CPU WARNING at fs/bcachefs/error.c:242 __bch2_fsck_err+0xa20/0xb00 [bcachefs] and NULL pointer dereference, address: 00000024 later on (v6.11.0, i686)

[ernsteiswuerfel]

I got this on my Thinkpad T60 after rebooting into newly installed kernel v6.11.0:

[...]
bcachefs (sda6): accounting_read... done
bcachefs (sda6): alloc_read... done
bcachefs (sda6): stripes_read... done
bcachefs (sda6): snapshots_read... done
bcachefs (sda6): check_allocations...
------------[ cut here ]------------
WARNING: CPU: 0 PID: 280 at fs/bcachefs/error.c:242 __bch2_fsck_err+0xa20/0xb00 [bcachefs]
Modules linked in: bcachefs lz4hc_compress lz4_compress lz4_decompress crc64 iwl3945 iwlegacy radeon mac80211 libarc4 uhci_hcd drm_suballoc_helper i2c_algo_bit snd_hda_intel thinkpad_acpi drm_ttm_helper ehci_pci ttm snd_intel_dspcfg nvram snd_hda_codec cfg80211 snd_hwdep snd_hda_core ehci_hcd drm_display_helper platform_profile usbcore sparse_keymap snd_pcm rfkill video snd_timer acpi_cpufreq thermal usb_common wmi ac battery backlight snd soundcore button joydev processor evdev input_leds pkcs8_key_parser coretemp hwmon fuse dm_mod configfs loop
CPU: 0 UID: 0 PID: 280 Comm: mount.bcachefs Not tainted 6.11.0-gentoo-P3 #1
Hardware name: LENOVO 2007F2G/2007F2G, BIOS 79ETE7WW (2.27 ) 03/21/2011
EIP: __bch2_fsck_err+0xa20/0xb00 [bcachefs]
Code: c0 40 8b 4d c0 89 41 1c bf 5d f7 ff ff 89 d0 31 d2 a8 01 bb 00 00 00 00 0f 84 08 fe ff ff e9 cb fe ff ff 0f 0b e9 27 f6 ff ff <0f> 0b e9 48 f6 ff ff 0f 0b 8b 4d cc 8d 41 ff 89 45 d0 e9 ad f8 ff
EAX: 00000001 EBX: 00000011 ECX: 00000000 EDX: 00000115
ESI: c5000000 EDI: 00000115 EBP: c35a563c ESP: c35a55e8
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
CR0: 80050033 CR2: b7eff0fc CR3: 03a7e000 CR4: 000006f0
Call Trace:
 ? show_regs+0x4e/0x5c
 ? __warn+0x7d/0xcc
 ? __bch2_fsck_err+0xa20/0xb00 [bcachefs]
 ? report_bug+0x94/0x108
 ? exc_overflow+0x3c/0x3c
 ? handle_bug+0x30/0x50
 ? exc_invalid_op+0x17/0x40
 ? handle_exception+0x101/0x101
 ? bch2_btree_iter_peek_slot+0x3c0/0x56c [bcachefs]
 ? exc_overflow+0x3c/0x3c
 ? __bch2_fsck_err+0xa20/0xb00 [bcachefs]
 ? bch2_btree_iter_peek_slot+0x3c0/0x56c [bcachefs]
 ? exc_overflow+0x3c/0x3c
 ? __bch2_fsck_err+0xa20/0xb00 [bcachefs]
 ? vsnprintf+0x2fc/0x3f0
 __bch2_bkey_fsck_err+0x1ce/0x25c [bcachefs]
 bch2_accounting_validate+0xa9/0x1a8 [bcachefs]
 ? check_object+0x1c9/0x3ec
 ? bch2_mod_dev_cached_sectors+0x64/0x64 [bcachefs]
 bch2_bkey_val_validate+0x52/0x90 [bcachefs]
 bch2_bkey_validate+0x2c/0x38 [bcachefs]
 journal_validate_key+0x233/0x4b4 [bcachefs]
 journal_entry_btree_keys_validate+0x48/0x78 [bcachefs]
 ? journal_entry_overwrite_to_text+0xc/0xc [bcachefs]
 journal_entry_write_buffer_keys_validate+0x10/0x18 [bcachefs]
 bch2_journal_entry_validate+0x25/0x34 [bcachefs]
