./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor488252962 <...> Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. execve("./syz-executor488252962", ["./syz-executor488252962"], 0x7fffc4c5cc50 /* 10 vars */) = 0 brk(NULL) = 0x55558b53d000 brk(0x55558b53dd00) = 0x55558b53dd00 arch_prctl(ARCH_SET_FS, 0x55558b53d380) = 0 set_tid_address(0x55558b53d650) = 5832 set_robust_list(0x55558b53d660, 24) = 0 rseq(0x55558b53dca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor488252962", 4096) = 27 getrandom("\x4d\xce\x79\xaf\xd4\xcc\x7a\x74", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558b53dd00 brk(0x55558b55ed00) = 0x55558b55ed00 brk(0x55558b55f000) = 0x55558b55f000 mprotect(0x7f403bab1000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x55558b53d660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x55558b53d650) = 5833 [pid 5833] <... set_robust_list resumed>) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 executing program [pid 5833] write(1, "executing program\n", 18) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4033400000 [ 91.820634][ T980] cfg80211: failed to load regulatory.db [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7f4033400000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = 0 [ 91.939607][ T5833] loop0: detected capacity change from 0 to 32768 [ 92.002933][ T5833] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,fix_errors=yes,norecovery,version_upgrade=incompatible [ 92.002933][ T5833] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 92.037916][ T5833] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 92.046828][ T5833] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 92.056164][ T5833] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 92.056164][ T5833] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 92.078965][ T5833] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 1.7: mi_btree_bitmap [ 92.078965][ T5833] [ 92.112424][ T5833] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 92.112443][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 92.112454][ T5833] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 4 too large: 0 + 648518346341351424 > 4294967295 [ 92.112464][ T5833] u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:648518346341351424, 0:0 [ 92.112472][ T5833] flagging btree xattrs lost data [ 92.112479][ T5833] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 92.112488][ T5833] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 92.112497][ T5833] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 92.112507][ T5833] ret btree_node_read_validate_error [ 92.196253][ T5833] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 92.217421][ T5833] bcachefs (loop0): scan_for_btree_nodes... [ 92.220750][ T5839] bcachefs (loop0): sb invalid before write: Unsupported superblock version_min 0.0: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive) [ 92.220784][ T5839] emergency read only at seq 10 [ 92.249574][ T5839] ------------[ cut here ]------------ [ 92.255234][ T5839] kernel BUG at fs/bcachefs/bkey_methods.c:469! [ 92.263378][ T5839] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 92.269649][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: read_btree_node Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 92.282058][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.292114][ T5839] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 92.297961][ T5839] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 92.317578][ T5839] RSP: 0018:ffffc900043dea40 EFLAGS: 00010293 [ 92.323653][ T5839] RAX: ffffffff8419218e RBX: ffff888027c378c0 RCX: ffff88802f880000 [ 92.331643][ T5839] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 92.339642][ T5839] RBP: ffffc900043dece8 R08: 0000000020000000 R09: 0000000020000000 [ 92.347632][ T5839] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 92.355618][ T5839] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 92.363603][ T5839] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 92.372543][ T5839] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.379132][ T5839] CR2: 0000564088072168 CR3: 0000000032f78000 CR4: 00000000003526f0 [ 92.387119][ T5839] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.395100][ T5839] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.403080][ T5839] Call Trace: [ 92.406362][ T5839] [ 92.409322][ T5839] ? __pfx___bch2_bkey_compat+0x10/0x10 [ 92.414907][ T5839] ? bch2_write_super+0x2705/0x2d30 [ 92.420130][ T5839] ? validate_bset+0x5c9/0x1e70 [ 92.424997][ T5839] ? __pfx_bch2_write_super+0x10/0x10 [ 92.430393][ T5839] ? validate_bset+0x5d1/0x1e70 [ 92.435262][ T5839] validate_bset_keys+0x5b7/0x1480 [ 92.440394][ T5839] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 92.446413][ T5839] ? validate_bset+0x2d8/0x1e70 [ 92.451284][ T5839] ? __pfx_validate_bset_keys+0x10/0x10 [ 92.456868][ T5839] ? krealloc_noprof+0x1cd/0x340 [ 92.461831][ T5839] ? prt_str+0x439/0x760 [ 92.466101][ T5839] ? bch2_btree_node_read_done+0x1c07/0x5150 [ 92.472100][ T5839] bch2_btree_node_read_done+0x1d3c/0x5150 [ 92.477927][ T5839] ? __pfx_number+0x10/0x10 [ 92.482459][ T5839] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 92.488632][ T5839] ? bch2_extent_ptr_to_text+0x5a/0x890 [ 92.494195][ T5839] ? bch2_bkey_ptrs_to_text+0x1161/0x1310 [ 92.499926][ T5839] ? bch2_printbuf_make_room+0xdb/0x360 [ 92.505485][ T5839] ? enumerated_ref_put+0xbe/0x270 [ 92.510604][ T5839] btree_node_read_work+0x426/0xe30 [ 92.515831][ T5839] ? __pfx_btree_node_read_work+0x10/0x10 [ 92.521593][ T5839] ? bch2_latency_acct+0x436/0x520 [ 92.526719][ T5839] ? __pfx_bch2_latency_acct+0x10/0x10 [ 92.532185][ T5839] ? bio_associate_blkg+0x6d/0x230 [ 92.537311][ T5839] bch2_btree_node_read+0x887/0x2a00 [ 92.542623][ T5839] ? bch2_btree_node_fill+0x954/0x14f0 [ 92.548098][ T5839] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 92.553836][ T5839] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 92.559491][ T5839] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 92.565491][ T5839] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 92.572002][ T5839] ? bch2_btree_node_mem_alloc+0xcdf/0x1820 [ 92.577913][ T5839] ? six_unlock_ip+0x302/0x430 [ 92.582694][ T5839] ? bch2_btree_node_fill+0xb47/0x14f0 [ 92.588164][ T5839] bch2_btree_node_fill+0xd12/0x14f0 [ 92.593458][ T5839] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10 [ 92.599456][ T5839] ? __pfx_bch2_btree_node_fill+0x10/0x10 [ 92.605190][ T5839] ? btree_cache_find+0xf4/0x2d0 [ 92.610143][ T5839] ? btree_cache_find+0xf4/0x2d0 [ 92.615089][ T5839] ? btree_cache_find+0x26f/0x2d0 [ 92.620125][ T5839] ? __pfx_btree_cache_find+0x10/0x10 [ 92.625510][ T5839] bch2_btree_node_get_noiter+0xa2c/0x1000 [ 92.631333][ T5839] read_btree_nodes_worker+0x1319/0x1e20 [ 92.636987][ T5839] ? read_btree_nodes_worker+0xcef/0x1e20 [ 92.642750][ T5839] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 92.648782][ T5839] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 92.654701][ T5839] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.659923][ T5839] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 92.665838][ T5839] ? __kthread_parkme+0x7b/0x200 [ 92.670808][ T5839] ? __kthread_parkme+0x1a1/0x200 [ 92.675858][ T5839] kthread+0x70e/0x8a0 [ 92.679941][ T5839] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 92.685944][ T5839] ? __pfx_kthread+0x10/0x10 [ 92.690561][ T5839] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.695775][ T5839] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.700991][ T5839] ? __pfx_kthread+0x10/0x10 [ 92.705611][ T5839] ret_from_fork+0x3fc/0x770 [ 92.710234][ T5839] ? __pfx_ret_from_fork+0x10/0x10 [ 92.715376][ T5839] ? __switch_to_asm+0x39/0x70 [ 92.720167][ T5839] ? __switch_to_asm+0x33/0x70 [ 92.724948][ T5839] ? __pfx_kthread+0x10/0x10 [ 92.729556][ T5839] ret_from_fork_asm+0x1a/0x30 [ 92.734428][ T5839] [ 92.737456][ T5839] Modules linked in: [ 92.741554][ T5839] ---[ end trace 0000000000000000 ]--- [ 92.747254][ T5839] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 92.753399][ T5839] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 92.773095][ T5839] RSP: 0018:ffffc900043dea40 EFLAGS: 00010293 [ 92.779312][ T5839] RAX: ffffffff8419218e RBX: ffff888027c378c0 RCX: ffff88802f880000 [ 92.787315][ T5839] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 92.795342][ T5839] RBP: ffffc900043dece8 R08: 0000000020000000 R09: 0000000020000000 [ 92.803398][ T5839] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 92.811440][ T5839] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 92.819549][ T5839] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 92.828481][ T5839] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.835111][ T5839] CR2: 0000564088072168 CR3: 0000000011a72000 CR4: 00000000003526f0 [ 92.843137][ T5839] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.851178][ T5839] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.859300][ T5839] Kernel panic - not syncing: Fatal exception [ 92.865712][ T5839] Kernel Offset: disabled [ 92.870050][ T5839] Rebooting in 86400 seconds..