kernel BUG in __build_ro_aux

u64s 7 type dirent 4096:3784119180373593407:U32_MAX len 0 ver 0: file3 -> 1073741825 type reg, fixing bcachefs (loop0): hash table key at wrong offset: should be at 1155338191587432836 u64s 7 type dirent 4096:5682031293254759865:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing bcachefs (loop0): hash table key at wrong offset: should be at 8855617136079183204 u64s 7 type dirent 4096:6229884513039707068:U32_MAX len 0 ver 0: file2 -> 1073741825 type reg, fixing bcachefs (loop0): dirent points to missing inode: u64s 8 type dirent 4096:6416442991714743872:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing bcachefs (loop0): hash table key at wrong offset: should be at 5366792866461476626 u64s 7 type dirent 4096:7012347908543992434:U32_MAX len 0 ver 0: file1 -> 1073741824 type reg, fixing bcachefs (loop0): hash table key at wrong offset: should be at 1030129846099240255 u64s 8 type dirent 4096:8117119959317756843:U32_MAX len 0 ver 0: file.cold -> 1073741826 type reg, fixing bcachefs (loop0): dirent points to missing inode: u64s 7 type dirent 4096:8804448171194225666:U32_MAX len 0 ver 0: file3 -> 1073741825 type reg, fixing bcachefs (loop0): dirent points to missing inode: u64s 7 type dirent 4096:8855617136079183204:U32_MAX len 0 ver 0: file2 -> 1073741825 type reg, fixing bcachefs (loop0): key in missing inode, found keys: u64s 7 type dirent 4098:2566587684781802428:U32_MAX len 0 ver 0: file0 -> 4099 type reg u64s 7 type dirent 4098:4600437421902197670:U32_MAX len 0 ver 0: file1 -> 4100 type lnk , fixing bcachefs (loop0): key in missing inode, found keys: u64s 7 type dirent 4098:4600437421902197670:U32_MAX len 0 ver 0: file1 -> 4100 type lnk , fixing bcachefs (loop0): check_dirents requires second pass bcachefs (loop0): dirent points to missing inode: u64s 8 type dirent 4096:1030129846099240255:U32_MAX len 0 ver 0: file.cold -> 1073741826 type reg, fixing bcachefs (loop0): dirent points to missing inode: u64s 7 type dirent 4096:1155338191587432836:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing bcachefs (loop0): dirent points to missing inode: u64s 7 type dirent 4096:5366792866461476626:U32_MAX len 0 ver 0: file1 -> 1073741824 type reg, fixing bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 1 should be 0 done bcachefs (loop0): check_xattrs... bcachefs (loop0): key in missing inode, found keys: u64s 7 type xattr 1073741824:945502502804528484:U32_MAX len 0 ver 0: user.xattr2:xattr2 u64s 7 type xattr 1073741824:3442546108204556527:U32_MAX len 0 ver 0: user.xattr1:xattr1 , fixing bcachefs (loop0): key in missing inode, found keys: u64s 7 type xattr 1073741824:3442546108204556527:U32_MAX len 0 ver 0: user.xattr1:xattr1 , fixing done bcachefs (loop0): check_root... done bcachefs (loop0): check_unreachable_inodes... done bcachefs (loop0): check_subvolume_structure... done bcachefs (loop0): check_directory_structure... done bcachefs (loop0): check_nlinks... done bcachefs (loop0): check_rebalance_work... done bcachefs (loop0): resume_logged_ops... done bcachefs (loop0): delete_dead_inodes... done bcachefs (loop0): set_fs_needs_rebalance... done ------------[ cut here ]------------ kernel BUG at fs/bcachefs/bset.c:652! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:make_bfloat fs/bcachefs/bset.c:652 [inline] RIP: 0010:__build_ro_aux_tree+0x17e1/0x1800 fs/bcachefs/bset.c:750 Code: 0c 9e fd be 01 00 00 00 48 c7 c7 00 d0 75 8e 48 89 da e8 82 75 de 00 e9 18 f4 ff ff e8 e8 0b 9e fd 90 0f 0b e8 e0 0b 9e fd 90 <0f> 0b e8 d8 0b 9e fd 90 0f 0b e8 d0 0b 9e fd 90 0f 0b 66 66 66 66 RSP: 0018:ffffc9000d4aebc0 EFLAGS: 00010246 RAX: ffffffff8421af80 RBX: dffffc0000000000 RCX: 0000000000100000 RDX: ffffc9000e052000 RSI: 00000000000fffff RDI: 0000000000100000 RBP: ffffc9000d4aed90 R08: ffff888033124880 R09: 0000000000000002 R10: 000000000000ffff R11: 0000000000000002 R12: ffff888056420191 R13: 0000000000000130 R14: 0000000000000001 R15: 0000000000000090 FS: 00007f63b46666c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563e5f7fb168 CR3: 000000004314e000 CR4: 0000000000352ef0 Call Trace: <TASK> bch2_bset_build_aux_tree+0x3f5/0x570 fs/bcachefs/bset.c:787 bch2_btree_build_aux_trees fs/bcachefs/btree_io.c:451 [inline] bch2_btree_post_write_cleanup+0x630/0xad0 fs/bcachefs/btree_io.c:2628 bch2_btree_node_write_trans+0x17b/0x760 fs/bcachefs/btree_io.c:2676 btree_node_write_if_need fs/bcachefs/btree_io.h:167 [inline] __btree_node_flush+0x323/0x430 fs/bcachefs/btree_trans_commit.c:255 bch2_btree_node_flush0+0x27/0x40 fs/bcachefs/btree_trans_commit.c:264 journal_flush_pins+0x8e3/0xe90 fs/bcachefs/journal_reclaim.c:604 journal_flush_pins_or_still_flushing fs/bcachefs/journal_reclaim.c:871 [inline] journal_flush_done+0x112/0x810 fs/bcachefs/journal_reclaim.c:889 bch2_journal_flush_pins+0x155/0x250 fs/bcachefs/journal_reclaim.c:921 bch2_journal_flush_all_pins fs/bcachefs/journal_reclaim.h:76 [inline] bch2_fs_recovery+0x2775/0x3a50 fs/bcachefs/recovery.c:1036 bch2_fs_start+0xaaf/0xda0 fs/bcachefs/super.c:1213 bch2_fs_get_tree+0xb39/0x1520 fs/bcachefs/fs.c:2488 vfs_get_tree+0x92/0x2b0 fs/super.c:1815 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3805 do_mount fs/namespace.c:4133 [inline] __do_sys_mount fs/namespace.c:4344 [inline] __se_sys_mount+0x317/0x410 fs/namespace.c:4321 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f63b379038a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f63b4665e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f63b4665ef0 RCX: 00007f63b379038a RDX: 000020000000f640 RSI: 000020000000f680 RDI: 00007f63b4665eb0 RBP: 000020000000f640 R08: 00007f63b4665ef0 R09: 0000000000800190 R10: 0000000000800190 R11: 0000000000000246 R12: 000020000000f680 R13: 00007f63b4665eb0 R14: 000000000000f644 R15: 0000200000000380 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:make_bfloat fs/bcachefs/bset.c:652 [inline] RIP: 0010:__build_ro_aux_tree+0x17e1/0x1800 fs/bcachefs/bset.c:750 Code: 0c 9e fd be 01 00 00 00 48 c7 c7 00 d0 75 8e 48 89 da e8 82 75 de 00 e9 18 f4 ff ff e8 e8 0b 9e fd 90 0f 0b e8 e0 0b 9e fd 90 <0f> 0b e8 d8 0b 9e fd 90 0f 0b e8 d0 0b 9e fd 90 0f 0b 66 66 66 66 RSP: 0018:ffffc9000d4aebc0 EFLAGS: 00010246 RAX: ffffffff8421af80 RBX: dffffc0000000000 RCX: 0000000000100000 RDX: ffffc9000e052000 RSI: 00000000000fffff RDI: 0000000000100000 RBP: ffffc9000d4aed90 R08: ffff888033124880 R09: 0000000000000002 R10: 000000000000ffff R11: 0000000000000002 R12: ffff888056420191 R13: 0000000000000130 R14: 0000000000000001 R15: 0000000000000090 FS: 00007f63b46666c0(0000) GS:ffff88808d218000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000563e5f7fb168 CR3: 000000004314e000 CR4: 0000000000352ef0

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/08/06 17:33	upstream	479058002c32	4bd24a3e	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	kernel BUG in __build_ro_aux_tree
2025/07/20 01:03	upstream	bf61759db409	7117feec	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	kernel BUG in __build_ro_aux_tree

Crashes (2):

Time

Assets (help?)