Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts.
executing program
[ 59.281263][ T5820] loop0: detected capacity change from 0 to 32768
[ 59.349588][ T5820] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,reconstruct_alloc
[ 59.367772][ T5820] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 59.376064][ T5820] bcachefs (loop0): Version upgrade required:
[ 59.376064][ T5820] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[ 59.376064][ T5820] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size
[ 59.376064][ T5820] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[ 59.448427][ T5820] bcachefs (loop0): dropping and reconstructing all alloc info
[ 59.460090][ T5820] ==================================================================
[ 59.468158][ T5820] BUG: KASAN: use-after-free in crc64_be+0x131/0x1f0
[ 59.474848][ T5820] Read of size 1 at addr ffff888072e00000 by task syz-executor238/5820
[ 59.483320][ T5820]
[ 59.485660][ T5820] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor238 Not tainted 6.14.0-rc5-syzkaller-00137-g00a7d39898c8 #0
[ 59.485672][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 59.485681][ T5820] Call Trace:
[ 59.485687][ T5820]
[ 59.485691][ T5820] dump_stack_lvl+0x241/0x360
[ 59.485704][ T5820] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.485724][ T5820] ? __pfx__printk+0x10/0x10
[ 59.485737][ T5820] ? _printk+0xd5/0x120
[ 59.485749][ T5820] ? __virt_addr_valid+0x183/0x530
[ 59.485763][ T5820] ? __virt_addr_valid+0x183/0x530
[ 59.485775][ T5820] print_report+0x16e/0x5b0
[ 59.485789][ T5820] ? __virt_addr_valid+0x183/0x530
[ 59.485801][ T5820] ? __virt_addr_valid+0x183/0x530
[ 59.485812][ T5820] ? __virt_addr_valid+0x45f/0x530
[ 59.485824][ T5820] ? __phys_addr+0xba/0x170
[ 59.485836][ T5820] ? crc64_be+0x131/0x1f0
[ 59.485849][ T5820] kasan_report+0x143/0x180
[ 59.485862][ T5820] ? crc64_be+0x131/0x1f0
[ 59.485875][ T5820] crc64_be+0x131/0x1f0
[ 59.485888][ T5820] bch2_checksum_update+0x10f/0x160
[ 59.485903][ T5820] bch2_checksum+0x37e/0x780
[ 59.485915][ T5820] ? __asan_memcpy+0x40/0x70
[ 59.485926][ T5820] ? __pfx_bch2_checksum+0x10/0x10
[ 59.485942][ T5820] ? bch2_prt_printf+0x559/0x6d0
[ 59.485954][ T5820] ? bch2_bpos_to_text+0x167/0x3a0
[ 59.485966][ T5820] ? __pfx_bch2_prt_printf+0x10/0x10
[ 59.485977][ T5820] ? kfree+0x196/0x430
[ 59.485989][ T5820] ? krealloc_noprof+0x1ad/0x300
[ 59.485998][ T5820] ? bch2_bpos_to_text+0x295/0x3a0
[ 59.486010][ T5820] ? __pfx_bch2_bpos_to_text+0x10/0x10
[ 59.486022][ T5820] ? prt_str+0x4af/0x7d0
[ 59.486033][ T5820] ? bch2_btree_node_read_done+0x85a/0x6180
[ 59.486046][ T5820] bch2_btree_node_read_done+0x155c/0x6180
[ 59.486066][ T5820] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 59.486078][ T5820] ? __pfx_lock_acquire+0x10/0x10
[ 59.486090][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 59.486103][ T5820] ? __pfx_lock_release+0x10/0x10
[ 59.486114][ T5820] ? __lock_acquire+0x1397/0x2100
[ 59.486127][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 59.486139][ T5820] ? bch2_bkey_pick_read_device+0x1561/0x1850
[ 59.486153][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 59.486165][ T5820] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[ 59.486177][ T5820] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[ 59.486190][ T5820] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[ 59.486205][ T5820] btree_node_read_work+0x6dc/0x1380
[ 59.486221][ T5820] ? __pfx_btree_node_read_work+0x10/0x10
[ 59.486233][ T5820] ? bch2_latency_acct+0x47b/0x550
[ 59.486246][ T5820] ? __pfx_bch2_latency_acct+0x10/0x10
[ 59.486257][ T5820] ? bio_associate_blkg+0x6c/0x230
[ 59.486270][ T5820] bch2_btree_node_read+0x2433/0x29f0
