Warning: Permanently added '10.128.0.25' (ED25519) to the list of known hosts.
2025/06/23 02:33:52 ignoring optional flag "sandboxArg"="0"
2025/06/23 02:33:52 parsed 1 programs
[  115.370423][ T6254] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  117.873663][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.881827][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.890212][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.899053][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.907676][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.180398][ T6316] chnl_net:caif_netlink_parms(): no params data found
[  120.274519][ T6316] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.281677][ T6316] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.289448][ T6316] bridge_slave_0: entered allmulticast mode
[  120.297521][ T6316] bridge_slave_0: entered promiscuous mode
[  120.305623][ T6316] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.312938][ T6316] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.320454][ T6316] bridge_slave_1: entered allmulticast mode
[  120.327761][ T6316] bridge_slave_1: entered promiscuous mode
[  120.361699][ T6316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.376218][ T6316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.411540][ T6316] team0: Port device team_slave_0 added
[  120.421833][ T6316] team0: Port device team_slave_1 added
[  120.446595][ T6316] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.453565][ T6316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.479929][ T6316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.492297][ T6316] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.499275][ T6316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  120.525278][ T6316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.565836][ T6316] hsr_slave_0: entered promiscuous mode
[  120.572161][ T6316] hsr_slave_1: entered promiscuous mode
[  121.133211][ T6316] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  121.145363][ T6316] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  121.158414][ T6316] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  121.176264][ T6316] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  121.287126][ T6316] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.312799][ T6316] 8021q: adding VLAN 0 to HW filter on device team0
[  121.327610][  T752] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.334804][  T752] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.351892][  T752] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.359267][  T752] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.608236][ T6316] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.667003][ T6316] veth0_vlan: entered promiscuous mode
[  121.680672][ T6316] veth1_vlan: entered promiscuous mode
[  121.722274][ T6316] veth0_macvtap: entered promiscuous mode
[  121.737600][ T6316] veth1_macvtap: entered promiscuous mode
[  121.760744][ T6316] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.781535][ T6316] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.796499][ T6316] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.808005][ T6316] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.818001][ T6316] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.827825][ T6316] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.003966][   T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.097294][   T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.168666][   T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.228035][  T752] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.244681][  T752] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.255295][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.263145][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.298570][   T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/06/23 02:34:04 executed programs: 0
[  122.718400][ T5138] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  122.730280][ T5138] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  122.738550][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  122.746625][ T5138] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  122.757726][ T5138] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  123.009640][ T6404] chnl_net:caif_netlink_parms(): no params data found
[  123.151097][ T6404] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.158799][ T6404] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.167967][ T6404] bridge_slave_0: entered allmulticast mode
[  123.177933][ T6404] bridge_slave_0: entered promiscuous mode
