[   89.256885][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   89.264305][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   89.273052][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   89.280760][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   89.303141][   T12] veth1_macvtap: left promiscuous mode
[   89.309524][   T12] veth0_macvtap: left promiscuous mode
[   89.315233][   T12] veth1_vlan: left promiscuous mode
[   89.321088][   T12] veth0_vlan: left promiscuous mode
[   89.645585][   T12] team0 (unregistering): Port device team_slave_1 removed
[   89.677453][   T12] team0 (unregistering): Port device team_slave_0 removed
Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts.
2025/05/10 08:00:20 ignoring optional flag "sandboxArg"="0"
2025/05/10 08:00:21 parsed 1 programs
[  112.710160][ T6247] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  115.265877][ T6267] chnl_net:caif_netlink_parms(): no params data found
[  115.359339][ T6267] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.366648][ T6267] bridge0: port 1(bridge_slave_0) entered disabled state
[  115.373794][ T6267] bridge_slave_0: entered allmulticast mode
[  115.381311][ T6267] bridge_slave_0: entered promiscuous mode
[  115.390617][ T6267] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.398412][ T6267] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.405773][ T6267] bridge_slave_1: entered allmulticast mode
[  115.414012][ T6267] bridge_slave_1: entered promiscuous mode
[  115.445327][ T6267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  115.457770][ T6267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.487743][ T6267] team0: Port device team_slave_0 added
[  115.497128][ T6267] team0: Port device team_slave_1 added
[  115.524244][ T6267] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.531843][ T6267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.558287][ T6267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.570841][ T6267] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.577946][ T6267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.604317][ T6267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.645423][ T6267] hsr_slave_0: entered promiscuous mode
[  115.651858][ T6267] hsr_slave_1: entered promiscuous mode
[  116.237875][ T6267] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  116.254377][ T6267] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  116.265891][ T6267] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  116.285600][ T6267] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.394739][ T6267] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.421514][ T6267] 8021q: adding VLAN 0 to HW filter on device team0
[  116.435665][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.442975][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.469587][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.476900][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.731963][ T6267] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.789316][ T6267] veth0_vlan: entered promiscuous mode
[  116.803344][ T6267] veth1_vlan: entered promiscuous mode
[  116.844192][ T6267] veth0_macvtap: entered promiscuous mode
[  116.855371][ T6267] veth1_macvtap: entered promiscuous mode
[  116.882566][ T6267] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.899434][ T6267] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.915156][ T6267] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.927485][ T6267] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.938616][ T6267] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.949061][ T6267] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.125548][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.207742][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.270106][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.370358][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.535881][ T3580] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.547148][ T3580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.587638][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.596073][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  118.137977][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  118.151953][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  118.160345][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  118.169048][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  118.177717][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  119.458678][   T12] bridge_slave_1: left allmulticast mode
