[ 86.820526][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:6201' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[ 318.506689][ T5346] loop0: detected capacity change from 0 to 32768
[ 318.889841][ T5346] bcachefs (/dev/loop0): error reading default superblock: checksum error, type crc32c_nonzero: got 8c1ca219 should be 29d2fb78
[ 319.840391][ T5346] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,nojournal_transaction_names
[ 319.845743][ T5346] bcachefs (loop0): recovering from clean shutdown, journal seq 7
[ 319.849028][ T5346] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.20: directory_size
[ 319.849028][ T5346] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes,check_dirents
[ 319.904652][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree inodes level 0/0
[ 319.904682][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[ 319.904694][ T5346] node offset 8/24 bset u64s 29: checksum error, type crc32c_nonzero: got fac237b6 should be 53e60891, fixing
[ 319.919020][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree inodes level 0/0
[ 319.919035][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[ 319.919043][ T5346] node offset 16/24 bset u64s 110: checksum error, type crc32c_nonzero: got 8c669925 should be 08a3f5a5, fixing
[ 319.934521][ T5346] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[ 319.934521][ T5346] btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[ 319.945883][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0
[ 319.945901][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[ 319.945910][ T5346] node offset 8/24 bset u64s 6: checksum error, type crc32c_nonzero: got 5142e067 should be 5142e067, fixing
[ 319.961279][ T5346] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[ 319.961279][ T5346] btree=dirents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[ 319.981056][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree alloc level 0/0
[ 319.981076][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[ 319.981087][ T5346] node offset 8/32 bset u64s 375: checksum error, type crc32c_nonzero: got 15c0b551 should be 1bdb8771, fixing
[ 319.995880][ T5346] invalid bkey in btree_node btree=alloc level=0: u64s 11 type alloc_v4 0:0:7 len 0 ver 0:
[ 319.995897][ T5346] gen 0 oldest_gen 0 data_type sb
[ 319.995902][ T5346] journal_seq_nonempty 1
[ 319.995907][ T5346] journal_seq_empty 0
[ 319.995912][ T5346] need_discard 1
[ 319.995918][ T5346] need_inc_gen 1
[ 319.995923][ T5346] dirty_sectors 8
[ 319.995927][ T5346] stripe_sectors 0
[ 319.995930][ T5346] cached_sectors 0
[ 319.995933][ T5346] stripe 0
[ 319.995937][ T5346] stripe_redundancy 0
[ 319.995940][ T5346] io_time[READ] 1
[ 319.995944][ T5346] io_time[WRITE] 1
[ 319.995947][ T5346] fragmentation 0
[ 319.995951][ T5346] bp_start 8
[ 319.995954][ T5346]
[ 319.995957][ T5346] nonzero snapshot: delete?, fixing
[ 320.030507][ T5346] bcachefs (loop0): flagging btree alloc lost data
[ 320.033314][ T5346] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[ 320.038133][ T5346] bcachefs (loop0): running explicit recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 320.043244][ T5346] bcachefs (loop0): running explicit recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 320.048198][ T5346] bcachefs (loop0): running explicit recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[ 320.055232][ T5346] error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[ 320.071374][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0
[ 320.071403][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[ 320.071413][ T5346] node offset 8/32 bset u64s 35: checksum error, type crc32c_nonzero: got 92273250 should be d5280583, fixing
[ 320.086933][ T5346] bcachefs (loop0): error validating btree node at btree freespace level 0/0
[ 320.086951][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[ 320.086960][ T5346] node offset 8/32 bset u64s 35 bset byte offset 120: keys out of order: u64s 5 type set 150994944:29:0 len 2 ver 0 > u64s 5 type set 0:32:0 len 2 ver 0, fixing
[ 320.102165][ T5346] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[ 320.102165][ T5346] btree=freespace level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[ 320.118035][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree backpointers level 0/0
[ 320.118053][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 29c4a2706086d15a written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0
[ 320.118062][ T5346] node offset 0/24 bset u64s 0: checksum error, type crc32c_nonzero: got b8025df6 should be f5d8559b, fixing
[ 320.132195][ T5346] bcachefs (loop0): error validating btree node on loop0 at btree backpointers level 0/0
[ 320.132223][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 29c4a2706086d15a written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0
[ 320.132232][ T5346] node offset 0/24 bset u64s 0: invalid bkey format: field 4 too large: 0 + 288230376151711744 > 4294967295
[ 320.132239][ T5346] u64s 3 fields 64:0, 64:0, 32:0, 0:0, 0:288230376151711744, 0:0
[ 320.150158][ T5346] bcachefs (loop0): flagging btree backpointers lost data
[ 320.153806][ T5346] bcachefs (loop0): running explicit recovery pass check_btree_backpointers (15), currently at recovery_pass_empty (0)
[ 320.160493][ T5346] error reading btree root btree=backpointers level=0: btree_node_read_error, fixing
[ 320.172016][ T5346] bcachefs (loop0): check_topology... done
executing program
executing program
[ 320.175964][ T5346] bcachefs (loop0): accounting_read... done
[ 320.724704][ T5346] bcachefs (loop0): alloc_read... done
[ 320.727253][ T5346] bcachefs (loop0): stripes_read... done
[ 320.729944][ T5346] bcachefs (loop0): snapshots_read... done
[ 320.732800][ T5346] bcachefs (loop0): check_allocations...
