./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2867696332
<...>
Warning: Permanently added '10.128.0.13' (ED25519) to the list of known hosts.
execve("./syz-executor2867696332", ["./syz-executor2867696332"], 0x7ffde97a34b0 /* 10 vars */) = 0
brk(NULL) = 0x555567ef7000
brk(0x555567ef7d00) = 0x555567ef7d00
arch_prctl(ARCH_SET_FS, 0x555567ef7380) = 0
set_tid_address(0x555567ef7650) = 5838
set_robust_list(0x555567ef7660, 24) = 0
rseq(0x555567ef7ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2867696332", 4096) = 28
getrandom("\xe2\xa4\x5d\x26\x55\xd8\x9b\xfd", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555567ef7d00
brk(0x555567f18d00) = 0x555567f18d00
brk(0x555567f19000) = 0x555567f19000
mprotect(0x7f2b807aa000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached
, child_tidptr=0x555567ef7650) = 5839
[pid 5839] set_robust_list(0x555567ef7660, 24) = 0
[pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5839] setpgid(0, 0) = 0
[pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5839] write(3, "1000", 4) = 4
[pid 5839] close(3) = 0
[pid 5839] write(1, "executing program\n", 18executing program
) = 18
[pid 5839] memfd_create("syzkaller", 0) = 3
[pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2b78200000
[pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5839] munmap(0x7f2b78200000, 138412032) = 0
[pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5839] close(3) = 0
[pid 5839] close(4) = 0
[pid 5839] mkdir("./file1", 0777) = 0
[ 86.364444][ T5839] loop0: detected capacity change from 0 to 32768
[ 86.444883][ T5839] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,noexcl,read_only,nocow
[ 86.444883][ T5839] allowing incompatible features above 0.0: (unknown version)
[ 86.444883][ T5839] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 86.487312][ T5839] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 86.496672][ T5839] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 86.509839][ T5839] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=blacklist in superblock: invalid journal seq blacklist entry: bad size, fixing
[ 86.526295][ T5839] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none
[ 86.526311][ T5839] has non ptr field, deleting
[ 86.556077][ T5839] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 86.564088][ T5839] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 86.564088][ T5839] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 86.564088][ T5839] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 86.612427][ T5839] bcachefs (loop0): accounting_read... done
[ 86.619328][ T5839] bcachefs (loop0): alloc_read... done
[ 86.625176][ T5839] bcachefs (loop0): snapshots_read... done
[ 86.631566][ T5839] bcachefs (loop0): check_allocations...
[ 86.634180][ T5839] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[ 86.634201][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 86.665920][ T5839] bcachefs (loop0): bucket 0:26 gen 0 different types of data in same bucket: journal, btree
[ 86.665934][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 86.693860][ T5839] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 86.693875][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 86.718722][ T5839] bcachefs (loop0): bucket 0:38 gen 0 different types of data in same bucket: journal, btree
[ 86.718735][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 86.745496][ T5839] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 86.745510][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 86.770461][ T5839] bcachefs (loop0): bucket 0:41 gen 0 different types of data in same bucket: journal, btree
[ 86.770479][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 86.798195][ T5839] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree
[ 86.798214][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 86.824066][ T5839] bcachefs (loop0): bucket 0:35 gen 0 different types of data in same bucket: journal, btree
[ 86.824084][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 86.851725][ T5839] bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: journal, btree
[ 86.851746][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[ 86.879255][ T5839] bcachefs (loop0): bucket 0:28 gen 0 different types of data in same bucket: journal, btree
[ 86.879276][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing
[ 86.906931][ T5839] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 86.906952][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 86.932489][ T5839] bcachefs (loop0): bucket 0:29 gen 0 different types of data in same bucket: journal, btree
[ 86.932510][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 86.960258][ T5839] bcachefs (loop0): bucket 0:37 gen 0 different types of data in same bucket: journal, btree
[ 86.960278][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing
[ 86.988358][ T5839] bcachefs (loop0): bucket 0:42 gen 0 different types of data in same bucket: journal, btree
[ 86.988378][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[ 87.015173][ T5839] bcachefs (loop0): bucket 0:0 gen 0 data type sb has wrong cached_sectors: got 458752, should be 0, fixing
[ 87.027870][ T5839] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.038465][ T5839] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.050561][ T5839] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.060642][ T5839] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.072259][ T5839] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.082343][ T5839] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.093833][ T5839] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.103849][ T5839] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.115329][ T5839] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.125355][ T5839] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.136829][ T5839] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.147385][ T5839] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.158870][ T5839] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.168862][ T5839] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.180227][ T5839] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 87.190195][ T5839] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 87.201358][ T5839] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing
[ 87.211798][ T5839] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.223584][ T5839] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing
[ 87.234070][ T5839] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.245999][ T5839] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing
[ 87.246010][ T5839] Ratelimiting new instances of previous error
[ 87.263489][ T5839] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 87.263508][ T5839] Ratelimiting new instances of previous error
[ 87.294481][ T5839] done
[ 87.297709][ T5839] bcachefs (loop0): going read-write
[ 87.322776][ T5839] bcachefs (loop0): journal_replay...
[ 87.326268][ T1153] bcachefs (loop0): u64s 13 type alloc_v4 0:25:0 len 0 ver 0:
[ 87.326289][ T1153] gen 0 oldest_gen 0 data_type journal
[ 87.326296][ T1153] journal_seq_nonempty 0
[ 87.326302][ T1153] journal_seq_empty 0
[ 87.326307][ T1153] need_discard 0
[ 87.326313][ T1153] need_inc_gen 0
[ 87.326319][ T1153] dirty_sectors 256
[ 87.326325][ T1153] stripe_sectors 0
[ 87.326330][ T1153] cached_sectors 0
[ 87.326336][ T1153] stripe 0
[ 87.326342][ T1153] stripe_redundancy 0
[ 87.326350][ T1153] io_time[READ] 0
