./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1042034993 <...> Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. execve("./syz-executor1042034993", ["./syz-executor1042034993"], 0x7ffdeb536a70 /* 10 vars */) = 0 brk(NULL) = 0x5555714e5000 brk(0x5555714e5d00) = 0x5555714e5d00 arch_prctl(ARCH_SET_FS, 0x5555714e5380) = 0 set_tid_address(0x5555714e5650) = 5827 set_robust_list(0x5555714e5660, 24) = 0 rseq(0x5555714e5ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1042034993", 4096) = 28 getrandom("\xa6\x2d\x1e\x85\xb7\xd5\x5a\x53", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555714e5d00 brk(0x555571506d00) = 0x555571506d00 brk(0x555571507000) = 0x555571507000 mprotect(0x7fcbca0d5000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5828 attached [pid 5828] set_robust_list(0x5555714e5660, 24) = 0 [pid 5828] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5827] <... clone resumed>, child_tidptr=0x5555714e5650) = 5828 [pid 5828] <... prctl resumed>) = 0 [pid 5828] setpgid(0, 0) = 0 [pid 5828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5828] write(3, "1000", 4) = 4 [pid 5828] close(3) = 0 [pid 5828] write(1, "executing program\n", 18executing program ) = 18 [pid 5828] memfd_create("syzkaller", 0) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcbc1c00000 [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5828] munmap(0x7fcbc1c00000, 138412032) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5828] close(3) = 0 [pid 5828] close(4) = 0 [pid 5828] mkdir("./file1", 0777) = 0 [ 78.908788][ T5828] loop0: detected capacity change from 0 to 32768 [ 78.988758][ T5828] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,fix_errors=yes,norecovery,version_upgrade=incompatible [ 78.988758][ T5828] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 79.022778][ T5828] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 79.031450][ T5828] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 79.039492][ T5828] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 79.039492][ T5828] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 79.061485][ T5828] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 1.7: mi_btree_bitmap [ 79.061485][ T5828] [ 79.090831][ T5828] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 79.090848][ T5828] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 79.090860][ T5828] loop0 node offset 0/16 bset u64s 0: invalid bkey format: field 4 too large: 0 + 648518346341351424 > 4294967295 [ 79.090870][ T5828] u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:648518346341351424, 0:0 [ 79.090879][ T5828] flagging btree xattrs lost data [ 79.090886][ T5828] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 79.090905][ T5828] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 79.090914][ T5828] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 79.090921][ T5828] ret btree_node_read_validate_error [ 79.173799][ T5828] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 79.190753][ T5828] bcachefs (loop0): scan_for_btree_nodes... [ 79.193927][ T5832] bcachefs (loop0): sb invalid before write: Unsupported superblock version_min 0.0: (unknown version) (min 0.9: (unknown version), max 1.28: inode_has_case_insensitive) [ 79.193949][ T5832] emergency read only at seq 10 [ 79.222347][ T5832] ------------[ cut here ]------------ [ 79.227904][ T5832] kernel BUG at fs/bcachefs/bkey_methods.c:469! [ 79.234239][ T5832] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 79.240508][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: read_btree_node Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) [ 79.252925][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 79.262981][ T5832] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 79.268811][ T5832] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 79.288422][ T5832] RSP: 0018:ffffc90004376a40 EFLAGS: 00010293 [ 79.294484][ T5832] RAX: ffffffff8419218e RBX: ffff88807e6878c0 RCX: ffff888011535a00 [ 79.302449][ T5832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 79.310419][ T5832] RBP: ffffc90004376ce8 R08: 0000000020000000 R09: 0000000020000000 [ 79.318404][ T5832] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 79.326371][ T5832] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 79.334342][ T5832] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 79.343265][ T5832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.349850][ T5832] CR2: 00007ffee35b446c CR3: 000000007efa4000 CR4: 00000000003526f0 [ 79.357831][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.365808][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.373784][ T5832] Call Trace: [ 79.377067][ T5832] [ 79.380017][ T5832] ? __pfx___bch2_bkey_compat+0x10/0x10 [ 79.385588][ T5832] ? bch2_write_super+0x2705/0x2d30 [ 79.390807][ T5832] ? validate_bset+0x5c9/0x1e70 [ 79.395682][ T5832] ? __pfx_bch2_write_super+0x10/0x10 [ 79.401066][ T5832] ? validate_bset+0x5d1/0x1e70 [ 79.405930][ T5832] validate_bset_keys+0x5b7/0x1480 [ 79.411078][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 79.417089][ T5832] ? validate_bset+0x2d8/0x1e70 [ 79.421948][ T5832] ? __pfx_validate_bset_keys+0x10/0x10 [ 79.427502][ T5832] ? krealloc_noprof+0x1cd/0x340 [ 79.432449][ T5832] ? prt_str+0x439/0x760 [ 79.436703][ T5832] ? bch2_btree_node_read_done+0x1c07/0x5150 [ 79.442698][ T5832] bch2_btree_node_read_done+0x1d3c/0x5150 [ 79.448512][ T5832] ? __pfx_number+0x10/0x10 [ 79.453032][ T5832] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 79.459195][ T5832] ? bch2_extent_ptr_to_text+0x5a/0x890 [ 79.464754][ T5832] ? bch2_bkey_ptrs_to_text+0x1161/0x1310 [ 79.470479][ T5832] ? bch2_printbuf_make_room+0xdb/0x360 [ 79.476043][ T5832] ? enumerated_ref_put+0xbe/0x270 [ 79.481155][ T5832] btree_node_read_work+0x426/0xe30 [ 79.486367][ T5832] ? __pfx_btree_node_read_work+0x10/0x10 [ 79.492097][ T5832] ? bch2_latency_acct+0x436/0x520 [ 79.497214][ T5832] ? __pfx_bch2_latency_acct+0x10/0x10 [ 79.502679][ T5832] ? bio_associate_blkg+0x6d/0x230 [ 79.507800][ T5832] bch2_btree_node_read+0x887/0x2a00 [ 79.513102][ T5832] ? bch2_btree_node_fill+0x954/0x14f0 [ 79.518578][ T5832] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 79.524304][ T5832] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 79.529957][ T5832] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 79.535955][ T5832] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 79.542474][ T5832] ? bch2_btree_node_mem_alloc+0xcdf/0x1820 [ 79.548374][ T5832] ? six_unlock_ip+0x302/0x430 [ 79.553143][ T5832] ? bch2_btree_node_fill+0xb47/0x14f0 [ 79.558603][ T5832] bch2_btree_node_fill+0xd12/0x14f0 [ 79.563893][ T5832] ? __pfx_bch2_btree_cache_cmp_fn+0x10/0x10 [ 79.569886][ T5832] ? __pfx_bch2_btree_node_fill+0x10/0x10 [ 79.575618][ T5832] ? btree_cache_find+0xf4/0x2d0 [ 79.580581][ T5832] ? btree_cache_find+0xf4/0x2d0 [ 79.585544][ T5832] ? btree_cache_find+0x26f/0x2d0 [ 79.590577][ T5832] ? __pfx_btree_cache_find+0x10/0x10 [ 79.595976][ T5832] bch2_btree_node_get_noiter+0xa2c/0x1000 [ 79.601789][ T5832] read_btree_nodes_worker+0x1319/0x1e20 [ 79.607436][ T5832] ? read_btree_nodes_worker+0xcef/0x1e20 [ 79.613169][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 79.619168][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 79.625069][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.630280][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 79.636196][ T5832] ? __kthread_parkme+0x7b/0x200 [ 79.641146][ T5832] ? __kthread_parkme+0x1a1/0x200 [ 79.646178][ T5832] kthread+0x70e/0x8a0 [ 79.650255][ T5832] ? __pfx_read_btree_nodes_worker+0x10/0x10 [ 79.656246][ T5832] ? __pfx_kthread+0x10/0x10 [ 79.660844][ T5832] ? _raw_spin_unlock_irq+0x23/0x50 [ 79.666055][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 79.671257][ T5832] ? __pfx_kthread+0x10/0x10 [ 79.675849][ T5832] ret_from_fork+0x3fc/0x770 [ 79.680451][ T5832] ? __pfx_ret_from_fork+0x10/0x10 [ 79.685580][ T5832] ? __switch_to_asm+0x39/0x70 [ 79.690350][ T5832] ? __switch_to_asm+0x33/0x70 [ 79.695132][ T5832] ? __pfx_kthread+0x10/0x10 [ 79.699755][ T5832] ret_from_fork_asm+0x1a/0x30 [ 79.704534][ T5832] [ 79.707572][ T5832] Modules linked in: [ 79.711804][ T5832] ---[ end trace 0000000000000000 ]--- [ 79.717393][ T5832] RIP: 0010:__bch2_bkey_compat+0xbbf/0xbd0 [ 79.723254][ T5832] Code: fd 90 0f 0b e8 82 2c a7 fd 90 0f 0b e8 7a 2c a7 fd 90 0f 0b e8 72 2c a7 fd 90 0f 0b e8 6a 2c a7 fd 90 0f 0b e8 62 2c a7 fd 90 <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 79.742988][ T5832] RSP: 0018:ffffc90004376a40 EFLAGS: 00010293 [ 79.749335][ T5832] RAX: ffffffff8419218e RBX: ffff88807e6878c0 RCX: ffff888011535a00 [ 79.757530][ T5832] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0900000000000000 [ 79.765616][ T5832] RBP: ffffc90004376ce8 R08: 0000000020000000 R09: 0000000020000000 [ 79.773638][ T5832] R10: ffffffff00000000 R11: 34b6b456b49c471e R12: 00000000ffffffff [ 79.781656][ T5832] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000ffffffff [ 79.789640][ T5832] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 79.798646][ T5832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.805262][ T5832] CR2: 0000564706928e08 CR3: 0000000071d06000 CR4: 00000000003526f0 [ 79.813277][ T5832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.821339][ T5832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.829345][ T5832] Kernel panic - not syncing: Fatal exception [ 79.835713][ T5832] Kernel Offset: disabled [ 79.840047][ T5832] Rebooting in 86400 seconds..