./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor921499799
<...>
[ 91.991229][ T10] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.15.209' (ED25519) to the list of known hosts.
execve("./syz-executor921499799", ["./syz-executor921499799"], 0x7ffd2e3fdfc0 /* 10 vars */) = 0
brk(NULL) = 0x55557a3ee000
brk(0x55557a3eed00) = 0x55557a3eed00
arch_prctl(ARCH_SET_FS, 0x55557a3ee380) = 0
set_tid_address(0x55557a3ee650) = 5828
set_robust_list(0x55557a3ee660, 24) = 0
rseq(0x55557a3eeca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor921499799", 4096) = 27
getrandom("\xeb\xc8\xc6\xff\x3b\xa8\xd9\x7d", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55557a3eed00
brk(0x55557a40fd00) = 0x55557a40fd00
brk(0x55557a410000) = 0x55557a410000
mprotect(0x7fa3e5c35000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached
, child_tidptr=0x55557a3ee650) = 5829
[pid 5829] set_robust_list(0x55557a3ee660, 24) = 0
[pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5829] setpgid(0, 0) = 0
[pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5829] write(3, "1000", 4) = 4
[pid 5829] close(3) = 0
executing program
[pid 5829] write(1, "executing program\n", 18) = 18
[pid 5829] memfd_create("syzkaller", 0) = 3
[pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3dd600000
[pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5829] munmap(0x7fa3dd600000, 138412032) = 0
[pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5829] close(3) = 0
[pid 5829] close(4) = 0
[pid 5829] mkdir("./file0", 0777) = 0
[ 93.738869][ T5829] loop0: detected capacity change from 0 to 32768
[ 93.792755][ T5829] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 93.835522][ T5829] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,gc_reserve_bytes=512 GiB,norecovery,nojournal_transaction_names
[ 93.835522][ T5829] allowing incompatible features above 0.0: (unknown version)
[ 93.835522][ T5829] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 93.875667][ T5829] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 93.883885][ T5829] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 93.883885][ T5829] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 93.883885][ T5829] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 93.928636][ T5829] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 17 type inode_v3 0:4097:U32_MAX len 0 ver 0: (unpack error)
[ 93.928658][ T5829] invalid variable length fields, deleting
[ 93.950721][ T5829] bcachefs (loop0): btree node read error at btree dirents level 0/0
[ 93.950738][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[ 93.950750][ T5829] loop0 node offset 0/24 bset u64s 0: incorrect max key 281483566645247:U64_MAX:U32_MAX
[ 93.950759][ T5829] flagging btree dirents lost data
[ 93.950767][ T5829] running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 93.950776][ T5829] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 93.950786][ T5829] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[ 93.950795][ T5829] ret btree_node_read_validate_error
[ 94.024460][ T5829] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing
[ 94.036634][ T5829] bcachefs (loop0): btree node read error at btree xattrs level 0/0
[ 94.036649][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0
[ 94.036660][ T5829] loop0 node offset 8/16 bset u64s 10: unsupported bset version 0.0
[ 94.036668][ T5829] flagging btree xattrs lost data
[ 94.036676][ T5829] ret btree_node_read_err_incompatible
[ 94.078702][ T5829] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing
[ 94.091206][ T5829] bcachefs (loop0): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:28:0 len 0 ver 0:
[ 94.091223][ T5829] gen 0 oldest_gen 0 data_type btree
[ 94.091230][ T5829] journal_seq_nonempty 6
[ 94.091237][ T5829] journal_seq_empty 0
[ 94.091244][ T5829] need_discard 1
[ 94.091263][ T5829] need_inc_gen 1
[ 94.091270][ T5829] dirty_sectors 0
[ 94.091276][ T5829] stripe_sectors 0
[ 94.091283][ T5829] cached_sectors 0
[ 94.091290][ T5829] stripe 0
[ 94.091296][ T5829] stripe_redundancy 0
[ 94.091303][ T5829] io_time[READ] 1
[ 94.091309][ T5829] io_time[WRITE] 768
[ 94.091316][ T5829] fragmentation 0
[ 94.091322][ T5829] bp_start 8
[ 94.091329][ T5829]
[ 94.091335][ T5829] invalid data type (got 3 should be 9), deleting
[ 94.179617][ T5829] bcachefs (loop0): btree node read error at btree subvolumes level 0/0
[ 94.179632][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0
[ 94.179643][ T5829] loop0 node offset 0/16: incorrect min_key: got 0:0:1 should be POS_MIN
[ 94.179652][ T5829] flagging btree subvolumes lost data
[ 94.179659][ T5829] ret btree_node_read_validate_error
[ 94.221536][ T5829] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing
[ 94.236635][ T5829] bcachefs (loop0): btree node read error at btree freespace level 0/0
[ 94.236649][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[ 94.236660][ T5829] loop0 node offset 0/32 bset u64s 0: invalid bkey format: field 1 too large: 18446744073709551615 + 1536 > 18446744073709551615
[ 94.236671][ T5829] u64s 3 fields 64:0, 64:1536, 32:0, 0:0, 0:0, 0:0
[ 94.236679][ T5829] flagging btree freespace lost data
[ 94.236686][ T5829] running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[ 94.236696][ T5829] ret btree_node_read_validate_error
[ 94.299657][ T5829] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[ 94.313137][ T5829] bcachefs (loop0): scan_for_btree_nodes...
