loop2: detected capacity change from 0 to 32768
workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR
bcachefs (baafa011-d992-4344-aaf9-4ff0e0bec0ff): shutdown complete
BUG: unable to handle page fault for address: ffffffffffffffa0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7280067 P4D 7280067 PUD 7282067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 9489 Comm: syz.2.735 Not tainted 6.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:bch2_fs_btree_iter_exit+0x242/0x260 fs/bcachefs/btree_iter.c:3168
Code: e1 07 38 c1 7c bd 48 89 df e8 ba 8e 2e ff eb b3 49 83 c7 a0 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 2e 8f 2e ff <49> 8b 1f e8 66 82 2e ff 48 c7 c7 60 19 25 86 48 89 de e8 e7 6a 63
RSP: 0018:ffffc90003de7538 EFLAGS: 00010246
RAX: 1ffffffffffffff4 RBX: ffff888162803e48 RCX: 1ffff1102c500760
RDX: 0000000000000001 RSI: ffffffff862f6780 RDI: ffff888162800000
RBP: ffff888162800000 R08: ffff8881628480af R09: 1ffff1102c509015
R10: dffffc0000000000 R11: ffffed102c509016 R12: 1ffff1102c500010
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffffffffffffffa0
FS:  00007ffa7f9066c0(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffa0 CR3: 000000011214e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __bch2_fs_free fs/bcachefs/super.c:491 [inline]
 bch2_fs_release+0x172/0x430 fs/bcachefs/super.c:538
 kobject_cleanup lib/kobject.c:682 [inline]
 kobject_release lib/kobject.c:716 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x14d/0x300 lib/kobject.c:733
 bch2_fs_alloc fs/bcachefs/super.c:885 [inline]
 bch2_fs_open+0x1afb/0x2a10 fs/bcachefs/super.c:1926
 bch2_mount+0x561/0x1150 fs/bcachefs/fs.c:1829
 legacy_get_tree+0xe9/0x180 fs/fs_context.c:638
 vfs_get_tree+0x82/0x190 fs/super.c:1750
 do_new_mount+0x1e5/0x930 fs/namespace.c:3335
 do_mount fs/namespace.c:3675 [inline]
 __do_sys_mount fs/namespace.c:3884 [inline]
 __se_sys_mount+0x242/0x2e0 fs/namespace.c:3861
 do_syscall_64+0x46/0xc0
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9
RIP: 0033:0x7ffa7eb8e58a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffa7f905e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffa7f905ef0 RCX: 00007ffa7eb8e58a
RDX: 0000400000000000 RSI: 0000400000000200 RDI: 00007ffa7f905eb0
RBP: 0000400000000000 R08: 00007ffa7f905ef0 R09: 0000000002a08414
R10: 0000000002a08414 R11: 0000000000000246 R12: 0000400000000200
R13: 00007ffa7f905eb0 R14: 000000000000f63a R15: 0000400000000240
 </TASK>
Modules linked in:
CR2: ffffffffffffffa0
---[ end trace 0000000000000000 ]---
RIP: 0010:bch2_fs_btree_iter_exit+0x242/0x260 fs/bcachefs/btree_iter.c:3168
Code: e1 07 38 c1 7c bd 48 89 df e8 ba 8e 2e ff eb b3 49 83 c7 a0 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 74 08 4c 89 ff e8 2e 8f 2e ff <49> 8b 1f e8 66 82 2e ff 48 c7 c7 60 19 25 86 48 89 de e8 e7 6a 63
RSP: 0018:ffffc90003de7538 EFLAGS: 00010246
RAX: 1ffffffffffffff4 RBX: ffff888162803e48 RCX: 1ffff1102c500760
RDX: 0000000000000001 RSI: ffffffff862f6780 RDI: ffff888162800000
RBP: ffff888162800000 R08: ffff8881628480af R09: 1ffff1102c509015
R10: dffffc0000000000 R11: ffffed102c509016 R12: 1ffff1102c500010
R13: dffffc0000000000 R14: dffffc0000000000 R15: ffffffffffffffa0
FS:  00007ffa7f9066c0(0000) GS:ffff8881f6500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffa0 CR3: 000000011214e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e1 07                	loope  0x9
   2:	38 c1                	cmp    %al,%cl
   4:	7c bd                	jl     0xffffffc3
   6:	48 89 df             	mov    %rbx,%rdi
   9:	e8 ba 8e 2e ff       	call   0xff2e8ec8
   e:	eb b3                	jmp    0xffffffc3
  10:	49 83 c7 a0          	add    $0xffffffffffffffa0,%r15
  14:	4c 89 f8             	mov    %r15,%rax
  17:	48 c1 e8 03          	shr    $0x3,%rax
  1b:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
  20:	74 08                	je     0x2a
  22:	4c 89 ff             	mov    %r15,%rdi
  25:	e8 2e 8f 2e ff       	call   0xff2e8f58
* 2a:	49 8b 1f             	mov    (%r15),%rbx <-- trapping instruction
  2d:	e8 66 82 2e ff       	call   0xff2e8298
  32:	48 c7 c7 60 19 25 86 	mov    $0xffffffff86251960,%rdi
  39:	48 89 de             	mov    %rbx,%rsi
  3c:	e8                   	.byte 0xe8
  3d:	e7 6a                	out    %eax,$0x6a
  3f:	63                   	.byte 0x63