./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1318143285 <...> Warning: Permanently added '10.128.10.62' (ED25519) to the list of known hosts. execve("./syz-executor1318143285", ["./syz-executor1318143285"], 0x7ffc029f3c60 /* 10 vars */) = 0 brk(NULL) = 0x55556f9a9000 brk(0x55556f9a9d00) = 0x55556f9a9d00 arch_prctl(ARCH_SET_FS, 0x55556f9a9380) = 0 set_tid_address(0x55556f9a9650) = 5823 set_robust_list(0x55556f9a9660, 24) = 0 rseq(0x55556f9a9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1318143285", 4096) = 28 getrandom("\x11\x34\x3a\x31\xb8\xaa\xba\xc9", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556f9a9d00 brk(0x55556f9cad00) = 0x55556f9cad00 brk(0x55556f9cb000) = 0x55556f9cb000 mprotect(0x7fa5d75a5000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5824 attached [pid 5824] set_robust_list(0x55556f9a9660, 24) = 0 [pid 5824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5823] <... clone resumed>, child_tidptr=0x55556f9a9650) = 5824 [pid 5824] <... prctl resumed>) = 0 [pid 5824] setpgid(0, 0) = 0 [pid 5824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 5824] write(3, "1000", 4) = 4 [pid 5824] close(3) = 0 [pid 5824] write(1, "executing program\n", 18) = 18 [pid 5824] memfd_create("syzkaller", 0) = 3 [pid 5824] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5cf000000 [pid 5824] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5824] munmap(0x7fa5cf000000, 138412032) = 0 [pid 5824] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5824] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5824] close(3) = 0 [pid 5824] close(4) = 0 [pid 5824] mkdir("./file1", 0777) = 0 [ 94.508510][ T5824] loop0: detected capacity change from 0 to 32768 [ 94.568425][ T5824] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 94.613636][ T5824] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,background_compression=zstd,journal_flush_disabled,norecovery,reconstruct_alloc,no_data_io [ 94.613636][ T5824] allowing incompatible features above 0.0: (unknown version) [ 94.613636][ T5824] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 94.656911][ T5824] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 94.665680][ T5824] bcachefs (loop0): Version upgrade required: [ 94.665680][ T5824] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 94.665680][ T5824] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 94.665680][ T5824] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 94.739303][ T5824] bcachefs (loop0): dropping and reconstructing all alloc info [ 94.760193][ T5824] bcachefs (loop0): btree node read error at btree inodes level 0/0 [ 94.760212][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 94.760224][ T5824] loop0 node offset 0/24 bset u64s 0: invalid bkey format: field 2 too large: 4294967295 + 9895604649984 > 4294967295 [ 94.760236][ T5824] u64s 3 fields 64:0, 64:0, 32:9895604649984, 0:0, 0:0, 0:0 [ 94.760244][ T5824] flagging btree inodes lost data [ 94.760252][ T5824] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 94.760261][ T5824] ret btree_node_read_validate_error [ 94.828327][ T5824] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 94.841061][ T5824] bcachefs (loop0): btree node read error at btree dirents level 0/0 [ 94.841076][ T5824] u64s 11 type btree_ptr_v2 18446744069414846463:U64_MAX:U32_MAX len 0 ver 281474976710656: seq 9aa2890000ce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 94.841090][ T5824] loop0 node offset 0/24: got wrong btree node: got [ 94.841098][ T5824] btree=dirents level=0 seq 9aa2895aefce4bdf 1 [ 94.841106][ T5824] min: POS_MIN [ 94.841112][ T5824] max: SPOS_MAX [ 94.841119][ T5824] flagging btree dirents lost data [ 94.841126][ T5824] ret btree_node_read_validate_error [ 94.898642][ T5824] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 94.911776][ T5824] bcachefs (loop0): btree node read error at btree subvolumes level 0/0 [ 94.911792][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0 [ 94.911804][ T5824] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 2 too large: 4294967295 + 3298534883328 > 4294967295 [ 94.911816][ T5824] u64s 3 fields 64:0, 64:0, 32:3298534883328, 0:0, 0:0, 0:0 [ 94.911824][ T5824] flagging btree subvolumes lost data [ 94.911832][ T5824] ret btree_node_read_validate_error [ 94.966262][ T5824] bcachefs (loop0): error reading btree root btree=subvolumes level=0: btree_node_read_error, fixing [ 94.978714][ T5824] bcachefs (loop0): btree node read error at btree snapshots level 0/0 [ 94.978729][ T5824] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 94.978741][ T5824] loop0 node offset 0/16 bset u64s 0: incorrect btree id [ 94.978750][ T5824] flagging btree snapshots lost data [ 94.978757][ T5824] running recovery pass reconstruct_snapshots (21), currently at recovery_pass_empty (0) [ 94.978767][ T5824] ret btree_node_read_validate_error [ 95.029150][ T5824] bcachefs (loop0): error reading btree root btree=snapshots level=0: btree_node_read_error, fixing [ 95.041867][ T5824] bcachefs (loop0): scan_for_btree_nodes... [ 95.049503][ T5831] bcachefs (loop0): invalid bkey in btree_node btree=subvolumes level=0: u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: subvol parent 0 children 0 0 subvol 1 tree 0 [ 95.049527][ T5831] invalid key type for btree subvolumes (snapshot), deleting [ 95.086737][ T5831] ------------[ cut here ]------------ [ 95.092422][ T5831] kernel BUG at fs/bcachefs/bkey.c:389! [ 95.098240][ T5831] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 95.104513][ T5831] CPU: 1 UID: 0 PID: 5831 Comm: read_btree_node Not tainted 6.15.0-syzkaller-07774-g90b83efa6701 #0 PREEMPT(full) [ 95.116581][ T5831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 95.126724][ T5831] RIP: 0010:bch2_bkey_pack_pos_lossy+0x13de/0x24e0 [ 95.133266][ T5831] Code: e8 57 ce 08 fe 48 ba 00 00 00 00 00 fc ff df e9 a5 f8 ff ff e8 c3 d5 a7 fd 90 0f 0b e8 bb d5 a7 fd 90 0f 0b e8 b3 d5 a7 fd 90 <0f> 0b e8 ab d5 a7 fd 90 0f 0b e8 a3 d5 a7 fd 90 0f 0b f3 0f 1e fa [ 95.152885][ T5831] RSP: 0018:ffffc900043aeb40 EFLAGS: 00010293 [ 95.158972][ T5831] RAX: ffffffff8418244d RBX: 0000090000000000 RCX: ffff888030f41e00 [ 95.167121][ T5831] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000090000000000 [ 95.175099][ T5831] RBP: ffffc900043aed78 R08: ffffffffffffffff R09: ffffffffffffffff [ 95.183077][ T5831] R10: ffffffffffffffff R11: ffffffffffffffff R12: ffff88814c4490c4 [ 95.191146][ T5831] R13: fffff700ffffffff R14: 0000000000000000 R15: fffffffffffffffe [ 95.199122][ T5831] FS: 0000000000000000(0000) GS:ffff888125d98000(0000) knlGS:0000000000000000 [ 95.208062][ T5831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.215002][ T5831] CR2: 00005633c0c98470 CR3: 000000003443a000 CR4: 00000000003526f0 [ 95.223017][ T5831] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.230996][ T5831] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.238973][ T5831] Call Trace: [ 95.242261][ T5831] [ 95.245206][ T5831] ? __pfx___bch2_inode_validate+0x10/0x10 [ 95.251054][ T5831] ? __pfx_bch2_bkey_pack_pos_lossy+0x10/0x10 [ 95.257151][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.262370][ T5831] ? __build_ro_aux_tree+0xafc/0x1800 [ 95.267756][ T5831] __build_ro_aux_tree+0xb21/0x1800 [ 95.272991][ T5831] ? __pfx___build_ro_aux_tree+0x10/0x10 [ 95.278640][ T5831] ? bch2_bkey_val_validate+0x212/0x400 [ 95.284198][ T5831] ? __pfx_bch2_bkey_val_validate+0x10/0x10 [ 95.290116][ T5831] ? __asan_memset+0x22/0x50 [ 95.294998][ T5831] bch2_bset_build_aux_tree+0x3f5/0x570 [ 95.300568][ T5831] bch2_btree_node_read_done+0x39e4/0x4f60 [ 95.306404][ T5831] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 95.312571][ T5831] ? bch2_extent_ptr_to_text+0x5a/0x900 [ 95.318214][ T5831] ? bch2_extent_ptr_to_text+0x5a/0x900 [ 95.323769][ T5831] ? bch2_bkey_ptrs_to_text+0x1161/0x1310 [ 95.329557][ T5831] ? bch2_printbuf_make_room+0xdb/0x360 [ 95.335247][ T5831] ? enumerated_ref_put+0xbe/0x270 [ 95.340378][ T5831] btree_node_read_work+0x426/0xe30 [ 95.345612][ T5831] ? __pfx_btree_node_read_work+0x10/0x10 [ 95.351343][ T5831] ? bch2_latency_acct+0x436/0x520 [ 95.356463][ T5831] ? __pfx_bch2_latency_acct+0x10/0x10 [ 95.361939][ T5831] ? bio_associate_blkg+0x6d/0x230 [ 95.367077][ T5831] bch2_btree_node_read+0x887/0x29f0 [ 95.372396][ T5831] ? bch2_btree_node_fill+0x954/0x14f0 [ 95.377866][ T5831] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 95.383602][ T5831] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 95.389249][ T5831] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 95.395245][ T5831] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 95.401896][ T5831] ? bch2_btree_node_mem_alloc+0xcd9/0x1820 [ 95.407849][ T5831] ? six_unlock_ip+0x302/0x430 [ 95.412632][ T5831] ? bch2_btree_node_fill+0xb47/0x14f0 [ 95.418102][ T5831] bch2_btree_node_fill+0xd12/0x14f0 [ 95.423395][ T5831] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10 [ 95.429388][ T5831] ? __pfx_bch2_btree_node_fill+0x10/0x10 [ 95.435114][ T5831] ? btree_cache_find+0xf4/0x2d0 [ 95.440059][ T5831] ? btree_cache_find+0xf4/0x2d0 [ 95.445011][ T5831] ? btree_cache_find+0x26f/0x2d0 [ 95.450039][ T5831] ? __pfx_btree_cache_find+0x10/0x10 [ 95.455425][ T5831] bch2_btree_node_get_noiter+0xa2c/0x1000 [ 95.461276][ T5831] read_btree_nodes_worker+0x1319/0x1e20 [ 95.466953][ T5831] ? read_btree_nodes_worker+0xcef/0x1e20 [ 95.472722][ T5831] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 95.478756][ T5831] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 95.484670][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.489918][ T5831] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 95.495921][ T5831] ? __kthread_parkme+0x7b/0x200 [ 95.500899][ T5831] ? __kthread_parkme+0x1a1/0x200 [ 95.505954][ T5831] kthread+0x70e/0x8a0 [ 95.510048][ T5831] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 95.516050][ T5831] ? __pfx_kthread+0x10/0x10 [ 95.520658][ T5831] ? _raw_spin_unlock_irq+0x23/0x50 [ 95.525901][ T5831] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.531134][ T5831] ? __pfx_kthread+0x10/0x10 [ 95.535768][ T5831] ret_from_fork+0x3fc/0x770 [ 95.540402][ T5831] ? __pfx_ret_from_fork+0x10/0x10 [ 95.545609][ T5831] ? __switch_to_asm+0x39/0x70 [ 95.550378][ T5831] ? __switch_to_asm+0x33/0x70 [ 95.555147][ T5831] ? __pfx_kthread+0x10/0x10 [ 95.559773][ T5831] ret_from_fork_asm+0x1a/0x30 [ 95.564550][ T5831] [ 95.567571][ T5831] Modules linked in: [ 95.571765][ T5831] ---[ end trace 0000000000000000 ]--- [ 95.577345][ T5831] RIP: 0010:bch2_bkey_pack_pos_lossy+0x13de/0x24e0 [ 95.584410][ T5831] Code: e8 57 ce 08 fe 48 ba 00 00 00 00 00 fc ff df e9 a5 f8 ff ff e8 c3 d5 a7 fd 90 0f 0b e8 bb d5 a7 fd 90 0f 0b e8 b3 d5 a7 fd 90 <0f> 0b e8 ab d5 a7 fd 90 0f 0b e8 a3 d5 a7 fd 90 0f 0b f3 0f 1e fa [ 95.604348][ T5831] RSP: 0018:ffffc900043aeb40 EFLAGS: 00010293 [ 95.610778][ T5831] RAX: ffffffff8418244d RBX: 0000090000000000 RCX: ffff888030f41e00 [ 95.618834][ T5831] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000090000000000 [ 95.626842][ T5831] RBP: ffffc900043aed78 R08: ffffffffffffffff R09: ffffffffffffffff [ 95.634911][ T5831] R10: ffffffffffffffff R11: ffffffffffffffff R12: ffff88814c4490c4 [ 95.642933][ T5831] R13: fffff700ffffffff R14: 0000000000000000 R15: fffffffffffffffe [ 95.650951][ T5831] FS: 0000000000000000(0000) GS:ffff888125c98000(0000) knlGS:0000000000000000 [ 95.660046][ T5831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.666690][ T5831] CR2: 000055f7477e8168 CR3: 0000000034d24000 CR4: 00000000003526f0 [ 95.674825][ T5831] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.683010][ T5831] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.691159][ T5831] Kernel panic - not syncing: Fatal exception [ 95.697511][ T5831] Kernel Offset: disabled [ 95.701858][ T5831] Rebooting in 86400 seconds..