[  123.188666][ T6404] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.197584][ T6404] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.206577][ T6404] bridge_slave_1: entered allmulticast mode
[  123.214716][ T6404] bridge_slave_1: entered promiscuous mode
[  123.270029][ T6404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.289093][ T6404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.342913][ T6404] team0: Port device team_slave_0 added
[  123.353421][ T6404] team0: Port device team_slave_1 added
[  123.410998][ T6404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.418524][ T6404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.446357][ T6404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.461388][ T6404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.470768][ T6404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.498603][ T6404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.569091][ T6404] hsr_slave_0: entered promiscuous mode
[  123.581354][ T6404] hsr_slave_1: entered promiscuous mode
[  123.588575][ T6404] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  123.596219][ T6404] Cannot create hsr debugfs directory
[  124.793821][   T51] Bluetooth: hci0: command tx timeout
[  124.828154][   T36] bridge_slave_1: left allmulticast mode
[  124.837029][   T36] bridge_slave_1: left promiscuous mode
[  124.843352][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.854239][   T36] bridge_slave_0: left allmulticast mode
[  124.859931][   T36] bridge_slave_0: left promiscuous mode
[  124.868021][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.189812][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  125.203837][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  125.215157][   T36] bond0 (unregistering): Released all slaves
[  125.349931][   T36] hsr_slave_0: left promiscuous mode
[  125.356192][   T36] hsr_slave_1: left promiscuous mode
[  125.362382][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  125.379468][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  125.391324][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  125.399163][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  125.416706][   T36] veth1_macvtap: left promiscuous mode
[  125.422507][   T36] veth0_macvtap: left promiscuous mode
[  125.428853][   T36] veth1_vlan: left promiscuous mode
[  125.440126][   T36] veth0_vlan: left promiscuous mode
[  125.714776][   T36] team0 (unregistering): Port device team_slave_1 removed
[  125.745388][   T36] team0 (unregistering): Port device team_slave_0 removed
[  126.253473][ T6404] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  126.277546][ T6404] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  126.291373][ T6404] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  126.302285][ T6404] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  126.591821][ T6404] 8021q: adding VLAN 0 to HW filter on device bond0
[  126.627499][ T6404] 8021q: adding VLAN 0 to HW filter on device team0
[  126.670984][ T4413] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.678211][ T4413] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.701568][ T4413] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.708788][ T4413] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.875893][   T51] Bluetooth: hci0: command tx timeout
[  127.109738][ T6404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  127.160277][ T6404] veth0_vlan: entered promiscuous mode
[  127.175746][ T6404] veth1_vlan: entered promiscuous mode
[  127.222014][ T6404] veth0_macvtap: entered promiscuous mode
[  127.235690][ T6404] veth1_macvtap: entered promiscuous mode
[  127.269869][ T6404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.287289][ T6404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.301876][ T6404] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.312721][ T6404] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.323162][ T6404] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.333146][ T6404] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.428216][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.450713][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.487154][  T752] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.497067][  T752] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.875615][ T6553] loop0: detected capacity change from 0 to 32768
[  127.959373][ T6553] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  127.959394][ T6553]   allowing incompatible features above 0.0: (unknown version)
[  127.959404][ T6553]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  127.999177][ T6553] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  128.007674][ T6553] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  128.017248][ T6553] bcachefs (loop0): Version upgrade required:
