Warning: Permanently added '10.128.1.181' (ED25519) to the list of known hosts.
2025/06/23 02:15:18 ignoring optional flag "sandboxArg"="0"
2025/06/23 02:15:19 parsed 1 programs
[ 120.272255][ T6266] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 123.517217][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.527095][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 123.556723][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 123.565150][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 124.425324][ T6295] chnl_net:caif_netlink_parms(): no params data found
[ 124.508168][ T6295] bridge0: port 1(bridge_slave_0) entered blocking state
[ 124.515464][ T6295] bridge0: port 1(bridge_slave_0) entered disabled state
[ 124.522820][ T6295] bridge_slave_0: entered allmulticast mode
[ 124.529936][ T6295] bridge_slave_0: entered promiscuous mode
[ 124.539112][ T6295] bridge0: port 2(bridge_slave_1) entered blocking state
[ 124.546815][ T6295] bridge0: port 2(bridge_slave_1) entered disabled state
[ 124.555101][ T6295] bridge_slave_1: entered allmulticast mode
[ 124.562429][ T6295] bridge_slave_1: entered promiscuous mode
[ 124.592753][ T6295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 124.605254][ T6295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 124.640428][ T6295] team0: Port device team_slave_0 added
[ 124.649999][ T6295] team0: Port device team_slave_1 added
[ 124.679724][ T6295] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 124.687867][ T6295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.716994][ T6295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 124.729888][ T6295] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 124.737693][ T6295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 124.763995][ T6295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 124.802760][ T6295] hsr_slave_0: entered promiscuous mode
[ 124.809353][ T6295] hsr_slave_1: entered promiscuous mode
[ 125.427709][ T6295] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 125.440079][ T6295] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 125.455905][ T6295] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 125.467071][ T6295] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 125.582198][ T6295] 8021q: adding VLAN 0 to HW filter on device bond0
[ 125.616582][ T6295] 8021q: adding VLAN 0 to HW filter on device team0
[ 125.634271][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 125.642398][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 125.667685][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 125.675428][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 125.943417][ T6295] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 125.998470][ T6295] veth0_vlan: entered promiscuous mode
[ 126.014956][ T6295] veth1_vlan: entered promiscuous mode
[ 126.058525][ T6295] veth0_macvtap: entered promiscuous mode
[ 126.072020][ T6295] veth1_macvtap: entered promiscuous mode
[ 126.098739][ T6295] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 126.118160][ T6295] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 126.134483][ T6295] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.145883][ T6295] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.156705][ T6295] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.167729][ T6295] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 126.375668][ T5912] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 126.385714][ T5912] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 126.394002][ T5912] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 126.403471][ T5912] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 126.412268][ T5912] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 126.454960][ T5077] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.547295][ T5077] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.633048][ T5077] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 126.752392][ T5077] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 128.885182][ T5077] bridge_slave_1: left allmulticast mode
[ 128.912521][ T5077] bridge_slave_1: left promiscuous mode
[ 128.942872][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state
[ 128.957573][ T5077] bridge_slave_0: left allmulticast mode
[ 128.965531][ T5077] bridge_slave_0: left promiscuous mode
[ 128.971928][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state
[ 129.292717][ T5077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 129.304954][ T5077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 129.319671][ T5077] bond0 (unregistering): Released all slaves
[ 129.430140][ T5077] hsr_slave_0: left promiscuous mode
[ 129.437886][ T5077] hsr_slave_1: left promiscuous mode