[ 87.326356][ T1153] io_time[WRITE] 0
[ 87.326362][ T1153] fragmentation 0
[ 87.326368][ T1153] bp_start 8
[ 87.326376][ T1153]
[ 87.326381][ T1153] incorrectly set at freespace:0:25:0 (free 0, genbits 0 should be 0), fixing
[ 87.418865][ T1153] bcachefs (loop0): u64s 13 type alloc_v4 0:30:0 len 0 ver 0:
[ 87.418878][ T1153] gen 0 oldest_gen 0 data_type journal
[ 87.418884][ T1153] journal_seq_nonempty 0
[ 87.418890][ T1153] journal_seq_empty 0
[ 87.418896][ T1153] need_discard 0
[ 87.418901][ T1153] need_inc_gen 0
[ 87.418907][ T1153] dirty_sectors 256
[ 87.418913][ T1153] stripe_sectors 0
[ 87.418919][ T1153] cached_sectors 0
[ 87.418924][ T1153] stripe 0
[ 87.418930][ T1153] stripe_redundancy 0
[ 87.418936][ T1153] io_time[READ] 0
[ 87.418941][ T1153] io_time[WRITE] 0
[ 87.418947][ T1153] fragmentation 0
[ 87.418952][ T1153] bp_start 8
[ 87.418958][ T1153]
[ 87.418963][ T1153] incorrectly set at freespace:0:30:0 (free 0, genbits 0 should be 0), fixing
[ 87.503676][ T1153] ==================================================================
[ 87.511730][ T1153] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 87.520314][ T1153] Read of size 8 at addr ffff88802fe9fd20 by task kworker/u8:5/1153
[ 87.528280][ T1153]
[ 87.530596][ T1153] CPU: 0 UID: 0 PID: 1153 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-next-20250611-syzkaller #0 PREEMPT(full)
[ 87.530611][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 87.530619][ T1153] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[ 87.530634][ T1153] Call Trace:
[ 87.530639][ T1153]
[ 87.530645][ T1153] dump_stack_lvl+0x189/0x250
[ 87.530657][ T1153] ? __virt_addr_valid+0x1c8/0x5c0
[ 87.530667][ T1153] ? rcu_is_watching+0x15/0xb0
[ 87.530677][ T1153] ? __kasan_check_byte+0x12/0x40
[ 87.530688][ T1153] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.530698][ T1153] ? rcu_is_watching+0x15/0xb0
[ 87.530707][ T1153] ? lock_release+0x4b/0x3e0
[ 87.530722][ T1153] ? __virt_addr_valid+0x1c8/0x5c0
[ 87.530732][ T1153] ? __virt_addr_valid+0x4a5/0x5c0
[ 87.530743][ T1153] print_report+0xd2/0x2b0
[ 87.530757][ T1153] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 87.530771][ T1153] kasan_report+0x118/0x150
[ 87.530783][ T1153] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 87.530799][ T1153] bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 87.530818][ T1153] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 87.530835][ T1153] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[ 87.530858][ T1153] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 87.530873][ T1153] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 87.530889][ T1153] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 87.530905][ T1153] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 87.530919][ T1153] ? __open_bucket_add_buckets+0x783/0x1e40
[ 87.530936][ T1153] __open_bucket_add_buckets+0x1437/0x1e40
[ 87.530958][ T1153] open_bucket_add_buckets+0x2ee/0x440
[ 87.530975][ T1153] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 87.530991][ T1153] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 87.531021][ T1153] bch2_btree_reserve_get+0x618/0x1510
[ 87.531038][ T1153] ? __pfx_bch2_btree_reserve_get+0x10/0x10
[ 87.531050][ T1153] ? bch2_is_superblock_bucket+0x300/0x3e0
[ 87.531065][ T1153] ? bch2_btree_update_start+0xadb/0x1dc0
[ 87.531081][ T1153] bch2_btree_update_start+0x147e/0x1dc0
[ 87.531096][ T1153] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 87.531115][ T1153] ? bch2_btree_node_rewrite+0x17e/0x1120
[ 87.531132][ T1153] ? __pfx_bch2_btree_update_start+0x10/0x10
[ 87.531150][ T1153] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 87.531166][ T1153] ? async_btree_node_rewrite_work+0x1e1/0x840
