Warning: Permanently added '[localhost]:36190' (ED25519) to the list of known hosts.
2025/06/06 23:55:34 ignoring optional flag "sandboxArg"="0"
2025/06/06 23:55:35 parsed 1 programs
[  138.047816][ T5641] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  138.205285][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[  138.216239][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[  142.450795][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.454328][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  142.500279][   T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  142.516523][   T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.733971][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  143.739950][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  143.745273][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  143.752051][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  143.755532][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  146.085197][ T5714] chnl_net:caif_netlink_parms(): no params data found
[  146.155126][ T5714] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.160490][ T5714] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.164622][ T5714] bridge_slave_0: entered allmulticast mode
[  146.169273][ T5714] bridge_slave_0: entered promiscuous mode
[  146.175153][ T5714] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.180377][ T5714] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.183923][ T5714] bridge_slave_1: entered allmulticast mode
[  146.188579][ T5714] bridge_slave_1: entered promiscuous mode
[  146.214531][ T5714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.221411][ T5714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.250892][ T5714] team0: Port device team_slave_0 added
[  146.257333][ T5714] team0: Port device team_slave_1 added
[  146.278681][ T5714] batman_adv: batadv0: Adding interface: batadv_slave_0
[  146.282155][ T5714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.294655][ T5714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  146.303386][ T5714] batman_adv: batadv0: Adding interface: batadv_slave_1
[  146.306886][ T5714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  146.319941][ T5714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  146.362474][ T5714] hsr_slave_0: entered promiscuous mode
[  146.367700][ T5714] hsr_slave_1: entered promiscuous mode
[  147.072413][ T5714] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  147.091788][ T5714] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  147.108770][ T5714] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  147.119489][ T5714] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  147.307930][ T5714] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.338986][ T5714] 8021q: adding VLAN 0 to HW filter on device team0
[  147.353982][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.357335][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.388591][ T1036] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.391881][ T1036] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.451518][ T5714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  147.761247][ T5714] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.840492][ T5714] veth0_vlan: entered promiscuous mode
[  147.863929][ T5714] veth1_vlan: entered promiscuous mode
[  147.917258][ T5714] veth0_macvtap: entered promiscuous mode
[  147.939785][ T5714] veth1_macvtap: entered promiscuous mode
[  147.984135][ T5714] batman_adv: batadv0: Interface activated: batadv_slave_0
[  148.004938][ T5714] batman_adv: batadv0: Interface activated: batadv_slave_1
[  148.023364][ T5714] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  148.045036][ T5714] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  148.051651][ T5714] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  148.057046][ T5714] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  148.351623][ T1036] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.487084][ T1036] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/06/06 23:55:51 executed programs: 0
[  149.297435][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  149.302744][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  149.307447][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  149.312241][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  149.317193][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  149.441284][ T1036] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.925597][ T5774] chnl_net:caif_netlink_parms(): no params data found
