Warning: Permanently added '[localhost]:26520' (ED25519) to the list of known hosts.
2025/06/06 23:20:11 ignoring optional flag "sandboxArg"="0"
2025/06/06 23:20:13 parsed 1 programs
[  138.174886][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[  138.180083][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[  141.367574][ T5729] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  144.988771][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  144.992764][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  145.022859][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  145.026689][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.634381][ T5778] chnl_net:caif_netlink_parms(): no params data found
[  147.714387][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.717878][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.720986][ T5778] bridge_slave_0: entered allmulticast mode
[  147.725662][ T5778] bridge_slave_0: entered promiscuous mode
[  147.732231][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.735555][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.739612][ T5778] bridge_slave_1: entered allmulticast mode
[  147.743874][ T5778] bridge_slave_1: entered promiscuous mode
[  147.771121][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  147.778852][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  147.806871][ T5778] team0: Port device team_slave_0 added
[  147.813694][ T5778] team0: Port device team_slave_1 added
[  147.836266][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[  147.839909][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.852685][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  147.860996][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[  147.864759][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  147.880052][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  147.915924][ T5778] hsr_slave_0: entered promiscuous mode
[  147.920742][ T5778] hsr_slave_1: entered promiscuous mode
[  148.615188][ T5778] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  148.639114][ T5778] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  148.653692][ T5778] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  148.672104][ T5778] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.843812][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.881762][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[  148.902739][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.906265][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.938767][ T1039] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.942531][ T1039] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.013532][ T5778] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  149.369281][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.450108][ T5778] veth0_vlan: entered promiscuous mode
[  149.469727][ T5778] veth1_vlan: entered promiscuous mode
[  149.529916][ T5778] veth0_macvtap: entered promiscuous mode
[  149.551082][ T5778] veth1_macvtap: entered promiscuous mode
[  149.581984][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.600946][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.631552][ T5778] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.636156][ T5778] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.657238][ T5778] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.661132][ T5778] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.924577][   T31] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.015172][   T31] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.079932][   T31] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.355096][ T4673] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.360701][ T4673] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.364861][ T4673] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.369889][ T4673] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.374980][ T4673] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  150.980511][   T31] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.400845][   T31] bridge_slave_1: left allmulticast mode
[  152.403723][   T31] bridge_slave_1: left promiscuous mode
[  152.406841][   T31] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.483137][   T31] bridge_slave_0: left allmulticast mode