[ 320.734931][ T5346] bucket 0:36 data type user ptr gen 0 missing in alloc btree
[ 320.734958][ T5346] while marking u64s 7 type extent 4098:24:U32_MAX len 24 ver 0: durability: 1 crc: c_size 8 size 24 offset 0 nonce 0 csum crc32c 0:4925b703 compress lz4 ptr: 0:36:0 gen 0, fixing
[ 320.748636][ T5346] bucket 0:34 data type user ptr gen 0 missing in alloc btree
[ 320.748649][ T5346] while marking u64s 7 type extent 536870913:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum crc32c 0:cec3872e compress incompressible ptr: 0:34:0 gen 0, fixing
[ 320.760201][ T5346] bucket 0:27 data type btree ptr gen 0 missing in alloc btree
[ 320.760218][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq b77ad9ee5a61c7f0 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing
[ 320.771225][ T5346] btree ptr not marked in member info btree allocated bitmap
[ 320.771247][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 320.782515][ T5346] bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 320.782531][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 320.792812][ T5346] btree ptr not marked in member info btree allocated bitmap
[ 320.792840][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 320.802032][ T5346] bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 320.802047][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 320.812247][ T5346] bucket 0:31 data type btree ptr gen 0 missing in alloc btree
[ 320.812264][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1477538288e6fe55 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0, fixing
[ 320.823050][ T5346] btree ptr not marked in member info btree allocated bitmap
[ 320.823068][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 320.833119][ T5346] bucket 0:35 data type btree ptr gen 0 missing in alloc btree
[ 320.833135][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 320.842158][ T5346] btree ptr not marked in member info btree allocated bitmap
[ 320.842177][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 320.852657][ T5346] bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[ 320.852669][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 320.862621][ T5346] bucket 0:28 data type btree ptr gen 0 missing in alloc btree
[ 320.862643][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq d19419031ca39bdb written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing
[ 320.873410][ T5346] btree ptr not marked in member info btree allocated bitmap
[ 320.873434][ T5346] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 320.883040][ T5346] bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 320.883052][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 320.893587][ T5346] bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[ 320.893603][ T5346] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a34c10fbe2d33ffa written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 320.906811][ T5346] done
[ 320.908978][ T5346] bcachefs (loop0): going read-write
executing program
executing program
executing program
[ 320.913318][ T5346] bcachefs (loop0): journal_replay... done
[ 323.318776][ T5346] bcachefs (loop0): check_alloc_info...
[ 323.320655][ T5346] hole in alloc btree missing in freespace btree
[ 323.320679][ T5346] device 0 buckets 26-27, fixing
[ 323.330442][ T5346] hole in alloc btree missing in freespace btree
[ 323.330475][ T5346] device 0 buckets 26-27, fixing
[ 323.337054][ T5346] hole in alloc btree missing in freespace btree
[ 323.337073][ T5346] device 0 buckets 37-38, fixing
[ 323.342451][ T5346] hole in alloc btree missing in freespace btree
[ 323.342466][ T5346] device 0 buckets 39-41, fixing
[ 323.350824][ T5346] entry in freespace btree for nonexistant dev:bucket 150994944:27, fixing
[ 323.354930][ T5346] entry in freespace btree for nonexistant dev:bucket 150994944:28, fixing
[ 323.358341][ T5346] done
[ 323.363267][ T5346] bcachefs (loop0): check_lrus... done
[ 323.366591][ T5346] bcachefs (loop0): check_btree_backpointers... done
[ 323.371369][ T5346] bcachefs (loop0): check_backpointers_to_extents... done
[ 323.375577][ T5346] bcachefs (loop0): check_extents_to_backpointers...
