[   86.654306][    T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:13675' (ED25519) to the list of known hosts.
2025/01/15 19:01:27 ignoring optional flag "sandboxArg"="0"
2025/01/15 19:01:28 parsed 1 programs
[   94.286428][ T5571] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.956769][ T4661] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.959698][ T4661] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.971558][ T4661] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.974611][ T4661] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.977533][ T4661] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   96.980218][ T4661] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.488379][ T1078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.496645][ T1078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.519288][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.523462][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.446199][ T5639] chnl_net:caif_netlink_parms(): no params data found
[   98.485397][ T5639] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.488839][ T5639] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.492805][ T5639] bridge_slave_0: entered allmulticast mode
[   98.495915][ T5639] bridge_slave_0: entered promiscuous mode
[   98.499453][ T5639] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.506618][ T5639] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.509524][ T5639] bridge_slave_1: entered allmulticast mode
[   98.513662][ T5639] bridge_slave_1: entered promiscuous mode
[   98.523448][ T5639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.527978][ T5639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.539431][ T5639] team0: Port device team_slave_0 added
[   98.543503][ T5639] team0: Port device team_slave_1 added
[   98.553694][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.556353][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.566613][ T5639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.572190][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.574901][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.585426][ T5639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.602959][ T5639] hsr_slave_0: entered promiscuous mode
[   98.605831][ T5639] hsr_slave_1: entered promiscuous mode
[   98.837624][ T5639] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.863874][ T5639] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.868372][ T5639] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.875254][ T5639] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.899196][ T5639] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.902006][ T5639] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.904861][ T5639] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.907548][ T5639] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.968536][   T30] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.971955][   T30] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.983314][ T5639] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.996793][ T5639] 8021q: adding VLAN 0 to HW filter on device team0
[   99.015078][ T1078] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.018175][ T1078] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.033953][ T1078] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.036694][ T1078] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.062735][ T5639] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   99.066506][ T5639] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   99.202879][ T5639] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.234603][ T5639] veth0_vlan: entered promiscuous mode
[   99.253267][ T5639] veth1_vlan: entered promiscuous mode
[   99.276285][ T5639] veth0_macvtap: entered promiscuous mode
[   99.293073][ T5639] veth1_macvtap: entered promiscuous mode
[   99.316600][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.329561][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.346639][ T5639] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.361976][ T5639] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.365605][ T5639] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.368978][ T5639] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.476684][ T4064] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.524938][ T4064] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.571220][ T4064] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/01/15 19:01:37 executed programs: 0
