Warning: Permanently added '[localhost]:9480' (ED25519) to the list of known hosts.
executing program
executing program
[ 73.131810][ T5313] loop0: detected capacity change from 0 to 32768
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.121558][ T5313] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[ 75.128918][ T5313] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 75.132455][ T5313] bcachefs (loop0): Version upgrade required:
[ 75.132455][ T5313] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[ 75.132455][ T5313] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[ 75.132455][ T5313] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
executing program
executing program
[ 75.178371][ T5313] bcachefs (loop0): accounting_read... done
[ 75.553750][ T5313] bcachefs (loop0): alloc_read... done
[ 75.556111][ T5313] bcachefs (loop0): stripes_read... done
[ 75.558585][ T5313] bcachefs (loop0): snapshots_read... done
[ 75.561166][ T5313] bcachefs (loop0): check_allocations... done
[ 75.580697][ T5313] bcachefs (loop0): going read-write
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.583520][ T5313] bcachefs (loop0): journal_replay... done
[ 77.894712][ T5313] bcachefs (loop0): check_alloc_info... done
[ 77.905261][ T5313] bcachefs (loop0): check_lrus... done
[ 78.288854][ T5313] bcachefs (loop0): check_btree_backpointers... done
[ 78.292352][ T5313] bcachefs (loop0): check_backpointers_to_extents... done
executing program
executing program
executing program
executing program
[ 78.667368][ T5313] bcachefs (loop0): check_extents_to_backpointers...
[ 78.669673][ T5313] missing backpointer for btree=inodes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[ 78.669698][ T5313] got: u64s 5 type deleted 0:9961472:0 len 0 ver 0
[ 78.669706][ T5313] want: u64s 9 type backpointer 0:9961472:0 len 0 ver 0: bucket=0:38:0 btree=inodes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.689104][ T5313] missing backpointer for btree=dirents l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[ 78.689121][ T5313] got: u64s 5 type deleted 0:10747904:0 len 0 ver 0
[ 78.689128][ T5313] want: u64s 9 type backpointer 0:10747904:0 len 0 ver 0: bucket=0:41:0 btree=dirents l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.704198][ T5313] missing backpointer for btree=alloc l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[ 78.704214][ T5313] got: u64s 5 type deleted 0:6815744:0 len 0 ver 0
[ 78.704221][ T5313] want: u64s 9 type backpointer 0:6815744:0 len 0 ver 0: bucket=0:26:0 btree=alloc l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.718583][ T5313] missing backpointer for btree=subvolumes l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0
[ 78.718599][ T5313] got: u64s 5 type deleted 0:9175040:0 len 0 ver 0
[ 78.718607][ T5313] want: u64s 9 type backpointer 0:9175040:0 len 0 ver 0: bucket=0:35:0 btree=subvolumes l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.732252][ T5313] missing backpointer for btree=snapshots l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 78.732268][ T5313] got: u64s 5 type deleted 0:8388608:0 len 0 ver 0
[ 78.732275][ T5313] want: u64s 9 type backpointer 0:8388608:0 len 0 ver 0: bucket=0:32:0 btree=snapshots l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.749770][ T5313] missing backpointer for btree=snapshots l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[ 78.749792][ T5313] got: u64s 5 type deleted 0:8388608:0 len 0 ver 0
[ 78.749799][ T5313] want: u64s 9 type backpointer 0:8388608:0 len 0 ver 0: bucket=0:32:0 btree=snapshots l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.764235][ T5313] missing backpointer for btree=freespace l=1 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 40 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0
[ 78.764251][ T5313] got: u64s 5 type deleted 0:7602176:0 len 0 ver 0
[ 78.764259][ T5313] want: u64s 9 type backpointer 0:7602176:0 len 0 ver 0: bucket=0:29:0 btree=freespace l=1 offset=0:0 len=256 pos=SPOS_MAX, fixing
[ 78.777542][ T5313] done
executing program
[ 79.003123][ T5313] bcachefs (loop0): check_alloc_to_lru_refs... done
[ 79.008510][ T5313] bcachefs (loop0): bucket_gens_init... done
[ 79.020423][ T5313] bcachefs (loop0): check_snapshot_trees... done
[ 79.023737][ T5313] bcachefs (loop0): check_snapshots...