[  152.485748][   T31] bridge_slave_0: left promiscuous mode
[  152.500817][   T31] bridge0: port 1(bridge_slave_0) entered disabled state
2025/06/06 23:20:29 executed programs: 0
[  153.079318][ T5416] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  153.084664][ T5416] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  153.090263][ T5416] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  153.094709][ T5416] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  153.100421][ T5416] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  153.240828][   T31] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  153.248410][   T31] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  153.268853][   T31] bond0 (unregistering): Released all slaves
[  153.449099][   T31] hsr_slave_0: left promiscuous mode
[  153.452605][   T31] hsr_slave_1: left promiscuous mode
[  153.487933][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.491362][   T31] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.518529][   T31] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.522201][   T31] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.549695][   T31] veth1_macvtap: left promiscuous mode
[  153.552422][   T31] veth0_macvtap: left promiscuous mode
[  153.555060][   T31] veth1_vlan: left promiscuous mode
[  153.586818][   T31] veth0_vlan: left promiscuous mode
[  154.481387][   T31] team0 (unregistering): Port device team_slave_1 removed
[  154.530847][   T31] team0 (unregistering): Port device team_slave_0 removed
[  155.132883][ T5416] Bluetooth: hci0: command tx timeout
[  155.235931][ T5879] chnl_net:caif_netlink_parms(): no params data found
[  155.751026][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.757700][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.760801][ T5879] bridge_slave_0: entered allmulticast mode
[  155.785862][ T5879] bridge_slave_0: entered promiscuous mode
[  155.805219][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.837889][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.841060][ T5879] bridge_slave_1: entered allmulticast mode
[  155.858719][ T5879] bridge_slave_1: entered promiscuous mode
[  156.023005][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.050201][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.160469][ T5879] team0: Port device team_slave_0 added
[  156.183982][ T5879] team0: Port device team_slave_1 added
[  156.238216][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.241121][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.278182][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.284048][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1
[  156.298427][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.316973][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  156.399070][ T5879] hsr_slave_0: entered promiscuous mode
[  156.402216][ T5879] hsr_slave_1: entered promiscuous mode
[  156.934024][ T5879] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  156.958962][ T5879] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  156.966065][ T5879] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  156.984894][ T5879] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  157.179498][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0
[  157.208356][ T5416] Bluetooth: hci0: command tx timeout
[  157.212114][ T5879] 8021q: adding VLAN 0 to HW filter on device team0
[  157.235047][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.238479][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.256000][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.259588][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.341032][ T5879] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  157.649520][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.736357][ T5879] veth0_vlan: entered promiscuous mode
[  157.760630][ T5879] veth1_vlan: entered promiscuous mode
[  157.810863][ T5879] veth0_macvtap: entered promiscuous mode
[  157.829733][ T5879] veth1_macvtap: entered promiscuous mode
[  157.859576][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0
[  157.889062][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1