[ 323.376575][ T5346] bcachefs (loop0): scanning for missing backpointers in 8/128 buckets
[ 323.382933][ T5346] done
[ 323.387239][ T5346] bcachefs (loop0): check_inodes...
[ 323.388059][ T5346] inode journal seq in future (currently at 15)
[ 323.388072][ T5346] inum: 1073741824:4294967295
[ 323.388079][ T5346] mode=100755
[ 323.388085][ T5346] flags=(15300000)
[ 323.388091][ T5346] journal_seq=36028797018963972
[ 323.388098][ T5346] hash_seed=905a6979b4722d63
[ 323.388104][ T5346] hash_type=siphash
[ 323.388111][ T5346] bi_size=10
[ 323.388117][ T5346] bi_sectors=8
[ 323.388124][ T5346] bi_version=0
[ 323.388137][ T5346] bi_atime=2740995251
[ 323.388144][ T5346] bi_ctime=2740995251
[ 323.388150][ T5346] bi_mtime=2740995251
[ 323.388156][ T5346] bi_otime=2740995251
[ 323.388163][ T5346] bi_uid=0
[ 323.388169][ T5346] bi_gid=0
[ 323.388175][ T5346] bi_nlink=0
[ 323.388182][ T5346] bi_generation=0
[ 323.388189][ T5346] bi_dev=0
[ 323.388195][ T5346] bi_data_checksum=0
[ 323.388202][ T5346] bi_compression=0
[ 323.388208][ T5346] bi_project=0
[ 323.388215][ T5346] bi_background_compression=0
[ 323.388222][ T5346] bi_data_replicas=0
[ 323.388229][ T5346] bi_promote_target=0
[ 323.388235][ T5346] bi_foreground_target=0
[ 323.388242][ T5346] bi_background_target=0
[ 323.388248][ T5346] bi_erasure_code=0
[ 323.388254][ T5346] bi_fields_set=0
[ 323.388261][ T5346] bi_dir=4096
[ 323.388267][ T5346] bi_dir_offset=8276054212886994144
[ 323.388274][ T5346] bi_subvol=0
[ 323.388280][ T5346] bi_parent_subvol=0
[ 323.388286][ T5346] bi_nocow=0
[ 323.388292][ T5346] bi_depth=0
[ 323.388299][ T5346] bi_inodes_32bit=0, fixing
[ 323.454235][ T5346] done
[ 323.471741][ T5346] bcachefs (loop0): check_dirents...