[ 79.024075][ T5313] snapshot points to missing/incorrect tree:
[ 79.024086][ T5313] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing
[ 79.034105][ T5313] snapshot points to missing/incorrect tree:
[ 79.034116][ T5313] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing
[ 79.044744][ T5313] done
executing program
[ 79.055218][ T5313] bcachefs (loop0): check_subvols... done
[ 79.059301][ T5313] bcachefs (loop0): check_subvol_children... done
[ 79.062223][ T5313] bcachefs (loop0): delete_dead_snapshots... done
[ 79.065062][ T5313] bcachefs (loop0): check_inodes... done
[ 79.068226][ T5313] bcachefs (loop0): check_extents... done
[ 79.071310][ T5313] bcachefs (loop0): check_indirect_extents... done
[ 79.073909][ T5313] bcachefs (loop0): check_dirents... done
executing program
[ 79.436443][ T5313] bcachefs (loop0): check_xattrs... done
[ 79.441528][ T5313] bcachefs (loop0): check_root... done
[ 79.444150][ T5313] bcachefs (loop0): check_unreachable_inodes... done
[ 79.447131][ T5313] bcachefs (loop0): check_subvolume_structure... done
[ 79.453624][ T5313] bcachefs (loop0): check_directory_structure... done
[ 79.457091][ T5313] bcachefs (loop0): check_nlinks... done
[ 79.465396][ T5313] bcachefs (loop0): resume_logged_ops... done
[ 79.467776][ T5313] bcachefs (loop0): delete_dead_inodes... done
[ 79.470490][ T5313] bcachefs (loop0): set_fs_needs_rebalance... done
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 81.600036][ T5313] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean
[ 81.603499][ T5313] bcachefs (loop0): check_alloc_info... done
[ 81.609094][ T5313] bcachefs (loop0): check_lrus... done
[ 81.611225][ T5313] bcachefs (loop0): check_btree_backpointers... done
[ 81.613897][ T5313] bcachefs (loop0): check_backpointers_to_extents... done
[ 81.619252][ T5313] bcachefs (loop0): check_extents_to_backpointers... done
[ 81.622289][ T5313] bcachefs (loop0): check_alloc_to_lru_refs... done
[ 81.625318][ T5313] bcachefs (loop0): bucket_gens_init... done
[ 81.628502][ T5313] bcachefs (loop0): check_snapshot_trees... done
[ 81.630911][ T5313] bcachefs (loop0): check_snapshots... done
[ 81.633161][ T5313] bcachefs (loop0): check_subvols... done
[ 81.635300][ T5313] bcachefs (loop0): check_subvol_children... done
[ 81.637614][ T5313] bcachefs (loop0): delete_dead_snapshots... done
[ 81.639961][ T5313] bcachefs (loop0): check_inodes... done
[ 81.642265][ T5313] bcachefs (loop0): check_extents... done
[ 81.644646][ T5313] bcachefs (loop0): check_indirect_extents... done
[ 81.647022][ T5313] bcachefs (loop0): check_dirents... done
[ 81.649585][ T5313] bcachefs (loop0): check_xattrs... done
[ 81.652196][ T5313] bcachefs (loop0): check_root... done
[ 81.654570][ T5313] bcachefs (loop0): check_unreachable_inodes... done
[ 81.657322][ T5313] bcachefs (loop0): check_subvolume_structure... done
[ 81.659871][ T5313] bcachefs (loop0): check_directory_structure... done
[ 81.662495][ T5313] bcachefs (loop0): check_nlinks... done
[ 81.665135][ T5313] bcachefs (loop0): resume_logged_ops... done
[ 81.667905][ T5313] bcachefs (loop0): delete_dead_inodes... done
[ 81.670502][ T5313] bcachefs (loop0): set_fs_needs_rebalance... done
[ 81.674512][ T5313] bcachefs (loop0): bch2_copygc_start(): error creating copygc thread EINTR
[ 81.677629][ T5313] bcachefs (loop0): error starting copygc thread