[  150.082943][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.087370][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.091169][ T5774] bridge_slave_0: entered allmulticast mode
[  150.107543][ T5774] bridge_slave_0: entered promiscuous mode
[  150.157912][ T1036] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.178768][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.182608][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.188081][ T5774] bridge_slave_1: entered allmulticast mode
[  150.198012][ T5774] bridge_slave_1: entered promiscuous mode
[  150.268885][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  150.274904][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  150.353209][ T5774] team0: Port device team_slave_0 added
[  150.377669][ T5774] team0: Port device team_slave_1 added
[  150.436455][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0
[  150.439661][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.467451][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  150.481916][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1
[  150.485156][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  150.528756][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  150.607560][ T5774] hsr_slave_0: entered promiscuous mode
[  150.618486][ T5774] hsr_slave_1: entered promiscuous mode
[  150.626903][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  150.631015][ T5774] Cannot create hsr debugfs directory
[  151.260454][ T1036] bridge_slave_1: left allmulticast mode
[  151.263107][ T1036] bridge_slave_1: left promiscuous mode
[  151.276214][ T1036] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.297928][ T1036] bridge_slave_0: left allmulticast mode
[  151.301203][ T1036] bridge_slave_0: left promiscuous mode
[  151.304050][ T1036] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.397372][   T45] Bluetooth: hci0: command tx timeout
[  152.198874][ T1036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.210482][ T1036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.228398][ T1036] bond0 (unregistering): Released all slaves
[  152.349579][ T1036] hsr_slave_0: left promiscuous mode
[  152.365482][ T1036] hsr_slave_1: left promiscuous mode
[  152.376917][ T1036] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  152.380102][ T1036] batman_adv: batadv0: Removing interface: batadv_slave_0
[  152.399897][ T1036] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  152.403460][ T1036] batman_adv: batadv0: Removing interface: batadv_slave_1
[  152.432323][ T1036] veth1_macvtap: left promiscuous mode
[  152.434824][ T1036] veth0_macvtap: left promiscuous mode
[  152.456231][ T1036] veth1_vlan: left promiscuous mode
[  152.459422][ T1036] veth0_vlan: left promiscuous mode
[  152.841166][ T1036] team0 (unregistering): Port device team_slave_1 removed
[  152.864836][ T1036] team0 (unregistering): Port device team_slave_0 removed
[  153.435117][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  153.465557][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  153.477166][   T45] Bluetooth: hci0: command tx timeout
[  153.490208][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  153.508180][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  153.769725][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0
[  153.804198][ T5774] 8021q: adding VLAN 0 to HW filter on device team0
[  153.820951][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.824528][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.858680][ T3055] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.862200][ T3055] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.924098][ T5774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  154.260165][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0
[  154.343969][ T5774] veth0_vlan: entered promiscuous mode
[  154.365596][ T5774] veth1_vlan: entered promiscuous mode
[  154.424130][ T5774] veth0_macvtap: entered promiscuous mode
[  154.457281][ T5774] veth1_macvtap: entered promiscuous mode
[  154.489756][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0
