./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3862494244 <...> Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. execve("./syz-executor3862494244", ["./syz-executor3862494244"], 0x7fff56a50be0 /* 10 vars */) = 0 brk(NULL) = 0x555578867000 brk(0x555578867d00) = 0x555578867d00 arch_prctl(ARCH_SET_FS, 0x555578867380) = 0 set_tid_address(0x555578867650) = 5828 set_robust_list(0x555578867660, 24) = 0 rseq(0x555578867ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3862494244", 4096) = 28 getrandom("\xa6\xfc\x35\x6a\x79\x33\x8f\xf2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555578867d00 brk(0x555578888d00) = 0x555578888d00 brk(0x555578889000) = 0x555578889000 mprotect(0x7fbf2de4a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555578867650) = 5829 ./strace-static-x86_64: Process 5829 attached [pid 5829] set_robust_list(0x555578867660, 24) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] memfd_create("syzkaller", 0) = 3 [pid 5829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbf25800000 [pid 5829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5829] munmap(0x7fbf25800000, 138412032) = 0 [pid 5829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5829] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5829] close(3) = 0 [pid 5829] close(4) = 0 [pid 5829] mkdir("./file1", 0777) = 0 [ 74.399519][ T5829] loop0: detected capacity change from 0 to 32768 [ 74.478308][ T5829] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,fix_errors=yes,norecovery,version_upgrade=incompatible [ 74.478308][ T5829] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 74.512348][ T5829] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 74.520891][ T5829] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 74.528952][ T5829] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 74.528952][ T5829] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 74.551031][ T5829] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 1.7: mi_btree_bitmap [ 74.551031][ T5829] [ 74.579373][ T5829] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 74.579389][ T5829] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 74.579396][ T5829] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 4 too large: 0 + 648518346341351424 > 4294967295 [ 74.579402][ T5829] u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:648518346341351424, 0:0 [ 74.579408][ T5829] flagging btree xattrs lost data [ 74.579412][ T5829] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 74.579418][ T5829] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 74.579424][ T5829] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 74.579430][ T5829] ret btree_node_read_validate_error [ 74.662450][ T5829] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 74.679623][ T5829] bcachefs (loop0): scan_for_btree_nodes... [ 74.682534][ T5832] bcachefs (loop0): sb invalid before write: Unsupported superblock version_min 0.0: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive) [ 74.682555][ T5832] emergency read only at seq 10 [ 74.710715][ T5832] ------------[ cut here ]------------ [ 74.716261][ T5832] kernel BUG at fs/bcachefs/bkey_methods.c:469! [ 74.722514][ T5832] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 74.728747][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: read_btree_node Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 74.741130][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 74.751163][ T5832] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 74.756978][ T5832] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 74.776577][ T5832] RSP: 0018:ffffc9000438ea40 EFLAGS: 00010293 [ 74.782679][ T5832] RAX: ffffffff8419218e RBX: ffff88802fc508c0 RCX: ffff888031661e00 [ 74.790641][ T5832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 74.798601][ T5832] RBP: ffffc9000438ece8 R08: 0000000020000000 R09: 0000000020000000 [ 74.806562][ T5832] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 74.814520][ T5832] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 74.822476][ T5832] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 74.831393][ T5832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.837966][ T5832] CR2: 00007ffd66213388 CR3: 000000002f80a000 CR4: 00000000003526f0 [ 74.845926][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.853879][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.861828][ T5832] Call Trace: [ 74.865091][ T5832] [ 74.868004][ T5832] ? __pfx___bch2_bkey_compat+0x10/0x10 [ 74.873539][ T5832] ? bch2_write_super+0x2705/0x2d30 [ 