+0x10/0x10
[ 72.568768][ T5839] ? __pfx_bch2_inode_unpack+0x10/0x10
[ 72.568780][ T5839] ? __bch2_subvolume_get_snapshot+0x15c/0x550
[ 72.568794][ T5839] ? __asan_memset+0x22/0x50
[ 72.568804][ T5839] ? bch2_hash_info_init+0x26f/0x3b0
[ 72.568817][ T5839] ? __pfx_bch2_hash_info_init+0x10/0x10
[ 72.568831][ T5839] bch2_link_trans+0x39e/0x560
[ 72.568844][ T5839] ? __pfx_bch2_link_trans+0x10/0x10
[ 72.568856][ T5839] ? __bch2_link+0x193/0x3f0
[ 72.568868][ T5839] ? __bch2_inode_peek+0x11f/0x370
[ 72.568879][ T5839] ? __bch2_inode_peek+0x11f/0x370
[ 72.568886][ T5839] ? __pfx_bch2_trans_begin+0x10/0x10
[ 72.568900][ T5839] ? __bch2_trans_get+0x9c2/0xd80
[ 72.568910][ T5839] __bch2_link+0x231/0x3f0
[ 72.568923][ T5839] ? __pfx___bch2_link+0x10/0x10
[ 72.568937][ T5839] ? __bch2_trans_get+0x9c2/0xd80
[ 72.568953][ T5839] bch2_link+0x197/0x220
[ 72.568964][ T5839] vfs_link+0x4ea/0x6e0
[ 72.568978][ T5839] do_linkat+0x272/0x560
[ 72.568991][ T5839] ? __pfx_do_linkat+0x10/0x10
[ 72.569002][ T5839] ? strncpy_from_user+0x150/0x290
[ 72.569014][ T5839] ? getname_flags+0x1e5/0x540
[ 72.569023][ T5839] __x64_sys_link+0x82/0x90
[ 72.569035][ T5839] do_syscall_64+0xfa/0x3b0
[ 72.569048][ T5839] ? lockdep_hardirqs_on+0x9c/0x150
[ 72.569060][ T5839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.569075][ T5839] ? clear_bhb_loop+0x60/0xb0
[ 72.569084][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.569093][ T5839] RIP: 0033:0x7f5e63959b19
[ 72.569106][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 72.569113][ T5839] RSP: 002b:00007ffee09b8bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[ 72.569124][ T5839] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f5e63959b19
[ 72.569132][ T5839] RDX: 00007f5e63959b19 RSI: 0000200000000240 RDI: 00002000000001c0
[ 72.569138][ T5839] RBP: 00007f5e639d25f0 R08: 00005555839934c0 R09: 00005555839934c0
[ 72.569145][ T5839] R10: 0000000000005a9b R11: 0000000000000246 R12: 00007ffee09b8c00
[ 72.569151][ T5839] R13: 00007ffee09b8e28 R14: 431bde82d7b634db R15: 00007f5e639a203b
[ 72.569161][ T5839]
[ 72.569164][ T5839]
[ 72.904984][ T5839] Allocated by task 5839:
[ 72.909310][ T5839] kasan_save_track+0x3e/0x80
[ 72.913985][ T5839] __kasan_kmalloc+0x93/0xb0
[ 72.918565][ T5839] __kmalloc_noprof+0x27a/0x4f0
[ 72.923406][ T5839] __bch2_trans_kmalloc+0x396/0x9d0
[ 72.928591][ T5839] bch2_dirent_create_key+0x113/0x5f0
[ 72.933954][ T5839] bch2_dirent_create+0xc5/0xc80
[ 72.938879][ T5839] bch2_link_trans+0x39e/0x560
[ 72.943633][ T5839] __bch2_link+0x231/0x3f0
[ 72.948038][ T5839] bch2_link+0x197/0x220
[ 72.952273][ T5839] vfs_link+0x4ea/0x6e0
[ 72.956420][ T5839] do_linkat+0x272/0x560
[ 72.960652][ T5839] __x64_sys_link+0x82/0x90
[ 72.965146][ T5839] do_syscall_64+0xfa/0x3b0
[ 72.969636][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.975517][ T5839]
[ 72.977830][ T5839] The buggy address belongs to the object at ffff8881496a3000
[ 72.977830][ T5839] which belongs to the cache kmalloc-2k of size 2048
[ 72.991870][ T5839] The buggy address is located 65 bytes inside of
[ 72.991870][ T5839] allocated 2048-byte region [ffff8881496a3000, ffff8881496a3800)
[ 73.006000][ T5839]