[  154.521766][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1
[  154.538203][ T5774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  154.542142][ T5774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  154.556058][ T5774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  154.560699][ T5774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  154.722310][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.743879][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  154.798012][ T3055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  154.804578][ T3055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/06/06 23:55:57 executed programs: 2
[  155.339731][ T5849] loop0: detected capacity change from 0 to 32768
[  155.492052][ T5849] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  155.492052][ T5849]   allowing incompatible features above 0.0: (unknown version)
[  155.492052][ T5849]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  155.560204][   T45] Bluetooth: hci0: command tx timeout
[  155.563397][ T5849] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  155.574272][ T5849] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  155.584462][ T5849] bcachefs (loop0): Version upgrade required:
[  155.584462][ T5849] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  155.584462][ T5849] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  155.584462][ T5849]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  155.724608][ T5849] bcachefs (loop0): btree node read error at btree dirents level 0/0
[  155.724630][ T5849]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[  155.724640][ T5849]   loop0 node offset 16/24: btree node data missing: expected 24 sectors, found 16
[  155.724647][ T5849]   repair success (rewriting node)
[  155.791653][ T5849] ==================================================================
[  155.795545][ T5849] BUG: KASAN: slab-use-after-free in bch2_btree_node_read_done+0xd28/0x5150
[  155.800240][ T5849] Read of size 8 at addr ffff88804292c010 by task syz.0.15/5849
[  155.804751][ T5849] 
[  155.805865][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz.0.15 Not tainted 6.15.0-syzkaller-g7a912d04415b #0 PREEMPT(full) 
[  155.805880][ T5849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  155.805888][ T5849] Call Trace:
[  155.805896][ T5849]  <TASK>
[  155.805905][ T5849]  dump_stack_lvl+0x189/0x250
[  155.805929][ T5849]  ? __virt_addr_valid+0x1c8/0x5c0
[  155.805967][ T5849]  ? rcu_is_watching+0x15/0xb0
[  155.805977][ T5849]  ? __kasan_check_byte+0x12/0x40
[  155.806002][ T5849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.806016][ T5849]  ? rcu_is_watching+0x15/0xb0
[  155.806025][ T5849]  ? lock_release+0x4b/0x3e0
[  155.806042][ T5849]  ? __virt_addr_valid+0x1c8/0x5c0
[  155.806051][ T5849]  ? __virt_addr_valid+0x4a5/0x5c0
[  155.806060][ T5849]  print_report+0xd2/0x2b0
[  155.806073][ T5849]  ? bch2_btree_node_read_done+0xd28/0x5150
[  155.806087][ T5849]  kasan_report+0x118/0x150
[  155.806098][ T5849]  ? bch2_btree_node_read_done+0xd28/0x5150
[  155.806112][ T5849]  bch2_btree_node_read_done+0xd28/0x5150
[  155.806123][ T5849]  ? __pfx_number+0x10/0x10
[  155.806213][ T5849]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  155.806223][ T5849]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  155.806233][ T5849]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  155.806240][ T5849]  ? bch2_printbuf_make_room+0xdb/0x360
[  155.806250][ T5849]  ? enumerated_ref_put+0xbe/0x270
[  155.806260][ T5849]  btree_node_read_work+0x426/0xe30
[  155.806272][ T5849]  ? __pfx_btree_node_read_work+0x10/0x10
[  155.806281][ T5849]  ? bch2_latency_acct+0x436/0x520
[  155.806288][ T5849]  ? __pfx_bch2_latency_acct+0x10/0x10
[  155.806294][ T5849]  ? bio_associate_blkg+0x6d/0x230
[  155.806316][ T5849]  bch2_btree_node_read+0x887/0x2a00
[  155.806331][ T5849]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  155.806341][ T5849]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  155.806358][ T5849]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  155.806372][ T5849]  ? bch2_trans_unlock+0x8a/0x580
[  155.806383][ T5849]  ? bch2_trans_unlock+0x491/0x580
[  155.806396][ T5849]  bch2_btree_root_read+0x5f0/0x760
[  155.806409][ T5849]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  155.806424][ T5849]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  155.806437][ T5849]  read_btree_roots+0x2c2/0x880
