./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1173033360 <...> Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts. execve("./syz-executor1173033360", ["./syz-executor1173033360"], 0x7ffda9f6e6d0 /* 10 vars */) = 0 brk(NULL) = 0x555582207000 brk(0x555582207d00) = 0x555582207d00 arch_prctl(ARCH_SET_FS, 0x555582207380) = 0 set_tid_address(0x555582207650) = 5831 set_robust_list(0x555582207660, 24) = 0 rseq(0x555582207ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1173033360", 4096) = 28 getrandom("\x01\x4e\x6e\xd3\xb8\xa7\xcc\x0a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555582207d00 brk(0x555582228d00) = 0x555582228d00 brk(0x555582229000) = 0x555582229000 mprotect(0x7fa649a2d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555582207650) = 5833 ./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x555582207660, 24) = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] write(1, "executing program\n", 18executing program ) = 18 [pid 5833] memfd_create("syzkaller", 0) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa641400000 [ 91.921840][ T24] cfg80211: failed to load regulatory.db [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fa641400000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file1", 0777) = 0 [ 92.107339][ T5833] loop0: detected capacity change from 0 to 32768 [ 92.192133][ T5833] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,fix_errors=yes,norecovery,version_upgrade=incompatible [ 92.192133][ T5833] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 92.226167][ T5833] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 92.235636][ T5833] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 92.244021][ T5833] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 92.244021][ T5833] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 92.266240][ T5833] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 1.7: mi_btree_bitmap [ 92.266240][ T5833] [ 92.296249][ T5833] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 92.296269][ T5833] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 92.296280][ T5833] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 4 too large: 0 + 648518346341351424 > 4294967295 [ 92.296291][ T5833] u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:648518346341351424, 0:0 [ 92.296300][ T5833] flagging btree xattrs lost data [ 92.296307][ T5833] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 92.296316][ T5833] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 92.296325][ T5833] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 92.296335][ T5833] ret btree_node_read_validate_error [ 92.380068][ T5833] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 92.398828][ T5833] bcachefs (loop0): scan_for_btree_nodes... [ 92.402593][ T5837] bcachefs (loop0): sb invalid before write: Unsupported superblock version_min 0.0: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive) [ 92.402622][ T5837] emergency read only at seq 10 [ 92.431163][ T5837] ------------[ cut here ]------------ [ 92.436739][ T5837] kernel BUG at fs/bcachefs/bkey_methods.c:469! [ 92.443141][ T5837] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 92.449432][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: read_btree_node Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 92.461856][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.471929][ T5837] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 92.477785][ T5837] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 92.497420][ T5837] RSP: 0018:ffffc900044bea40 EFLAGS: 00010293 [ 92.503507][ T5837] RAX: ffffffff8419218e RBX: ffff8880321e30c0 RCX: ffff8880347c1e00 [ 92.511484][ T5837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 92.519468][ T5837] RBP: ffffc900044bece8 R08: 0000000020000000 R09: 0000000020000000 [ 92.527448][ T5837] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 92.535423][ T5837] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 92.543407][ T5837] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 92.552345][ T5837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.558931][ T5837] CR2: 0000556a5df4d9e0 CR3: 0000000034abc000 CR4: 00000000003526f0 [ 92.566918][ T5837] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.574902][ T5837] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 92.582887][ T5837] Call Trace: [ 92.586352][ T5837] [ 92.590349][ T5837] ? __pfx___bch2_bkey_compat+0x10/0x10 [ 92.596004][ T5837] ? bch2_write_super+0x2705/0x2d30 [ 92.601398][ T5837] ? validate_bset+0x5c9/0x1e70 [ 