[ 323.472580][ T5346] directory 4096:4294967295 with wrong i_size: got 0, should be 352, fixing
[ 323.480474][ T5346] done
[ 323.494257][ T5346] bcachefs (loop0): resume_logged_ops... done
[ 323.496578][ T5346] bcachefs (loop0): delete_dead_inodes... done
[ 323.517092][ T5346] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[ 323.521331][ T5346] bcachefs (loop0): check_alloc_info... done
[ 323.526710][ T5346] bcachefs (loop0): check_lrus... done
[ 323.529670][ T5346] bcachefs (loop0): check_btree_backpointers... done
[ 323.532835][ T5346] bcachefs (loop0): check_backpointers_to_extents... done
[ 323.536107][ T5346] bcachefs (loop0): check_extents_to_backpointers... done
[ 323.539532][ T5346] bcachefs (loop0): check_inodes... done
[ 323.542084][ T5346] bcachefs (loop0): check_dirents... done
[ 323.545848][ T5346] bcachefs (loop0): resume_logged_ops... done
[ 323.548364][ T5346] bcachefs (loop0): delete_dead_inodes... done
[ 323.553553][ T5346] bcachefs (loop0): bch2_copygc_start(): error creating copygc thread EINTR
[ 323.557419][ T5346] bcachefs (loop0): error starting copygc thread
[ 323.559992][ T5346] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR
[ 323.563085][ T5346] bcachefs (loop0): shutting down
[ 323.565090][ T5346] bcachefs (loop0): going read-only
[ 323.569541][ T5346] bcachefs (loop0): finished waiting for writes to stop
[ 323.572760][ T5346] bcachefs (loop0): flushing journal and stopping allocators, journal seq 19
[ 323.577916][ T5346] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 19
[ 323.582321][ T5346] bcachefs (loop0): clean shutdown complete, journal seq 20
[ 323.586013][ T5346] bcachefs (loop0): marking filesystem clean
[ 323.600332][ T5346] bcachefs (loop0): shutdown complete
[ 323.604058][ T1033] ==================================================================
[ 323.606912][ T1033] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250
[ 323.610340][ T1033] Read of size 8 at addr ffff88804dc1e0b0 by task kworker/u4:5/1033
[ 323.615569][ T1033]
[ 323.616432][ T1033] CPU: 0 UID: 0 PID: 1033 Comm: kworker/u4:5 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0
[ 323.616447][ T1033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 323.616455][ T1033] Workqueue: loop0 loop_rootcg_workfn
[ 323.616479][ T1033] Call Trace:
[ 323.616487][ T1033]
[ 323.616493][ T1033] dump_stack_lvl+0x241/0x360
[ 323.616507][ T1033] ? __pfx_dump_stack_lvl+0x10/0x10
[ 323.616517][ T1033] ? __pfx__printk+0x10/0x10
[ 323.616526][ T1033] ? _printk+0xd5/0x120
[ 323.616534][ T1033] ? __virt_addr_valid+0x183/0x530
[ 323.616544][ T1033] ? __virt_addr_valid+0x183/0x530
[ 323.616553][ T1033] print_report+0x16e/0x5b0
[ 323.616566][ T1033] ? __virt_addr_valid+0x183/0x530
[ 323.616574][ T1033] ? __virt_addr_valid+0x183/0x530
[ 323.616582][ T1033] ? __virt_addr_valid+0x45f/0x530
[ 323.616590][ T1033] ? __phys_addr+0xba/0x170
[ 323.616605][ T1033] ? percpu_ref_put+0xda/0x250
[ 323.616620][ T1033] kasan_report+0x143/0x180
[ 323.616631][ T1033] ? percpu_ref_put+0xda/0x250
[ 323.616644][ T1033] ? percpu_ref_put+0x1f/0x250
[ 323.616658][ T1033] percpu_ref_put+0xda/0x250
[ 323.616672][ T1033] blk_update_request+0x5e5/0x1160
[ 323.616687][ T1033] blk_mq_end_request+0x3e/0x70
[ 323.616699][ T1033] loop_process_work+0x1bc8/0x21c0
[ 323.616720][ T1033] ? __pfx_loop_process_work+0x10/0x10
[ 323.616735][ T1033] ? register_lock_class+0x102/0x980
[ 323.616750][ T1033] ? __pfx_register_lock_class+0x10/0x10
[ 323.616764][ T1033] ? mark_lock+0x9a/0x360
[ 323.616773][ T1033] ? debug_object_deactivate+0x2d5/0x390
[ 323.616789][ T1033] ? do_raw_spin_unlock+0x58/0x8b0
[ 323.616804][ T1033] ? __pfx_lock_acquire+0x10/0x10