[  155.806453][ T5849]  ? __pfx_read_btree_roots+0x10/0x10
[  155.806467][ T5849]  ? bch2_fs_resize_on_mount+0x81/0x880
[  155.806481][ T5849]  bch2_fs_recovery+0x25ec/0x39a0
[  155.806494][ T5849]  ? check_noncircular+0xe0/0x160
[  155.806507][ T5849]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  155.806525][ T5849]  ? __lock_acquire+0xab9/0xd20
[  155.806542][ T5849]  ? __lock_acquire+0xab9/0xd20
[  155.806556][ T5849]  ? __lock_acquire+0xab9/0xd20
[  155.806575][ T5849]  ? bch2_fs_start+0x9fe/0xd90
[  155.806585][ T5849]  ? up_write+0x1c4/0x420
[  155.806594][ T5849]  ? bch2_fs_start+0x5c4/0xd90
[  155.806604][ T5849]  bch2_fs_start+0xa99/0xd90
[  155.806614][ T5849]  ? bch2_fs_start+0x5c4/0xd90
[  155.806624][ T5849]  ? __pfx_bch2_fs_start+0x10/0x10
[  155.806639][ T5849]  ? sget+0x267/0x620
[  155.806654][ T5849]  bch2_fs_get_tree+0xb6c/0x1460
[  155.806676][ T5849]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  155.806695][ T5849]  ? aa_get_newest_label+0xf7/0x5d0
[  155.806707][ T5849]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  155.806734][ T5849]  ? apparmor_capable+0x137/0x1b0
[  155.806745][ T5849]  vfs_get_tree+0x92/0x2b0
[  155.806756][ T5849]  do_new_mount+0x24a/0xa40
[  155.806770][ T5849]  __se_sys_mount+0x317/0x410
[  155.806783][ T5849]  ? __pfx___se_sys_mount+0x10/0x10
[  155.806792][ T5849]  ? do_syscall_64+0xbe/0x3b0
[  155.806802][ T5849]  ? __x64_sys_mount+0x20/0xc0
[  155.806812][ T5849]  do_syscall_64+0xfa/0x3b0
[  155.806821][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[  155.806838][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.806848][ T5849]  ? clear_bhb_loop+0x60/0xb0
[  155.806859][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.806869][ T5849] RIP: 0033:0x7f136e57ffba
[  155.806881][ T5849] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.806889][ T5849] RSP: 002b:00007f136f394e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  155.806902][ T5849] RAX: ffffffffffffffda RBX: 00007f136f394ef0 RCX: 00007f136e57ffba
[  155.806909][ T5849] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007f136f394eb0
[  155.806916][ T5849] RBP: 00000000200000c0 R08: 00007f136f394ef0 R09: 0000000000000010
[  155.806923][ T5849] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  155.806929][ T5849] R13: 00007f136f394eb0 R14: 0000000000005943 R15: 0000000020000480
[  155.806946][ T5849]  </TASK>
[  155.806950][ T5849] 
[  156.021187][ T5849] Allocated by task 4740:
[  156.023219][ T5849]  kasan_save_track+0x3e/0x80
[  156.025374][ T5849]  __kasan_slab_alloc+0x6c/0x80
[  156.027648][ T5849]  kmem_cache_alloc_lru_noprof+0x1c6/0x3d0
[  156.030966][ T5849]  alloc_inode+0xb8/0x1b0
[  156.033066][ T5849]  iget_locked+0xf0/0x570
[  156.035151][ T5849]  kernfs_get_inode+0x4f/0x780
[  156.037331][ T5849]  kernfs_iop_lookup+0x1f6/0x320
[  156.039997][ T5849]  __lookup_slow+0x294/0x3d0
[  156.042459][ T5849]  lookup_slow+0x53/0x70
[  156.045140][ T5849]  walk_component+0x2d2/0x400
[  156.049296][ T5849]  path_lookupat+0x163/0x430
[  156.051997][ T5849]  filename_lookup+0x212/0x570
[  156.054636][ T5849]  do_readlinkat+0xd9/0x500
[  156.057087][ T5849]  __x64_sys_readlink+0x7f/0x90
[  156.059549][ T5849]  do_syscall_64+0xfa/0x3b0
[  156.061723][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.064738][ T5849] 
[  156.066131][ T5849] Freed by task 15:
[  156.068504][ T5849]  kasan_save_track+0x3e/0x80
[  156.071776][ T5849]  kasan_save_free_info+0x46/0x50
[  156.074237][ T5849]  __kasan_slab_free+0x62/0x70
[  156.076404][ T5849]  kmem_cache_free+0x18f/0x400
[  156.078611][ T5849]  rcu_core+0xca5/0x1710
[  156.080435][ T5849]  handle_softirqs+0x286/0x870
[  156.082550][ T5849]  run_ksoftirqd+0x9b/0x100
[  156.084911][ T5849]  smpboot_thread_fn+0x53f/0xa60
[  156.087921][ T5849]  kthread+0x70e/0x8a0
[  156.090181][ T5849]  ret_from_fork+0x3f9/0x770
[  156.092367][ T5849]  ret_from_fork_asm+0x1a/0x30
[  156.094563][ T5849] 
[  156.095638][ T5849] Last potentially related work creation:
[  156.098132][ T5849]  kasan_save_stack+0x3e/0x60
[  156.100250][ T5849]  kasan_record_aux_stack+0xbd/0xd0
[  156.102583][ T5849]  call_rcu+0x142/0x990
[  156.104847][ T5849]  evict+0x847/0x9c0
[  156.107055][ T5849]  __dentry_kill+0x209/0x660
[  156.109217][ T5849]  shrink_kill+0xa9/0x2c0