[ 81.680038][ T5313] bcachefs (loop0): bch2_fs_start(): error starting filesystem EINTR
[ 81.683015][ T5313] bcachefs (loop0): shutting down
[ 81.685007][ T5313] bcachefs (loop0): going read-only
[ 81.706377][ T5313] bcachefs (loop0): finished waiting for writes to stop
[ 81.709478][ T5313] bcachefs (loop0): flushing journal and stopping allocators, journal seq 175
[ 81.715999][ T5313] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 178
[ 81.720718][ T5313] bcachefs (loop0): shutdown complete, journal seq 179
[ 81.724250][ T5313] bcachefs (loop0): marking filesystem clean
[ 81.738655][ T5313] bcachefs (loop0): shutdown complete
[ 81.748001][ T11] ==================================================================
[ 81.751155][ T11] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250
[ 81.753974][ T11] Read of size 8 at addr ffff88803beba0b0 by task kworker/u4:0/11
[ 81.757852][ T11]
[ 81.758802][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[ 81.762713][ T11] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 81.766683][ T11] Workqueue: loop0 loop_rootcg_workfn
[ 81.768394][ T11] Call Trace:
[ 81.769507][ T11]
[ 81.770513][ T11] dump_stack_lvl+0x241/0x360
[ 81.772579][ T11] ? __pfx_dump_stack_lvl+0x10/0x10
[ 81.774527][ T11] ? __pfx__printk+0x10/0x10
[ 81.776334][ T11] ? _printk+0xd5/0x120
[ 81.777961][ T11] ? __virt_addr_valid+0x183/0x530
[ 81.779749][ T11] ? __virt_addr_valid+0x183/0x530
[ 81.781478][ T11] print_report+0x169/0x550
[ 81.783219][ T11] ? __virt_addr_valid+0x183/0x530
[ 81.785155][ T11] ? __virt_addr_valid+0x183/0x530
[ 81.787055][ T11] ? __virt_addr_valid+0x45f/0x530
[ 81.788932][ T11] ? __phys_addr+0xba/0x170
[ 81.790581][ T11] ? percpu_ref_put+0xda/0x250
[ 81.792366][ T11] kasan_report+0x143/0x180
[ 81.794097][ T11] ? percpu_ref_put+0xda/0x250
[ 81.795943][ T11] ? percpu_ref_put+0x1f/0x250
[ 81.797778][ T11] percpu_ref_put+0xda/0x250
[ 81.799601][ T11] blk_update_request+0x5e5/0x1160
[ 81.801536][ T11] blk_mq_end_request+0x3e/0x70
[ 81.803388][ T11] loop_process_work+0x1c10/0x2170
[ 81.805281][ T11] ? __pfx_loop_process_work+0x10/0x10
[ 81.807330][ T11] ? register_lock_class+0x102/0x980
[ 81.809339][ T11] ? __pfx_register_lock_class+0x10/0x10
[ 81.811440][ T11] ? mark_lock+0x9a/0x360
[ 81.813100][ T11] ? debug_object_deactivate+0x2d5/0x390
[ 81.815151][ T11] ? __pfx_lock_acquire+0x10/0x10
[ 81.816903][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 81.819057][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 81.821374][ T11] ? process_scheduled_works+0x976/0x1850
[ 81.823338][ T11] process_scheduled_works+0xa63/0x1850
[ 81.825107][ T11] ? __pfx_process_scheduled_works+0x10/0x10
[ 81.827134][ T11] ? assign_work+0x364/0x3d0
[ 81.828676][ T11] worker_thread+0x870/0xd30
[ 81.830310][ T11] ? __kthread_parkme+0x169/0x1d0
[ 81.832124][ T11] ? __pfx_worker_thread+0x10/0x10
[ 81.833959][ T11] kthread+0x2f0/0x390
[ 81.835445][ T11] ? __pfx_worker_thread+0x10/0x10
[ 81.837411][ T11] ? __pfx_kthread+0x10/0x10
[ 81.839021][ T11] ret_from_fork+0x4b/0x80
[ 81.840538][ T11] ? __pfx_kthread+0x10/0x10
[ 81.842123][ T11] ret_from_fork_asm+0x1a/0x30
[ 81.843761][ T11]
[ 81.844821][ T11]
[ 81.845650][ T11] Allocated by task 5313:
[ 81.847158][ T11] kasan_save_track+0x3f/0x80
[ 81.848776][ T11] __kasan_kmalloc+0x98/0xb0
[ 81.850398][ T11] __kmalloc_cache_noprof+0x19c/0x2c0
[ 81.852215][ T11] __bch2_dev_alloc+0x57/0xa60