[ 129.444950][ T5077] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 129.453825][ T5077] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 129.464364][ T5077] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 129.475312][ T5077] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 129.496923][ T5077] veth1_macvtap: left promiscuous mode
[ 129.502764][ T5077] veth0_macvtap: left promiscuous mode
[ 129.508555][ T5077] veth1_vlan: left promiscuous mode
[ 129.515183][ T5077] veth0_vlan: left promiscuous mode
[ 130.010955][ T5077] team0 (unregistering): Port device team_slave_1 removed
[ 130.050448][ T5077] team0 (unregistering): Port device team_slave_0 removed
2025/06/23 02:15:34 executed programs: 0
[ 131.668880][ T5912] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 131.686869][ T5912] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 131.695986][ T5912] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 131.709194][ T5912] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 131.727302][ T5912] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 132.158053][ T6511] chnl_net:caif_netlink_parms(): no params data found
[ 132.308920][ T6511] bridge0: port 1(bridge_slave_0) entered blocking state
[ 132.318286][ T6511] bridge0: port 1(bridge_slave_0) entered disabled state
[ 132.326591][ T6511] bridge_slave_0: entered allmulticast mode
[ 132.339995][ T6511] bridge_slave_0: entered promiscuous mode
[ 132.353215][ T6511] bridge0: port 2(bridge_slave_1) entered blocking state
[ 132.360496][ T6511] bridge0: port 2(bridge_slave_1) entered disabled state
[ 132.368871][ T6511] bridge_slave_1: entered allmulticast mode
[ 132.377700][ T6511] bridge_slave_1: entered promiscuous mode
[ 132.423352][ T6511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 132.437477][ T6511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 132.485577][ T6511] team0: Port device team_slave_0 added
[ 132.503071][ T6511] team0: Port device team_slave_1 added
[ 132.545802][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 132.555493][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 132.583522][ T6511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 132.601661][ T6511] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 132.610782][ T6511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 132.637829][ T6511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 132.697615][ T6511] hsr_slave_0: entered promiscuous mode
[ 132.705345][ T6511] hsr_slave_1: entered promiscuous mode
[ 133.159229][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 133.166155][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 133.188146][ T6511] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 133.204123][ T6511] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 133.216502][ T6511] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 133.229494][ T6511] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 133.349381][ T6511] 8021q: adding VLAN 0 to HW filter on device bond0
[ 133.377507][ T6511] 8021q: adding VLAN 0 to HW filter on device team0
[ 133.392382][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.399598][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 133.419228][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.427171][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 133.727033][ T6511] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 133.790541][ T6511] veth0_vlan: entered promiscuous mode
[ 133.797308][ T51] Bluetooth: hci0: command tx timeout
[ 133.814198][ T6511] veth1_vlan: entered promiscuous mode
[ 133.859758][ T6511] veth0_macvtap: entered promiscuous mode
[ 133.876060][ T6511] veth1_macvtap: entered promiscuous mode
[ 133.901439][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 133.918682][ T6511] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 133.934999][ T6511] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.946519][ T6511] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.958530][ T6511] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 133.969272][ T6511] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.065851][ T5077] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.096405][ T5077] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.142375][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 134.155443][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 134.556282][ T6599] loop0: detected capacity change from 0 to 32768
[ 134.574676][ T6599] =======================================================
[ 134.574676][ T6599] WARNING: The mand mount option has been deprecated and
[ 134.574676][ T6599] and is ignored by this kernel. Remove the mand
[ 134.574676][ T6599] option from the mount to silence this warning.