[ 323.616818][ T1033] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 323.616834][ T1033] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 323.616850][ T1033] ? process_scheduled_works+0x9c6/0x18e0
[ 323.616864][ T1033] process_scheduled_works+0xabe/0x18e0
[ 323.616882][ T1033] ? __pfx_process_scheduled_works+0x10/0x10
[ 323.616896][ T1033] ? assign_work+0x364/0x3d0
[ 323.616908][ T1033] worker_thread+0x870/0xd30
[ 323.616924][ T1033] ? __kthread_parkme+0x169/0x1d0
[ 323.616938][ T1033] ? __pfx_worker_thread+0x10/0x10
[ 323.616950][ T1033] kthread+0x7a9/0x920
[ 323.616963][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.616977][ T1033] ? __pfx_worker_thread+0x10/0x10
[ 323.616990][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.617003][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.617018][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.617031][ T1033] ? _raw_spin_unlock_irq+0x23/0x50
[ 323.617104][ T1033] ? lockdep_hardirqs_on+0x99/0x150
[ 323.617115][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.617128][ T1033] ret_from_fork+0x4b/0x80
[ 323.617143][ T1033] ? __pfx_kthread+0x10/0x10
[ 323.617157][ T1033] ret_from_fork_asm+0x1a/0x30
[ 323.617173][ T1033]
[ 323.617177][ T1033]
[ 323.729356][ T1033] Allocated by task 5346:
[ 323.731300][ T1033] kasan_save_track+0x3f/0x80
[ 323.733528][ T1033] __kasan_kmalloc+0x98/0xb0
[ 323.735436][ T1033] __kmalloc_cache_noprof+0x243/0x390
[ 323.737484][ T1033] __bch2_dev_alloc+0x57/0xa60
[ 323.739383][ T1033] bch2_dev_alloc+0xd4/0x170
[ 323.741237][ T1033] bch2_fs_open+0x30aa/0x31e0
[ 323.743088][ T1033] bch2_fs_get_tree+0x738/0x17a0
[ 323.745179][ T1033] vfs_get_tree+0x90/0x2b0
[ 323.747350][ T1033] do_new_mount+0x2be/0xb40
[ 323.749572][ T1033] __se_sys_mount+0x2d6/0x3c0
[ 323.752179][ T1033] do_syscall_64+0xf3/0x230
[ 323.754457][ T1033] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 323.756813][ T1033]
[ 323.757768][ T1033] Freed by task 5346:
[ 323.759297][ T1033] kasan_save_track+0x3f/0x80
[ 323.761098][ T1033] kasan_save_free_info+0x40/0x50
[ 323.763046][ T1033] __kasan_slab_free+0x59/0x70
[ 323.765160][ T1033] kfree+0x196/0x430
[ 323.767051][ T1033] kobject_put+0x22f/0x480
[ 323.769163][ T1033] bch2_fs_free+0x27b/0x3c0
[ 323.771179][ T1033] bch2_fs_get_tree+0xdee/0x17a0
[ 323.773160][ T1033] vfs_get_tree+0x90/0x2b0
[ 323.774830][ T1033] do_new_mount+0x2be/0xb40
[ 323.776633][ T1033] __se_sys_mount+0x2d6/0x3c0
[ 323.778922][ T1033] do_syscall_64+0xf3/0x230
[ 323.781459][ T1033] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 323.784397][ T1033]
[ 323.785431][ T1033] Last potentially related work creation:
[ 323.787750][ T1033] kasan_save_stack+0x3f/0x60
[ 323.789545][ T1033] kasan_record_aux_stack+0xaa/0xc0
[ 323.791662][ T1033] insert_work+0x3e/0x330
[ 323.793384][ T1033] __queue_work+0xc8b/0xf50
[ 323.795256][ T1033] queue_work_on+0x1c2/0x380
[ 323.797262][ T1033] bch2_dev_do_discards+0x17a/0x1f0
[ 323.799500][ T1033] bch2_do_discards+0x29/0x60
[ 323.801665][ T1033] journal_write_done+0x78b/0xea0
[ 323.803618][ T1033] process_scheduled_works+0xabe/0x18e0
[ 323.805771][ T1033] worker_thread+0x870/0xd30
[ 323.807711][ T1033] kthread+0x7a9/0x920
[ 323.809632][ T1033] ret_from_fork+0x4b/0x80
[ 323.811979][ T1033] ret_from_fork_asm+0x1a/0x30
[ 323.814326][ T1033]
[ 323.815565][ T1033] Second to last potentially related work creation:
[ 323.818063][ T1033] kasan_save_stack+0x3f/0x60
[ 323.819822][ T1033] kasan_record_aux_stack+0xaa/0xc0
[ 323.821789][ T1033] insert_work+0x3e/0x330
[ 323.823389][ T1033] __queue_work+0xc8b/0xf50
[ 323.825066][ T1033] queue_work_on+0x1c2/0x380
[ 323.826698][ T1033] bch2_dev_do_discards+0x17a/0x1f0
[ 323.828839][ T1033] bch2_do_discards+0x29/0x60
[ 323.831156][ T1033] journal_write_done+0x78b/0xea0