[  157.910713][ T5879] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  157.915088][ T5879] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  157.929970][ T5879] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  157.933927][ T5879] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  158.096183][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.118040][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  158.172225][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  158.176070][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/06/06 23:20:34 executed programs: 2
[  158.752576][ T5956] loop0: detected capacity change from 0 to 32768
[  158.775040][ T5956] =======================================================
[  158.775040][ T5956] WARNING: The mand mount option has been deprecated and
[  158.775040][ T5956]          and is ignored by this kernel. Remove the mand
[  158.775040][ T5956]          option from the mount to silence this warning.
[  158.775040][ T5956] =======================================================
[  158.962487][ T5956] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  158.962487][ T5956]   allowing incompatible features above 0.0: (unknown version)
[  158.962487][ T5956]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  159.040030][ T5956] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  159.045942][ T5956] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=btree_root in superblock: invalid btree root journal entry: wrong number of keys, fixing
[  159.093425][ T5956] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  159.103205][ T5956] bcachefs (loop0): superblock requires following recovery passes to be run:
[  159.103205][ T5956]   recovery_pass_empty,accounting_read,check_rebalance_work
[  159.144197][ T5956] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[  159.144197][ T5956]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  159.287422][ T5416] Bluetooth: hci0: command tx timeout
[  159.359617][ T5956] bcachefs (loop0): btree node read error at btree extents level 0/0
[  159.359644][ T5956]   u64s 11 type btree_ptr_v2 U64_MAX:U64_MAX:4278190080 len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[  159.359654][ T5956]   loop0 node offset 0/16 bset u64s 0: incorrect max key SPOS_MAX
[  159.359660][ T5956]   flagging btree extents lost data
[  159.359665][ T5956]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  159.359672][ T5956]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  159.359679][ T5956]   running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  159.359685][ T5956]   ret btree_node_read_validate_error
[  159.460124][ T5956] bcachefs (loop0): error reading btree root btree=extents level=0: btree_node_read_error, fixing
[  159.466654][ T5956] ==================================================================
[  159.470211][ T5956] BUG: KASAN: slab-out-of-bounds in bch2_btree_node_read_done+0xd28/0x5150
[  159.474978][ T5956] Read of size 8 at addr ffff888041d55e10 by task syz.0.16/5956
[  159.479470][ T5956] 
[  159.480483][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-g7a912d04415b #0 PREEMPT(full) 
[  159.480498][ T5956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  159.480506][ T5956] Call Trace:
[  159.480514][ T5956]  <TASK>
[  159.480523][ T5956]  dump_stack_lvl+0x189/0x250
[  159.480547][ T5956]  ? __virt_addr_valid+0x1c8/0x5c0
[  159.480561][ T5956]  ? rcu_is_watching+0x15/0xb0
[  159.480571][ T5956]  ? __kasan_check_byte+0x12/0x40
[  159.480595][ T5956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.480609][ T5956]  ? rcu_is_watching+0x15/0xb0
[  159.480618][ T5956]  ? lock_release+0x4b/0x3e0
[  159.480635][ T5956]  ? __virt_addr_valid+0x1c8/0x5c0
[  159.480647][ T5956]  ? __virt_addr_valid+0x4a5/0x5c0
[  159.480658][ T5956]  print_report+0xd2/0x2b0
[  159.480672][ T5956]  ? bch2_btree_node_read_done+0xd28/0x5150
[  159.480686][ T5956]  kasan_report+0x118/0x150
[  159.480697][ T5956]  ? bch2_btree_node_read_done+0xd28/0x5150
[  159.480712][ T5956]  bch2_btree_node_read_done+0xd28/0x5150
[  159.480727][ T5956]  ? __pfx_number+0x10/0x10
[  159.480805][ T5956]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  159.480819][ T5956]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  159.480835][ T5956]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  159.480844][ T5956]  ? bch2_printbuf_make_room+0xdb/0x360
[  159.480859][ T5956]  ? enumerated_ref_put+0xbe/0x270
[  159.480874][ T5956]  btree_node_read_work+0x426/0xe30