[  119.464391][   T12] bridge_slave_1: left promiscuous mode
[  119.470391][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.482062][   T12] bridge_slave_0: left allmulticast mode
[  119.506340][   T12] bridge_slave_0: left promiscuous mode
[  119.512169][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.880271][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  119.892774][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  119.909194][   T12] bond0 (unregistering): Released all slaves
[  120.075228][   T12] hsr_slave_0: left promiscuous mode
[  120.086976][   T12] hsr_slave_1: left promiscuous mode
[  120.093014][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  120.117112][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  120.127819][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  120.135517][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  120.200005][   T12] veth1_macvtap: left promiscuous mode
[  120.205752][   T12] veth0_macvtap: left promiscuous mode
[  120.226296][   T12] veth1_vlan: left promiscuous mode
[  120.231720][   T12] veth0_vlan: left promiscuous mode
[  120.894499][   T12] team0 (unregistering): Port device team_slave_1 removed
[  120.930236][   T12] team0 (unregistering): Port device team_slave_0 removed
2025/05/10 08:00:34 executed programs: 0
[  121.535263][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  121.543796][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  121.553743][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  121.562965][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  121.570780][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  122.209496][ T6475] chnl_net:caif_netlink_parms(): no params data found
[  122.469978][ T6475] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.479057][ T6475] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.490196][ T6475] bridge_slave_0: entered allmulticast mode
[  122.508524][ T6475] bridge_slave_0: entered promiscuous mode
[  122.521174][ T6475] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.533269][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.549310][ T6475] bridge_slave_1: entered allmulticast mode
[  122.558950][ T6475] bridge_slave_1: entered promiscuous mode
[  122.639799][ T6475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.652709][ T6475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.762174][ T6475] team0: Port device team_slave_0 added
[  122.773056][ T6475] team0: Port device team_slave_1 added
[  122.828204][ T6475] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.835197][ T6475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.863896][ T6475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.905348][ T6475] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.926387][ T6475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.986971][ T6475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.101998][ T6475] hsr_slave_0: entered promiscuous mode
[  123.117633][ T6475] hsr_slave_1: entered promiscuous mode
[  123.587528][ T6475] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  123.601172][ T6475] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  123.613284][ T6475] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  123.629819][ T6475] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  123.646645][   T55] Bluetooth: hci0: command tx timeout
[  123.723114][ T6475] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.749798][ T6475] 8021q: adding VLAN 0 to HW filter on device team0
[  123.764481][ T3546] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.771705][ T3546] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.789187][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.796450][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.045997][ T6475] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.102018][ T6475] veth0_vlan: entered promiscuous mode
[  124.120583][ T6475] veth1_vlan: entered promiscuous mode
[  124.160822][ T6475] veth0_macvtap: entered promiscuous mode
[  124.174826][ T6475] veth1_macvtap: entered promiscuous mode