[ 134.574676][ T6599] =======================================================
[ 134.700252][ T6599] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[ 134.700274][ T6599] allowing incompatible features above 0.0: (unknown version)
[ 134.700291][ T6599] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 134.743367][ T6599] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 134.753177][ T6599] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=btree_root in superblock: invalid btree root journal entry: wrong number of keys, fixing
[ 134.771200][ T6599] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 134.780219][ T6599] bcachefs (loop0): superblock requires following recovery passes to be run:
[ 134.780219][ T6599] recovery_pass_empty,accounting_read,check_rebalance_work
[ 134.798316][ T6599] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[ 134.798316][ T6599] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[ 134.839613][ T6599] bcachefs (loop0): btree node read error at btree extents level 0/0
[ 134.839656][ T6599] u64s 11 type btree_ptr_v2 U64_MAX:U64_MAX:4278190080 len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[ 134.839669][ T6599] loop0 node offset 0/16 bset u64s 0: incorrect max key SPOS_MAX
[ 134.839679][ T6599] flagging btree extents lost data
[ 134.839687][ T6599] running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 134.839698][ T6599] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 134.839709][ T6599] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[ 134.839719][ T6599] ret btree_node_read_validate_error
[ 134.942129][ T6599] bcachefs (loop0): error reading btree root btree=extents level=0: btree_node_read_error, fixing
[ 134.957850][ T6599] ==================================================================
[ 134.966126][ T6599] BUG: KASAN: slab-out-of-bounds in bch2_btree_node_read_done+0xd3b/0x51f0
[ 134.974856][ T6599] Read of size 8 at addr ffff888071ff5e10 by task syz.0.16/6599
[ 134.982686][ T6599]
[ 134.985190][ T6599] CPU: 0 UID: 0 PID: 6599 Comm: syz.0.16 Not tainted 6.16.0-rc3-syzkaller-g86731a2a651e #0 PREEMPT(full)
[ 134.985212][ T6599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 134.985227][ T6599] Call Trace:
[ 134.985243][ T6599]
[ 134.985251][ T6599] dump_stack_lvl+0x189/0x250
[ 134.985279][ T6599] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.985303][ T6599] ? rcu_is_watching+0x15/0xb0
[ 134.985327][ T6599] ? __kasan_check_byte+0x12/0x40
[ 134.985347][ T6599] ? __pfx_dump_stack_lvl+0x10/0x10
[ 134.985372][ T6599] ? rcu_is_watching+0x15/0xb0
[ 134.985408][ T6599] ? lock_release+0x4b/0x3e0
[ 134.985430][ T6599] ? __virt_addr_valid+0x1c8/0x5c0
[ 134.985444][ T6599] ? __virt_addr_valid+0x4a5/0x5c0
[ 134.985460][ T6599] print_report+0xd2/0x2b0
[ 134.985479][ T6599] ? bch2_btree_node_read_done+0xd3b/0x51f0
[ 134.985502][ T6599] kasan_report+0x118/0x150
[ 134.985521][ T6599] ? bch2_btree_node_read_done+0xd3b/0x51f0
[ 134.985546][ T6599] bch2_btree_node_read_done+0xd3b/0x51f0
[ 134.985568][ T6599] ? __pfx_number+0x10/0x10
[ 134.985603][ T6599] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 134.985628][ T6599] ? bch2_extent_ptr_to_text+0x5a/0x890
[ 134.985656][ T6599] ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[ 134.985679][ T6599] ? bch2_printbuf_make_room+0xdb/0x360