[ 94.320315][ T5832] bcachefs (loop0): sb invalid before write: Unsupported superblock version_min 0.0: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive)
[ 94.320343][ T5832] emergency read only at seq 10
[ 94.353521][ T5832] ------------[ cut here ]------------
[ 94.359141][ T5832] UBSAN: shift-out-of-bounds in fs/bcachefs/bkey.c:163:16
[ 94.366486][ T5832] shift exponent 4294967127 is too large for 64-bit type 'u64' (aka 'unsigned long long')
[ 94.376623][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: read_btree_node Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full)
[ 94.376643][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 94.376658][ T5832] Call Trace:
[ 94.376664][ T5832]
[ 94.376674][ T5832] dump_stack_lvl+0x189/0x250
[ 94.376718][ T5832] ? __pfx_dump_stack_lvl+0x10/0x10
[ 94.376740][ T5832] ? __pfx__printk+0x10/0x10
[ 94.376765][ T5832] ? unwind_next_frame+0xa5/0x2390
[ 94.376791][ T5832] ubsan_epilogue+0xa/0x40
[ 94.376805][ T5832] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 94.376847][ T5832] __bch2_bkey_unpack_key+0xdc4/0xe10
[ 94.376870][ T5832] __bch2_bkey_compat+0x4db/0xbd0
[ 94.376900][ T5832] ? __pfx___bch2_bkey_compat+0x10/0x10
[ 94.376917][ T5832] ? kfree+0x18e/0x440
[ 94.376938][ T5832] ? bch2_btree_node_fill+0xd12/0x14f0
[ 94.376951][ T5832] ? bch2_btree_node_get_noiter+0xa2c/0x1000
[ 94.376973][ T5832] ? read_btree_nodes_worker+0x1319/0x1e20
[ 94.376988][ T5832] ? kthread+0x711/0x8a0
[ 94.377008][ T5832] ? ret_from_fork+0x4e/0x80
[ 94.377023][ T5832] ? ret_from_fork_asm+0x1a/0x30
[ 94.377050][ T5832] ? bch2_checksum_update+0x91/0x160
[ 94.377078][ T5832] ? __pfx_bch2_checksum+0x10/0x10
[ 94.377104][ T5832] validate_bset_keys+0x6c1/0x1390
[ 94.377136][ T5832] ? validate_bset+0x1420/0x1bd0
[ 94.377156][ T5832] ? __pfx_validate_bset_keys+0x10/0x10
[ 94.377196][ T5832] ? prt_str+0x439/0x760
[ 94.377213][ T5832] ? bch2_btree_node_read_done+0x17a0/0x4f60
[ 94.377236][ T5832] bch2_btree_node_read_done+0x18c8/0x4f60
[ 94.377289][ T5832] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 94.377315][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x900
[ 94.377336][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x900
[ 94.377354][ T5832] ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[ 94.377375][ T5832] ? bch2_printbuf_make_room+0xdb/0x360
[ 94.377416][ T5832] ? enumerated_ref_put+0xbe/0x270
[ 94.377436][ T5832] btree_node_read_work+0x426/0xe30
[ 94.377470][ T5832] ? __pfx_btree_node_read_work+0x10/0x10
[ 94.377490][ T5832] ? bch2_latency_acct+0x436/0x520
[ 94.377515][ T5832] ? __pfx_bch2_latency_acct+0x10/0x10
[ 94.377536][ T5832] ? bio_associate_blkg+0x6d/0x230
[ 94.377561][ T5832] bch2_btree_node_read+0x887/0x29f0
[ 94.377596][ T5832] ? bch2_btree_node_fill+0x954/0x14f0
[ 94.377614][ T5832] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 94.377631][ T5832] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 94.377659][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 94.377680][ T5832] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[ 94.377702][ T5832] ? bch2_btree_node_mem_alloc+0xcd9/0x1820