[ 323.833036][ T1033] process_scheduled_works+0xabe/0x18e0
[ 323.835158][ T1033] worker_thread+0x870/0xd30
[ 323.836966][ T1033] kthread+0x7a9/0x920
[ 323.838608][ T1033] ret_from_fork+0x4b/0x80
[ 323.840413][ T1033] ret_from_fork_asm+0x1a/0x30
[ 323.842130][ T1033]
[ 323.843019][ T1033] The buggy address belongs to the object at ffff88804dc1e000
[ 323.843019][ T1033] which belongs to the cache kmalloc-4k of size 4096
[ 323.848316][ T1033] The buggy address is located 176 bytes inside of
[ 323.848316][ T1033] freed 4096-byte region [ffff88804dc1e000, ffff88804dc1f000)
[ 323.854560][ T1033]
[ 323.855724][ T1033] The buggy address belongs to the physical page:
[ 323.858376][ T1033] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4dc18
[ 323.861752][ T1033] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 323.864929][ T1033] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 323.867924][ T1033] page_type: f5(slab)
[ 323.869893][ T1033] raw: 04fff00000000040 ffff88801b042140 dead000000000122 0000000000000000
[ 323.873728][ T1033] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 323.877158][ T1033] head: 04fff00000000040 ffff88801b042140 dead000000000122 0000000000000000
[ 323.880911][ T1033] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 323.884105][ T1033] head: 04fff00000000003 ffffea0001370601 ffffffffffffffff 0000000000000000
[ 323.887404][ T1033] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 323.891768][ T1033] page dumped because: kasan: bad access detected
[ 323.894665][ T1033] page_owner tracks the page as allocated
[ 323.896865][ T1033] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5350, tgid 5350 (udevd), ts 319742173693, free_ts 0
[ 323.903620][ T1033] post_alloc_hook+0x1f4/0x240
[ 323.905431][ T1033] get_page_from_freelist+0x365c/0x37a0
[ 323.907428][ T1033] __alloc_frozen_pages_noprof+0x292/0x710
[ 323.909776][ T1033] alloc_pages_mpol+0x311/0x660
[ 323.912119][ T1033] allocate_slab+0x8f/0x3a0
[ 323.914262][ T1033] ___slab_alloc+0xc27/0x14a0
[ 323.916325][ T1033] __slab_alloc+0x58/0xa0
[ 323.918019][ T1033] __kmalloc_noprof+0x2e6/0x4c0
[ 323.919853][ T1033] tomoyo_realpath_from_path+0xcf/0x5e0
[ 323.922045][ T1033] tomoyo_check_open_permission+0x258/0x4f0
[ 323.924370][ T1033] security_file_open+0xac/0x250
[ 323.926362][ T1033] do_dentry_open+0x320/0x1960
[ 323.928582][ T1033] vfs_open+0x3b/0x370
[ 323.930593][ T1033] path_openat+0x2c81/0x3590
[ 323.932845][ T1033] do_filp_open+0x27f/0x4e0
[ 323.935070][ T1033] do_sys_openat2+0x13e/0x1d0
[ 323.936981][ T1033] page_owner free stack trace missing
[ 323.938934][ T1033]
[ 323.939886][ T1033] Memory state around the buggy address:
[ 323.942011][ T1033] ffff88804dc1df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 323.945108][ T1033] ffff88804dc1e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 323.948116][ T1033] >ffff88804dc1e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 323.951390][ T1033] ^
[ 323.954195][ T1033] ffff88804dc1e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 323.957382][ T1033] ffff88804dc1e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 323.960323][ T1033] ==================================================================
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 327.959541][ T1033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 327.962279][ T1033] CPU: 0 UID: 0 PID: 1033 Comm: kworker/u4:5 Not tainted 6.14.0-rc4-syzkaller-00073-g5394eea10651 #0
[ 327.966377][ T1033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 327.971708][ T1033] Workqueue: loop0 loop_rootcg_workfn
[ 327.974111][ T1033] Call Trace:
[ 327.975514][ T1033]
[ 327.976713][ T1033] dump_stack_lvl+0x241/0x360