[ 73.008313][ T5839] The buggy address belongs to the physical page:
[ 73.014720][ T5839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1496a0
[ 73.023554][ T5839] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 73.032048][ T5839] anon flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[ 73.040111][ T5839] page_type: f5(slab)
[ 73.044080][ T5839] raw: 057ff00000000040 ffff88801a442000 0000000000000000 dead000000000001
[ 73.052652][ T5839] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 73.061228][ T5839] head: 057ff00000000040 ffff88801a442000 0000000000000000 dead000000000001
[ 73.069885][ T5839] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 73.078543][ T5839] head: 057ff00000000003 ffffea000525a801 00000000ffffffff 00000000ffffffff
[ 73.087205][ T5839] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 73.095857][ T5839] page dumped because: kasan: bad access detected
[ 73.102262][ T5839] page_owner tracks the page as allocated
[ 73.107961][ T5839] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 13597243606, free_ts 0
[ 73.127655][ T5839] post_alloc_hook+0x240/0x2a0
[ 73.132414][ T5839] get_page_from_freelist+0x21d5/0x22b0
[ 73.137945][ T5839] __alloc_frozen_pages_noprof+0x181/0x370
[ 73.143736][ T5839] alloc_pages_mpol+0x232/0x4a0
[ 73.148577][ T5839] allocate_slab+0x8a/0x3b0
[ 73.153069][ T5839] ___slab_alloc+0xbfc/0x1480
[ 73.157732][ T5839] __kmalloc_cache_noprof+0x296/0x3d0
[ 73.163099][ T5839] __media_device_register+0x58/0x280
[ 73.168473][ T5839] vivid_create_devnodes+0x2037/0x2bf0
[ 73.173925][ T5839] vivid_probe+0x5035/0x7180
[ 73.178503][ T5839] platform_probe+0x148/0x1d0
[ 73.183166][ T5839] really_probe+0x26a/0x9a0
[ 73.187660][ T5839] __driver_probe_device+0x18c/0x2f0
[ 73.192932][ T5839] driver_probe_device+0x4f/0x430
[ 73.197943][ T5839] __driver_attach+0x452/0x700
[ 73.202695][ T5839] bus_for_each_dev+0x230/0x2b0
[ 73.207531][ T5839] page_owner free stack trace missing
[ 73.212881][ T5839]
[ 73.215190][ T5839] Memory state around the buggy address:
[ 73.220802][ T5839] ffff8881496a3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.228856][ T5839] ffff8881496a3780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 73.236903][ T5839] >ffff8881496a3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.244947][ T5839] ^
[ 73.249003][ T5839] ffff8881496a3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.257080][ T5839] ffff8881496a3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 73.265136][ T5839] ==================================================================
[ 73.275801][ T5839] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.283046][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor478 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full)
[ 73.293735][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 73.303786][ T5839] Call Trace:
[ 73.307059][ T5839]
[ 73.309981][ T5839] dump_stack_lvl+0x99/0x250
[ 73.314568][ T5839] ? __asan_memcpy+0x40/0x70
[ 73.319199][ T5839] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.324386][ T5839] ? __pfx__printk+0x10/0x10
[ 73.328970][ T5839] panic+0x2db/0x790
[ 73.332848][ T5839] ? __pfx_panic+0x10/0x10