[  124.201211][ T6475] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.218527][ T6475] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.232953][ T6475] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.244493][ T6475] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.253706][ T6475] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.264257][ T6475] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.342679][ T3580] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.357778][ T3580] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.398929][ T3474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.409996][ T3474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.791814][ T6557] loop0: detected capacity change from 0 to 32768
[  124.889638][ T6557] bcachefs (baafa011-d992-4344-aaf9-4ff0e0bec0ff): Using encoding defined by superblock: utf8-12.1.0
[  124.924562][ T6557] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid device 255,noinodes_use_key_cache,journal_flush_delay=1001,nojournal_transaction_names
[  124.924562][ T6557]   allowing incompatible features above 0.0: (unknown version)
[  124.989575][ T6557] bcachefs (loop0): recovering from clean shutdown, journal seq 13
[  125.007173][ T6557] bcachefs (loop0): Version upgrade required:
[  125.007173][ T6557] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete
[  125.007173][ T6557] Doing incompatible version upgrade from 0.19: freespace to 1.25: extent_flags
[  125.007173][ T6557]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  125.095696][ T6557] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree inodes level 0/0
[  125.095721][ T6557]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2a20405ac3f40602 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  125.095734][ T6557]   node offset 8/24 bset u64s 29: checksum error, type chacha20_poly1305_128: got 6d82ed17575e5f86452c4b5d4038b21c should be ef30dab84eb82d57729a51b00f54184b, shutting down
[  125.095748][ T6557]   error not marked as autofix and not in fsck
[  125.095756][ T6557]   run fsck, and forward to devs so error can be marked for self-healing
[  125.095766][ T6557]   inconsistency detected - emergency read only at journal seq 13
[  125.166062][ T6557] bcachefs (loop0): flagging btree inodes lost data
[  125.176933][ T6557] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  125.188883][ T6557] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  125.205813][ T6557] bcachefs (loop0): error reading btree root btree=inodes level=0: btree_node_read_error, fixing
[  125.220696][ T6557] ==================================================================
[  125.228798][ T6557] BUG: KASAN: use-after-free in bch2_checksum+0x209/0x490
[  125.235923][ T6557] Read of size 8 at addr ffff88806c8c1070 by task syz.0.15/6557
[  125.243630][ T6557] 
[  125.245963][ T6557] CPU: 0 UID: 0 PID: 6557 Comm: syz.0.15 Not tainted 6.15.0-rc5-syzkaller-00207-g1a33418a69cc #0 PREEMPT(full) 
[  125.245983][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  125.245997][ T6557] Call Trace:
[  125.246003][ T6557]  <TASK>
[  125.246011][ T6557]  dump_stack_lvl+0x189/0x250
[  125.246030][ T6557]  ? __virt_addr_valid+0x18c/0x540
[  125.246044][ T6557]  ? rcu_is_watching+0x15/0xb0
[  125.246060][ T6557]  ? __kasan_check_byte+0x12/0x40
[  125.246077][ T6557]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.246092][ T6557]  ? rcu_is_watching+0x15/0xb0
[  125.246107][ T6557]  ? lock_release+0x4b/0x3e0
[  125.246123][ T6557]  ? __virt_addr_valid+0x18c/0x540
[  125.246137][ T6557]  ? __virt_addr_valid+0x469/0x540
[  125.246151][ T6557]  print_report+0xb4/0x290
[  125.246164][ T6557]  ? bch2_checksum+0x209/0x490
[  125.246182][ T6557]  kasan_report+0x118/0x150
[  125.246197][ T6557]  ? poly1305_blocks_avx2+0xe5/0x770
[  125.246214][ T6557]  ? bch2_checksum+0x209/0x490
[  125.246234][ T6557]  kasan_check_range+0x29a/0x2b0
[  125.246251][ T6557]  ? bch2_checksum+0x209/0x490
[  125.246270][ T6557]  __asan_memcpy+0x29/0x70
[  125.246286][ T6557]  bch2_checksum+0x209/0x490
[  125.246308][ T6557]  ? __pfx_bch2_checksum+0x10/0x10
[  125.246329][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  125.246350][ T6557]  ? validate_bset_keys+0x12b9/0x1450