[   99.647334][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.650828][ T4064] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.655615][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.658485][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.661945][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.664682][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   99.667274][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.839326][ T5687] chnl_net:caif_netlink_parms(): no params data found
[   99.912744][ T5687] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.915550][ T5687] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.918299][ T5687] bridge_slave_0: entered allmulticast mode
[   99.921160][ T5687] bridge_slave_0: entered promiscuous mode
[   99.933625][ T5687] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.936332][ T5687] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.939120][ T5687] bridge_slave_1: entered allmulticast mode
[   99.952181][ T5687] bridge_slave_1: entered promiscuous mode
[   99.983873][ T5687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.988293][ T5687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.022641][ T5687] team0: Port device team_slave_0 added
[  100.025741][ T5687] team0: Port device team_slave_1 added
[  100.051862][ T5687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.054399][ T5687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.077074][ T5687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.093337][ T5687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.096030][ T5687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.122949][ T5687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  100.164479][ T5687] hsr_slave_0: entered promiscuous mode
[  100.174809][ T5687] hsr_slave_1: entered promiscuous mode
[  100.182090][ T5687] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  100.185034][ T5687] Cannot create hsr debugfs directory
[  101.691554][ T4661] Bluetooth: hci0: command tx timeout
[  102.246717][ T4064] bridge_slave_1: left allmulticast mode
[  102.248793][ T4064] bridge_slave_1: left promiscuous mode
[  102.251067][ T4064] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.272103][ T4064] bridge_slave_0: left allmulticast mode
[  102.274342][ T4064] bridge_slave_0: left promiscuous mode
[  102.276555][ T4064] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.374742][ T4064] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  102.390428][ T4064] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  102.402966][ T4064] bond0 (unregistering): Released all slaves
[  102.479387][ T4064] hsr_slave_0: left promiscuous mode
[  102.486669][ T4064] hsr_slave_1: left promiscuous mode
[  102.493239][ T4064] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.496131][ T4064] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.518288][ T4064] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.521134][ T4064] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.531521][ T4064] veth1_macvtap: left promiscuous mode
[  102.533674][ T4064] veth0_macvtap: left promiscuous mode
[  102.535790][ T4064] veth1_vlan: left promiscuous mode
[  102.537902][ T4064] veth0_vlan: left promiscuous mode
[  102.663438][ T4064] team0 (unregistering): Port device team_slave_1 removed
[  102.668733][ T4064] team0 (unregistering): Port device team_slave_0 removed
[  102.839106][ T5687] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  102.853212][ T5687] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  102.866050][ T5687] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  102.881852][ T5687] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  103.000326][ T5687] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.027852][ T5687] 8021q: adding VLAN 0 to HW filter on device team0
[  103.044085][   T30] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.046828][   T30] bridge0: port 1(bridge_slave_0) entered forwarding state