[ 134.985705][ T6599] ? enumerated_ref_put+0xbe/0x270
[ 134.985721][ T6599] btree_node_read_work+0x426/0xe30
[ 134.985750][ T6599] ? __pfx_btree_node_read_work+0x10/0x10
[ 134.985776][ T6599] ? bch2_latency_acct+0x436/0x520
[ 134.985809][ T6599] ? __pfx_bch2_latency_acct+0x10/0x10
[ 134.985831][ T6599] ? bio_associate_blkg+0x6d/0x230
[ 134.985859][ T6599] bch2_btree_node_read+0x887/0x2a00
[ 134.985895][ T6599] ? bch2_btree_node_hash_insert+0x88/0xc0
[ 134.985919][ T6599] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 134.985949][ T6599] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 134.985972][ T6599] ? bch2_trans_unlock+0x8a/0x580
[ 134.985993][ T6599] ? bch2_trans_unlock+0x491/0x580
[ 134.986015][ T6599] bch2_btree_root_read+0x5f0/0x760
[ 134.986039][ T6599] ? __pfx_bch2_btree_root_read+0x10/0x10
[ 134.986071][ T6599] ? bch2_current_has_btree_trans+0x169/0x1a0
[ 134.986101][ T6599] read_btree_roots+0x2c2/0x880
[ 134.986132][ T6599] ? __pfx_read_btree_roots+0x10/0x10
[ 134.986161][ T6599] bch2_fs_recovery+0x2574/0x3950
[ 134.986181][ T6599] ? check_noncircular+0xe0/0x160
[ 134.986209][ T6599] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 134.986232][ T6599] ? __lock_acquire+0xab9/0xd20
[ 134.986254][ T6599] ? __lock_acquire+0xab9/0xd20
[ 134.986298][ T6599] ? __lock_acquire+0xab9/0xd20
[ 134.986326][ T6599] ? bch2_fs_start+0x9fe/0xd90
[ 134.986347][ T6599] ? up_write+0x1c4/0x420
[ 134.986358][ T6599] ? bch2_fs_start+0x5c4/0xd90
[ 134.986375][ T6599] bch2_fs_start+0xa99/0xd90
[ 134.986391][ T6599] ? bch2_fs_start+0x5c4/0xd90
[ 134.986413][ T6599] ? __pfx_bch2_fs_start+0x10/0x10
[ 134.986439][ T6599] ? sget+0x267/0x620
[ 134.986459][ T6599] bch2_fs_get_tree+0xb02/0x14f0
[ 134.986488][ T6599] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 134.986502][ T6599] ? smack_fs_context_parse_param+0x102/0x170
[ 134.986529][ T6599] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 134.986559][ T6599] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 134.986586][ T6599] ? cap_capable+0x11f/0x460
[ 134.986606][ T6599] ? bch2_init_fs_context+0x88/0x110
[ 134.986630][ T6599] ? safesetid_security_capable+0xa9/0x1a0
[ 134.986656][ T6599] vfs_get_tree+0x92/0x2b0
[ 134.986678][ T6599] do_new_mount+0x24a/0xa40
[ 134.986719][ T6599] __se_sys_mount+0x317/0x410
[ 134.986740][ T6599] ? __pfx___se_sys_mount+0x10/0x10
[ 134.986760][ T6599] ? do_syscall_64+0xbe/0x3b0
[ 134.986788][ T6599] ? __x64_sys_mount+0x20/0xc0
[ 134.986806][ T6599] do_syscall_64+0xfa/0x3b0
[ 134.986830][ T6599] ? lockdep_hardirqs_on+0x9c/0x150
[ 134.986865][ T6599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.986885][ T6599] ? clear_bhb_loop+0x60/0xb0
[ 134.986911][ T6599] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 134.986936][ T6599] RIP: 0033:0x7f18e398e90a
[ 134.986960][ T6599] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 134.986977][ T6599] RSP: 002b:00007f18e4735e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 134.986999][ T6599] RAX: ffffffffffffffda RBX: 00007f18e4735ef0 RCX: 00007f18e398e90a
[ 134.987011][ T6599] RDX: 0000400000000100 RSI: 0000400000000080 RDI: 00007f18e4735eb0
[ 134.987027][ T6599] RBP: 0000400000000100 R08: 00007f18e4735ef0 R09: 00000000022100c0
[ 134.987045][ T6599] R10: 00000000022100c0 R11: 0000000000000246 R12: 0000400000000080