[ 87.531177][ T1153] ? bch2_btree_iter_peek_node+0x566/0xbc0
[ 87.531187][ T1153] ? bch2_btree_iter_verify+0x1d/0x360
[ 87.531199][ T1153] bch2_btree_node_rewrite+0x17e/0x1120
[ 87.531218][ T1153] async_btree_node_rewrite_work+0x370/0x840
[ 87.531228][ T1153] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.531244][ T1153] ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[ 87.531262][ T1153] ? async_btree_node_rewrite_work+0x1d2/0x840
[ 87.531272][ T1153] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.531284][ T1153] ? process_scheduled_works+0x9ef/0x17b0
[ 87.531299][ T1153] ? process_scheduled_works+0x9ef/0x17b0
[ 87.531314][ T1153] process_scheduled_works+0xade/0x17b0
[ 87.531336][ T1153] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.531355][ T1153] worker_thread+0x8a0/0xda0
[ 87.531365][ T1153] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.531379][ T1153] ? __kthread_parkme+0x7b/0x200
[ 87.531392][ T1153] kthread+0x711/0x8a0
[ 87.531404][ T1153] ? __pfx_worker_thread+0x10/0x10
[ 87.531413][ T1153] ? __pfx_kthread+0x10/0x10
[ 87.531425][ T1153] ? _raw_spin_unlock_irq+0x23/0x50
[ 87.531436][ T1153] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.531448][ T1153] ? __pfx_kthread+0x10/0x10
[ 87.531460][ T1153] ret_from_fork+0x3f9/0x770
[ 87.531475][ T1153] ? __pfx_ret_from_fork+0x10/0x10
[ 87.531490][ T1153] ? __switch_to_asm+0x39/0x70
[ 87.531501][ T1153] ? __switch_to_asm+0x33/0x70
[ 87.531511][ T1153] ? __pfx_kthread+0x10/0x10
[ 87.531523][ T1153] ret_from_fork_asm+0x1a/0x30
[ 87.531537][ T1153]
[ 87.531541][ T1153]
[ 87.907048][ T1153] Allocated by task 1153:
[ 87.911389][ T1153] kasan_save_track+0x3e/0x80
[ 87.916080][ T1153] __kasan_kmalloc+0x93/0xb0
[ 87.920686][ T1153] __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 87.927122][ T1153] krealloc_noprof+0x124/0x340
[ 87.931897][ T1153] __bch2_trans_kmalloc+0x26c/0xc80
[ 87.937098][ T1153] bch2_alloc_sectors_start_trans+0x1d59/0x1e80
[ 87.943339][ T1153] bch2_btree_reserve_get+0x618/0x1510
[ 87.948800][ T1153] bch2_btree_update_start+0x147e/0x1dc0
[ 87.954438][ T1153] bch2_btree_node_rewrite+0x17e/0x1120
[ 87.959985][ T1153] async_btree_node_rewrite_work+0x370/0x840
[ 87.965987][ T1153] process_scheduled_works+0xade/0x17b0
[ 87.971548][ T1153] worker_thread+0x8a0/0xda0
[ 87.976153][ T1153] kthread+0x711/0x8a0
[ 87.980221][ T1153] ret_from_fork+0x3f9/0x770
[ 87.984825][ T1153] ret_from_fork_asm+0x1a/0x30
[ 87.989594][ T1153]
[ 87.991916][ T1153] Freed by task 1153:
[ 87.995895][ T1153] kasan_save_track+0x3e/0x80
[ 88.000581][ T1153] kasan_save_free_info+0x46/0x50
[ 88.005613][ T1153] __kasan_slab_free+0x62/0x70
[ 88.010399][ T1153] kfree+0x18e/0x440
[ 88.014309][ T1153] krealloc_noprof+0x1cd/0x340
[ 88.019080][ T1153] __bch2_trans_kmalloc+0x26c/0xc80
[ 88.024288][ T1153] __bch2_trans_subbuf_alloc+0x2da/0x460
[ 88.029923][ T1153] bch2_trans_log_str+0xd5/0x3c0
[ 88.034876][ T1153] __bch2_fsck_err+0xc11/0xfb0
[ 88.039673][ T1153] bch2_check_discard_freespace_key+0x71b/0xce0
[ 88.045930][ T1153] bch2_bucket_alloc_trans+0x1333/0x2410
[ 88.051576][ T1153] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 88.057390][ T1153] __open_bucket_add_buckets+0x1437/0x1e40
[ 88.063208][ T1153] open_bucket_add_buckets+0x2ee/0x440
[ 88.068671][ T1153] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 88.074828][ T1153] bch2_btree_reserve_get+0x618/0x1510
[ 88.080286][ T1153] bch2_btree_update_start+0x147e/0x1dc0
[ 88.085925][ T1153] bch2_btree_node_rewrite+0x17e/0x1120
[ 88.091477][ T1153] async_btree_node_rewrite_work+0x370/0x840
[ 88.097454][ T1153] process_scheduled_works+0xade/0x17b0
[ 88.103001][ T1153] worker_thread+0x8a0/0xda0
[ 88.107584][ T1153] kthread+0x711/0x8a0
[ 88.111650][ T1153] ret_from_fork+0x3f9/0x770