 __bch2_trans_commit+0x1d3/0x111c [bcachefs]
 ? bch2_trans_begin+0x157/0x238 [bcachefs]
 bch2_gc_accounting_done+0x731/0x9e8 [bcachefs]
 ? bch2_trans_put+0xc5/0x1a0 [bcachefs]
 bch2_check_allocations+0x18de/0x1ab8 [bcachefs]
 ? prb_first_seq+0x32/0x50
 ? printk_get_next_message+0x64/0x208
 bch2_run_recovery_pass+0x3d/0x6c [bcachefs]
 bch2_run_recovery_passes+0x7f/0x200 [bcachefs]
 bch2_fs_recovery+0xc7b/0x1598 [bcachefs]
 ? kfree+0x11d/0x17c
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? print_mount_opts+0x29a/0x2f4 [bcachefs]
 ? bch2_recalc_capacity+0x298/0x2a8 [bcachefs]
 bch2_fs_start+0x268/0x310 [bcachefs]
 bch2_fs_get_tree+0x201/0x554 [bcachefs]
 ? ns_capable_common+0x25/0x50
 vfs_get_tree+0x1f/0xb4
 do_new_mount+0x101/0x218
 path_mount+0x26e/0x3bc
 do_mount+0x43/0x60
 __ia32_sys_mount+0xe7/0x128
 ia32_sys_call+0x1c71/0x2e08
 __do_fast_syscall_32+0x88/0xb4
 ? __count_memcg_events+0x4f/0xdc
 ? handle_mm_fault+0x9fa/0x129c
 ? find_vma+0x1b/0x28
 ? lock_mm_and_find_vma+0x28/0xd0
 ? do_user_addr_fault+0x1c4/0x2b4
 ? irqentry_exit_to_user_mode+0x60/0x6c
 do_fast_syscall_32+0x29/0x54
 do_SYSENTER_32+0x12/0x18
 entry_SYSENTER_32+0x98/0xf8
EIP: 0xb7f2a539
Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 0f 1f 00 58 b8 77 00 00 00 cd 80 90 0f 1f
EAX: ffffffda EBX: 00b5b950 ECX: 00b57b80 EDX: 00b48ed0
ESI: 00000400 EDI: 00000000 EBP: 00000000 ESP: bfb7c540
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
---[ end trace 0000000000000000 ]---
BUG: kernel NULL pointer dereference, address: 00000024
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
*pdpt = 00000000047f8001 *pde = 0000000000000000 
Oops: Oops: 0000 [#1] SMP PTI
CPU: 0 UID: 0 PID: 280 Comm: mount.bcachefs Tainted: G        W          6.11.0-gentoo-P3 #1
Tainted: [W]=WARN
Hardware name: LENOVO 2007F2G/2007F2G, BIOS 79ETE7WW (2.27 ) 03/21/2011
EIP: memcpy+0x10/0x28
Code: 00 c0 1b 0f 31 31 c1 89 c8 f7 25 5c 31 50 dd 01 d0 5d 31 c9 31 d2 c3 cc cc cc 55 89 e5 57 56 50 89 4d f4 c1 e9 02 89 c7 89 d6 <f3> a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 31 c9 31 d2
EAX: c35a5778 EBX: c5000000 ECX: 00000005 EDX: 00000024
ESI: 00000024 EDI: c35a5778 EBP: c35a5750 ESP: c35a5744
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010216
CR0: 80050033 CR2: 00000024 CR3: 03a7e000 CR4: 000006f0
Call Trace:
 ? show_regs+0x4e/0x5c
 ? __die_body+0x11/0x4c
 ? __die+0x21/0x30
 ? page_fault_oops+0x238/0x264
 ? mt_find+0x80/0x144
 ? kernelmode_fixup_or_oops+0x36/0x48
 ? __bad_area_nosemaphore+0x35/0x158
 ? bad_area_nosemaphore+0xd/0x14
 ? do_user_addr_fault+0x18b/0x2b4
 ? exc_page_fault+0x3e/0x68
 ? doublefault_shim+0x104/0x104
 ? handle_exception+0x101/0x101
 ? doublefault_shim+0x104/0x104
 ? memcpy+0x10/0x28
 ? doublefault_shim+0x104/0x104
 ? memcpy+0x10/0x28
 bch2_journal_key_insert_take+0x36/0x3b8 [bcachefs]