92.606267][ T5837] ? __pfx_bch2_write_super+0x10/0x10 [ 92.611667][ T5837] ? validate_bset+0x5d1/0x1e70 [ 92.616533][ T5837] validate_bset_keys+0x5b7/0x1480 [ 92.621685][ T5837] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 92.627783][ T5837] ? validate_bset+0x2d8/0x1e70 [ 92.632648][ T5837] ? __pfx_validate_bset_keys+0x10/0x10 [ 92.638241][ T5837] ? krealloc_noprof+0x1cd/0x340 [ 92.643208][ T5837] ? prt_str+0x439/0x760 [ 92.647554][ T5837] ? bch2_btree_node_read_done+0x1c07/0x5150 [ 92.653579][ T5837] bch2_btree_node_read_done+0x1d3c/0x5150 [ 92.659409][ T5837] ? __pfx_number+0x10/0x10 [ 92.663949][ T5837] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 92.670141][ T5837] ? bch2_extent_ptr_to_text+0x5a/0x890 [ 92.675710][ T5837] ? bch2_bkey_ptrs_to_text+0x1161/0x1310 [ 92.681437][ T5837] ? bch2_printbuf_make_room+0xdb/0x360 [ 92.687021][ T5837] ? enumerated_ref_put+0xbe/0x270 [ 92.692154][ T5837] btree_node_read_work+0x426/0xe30 [ 92.697374][ T5837] ? __pfx_btree_node_read_work+0x10/0x10 [ 92.703197][ T5837] ? bch2_latency_acct+0x436/0x520 [ 92.708331][ T5837] ? __pfx_bch2_latency_acct+0x10/0x10 [ 92.713800][ T5837] ? bio_associate_blkg+0x6d/0x230 [ 92.718929][ T5837] bch2_btree_node_read+0x887/0x2a00 [ 92.724239][ T5837] ? bch2_btree_node_fill+0x954/0x14f0 [ 92.729727][ T5837] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 92.735487][ T5837] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 92.741152][ T5837] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 92.747256][ T5837] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 92.753795][ T5837] ? bch2_btree_node_mem_alloc+0xcdf/0x1820 [ 92.759703][ T5837] ? six_unlock_ip+0x302/0x430 [ 92.764477][ T5837] ? bch2_btree_node_fill+0xb47/0x14f0 [ 92.769968][ T5837] bch2_btree_node_fill+0xd12/0x14f0 [ 92.775314][ T5837] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10 [ 92.781318][ T5837] ? __pfx_bch2_btree_node_fill+0x10/0x10 [ 92.787057][ T5837] ? btree_cache_find+0xf4/0x2d0 [ 92.792007][ T5837] ? btree_cache_find+0xf4/0x2d0 [ 92.796953][ T5837] ? btree_cache_find+0x26f/0x2d0 [ 92.801991][ T5837] ? __pfx_btree_cache_find+0x10/0x10 [ 92.807419][ T5837] bch2_btree_node_get_noiter+0xa2c/0x1000 [ 92.813250][ T5837] read_btree_nodes_worker+0x1319/0x1e20 [ 92.818911][ T5837] ? read_btree_nodes_worker+0xcef/0x1e20 [ 92.824685][ T5837] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 92.830689][ T5837] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 92.836599][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.841808][ T5837] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 92.847715][ T5837] ? __kthread_parkme+0x7b/0x200 [ 92.852676][ T5837] ? __kthread_parkme+0x1a1/0x200 [ 92.857735][ T5837] kthread+0x70e/0x8a0 [ 92.861807][ T5837] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 92.867796][ T5837] ? __pfx_kthread+0x10/0x10 [ 92.872390][ T5837] ? _raw_spin_unlock_irq+0x23/0x50 [ 92.877613][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.882836][ T5837] ? __pfx_kthread+0x10/0x10 [ 92.887444][ T5837] ret_from_fork+0x3fc/0x770 [ 92.892051][ T5837] ? __pfx_ret_from_fork+0x10/0x10 [ 92.897180][ T5837] ? __switch_to_asm+0x39/0x70 [ 92.901947][ T5837] ? __switch_to_asm+0x33/0x70 [ 92.906719][ T5837] ? __pfx_kthread+0x10/0x10 [ 92.911316][ T5837] ret_from_fork_asm+0x1a/0x30 [ 92.916092][ T5837] [ 92.919108][ T5837] Modules linked in: [ 92.923522][ T5837] ---[ end trace 0000000000000000 ]--- [ 92.929165][ T5837] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 92.935166][ T5837] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 92.955113][ T5837] RSP: 0018:ffffc900044bea40 EFLAGS: 00010293 [ 92.961361][ T5837] RAX: ffffffff8419218e RBX: ffff8880321e30c0 RCX: ffff8880347c1e00 [ 92.969515][ T5837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 92.977627][ T5837] RBP: ffffc900044bece8 R08: 0000000020000000 R09: 0000000020000000 [ 92.987013][ T5837] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 92.995203][ T5837] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 93.003620][ T5837] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 93.012606][ T5837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.019218][ T5837] CR2: 00007fff8171cfd8 CR3: 0000000025e8a000 CR4: 00000000003526f0 [ 93.029082][ T5837] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 93.037100][ T5837] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 93.045130][ T5837] Kernel panic - not syncing: Fatal exception [ 93.051600][ T5837] Kernel Offset: disabled [ 93.055929][ T5837] Rebooting in 86400 seconds..