./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor315449716 <...> Warning: Permanently added '10.128.10.29' (ED25519) to the list of known hosts. execve("./syz-executor315449716", ["./syz-executor315449716"], 0x7ffeb8f399e0 /* 10 vars */) = 0 brk(NULL) = 0x555561a5c000 brk(0x555561a5cd00) = 0x555561a5cd00 arch_prctl(ARCH_SET_FS, 0x555561a5c380) = 0 set_tid_address(0x555561a5c650) = 5847 set_robust_list(0x555561a5c660, 24) = 0 rseq(0x555561a5cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor315449716", 4096) = 27 getrandom("\x08\xed\xe9\x4a\x06\x52\xb1\xad", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555561a5cd00 brk(0x555561a7dd00) = 0x555561a7dd00 brk(0x555561a7e000) = 0x555561a7e000 mprotect(0x7f27d97da000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x555561a5c660, 24) = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5847] <... clone resumed>, child_tidptr=0x555561a5c650) = 5848 [pid 5848] <... openat resumed>) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 executing program [pid 5848] write(1, "executing program\n", 18) = 18 [pid 5848] memfd_create("syzkaller", 0) = 3 [pid 5848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f27d1200000 [pid 5848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5848] munmap(0x7f27d1200000, 138412032) = 0 [pid 5848] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5848] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5848] close(3) = 0 [pid 5848] close(4) = 0 [pid 5848] mkdir("./file0", 0777) = 0 [ 89.115623][ T5848] loop0: detected capacity change from 0 to 32768 [ 89.142079][ T5848] ======================================================= [ 89.142079][ T5848] WARNING: The mand mount option has been deprecated and [ 89.142079][ T5848] and is ignored by this kernel. Remove the mand [ 89.142079][ T5848] option from the mount to silence this warning. [ 89.142079][ T5848] ======================================================= [ 89.230349][ T5848] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,recovery_pass_last=check_extents_to_backpointers,nojournal_transaction_names,noexcl,read_only,version_upgrade=none [ 89.230371][ T5848] allowing incompatible features above 0.0: (unknown version) [ 89.230380][ T5848] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 89.275714][ T5848] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 89.284398][ T5848] bcachefs (loop0): recovering from clean shutdown, journal seq 13 [ 89.293697][ T5848] syz-executor315: attempt to access beyond end of device [ 89.293697][ T5848] loop0: rw=6145, sector=25769834496, nr_sectors = 10 limit=32768 [ 89.309316][ T5848] bcachefs (loop0): superblock write error: I/O [ 89.315585][ T5848] bcachefs (loop0): bch2_write_super(): fatal error : Unable to write superblock to sufficient devices (from bch2_fs_recovery) [ 89.329190][ T5848] bcachefs (loop0): fatal error - emergency read only [ 89.353899][ T5848] bcachefs (loop0): accounting_read... [ 89.355413][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.373692][ T5848] done [ 89.376483][ T5848] bcachefs (loop0): alloc_read... [ 89.377084][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.395151][ T5848] done [ 89.398014][ T5848] bcachefs (loop0): snapshots_read... [ 89.398879][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.417459][ T5848] done [ 89.422595][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.435883][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.449045][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.461736][ T5848] bcachefs (loop0): journal_replay... [ 89.462762][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.480839][ T5848] done [ 89.484254][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.497143][ T5848] bcachefs (loop0): scanning for old btree nodes: