loop0: detected capacity change from 0 to 32768 ======================================================= WARNING: The mand mount option has been deprecated and and is ignored by this kernel. Remove the mand option from the mount to silence this warning. ======================================================= loop0: detected capacity change from 0 to 32768 bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=ask,norecovery,noexcl allowing incompatible features above 0.0: (unknown version) features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 bcachefs (loop0): invalid bkey in superblock btree=snapshots level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key U64_MAX:0:0 durability: 0 ptr: 0:32:10 gen 0 cached unwritten pointer spans multiple buckets (10 + 256 > 256), deleting bcachefs (loop0): recovering from clean shutdown, journal seq 10 bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes bcachefs (loop0): invalid btree id 251 (max 63), fix? bcachefs (loop0): error validating btree node at btree xattrs level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 loop0 node offset 0/16 bset u64s 0: incorrect max key U64_MAX:18374686479671623680:50331647, btree topology error: running recovery pass check_topology (2), currently at recovery_pass_empty (0) bcachefs (loop0): btree node read error at btree xattrs level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 running recovery pass check_lrus (14), currently at recovery_pass_empty (0) running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) ret btree_node_read_validate_error bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing bcachefs (loop0): bcachefs (loop0): error validating btree node at btree alloc level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing bcachefs (loop0): bcachefs (loop0): error validating btree node at btree freespace level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 node offset 24/32 bset u64s 24 bset byte offset 168: bad k->u64s 0 (min 3 max 253), fix? bcachefs (loop0): bcachefs (loop0): error validating btree node at btree freespace level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 node offset 24/32 bset u64s 24 bset byte offset 168: bad k->u64s 0 (min 3 max 253), fix? Unable to continue, halting bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing bcachefs (loop0): error validating btree node at btree backpointers level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0 loop0 node offset 0/24 bset u64s 0: invalid bkey format: field 2 too large: 4294967295 + 2251799813685248 > 4294967295 u64s 3 fields 64:0, 64:0, 32:2251799813685248, 0:0, 0:0, 0:0, btree topology error: bcachefs (loop0): btree node read error at btree backpointers level 0/0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0 flagging btree backpointers lost data running recovery pass check_btree_backpointers (15), currently at recovery_pass_empty (0) ret btree_node_read_validate_error bcachefs (loop0): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in fs/bcachefs/btree_cache.c:212:18 shift exponent 251 is too large for 64-bit type 'unsigned long long' CPU: 0 UID: 0 PID: 5319 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00233-g35e261cd95dd #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 ubsan_epilogue+0xa/0x40 lib/ubsan.c:233 __ubsan_handle_shift_out_of_bounds+0x386/0x410 lib/ubsan.c:494 __btree_node_pinned fs/bcachefs/btree_cache.c:212 [inline] __bch2_btree_node_hash_insert+0x184d/0x1ab0 fs/bcachefs/btree_cache.c:288 bch2_btree_node_hash_insert+0x7e/0xc0 fs/bcachefs/btree_cache.c:303 __bch2_btree_root_read fs/bcachefs/btree_io.c:1875 [inline] bch2_btree_root_read+0x59e/0x760 fs/bcachefs/btree_io.c:1903 read_btree_roots+0x2c6/0x840 fs/bcachefs/recovery.c:604 bch2_fs_recovery+0x261f/0x3a50 fs/bcachefs/recovery.c:995 bch2_fs_start+0xa99/0xd90 fs/bcachefs/super.c:1212 bch2_fs_get_tree+0xafc/0x14f0 fs/bcachefs/fs.c:2490 vfs_get_tree+0x92/0x2b0 fs/super.c:1804 do_new_mount+0x24a/0xa40 fs/namespace.c:3902 do_mount fs/namespace.c:4239 [inline] __do_sys_mount fs/namespace.c:4450 [inline] __se_sys_mount+0x317/0x410 fs/namespace.c:4427 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f153a5900ca Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f153b340e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f153b340ef0 RCX: 00007f153a5900ca RDX: 0000200000000180 RSI: 0000200000000540 RDI: 00007f153b340eb0 RBP: 0000200000000180 R08: 00007f153b340ef0 R09: 0000000000800000 R10: 0000000000800000 R11: 0000000000000246 R12: 0000200000000540 R13: 00007f153b340eb0 R14: 00000000000059a5 R15: 00002000000000c0 ---[ end trace ]---