[ 81.853966][ T11] bch2_dev_alloc+0xd4/0x170
[ 81.855650][ T11] bch2_fs_open+0x2e3f/0x2f80
[ 81.857295][ T11] bch2_fs_get_tree+0x738/0x1710
[ 81.859057][ T11] vfs_get_tree+0x90/0x2b0
[ 81.860649][ T11] do_new_mount+0x2be/0xb40
[ 81.862258][ T11] __se_sys_mount+0x2d6/0x3c0
[ 81.863966][ T11] do_syscall_64+0xf3/0x230
[ 81.865646][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.867783][ T11]
[ 81.868664][ T11] Freed by task 5313:
[ 81.870218][ T11] kasan_save_track+0x3f/0x80
[ 81.872040][ T11] kasan_save_free_info+0x40/0x50
[ 81.873845][ T11] __kasan_slab_free+0x59/0x70
[ 81.875639][ T11] kfree+0x1a0/0x440
[ 81.877116][ T11] kobject_put+0x22f/0x480
[ 81.878809][ T11] bch2_fs_free+0x27b/0x3c0
[ 81.880598][ T11] bch2_fs_get_tree+0xd9f/0x1710
[ 81.882404][ T11] vfs_get_tree+0x90/0x2b0
[ 81.884069][ T11] do_new_mount+0x2be/0xb40
[ 81.885791][ T11] __se_sys_mount+0x2d6/0x3c0
[ 81.887488][ T11] do_syscall_64+0xf3/0x230
[ 81.889081][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.891266][ T11]
[ 81.892151][ T11] Last potentially related work creation:
[ 81.894337][ T11] kasan_save_stack+0x3f/0x60
[ 81.896291][ T11] __kasan_record_aux_stack+0xac/0xc0
[ 81.898541][ T11] insert_work+0x3e/0x330
[ 81.900388][ T11] __queue_work+0xc8b/0xf50
[ 81.902451][ T11] queue_work_on+0x1c2/0x380
[ 81.904571][ T11] bch2_dev_do_discards+0x17a/0x1f0
[ 81.906943][ T11] bch2_do_discards+0x29/0x60
[ 81.909073][ T11] journal_write_done+0x785/0xea0
[ 81.911176][ T11] process_scheduled_works+0xa63/0x1850
[ 81.913239][ T11] worker_thread+0x870/0xd30
[ 81.914930][ T11] kthread+0x2f0/0x390
[ 81.916448][ T11] ret_from_fork+0x4b/0x80
[ 81.918061][ T11] ret_from_fork_asm+0x1a/0x30
[ 81.919682][ T11]
[ 81.920548][ T11] Second to last potentially related work creation:
[ 81.922933][ T11] kasan_save_stack+0x3f/0x60
[ 81.924791][ T11] __kasan_record_aux_stack+0xac/0xc0
[ 81.926735][ T11] insert_work+0x3e/0x330
[ 81.928336][ T11] __queue_work+0xc8b/0xf50
[ 81.929935][ T11] queue_work_on+0x1c2/0x380
[ 81.931525][ T11] bch2_dev_do_discards+0x17a/0x1f0
[ 81.933446][ T11] bch2_do_discards+0x29/0x60
[ 81.935264][ T11] journal_write_done+0x785/0xea0
[ 81.937181][ T11] process_scheduled_works+0xa63/0x1850
[ 81.939257][ T11] worker_thread+0x870/0xd30
[ 81.940928][ T11] kthread+0x2f0/0x390
[ 81.942553][ T11] ret_from_fork+0x4b/0x80
[ 81.944175][ T11] ret_from_fork_asm+0x1a/0x30
[ 81.945940][ T11]
[ 81.946880][ T11] The buggy address belongs to the object at ffff88803beba000
[ 81.946880][ T11] which belongs to the cache kmalloc-4k of size 4096
[ 81.951465][ T11] The buggy address is located 176 bytes inside of
[ 81.951465][ T11] freed 4096-byte region [ffff88803beba000, ffff88803bebb000)
[ 81.956487][ T11]
[ 81.957383][ T11] The buggy address belongs to the physical page:
[ 81.959522][ T11] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3beb8
[ 81.962377][ T11] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 81.965373][ T11] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 81.968153][ T11] page_type: f5(slab)
[ 81.969612][ T11] raw: 04fff00000000040 ffff88801ac42140 0000000000000000 dead000000000001
[ 81.972383][ T11] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[ 81.975435][ T11] head: 04fff00000000040 ffff88801ac42140 0000000000000000 dead000000000001
[ 81.978197][ T11] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[ 81.981357][ T11] head: 04fff00000000003 ffffea0000efae01 ffffffffffffffff 0000000000000000