[  125.246368][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  125.246387][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  125.246405][ T6557]  ? bch2_bkey_format_invalid+0x52e/0x640
[  125.246432][ T6557]  ? prt_str+0x439/0x760
[  125.246446][ T6557]  ? bch2_btree_node_read_done+0x1c30/0x5470
[  125.246461][ T6557]  ? bch2_journal_seq_is_blacklisted+0xfa/0x250
[  125.246481][ T6557]  bch2_btree_node_read_done+0x1003/0x5470
[  125.246510][ T6557]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  125.246526][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  125.246545][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  125.246561][ T6557]  ? bch2_bkey_pick_read_device+0x11c6/0x1310
[  125.246578][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  125.246601][ T6557]  btree_node_read_work+0x565/0xef0
[  125.246620][ T6557]  ? mean_and_variance_weighted_get_mean+0x6f/0xc0
[  125.246635][ T6557]  ? __pfx_btree_node_read_work+0x10/0x10
[  125.246650][ T6557]  ? bch2_latency_acct+0x436/0x520
[  125.246667][ T6557]  ? __pfx_bch2_latency_acct+0x10/0x10
[  125.246683][ T6557]  ? bio_associate_blkg+0x6d/0x230
[  125.246697][ T6557]  bch2_btree_node_read+0x2151/0x27a0
[  125.246713][ T6557]  ? rht_lock+0x114/0x220
[  125.246729][ T6557]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  125.246742][ T6557]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  125.246757][ T6557]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  125.246775][ T6557]  ? bch2_trans_unlock+0x333/0x4b0
[  125.246788][ T6557]  ? bch2_trans_unlock+0x3a0/0x4b0
[  125.246802][ T6557]  bch2_btree_root_read+0x5e7/0x750
[  125.246819][ T6557]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  125.246839][ T6557]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  125.246855][ T6557]  read_btree_roots+0x2cb/0x800
[  125.246871][ T6557]  ? __pfx_read_btree_roots+0x10/0x10
[  125.246887][ T6557]  ? bch2_sb_upgrade+0x1db/0x260
[  125.246903][ T6557]  bch2_fs_recovery+0x2356/0x37b0
[  125.246920][ T6557]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  125.246937][ T6557]  ? __lock_acquire+0xaac/0xd20
[  125.246955][ T6557]  ? __lock_acquire+0xaac/0xd20
[  125.246977][ T6557]  ? percpu_ref_put+0x1e/0x230
[  125.246995][ T6557]  ? bch2_get_next_online_dev+0x2d/0x4d0
[  125.247013][ T6557]  ? bch2_fs_start+0x65b/0xae0
[  125.247026][ T6557]  ? up_write+0x1c4/0x420
[  125.247038][ T6557]  bch2_fs_start+0x70b/0xae0
[  125.247051][ T6557]  ? __pfx_bch2_fs_start+0x10/0x10
[  125.247070][ T6557]  ? sget+0x28a/0x650
[  125.247085][ T6557]  bch2_fs_get_tree+0xad7/0x13b0
[  125.247107][ T6557]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  125.247128][ T6557]  ? vfs_parse_monolithic_sep+0x2e3/0x310
[  125.247149][ T6557]  ? cap_capable+0x11f/0x460
[  125.247160][ T6557]  ? bch2_init_fs_context+0x88/0x110
[  125.247175][ T6557]  ? safesetid_security_capable+0xa9/0x1a0
[  125.247189][ T6557]  vfs_get_tree+0x8f/0x2b0
[  125.247205][ T6557]  do_new_mount+0x24a/0xa40
[  125.247225][ T6557]  __se_sys_mount+0x317/0x410
[  125.247243][ T6557]  ? __pfx___se_sys_mount+0x10/0x10
[  125.247261][ T6557]  ? do_syscall_64+0xba/0x210
[  125.247274][ T6557]  ? __x64_sys_mount+0x20/0xc0
[  125.247291][ T6557]  do_syscall_64+0xf6/0x210
[  125.247304][ T6557]  ? clear_bhb_loop+0x45/0xa0
[  125.247318][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.247330][ T6557] RIP: 0033:0x7f11c457feba
[  125.247350][ T6557] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.247360][ T6557] RSP: 002b:00007f11c53aae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  125.247377][ T6557] RAX: ffffffffffffffda RBX: 00007f11c53aaef0 RCX: 00007f11c457feba
[  125.247387][ T6557] RDX: 000000002000f640 RSI: 0000000020000000 RDI: 00007f11c53aaeb0
[  125.247395][ T6557] RBP: 000000002000f640 R08: 00007f11c53aaef0 R09: 0000000000000000
[  125.247403][ T6557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
[  125.247411][ T6557] R13: 00007f11c53aaeb0 R14: 000000000000f624 R15: 00000000200004c0
[  125.247424][ T6557]  </TASK>
[  125.247428][ T6557] 
[  125.754780][ T6557] The buggy address belongs to the physical page:
[  125.761206][ T6557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffffffffffffffff pfn:0x6c8c1
[  125.771270][ T6557] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  125.778390][ T6557] raw: 00fff00000000000 0000000000000000 00000000ffffffff 0000000000000000