[  103.079322][   T30] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.082150][   T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[  103.222368][ T5687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  103.259616][ T5687] veth0_vlan: entered promiscuous mode
[  103.274577][ T5687] veth1_vlan: entered promiscuous mode
[  103.290604][ T5687] veth0_macvtap: entered promiscuous mode
[  103.295641][ T5687] veth1_macvtap: entered promiscuous mode
[  103.304510][ T5687] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.310416][ T5687] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.317816][ T5687] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.322185][ T5687] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.325492][ T5687] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.328841][ T5687] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.359282][ T4064] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.368385][ T4064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.379569][ T4064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.384152][ T4064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.533048][ T5837] loop0: detected capacity change from 0 to 32768
[  103.579060][ T5837] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  103.586168][ T5837] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  103.589303][ T5837] bcachefs (loop0): Version upgrade required:
[  103.589303][ T5837] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  103.589303][ T5837] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  103.589303][ T5837]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  103.619505][ T5837] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0
[  103.619517][ T5837]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0  
[  103.619526][ T5837]   node offset 16/24: btree node data missing: expected 24 sectors, found 16, fixing
[  103.634795][ T5837] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=dirents level=0 SPOS_MAX due to error
[  103.639696][ T5837] bcachefs (loop0): error validating btree node at btree alloc level 0/0
[  103.639707][ T5837]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0  
[  103.639714][ T5837]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
[  103.655572][ T5837] bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=alloc level=0 SPOS_MAX due to error
[  103.660668][ T5837] ==================================================================
[  103.663796][ T5837] BUG: KASAN: use-after-free in bch2_btree_node_read_done+0xfbe/0x5e90
[  103.666927][ T5837] Read of size 8 at addr ffff8880427b0010 by task syz.0.15/5837
[  103.670488][ T5837] 
[  103.671421][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: syz.0.15 Not tainted 6.13.0-rc7-syzkaller-g619f0b6fad52 #0
[  103.675128][ T5837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.679019][ T5837] Call Trace:
[  103.680309][ T5837]  <TASK>
[  103.681436][ T5837]  dump_stack_lvl+0x241/0x360
[  103.683226][ T5837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  103.685156][ T5837]  ? __pfx__printk+0x10/0x10
[  103.686873][ T5837]  ? _printk+0xd5/0x120
[  103.688500][ T5837]  ? __virt_addr_valid+0x183/0x530
[  103.690977][ T5837]  ? __virt_addr_valid+0x183/0x530
[  103.693444][ T5837]  print_report+0x169/0x550
[  103.695459][ T5837]  ? __virt_addr_valid+0x183/0x530
[  103.697390][ T5837]  ? __virt_addr_valid+0x183/0x530
[  103.699339][ T5837]  ? __virt_addr_valid+0x45f/0x530
[  103.701195][ T5837]  ? __phys_addr+0xba/0x170
[  103.702971][ T5837]  ? bch2_btree_node_read_done+0xfbe/0x5e90
[  103.705429][ T5837]  kasan_report+0x143/0x180
[  103.707195][ T5837]  ? bch2_btree_node_read_done+0xfbe/0x5e90
[  103.709466][ T5837]  bch2_btree_node_read_done+0xfbe/0x5e90
[  103.711693][ T5837]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  103.714161][ T5837]  ? __pfx_bch2_bkey_ptrs_to_text+0x10/0x10
[  103.716357][ T5837]  ? bch2_bkey_pick_read_device+0x3d1/0x1670
[  103.718607][ T5837]  ? bch2_bkey_pick_read_device+0x137d/0x1670
[  103.720989][ T5837]  ? bch2_bkey_pick_read_device+0x221/0x1670
[  103.723134][ T5837]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  103.725556][ T5837]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  103.727821][ T5837]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  103.730106][ T5837]  ? rcu_is_watching+0x15/0xb0