min_version 0.24: unwritten_extents [ 89.506843][ T5848] bcachefs (loop0): going read-write [ 89.533096][ T5848] bcachefs (loop0): bch2_write_super(): fatal error loop0: Superblock modified by another process (seq 43 expected 42) [ 89.546427][ T5848] bcachefs (loop0): error in recovery: erofs_sb_err [ 89.553119][ T5848] bcachefs (loop0): bch2_fs_start(): error starting filesystem erofs_sb_err [ 89.574988][ T5848] ------------[ cut here ]------------ [ 89.580594][ T5848] WARNING: fs/bcachefs/super.c:1373 at bch2_dev_free+0x3db/0x480, CPU#0: syz-executor315/5848 [ 89.591249][ T5848] Modules linked in: [ 89.595191][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz-executor315 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 89.607110][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.617251][ T5848] RIP: 0010:bch2_dev_free+0x3db/0x480 [ 89.622686][ T5848] Code: f7 e8 e9 13 e2 ff 4c 89 ef e8 e1 13 e2 ff 4c 89 ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7b dd 14 07 e8 96 e7 65 fd 90 <0f> 0b 90 e9 2c fd ff ff e8 88 e7 65 fd 90 0f 0b 90 e9 fe fd ff ff [ 89.642382][ T5848] RSP: 0018:ffffc90003f2f8c8 EFLAGS: 00010293 [ 89.648505][ T5848] RAX: ffffffff8459bf3a RBX: dffffc0000000000 RCX: ffff888033b1bc00 [ 89.656482][ T5848] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 89.664510][ T5848] RBP: 0000000000000000 R08: ffff88801fb71687 R09: 1ffff11003f6e2d0 [ 89.672524][ T5848] R10: dffffc0000000000 R11: ffffed1003f6e2d1 R12: ffff888031fe8128 [ 89.680567][ T5848] R13: 0000000000000001 R14: 1ffff110063fd024 R15: 1ffff110063fd025 [ 89.688595][ T5848] FS: 0000555561a5c380(0000) GS:ffff888125be2000(0000) knlGS:0000000000000000 [ 89.697556][ T5848] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.704702][ T5848] CR2: 0000557f62e59da0 CR3: 0000000068888000 CR4: 00000000003526f0 [ 89.712740][ T5848] Call Trace: [ 89.716053][ T5848] [ 89.719087][ T5848] bch2_fs_free+0x440/0x550 [ 89.723630][ T5848] bch2_fs_get_tree+0xb76/0x1540 [ 89.728642][ T5848] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.734052][ T5848] ? aa_get_newest_label+0xf7/0x5d0 [ 89.739384][ T5848] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.745059][ T5848] ? rcu_is_watching+0x15/0xb0 [ 89.749887][ T5848] vfs_get_tree+0x8f/0x2b0 [ 89.754338][ T5848] do_new_mount+0x2a2/0x9e0 [ 89.758955][ T5848] ? __pfx_do_new_mount+0x10/0x10 [ 89.764011][ T5848] ? path_mount+0x61c/0xfe0 [ 89.768761][ T5848] ? user_path_at+0x44/0x60 [ 89.773309][ T5848] __se_sys_mount+0x317/0x410 [ 89.778091][ T5848] ? __pfx___se_sys_mount+0x10/0x10 [ 89.783321][ T5848] ? rcu_is_watching+0x15/0xb0 [ 89.788139][ T5848] ? __x64_sys_mount+0x20/0xc0 [ 89.792946][ T5848] do_syscall_64+0xfa/0x3b0 [ 89.797472][ T5848] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.802745][ T5848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.808868][ T5848] ? clear_bhb_loop+0x60/0xb0 [ 89.813573][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.819568][ T5848] RIP: 0033:0x7f27d9758eaa [ 89.824028][ T5848] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.843735][ T5848] RSP: 002b:00007ffd6f511ee8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 89.852258][ T5848] RAX: ffffffffffffffda RBX: 00007ffd6f511f00 RCX: 00007f27d9758eaa [ 89.860332][ T5848] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007ffd6f511f00 [ 89.868508][ T5848] RBP: 0000200000000000 R08: 00007ffd6f511f40 R09: 000000000000f631 [ 89.876588][ T5848] R10: 0000000001010051 R11: 0000000000000282 R12: 0000200000000080 [ 89.884670][ T5848] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd6f511f40 [ 89.892707][ T5848] [ 89.895739][ T5848] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 89.903027][ T5848] CPU: 0 UID: 0 PID: 5848 Comm: syz-executor315 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 