[ 134.987055][ T6599] R13: 00007f18e4735eb0 R14: 0000000000005aa0 R15: 00004000000001c0
[ 134.987073][ T6599]
[ 134.987079][ T6599]
[ 135.458800][ T6599] Allocated by task 6599:
[ 135.463167][ T6599] kasan_save_track+0x3e/0x80
[ 135.467962][ T6599] __kasan_kmalloc+0x93/0xb0
[ 135.472576][ T6599] __kvmalloc_node_noprof+0x30d/0x5f0
[ 135.478001][ T6599] btree_node_data_alloc+0xdc/0x270
[ 135.483269][ T6599] __bch2_btree_node_mem_alloc+0x1ef/0x420
[ 135.489147][ T6599] bch2_fs_btree_cache_init+0x2de/0x690
[ 135.495011][ T6599] bch2_fs_open+0x1ceb/0x2570
[ 135.499724][ T6599] bch2_fs_get_tree+0x437/0x14f0
[ 135.504692][ T6599] vfs_get_tree+0x92/0x2b0
[ 135.509222][ T6599] do_new_mount+0x24a/0xa40
[ 135.514197][ T6599] __se_sys_mount+0x317/0x410
[ 135.518902][ T6599] do_syscall_64+0xfa/0x3b0
[ 135.523431][ T6599] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 135.529344][ T6599]
[ 135.531677][ T6599] The buggy address belongs to the object at ffff888071ff5c00
[ 135.531677][ T6599] which belongs to the cache kmalloc-rcl-512 of size 512
[ 135.546200][ T6599] The buggy address is located 16 bytes to the right of
[ 135.546200][ T6599] allocated 512-byte region [ffff888071ff5c00, ffff888071ff5e00)
[ 135.560832][ T6599]
[ 135.563175][ T6599] The buggy address belongs to the physical page:
[ 135.569686][ T6599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71ff4
[ 135.578555][ T6599] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 135.587157][ T6599] memcg:ffff8880715f2701
[ 135.591515][ T6599] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 135.599222][ T6599] page_type: f5(slab)
[ 135.603312][ T6599] raw: 00fff00000000040 ffff88801a442dc0 dead000000000122 0000000000000000
[ 135.611911][ T6599] raw: 0000000000000000 0000000080100010 00000000f5000000 ffff8880715f2701
[ 135.620616][ T6599] head: 00fff00000000040 ffff88801a442dc0 dead000000000122 0000000000000000
[ 135.629304][ T6599] head: 0000000000000000 0000000080100010 00000000f5000000 ffff8880715f2701
[ 135.637993][ T6599] head: 00fff00000000002 ffffea0001c7fd01 00000000ffffffff 00000000ffffffff
[ 135.647376][ T6599] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 135.656145][ T6599] page dumped because: kasan: bad access detected
[ 135.662582][ T6599] page_owner tracks the page as allocated
[ 135.668313][ T6599] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6599, tgid 6598 (syz.0.16), ts 134661824633, free_ts 134465944861
[ 135.692125][ T6599] post_alloc_hook+0x240/0x2a0
[ 135.696916][ T6599] get_page_from_freelist+0x21d5/0x22b0
[ 135.702481][ T6599] __alloc_frozen_pages_noprof+0x181/0x370
[ 135.708499][ T6599] alloc_pages_mpol+0x232/0x4a0
[ 135.713397][ T6599] allocate_slab+0x8a/0x3b0
[ 135.717927][ T6599] ___slab_alloc+0xbfc/0x1480
[ 135.722628][ T6599] __kvmalloc_node_noprof+0x429/0x5f0
[ 135.728113][ T6599] btree_node_data_alloc+0xdc/0x270
[ 135.733445][ T6599] __bch2_btree_node_mem_alloc+0x1ef/0x420
[ 135.739371][ T6599] bch2_fs_btree_cache_init+0x2de/0x690
[ 135.745435][ T6599] bch2_fs_open+0x1ceb/0x2570
[ 135.750264][ T6599] bch2_fs_get_tree+0x437/0x14f0
[ 135.755419][ T6599] vfs_get_tree+0x92/0x2b0
[ 135.759858][ T6599] do_new_mount+0x24a/0xa40
[ 135.764482][ T6599] __se_sys_mount+0x317/0x410
[ 135.769205][ T6599] do_syscall_64+0xfa/0x3b0