[  103.731854][ T5837]  btree_node_read_work+0x68b/0x1260
[  103.733743][ T5837]  ? __pfx_btree_node_read_work+0x10/0x10
[  103.735637][ T5837]  ? __bch2_time_stats_update+0x250/0x370
[  103.737578][ T5837]  ? __pfx_bch2_latency_acct+0x10/0x10
[  103.739666][ T5837]  ? bio_associate_blkg+0x6c/0x230
[  103.741719][ T5837]  bch2_btree_node_read+0x2433/0x29f0
[  103.743800][ T5837]  ? __pfx_lock_release+0x10/0x10
[  103.745698][ T5837]  ? __mutex_unlock_slowpath+0x21e/0x790
[  103.747760][ T5837]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  103.749784][ T5837]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  103.752330][ T5837]  ? bch2_trans_unlock+0x3a6/0x470
[  103.754197][ T5837]  bch2_btree_root_read+0x617/0x7a0
[  103.756213][ T5837]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  103.758392][ T5837]  ? bch2_current_has_btree_trans+0x142/0x180
[  103.760776][ T5837]  read_btree_roots+0x296/0x840
[  103.762664][ T5837]  bch2_fs_recovery+0x2585/0x39d0
[  103.764499][ T5837]  ? vfs_get_tree+0x90/0x2b0
[  103.766274][ T5837]  ? do_new_mount+0x2be/0xb40
[  103.768085][ T5837]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  103.770082][ T5837]  ? percpu_ref_put+0x1f/0x250
[  103.771928][ T5837]  ? percpu_ref_put+0x1f/0x250
[  103.773750][ T5837]  ? rcu_is_watching+0x15/0xb0
[  103.775595][ T5837]  ? percpu_ref_put+0x1f/0x250
[  103.777376][ T5837]  ? rcu_is_watching+0x15/0xb0
[  103.778887][ T5837]  ? lock_release+0xbf/0xa30
[  103.780390][ T5837]  ? __pfx_lock_release+0x10/0x10
[  103.782217][ T5837]  ? lock_release+0xbf/0xa30
[  103.783688][ T5837]  ? __pfx_lock_release+0x10/0x10
[  103.785555][ T5837]  ? percpu_ref_put+0x18b/0x250
[  103.787359][ T5837]  ? __pfx_lock_release+0x10/0x10
[  103.789196][ T5837]  ? percpu_ref_put+0x18b/0x250
[  103.791072][ T5837]  ? bch2_get_next_online_dev+0x90/0x4f0
[  103.793145][ T5837]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  103.795348][ T5837]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  103.797624][ T5837]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  103.799880][ T5837]  ? llist_reverse_order+0x72/0x90
[  103.801955][ T5837]  bch2_fs_start+0x356/0x5b0
[  103.803862][ T5837]  bch2_fs_get_tree+0xd68/0x1710
[  103.805800][ T5837]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  103.808007][ T5837]  ? generic_parse_monolithic+0x387/0x400
[  103.810350][ T5837]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  103.812591][ T5837]  ? apparmor_capable+0x13b/0x1b0
[  103.814591][ T5837]  vfs_get_tree+0x90/0x2b0
[  103.816304][ T5837]  do_new_mount+0x2be/0xb40
[  103.818064][ T5837]  ? __pfx_do_new_mount+0x10/0x10
[  103.820011][ T5837]  __se_sys_mount+0x2d6/0x3c0
[  103.821853][ T5837]  ? __pfx___se_sys_mount+0x10/0x10
[  103.823850][ T5837]  ? rcu_is_watching+0x15/0xb0
[  103.825669][ T5837]  ? __x64_sys_mount+0x20/0xc0
[  103.827471][ T5837]  do_syscall_64+0xf3/0x230
[  103.829175][ T5837]  ? clear_bhb_loop+0x35/0x90
[  103.831079][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.833465][ T5837] RIP: 0033:0x7f193cf7ffba
[  103.835171][ T5837] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  103.842240][ T5837] RSP: 002b:00007f193dd7de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  103.845531][ T5837] RAX: ffffffffffffffda RBX: 00007f193dd7def0 RCX: 00007f193cf7ffba
[  103.849039][ T5837] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007f193dd7deb0
[  103.852046][ T5837] RBP: 00000000200000c0 R08: 00007f193dd7def0 R09: 0000000000000010
[  103.854904][ T5837] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  103.857826][ T5837] R13: 00007f193dd7deb0 R14: 0000000000005943 R15: 0000000020000480
[  103.860774][ T5837]  </TASK>
[  103.861968][ T5837] 
[  103.862888][ T5837] The buggy address belongs to the physical page:
[  103.865341][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880427b3758 pfn:0x427b0
[  103.869036][ T5837] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  103.871694][ T5837] page_type: f0(buddy)
[  103.873255][ T5837] raw: 04fff00000000000 ffffea000109fb08 ffffea000102fa08 0000000000000000
[  103.876514][ T5837] raw: ffff8880427b3758 0000000000000002 00000000f0000000 0000000000000000