[  128.017248][ T6553] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  128.017248][ T6553] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  128.017248][ T6553]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  128.133785][ T6553] bcachefs (loop0): btree node read error at btree dirents level 0/0
[  128.133828][ T6553]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[  128.133841][ T6553]   loop0 node offset 16/24: btree node data missing: expected 24 sectors, found 16
[  128.133851][ T6553]   repair success (rewriting node)
[  128.205765][ T6553] ==================================================================
[  128.213866][ T6553] BUG: KASAN: use-after-free in bch2_btree_node_read_done+0xd3b/0x51f0
[  128.222167][ T6553] Read of size 8 at addr ffff8880606f8010 by task syz.0.15/6553
[  128.229817][ T6553] 
[  128.232166][ T6553] CPU: 1 UID: 0 PID: 6553 Comm: syz.0.15 Not tainted 6.16.0-rc3-syzkaller-g86731a2a651e #0 PREEMPT(full) 
[  128.232186][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  128.232200][ T6553] Call Trace:
[  128.232211][ T6553]  <TASK>
[  128.232217][ T6553]  dump_stack_lvl+0x189/0x250
[  128.232239][ T6553]  ? __virt_addr_valid+0x1c8/0x5c0
[  128.232253][ T6553]  ? rcu_is_watching+0x15/0xb0
[  128.232271][ T6553]  ? __kasan_check_byte+0x12/0x40
[  128.232290][ T6553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.232307][ T6553]  ? rcu_is_watching+0x15/0xb0
[  128.232337][ T6553]  ? lock_release+0x4b/0x3e0
[  128.232355][ T6553]  ? __virt_addr_valid+0x1c8/0x5c0
[  128.232367][ T6553]  ? __virt_addr_valid+0x4a5/0x5c0
[  128.232379][ T6553]  print_report+0xd2/0x2b0
[  128.232395][ T6553]  ? bch2_btree_node_read_done+0xd3b/0x51f0
[  128.232414][ T6553]  kasan_report+0x118/0x150
[  128.232433][ T6553]  ? bch2_btree_node_read_done+0xd3b/0x51f0
[  128.232455][ T6553]  bch2_btree_node_read_done+0xd3b/0x51f0
[  128.232475][ T6553]  ? __pfx_number+0x10/0x10
[  128.232506][ T6553]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  128.232527][ T6553]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  128.232553][ T6553]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  128.232570][ T6553]  ? bch2_printbuf_make_room+0xdb/0x360
[  128.232591][ T6553]  ? enumerated_ref_put+0xbe/0x270
[  128.232606][ T6553]  btree_node_read_work+0x426/0xe30
[  128.232631][ T6553]  ? __pfx_btree_node_read_work+0x10/0x10
[  128.232650][ T6553]  ? bch2_latency_acct+0x436/0x520
[  128.232668][ T6553]  ? __pfx_bch2_latency_acct+0x10/0x10
[  128.232684][ T6553]  ? bio_associate_blkg+0x6d/0x230
[  128.232704][ T6553]  bch2_btree_node_read+0x887/0x2a00
[  128.232728][ T6553]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  128.232745][ T6553]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  128.232777][ T6553]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  128.232801][ T6553]  ? bch2_trans_unlock+0x8a/0x580
[  128.232820][ T6553]  ? bch2_trans_unlock+0x491/0x580
[  128.232841][ T6553]  bch2_btree_root_read+0x5f0/0x760
[  128.232864][ T6553]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  128.232889][ T6553]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  128.232911][ T6553]  read_btree_roots+0x2c2/0x880
[  128.232931][ T6553]  ? __pfx_read_btree_roots+0x10/0x10
[  128.232953][ T6553]  bch2_fs_recovery+0x2574/0x3950
[  128.232967][ T6553]  ? check_noncircular+0xe0/0x160
[  128.232991][ T6553]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  128.233012][ T6553]  ? __lock_acquire+0xab9/0xd20
[  128.233033][ T6553]  ? __lock_acquire+0xab9/0xd20
[  128.233054][ T6553]  ? __lock_acquire+0xab9/0xd20
[  128.233080][ T6553]  ? bch2_fs_start+0x9fe/0xd90
[  128.233099][ T6553]  ? up_write+0x1c4/0x420
[  128.233112][ T6553]  ? bch2_fs_start+0x5c4/0xd90
[  128.233130][ T6553]  bch2_fs_start+0xa99/0xd90
[  128.233147][ T6553]  ? bch2_fs_start+0x5c4/0xd90
[  128.233166][ T6553]  ? __pfx_bch2_fs_start+0x10/0x10
[  128.233192][ T6553]  ? sget+0x267/0x620
[  128.233209][ T6553]  bch2_fs_get_tree+0xb02/0x14f0
[  128.233237][ T6553]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  128.233261][ T6553]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  128.233278][ T6553]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  128.233299][ T6553]  ? cap_capable+0x11f/0x460
[  128.233316][ T6553]  ? bch2_init_fs_context+0x88/0x110
[  128.233338][ T6553]  ? safesetid_security_capable+0xa9/0x1a0
[  128.233358][ T6553]  vfs_get_tree+0x92/0x2b0
[  128.233376][ T6553]  do_new_mount+0x24a/0xa40
[  128.233395][ T6553]  __se_sys_mount+0x317/0x410
[  128.233414][ T6553]  ? __pfx___se_sys_mount+0x10/0x10
[  128.233433][ T6553]  ? do_syscall_64+0xbe/0x3b0
[  128.233454][ T6553]  ? __x64_sys_mount+0x20/0xc0