89.914917][ T5848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 89.924983][ T5848] Call Trace: [ 89.928273][ T5848] [ 89.931205][ T5848] dump_stack_lvl+0x99/0x250 [ 89.935805][ T5848] ? __asan_memcpy+0x40/0x70 [ 89.940405][ T5848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.945606][ T5848] ? __pfx__printk+0x10/0x10 [ 89.950383][ T5848] vpanic+0x281/0x750 [ 89.954371][ T5848] ? __pfx_vpanic+0x10/0x10 [ 89.958890][ T5848] ? is_bpf_text_address+0x292/0x2b0 [ 89.964184][ T5848] ? is_bpf_text_address+0x26/0x2b0 [ 89.969397][ T5848] panic+0xb9/0xc0 [ 89.973129][ T5848] ? __pfx_panic+0x10/0x10 [ 89.977565][ T5848] __warn+0x334/0x4c0 [ 89.981554][ T5848] ? bch2_dev_free+0x3db/0x480 [ 89.986335][ T5848] ? bch2_dev_free+0x3db/0x480 [ 89.991467][ T5848] report_bug+0x2be/0x4f0 [ 89.995806][ T5848] ? bch2_dev_free+0x3db/0x480 [ 90.000577][ T5848] ? bch2_dev_free+0x3db/0x480 [ 90.005350][ T5848] ? bch2_dev_free+0x3dd/0x480 [ 90.010120][ T5848] handle_bug+0x84/0x160 [ 90.014380][ T5848] exc_invalid_op+0x1a/0x50 [ 90.018897][ T5848] asm_exc_invalid_op+0x1a/0x20 [ 90.023756][ T5848] RIP: 0010:bch2_dev_free+0x3db/0x480 [ 90.029139][ T5848] Code: f7 e8 e9 13 e2 ff 4c 89 ef e8 e1 13 e2 ff 4c 89 ff 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7b dd 14 07 e8 96 e7 65 fd 90 <0f> 0b 90 e9 2c fd ff ff e8 88 e7 65 fd 90 0f 0b 90 e9 fe fd ff ff [ 90.048750][ T5848] RSP: 0018:ffffc90003f2f8c8 EFLAGS: 00010293 [ 90.054851][ T5848] RAX: ffffffff8459bf3a RBX: dffffc0000000000 RCX: ffff888033b1bc00 [ 90.062893][ T5848] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 90.070927][ T5848] RBP: 0000000000000000 R08: ffff88801fb71687 R09: 1ffff11003f6e2d0 [ 90.078912][ T5848] R10: dffffc0000000000 R11: ffffed1003f6e2d1 R12: ffff888031fe8128 [ 90.086978][ T5848] R13: 0000000000000001 R14: 1ffff110063fd024 R15: 1ffff110063fd025 [ 90.094966][ T5848] ? bch2_dev_free+0x3da/0x480 [ 90.099754][ T5848] ? bch2_dev_free+0x3da/0x480 [ 90.104533][ T5848] bch2_fs_free+0x440/0x550 [ 90.109139][ T5848] bch2_fs_get_tree+0xb76/0x1540 [ 90.114123][ T5848] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 90.119518][ T5848] ? aa_get_newest_label+0xf7/0x5d0 [ 90.124737][ T5848] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 90.130400][ T5848] ? rcu_is_watching+0x15/0xb0 [ 90.135183][ T5848] vfs_get_tree+0x8f/0x2b0 [ 90.139616][ T5848] do_new_mount+0x2a2/0x9e0 [ 90.144220][ T5848] ? __pfx_do_new_mount+0x10/0x10 [ 90.149255][ T5848] ? path_mount+0x61c/0xfe0 [ 90.153768][ T5848] ? user_path_at+0x44/0x60 [ 90.158287][ T5848] __se_sys_mount+0x317/0x410 [ 90.162983][ T5848] ? __pfx___se_sys_mount+0x10/0x10 [ 90.168195][ T5848] ? rcu_is_watching+0x15/0xb0 [ 90.172966][ T5848] ? __x64_sys_mount+0x20/0xc0 [ 90.177758][ T5848] do_syscall_64+0xfa/0x3b0 [ 90.182310][ T5848] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.187546][ T5848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.193640][ T5848] ? clear_bhb_loop+0x60/0xb0 [ 90.198349][ T5848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.204261][ T5848] RIP: 0033:0x7f27d9758eaa [ 90.208692][ T5848] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.228317][ T5848] RSP: 002b:00007ffd6f511ee8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 90.236784][ T5848] RAX: ffffffffffffffda RBX: 00007ffd6f511f00 RCX: 00007f27d9758eaa [ 90.244942][ T5848] RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007ffd6f511f00 [ 90.252931][ T5848] RBP: 0000200000000000 R08: 00007ffd6f511f40 R09: 000000000000f631 [ 90.260909][ T5848] R10: 0000000001010051 R11: 0000000000000282 R12: 0000200000000080 [ 90.268976][ T5848] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffd6f511f40 [ 90.276985][ T5848] [ 90.280380][ T5848] Kernel Offset: disabled [ 90.284746][ T5848] Rebooting in 86400 seconds..