syzbot

 sign-in | mailing list | source | docs
🐞 Open [1505]
Subsystems
🐞 Fixed [6661]
🐞 Invalid [17054]
Missing Backports [214]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

kernel BUG in __build_ro_aux_tree (2)

Status: upstream: reported on 2025/07/24 01:12
Subsystems: bcachefs
[Documentation on labels]
Reported-by: syzbot+7e787e7154eb952a259b@syzkaller.appspotmail.com
First crash: 90d, last: 27d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bcachefs?] kernel BUG in __build_ro_aux_tree (2) 0 (1) 2025/07/24 01:12
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in __build_ro_aux_tree bcachefs -1 4 226d 307d 0/29 auto-obsoleted due to no activity on 2025/06/13 20:14

Sample crash report:
    dirty_sectors        0
    stripe_sectors       0
    cached_sectors       0
    stripe               0
    stripe_redundancy    0
    io_time[READ]        1
    io_time[WRITE]       512
    fragmentation     0
    bp_start          8
  , fixing
 done
bcachefs (loop0): check_btree_backpointers...
bcachefs (loop0): backpointer for nonexistent alloc key: 0:220176799:0
  u64s 9 type backpointer 0:57718026928128:0 len 0 ver 0: bucket=0:220176799:128 btree=extents level=1 data_type=btree suboffset=0 len=256 gen=0 pos=SPOS_MAX, fixing
 done
bcachefs (loop0): check_backpointers_to_extents... done
bcachefs (loop0): check_extents_to_backpointers...
bcachefs (loop0): scanning for missing backpointers in 4/128 buckets
 done
bcachefs (loop0): check_alloc_to_lru_refs... done
bcachefs (loop0): check_snapshot_trees... done
bcachefs (loop0): check_snapshots... done
bcachefs (loop0): check_subvols...
bcachefs (loop0): running recovery pass reconstruct_snapshots (21), currently at check_subvols (24) - rewinding
bcachefs (loop0): bch2_check_subvols(): error restart_recovery
bcachefs (loop0): reconstruct_snapshots...
bcachefs (loop0): snapshot node 4294967295 from tree 4294967295 missing, recreating
 done
bcachefs (loop0): check_snapshot_trees... done
bcachefs (loop0): check_snapshots... done
bcachefs (loop0): check_subvols...
bcachefs (loop0): subvolume 1 is not set as snapshot but is not master subvolume, fixing
 done
bcachefs (loop0): check_subvol_children... done
bcachefs (loop0): delete_dead_snapshots... done
bcachefs (loop0): check_inodes... done
bcachefs (loop0): check_extents... done
bcachefs (loop0): check_indirect_extents... done
bcachefs (loop0): check_dirents... done
bcachefs (loop0): check_xattrs... done
bcachefs (loop0): check_root... done
bcachefs (loop0): check_unreachable_inodes... done
bcachefs (loop0): check_subvolume_structure... done
bcachefs (loop0): check_directory_structure... done
bcachefs (loop0): check_nlinks... done
bcachefs (loop0): check_rebalance_work... done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): set_fs_needs_rebalance... done
------------[ cut here ]------------
kernel BUG at fs/bcachefs/bset.c:652!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:make_bfloat fs/bcachefs/bset.c:652 [inline]
RIP: 0010:__build_ro_aux_tree+0x17e1/0x1800 fs/bcachefs/bset.c:750
Code: 0a 9d fd be 01 00 00 00 48 c7 c7 e0 13 96 8e 48 89 da e8 c2 af de 00 e9 18 f4 ff ff e8 08 0a 9d fd 90 0f 0b e8 00 0a 9d fd 90 <0f> 0b e8 f8 09 9d fd 90 0f 0b e8 f0 09 9d fd 90 0f 0b 66 66 66 66
RSP: 0018:ffffc9000d27ebc0 EFLAGS: 00010246
RAX: ffffffff8422b340 RBX: dffffc0000000000 RCX: 0000000000100000
RDX: ffffc9000e172000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc9000d27ed90 R08: ffff888000e1c880 R09: 0000000000000002