[  159.480891][ T5956]  ? __pfx_btree_node_read_work+0x10/0x10
[  159.480905][ T5956]  ? bch2_latency_acct+0x436/0x520
[  159.480916][ T5956]  ? __pfx_bch2_latency_acct+0x10/0x10
[  159.480924][ T5956]  ? bio_associate_blkg+0x6d/0x230
[  159.480940][ T5956]  bch2_btree_node_read+0x887/0x2a00
[  159.480956][ T5956]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  159.480965][ T5956]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  159.480975][ T5956]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  159.480988][ T5956]  ? bch2_trans_unlock+0x8a/0x580
[  159.481000][ T5956]  ? bch2_trans_unlock+0x491/0x580
[  159.481013][ T5956]  bch2_btree_root_read+0x5f0/0x760
[  159.481028][ T5956]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  159.481041][ T5956]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  159.481049][ T5956]  read_btree_roots+0x2c2/0x880
[  159.481061][ T5956]  ? __pfx_read_btree_roots+0x10/0x10
[  159.481071][ T5956]  ? bch2_fs_resize_on_mount+0x81/0x880
[  159.481080][ T5956]  bch2_fs_recovery+0x25ec/0x39a0
[  159.481089][ T5956]  ? check_noncircular+0xe0/0x160
[  159.481098][ T5956]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  159.481109][ T5956]  ? __lock_acquire+0xab9/0xd20
[  159.481120][ T5956]  ? __lock_acquire+0xab9/0xd20
[  159.481129][ T5956]  ? __lock_acquire+0xab9/0xd20
[  159.481140][ T5956]  ? bch2_fs_start+0x9fe/0xd90
[  159.481147][ T5956]  ? up_write+0x1c4/0x420
[  159.481153][ T5956]  ? bch2_fs_start+0x5c4/0xd90
[  159.481159][ T5956]  bch2_fs_start+0xa99/0xd90
[  159.481165][ T5956]  ? bch2_fs_start+0x5c4/0xd90
[  159.481172][ T5956]  ? __pfx_bch2_fs_start+0x10/0x10
[  159.481181][ T5956]  ? sget+0x267/0x620
[  159.481195][ T5956]  bch2_fs_get_tree+0xb6c/0x1460
[  159.481214][ T5956]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  159.481255][ T5956]  ? aa_get_newest_label+0xf7/0x5d0
[  159.481269][ T5956]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  159.481284][ T5956]  ? apparmor_capable+0x137/0x1b0
[  159.481295][ T5956]  vfs_get_tree+0x92/0x2b0
[  159.481306][ T5956]  do_new_mount+0x24a/0xa40
[  159.481318][ T5956]  __se_sys_mount+0x317/0x410
[  159.481330][ T5956]  ? __pfx___se_sys_mount+0x10/0x10
[  159.481342][ T5956]  ? do_syscall_64+0xbe/0x3b0
[  159.481352][ T5956]  ? __x64_sys_mount+0x20/0xc0
[  159.481364][ T5956]  do_syscall_64+0xfa/0x3b0
[  159.481374][ T5956]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.481387][ T5956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.481397][ T5956]  ? clear_bhb_loop+0x60/0xb0
[  159.481409][ T5956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.481420][ T5956] RIP: 0033:0x7fd73378e90a
[  159.481433][ T5956] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.481442][ T5956] RSP: 002b:00007fd73458ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  159.481455][ T5956] RAX: ffffffffffffffda RBX: 00007fd73458cef0 RCX: 00007fd73378e90a
[  159.481462][ T5956] RDX: 0000400000000100 RSI: 0000400000000080 RDI: 00007fd73458ceb0
[  159.481468][ T5956] RBP: 0000400000000100 R08: 00007fd73458cef0 R09: 00000000022100c0
[  159.481474][ T5956] R10: 00000000022100c0 R11: 0000000000000246 R12: 0000400000000080
[  159.481482][ T5956] R13: 00007fd73458ceb0 R14: 0000000000005aa0 R15: 00004000000001c0
[  159.481492][ T5956]  </TASK>
[  159.481496][ T5956] 
[  159.692588][ T5956] Allocated by task 5956:
[  159.694735][ T5956]  kasan_save_track+0x3e/0x80
[  159.696870][ T5956]  __kasan_kmalloc+0x93/0xb0
[  159.699052][ T5956]  __kvmalloc_node_noprof+0x30d/0x5f0
[  159.701408][ T5956]  btree_node_data_alloc+0xdc/0x270
[  159.704010][ T5956]  __bch2_btree_node_mem_alloc+0x1ef/0x420
[  159.706995][ T5956]  bch2_fs_btree_cache_init+0x2de/0x690
[  159.709399][ T5956]  bch2_fs_open+0x1ceb/0x2570
[  159.711457][ T5956]  bch2_fs_get_tree+0x44d/0x1460
[  159.713644][ T5956]  vfs_get_tree+0x92/0x2b0
[  159.716003][ T5956]  do_new_mount+0x24a/0xa40
[  159.718741][ T5956]  __se_sys_mount+0x317/0x410
[  159.721185][ T5956]  do_syscall_64+0xfa/0x3b0
[  159.723244][ T5956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.725946][ T5956] 
[  159.727037][ T5956] The buggy address belongs to the object at ffff888041d55c00
[  159.727037][ T5956]  which belongs to the cache kmalloc-rcl-512 of size 512
[  159.733751][ T5956] The buggy address is located 16 bytes to the right of