[ 135.773732][ T6599] page last free pid 6603 tgid 6603 stack trace:
[ 135.780084][ T6599] __free_frozen_pages+0xc65/0xe60
[ 135.785328][ T6599] __put_partials+0x161/0x1c0
[ 135.790136][ T6599] put_cpu_partial+0x17c/0x250
[ 135.795198][ T6599] __slab_free+0x2f7/0x400
[ 135.799644][ T6599] qlist_free_all+0x97/0x140
[ 135.804264][ T6599] kasan_quarantine_reduce+0x148/0x160
[ 135.809837][ T6599] __kasan_slab_alloc+0x22/0x80
[ 135.814731][ T6599] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 135.820485][ T6599] vm_area_dup+0x2b/0x680
[ 135.825016][ T6599] __split_vma+0x1a9/0xa00
[ 135.829635][ T6599] vms_gather_munmap_vmas+0x4ab/0x12b0
[ 135.835111][ T6599] mmap_region+0x678/0x1f30
[ 135.839719][ T6599] do_mmap+0xc45/0x10d0
[ 135.843896][ T6599] vm_mmap_pgoff+0x31b/0x4c0
[ 135.848501][ T6599] ksys_mmap_pgoff+0x51f/0x760
[ 135.853290][ T6599] do_syscall_64+0xfa/0x3b0
[ 135.857818][ T6599]
[ 135.860163][ T6599] Memory state around the buggy address:
[ 135.865799][ T6599] ffff888071ff5d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.873877][ T6599] ffff888071ff5d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 135.882048][ T6599] >ffff888071ff5e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 135.890144][ T6599] ^
[ 135.894762][ T6599] ffff888071ff5e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 135.902928][ T6599] ffff888071ff5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 135.911005][ T6599] ==================================================================
[ 135.911182][ T51] Bluetooth: hci0: command tx timeout
[ 135.992315][ T6599] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 135.999744][ T6599] CPU: 0 UID: 0 PID: 6599 Comm: syz.0.16 Not tainted 6.16.0-rc3-syzkaller-g86731a2a651e #0 PREEMPT(full)
[ 136.011221][ T6599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 136.021383][ T6599] Call Trace:
[ 136.024670][ T6599]
[ 136.027613][ T6599] dump_stack_lvl+0x99/0x250
[ 136.032325][ T6599] ? __asan_memcpy+0x40/0x70
[ 136.037110][ T6599] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.042334][ T6599] ? __pfx__printk+0x10/0x10
[ 136.047026][ T6599] panic+0x2db/0x790
[ 136.051087][ T6599] ? __pfx_panic+0x10/0x10
[ 136.055525][ T6599] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 136.061458][ T6599] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 136.067812][ T6599] ? print_memory_metadata+0x314/0x400
[ 136.073311][ T6599] ? bch2_btree_node_read_done+0xd3b/0x51f0
[ 136.079244][ T6599] check_panic_on_warn+0x89/0xb0
[ 136.084221][ T6599] ? bch2_btree_node_read_done+0xd3b/0x51f0
[ 136.090151][ T6599] end_report+0x78/0x160
[ 136.094540][ T6599] kasan_report+0x129/0x150
[ 136.099061][ T6599] ? bch2_btree_node_read_done+0xd3b/0x51f0
[ 136.104987][ T6599] bch2_btree_node_read_done+0xd3b/0x51f0
[ 136.110745][ T6599] ? __pfx_number+0x10/0x10
[ 136.115378][ T6599] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 136.121566][ T6599] ? bch2_extent_ptr_to_text+0x5a/0x890
[ 136.127150][ T6599] ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[ 136.132904][ T6599] ? bch2_printbuf_make_room+0xdb/0x360
[ 136.138579][ T6599] ? enumerated_ref_put+0xbe/0x270
[ 136.143709][ T6599] btree_node_read_work+0x426/0xe30
[ 136.149029][ T6599] ? __pfx_btree_node_read_work+0x10/0x10
[ 136.154782][ T6599] ? bch2_latency_acct+0x436/0x520