[ 59.486286][ T5820] ? bch2_trans_unlock+0x35e/0x480
[ 59.486295][ T5820] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 59.486308][ T5820] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[ 59.486318][ T5820] ? bch2_trans_unlock+0x3b5/0x480
[ 59.486328][ T5820] bch2_btree_root_read+0x626/0x7b0
[ 59.486341][ T5820] ? __pfx_bch2_btree_root_read+0x10/0x10
[ 59.486355][ T5820] ? bch2_current_has_btree_trans+0x142/0x180
[ 59.486366][ T5820] read_btree_roots+0x3d3/0xa70
[ 59.486382][ T5820] ? __pfx_read_btree_roots+0x10/0x10
[ 59.486397][ T5820] ? bch2_sb_upgrade+0x21b/0x2a0
[ 59.486406][ T5820] ? bch2_recovery_passes_from_stable+0x104/0x120
[ 59.486415][ T5820] bch2_fs_recovery+0x260f/0x3de0
[ 59.486431][ T5820] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 59.486450][ T5820] ? __pfx_lock_release+0x10/0x10
[ 59.486462][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 59.486473][ T5820] ? __pfx_lock_release+0x10/0x10
[ 59.486487][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 59.486499][ T5820] ? bch2_get_next_online_dev+0x4b9/0x4f0
[ 59.486510][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 59.486522][ T5820] ? llist_reverse_order+0x72/0x90
[ 59.486536][ T5820] bch2_fs_start+0x37c/0x610
[ 59.486549][ T5820] bch2_fs_get_tree+0xdb7/0x17a0
[ 59.486566][ T5820] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 59.486581][ T5820] ? vfs_parse_monolithic_sep+0x423/0x460
[ 59.486591][ T5820] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 59.486600][ T5820] ? rcu_is_watching+0x15/0xb0
[ 59.486609][ T5820] ? cap_capable+0x139/0x450
[ 59.486621][ T5820] ? safesetid_security_capable+0xb2/0x1d0
[ 59.486635][ T5820] vfs_get_tree+0x90/0x2b0
[ 59.486647][ T5820] do_new_mount+0x2be/0xb40
[ 59.486662][ T5820] ? __pfx_do_new_mount+0x10/0x10
[ 59.486677][ T5820] __se_sys_mount+0x2d6/0x3c0
[ 59.486686][ T5820] ? __pfx___se_sys_mount+0x10/0x10
[ 59.486695][ T5820] ? do_syscall_64+0x100/0x230
[ 59.486720][ T5820] ? __x64_sys_mount+0x20/0xc0
[ 59.486729][ T5820] do_syscall_64+0xf3/0x230
[ 59.486741][ T5820] ? clear_bhb_loop+0x35/0x90
[ 59.486754][ T5820] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.486769][ T5820] RIP: 0033:0x7f8317bc351a
[ 59.486781][ T5820] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.486788][ T5820] RSP: 002b:00007ffec09d9368 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
[ 59.486799][ T5820] RAX: ffffffffffffffda RBX: 00007ffec09d9380 RCX: 00007f8317bc351a
[ 59.486806][ T5820] RDX: 00004000000000c0 RSI: 0000400000000000 RDI: 00007ffec09d9380
[ 59.486812][ T5820] RBP: 0000400000000000 R08: 00007ffec09d93c0 R09: 0000000000005950
[ 59.486819][ T5820] R10: 000000000100000a R11: 0000000000000282 R12: 00004000000000c0
[ 59.486825][ T5820] R13: 00007ffec09d93c0 R14: 0000000000000003 R15: 000000000100000a
[ 59.486833][ T5820]
[ 59.486837][ T5820]
[ 60.024918][ T5820] The buggy address belongs to the physical page:
[ 60.031334][ T5820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x72e00
[ 60.040088][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 60.047187][ T5820] raw: 00fff00000000000 ffffea0001cb8108 ffffea0001dfa708 0000000000000000
[ 60.055756][ T5820] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 60.064320][ T5820] page dumped because: kasan: bad access detected
[ 60.070875][ T5820] page_owner tracks the page as freed
[ 60.076237][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 1, tgid 1 (swapper/0), ts 15177598220, free_ts 16347346247
[ 60.091257][ T5820] post_alloc_hook+0x1f4/0x240
[ 60.096036][ T5820] split_free_pages+0xe1/0x2d0
[ 60.100826][ T5820] alloc_contig_range_noprof+0x10eb/0x1770
[ 60.106622][ T5820] alloc_contig_pages_noprof+0x4b3/0x5c0
[ 60.112243][ T5820] debug_vm_pgtable_alloc_huge_page+0xaf/0x100