[  159.733751][ T5956]  allocated 512-byte region [ffff888041d55c00, ffff888041d55e00)
[  159.740423][ T5956] 
[  159.741543][ T5956] The buggy address belongs to the physical page:
[  159.744508][ T5956] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x41d54
[  159.749069][ T5956] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  159.753090][ T5956] memcg:ffff888042bedf01
[  159.754981][ T5956] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  159.758670][ T5956] page_type: f5(slab)
[  159.760708][ T5956] raw: 04fff00000000040 ffff88801a442dc0 dead000000000122 0000000000000000
[  159.765056][ T5956] raw: 0000000000000000 0000000080080008 00000000f5000000 ffff888042bedf01
[  159.769620][ T5956] head: 04fff00000000040 ffff88801a442dc0 dead000000000122 0000000000000000
[  159.773435][ T5956] head: 0000000000000000 0000000080080008 00000000f5000000 ffff888042bedf01
[  159.777338][ T5956] head: 04fff00000000001 ffffea0001075501 00000000ffffffff 00000000ffffffff
[  159.781264][ T5956] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  159.785662][ T5956] page dumped because: kasan: bad access detected
[  159.788981][ T5956] page_owner tracks the page as allocated
[  159.791638][ T5956] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5956, tgid 5955 (syz.0.16), ts 158859196964, free_ts 146314924664
[  159.802261][ T5956]  post_alloc_hook+0x240/0x2a0
[  159.804959][ T5956]  get_page_from_freelist+0x21e4/0x22c0
[  159.807552][ T5956]  __alloc_frozen_pages_noprof+0x181/0x370
[  159.810086][ T5956]  alloc_pages_mpol+0x232/0x4a0
[  159.812252][ T5956]  allocate_slab+0x8a/0x3b0
[  159.814212][ T5956]  ___slab_alloc+0xbfc/0x1480
[  159.816439][ T5956]  __kvmalloc_node_noprof+0x429/0x5f0
[  159.819218][ T5956]  btree_node_data_alloc+0xdc/0x270
[  159.821975][ T5956]  __bch2_btree_node_mem_alloc+0x1ef/0x420
[  159.824605][ T5956]  bch2_fs_btree_cache_init+0x2de/0x690
[  159.827108][ T5956]  bch2_fs_open+0x1ceb/0x2570
[  159.829172][ T5956]  bch2_fs_get_tree+0x44d/0x1460
[  159.831611][ T5956]  vfs_get_tree+0x92/0x2b0
[  159.834089][ T5956]  do_new_mount+0x24a/0xa40
[  159.836574][ T5956]  __se_sys_mount+0x317/0x410
[  159.838818][ T5956]  do_syscall_64+0xfa/0x3b0
[  159.840827][ T5956] page last free pid 5761 tgid 5761 stack trace:
[  159.843567][ T5956]  __free_frozen_pages+0xc71/0xe70
[  159.846383][ T5956]  __put_partials+0x161/0x1c0
[  159.848854][ T5956]  put_cpu_partial+0x17c/0x250
[  159.851280][ T5956]  __slab_free+0x2f7/0x400
[  159.853511][ T5956]  qlist_free_all+0x97/0x140
[  159.855534][ T5956]  kasan_quarantine_reduce+0x148/0x160
[  159.857871][ T5956]  __kasan_slab_alloc+0x22/0x80
[  159.860223][ T5956]  __kvmalloc_node_noprof+0x2b0/0x5f0
[  159.862913][ T5956]  proc_sys_call_handler+0x3f2/0x7c0
[  159.865742][ T5956]  vfs_write+0x54b/0xa90
[  159.867909][ T5956]  ksys_write+0x145/0x250
[  159.869935][ T5956]  do_syscall_64+0xfa/0x3b0
[  159.871964][ T5956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.874590][ T5956] 
[  159.875776][ T5956] Memory state around the buggy address:
[  159.878561][ T5956]  ffff888041d55d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  159.882416][ T5956]  ffff888041d55d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  159.886108][ T5956] >ffff888041d55e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.889667][ T5956]                          ^
[  159.892216][ T5956]  ffff888041d55e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.897281][ T5956]  ffff888041d55f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  159.901245][ T5956] ==================================================================
[  160.084110][ T5956] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  160.087892][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: syz.0.16 Not tainted 6.15.0-syzkaller-g7a912d04415b #0 PREEMPT(full) 
[  160.092895][ T5956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  160.098113][ T5956] Call Trace:
[  160.100034][ T5956]  <TASK>
[  160.101591][ T5956]  dump_stack_lvl+0x99/0x250
[  160.103951][ T5956]  ? __asan_memcpy+0x40/0x70
[  160.106177][ T5956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.108679][ T5956]  ? __pfx__printk+0x10/0x10
[  160.110498][ T5956]  panic+0x2db/0x790
[  160.112393][ T5956]  ? __pfx_panic+0x10/0x10