[  128.233473][ T6553]  do_syscall_64+0xfa/0x3b0
[  128.233494][ T6553]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.233514][ T6553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.233529][ T6553]  ? clear_bhb_loop+0x60/0xb0
[  128.233544][ T6553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.233560][ T6553] RIP: 0033:0x7fc43917ffba
[  128.233582][ T6553] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.233595][ T6553] RSP: 002b:00007fc43a008e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  128.233610][ T6553] RAX: ffffffffffffffda RBX: 00007fc43a008ef0 RCX: 00007fc43917ffba
[  128.233621][ T6553] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007fc43a008eb0
[  128.233630][ T6553] RBP: 00000000200000c0 R08: 00007fc43a008ef0 R09: 0000000000000010
[  128.233639][ T6553] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  128.233649][ T6553] R13: 00007fc43a008eb0 R14: 0000000000005943 R15: 0000000020000480
[  128.233665][ T6553]  </TASK>
[  128.233671][ T6553] 
[  128.681205][ T6553] The buggy address belongs to the physical page:
[  128.687702][ T6553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x606f8
[  128.696456][ T6553] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  128.703567][ T6553] raw: 00fff00000000000 ffffea000181c008 ffff8880b873fc60 0000000000000000
[  128.712150][ T6553] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  128.720719][ T6553] page dumped because: kasan: bad access detected
[  128.727140][ T6553] page_owner tracks the page as freed
[  128.732840][ T6553] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x4428d0(GFP_NOWAIT|__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_COMP|__GFP_ACCOUNT), pid 6553, tgid 6552 (syz.0.15), ts 127902158270, free_ts 128205182493
[  128.754191][ T6553]  post_alloc_hook+0x240/0x2a0
[  128.758955][ T6553]  get_page_from_freelist+0x21d5/0x22b0
[  128.764498][ T6553]  __alloc_frozen_pages_noprof+0x181/0x370
[  128.770295][ T6553]  __alloc_pages_noprof+0xa/0x30
[  128.775226][ T6553]  ___kmalloc_large_node+0x85/0x210
[  128.780410][ T6553]  __kmalloc_large_node_noprof+0x18/0x90
[  128.786030][ T6553]  __kvmalloc_node_noprof+0x6d/0x5f0
[  128.791324][ T6553]  btree_node_data_alloc+0xdc/0x270
[  128.796520][ T6553]  __bch2_btree_node_mem_alloc+0x1ef/0x420
[  128.802405][ T6553]  bch2_fs_btree_cache_init+0x2de/0x690
[  128.808125][ T6553]  bch2_fs_open+0x1ceb/0x2570
[  128.812789][ T6553]  bch2_fs_get_tree+0x437/0x14f0
[  128.817711][ T6553]  vfs_get_tree+0x92/0x2b0
[  128.822111][ T6553]  do_new_mount+0x24a/0xa40
[  128.826601][ T6553]  __se_sys_mount+0x317/0x410
[  128.831262][ T6553]  do_syscall_64+0xfa/0x3b0
[  128.835760][ T6553] page last free pid 6553 tgid 6552 stack trace:
[  128.842067][ T6553]  __free_frozen_pages+0xc65/0xe60
[  128.847171][ T6553]  __folio_put+0x21b/0x2c0
[  128.851586][ T6553]  free_large_kmalloc+0x145/0x200
[  128.856601][ T6553]  bch2_btree_node_read_done+0x329a/0x51f0
[  128.862401][ T6553]  btree_node_read_work+0x426/0xe30
[  128.867593][ T6553]  bch2_btree_node_read+0x887/0x2a00
[  128.872870][ T6553]  bch2_btree_root_read+0x5f0/0x760
[  128.878068][ T6553]  read_btree_roots+0x2c2/0x880
[  128.882905][ T6553]  bch2_fs_recovery+0x2574/0x3950
[  128.887915][ T6553]  bch2_fs_start+0xa99/0xd90
[  128.892491][ T6553]  bch2_fs_get_tree+0xb02/0x14f0
[  128.897413][ T6553]  vfs_get_tree+0x92/0x2b0
[  128.901817][ T6553]  do_new_mount+0x24a/0xa40
[  128.906395][ T6553]  __se_sys_mount+0x317/0x410
[  128.911060][ T6553]  do_syscall_64+0xfa/0x3b0
[  128.915557][ T6553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.921440][ T6553] 
[  128.923764][ T6553] Memory state around the buggy address:
[  128.929403][ T6553]  ffff8880606f7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  128.937460][ T6553]  ffff8880606f7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  128.945512][ T6553] >ffff8880606f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  128.953559][ T6553]                          ^
[  128.958139][ T6553]  ffff8880606f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  128.966189][ T6553]  ffff8880606f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  128.974233][ T6553] ==================================================================
[  128.987357][   T51] Bluetooth: hci0: command tx timeout
[  128.995800][ T6553] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  129.003026][ T6553] CPU: 1 UID: 0 PID: 6553 Comm: syz.0.15 Not tainted 6.16.0-rc3-syzkaller-g86731a2a651e #0 PREEMPT(full) 
[  129.014316][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  129.024385][ T6553] Call Trace:
[  129.027669][ T6553]  <TASK>
[  129.030622][ T6553]  dump_stack_lvl+0x99/0x250