[  103.879690][ T5837] page dumped because: kasan: bad access detected
[  103.882078][ T5837] page_owner tracks the page as freed
[  103.884096][ T5837] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 4731, tgid 4731 (udevd), ts 27726229927, free_ts 67054770584
[  103.892200][ T5837]  post_alloc_hook+0x1f3/0x230
[  103.894080][ T5837]  get_page_from_freelist+0x365c/0x37a0
[  103.896137][ T5837]  __alloc_pages_noprof+0x292/0x710
[  103.898101][ T5837]  alloc_pages_mpol_noprof+0x3e1/0x780
[  103.900164][ T5837]  alloc_slab_page+0x6a/0x110
[  103.901970][ T5837]  allocate_slab+0x5a/0x2b0
[  103.903630][ T5837]  ___slab_alloc+0xc27/0x14a0
[  103.905402][ T5837]  __slab_alloc+0x58/0xa0
[  103.907104][ T5837]  kmem_cache_alloc_lru_noprof+0x26c/0x390
[  103.909301][ T5837]  alloc_inode+0x87/0x1a0
[  103.910973][ T5837]  iget_locked+0xf1/0x5a0
[  103.912559][ T5837]  kernfs_get_inode+0x51/0x760
[  103.914351][ T5837]  kernfs_iop_lookup+0x266/0x390
[  103.916167][ T5837]  __lookup_slow+0x28c/0x3f0
[  103.917860][ T5837]  lookup_slow+0x53/0x70
[  103.919453][ T5837]  walk_component+0x2e1/0x410
[  103.921169][ T5837] page last free pid 1093 tgid 1093 stack trace:
[  103.923507][ T5837]  free_unref_page+0xd3f/0x1010
[  103.925249][ T5837]  __slab_free+0x2c2/0x380
[  103.926820][ T5837]  qlist_free_all+0x9a/0x140
[  103.928508][ T5837]  kasan_quarantine_reduce+0x14f/0x170
[  103.930410][ T5837]  __kasan_slab_alloc+0x23/0x80
[  103.932160][ T5837]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[  103.934231][ T5837]  __alloc_skb+0x1c3/0x440
[  103.935824][ T5837]  inet_netconf_notify_devconf+0x15a/0x220
[  103.938073][ T5837]  inetdev_event+0x87b/0x1550
[  103.939794][ T5837]  notifier_call_chain+0x1a5/0x3f0
[  103.941683][ T5837]  unregister_netdevice_many_notify+0xedd/0x1da0
[  103.943886][ T5837]  cleanup_net+0x75d/0xd50
[  103.945434][ T5837]  process_scheduled_works+0xa66/0x1840
[  103.947399][ T5837]  worker_thread+0x870/0xd30
[  103.949015][ T5837]  kthread+0x2f0/0x390
[  103.950435][ T5837]  ret_from_fork+0x4b/0x80
[  103.952018][ T5837] 
[  103.952859][ T5837] Memory state around the buggy address:
[  103.954789][ T5837]  ffff8880427aff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.957601][ T5837]  ffff8880427aff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  103.960447][ T5837] >ffff8880427b0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.963233][ T5837]                          ^
[  103.964836][ T5837]  ffff8880427b0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.967615][ T5837]  ffff8880427b0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  103.970434][ T5837] ==================================================================
[  103.974112][ T4661] Bluetooth: hci0: command tx timeout
[  103.985804][ T5837] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  103.988442][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: syz.0.15 Not tainted 6.13.0-rc7-syzkaller-g619f0b6fad52 #0
[  103.992013][ T5837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  103.995818][ T5837] Call Trace:
[  103.997129][ T5837]  <TASK>
[  103.998213][ T5837]  dump_stack_lvl+0x241/0x360
[  103.999932][ T5837]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.001909][ T5837]  ? __pfx__printk+0x10/0x10
[  104.003680][ T5837]  ? rcu_is_watching+0x15/0xb0
[  104.005396][ T5837]  ? preempt_schedule+0xe1/0xf0
[  104.007194][ T5837]  ? vscnprintf+0x5d/0x90
[  104.008780][ T5837]  panic+0x349/0x880
[  104.010227][ T5837]  ? check_panic_on_warn+0x21/0xb0
[  104.012063][ T5837]  ? __pfx_panic+0x10/0x10
[  104.013641][ T5837]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  104.015784][ T5837]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.018160][ T5837]  ? print_report+0x502/0x550
[  104.019976][ T5837]  check_panic_on_warn+0x86/0xb0
[  104.021864][ T5837]  ? bch2_btree_node_read_done+0xfbe/0x5e90
[  104.023970][ T5837]  end_report+0x77/0x160
[  104.025587][ T5837]  kasan_report+0x154/0x180
[  104.027297][ T5837]  ? bch2_btree_node_read_done+0xfbe/0x5e90
[  104.029477][ T5837]  bch2_btree_node_read_done+0xfbe/0x5e90
[  104.031664][ T5837]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  104.033985][ T5837]  ? __pfx_bch2_bkey_ptrs_to_text+0x10/0x10