 bch2_journal_key_insert+0x58/0x84 [bcachefs]
 do_bch2_trans_commit_to_journal_replay+0x7d/0xac [bcachefs]
 __bch2_trans_commit+0x3af/0x111c [bcachefs]
 ? bch2_trans_begin+0x157/0x238 [bcachefs]
 bch2_gc_accounting_done+0x731/0x9e8 [bcachefs]
 ? bch2_trans_put+0xc5/0x1a0 [bcachefs]
 bch2_check_allocations+0x18de/0x1ab8 [bcachefs]
 ? prb_first_seq+0x32/0x50
 ? printk_get_next_message+0x64/0x208
 bch2_run_recovery_pass+0x3d/0x6c [bcachefs]
 bch2_run_recovery_passes+0x7f/0x200 [bcachefs]
 bch2_fs_recovery+0xc7b/0x1598 [bcachefs]
 ? kfree+0x11d/0x17c
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? bch2_printbuf_exit+0x13/0x20 [bcachefs]
 ? print_mount_opts+0x29a/0x2f4 [bcachefs]
 ? bch2_recalc_capacity+0x298/0x2a8 [bcachefs]
 bch2_fs_start+0x268/0x310 [bcachefs]
 bch2_fs_get_tree+0x201/0x554 [bcachefs]
 ? ns_capable_common+0x25/0x50
 vfs_get_tree+0x1f/0xb4
 do_new_mount+0x101/0x218
 path_mount+0x26e/0x3bc
 do_mount+0x43/0x60
 __ia32_sys_mount+0xe7/0x128
 ia32_sys_call+0x1c71/0x2e08
 __do_fast_syscall_32+0x88/0xb4
 ? __count_memcg_events+0x4f/0xdc
 ? handle_mm_fault+0x9fa/0x129c
 ? find_vma+0x1b/0x28
 ? lock_mm_and_find_vma+0x28/0xd0
 ? do_user_addr_fault+0x1c4/0x2b4
 ? irqentry_exit_to_user_mode+0x60/0x6c
 do_fast_syscall_32+0x29/0x54
 do_SYSENTER_32+0x12/0x18
 entry_SYSENTER_32+0x98/0xf8
EIP: 0xb7f2a539
Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 0f 1f 00 58 b8 77 00 00 00 cd 80 90 0f 1f
EAX: ffffffda EBX: 00b5b950 ECX: 00b57b80 EDX: 00b48ed0
ESI: 00000400 EDI: 00000000 EBP: 00000000 ESP: bfb7c540
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
Modules linked in: bcachefs lz4hc_compress lz4_compress lz4_decompress crc64 iwl3945 iwlegacy radeon mac80211 libarc4 uhci_hcd drm_suballoc_helper i2c_algo_bit snd_hda_intel thinkpad_acpi drm_ttm_helper ehci_pci ttm snd_intel_dspcfg nvram snd_hda_codec cfg80211 snd_hwdep snd_hda_core ehci_hcd drm_display_helper platform_profile usbcore sparse_keymap snd_pcm rfkill video snd_timer acpi_cpufreq thermal usb_common wmi ac battery backlight snd soundcore button joydev processor evdev input_leds pkcs8_key_parser coretemp hwmon fuse dm_mod configfs loop
CR2: 0000000000000024
---[ end trace 0000000000000000 ]---
EIP: memcpy+0x10/0x28
Code: 00 c0 1b 0f 31 31 c1 89 c8 f7 25 5c 31 50 dd 01 d0 5d 31 c9 31 d2 c3 cc cc cc 55 89 e5 57 56 50 89 4d f4 c1 e9 02 89 c7 89 d6 <f3> a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 31 c9 31 d2
EAX: c35a5778 EBX: c5000000 ECX: 00000005 EDX: 00000024
ESI: 00000024 EDI: c35a5778 EBP: c35a5750 ESP: c35a5744
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010216
CR0: 80050033 CR2: 00000024 CR3: 03a7e000 CR4: 000006f0
bcachefs: bch2_fs_get_tree() error: EBUSY
bcachefs (/dev/sda6): error reading superblock: error opening /dev/sda6: EBUSY

