Warning: Permanently added '10.128.10.56' (ED25519) to the list of known hosts. executing program [ 39.098799][ T6486] loop0: detected capacity change from 0 to 32768 [ 39.170552][ T6486] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=/dev/loop0,noinodes_use_key_cache,degraded=yes,fsck,norecovery,nojournal_transaction_names [ 39.170552][ T6486] allowing incompatible features above 0.0: (unknown version) [ 39.170552][ T6486] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 39.184050][ T6486] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 39.187311][ T6486] bcachefs (loop0): invalid bkey in superblock btree=subvolumes level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq d682cebdf2a7eb26 written 16 min_key 1970324836974592:0:0 durability: 0 (invalid extent entry 0000000000020000) [ 39.192641][ T6486] invalid extent entry type (got 17, max 7), deleting [ 39.192888][ T6486] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=0: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq d771a06d670df06c written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 39.192904][ T6486] invalid key type for btree snapshots (btree_ptr_v2), deleting [ 39.193087][ T6486] bcachefs (loop0): invalid bkey in superblock btree=lru level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 93dda84068e88b3f written 16 min_key POS_MIN durability: 0 poisoned [ 39.193101][ T6486] has non ptr field, deleting [ 39.193176][ T6486] bcachefs (loop0): recovering from clean shutdown, journal seq 13 [ 39.193290][ T6486] bcachefs (loop0): Version upgrade required: [ 39.193290][ T6486] Version upgrade from 0.32: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 39.193290][ T6486] Doing incompatible version upgrade from 0.32: (unknown version) to 1.28: inode_has_case_insensitive [ 39.193290][ T6486] running recovery passes: check_allocations,check_extents_to_backpointers,check_snapshots,check_subvols,check_inodes,check_dirents,set_fs_needs_rebalance [ 39.199284][ T6486] bcachefs (loop0): btree node read error at btree inodes level 0/0 [ 39.199308][ T6486] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2a20405ac3f40602 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 39.199321][ T6486] loop0 node offset 16/24 bset u64s 110: checksum error, type chacha20_poly1305_128: got 534aa69d8a309eda7da646c3101a5799 should be d1e256903dc89dd6436b0db8b45d2093 [ 39.199334][ T6486] flagging btree inodes lost data [ 39.199343][ T6486] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 39.199353][ T6486] running recovery pass check_lrus (14), currently at recovery_pass_empty (0) [ 39.199363][ T6486] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0) [ 39.199374][ T6486] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 39.199385][ T6486] ret fsck_errors_not_fixed [ 39.200079][ T6486] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing [ 39.201007][ T6486] bcachefs (loop0): btree node read error at btree dirents level 0/0 [ 39.201023][ T6486] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 267fcf747c875937 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 39.201035][ T6486] loop0 node offset 8/24 bset u64s 6: checksum error, type chacha20_poly1305_128: got a4346e9064ab0d65c5cbd6c0b87edd28 should be abbf307d6f4195551a4398bf111cbb27 [ 39.201048][ T6486] flagging btree dirents lost data [ 39.201057][ T6486] ret fsck_errors_not_fixed [ 39.201185][ T6486] bcachefs (loop0): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 39.201838][ T6486] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 39.201851][ T6486] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1b881868e2a6abe1 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 39.201863][ T6486] loop0 node offset 8/16 bset u64s 10: checksum error, type chacha20_poly1305_128: got 308f382c5ac21e8914cc710dac74a28b should be 1a1e92182bf9d380b4c7d201495bc585 [ 39.201887][ T6486] flagging btree xattrs lost data [ 39.201896][ T6486] ret fsck_errors_not_fixed [ 39.202023][ T6486] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing [ 39.206231][ T6486] ================================================================== [ 39.206253][ T6486] BUG: KASAN: use-after-free in poly1305_update+0x138/0x188 [ 39.206277][ T6486] Read of size 8 at addr ffff0000e4b60070 by task syz-executor339/6486 [ 39.206293][ T6486] [ 39.206304][ T6486] CPU: 1 UID: 0 PID: 6486 Comm: syz-executor339 Not tainted 