[ 81.984536][ T11] head: ffff888000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 81.987612][ T11] page dumped because: kasan: bad access detected
[ 81.989940][ T11] page_owner tracks the page as allocated
[ 81.991971][ T11] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5291, tgid 5291 (sshd), ts 60197290850, free_ts 59916572608
[ 81.999262][ T11] post_alloc_hook+0x1f3/0x230
[ 82.001049][ T11] get_page_from_freelist+0x3649/0x3790
[ 82.003169][ T11] __alloc_pages_noprof+0x292/0x710
[ 82.004887][ T11] alloc_pages_mpol_noprof+0x3e8/0x680
[ 82.006896][ T11] alloc_slab_page+0x6a/0x140
[ 82.008618][ T11] allocate_slab+0x5a/0x2f0
[ 82.010111][ T11] ___slab_alloc+0xcd1/0x14b0
[ 82.011810][ T11] __slab_alloc+0x58/0xa0
[ 82.013468][ T11] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 82.015451][ T11] tomoyo_init_log+0x1ca/0x2050
[ 82.017262][ T11] tomoyo_supervisor+0x38a/0x11f0
[ 82.019051][ T11] tomoyo_env_perm+0x178/0x210
[ 82.020878][ T11] tomoyo_find_next_domain+0x146e/0x1d40
[ 82.023030][ T11] tomoyo_bprm_check_security+0x114/0x180
[ 82.024970][ T11] security_bprm_check+0x86/0x250
[ 82.026761][ T11] bprm_execve+0xa56/0x1770
[ 82.028406][ T11] page last free pid 5288 tgid 5288 stack trace:
[ 82.030781][ T11] free_unref_page+0xdf9/0x1140
[ 82.032565][ T11] __slab_free+0x31b/0x3d0
[ 82.034216][ T11] qlist_free_all+0x9a/0x140
[ 82.035829][ T11] kasan_quarantine_reduce+0x14f/0x170
[ 82.037841][ T11] __kasan_slab_alloc+0x23/0x80
[ 82.039722][ T11] __kmalloc_noprof+0x1a6/0x400
[ 82.041578][ T11] tomoyo_realpath_from_path+0xcf/0x5e0
[ 82.043535][ T11] tomoyo_path_perm+0x2b7/0x740
[ 82.045133][ T11] security_inode_getattr+0x130/0x330
[ 82.047186][ T11] vfs_getattr+0x45/0x430
[ 82.048756][ T11] vfs_fstatat+0xe4/0x190
[ 82.050437][ T11] __x64_sys_newfstatat+0x11d/0x1a0
[ 82.052477][ T11] do_syscall_64+0xf3/0x230
[ 82.054167][ T11] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 82.056294][ T11]
[ 82.057252][ T11] Memory state around the buggy address:
[ 82.059353][ T11] ffff88803beb9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 82.062313][ T11] ffff88803beba000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.065133][ T11] >ffff88803beba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.068053][ T11] ^
[ 82.070051][ T11] ffff88803beba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.072813][ T11] ffff88803beba180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 82.075711][ T11] ==================================================================
[ 82.132268][ T11] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 82.134924][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.12.0-rc7-syzkaller-00216-gf66d6acccbc0 #0
[ 82.138856][ T11] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 82.142982][ T11] Workqueue: loop0 loop_rootcg_workfn
[ 82.144919][ T11] Call Trace:
[ 82.146179][ T11]
[ 82.147303][ T11] dump_stack_lvl+0x241/0x360
[ 82.149070][ T11] ? __pfx_dump_stack_lvl+0x10/0x10
[ 82.151074][ T11] ? __pfx__printk+0x10/0x10
[ 82.152873][ T11] ? preempt_schedule+0xe1/0xf0
[ 82.154741][ T11] ? vscnprintf+0x5d/0x90
[ 82.156287][ T11] panic+0x349/0x880
[ 82.157710][ T11] ? check_panic_on_warn+0x21/0xb0
[ 82.159626][ T11] ? __pfx_panic+0x10/0x10