[ 94.377720][ T5832] ? six_unlock_ip+0x302/0x430
[ 94.377739][ T5832] ? bch2_btree_node_fill+0xb47/0x14f0
[ 94.377753][ T5832] bch2_btree_node_fill+0xd12/0x14f0
[ 94.377767][ T5832] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10
[ 94.377789][ T5832] ? __pfx_bch2_btree_node_fill+0x10/0x10
[ 94.377804][ T5832] ? btree_cache_find+0xf4/0x2d0
[ 94.377820][ T5832] ? btree_cache_find+0xf4/0x2d0
[ 94.377833][ T5832] ? btree_cache_find+0x26f/0x2d0
[ 94.377846][ T5832] ? __pfx_btree_cache_find+0x10/0x10
[ 94.377869][ T5832] bch2_btree_node_get_noiter+0xa2c/0x1000
[ 94.377901][ T5832] read_btree_nodes_worker+0x1319/0x1e20
[ 94.377927][ T5832] ? read_btree_nodes_worker+0xcef/0x1e20
[ 94.377960][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10
[ 94.377991][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 94.378006][ T5832] ? lockdep_hardirqs_on+0x9c/0x150
[ 94.378023][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 94.378045][ T5832] ? __kthread_parkme+0x7b/0x200
[ 94.378065][ T5832] ? __kthread_parkme+0x1a1/0x200
[ 94.378090][ T5832] kthread+0x711/0x8a0
[ 94.378114][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10
[ 94.378130][ T5832] ? __pfx_kthread+0x10/0x10
[ 94.378152][ T5832] ? __pfx_kthread+0x10/0x10
[ 94.378173][ T5832] ? _raw_spin_unlock_irq+0x23/0x50
[ 94.378187][ T5832] ? lockdep_hardirqs_on+0x9c/0x150
[ 94.378203][ T5832] ? __pfx_kthread+0x10/0x10
[ 94.378224][ T5832] ret_from_fork+0x4e/0x80
[ 94.378238][ T5832] ? __pfx_kthread+0x10/0x10
[ 94.378260][ T5832] ret_from_fork_asm+0x1a/0x30
[ 94.378285][ T5832]
[ 94.378290][ T5832] ---[ end trace ]---
[ 94.785865][ T5832] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 94.793098][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: read_btree_node Not tainted 6.15.0-syzkaller-01958-g785cdec46e92 #0 PREEMPT(full)
[ 94.805158][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 94.815208][ T5832] Call Trace:
[ 94.818488][ T5832]
[ 94.821421][ T5832] dump_stack_lvl+0x99/0x250
[ 94.826046][ T5832] ? __asan_memcpy+0x40/0x70
[ 94.830652][ T5832] ? __pfx_dump_stack_lvl+0x10/0x10
[ 94.835866][ T5832] ? __pfx__printk+0x10/0x10
[ 94.840472][ T5832] panic+0x2db/0x790
[ 94.844376][ T5832] ? __pfx_panic+0x10/0x10
[ 94.848790][ T5832] ? _printk+0xcf/0x120
[ 94.852954][ T5832] ? __pfx__printk+0x10/0x10
[ 94.857550][ T5832] ? unwind_next_frame+0xa5/0x2390
[ 94.862663][ T5832] check_panic_on_warn+0x89/0xb0
[ 94.867683][ T5832] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 94.874145][ T5832] __bch2_bkey_unpack_key+0xdc4/0xe10
[ 94.879532][ T5832] __bch2_bkey_compat+0x4db/0xbd0
[ 94.884678][ T5832] ? __pfx___bch2_bkey_compat+0x10/0x10
[ 94.890249][ T5832] ? kfree+0x18e/0x440
[ 94.894326][ T5832] ? bch2_btree_node_fill+0xd12/0x14f0
[ 94.899813][ T5832] ? bch2_btree_node_get_noiter+0xa2c/0x1000
[ 94.905809][ T5832] ? read_btree_nodes_worker+0x1319/0x1e20
[ 94.911615][ T5832] ? kthread+0x711/0x8a0
[ 94.915854][ T5832] ? ret_from_fork+0x4e/0x80
[ 94.920436][ T5832] ? ret_from_fork_asm+0x1a/0x30
[ 94.925378][ T5832] ? bch2_checksum_update+0x91/0x160
[ 94.930672][ T5832] ? __pfx_bch2_checksum+0x10/0x10