6.16.0-rc1-syzkaller-g19272b37aa4f #0 PREEMPT [ 39.206318][ T6486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 39.206325][ T6486] Call trace: [ 39.206328][ T6486] show_stack+0x2c/0x3c (C) [ 39.206344][ T6486] __dump_stack+0x30/0x40 [ 39.206356][ T6486] dump_stack_lvl+0xd8/0x12c [ 39.206367][ T6486] print_address_description+0xa8/0x254 [ 39.206379][ T6486] print_report+0x68/0x84 [ 39.206389][ T6486] kasan_report+0xb0/0x110 [ 39.206403][ T6486] kasan_check_range+0x264/0x2a4 [ 39.206415][ T6486] __asan_memcpy+0x3c/0x84 [ 39.206429][ T6486] poly1305_update+0x138/0x188 [ 39.206440][ T6486] bch2_checksum+0x1d4/0x4ac [ 39.206453][ T6486] bch2_btree_node_read_done+0x968/0x432c [ 39.206467][ T6486] btree_node_read_work+0x328/0xc1c [ 39.206480][ T6486] bch2_btree_node_read+0x814/0x23f8 [ 39.206493][ T6486] bch2_btree_root_read+0x280/0x3c8 [ 39.206505][ T6486] read_btree_roots+0x218/0x6bc [ 39.206519][ T6486] bch2_fs_recovery+0x1d1c/0x2fd4 [ 39.206531][ T6486] bch2_fs_start+0x914/0xbc0 [ 39.206546][ T6486] bch2_fs_get_tree+0x890/0xfd0 [ 39.206557][ T6486] vfs_get_tree+0x90/0x28c [ 39.206569][ T6486] do_new_mount+0x228/0x814 [ 39.206579][ T6486] path_mount+0x5b4/0xde0 [ 39.206590][ T6486] __arm64_sys_mount+0x3e8/0x468 [ 39.206600][ T6486] invoke_syscall+0x98/0x2b8 [ 39.206612][ T6486] el0_svc_common+0x130/0x23c [ 39.206624][ T6486] do_el0_svc+0x48/0x58 [ 39.206635][ T6486] el0_svc+0x58/0x17c [ 39.206649][ T6486] el0t_64_sync_handler+0x78/0x108 [ 39.206662][ T6486] el0t_64_sync+0x198/0x19c [ 39.206675][ T6486] [ 39.206819][ T6486] The buggy address belongs to the physical page: [ 39.206830][ T6486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124b60 [ 39.206847][ T6486] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 39.206875][ T6486] raw: 05ffc00000000000 fffffdffc392d808 fffffdffc392d808 0000000000000000 [ 39.206891][ T6486] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 39.206902][ T6486] page dumped because: kasan: bad access detected [ 39.206913][ T6486] [ 39.206921][ T6486] Memory state around the buggy address: [ 39.206933][ T6486] ffff0000e4b5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.206950][ T6486] ffff0000e4b5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.206964][ T6486] >ffff0000e4b60000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.206975][ T6486] ^ [ 39.206988][ T6486] ffff0000e4b60080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.207000][ T6486] ffff0000e4b60100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.207012][ T6486] ================================================================== [ 39.207025][ T6486] Disabling lock debugging due to kernel taint [ 39.209691][ T6486] bcachefs (loop0): btree node read error at btree alloc level 0/0 [ 39.209703][ T6486] u64s 11 type btree_ptr_v2 U64_MAX:18446744073709551365:U32_MAX len 0 ver 0: seq 1818ce08861e3527 written 40 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 39.209715][ T6486] loop0 node offset 0/40 bset u64s 65531: checksum error, type chacha20_poly1305_128: got d1207b6f1073532ce6802ea238ac7a29 should be a1c0cae4d1c6eac9087fba7ada6f601b [ 39.209726][ T6486] flagging btree alloc lost data [ 39.209734][ T6486] running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0) [ 39.209743][ T6486] ret fsck_errors_not_fixed [ 39.209852][ T6486] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 39.211585][ T6486] bcachefs (loop0): btree node read error at btree freespace level 0/0 [ 39.211598][ T6486] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq b6c44d07df4e9bb7 written 48 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0 [ 39.211609][ T6486] loop0 node offset 8/48 bset u64s 35: checksum error, type chacha20_poly1305_128: got ed761e9f1d4c73c28012c6926fffa8ec should be 696606121d98d113a1b1dc69c6e72339 [ 39.211621][ T6486] flagging btree freespace lost data [ 39.211628][ T6486] ret fsck_errors_not_fixed [ 39.211730][ T6486] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing [ 39.212443][ T6486] bcachefs (loop0): btree node read error at btree backpointers level 0/0 [ 39.212456][ T6486] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 3b468546fb27822d written 24 min_key POS_MIN durability: 1 ptr: 0:36:0 gen 0 [ 39.212684][ T6486] loop0 node offset 16/24 bset u64s 14: checksum error, type chacha20_poly1305_128: got a67d0bb2ddad47adce7ef65cfcb4dbe2 should be 6399ef4aeb6d8a4369c39b0b9ed27362 [ 39.212697][ T6486] flagging