[ 88.116240][ T1153] ret_from_fork_asm+0x1a/0x30
[ 88.121180][ T1153]
[ 88.123504][ T1153] The buggy address belongs to the object at ffff88802fe9fc00
[ 88.123504][ T1153] which belongs to the cache kmalloc-512 of size 512
[ 88.137554][ T1153] The buggy address is located 288 bytes inside of
[ 88.137554][ T1153] freed 512-byte region [ffff88802fe9fc00, ffff88802fe9fe00)
[ 88.151345][ T1153]
[ 88.153666][ T1153] The buggy address belongs to the physical page:
[ 88.160069][ T1153] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fe9c
[ 88.168826][ T1153] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 88.177319][ T1153] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 88.185291][ T1153] page_type: f5(slab)
[ 88.189270][ T1153] raw: 00fff00000000040 ffff88801a441c80 0000000000000000 dead000000000001
[ 88.197847][ T1153] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 88.206430][ T1153] head: 00fff00000000040 ffff88801a441c80 0000000000000000 dead000000000001
[ 88.215095][ T1153] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 88.223762][ T1153] head: 00fff00000000002 ffffea0000bfa701 00000000ffffffff 00000000ffffffff
[ 88.232426][ T1153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 88.241089][ T1153] page dumped because: kasan: bad access detected
[ 88.247496][ T1153] page_owner tracks the page as allocated
[ 88.253203][ T1153] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5210, tgid 5210 (udevd), ts 52772311742, free_ts 47887520110
[ 88.273953][ T1153] post_alloc_hook+0x240/0x2a0
[ 88.278716][ T1153] get_page_from_freelist+0x21e4/0x22c0
[ 88.284260][ T1153] __alloc_frozen_pages_noprof+0x181/0x370
[ 88.290065][ T1153] alloc_pages_mpol+0x232/0x4a0
[ 88.294917][ T1153] allocate_slab+0x8a/0x3b0
[ 88.299419][ T1153] ___slab_alloc+0xbfc/0x1480
[ 88.304096][ T1153] __kmalloc_cache_noprof+0x296/0x3d0
[ 88.309470][ T1153] kernfs_fop_open+0x397/0xca0
[ 88.314239][ T1153] do_dentry_open+0xdf3/0x1970
[ 88.319000][ T1153] vfs_open+0x3b/0x340
[ 88.323068][ T1153] path_openat+0x2ee5/0x3830
[ 88.327667][ T1153] do_filp_open+0x1fa/0x410
[ 88.332175][ T1153] do_sys_openat2+0x121/0x1c0
[ 88.336852][ T1153] __x64_sys_openat+0x138/0x170
[ 88.341724][ T1153] do_syscall_64+0xfa/0x3b0
[ 88.346227][ T1153] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.352116][ T1153] page last free pid 5220 tgid 5220 stack trace:
[ 88.358443][ T1153] __free_frozen_pages+0xc71/0xe70
[ 88.363552][ T1153] __slab_free+0x326/0x400
[ 88.367969][ T1153] qlist_free_all+0x97/0x140
[ 88.372560][ T1153] kasan_quarantine_reduce+0x148/0x160
[ 88.378023][ T1153] __kasan_slab_alloc+0x22/0x80
[ 88.382953][ T1153] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 88.388415][ T1153] getname_flags+0xb8/0x540
[ 88.392915][ T1153] do_sys_openat2+0xbc/0x1c0
[ 88.397506][ T1153] __x64_sys_openat+0x138/0x170
[ 88.402358][ T1153] do_syscall_64+0xfa/0x3b0
[ 88.406864][ T1153] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.412760][ T1153]
[ 88.415080][ T1153] Memory state around the buggy address:
[ 88.420706][ T1153] ffff88802fe9fc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.428762][ T1153] ffff88802fe9fc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.436816][ T1153] >ffff88802fe9fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.444869][ T1153] ^
[ 88.449982][ T1153] ffff88802fe9fd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 88.458042][ T1153] ffff88802fe9fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 88.466100][ T1153] ==================================================================
[ 88.477480][ T1153] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 88.484709][ T1153] CPU: 1 UID: 0 PID: 1153 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-next-20250611-syzkaller #0 PREEMPT(full)