[ 94.935925][ T5832] validate_bset_keys+0x6c1/0x1390
[ 94.941067][ T5832] ? validate_bset+0x1420/0x1bd0
[ 94.946009][ T5832] ? __pfx_validate_bset_keys+0x10/0x10
[ 94.951591][ T5832] ? prt_str+0x439/0x760
[ 94.955833][ T5832] ? bch2_btree_node_read_done+0x17a0/0x4f60
[ 94.961814][ T5832] bch2_btree_node_read_done+0x18c8/0x4f60
[ 94.967651][ T5832] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 94.973811][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x900
[ 94.979362][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x900
[ 94.984903][ T5832] ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[ 94.990625][ T5832] ? bch2_printbuf_make_room+0xdb/0x360
[ 94.996181][ T5832] ? enumerated_ref_put+0xbe/0x270
[ 95.001293][ T5832] btree_node_read_work+0x426/0xe30
[ 95.006511][ T5832] ? __pfx_btree_node_read_work+0x10/0x10
[ 95.012232][ T5832] ? bch2_latency_acct+0x436/0x520
[ 95.017352][ T5832] ? __pfx_bch2_latency_acct+0x10/0x10
[ 95.022812][ T5832] ? bio_associate_blkg+0x6d/0x230
[ 95.027931][ T5832] bch2_btree_node_read+0x887/0x29f0
[ 95.033260][ T5832] ? bch2_btree_node_fill+0x954/0x14f0
[ 95.038731][ T5832] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 95.044451][ T5832] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 95.050086][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 95.056066][ T5832] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[ 95.062572][ T5832] ? bch2_btree_node_mem_alloc+0xcd9/0x1820
[ 95.068464][ T5832] ? six_unlock_ip+0x302/0x430
[ 95.073231][ T5832] ? bch2_btree_node_fill+0xb47/0x14f0
[ 95.078699][ T5832] bch2_btree_node_fill+0xd12/0x14f0
[ 95.083995][ T5832] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10
[ 95.089980][ T5832] ? __pfx_bch2_btree_node_fill+0x10/0x10
[ 95.095693][ T5832] ? btree_cache_find+0xf4/0x2d0
[ 95.100628][ T5832] ? btree_cache_find+0xf4/0x2d0
[ 95.105561][ T5832] ? btree_cache_find+0x26f/0x2d0
[ 95.110581][ T5832] ? __pfx_btree_cache_find+0x10/0x10
[ 95.115958][ T5832] bch2_btree_node_get_noiter+0xa2c/0x1000
[ 95.121775][ T5832] read_btree_nodes_worker+0x1319/0x1e20
[ 95.127424][ T5832] ? read_btree_nodes_worker+0xcef/0x1e20
[ 95.133159][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10
[ 95.139152][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 95.145040][ T5832] ? lockdep_hardirqs_on+0x9c/0x150
[ 95.150235][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 95.156131][ T5832] ? __kthread_parkme+0x7b/0x200
[ 95.161074][ T5832] ? __kthread_parkme+0x1a1/0x200
[ 95.166106][ T5832] kthread+0x711/0x8a0
[ 95.170181][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10
[ 95.176157][ T5832] ? __pfx_kthread+0x10/0x10
[ 95.180750][ T5832] ? __pfx_kthread+0x10/0x10
[ 95.185344][ T5832] ? _raw_spin_unlock_irq+0x23/0x50
[ 95.190537][ T5832] ? lockdep_hardirqs_on+0x9c/0x150
[ 95.195731][ T5832] ? __pfx_kthread+0x10/0x10
[ 95.200326][ T5832] ret_from_fork+0x4e/0x80
[ 95.204738][ T5832] ? __pfx_kthread+0x10/0x10
[ 95.209336][ T5832] ret_from_fork_asm+0x1a/0x30
[ 95.214115][ T5832]
[ 95.217501][ T5832] Kernel Offset: disabled
[ 95.221860][ T5832] Rebooting in 86400 seconds..