[  160.114798][ T5956]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  160.117636][ T5956]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  160.120483][ T5956]  ? print_memory_metadata+0x314/0x400
[  160.122902][ T5956]  ? bch2_btree_node_read_done+0xd28/0x5150
[  160.125415][ T5956]  check_panic_on_warn+0x89/0xb0
[  160.127623][ T5956]  ? bch2_btree_node_read_done+0xd28/0x5150
[  160.131020][ T5956]  end_report+0x78/0x160
[  160.133318][ T5956]  kasan_report+0x129/0x150
[  160.135626][ T5956]  ? bch2_btree_node_read_done+0xd28/0x5150
[  160.138252][ T5956]  bch2_btree_node_read_done+0xd28/0x5150
[  160.140995][ T5956]  ? __pfx_number+0x10/0x10
[  160.143002][ T5956]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  160.145849][ T5956]  ? bch2_extent_ptr_to_text+0x5a/0x890
[  160.148461][ T5956]  ? bch2_bkey_ptrs_to_text+0x1161/0x1310
[  160.150989][ T5956]  ? bch2_printbuf_make_room+0xdb/0x360
[  160.153803][ T5956]  ? enumerated_ref_put+0xbe/0x270
[  160.156345][ T5956]  btree_node_read_work+0x426/0xe30
[  160.158456][ T5956]  ? __pfx_btree_node_read_work+0x10/0x10
[  160.160725][ T5956]  ? bch2_latency_acct+0x436/0x520
[  160.162938][ T5956]  ? __pfx_bch2_latency_acct+0x10/0x10
[  160.165209][ T5956]  ? bio_associate_blkg+0x6d/0x230
[  160.167879][ T5956]  bch2_btree_node_read+0x887/0x2a00
[  160.171276][ T5956]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  160.174086][ T5956]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  160.176550][ T5956]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  160.179142][ T5956]  ? bch2_trans_unlock+0x8a/0x580
[  160.181317][ T5956]  ? bch2_trans_unlock+0x491/0x580
[  160.183618][ T5956]  bch2_btree_root_read+0x5f0/0x760
[  160.186172][ T5956]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  160.189129][ T5956]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  160.191970][ T5956]  read_btree_roots+0x2c2/0x880
[  160.194167][ T5956]  ? __pfx_read_btree_roots+0x10/0x10
[  160.196549][ T5956]  ? bch2_fs_resize_on_mount+0x81/0x880
[  160.198897][ T5956]  bch2_fs_recovery+0x25ec/0x39a0
[  160.201294][ T5956]  ? check_noncircular+0xe0/0x160
[  160.203965][ T5956]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  160.206868][ T5956]  ? __lock_acquire+0xab9/0xd20
[  160.209301][ T5956]  ? __lock_acquire+0xab9/0xd20
[  160.211832][ T5956]  ? __lock_acquire+0xab9/0xd20
[  160.214482][ T5956]  ? bch2_fs_start+0x9fe/0xd90
[  160.217076][ T5956]  ? up_write+0x1c4/0x420
[  160.219669][ T5956]  ? bch2_fs_start+0x5c4/0xd90
[  160.222129][ T5956]  bch2_fs_start+0xa99/0xd90
[  160.224478][ T5956]  ? bch2_fs_start+0x5c4/0xd90
[  160.226867][ T5956]  ? __pfx_bch2_fs_start+0x10/0x10
[  160.229054][ T5956]  ? sget+0x267/0x620
[  160.230784][ T5956]  bch2_fs_get_tree+0xb6c/0x1460
[  160.232830][ T5956]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  160.235363][ T5956]  ? aa_get_newest_label+0xf7/0x5d0
[  160.238030][ T5956]  ? vfs_parse_monolithic_sep+0x2df/0x310
[  160.240709][ T5956]  ? apparmor_capable+0x137/0x1b0
[  160.242956][ T5956]  vfs_get_tree+0x92/0x2b0
[  160.244974][ T5956]  do_new_mount+0x24a/0xa40
[  160.246929][ T5956]  __se_sys_mount+0x317/0x410
[  160.249205][ T5956]  ? __pfx___se_sys_mount+0x10/0x10
[  160.251873][ T5956]  ? do_syscall_64+0xbe/0x3b0
[  160.254337][ T5956]  ? __x64_sys_mount+0x20/0xc0
[  160.256637][ T5956]  do_syscall_64+0xfa/0x3b0
[  160.258837][ T5956]  ? lockdep_hardirqs_on+0x9c/0x150
[  160.261147][ T5956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.263760][ T5956]  ? clear_bhb_loop+0x60/0xb0
[  160.265878][ T5956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.268405][ T5956] RIP: 0033:0x7fd73378e90a
[  160.270441][ T5956] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.279767][ T5956] RSP: 002b:00007fd73458ce68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  160.283427][ T5956] RAX: ffffffffffffffda RBX: 00007fd73458cef0 RCX: 00007fd73378e90a
[  160.287640][ T5956] RDX: 0000400000000100 RSI: 0000400000000080 RDI: 00007fd73458ceb0
[  160.292199][ T5956] RBP: 0000400000000100 R08: 00007fd73458cef0 R09: 00000000022100c0
[  160.295675][ T5956] R10: 00000000022100c0 R11: 0000000000000246 R12: 0000400000000080
[  160.299147][ T5956] R13: 00007fd73458ceb0 R14: 0000000000005aa0 R15: 00004000000001c0
[  160.302549][ T5956]  </TASK>
[  160.304174][ T5956] Kernel Offset: disabled
[  160.306444][ T5956] Rebooting in 86400 seconds..