[ 73.337249][ T5839] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 73.343132][ T5839] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 73.349447][ T5839] ? print_memory_metadata+0x314/0x400
[ 73.354901][ T5839] ? bch2_dirent_init_name+0x396/0x8b0
[ 73.360345][ T5839] check_panic_on_warn+0x89/0xb0
[ 73.365270][ T5839] ? bch2_dirent_init_name+0x396/0x8b0
[ 73.370714][ T5839] end_report+0x78/0x160
[ 73.374944][ T5839] kasan_report+0x129/0x150
[ 73.379456][ T5839] ? bch2_dirent_init_name+0x396/0x8b0
[ 73.384929][ T5839] kasan_check_range+0x2b0/0x2c0
[ 73.389866][ T5839] __asan_memset+0x22/0x50
[ 73.394267][ T5839] bch2_dirent_init_name+0x396/0x8b0
[ 73.399541][ T5839] bch2_dirent_create_key+0x2a1/0x5f0
[ 73.404902][ T5839] bch2_dirent_create+0xc5/0xc80
[ 73.409828][ T5839] ? __pfx_bch2_btree_iter_peek_slot+0x10/0x10
[ 73.415971][ T5839] ? bch2_trans_iter_init_outlined+0x1fe/0x400
[ 73.422111][ T5839] ? bch2_varint_decode_fast+0x88/0x190
[ 73.427646][ T5839] ? bch2_inode_unpack+0x264e/0x2810
[ 73.432931][ T5839] ? __pfx_bch2_dirent_create+0x10/0x10
[ 73.438488][ T5839] ? __pfx_bch2_inode_unpack+0x10/0x10
[ 73.443959][ T5839] ? __bch2_subvolume_get_snapshot+0x15c/0x550
[ 73.450113][ T5839] ? __asan_memset+0x22/0x50
[ 73.454688][ T5839] ? bch2_hash_info_init+0x26f/0x3b0
[ 73.459967][ T5839] ? __pfx_bch2_hash_info_init+0x10/0x10
[ 73.465589][ T5839] bch2_link_trans+0x39e/0x560
[ 73.470343][ T5839] ? __pfx_bch2_link_trans+0x10/0x10
[ 73.475613][ T5839] ? __bch2_link+0x193/0x3f0
[ 73.480199][ T5839] ? __bch2_inode_peek+0x11f/0x370
[ 73.485308][ T5839] ? __bch2_inode_peek+0x11f/0x370
[ 73.490417][ T5839] ? __pfx_bch2_trans_begin+0x10/0x10
[ 73.495782][ T5839] ? __bch2_trans_get+0x9c2/0xd80
[ 73.500790][ T5839] __bch2_link+0x231/0x3f0
[ 73.505211][ T5839] ? __pfx___bch2_link+0x10/0x10
[ 73.510136][ T5839] ? __bch2_trans_get+0x9c2/0xd80
[ 73.515152][ T5839] bch2_link+0x197/0x220
[ 73.519390][ T5839] vfs_link+0x4ea/0x6e0
[ 73.523546][ T5839] do_linkat+0x272/0x560
[ 73.527785][ T5839] ? __pfx_do_linkat+0x10/0x10
[ 73.532542][ T5839] ? strncpy_from_user+0x150/0x290
[ 73.537645][ T5839] ? getname_flags+0x1e5/0x540
[ 73.542400][ T5839] __x64_sys_link+0x82/0x90
[ 73.546906][ T5839] do_syscall_64+0xfa/0x3b0
[ 73.551416][ T5839] ? lockdep_hardirqs_on+0x9c/0x150
[ 73.556613][ T5839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.562667][ T5839] ? clear_bhb_loop+0x60/0xb0
[ 73.567334][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.573214][ T5839] RIP: 0033:0x7f5e63959b19
[ 73.577615][ T5839] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.597210][ T5839] RSP: 002b:00007ffee09b8bd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[ 73.605621][ T5839] RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f5e63959b19
[ 73.613583][ T5839] RDX: 00007f5e63959b19 RSI: 0000200000000240 RDI: 00002000000001c0
[ 73.621552][ T5839] RBP: 00007f5e639d25f0 R08: 00005555839934c0 R09: 00005555839934c0
[ 73.629520][ T5839] R10: 0000000000005a9b R11: 0000000000000246 R12: 00007ffee09b8c00
[ 73.637481][ T5839] R13: 00007ffee09b8e28 R14: 431bde82d7b634db R15: 00007f5e639a203b
[ 73.645469][ T5839]
[ 73.648740][ T5839] Kernel Offset: disabled
[ 73.653050][ T5839] Rebooting in 86400 seconds..