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888056560191
R13: 0000000000000130 R14: 0000000000000001 R15: 0000000000000090
FS:  00007f391659f6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f56227909c0 CR3: 0000000044079000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 bch2_bset_build_aux_tree+0x3f5/0x570 fs/bcachefs/bset.c:787
 bch2_btree_build_aux_trees fs/bcachefs/btree_io.c:451 [inline]
 bch2_btree_post_write_cleanup+0x630/0xad0 fs/bcachefs/btree_io.c:2628
 bch2_btree_node_write_trans+0x17b/0x760 fs/bcachefs/btree_io.c:2676
 btree_node_write_if_need fs/bcachefs/btree_io.h:167 [inline]
 __btree_node_flush+0x323/0x430 fs/bcachefs/btree_trans_commit.c:255
 bch2_btree_node_flush0+0x27/0x40 fs/bcachefs/btree_trans_commit.c:264
 journal_flush_pins+0x8e3/0xe90 fs/bcachefs/journal_reclaim.c:604
 journal_flush_pins_or_still_flushing fs/bcachefs/journal_reclaim.c:871 [inline]
 journal_flush_done+0x112/0x810 fs/bcachefs/journal_reclaim.c:889
 bch2_journal_flush_pins+0x155/0x250 fs/bcachefs/journal_reclaim.c:921
 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline]
 bch2_fs_recovery+0x2775/0x3a50 fs/bcachefs/recovery.c:1036
 bch2_fs_start+0xaaf/0xda0 fs/bcachefs/super.c:1213
 bch2_fs_get_tree+0xb39/0x1520 fs/bcachefs/fs.c:2488
 vfs_get_tree+0x92/0x2b0 fs/super.c:1815
 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3808
 do_mount fs/namespace.c:4136 [inline]
 __do_sys_mount fs/namespace.c:4347 [inline]
 __se_sys_mount+0x317/0x410 fs/namespace.c:4324
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f39157903ca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f391659ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f391659eef0 RCX: 00007f39157903ca
RDX: 000020000000f640 RSI: 000020000000f680 RDI: 00007f391659eeb0
RBP: 000020000000f640 R08: 00007f391659eef0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000020000000f680
R13: 00007f391659eeb0 R14: 000000000000f633 R15: 0000200000000280
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:make_bfloat fs/bcachefs/bset.c:652 [inline]
RIP: 0010:__build_ro_aux_tree+0x17e1/0x1800 fs/bcachefs/bset.c:750
Code: 0a 9d fd be 01 00 00 00 48 c7 c7 e0 13 96 8e 48 89 da e8 c2 af de 00 e9 18 f4 ff ff e8 08 0a 9d fd 90 0f 0b e8 00 0a 9d fd 90 <0f> 0b e8 f8 09 9d fd 90 0f 0b e8 f0 09 9d fd 90 0f 0b 66 66 66 66
RSP: 0018:ffffc9000d27ebc0 EFLAGS: 00010246
RAX: ffffffff8422b340 RBX: dffffc0000000000 RCX: 0000000000100000
RDX: ffffc9000e172000 RSI: 00000000000fffff RDI: 0000000000100000
RBP: ffffc9000d27ed90 R08: ffff888000e1c880 R09: 0000000000000002
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888056560191
R13: 0000000000000130 R14: 0000000000000001 R15: 0000000000000090
FS:  00007f391659f6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f56227909c0 CR3: 0000000044079000 CR4: 0000000000352ef0

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/09/20 15:24 upstream cd89d487374c 67c37560 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in __build_ro_aux_tree
2025/09/15 23:42 upstream f83ec76bf285 e2beed91 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in __build_ro_aux_tree
2025/09/07 02:56 upstream b236920731dd d291dd2d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in __build_ro_aux_tree
2025/08/06 17:33 upstream 479058002c32 4bd24a3e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in __build_ro_aux_tree
2025/07/20 01:03 upstream bf61759db409 7117feec .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in __build_ro_aux_tree
* Struck through repros no longer work on HEAD.