[  104.036196][ T5837]  ? bch2_bkey_pick_read_device+0x3d1/0x1670
[  104.038318][ T5837]  ? bch2_bkey_pick_read_device+0x137d/0x1670
[  104.040644][ T5837]  ? bch2_bkey_pick_read_device+0x221/0x1670
[  104.042901][ T5837]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  104.045097][ T5837]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  104.047143][ T5837]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  104.049303][ T5837]  ? rcu_is_watching+0x15/0xb0
[  104.051075][ T5837]  btree_node_read_work+0x68b/0x1260
[  104.052988][ T5837]  ? __pfx_btree_node_read_work+0x10/0x10
[  104.055022][ T5837]  ? __bch2_time_stats_update+0x250/0x370
[  104.057074][ T5837]  ? __pfx_bch2_latency_acct+0x10/0x10
[  104.059049][ T5837]  ? bio_associate_blkg+0x6c/0x230
[  104.060955][ T5837]  bch2_btree_node_read+0x2433/0x29f0
[  104.062873][ T5837]  ? __pfx_lock_release+0x10/0x10
[  104.064685][ T5837]  ? __mutex_unlock_slowpath+0x21e/0x790
[  104.066691][ T5837]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  104.068744][ T5837]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  104.071104][ T5837]  ? bch2_trans_unlock+0x3a6/0x470
[  104.072893][ T5837]  bch2_btree_root_read+0x617/0x7a0
[  104.074733][ T5837]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  104.076731][ T5837]  ? bch2_current_has_btree_trans+0x142/0x180
[  104.078945][ T5837]  read_btree_roots+0x296/0x840
[  104.080777][ T5837]  bch2_fs_recovery+0x2585/0x39d0
[  104.082576][ T5837]  ? vfs_get_tree+0x90/0x2b0
[  104.084191][ T5837]  ? do_new_mount+0x2be/0xb40
[  104.085826][ T5837]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  104.087749][ T5837]  ? percpu_ref_put+0x1f/0x250
[  104.089476][ T5837]  ? percpu_ref_put+0x1f/0x250
[  104.091193][ T5837]  ? rcu_is_watching+0x15/0xb0
[  104.092871][ T5837]  ? percpu_ref_put+0x1f/0x250
[  104.094571][ T5837]  ? rcu_is_watching+0x15/0xb0
[  104.096306][ T5837]  ? lock_release+0xbf/0xa30
[  104.097974][ T5837]  ? __pfx_lock_release+0x10/0x10
[  104.099740][ T5837]  ? lock_release+0xbf/0xa30
[  104.101417][ T5837]  ? __pfx_lock_release+0x10/0x10
[  104.103264][ T5837]  ? percpu_ref_put+0x18b/0x250
[  104.105081][ T5837]  ? __pfx_lock_release+0x10/0x10
[  104.106908][ T5837]  ? percpu_ref_put+0x18b/0x250
[  104.108667][ T5837]  ? bch2_get_next_online_dev+0x90/0x4f0
[  104.110617][ T5837]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  104.112660][ T5837]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  104.114676][ T5837]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  104.116743][ T5837]  ? llist_reverse_order+0x72/0x90
[  104.118666][ T5837]  bch2_fs_start+0x356/0x5b0
[  104.120392][ T5837]  bch2_fs_get_tree+0xd68/0x1710
[  104.122275][ T5837]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  104.124276][ T5837]  ? generic_parse_monolithic+0x387/0x400
[  104.126291][ T5837]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  104.128332][ T5837]  ? apparmor_capable+0x13b/0x1b0
[  104.130150][ T5837]  vfs_get_tree+0x90/0x2b0
[  104.131755][ T5837]  do_new_mount+0x2be/0xb40
[  104.133439][ T5837]  ? __pfx_do_new_mount+0x10/0x10
[  104.135319][ T5837]  __se_sys_mount+0x2d6/0x3c0
[  104.137109][ T5837]  ? __pfx___se_sys_mount+0x10/0x10
[  104.139080][ T5837]  ? rcu_is_watching+0x15/0xb0
[  104.140898][ T5837]  ? __x64_sys_mount+0x20/0xc0
[  104.142695][ T5837]  do_syscall_64+0xf3/0x230
[  104.144430][ T5837]  ? clear_bhb_loop+0x35/0x90
[  104.146151][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.148492][ T5837] RIP: 0033:0x7f193cf7ffba
[  104.150258][ T5837] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.157565][ T5837] RSP: 002b:00007f193dd7de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  104.160790][ T5837] RAX: ffffffffffffffda RBX: 00007f193dd7def0 RCX: 00007f193cf7ffba
[  104.163838][ T5837] RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007f193dd7deb0
[  104.166771][ T5837] RBP: 00000000200000c0 R08: 00007f193dd7def0 R09: 0000000000000010
[  104.169755][ T5837] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000020000180
[  104.172674][ T5837] R13: 00007f193dd7deb0 R14: 0000000000005943 R15: 0000000020000480
[  104.175747][ T5837]  </TASK>
[  104.177241][ T5837] Kernel Offset: disabled
[  104.178954][ T5837] Rebooting in 86400 seconds..