This happens every time I try to boot v6.11.0. When I boot into v6.10.10 I don't get this issue and everything is fine. Currently installed bcachefs-tools is 1.9.4.

Some more data about the partition and the system:

 # bcachefs show-super /dev/sda6 
Device:                                     (unknown device)
External UUID:                             74abf930-c0a3-40c6-87dc-181239a8b52a
Internal UUID:                             af51877c-0a81-4f87-9d41-b652af35daf3
Magic number:                              c68573f6-66ce-90a9-d96a-60cf803df7ef
Device index:                              0
Label:                                     new_tmp
Version:                                   1.7: mi_btree_bitmap
Version upgrade complete:                  1.7: mi_btree_bitmap
Oldest version on disk:                    1.7: mi_btree_bitmap
Created:                                   Mon Feb 22 22:41:27 2010
Sequence number:                           136
Time of last write:                        Mon Sep 16 22:01:20 2024
Superblock size:                           4.63 KiB/1.00 MiB
Clean:                                     0
Devices:                                   1
Sections:                                  members_v1,replicas_v0,clean,journal_v2,counters,members_v2,errors,ext,downgrade
Features:                                  zstd,reflink,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,extents_above_btree_updates,btree_updates_journalled,reflink_inline_data,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
Compat features:                           alloc_info,alloc_metadata,extents_above_btree_updates_done,bformat_overflow_done

Options:
  block_size:                              4.00 KiB
  btree_node_size:                         256 KiB
  errors:                                  continue [fix_safe] panic ro 
  metadata_replicas:                       1
  data_replicas:                           1
  metadata_replicas_required:              1
  data_replicas_required:                  1
  encoded_extent_max:                      64.0 KiB
  metadata_checksum:                       none crc32c crc64 [xxhash] 
  data_checksum:                           none crc32c crc64 [xxhash] 
  compression:                             zstd:3
  background_compression:                  none
  str_hash:                                crc32c crc64 [siphash] 
  metadata_target:                         none
  foreground_target:                       none
  background_target:                       none
  promote_target:                          none
  erasure_code:                            0
  inodes_32bit:                            1
  shard_inode_numbers:                     1
  inodes_use_key_cache:                    1
  gc_reserve_percent:                      8
  gc_reserve_bytes:                        0 B
  root_reserve_percent:                    0
  wide_macs:                               0
  acl:                                     1
  usrquota:                                0
  grpquota:                                0
  prjquota:                                0
  journal_flush_delay:                     1000
  journal_flush_disabled:                  0
  journal_reclaim_delay:                   100
  journal_transaction_names:               1
  version_upgrade:                         [compatible] incompatible none 
  nocow:                                   0

members_v2 (size 160):
Device:                                    0
  Label:                                   (none)
  UUID:                                    cedb9d7b-6fae-4c91-b0d7-dfd3ceafb3c2
  Size:                                    32.0 GiB
  read errors:                             0
  write errors:                            0
  checksum errors:                         0
  seqread iops:                            0
  seqwrite iops:                           0
  randread iops:                           0
  randwrite iops:                          0
  Bucket size:                             256 KiB
  First bucket:                            0
  Buckets:                                 131072
  Last mount:                              Mon Sep 16 22:01:19 2024
  Last superblock write:                   136
  State:                                   rw
  Data allowed:                            journal,btree,user
  Has data:                                journal,btree,user
  Btree allocated bitmap blocksize:        32.0 KiB
  Btree allocated bitmap:                  0000000010011111001001111111111111111111111111110000000000000000
  Durability:                              1
  Discard:                                 0
  Freespace initialized:                   1

errors (size 8):

 # inxi -bz
System:
  Kernel: 6.10.10-gentoo-P3 arch: i686 bits: 32
  Desktop: WindowMaker v: 0.96.0 Distro: Gentoo Base System release 2.15
Machine:
  Type: Laptop System: LENOVO product: 2007F2G v: ThinkPad T60
    serial: <filter>
  Mobo: LENOVO model: 2007F2G serial: <filter> BIOS: LENOVO
    v: 79ETE7WW (2.27 ) date: 03/21/2011
Battery:
  ID-1: BAT0 charge: 0 Wh condition: N/A
CPU:
  Info: dual core Intel T2400 [MCP] speed (MHz): avg: 1833 min/max: 1000/1833

Full dmesg and kernel .config attached.
dmesg_6110_p3.txt
config_6110_p3.txt