74.878739][ T5832] ? validate_bset+0x5c9/0x1e70 [ 74.883570][ T5832] ? __pfx_bch2_write_super+0x10/0x10 [ 74.888925][ T5832] ? validate_bset+0x5d1/0x1e70 [ 74.893756][ T5832] validate_bset_keys+0x5b7/0x1480 [ 74.898880][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 74.904861][ T5832] ? validate_bset+0x2d8/0x1e70 [ 74.909705][ T5832] ? __pfx_validate_bset_keys+0x10/0x10 [ 74.915236][ T5832] ? krealloc_noprof+0x1cd/0x340 [ 74.920157][ T5832] ? prt_str+0x439/0x760 [ 74.924391][ T5832] ? bch2_btree_node_read_done+0x1c07/0x5150 [ 74.930365][ T5832] bch2_btree_node_read_done+0x1d3c/0x5150 [ 74.936166][ T5832] ? __pfx_number+0x10/0x10 [ 74.940667][ T5832] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 74.946809][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x890 [ 74.952341][ T5832] ? bch2_bkey_ptrs_to_text+0x1161/0x1310 [ 74.958044][ T5832] ? bch2_printbuf_make_room+0xdb/0x360 [ 74.963596][ T5832] ? enumerated_ref_put+0xbe/0x270 [ 74.968693][ T5832] btree_node_read_work+0x426/0xe30 [ 74.973882][ T5832] ? __pfx_btree_node_read_work+0x10/0x10 [ 74.979589][ T5832] ? bch2_latency_acct+0x436/0x520 [ 74.984681][ T5832] ? __pfx_bch2_latency_acct+0x10/0x10 [ 74.990117][ T5832] ? bio_associate_blkg+0x6d/0x230 [ 74.995222][ T5832] bch2_btree_node_read+0x887/0x2a00 [ 75.000507][ T5832] ? bch2_btree_node_fill+0x954/0x14f0 [ 75.005953][ T5832] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 75.011661][ T5832] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 75.017281][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 75.023245][ T5832] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 75.029733][ T5832] ? bch2_btree_node_mem_alloc+0xcdf/0x1820 [ 75.035645][ T5832] ? six_unlock_ip+0x302/0x430 [ 75.040391][ T5832] ? bch2_btree_node_fill+0xb47/0x14f0 [ 75.045830][ T5832] bch2_btree_node_fill+0xd12/0x14f0 [ 75.051098][ T5832] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10 [ 75.057066][ T5832] ? __pfx_bch2_btree_node_fill+0x10/0x10 [ 75.062766][ T5832] ? btree_cache_find+0xf4/0x2d0 [ 75.067689][ T5832] ? btree_cache_find+0xf4/0x2d0 [ 75.072605][ T5832] ? btree_cache_find+0x26f/0x2d0 [ 75.077611][ T5832] ? __pfx_btree_cache_find+0x10/0x10 [ 75.082967][ T5832] bch2_btree_node_get_noiter+0xa2c/0x1000 [ 75.088763][ T5832] read_btree_nodes_worker+0x1319/0x1e20 [ 75.094380][ T5832] ? read_btree_nodes_worker+0xcef/0x1e20 [ 75.100088][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 75.106053][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 75.111931][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.117121][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 75.123002][ T5832] ? __kthread_parkme+0x7b/0x200 [ 75.127931][ T5832] ? __kthread_parkme+0x1a1/0x200 [ 75.133028][ T5832] kthread+0x70e/0x8a0 [ 75.137078][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 75.143038][ T5832] ? __pfx_kthread+0x10/0x10 [ 75.147606][ T5832] ? _raw_spin_unlock_irq+0x23/0x50 [ 75.152787][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.157970][ T5832] ? __pfx_kthread+0x10/0x10 [ 75.162545][ T5832] ret_from_fork+0x3fc/0x770 [ 75.167120][ T5832] ? __pfx_ret_from_fork+0x10/0x10 [ 75.172216][ T5832] ? __switch_to_asm+0x39/0x70 [ 75.176966][ T5832] ? __switch_to_asm+0x33/0x70 [ 75.181713][ T5832] ? __pfx_kthread+0x10/0x10 [ 75.186285][ T5832] ret_from_fork_asm+0x1a/0x30 [ 75.191034][ T5832] [ 75.194035][ T5832] Modules linked in: [ 75.198056][ T5832] ---[ end trace 0000000000000000 ]--- [ 75.203597][ T5832] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 75.209480][ T5832] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 75.229195][ T5832] RSP: 0018:ffffc9000438ea40 EFLAGS: 00010293 [ 75.235297][ T5832] RAX: ffffffff8419218e RBX: ffff88802fc508c0 RCX: ffff888031661e00 [ 75.243261][ T5832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 75.251263][ T5832] RBP: ffffc9000438ece8 R08: 0000000020000000 R09: 0000000020000000 [ 75.259254][ T5832] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 75.267252][ T5832] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 75.275240][ T5832] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 75.284151][ T5832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.290758][ T5832] CR2: 00007ffd66213388 CR3: 000000002f80a000 CR4: 00000000003526f0 [ 75.298742][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.306830][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.314829][ T5832] Kernel panic - not syncing: Fatal exception [ 75.321003][ T5832] Kernel Offset: disabled [ 75.325307][ T5832] Rebooting in 86400 seconds..