[ 60.118382][ T5820] init_args+0x83b/0xb20
[ 60.122618][ T5820] debug_vm_pgtable+0xe4/0x590
[ 60.127367][ T5820] do_one_initcall+0x248/0x930
[ 60.132121][ T5820] do_initcall_level+0x157/0x210
[ 60.137051][ T5820] do_initcalls+0x71/0xd0
[ 60.141368][ T5820] kernel_init_freeable+0x435/0x5d0
[ 60.146555][ T5820] kernel_init+0x1d/0x2b0
[ 60.150868][ T5820] ret_from_fork+0x4b/0x80
[ 60.155277][ T5820] ret_from_fork_asm+0x1a/0x30
[ 60.160026][ T5820] page last free pid 1 tgid 1 stack trace:
[ 60.165812][ T5820] free_frozen_pages+0xe04/0x10e0
[ 60.170829][ T5820] free_contig_range+0x14c/0x430
[ 60.175766][ T5820] destroy_args+0x94/0x4b0
[ 60.180190][ T5820] debug_vm_pgtable+0x551/0x590
[ 60.185029][ T5820] do_one_initcall+0x248/0x930
[ 60.189780][ T5820] do_initcall_level+0x157/0x210
[ 60.194708][ T5820] do_initcalls+0x71/0xd0
[ 60.199028][ T5820] kernel_init_freeable+0x435/0x5d0
[ 60.204218][ T5820] kernel_init+0x1d/0x2b0
[ 60.208535][ T5820] ret_from_fork+0x4b/0x80
[ 60.212948][ T5820] ret_from_fork_asm+0x1a/0x30
[ 60.217700][ T5820]
[ 60.220019][ T5820] Memory state around the buggy address:
[ 60.225634][ T5820] ffff888072dfff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.233683][ T5820] ffff888072dfff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 60.241731][ T5820] >ffff888072e00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.249776][ T5820] ^
[ 60.253825][ T5820] ffff888072e00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.261867][ T5820] ffff888072e00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 60.269908][ T5820] ==================================================================
[ 60.278334][ T5820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.285542][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor238 Not tainted 6.14.0-rc5-syzkaller-00137-g00a7d39898c8 #0
[ 60.296638][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 60.306686][ T5820] Call Trace:
[ 60.309951][ T5820]
[ 60.312872][ T5820] dump_stack_lvl+0x241/0x360
[ 60.317542][ T5820] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.322723][ T5820] ? __pfx__printk+0x10/0x10
[ 60.327305][ T5820] ? preempt_schedule+0xe1/0xf0
[ 60.332407][ T5820] ? vscnprintf+0x5d/0x90
[ 60.336830][ T5820] panic+0x349/0x880
[ 60.340720][ T5820] ? check_panic_on_warn+0x21/0xb0
[ 60.345820][ T5820] ? __pfx_panic+0x10/0x10
[ 60.350224][ T5820] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.356192][ T5820] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.362503][ T5820] ? print_report+0x519/0x5b0
[ 60.367171][ T5820] check_panic_on_warn+0x86/0xb0
[ 60.372099][ T5820] ? crc64_be+0x131/0x1f0
[ 60.376420][ T5820] end_report+0x77/0x160
[ 60.380737][ T5820] kasan_report+0x154/0x180
[ 60.385232][ T5820] ? crc64_be+0x131/0x1f0
[ 60.389552][ T5820] crc64_be+0x131/0x1f0
[ 60.393699][ T5820] bch2_checksum_update+0x10f/0x160
[ 60.398890][ T5820] bch2_checksum+0x37e/0x780
[ 60.403477][ T5820] ? __asan_memcpy+0x40/0x70
[ 60.408058][ T5820] ? __pfx_bch2_checksum+0x10/0x10
[ 60.413163][ T5820] ? bch2_prt_printf+0x559/0x6d0
[ 60.418089][ T5820] ? bch2_bpos_to_text+0x167/0x3a0
[ 60.423188][ T5820] ? __pfx_bch2_prt_printf+0x10/0x10
[ 60.428460][ T5820] ? kfree+0x196/0x430
[ 60.432522][ T5820] ? krealloc_noprof+0x1ad/0x300
[ 60.437450][ T5820] ? bch2_bpos_to_text+0x295/0x3a0
[ 60.442548][ T5820] ? __pfx_bch2_bpos_to_text+0x10/0x10
[ 60.447997][ T5820] ? prt_str+0x4af/0x7d0
[ 60.452229][ T5820] ? bch2_btree_node_read_done+0x85a/0x6180
[ 60.458110][ T5820] bch2_btree_node_read_done+0x155c/0x6180
[ 60.463919][ T5820] ? __pfx_bch2_btree_node_read_done+0x10/0x10
[ 60.470060][ T5820] ? __pfx_lock_acquire+0x10/0x10
[ 60.475082][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 60.481050][ T5820] ? __pfx_lock_release+0x10/0x10