btree backpointers lost data [ 39.212705][ T6486] running recovery pass check_btree_backpointers (15), currently at recovery_pass_empty (0) [ 39.212714][ T6486] ret fsck_errors_not_fixed [ 39.212817][ T6486] bcachefs (loop0): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing [ 39.214294][ T6486] bcachefs (loop0): scan_for_btree_nodes... [ 39.225427][ T6486] bcachefs (loop0): btree node scan found 7 nodes after overwrites [ 39.225613][ T6486] done [ 39.225631][ T6486] bcachefs (loop0): check_topology... [ 39.225658][ T6486] bcachefs (loop0): btree root inodes unreadable, must recover from scan [ 39.225728][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=inodes level=0 POS_MIN - SPOS_MAX [ 39.225800][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2a20405ac3f40602 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 39.226423][ T84] bcachefs (loop0): btree node read error at btree inodes level 0/0 [ 39.226436][ T84] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2a20405ac3f40602 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0 [ 39.226447][ T84] loop0 node offset 16/24 bset u64s 110: checksum error, type chacha20_poly1305_128: got 534aa69d8a309eda7da646c3101a5799 should be d1e256903dc89dd6436b0db8b45d2093 [ 39.226459][ T84] running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) [ 39.226468][ T84] ret fsck_errors_not_fixed [ 39.226752][ T6486] bcachefs (loop0): empty interior btree node at btree=inodes level=1 [ 39.226762][ T6486] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 39.226801][ T6486] bcachefs (loop0): empty btree root inodes [ 39.226834][ T6486] bcachefs (loop0): btree root dirents unreadable, must recover from scan [ 39.226923][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - SPOS_MAX [ 39.226989][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 267fcf747c875937 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 39.227450][ T84] bcachefs (loop0): btree node read error at btree dirents level 0/0 [ 39.227462][ T84] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 267fcf747c875937 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 39.227473][ T84] loop0 node offset 8/24 bset u64s 6: checksum error, type chacha20_poly1305_128: got a4346e9064ab0d65c5cbd6c0b87edd28 should be abbf307d6f4195551a4398bf111cbb27 [ 39.227484][ T84] ret fsck_errors_not_fixed [ 39.228248][ T6486] bcachefs (loop0): empty interior btree node at btree=dirents level=1 [ 39.228260][ T6486] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 39.228297][ T6486] bcachefs (loop0): empty btree root dirents [ 39.228330][ T6486] bcachefs (loop0): btree root xattrs unreadable, must recover from scan [ 39.228394][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovery btree=xattrs level=0 POS_MIN - SPOS_MAX [ 39.228453][ T6486] bcachefs (loop0): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1b881868e2a6abe1 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 39.228954][ T84] bcachefs (loop0): btree node read error at btree xattrs level 0/0 [ 39.228967][ T84] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1b881868e2a6abe1 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 [ 39.228978][ T84] loop0 node offset 8/16 bset u64s 10: checksum error, type chacha20_poly1305_128: got 308f382c5ac21e8914cc710dac74a28b should be 1a1e92182bf9d380b4c7d201495bc585 [ 39.228989][ T84] ret fsck_errors_not_fixed [ 39.229219][ T6486] bcachefs (loop0): empty interior btree node at btree=xattrs level=1 [ 39.229229][ T6486] u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing [ 39.229265][ T6486] bcachefs (loop0): empty btree root xattrs [ 39.229419][ T6486] done [ 39.229437][ T6486] bcachefs (loop0): scan_for_btree_nodes... done [ 39.229558][ T6486] bcachefs (loop0): accounting_read... done [ 39.272977][ T6486] bcachefs (loop0): alloc_read... done [ 39.273128][ T6486] bcachefs (loop0): snapshots_read... done [ 39.273320][ T6486] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 39.273484][ T6486] bcachefs (loop0): done starting filesystem [ 39.274003][ T6486] bcachefs (loop0): missing subvolume 1 [ 39.274034][ T6486] bcachefs (loop0): bch2_fs_get_tree(): error mounting: error getting root inode ENOENT_bkey_type_mismatch [ 39.274054][ T6486] bcachefs (loop0): shutting down [ 39.288172][ T6486] bcachefs (loop0): shutdown complete [ 40.093422][ T6486] bcachefs: bch2_fs_get_tree() error: ENOENT_bkey_type_mismatch