[  129.035229][ T6553]  ? __asan_memcpy+0x40/0x70
[  129.039808][ T6553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.045016][ T6553]  ? __pfx__printk+0x10/0x10
[  129.049609][ T6553]  panic+0x2db/0x790
[  129.053503][ T6553]  ? __pfx_panic+0x10/0x10
[  129.057917][ T6553]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  129.063802][ T6553]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  129.070122][ T6553]  ? print_memory_metadata+0x314/0x400
[  129.075575][ T6553]  ? bch2_btree_node_read_done+0xd3b/0x51f0
[  129.081464][ T6553]  check_panic_on_warn+0x89/0xb0
[  129.086391][ T6553]  ? bch2_btree_node_read_done+0xd3b/0x51f0
[  129.092272][ T6553]  end_report+0x78/0x160
[  129.096502][ T6553]  kasan_report+0x129/0x150
[  129.100993][ T6553]  ? bch2_btree_node_read_done+0xd3b/0x51f0
[  129.106879][ T6553]  bch2_btree_node_read_done+0xd3b/0x51f0
[  129.112612][ T6553]  ? __pfx_number+0x10/0x10
[  129.117117][ T6553]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  129.123262][ T6553]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  129.128887][ T6553]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  129.134601][ T6553]  ? bch2_printbuf_make_room+0xdb/0x360
[  129.140137][ T6553]  ? enumerated_ref_put+0xbe/0x270
[  129.145232][ T6553]  btree_node_read_work+0x426/0xe30
[  129.150437][ T6553]  ? __pfx_btree_node_read_work+0x10/0x10
[  129.156146][ T6553]  ? bch2_latency_acct+0x436/0x520
[  129.161246][ T6553]  ? __pfx_bch2_latency_acct+0x10/0x10
[  129.166707][ T6553]  ? bio_associate_blkg+0x6d/0x230
[  129.171828][ T6553]  bch2_btree_node_read+0x887/0x2a00
[  129.177208][ T6553]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  129.183007][ T6553]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  129.188641][ T6553]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  129.194471][ T6553]  ? bch2_trans_unlock+0x8a/0x580
[  129.199486][ T6553]  ? bch2_trans_unlock+0x491/0x580
[  129.204590][ T6553]  bch2_btree_root_read+0x5f0/0x760
[  129.209782][ T6553]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  129.215536][ T6553]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  129.221596][ T6553]  read_btree_roots+0x2c2/0x880
[  129.226469][ T6553]  ? __pfx_read_btree_roots+0x10/0x10
[  129.231844][ T6553]  bch2_fs_recovery+0x2574/0x3950
[  129.236873][ T6553]  ? check_noncircular+0xe0/0x160
[  129.241916][ T6553]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  129.247298][ T6553]  ? __lock_acquire+0xab9/0xd20
[  129.252153][ T6553]  ? __lock_acquire+0xab9/0xd20
[  129.257005][ T6553]  ? __lock_acquire+0xab9/0xd20
[  129.261864][ T6553]  ? bch2_fs_start+0x9fe/0xd90
[  129.266625][ T6553]  ? up_write+0x1c4/0x420
[  129.270940][ T6553]  ? bch2_fs_start+0x5c4/0xd90
[  129.275954][ T6553]  bch2_fs_start+0xa99/0xd90
[  129.280534][ T6553]  ? bch2_fs_start+0x5c4/0xd90
[  129.285289][ T6553]  ? __pfx_bch2_fs_start+0x10/0x10
[  129.290438][ T6553]  ? sget+0x267/0x620
[  129.294433][ T6553]  bch2_fs_get_tree+0xb02/0x14f0
[  129.299368][ T6553]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  129.304735][ T6553]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  129.310449][ T6553]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  129.316076][ T6553]  ? cap_capable+0x11f/0x460
[  129.320657][ T6553]  ? bch2_init_fs_context+0x88/0x110
[  129.325931][ T6553]  ? safesetid_security_capable+0xa9/0x1a0
[  129.331756][ T6553]  vfs_get_tree+0x92/0x2b0
[  129.336167][ T6553]  do_new_mount+0x24a/0xa40
[  129.340750][ T6553]  __se_sys_mount+0x317/0x410
[  129.345419][ T6553]  ? __pfx___se_sys_mount+0x10/0x10
[  129.350608][ T6553]  ? do_syscall_64+0xbe/0x3b0
[  129.355502][ T6553]  ? __x64_sys_mount+0x20/0xc0
[  129.360260][ T6553]  do_syscall_64+0xfa/0x3b0
[  129.364761][ T6553]  ? lockdep_hardirqs_on+0x9c/0x150
[  129.369955][ T6553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.376013][ T6553]  ? clear_bhb_loop+0x60/0xb0
[  129.380680][ T6553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.386565][ T6553] RIP: 0033:0x7fc43917ffba
[  129.391058][ T6553] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.410834][ T6553] RSP: 002b:00007fc43a008e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  129.419239][ T6553] RAX: ffffffffffffffda RBX: 00007fc43a008ef0 RCX: 00007fc43917ffba
[  129.427198][ T6553] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007fc43a008eb0
[  129.435164][ T6553] RBP: 00000000200000c0 R08: 00007fc43a008ef0 R09: 0000000000000010
[  129.443126][ T6553] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  129.451095][ T6553] R13: 00007fc43a008eb0 R14: 0000000000005943 R15: 0000000020000480
[  129.459058][ T6553]  </TASK>
[  129.462306][ T6553] Kernel Offset: disabled
[  129.466617][ T6553] Rebooting in 86400 seconds..