[ 60.486078][ T5820] ? __lock_acquire+0x1397/0x2100
[ 60.491097][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 60.497067][ T5820] ? bch2_bkey_pick_read_device+0x1561/0x1850
[ 60.503150][ T5820] ? bch2_bkey_pick_read_device+0x221/0x1850
[ 60.509150][ T5820] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[ 60.515653][ T5820] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[ 60.521542][ T5820] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[ 60.527691][ T5820] btree_node_read_work+0x6dc/0x1380
[ 60.532984][ T5820] ? __pfx_btree_node_read_work+0x10/0x10
[ 60.538708][ T5820] ? bch2_latency_acct+0x47b/0x550
[ 60.543814][ T5820] ? __pfx_bch2_latency_acct+0x10/0x10
[ 60.549443][ T5820] ? bio_associate_blkg+0x6c/0x230
[ 60.554543][ T5820] bch2_btree_node_read+0x2433/0x29f0
[ 60.559996][ T5820] ? bch2_trans_unlock+0x35e/0x480
[ 60.565093][ T5820] ? __pfx_bch2_btree_node_read+0x10/0x10
[ 60.570808][ T5820] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[ 60.577294][ T5820] ? bch2_trans_unlock+0x3b5/0x480
[ 60.582392][ T5820] bch2_btree_root_read+0x626/0x7b0
[ 60.587582][ T5820] ? __pfx_bch2_btree_root_read+0x10/0x10
[ 60.593381][ T5820] ? bch2_current_has_btree_trans+0x142/0x180
[ 60.599444][ T5820] read_btree_roots+0x3d3/0xa70
[ 60.604295][ T5820] ? __pfx_read_btree_roots+0x10/0x10
[ 60.609658][ T5820] ? bch2_sb_upgrade+0x21b/0x2a0
[ 60.614586][ T5820] ? bch2_recovery_passes_from_stable+0x104/0x120
[ 60.620995][ T5820] bch2_fs_recovery+0x260f/0x3de0
[ 60.626016][ T5820] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 60.631385][ T5820] ? __pfx_lock_release+0x10/0x10
[ 60.636397][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 60.642015][ T5820] ? __pfx_lock_release+0x10/0x10
[ 60.647033][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 60.652655][ T5820] ? bch2_get_next_online_dev+0x4b9/0x4f0
[ 60.658376][ T5820] ? bch2_get_next_online_dev+0x2b/0x4f0
[ 60.664001][ T5820] ? llist_reverse_order+0x72/0x90
[ 60.669102][ T5820] bch2_fs_start+0x37c/0x610
[ 60.673706][ T5820] bch2_fs_get_tree+0xdb7/0x17a0
[ 60.678642][ T5820] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 60.684010][ T5820] ? vfs_parse_monolithic_sep+0x423/0x460
[ 60.689718][ T5820] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 60.695338][ T5820] ? rcu_is_watching+0x15/0xb0
[ 60.700088][ T5820] ? cap_capable+0x139/0x450
[ 60.704671][ T5820] ? safesetid_security_capable+0xb2/0x1d0
[ 60.710475][ T5820] vfs_get_tree+0x90/0x2b0
[ 60.714884][ T5820] do_new_mount+0x2be/0xb40
[ 60.719382][ T5820] ? __pfx_do_new_mount+0x10/0x10
[ 60.724411][ T5820] __se_sys_mount+0x2d6/0x3c0
[ 60.729074][ T5820] ? __pfx___se_sys_mount+0x10/0x10
[ 60.734258][ T5820] ? do_syscall_64+0x100/0x230
[ 60.739023][ T5820] ? __x64_sys_mount+0x20/0xc0
[ 60.743775][ T5820] do_syscall_64+0xf3/0x230
[ 60.748273][ T5820] ? clear_bhb_loop+0x35/0x90
[ 60.752941][ T5820] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.758822][ T5820] RIP: 0033:0x7f8317bc351a
[ 60.763222][ T5820] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 60.782816][ T5820] RSP: 002b:00007ffec09d9368 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
[ 60.791223][ T5820] RAX: ffffffffffffffda RBX: 00007ffec09d9380 RCX: 00007f8317bc351a
[ 60.799181][ T5820] RDX: 00004000000000c0 RSI: 0000400000000000 RDI: 00007ffec09d9380
[ 60.807500][ T5820] RBP: 0000400000000000 R08: 00007ffec09d93c0 R09: 0000000000005950
[ 60.815466][ T5820] R10: 000000000100000a R11: 0000000000000282 R12: 00004000000000c0
[ 60.823425][ T5820] R13: 00007ffec09d93c0 R14: 0000000000000003 R15: 000000000100000a
[ 60.831389][ T5820]
[ 60.834722][ T5820] Kernel Offset: disabled
[ 60.839154][ T5820] Rebooting in 86400 seconds..