bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
bcachefs (loop0): flagging btree freespace lost data
error reading btree root btree=freespace level=0: btree_node_read_error, fixing
------------[ cut here ]------------
kernel BUG at fs/bcachefs/ec.h:34!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5965 Comm: syz.0.16 Not tainted 6.14.0-syzkaller-gb0cb56cbbdb4 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:stripe_csum_offset fs/bcachefs/ec.h:34 [inline]
RIP: 0010:stripe_blockcount_offset fs/bcachefs/ec.h:46 [inline]
RIP: 0010:stripe_val_u64s fs/bcachefs/ec.h:66 [inline]
RIP: 0010:bch2_stripe_validate+0x8f0/0x940 fs/bcachefs/ec.c:123
Code: 38 c1 0f 8c 5f fc ff ff be 18 00 00 00 4c 89 f7 e8 85 7f c9 fd 48 8d 54 24 60 e9 48 fc ff ff e8 36 42 a9 07 e8 f1 39 62 fd 90 <0f> 0b e8 e9 39 62 fd 90 0f 0b 44 89 e9 80 e1 07 38 c1 0f 8c ba fe
RSP: 0018:ffffc90002ace6c0 EFLAGS: 00010293
RAX: ffffffff845fab3f RBX: 0000000000000008 RCX: ffff88801e36c880
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc90002ace7b8 R08: ffffffff845fa4b9 R09: 1ffff1100ae70035
R10: dffffc0000000000 R11: ffffffff845fa250 R12: dffffc0000000000
R13: 1ffff92000559ce0 R14: 0000000000000009 R15: ffff8880441a00b8
FS:  00007f807ba756c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561207006d50 CR3: 0000000012a96000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bch2_bkey_val_validate+0x217/0x400 fs/bcachefs/bkey_methods.c:143
 btree_node_bkey_val_validate fs/bcachefs/btree_io.c:838 [inline]
 bch2_btree_node_read_done+0x4123/0x6270 fs/bcachefs/btree_io.c:1253
 btree_node_read_work+0x6dc/0x1380 fs/bcachefs/btree_io.c:1358
 bch2_btree_node_read+0x2433/0x29f0
 __bch2_btree_root_read fs/bcachefs/btree_io.c:1789 [inline]
 bch2_btree_root_read+0x626/0x7b0 fs/bcachefs/btree_io.c:1811
 read_btree_roots+0x3d3/0xa70 fs/bcachefs/recovery.c:581
 bch2_fs_recovery+0x260f/0x3de0 fs/bcachefs/recovery.c:928
 bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
 bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
 vfs_get_tree+0x90/0x2b0 fs/super.c:1759
 do_new_mount+0x2be/0xb40 fs/namespace.c:3878
 do_mount fs/namespace.c:4218 [inline]
 __do_sys_mount fs/namespace.c:4429 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4406
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f807ab874ca
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f807ba74e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f807ba74ef0 RCX: 00007f807ab874ca
RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00007f807ba74eb0
RBP: 0000000020000040 R08: 00007f807ba74ef0 R09: 0000000000000010
R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000080
R13: 00007f807ba74eb0 R14: 000000000000599e R15: 0000000020000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:stripe_csum_offset fs/bcachefs/ec.h:34 [inline]
RIP: 0010:stripe_blockcount_offset fs/bcachefs/ec.h:46 [inline]
RIP: 0010:stripe_val_u64s fs/bcachefs/ec.h:66 [inline]
RIP: 0010:bch2_stripe_validate+0x8f0/0x940 fs/bcachefs/ec.c:123
Code: 38 c1 0f 8c 5f fc ff ff be 18 00 00 00 4c 89 f7 e8 85 7f c9 fd 48 8d 54 24 60 e9 48 fc ff ff e8 36 42 a9 07 e8 f1 39 62 fd 90 <0f> 0b e8 e9 39 62 fd 90 0f 0b 44 89 e9 80 e1 07 38 c1 0f 8c ba fe
RSP: 0018:ffffc90002ace6c0 EFLAGS: 00010293
RAX: ffffffff845fab3f RBX: 0000000000000008 RCX: ffff88801e36c880
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
RBP: ffffc90002ace7b8 R08: ffffffff845fa4b9 R09: 1ffff1100ae70035
R10: dffffc0000000000 R11: ffffffff845fa250 R12: dffffc0000000000
R13: 1ffff92000559ce0 R14: 0000000000000009 R15: ffff8880441a00b8
FS:  00007f807ba756c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561207006d50 CR3: 0000000012a96000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400