[  125.786964][ T6557] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000000
[  125.795532][ T6557] page dumped because: kasan: bad access detected
[  125.801942][ T6557] page_owner tracks the page as freed
[  125.807381][ T6557] page last allocated via order 5, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_RECLAIMABLE|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6557, tgid 6556 (syz.0.15), ts 124859876140, free_ts 125219704594
[  125.829450][ T6557]  post_alloc_hook+0x1d8/0x230
[  125.834319][ T6557]  get_page_from_freelist+0x21c7/0x22a0
[  125.839872][ T6557]  __alloc_frozen_pages_noprof+0x181/0x370
[  125.845680][ T6557]  __alloc_pages_noprof+0xa/0x30
[  125.850605][ T6557]  ___kmalloc_large_node+0x85/0x200
[  125.855888][ T6557]  __kmalloc_large_node_noprof+0x18/0x90
[  125.861523][ T6557]  __kvmalloc_node_noprof+0x74/0x5e0
[  125.866805][ T6557]  btree_node_data_alloc+0xd5/0x260
[  125.871987][ T6557]  __bch2_btree_node_mem_alloc+0x1ed/0x410
[  125.877866][ T6557]  bch2_fs_btree_cache_init+0x2c9/0x680
[  125.883395][ T6557]  bch2_fs_open+0x235e/0x2820
[  125.888059][ T6557]  bch2_fs_get_tree+0x45d/0x13b0
[  125.893002][ T6557]  vfs_get_tree+0x8f/0x2b0
[  125.897421][ T6557]  do_new_mount+0x24a/0xa40
[  125.901930][ T6557]  __se_sys_mount+0x317/0x410
[  125.906595][ T6557]  do_syscall_64+0xf6/0x210
[  125.911084][ T6557] page last free pid 6557 tgid 6556 stack trace:
[  125.917572][ T6557]  __free_pages_ok+0x910/0xac0
[  125.922327][ T6557]  __folio_put+0x21b/0x2c0
[  125.926733][ T6557]  free_large_kmalloc+0x145/0x200
[  125.931775][ T6557]  bch2_btree_node_read_done+0x3450/0x5470
[  125.937586][ T6557]  btree_node_read_work+0x565/0xef0
[  125.942780][ T6557]  bch2_btree_node_read+0x2151/0x27a0
[  125.948139][ T6557]  bch2_btree_root_read+0x5e7/0x750
[  125.953350][ T6557]  read_btree_roots+0x2cb/0x800
[  125.958203][ T6557]  bch2_fs_recovery+0x2356/0x37b0
[  125.963244][ T6557]  bch2_fs_start+0x70b/0xae0
[  125.967942][ T6557]  bch2_fs_get_tree+0xad7/0x13b0
[  125.972875][ T6557]  vfs_get_tree+0x8f/0x2b0
[  125.977287][ T6557]  do_new_mount+0x24a/0xa40
[  125.981791][ T6557]  __se_sys_mount+0x317/0x410
[  125.986460][ T6557]  do_syscall_64+0xf6/0x210
[  125.991038][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.997094][ T6557] 
[  125.999403][ T6557] Memory state around the buggy address:
[  126.005018][ T6557]  ffff88806c8c0f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  126.013064][ T6557]  ffff88806c8c0f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  126.021373][ T6557] >ffff88806c8c1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  126.029422][ T6557]                                                              ^
[  126.037119][ T6557]  ffff88806c8c1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  126.045172][ T6557]  ffff88806c8c1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  126.053307][ T6557] ==================================================================
[  126.069055][ T6557] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  126.076298][ T6557] CPU: 1 UID: 0 PID: 6557 Comm: syz.0.15 Not tainted 6.15.0-rc5-syzkaller-00207-g1a33418a69cc #0 PREEMPT(full) 
[  126.088123][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  126.098205][ T6557] Call Trace:
[  126.101494][ T6557]  <TASK>
[  126.104505][ T6557]  dump_stack_lvl+0x99/0x250
[  126.109109][ T6557]  ? __asan_memcpy+0x40/0x70
[  126.113777][ T6557]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.118980][ T6557]  ? __pfx__printk+0x10/0x10
[  126.123561][ T6557]  panic+0x2db/0x790
[  126.127450][ T6557]  ? __pfx_panic+0x10/0x10
[  126.131872][ T6557]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  126.137751][ T6557]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  126.144061][ T6557]  ? print_memory_metadata+0x314/0x400
[  126.149509][ T6557]  ? bch2_checksum+0x209/0x490
[  126.154263][ T6557]  check_panic_on_warn+0x89/0xb0
[  126.159190][ T6557]  ? bch2_checksum+0x209/0x490
[  126.164041][ T6557]  end_report+0x78/0x160
[  126.168369][ T6557]  kasan_report+0x129/0x150
[  126.172859][ T6557]  ? poly1305_blocks_avx2+0xe5/0x770
[  126.178135][ T6557]  ? bch2_checksum+0x209/0x490
[  126.182898][ T6557]  kasan_check_range+0x29a/0x2b0
[  126.187833][ T6557]  ? bch2_checksum+0x209/0x490
[  126.192586][ T6557]  __asan_memcpy+0x29/0x70
