Hello, syzbot found the following issue on:
HEAD commit: afec768a6a8f Add linux-next specific files for 20250805 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=13b886a2580000 kernel config: https://syzkaller.appspot.com/x/.config?x=f4ccbd076877954b dashboard link: https://syzkaller.appspot.com/bug?extid=8f3825f100f660b04204 compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d205bc580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1732a6a2580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/f60d231fbf08/disk-afec768a.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/eb1709601601/vmlinux-afec768a.xz kernel image: https://storage.googleapis.com/syzbot-assets/f528f37da74c/bzImage-afec768a.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/3808cc003493/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8f3825f100f660b04...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 32768 Oops: general protection fault, probably for non-canonical address 0xdffffc00000096c2: 0000 [#1] SMP KASAN PTI KASAN: probably user-memory-access in range [0x000000000004b610-0x000000000004b617] CPU: 0 UID: 0 PID: 5865 Comm: syz-executor145 Not tainted 6.16.0-next-20250805-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:__bch2_err_trace+0x2c/0x230 fs/bcachefs/bcachefs.h:1150 Code: 57 41 56 41 55 41 54 53 89 f3 49 89 fe 49 bd 00 00 00 00 00 fc ff df e8 62 96 65 fd 4d 8d be 10 b6 04 00 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 a5 00 c9 fd 49 8b 07 65 48 ff 80 RSP: 0018:ffffc9000408f648 EFLAGS: 00010202 RAX: 00000000000096c2 RBX: 00000000fffff716 RCX: ffff88807ed35a00 RDX: 0000000000000000 RSI: 00000000fffff716 RDI: 0000000000000000 RBP: ffffc9000408f970 R08: ffff88807a554000 R09: ffff88807a554000 R10: ffff888148d3f300 R11: ffff88802ffd0380 R12: dffffc0000000000 R13: dffffc0000000000 R14: 0000000000000000 R15: 000000000004b610 FS: 00005555840bd380(0000) GS:ffff888125c24000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffb4e035000 CR3: 0000000071f12000 CR4: 00000000003526f0 Call Trace: <TASK> bch2_fs_open+0x130f/0x27f0 fs/bcachefs/super.c:2546 bch2_fs_get_tree+0x44f/0x1540 fs/bcachefs/fs.c:2430 vfs_get_tree+0x92/0x2b0 fs/super.c:1815 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3805 do_mount fs/namespace.c:4133 [inline] __do_sys_mount fs/namespace.c:4344 [inline] __se_sys_mount+0x317/0x410 fs/namespace.c:4321 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa418864bba Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff62abeef8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fff62abef10 RCX: 00007fa418864bba RDX: 00002000000058c0 RSI: 0000200000000000 RDI: 00007fff62abef10 RBP: 0000200000000000 R08: 00007fff62abef50 R09: 000000000000591b R10: 0000000000000000 R11: 0000000000000282 R12: 00002000000058c0 R13: 00007fff62abef50 R14: 0000000000000003 R15: 0000000000000000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__bch2_err_trace+0x2c/0x230 fs/bcachefs/bcachefs.h:1150 Code: 57 41 56 41 55 41 54 53 89 f3 49 89 fe 49 bd 00 00 00 00 00 fc ff df e8 62 96 65 fd 4d 8d be 10 b6 04 00 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 ff e8 a5 00 c9 fd 49 8b 07 65 48 ff 80 RSP: 0018:ffffc9000408f648 EFLAGS: 00010202 RAX: 00000000000096c2 RBX: 00000000fffff716 RCX: ffff88807ed35a00 RDX: 0000000000000000 RSI: 00000000fffff716 RDI: 0000000000000000 RBP: ffffc9000408f970 R08: ffff88807a554000 R09: ffff88807a554000 R10: ffff888148d3f300 R11: ffff88802ffd0380 R12: dffffc0000000000 R13: dffffc0000000000 R14: 0000000000000000 R15: 000000000004b610 FS: 00005555840bd380(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2b962148 CR3: 0000000071f12000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 57 push %rdi 1: 41 56 push %r14 3: 41 55 push %r13 5: 41 54 push %r12 7: 53 push %rbx 8: 89 f3 mov %esi,%ebx a: 49 89 fe mov %rdi,%r14 d: 49 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%r13 14: fc ff df 17: e8 62 96 65 fd call 0xfd65967e 1c: 4d 8d be 10 b6 04 00 lea 0x4b610(%r14),%r15 23: 4c 89 f8 mov %r15,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 4c 89 ff mov %r15,%rdi 34: e8 a5 00 c9 fd call 0xfdc900de 39: 49 8b 07 mov (%r15),%rax 3c: 65 gs 3d: 48 rex.W 3e: ff .byte 0xff 3f: 80 .byte 0x80 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