[  156.111212][ T5849]  shrink_dentry_list+0x2e0/0x5e0
[  156.113379][ T5849]  prune_dcache_sb+0x10e/0x180
[  156.115551][ T5849]  super_cache_scan+0x369/0x4b0
[  156.117695][ T5849]  do_shrink_slab+0x6ef/0x1110
[  156.120445][ T5849]  shrink_slab+0xd74/0x10d0
[  156.123050][ T5849]  shrink_one+0x28a/0x7c0
[  156.125434][ T5849]  shrink_node+0x314e/0x3760
[  156.127467][ T5849]  kswapd+0x147c/0x2830
[  156.129289][ T5849]  kthread+0x70e/0x8a0
[  156.131090][ T5849]  ret_from_fork+0x3f9/0x770
[  156.133178][ T5849]  ret_from_fork_asm+0x1a/0x30
[  156.135366][ T5849] 
[  156.136441][ T5849] The buggy address belongs to the object at ffff88804292c000
[  156.136441][ T5849]  which belongs to the cache inode_cache of size 1160
[  156.142954][ T5849] The buggy address is located 16 bytes inside of
[  156.142954][ T5849]  freed 1160-byte region [ffff88804292c000, ffff88804292c488)
[  156.149758][ T5849] 
[  156.150820][ T5849] The buggy address belongs to the physical page:
[  156.153643][ T5849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804292f250 pfn:0x4292c
[  156.158188][ T5849] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  156.162298][ T5849] flags: 0x4fff00000000240(workingset|head|node=1|zone=1|lastcpupid=0x7ff)
[  156.166075][ T5849] page_type: f5(slab)
[  156.167781][ T5849] raw: 04fff00000000240 ffff88801b6e08c0 ffffea00010a5910 ffffea00010a4e10
[  156.171751][ T5849] raw: ffff88804292f250 00000000000c0001 00000000f5000000 0000000000000000
[  156.176089][ T5849] head: 04fff00000000240 ffff88801b6e08c0 ffffea00010a5910 ffffea00010a4e10
[  156.180561][ T5849] head: ffff88804292f250 00000000000c0001 00000000f5000000 0000000000000000
[  156.184683][ T5849] head: 04fff00000000002 ffffea00010a4b01 00000000ffffffff 00000000ffffffff
[  156.189107][ T5849] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  156.193611][ T5849] page dumped because: kasan: bad access detected
[  156.196500][ T5849] page_owner tracks the page as allocated
[  156.199105][ T5849] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4740, tgid 4740 (udevadm), ts 37407564640, free_ts 0
[  156.210053][ T5849]  post_alloc_hook+0x240/0x2a0
[  156.212235][ T5849]  get_page_from_freelist+0x21e4/0x22c0
[  156.215002][ T5849]  __alloc_frozen_pages_noprof+0x181/0x370
[  156.217869][ T5849]  alloc_pages_mpol+0x232/0x4a0
[  156.220744][ T5849]  allocate_slab+0x8a/0x3b0
[  156.223167][ T5849]  ___slab_alloc+0xbfc/0x1480
[  156.225413][ T5849]  kmem_cache_alloc_lru_noprof+0x288/0x3d0
[  156.227966][ T5849]  alloc_inode+0xb8/0x1b0
[  156.229837][ T5849]  iget_locked+0xf0/0x570
[  156.231697][ T5849]  kernfs_get_inode+0x4f/0x780
[  156.233852][ T5849]  kernfs_iop_lookup+0x1f6/0x320
[  156.236188][ T5849]  __lookup_slow+0x294/0x3d0
[  156.238595][ T5849]  lookup_slow+0x53/0x70
[  156.240844][ T5849]  walk_component+0x2d2/0x400
[  156.243025][ T5849]  path_lookupat+0x163/0x430
[  156.245113][ T5849]  filename_lookup+0x212/0x570
[  156.247235][ T5849] page_owner free stack trace missing
[  156.249714][ T5849] 
[  156.251204][ T5849] Memory state around the buggy address:
[  156.254804][ T5849]  ffff88804292bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  156.258765][ T5849]  ffff88804292bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  156.262194][ T5849] >ffff88804292c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.265964][ T5849]                          ^
[  156.268496][ T5849]  ffff88804292c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.272181][ T5849]  ffff88804292c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.275716][ T5849] ==================================================================
[  156.477096][ T5849] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  156.480839][ T5849] CPU: 0 UID: 0 PID: 5849 Comm: syz.0.15 Not tainted 6.15.0-syzkaller-g7a912d04415b #0 PREEMPT(full) 
[  156.486560][ T5849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  156.491284][ T5849] Call Trace:
[  156.492822][ T5849]  <TASK>
[  156.494230][ T5849]  dump_stack_lvl+0x99/0x250
[  156.496294][ T5849]  ? __asan_memcpy+0x40/0x70
[  156.498353][ T5849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.500768][ T5849]  ? __pfx__printk+0x10/0x10
[  156.502839][ T5849]  panic+0x2db/0x790
[  156.504707][ T5849]  ? __pfx_panic+0x10/0x10