[ 327.978516][ T1033] ? __pfx_dump_stack_lvl+0x10/0x10
[ 327.980565][ T1033] ? __pfx__printk+0x10/0x10
[ 327.982515][ T1033] ? preempt_schedule+0xe1/0xf0
[ 327.984420][ T1033] ? vscnprintf+0x5d/0x90
[ 327.986314][ T1033] panic+0x349/0x880
[ 327.988132][ T1033] ? check_panic_on_warn+0x21/0xb0
[ 327.990271][ T1033] ? __pfx_panic+0x10/0x10
[ 327.991999][ T1033] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 327.994393][ T1033] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 327.996742][ T1033] ? print_report+0x519/0x5b0
[ 327.998900][ T1033] check_panic_on_warn+0x86/0xb0
[ 328.001272][ T1033] ? percpu_ref_put+0xda/0x250
[ 328.003314][ T1033] end_report+0x77/0x160
[ 328.004730][ T1033] kasan_report+0x154/0x180
[ 328.006294][ T1033] ? percpu_ref_put+0xda/0x250
[ 328.007953][ T1033] ? percpu_ref_put+0x1f/0x250
[ 328.009640][ T1033] percpu_ref_put+0xda/0x250
[ 328.011280][ T1033] blk_update_request+0x5e5/0x1160
[ 328.013259][ T1033] blk_mq_end_request+0x3e/0x70
[ 328.015097][ T1033] loop_process_work+0x1bc8/0x21c0
[ 328.017207][ T1033] ? __pfx_loop_process_work+0x10/0x10
[ 328.019429][ T1033] ? register_lock_class+0x102/0x980
[ 328.021422][ T1033] ? __pfx_register_lock_class+0x10/0x10
[ 328.023462][ T1033] ? mark_lock+0x9a/0x360
[ 328.025219][ T1033] ? debug_object_deactivate+0x2d5/0x390
[ 328.027572][ T1033] ? do_raw_spin_unlock+0x58/0x8b0
[ 328.029893][ T1033] ? __pfx_lock_acquire+0x10/0x10
[ 328.032281][ T1033] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 328.034961][ T1033] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 328.037597][ T1033] ? process_scheduled_works+0x9c6/0x18e0
[ 328.039914][ T1033] process_scheduled_works+0xabe/0x18e0
[ 328.042162][ T1033] ? __pfx_process_scheduled_works+0x10/0x10
[ 328.045363][ T1033] ? assign_work+0x364/0x3d0
[ 328.047719][ T1033] worker_thread+0x870/0xd30
[ 328.049735][ T1033] ? __kthread_parkme+0x169/0x1d0
[ 328.051970][ T1033] ? __pfx_worker_thread+0x10/0x10
[ 328.053873][ T1033] kthread+0x7a9/0x920
[ 328.055437][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.057277][ T1033] ? __pfx_worker_thread+0x10/0x10
[ 328.059255][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.061199][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.063222][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.065314][ T1033] ? _raw_spin_unlock_irq+0x23/0x50
[ 328.067437][ T1033] ? lockdep_hardirqs_on+0x99/0x150
[ 328.069491][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.071429][ T1033] ret_from_fork+0x4b/0x80
[ 328.073262][ T1033] ? __pfx_kthread+0x10/0x10
[ 328.075323][ T1033] ret_from_fork_asm+0x1a/0x30
[ 328.077451][ T1033]
[ 328.079227][ T1033] Kernel Offset: disabled
[ 328.081142][ T1033] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:48:16 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000065 RBX=ffffffff9a9960a0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000249ed50
R8 =ffffffff8583e40b R9 =1ffff11003e93046 R10=dffffc0000000000 R11=ffffffff8583e3c0
R12=dffffc0000000000 R13=0000000000000065 R14=0000000000000065 R15=00000000000003f8
RIP=ffffffff8583e43e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=000055556fb4f7f8 CR3=0000000040584000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040401 Opmask01=0000000000000001 Opmask02=00000000fff7ffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd526a45e0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffff0f0e0d0c
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e756f6d65723d73 726f727265003036 36396f7369007265 6c6c616b7a797300
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b504a4840571856 574a575740001513 131c4a564c005740 4949444e5f5c5600
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000