./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1948828706 <...> Warning: Permanently added '10.128.1.76' (ED25519) to the list of known hosts. execve("./syz-executor1948828706", ["./syz-executor1948828706"], 0x7fff11b12240 /* 10 vars */) = 0 brk(NULL) = 0x55556e8aa000 brk(0x55556e8aad00) = 0x55556e8aad00 arch_prctl(ARCH_SET_FS, 0x55556e8aa380) = 0 set_tid_address(0x55556e8aa650) = 5831 set_robust_list(0x55556e8aa660, 24) = 0 rseq(0x55556e8aaca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1948828706", 4096) = 28 getrandom("\x35\x16\x59\x0c\xa2\x7a\x05\x95", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556e8aad00 brk(0x55556e8cbd00) = 0x55556e8cbd00 brk(0x55556e8cc000) = 0x55556e8cc000 mprotect(0x7f66352ae000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55556e8aa660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x55556e8aa650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f662cc00000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7f662cc00000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = 0 [ 88.786983][ T5833] loop0: detected capacity change from 0 to 32768 [ 88.909784][ T5833] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,read_only,reconstruct_alloc,version_upgrade=incompatible,no_data_io [ 88.934711][ T5833] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=write_buffer_keys in superblock: bad format 0, fixing [ 88.948702][ T5833] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=write_buffer_keys in superblock: k->u64s 0, fixing [ 88.962147][ T5833] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 88.970570][ T5833] bcachefs (loop0): Version upgrade from 1.13: inode_has_child_snapshots to 1.7: mi_btree_bitmap incomplete [ 88.970570][ T5833] Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.25: extent_flags [ 88.970570][ T5833] running recovery passes: check_allocations,check_extents_to_backpointers [ 89.001013][ T5833] bcachefs (loop0): Now allowing incompatible features up to 1.25: extent_flags, previously allowed up to 0.0: (unknown version) [ 89.001013][ T5833] [ 89.017109][ T5833] bcachefs (loop0): dropping and reconstructing all alloc info [ 89.028477][ T5833] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 89.040491][ T5833] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0 [ 89.040519][ T5833] u64s 11 type btree_ptr_v2 18446744073707239423:U64_MAX:U32_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 89.040535][ T5833] node offset 0/16 bset u64s 0: incorrect max key SPOS_MAX, btree topology error: [ 89.077693][ T5833] bcachefs (loop0): flagging btree extents lost data [ 89.084509][ T5833] bcachefs (loop0): running explicit recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 89.097538][ T5833] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 89.110566][ T5833] bcachefs (loop0): error reading btree root btree=extents level=0: btree_node_read_error, fixing [ 89.123178][ T5833] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 89.123198][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 89.123209][ T5833] node offset 16/24 bset u64s 110 bset byte offset 536: bad k->u64s 0 (min 3 max 253), fixing [ 89.157732][ T5833] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree inodes level 0/0 [ 89.157747][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 89.157759][ T5833] node offset 16/24 bset u64s 99 bset byte offset 696: key extends past end of bset, fixing [ 89.192573][ T5833] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 89.192573][ T5833] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 89.222422][ T5833] bcachefs (loop0): scan_for_btree_nodes... [ 89.226451][ T5833] bcachefs (loop0): btree node scan found 3 nodes after overwrites [ 89.240463][ T5833] done [ 89.243524][ T5833] bcachefs (loop0): check_topology... [ 89.244043][ T5833] bcachefs (loop0): btree root extents unreadable, must recover from scan [ 89.258336][ T5833] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX [ 89.269443][ T5833] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 89.289373][ T59] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0 [ 89.289393][ T59] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 89.289405][ T59] node offset 8/16 bset u64s 49: bset at wrong sector offset, fixing [ 89.323325][ T59] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 89.323325][ T59] btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 89.348307][ T5833] done [ 89.351341][ T5833] bcachefs (loop0): accounting_read... done [ 89.358294][ T5833] bcachefs (loop0): alloc_read... done [ 89.364019][ T5833] bcachefs (loop0): snapshots_read... done [ 89.370141][ T5833] bcachefs (loop0): check_allocations... [ 89.372624][ T5833] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI [ 89.390130][ T5833] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] [ 89.398552][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor194 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) [ 89.410612][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 89.420665][ T5833] RIP: 0010:bch2_snapshot_tree_oldest_subvol+0x1d3/0x6a0 [ 89.427705][ T5833] Code: e6 e8 f1 71 39 fd 4c 39 e5 0f 86 c9 03 00 00 e8 83 6f 39 fd 49 6b c4 38 49 01 c6 49 83 c6 18 49 83 c6 20 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 c6 03 00 00 41 8b 2e 31 ff 89 ee e8 94 [ 89.447338][ T5833] RSP: 0018:ffffc90003dc6020 EFLAGS: 00010202 [ 89.453417][ T5833] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffff88802412bc00 [ 89.461390][ T5833] RDX: 0000000000000000 RSI: 00000000ffeb487f RDI: 0000000000000001 [ 89.469378][ T5833] RBP: 0000000000000001 R08: ffffffff8489d72f R09: 0000000000000000 [ 89.477349][ T5833] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffeb487f [ 89.485316][ T5833] R13: dffffc0000000000 R14: 0000000000000020 R15: 000000000014b780 [ 89.493281][ T5833] FS: 000055556e8aa380(0000) GS:ffff888124fcc000(0000) knlGS:0000000000000000 [ 89.502206][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.508785][ T5833] CR2: 00005648fe403f80 CR3: 0000000034f66000 CR4: 00000000003526f0 [ 89.516754][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.524736][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.532703][ T5833] Call Trace: [ 89.535974][ T5833] [ 89.538914][ T5833] ? bch2_snapshot_tree_oldest_subvol+0x2b/0x6a0 [ 89.545286][ T5833] bch2_inum_snap_offset_err_msg_trans+0x374/0x680 [ 89.551795][ T5833] ? bch2_inum_snap_offset_err_msg_trans+0xe8/0x680 [ 89.558383][ T5833] ? __pfx_bch2_inum_snap_offset_err_msg_trans+0x10/0x10 [ 89.565426][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.570309][ T5833] ? __pfx_bch2_btree_path_verify_level+0x10/0x10 [ 89.576744][ T5833] bch2_indirect_extent_missing_error+0x411/0x1290 [ 89.583267][ T5833] ? __pfx_bch2_indirect_extent_missing_error+0x10/0x10 [ 89.590221][ T5833] ? bch2_btree_iter_verify_ret+0x189/0x16e0 [ 89.596210][ T5833] ? __asan_memset+0x23/0x50 [ 89.600800][ T5833] ? __bkey_unpack_pos+0x4da/0x790 [ 89.605919][ T5833] ? __pfx_bch2_btree_iter_verify_ret+0x10/0x10 [ 89.612175][ T5833] ? btree_trans_peek_key_cache+0x421/0x1580 [ 89.618172][ T5833] ? __pfx___bch2_bkey_cmp_left_packed+0x10/0x10 [ 89.624544][ T5833] __trigger_reflink_p+0x196c/0x1cc0 [ 89.629854][ T5833] ? bch2_btree_path_verify_locks+0x85d/0xb40 [ 89.635932][ T5833] ? __pfx___trigger_reflink_p+0x10/0x10 [ 89.641576][ T5833] ? bch2_btree_iter_peek_max+0x53fe/0x6370 [ 89.647526][ T5833] bch2_trigger_reflink_p+0x299/0x380 [ 89.652911][ T5833] ? __pfx_bch2_trigger_reflink_p+0x10/0x10 [ 89.658809][ T5833] ? gc_pos_set+0x5c2/0x810 [ 89.663315][ T5833] ? gc_pos_set+0x5c2/0x810 [ 89.667842][ T5833] ? bch2_gc_mark_key+0x2f9/0x1180 [ 89.672947][ T5833] ? __pfx_bch2_trigger_reflink_p+0x10/0x10 [ 89.678861][ T5833] bch2_gc_mark_key+0x6bd/0x1180 [ 89.683816][ T5833] ? __pfx_bch2_gc_mark_key+0x10/0x10 [ 89.689186][ T5833] ? gc_pos_set+0x5c2/0x810 [ 89.693696][ T5833] ? bch2_btree_iter_advance+0x394/0x870 [ 89.699331][ T5833] ? bch2_check_allocations+0x13fc/0x6ab0 [ 89.705077][ T5833] bch2_check_allocations+0x1488/0x6ab0 [ 89.710650][ T5833] ? prb_first_seq+0x133/0x210 [ 89.715418][ T5833] ? bch2_check_allocations+0xfe1/0x6ab0 [ 89.721060][ T5833] ? _prb_read_valid+0xb13/0xbb0 [ 89.726015][ T5833] ? __pfx__prb_read_valid+0x10/0x10 [ 89.731305][ T5833] ? __pfx_data_push_tail+0x10/0x10 [ 89.736501][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.741346][ T5833] ? record_print_text+0x273/0x430 [ 89.746465][ T5833] ? record_print_text+0x315/0x430 [ 89.751576][ T5833] ? prb_read_valid+0xab/0xf0 [ 89.756255][ T5833] ? __pfx_bch2_check_allocations+0x10/0x10 [ 89.762197][ T5833] ? desc_read+0x1a8/0x400 [ 89.766615][ T5833] ? prb_first_seq+0x133/0x210 [ 89.771384][ T5833] ? __pfx_prb_first_seq+0x10/0x10 [ 89.776514][ T5833] ? this_cpu_in_panic+0x4f/0x80 [ 89.781450][ T5833] ? _prb_read_valid+0xb13/0xbb0 [ 89.786387][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 89.792725][ T5833] ? __pfx__prb_read_valid+0x10/0x10 [ 89.798006][ T5833] ? console_flush_all+0xda3/0xec0 [ 89.803116][ T5833] ? bch2_check_allocations+0x1274/0x6ab0 [ 89.808837][ T5833] ? prb_read_valid+0xab/0xf0 [ 89.813507][ T5833] ? __pfx___console_unlock+0x10/0x10 [ 89.818880][ T5833] ? bch2_check_allocations+0x1954/0x6ab0 [ 89.824615][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.829462][ T5833] ? is_printk_cpu_sync_owner+0x32/0x40 [ 89.835009][ T5833] ? preempt_count_add+0x93/0x190 [ 89.840049][ T5833] ? __wake_up_klogd+0xd5/0x110 [ 89.844908][ T5833] ? __pfx_vprintk_emit+0x10/0x10 [ 89.849933][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.854798][ T5833] ? __bch2_print+0x17c/0x220 [ 89.859486][ T5833] ? __pfx___bch2_print+0x10/0x10 [ 89.864541][ T5833] bch2_run_recovery_pass+0xf0/0x1e0 [ 89.869838][ T5833] bch2_run_recovery_passes+0x2ad/0xa90 [ 89.875398][ T5833] bch2_fs_recovery+0x292a/0x3e20 [ 89.880432][ T5833] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 89.885815][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.890661][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.895508][ T5833] ? __lock_acquire+0xad5/0xd80 [ 89.900384][ T5833] ? bch2_fs_start+0x269/0x610 [ 89.905151][ T5833] ? up_write+0x1ab/0x590 [ 89.909499][ T5833] ? __pfx_up_write+0x10/0x10 [ 89.914170][ T5833] ? llist_reverse_order+0x72/0x90 [ 89.919291][ T5833] bch2_fs_start+0x2fb/0x610 [ 89.923886][ T5833] bch2_fs_get_tree+0x113e/0x18f0 [ 89.928918][ T5833] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 89.934289][ T5833] ? smack_fs_context_parse_param+0x10e/0x180 [ 89.940373][ T5833] ? vfs_parse_monolithic_sep+0x427/0x460 [ 89.946130][ T5833] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 89.951763][ T5833] ? rcu_is_watching+0x15/0xb0 [ 89.956527][ T5833] ? cap_capable+0x139/0x450 [ 89.961119][ T5833] ? safesetid_security_capable+0xb2/0x1d0 [ 89.966926][ T5833] vfs_get_tree+0x90/0x2b0 [ 89.971347][ T5833] do_new_mount+0x2cf/0xb70 [ 89.975862][ T5833] ? __pfx_do_new_mount+0x10/0x10 [ 89.980894][ T5833] __se_sys_mount+0x38c/0x400 [ 89.985663][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 89.990860][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 89.995649][ T5833] do_syscall_64+0xf3/0x230 [ 90.000176][ T5833] ? clear_bhb_loop+0x45/0xa0 [ 90.004875][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.010766][ T5833] RIP: 0033:0x7f6635236e2a [ 90.015198][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.034821][ T5833] RSP: 002b:00007ffcc0dd06d8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 90.043242][ T5833] RAX: ffffffffffffffda RBX: 00007ffcc0dd06f0 RCX: 00007f6635236e2a [ 90.051226][ T5833] RDX: 0000200000000040 RSI: 0000200000000000 RDI: 00007ffcc0dd06f0 [ 90.059350][ T5833] RBP: 0000200000000000 R08: 00007ffcc0dd0730 R09: 0000000000005995 [ 90.067359][ T5833] R10: 0000000000800001 R11: 0000000000000282 R12: 0000200000000040 [ 90.075510][ T5833] R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffcc0dd0730 [ 90.083520][ T5833] [ 90.086535][ T5833] Modules linked in: [ 90.090620][ T5833] ---[ end trace 0000000000000000 ]--- [ 90.096536][ T5833] RIP: 0010:bch2_snapshot_tree_oldest_subvol+0x1d3/0x6a0 [ 90.103607][ T5833] Code: e6 e8 f1 71 39 fd 4c 39 e5 0f 86 c9 03 00 00 e8 83 6f 39 fd 49 6b c4 38 49 01 c6 49 83 c6 18 49 83 c6 20 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 c6 03 00 00 41 8b 2e 31 ff 89 ee e8 94 [ 90.123301][ T5833] RSP: 0018:ffffc90003dc6020 EFLAGS: 00010202 [ 90.129462][ T5833] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffff88802412bc00 [ 90.137595][ T5833] RDX: 0000000000000000 RSI: 00000000ffeb487f RDI: 0000000000000001 [ 90.145714][ T5833] RBP: 0000000000000001 R08: ffffffff8489d72f R09: 0000000000000000 [ 90.153704][ T5833] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffeb487f [ 90.161739][ T5833] R13: dffffc0000000000 R14: 0000000000000020 R15: 000000000014b780 [ 90.169760][ T5833] FS: 000055556e8aa380(0000) GS:ffff888124fcc000(0000) knlGS:0000000000000000 [ 90.178776][ T5833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.185415][ T5833] CR2: 00005648fe403f80 CR3: 0000000034f66000 CR4: 00000000003526f0 [ 90.193395][ T5833] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 90.201410][ T5833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 90.209503][ T5833] Kernel panic - not syncing: Fatal exception [ 90.215882][ T5833] Kernel Offset: disabled [ 90.220208][ T5833] Rebooting in 86400 seconds..