[  126.196991][ T6557]  bch2_checksum+0x209/0x490
[  126.201572][ T6557]  ? __pfx_bch2_checksum+0x10/0x10
[  126.206674][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  126.211780][ T6557]  ? validate_bset_keys+0x12b9/0x1450
[  126.217148][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  126.222171][ T6557]  ? bch2_printbuf_exit+0x6f/0xb0
[  126.227191][ T6557]  ? bch2_bkey_format_invalid+0x52e/0x640
[  126.232912][ T6557]  ? prt_str+0x439/0x760
[  126.237151][ T6557]  ? bch2_btree_node_read_done+0x1c30/0x5470
[  126.243121][ T6557]  ? bch2_journal_seq_is_blacklisted+0xfa/0x250
[  126.249457][ T6557]  bch2_btree_node_read_done+0x1003/0x5470
[  126.255294][ T6557]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  126.261438][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  126.267409][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  126.273379][ T6557]  ? bch2_bkey_pick_read_device+0x11c6/0x1310
[  126.279438][ T6557]  ? bch2_bkey_pick_read_device+0x265/0x1310
[  126.285412][ T6557]  btree_node_read_work+0x565/0xef0
[  126.290605][ T6557]  ? mean_and_variance_weighted_get_mean+0x6f/0xc0
[  126.297182][ T6557]  ? __pfx_btree_node_read_work+0x10/0x10
[  126.302894][ T6557]  ? bch2_latency_acct+0x436/0x520
[  126.308007][ T6557]  ? __pfx_bch2_latency_acct+0x10/0x10
[  126.313463][ T6557]  ? bio_associate_blkg+0x6d/0x230
[  126.318650][ T6557]  bch2_btree_node_read+0x2151/0x27a0
[  126.324020][ T6557]  ? rht_lock+0x114/0x220
[  126.328342][ T6557]  ? bch2_btree_node_hash_insert+0x88/0xc0
[  126.334141][ T6557]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  126.339778][ T6557]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  126.345491][ T6557]  ? bch2_trans_unlock+0x333/0x4b0
[  126.350675][ T6557]  ? bch2_trans_unlock+0x3a0/0x4b0
[  126.355815][ T6557]  bch2_btree_root_read+0x5e7/0x750
[  126.361034][ T6557]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  126.366747][ T6557]  ? bch2_current_has_btree_trans+0x169/0x1a0
[  126.372808][ T6557]  read_btree_roots+0x2cb/0x800
[  126.377657][ T6557]  ? __pfx_read_btree_roots+0x10/0x10
[  126.383143][ T6557]  ? bch2_sb_upgrade+0x1db/0x260
[  126.388168][ T6557]  bch2_fs_recovery+0x2356/0x37b0
[  126.393183][ T6557]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  126.398549][ T6557]  ? __lock_acquire+0xaac/0xd20
[  126.403393][ T6557]  ? __lock_acquire+0xaac/0xd20
[  126.408410][ T6557]  ? percpu_ref_put+0x1e/0x230
[  126.413207][ T6557]  ? bch2_get_next_online_dev+0x2d/0x4d0
[  126.418833][ T6557]  ? bch2_fs_start+0x65b/0xae0
[  126.423672][ T6557]  ? up_write+0x1c4/0x420
[  126.428084][ T6557]  bch2_fs_start+0x70b/0xae0
[  126.432663][ T6557]  ? __pfx_bch2_fs_start+0x10/0x10
[  126.437773][ T6557]  ? sget+0x28a/0x650
[  126.441763][ T6557]  bch2_fs_get_tree+0xad7/0x13b0
[  126.446697][ T6557]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  126.452064][ T6557]  ? vfs_parse_monolithic_sep+0x2e3/0x310
[  126.457793][ T6557]  ? cap_capable+0x11f/0x460
[  126.462381][ T6557]  ? bch2_init_fs_context+0x88/0x110
[  126.467664][ T6557]  ? safesetid_security_capable+0xa9/0x1a0
[  126.473543][ T6557]  vfs_get_tree+0x8f/0x2b0
[  126.477949][ T6557]  do_new_mount+0x24a/0xa40
[  126.482445][ T6557]  __se_sys_mount+0x317/0x410
[  126.487116][ T6557]  ? __pfx___se_sys_mount+0x10/0x10
[  126.492311][ T6557]  ? do_syscall_64+0xba/0x210
[  126.496974][ T6557]  ? __x64_sys_mount+0x20/0xc0
[  126.501723][ T6557]  do_syscall_64+0xf6/0x210
[  126.506211][ T6557]  ? clear_bhb_loop+0x45/0xa0
[  126.510899][ T6557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.516799][ T6557] RIP: 0033:0x7f11c457feba
[  126.521211][ T6557] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.540845][ T6557] RSP: 002b:00007f11c53aae68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  126.549273][ T6557] RAX: ffffffffffffffda RBX: 00007f11c53aaef0 RCX: 00007f11c457feba
[  126.557236][ T6557] RDX: 000000002000f640 RSI: 0000000020000000 RDI: 00007f11c53aaeb0
[  126.565201][ T6557] RBP: 000000002000f640 R08: 00007f11c53aaef0 R09: 0000000000000000
[  126.573158][ T6557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
[  126.581130][ T6557] R13: 00007f11c53aaeb0 R14: 000000000000f624 R15: 00000000200004c0
[  126.589097][ T6557]  </TASK>
[  126.592407][ T6557] Kernel Offset: disabled
[  126.596725][ T6557] Rebooting in 86400 seconds..