u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 960 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0 node offset 0/960 bset u64s 60431 bset byte offset 240: bad k->u64s 0 (min 3 max 253), exiting bcachefs (loop0): Unable to continue, halting ------------[ cut here ]------------ kernel BUG at arch/x86/mm/physaddr.c:28! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 36 Comm: kworker/0:1H Not tainted 6.14.0-rc4-syzkaller-g1973160c90d7 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: bcachefs_btree_read_complete btree_node_read_work RIP: 0010:__phys_addr+0x162/0x170 arch/x86/mm/physaddr.c:28 Code: e8 53 12 53 00 48 c7 c7 e0 bb 9a 8e 4c 89 f6 4c 89 fa e8 f1 4e bf 03 e9 45 ff ff ff e8 37 12 53 00 90 0f 0b e8 2f 12 53 00 90 <0f> 0b e8 27 12 53 00 90 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90000576e00 EFLAGS: 00010293 RAX: ffffffff816eacf1 RBX: 0000000000000001 RCX: ffff88801dfcc880 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff816eac3c R09: ffffffff82290b7f R10: dffffc0000000000 R11: fffffbfff28a930f R12: ffffea000166fec0 R13: ffffea0000000000 R14: 000061800166fec0 R15: 000000000000002e FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc8c02d56c0 CR3: 0000000011d24000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_folio include/linux/mm.h:1295 [inline] virt_to_slab mm/slab.h:211 [inline] qlink_to_cache mm/kasan/quarantine.c:131 [inline] qlist_free_all+0x3d/0x140 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4115 [inline] slab_alloc_node mm/slub.c:4164 [inline] __do_kmalloc_node mm/slub.c:4293 [inline] __kmalloc_node_noprof+0x23c/0x4d0 mm/slub.c:4300 __kvmalloc_node_noprof+0x72/0x190 mm/util.c:662 __bch2_darray_resize_noprof+0xd2/0x290 fs/bcachefs/darray.c:24 bch2_write_super+0x48a/0x3cd0 fs/bcachefs/super-io.c:997 bch2_btree_lost_data+0x41e/0x4c0 fs/bcachefs/recovery.c:103 bch2_btree_node_read_done+0x567b/0x6180 fs/bcachefs/btree_io.c:1306 btree_node_read_work+0x6dc/0x1380 fs/bcachefs/btree_io.c:1358 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319 worker_thread+0x870/0xd30 kernel/workqueue.c:3400 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__phys_addr+0x162/0x170 arch/x86/mm/physaddr.c:28 Code: e8 53 12 53 00 48 c7 c7 e0 bb 9a 8e 4c 89 f6 4c 89 fa e8 f1 4e bf 03 e9 45 ff ff ff e8 37 12 53 00 90 0f 0b e8 2f 12 53 00 90 <0f> 0b e8 27 12 53 00 90 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90000576e00 EFLAGS: 00010293 RAX: ffffffff816eacf1 RBX: 0000000000000001 RCX: ffff88801dfcc880 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff816eac3c R09: ffffffff82290b7f R10: dffffc0000000000 R11: fffffbfff28a930f R12: ffffea000166fec0 R13: ffffea0000000000 R14: 000061800166fec0 R15: 000000000000002e FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055555e5cf588 CR3: 0000000011d24000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400