[ 136.160193][ T6599] ? __pfx_bch2_latency_acct+0x10/0x10
[ 136.165677][ T6599] ? bio_associate_blkg+0x6d/0x230
[ 136.171522][ T6599] bch2_btree_node_read+0x887/0x2a00
[ 136.177018][ T6599] ? bch2_btree_node_hash_insert+0x88/0xc0
[ 136.182858][ T6599] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 136.188535][ T6599] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 136.194308][ T6599] ? bch2_trans_unlock+0x8a/0x580
[ 136.199380][ T6599] ? bch2_trans_unlock+0x491/0x580
[ 136.204527][ T6599] bch2_btree_root_read+0x5f0/0x760
[ 136.209891][ T6599] ? __pfx_bch2_btree_root_read+0x10/0x10
[ 136.215993][ T6599] ? bch2_current_has_btree_trans+0x169/0x1a0
[ 136.222096][ T6599] read_btree_roots+0x2c2/0x880
[ 136.226982][ T6599] ? __pfx_read_btree_roots+0x10/0x10
[ 136.232381][ T6599] bch2_fs_recovery+0x2574/0x3950
[ 136.237422][ T6599] ? check_noncircular+0xe0/0x160
[ 136.243430][ T6599] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 136.248930][ T6599] ? __lock_acquire+0xab9/0xd20
[ 136.253815][ T6599] ? __lock_acquire+0xab9/0xd20
[ 136.259118][ T6599] ? __lock_acquire+0xab9/0xd20
[ 136.264105][ T6599] ? bch2_fs_start+0x9fe/0xd90
[ 136.268910][ T6599] ? up_write+0x1c4/0x420
[ 136.273274][ T6599] ? bch2_fs_start+0x5c4/0xd90
[ 136.278139][ T6599] bch2_fs_start+0xa99/0xd90
[ 136.282786][ T6599] ? bch2_fs_start+0x5c4/0xd90
[ 136.287677][ T6599] ? __pfx_bch2_fs_start+0x10/0x10
[ 136.292821][ T6599] ? sget+0x267/0x620
[ 136.296817][ T6599] bch2_fs_get_tree+0xb02/0x14f0
[ 136.301820][ T6599] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 136.307416][ T6599] ? smack_fs_context_parse_param+0x102/0x170
[ 136.313691][ T6599] ? vfs_parse_monolithic_sep+0x2df/0x310
[ 136.319427][ T6599] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 136.325125][ T6599] ? cap_capable+0x11f/0x460
[ 136.329743][ T6599] ? bch2_init_fs_context+0x88/0x110
[ 136.335281][ T6599] ? safesetid_security_capable+0xa9/0x1a0
[ 136.341478][ T6599] vfs_get_tree+0x92/0x2b0
[ 136.346010][ T6599] do_new_mount+0x24a/0xa40
[ 136.351332][ T6599] __se_sys_mount+0x317/0x410
[ 136.356217][ T6599] ? __pfx___se_sys_mount+0x10/0x10
[ 136.361468][ T6599] ? do_syscall_64+0xbe/0x3b0
[ 136.366193][ T6599] ? __x64_sys_mount+0x20/0xc0
[ 136.371011][ T6599] do_syscall_64+0xfa/0x3b0
[ 136.375632][ T6599] ? lockdep_hardirqs_on+0x9c/0x150
[ 136.380859][ T6599] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.387218][ T6599] ? clear_bhb_loop+0x60/0xb0
[ 136.391923][ T6599] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 136.397856][ T6599] RIP: 0033:0x7f18e398e90a
[ 136.402392][ T6599] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 136.422453][ T6599] RSP: 002b:00007f18e4735e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 136.430977][ T6599] RAX: ffffffffffffffda RBX: 00007f18e4735ef0 RCX: 00007f18e398e90a
[ 136.438970][ T6599] RDX: 0000400000000100 RSI: 0000400000000080 RDI: 00007f18e4735eb0
[ 136.447051][ T6599] RBP: 0000400000000100 R08: 00007f18e4735ef0 R09: 00000000022100c0
[ 136.455138][ T6599] R10: 00000000022100c0 R11: 0000000000000246 R12: 0000400000000080
[ 136.463218][ T6599] R13: 00007f18e4735eb0 R14: 0000000000005aa0 R15: 00004000000001c0
[ 136.471222][ T6599]
[ 136.474602][ T6599] Kernel Offset: disabled
[ 136.478936][ T6599] Rebooting in 86400 seconds..