[  156.506944][ T5849]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  156.509867][ T5849]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  156.512745][ T5849]  ? print_memory_metadata+0x314/0x400
[  156.515220][ T5849]  ? bch2_btree_node_read_done+0xd28/0x5150
[  156.518049][ T5849]  check_panic_on_warn+0x89/0xb0
[  156.520843][ T5849]  ? bch2_btree_node_read_done+0xd28/0x5150
[  156.523677][ T5849]  end_report+0x78/0x160
[  156.525575][ T5849]  kasan_report+0x129/0x150
[  156.527575][ T5849]  ? bch2_btree_node_read_done+0xd28/0x5150
[  156.530222][ T5849]  bch2_btree_node_read_done+0xd28/0x5150
[  156.533473][ T5849]  ? __pfx_number+0x10/0x10
[  156.535978][ T5849]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  156.538681][ T5849]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  156.541086][ T5849]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  156.543542][ T5849]  ? bch2_printbuf_make_room+0xdb/0x360
[  156.546018][ T5849]  ? enumerated_ref_put+0xbe/0x270
[  156.548467][ T5849]  btree_node_read_work+0x426/0xe30
[  156.551196][ T5849]  ? __pfx_btree_node_read_work+0x10/0x10
[  156.554316][ T5849]  ? bch2_latency_acct+0x436/0x520
[  156.556668][ T5849]  ? __pfx_bch2_latency_acct+0x10/0x10
[  156.559062][ T5849]  ? bio_associate_blkg+0x6d/0x230
[  156.561435][ T5849]  bch2_btree_node_read+0x887/0x2a00
[  156.564091][ T5849]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  156.567034][ T5849]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  156.569661][ T5849]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  156.572148][ T5849]  ? bch2_trans_unlock+0x8a/0x580
[  156.574385][ T5849]  ? bch2_trans_unlock+0x491/0x580
[  156.576692][ T5849]  bch2_btree_root_read+0x5f0/0x760
[  156.579216][ T5849]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  156.582647][ T5849]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  156.585774][ T5849]  read_btree_roots+0x2c2/0x880
[  156.587940][ T5849]  ? __pfx_read_btree_roots+0x10/0x10
[  156.590576][ T5849]  ? bch2_fs_resize_on_mount+0x81/0x880
[  156.593007][ T5849]  bch2_fs_recovery+0x25ec/0x39a0
[  156.595362][ T5849]  ? check_noncircular+0xe0/0x160
[  156.597783][ T5849]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  156.600492][ T5849]  ? __lock_acquire+0xab9/0xd20
[  156.602858][ T5849]  ? __lock_acquire+0xab9/0xd20
[  156.605193][ T5849]  ? __lock_acquire+0xab9/0xd20
[  156.607366][ T5849]  ? bch2_fs_start+0x9fe/0xd90
[  156.609500][ T5849]  ? up_write+0x1c4/0x420
[  156.611533][ T5849]  ? bch2_fs_start+0x5c4/0xd90
[  156.614140][ T5849]  bch2_fs_start+0xa99/0xd90
[  156.616757][ T5849]  ? bch2_fs_start+0x5c4/0xd90
[  156.619076][ T5849]  ? __pfx_bch2_fs_start+0x10/0x10
[  156.621362][ T5849]  ? sget+0x267/0x620
[  156.623109][ T5849]  bch2_fs_get_tree+0xb6c/0x1460
[  156.625332][ T5849]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  156.627548][ T5849]  ? aa_get_newest_label+0xf7/0x5d0
[  156.630020][ T5849]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  156.633483][ T5849]  ? apparmor_capable+0x137/0x1b0
[  156.635898][ T5849]  vfs_get_tree+0x92/0x2b0
[  156.637820][ T5849]  do_new_mount+0x24a/0xa40
[  156.639855][ T5849]  __se_sys_mount+0x317/0x410
[  156.642080][ T5849]  ? __pfx___se_sys_mount+0x10/0x10
[  156.644751][ T5849]  ? do_syscall_64+0xbe/0x3b0
[  156.647034][ T5849]  ? __x64_sys_mount+0x20/0xc0
[  156.649850][ T5849]  do_syscall_64+0xfa/0x3b0
[  156.652111][ T5849]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.654468][ T5849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.657200][ T5849]  ? clear_bhb_loop+0x60/0xb0
[  156.659265][ T5849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.661879][ T5849] RIP: 0033:0x7f136e57ffba
[  156.664085][ T5849] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.673053][ T5849] RSP: 002b:00007f136f394e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  156.676957][ T5849] RAX: ffffffffffffffda RBX: 00007f136f394ef0 RCX: 00007f136e57ffba
[  156.680343][ T5849] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007f136f394eb0
[  156.683823][ T5849] RBP: 00000000200000c0 R08: 00007f136f394ef0 R09: 0000000000000010
[  156.687364][ T5849] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  156.690926][ T5849] R13: 00007f136f394eb0 R14: 0000000000005943 R15: 0000000020000480
[  156.694502][ T5849]  </TASK>
[  156.696243][ T5849] Kernel Offset: disabled
[  156.698277][ T5849] Rebooting in 86400 seconds..