[ 82.161377][ T11] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 82.163683][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 82.166081][ T11] ? print_report+0x502/0x550
[ 82.167792][ T11] check_panic_on_warn+0x86/0xb0
[ 82.169608][ T11] ? percpu_ref_put+0xda/0x250
[ 82.171427][ T11] end_report+0x77/0x160
[ 82.172889][ T11] kasan_report+0x154/0x180
[ 82.174518][ T11] ? percpu_ref_put+0xda/0x250
[ 82.176365][ T11] ? percpu_ref_put+0x1f/0x250
[ 82.178110][ T11] percpu_ref_put+0xda/0x250
[ 82.179830][ T11] blk_update_request+0x5e5/0x1160
[ 82.181734][ T11] blk_mq_end_request+0x3e/0x70
[ 82.183496][ T11] loop_process_work+0x1c10/0x2170
[ 82.185406][ T11] ? __pfx_loop_process_work+0x10/0x10
[ 82.187500][ T11] ? register_lock_class+0x102/0x980
[ 82.189298][ T11] ? __pfx_register_lock_class+0x10/0x10
[ 82.191393][ T11] ? mark_lock+0x9a/0x360
[ 82.192990][ T11] ? debug_object_deactivate+0x2d5/0x390
[ 82.195104][ T11] ? __pfx_lock_acquire+0x10/0x10
[ 82.196916][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 82.199103][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 82.201523][ T11] ? process_scheduled_works+0x976/0x1850
[ 82.203368][ T11] process_scheduled_works+0xa63/0x1850
[ 82.205189][ T11] ? __pfx_process_scheduled_works+0x10/0x10
[ 82.207181][ T11] ? assign_work+0x364/0x3d0
[ 82.208887][ T11] worker_thread+0x870/0xd30
[ 82.210646][ T11] ? __kthread_parkme+0x169/0x1d0
[ 82.212443][ T11] ? __pfx_worker_thread+0x10/0x10
[ 82.214324][ T11] kthread+0x2f0/0x390
[ 82.215867][ T11] ? __pfx_worker_thread+0x10/0x10
[ 82.217777][ T11] ? __pfx_kthread+0x10/0x10
[ 82.219516][ T11] ret_from_fork+0x4b/0x80
[ 82.221087][ T11] ? __pfx_kthread+0x10/0x10
[ 82.222841][ T11] ret_from_fork_asm+0x1a/0x30
[ 82.224621][ T11]
[ 82.226082][ T11] Kernel Offset: disabled
[ 82.227606][ T11] Rebooting in 86400 seconds..
VM DIAGNOSIS:
06:49:52 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000020 RBX=ffffffff9a71cee0 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc900003d6df0
R8 =ffffffff854b4b4b R9 =1ffff1100666f046 R10=dffffc0000000000 R11=ffffffff854b4b00
R12=dffffc0000000000 R13=ffffffff9a417f06 R14=0000000000000020 R15=00000000000003f8
RIP=ffffffff854b4b7e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88801fc00000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f04e0faddc3 CR3=0000000043c44000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fec0ffc0 Opmask01=0000000000000009 Opmask02=000000000000ffdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b5f5455504e495f 4449006b636f6c62
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc7a018a70 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 00ff000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 003d4d4554535953 425553003d485441 505645440073253a 73252b0069256e00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00184d4554535953 4255530018485441 505645440056001f 56000e004c004b00
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000006c7463 2d30736665686361 63622f7366656863 6163622f6c617574
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000550033373837 0000000000000021 0000000000007374
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2648383a3a26483b 3a0a00307f617930 3a2433273f397b27 697a787c69303b7e
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4c3d3a3a26333d3a 3a263c3d3a3a263f 3d3a3a263e3d3a3a 26383d3a3a263a3d
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000