[ 88.496363][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 88.506428][ T1153] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[ 88.513896][ T1153] Call Trace:
[ 88.517165][ T1153]
[ 88.520089][ T1153] dump_stack_lvl+0x99/0x250
[ 88.524668][ T1153] ? __asan_memcpy+0x40/0x70
[ 88.529248][ T1153] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.534434][ T1153] ? __pfx__printk+0x10/0x10
[ 88.539032][ T1153] panic+0x2db/0x790
[ 88.542923][ T1153] ? __pfx_panic+0x10/0x10
[ 88.547338][ T1153] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 88.553222][ T1153] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 88.559536][ T1153] ? print_memory_metadata+0x314/0x400
[ 88.565007][ T1153] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 88.570806][ T1153] check_panic_on_warn+0x89/0xb0
[ 88.575736][ T1153] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 88.581535][ T1153] end_report+0x78/0x160
[ 88.585768][ T1153] kasan_report+0x129/0x150
[ 88.590261][ T1153] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 88.596059][ T1153] bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 88.601690][ T1153] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 88.607403][ T1153] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[ 88.613393][ T1153] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 88.619116][ T1153] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 88.625088][ T1153] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 88.630891][ T1153] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 88.636863][ T1153] ? __open_bucket_add_buckets+0x783/0x1e40
[ 88.642755][ T1153] __open_bucket_add_buckets+0x1437/0x1e40
[ 88.648571][ T1153] open_bucket_add_buckets+0x2ee/0x440
[ 88.654022][ T1153] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 88.660167][ T1153] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 88.665821][ T1153] bch2_btree_reserve_get+0x618/0x1510
[ 88.671290][ T1153] ? __pfx_bch2_btree_reserve_get+0x10/0x10
[ 88.677176][ T1153] ? bch2_is_superblock_bucket+0x300/0x3e0
[ 88.682977][ T1153] ? bch2_btree_update_start+0xadb/0x1dc0
[ 88.688687][ T1153] bch2_btree_update_start+0x147e/0x1dc0
[ 88.694309][ T1153] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 88.700458][ T1153] ? bch2_btree_node_rewrite+0x17e/0x1120
[ 88.706178][ T1153] ? __pfx_bch2_btree_update_start+0x10/0x10
[ 88.712156][ T1153] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 88.718302][ T1153] ? async_btree_node_rewrite_work+0x1e1/0x840
[ 88.724444][ T1153] ? bch2_btree_iter_peek_node+0x566/0xbc0
[ 88.730269][ T1153] ? bch2_btree_iter_verify+0x1d/0x360
[ 88.735803][ T1153] bch2_btree_node_rewrite+0x17e/0x1120
[ 88.741348][ T1153] async_btree_node_rewrite_work+0x370/0x840
[ 88.747315][ T1153] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.752514][ T1153] ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[ 88.759023][ T1153] ? async_btree_node_rewrite_work+0x1d2/0x840
[ 88.765165][ T1153] ? _raw_spin_unlock_irq+0x23/0x50
[ 88.770371][ T1153] ? process_scheduled_works+0x9ef/0x17b0
[ 88.776086][ T1153] ? process_scheduled_works+0x9ef/0x17b0
[ 88.781799][ T1153] process_scheduled_works+0xade/0x17b0
[ 88.787360][ T1153] ? __pfx_process_scheduled_works+0x10/0x10
[ 88.793336][ T1153] worker_thread+0x8a0/0xda0
[ 88.797913][ T1153] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 88.804240][ T1153] ? __kthread_parkme+0x7b/0x200
[ 88.809187][ T1153] kthread+0x711/0x8a0
[ 88.813270][ T1153] ? __pfx_worker_thread+0x10/0x10
[ 88.818384][ T1153] ? __pfx_kthread+0x10/0x10
[ 88.822976][ T1153] ? _raw_spin_unlock_irq+0x23/0x50
[ 88.828194][ T1153] ? lockdep_hardirqs_on+0x9c/0x150
[ 88.833387][ T1153] ? __pfx_kthread+0x10/0x10
[ 88.837970][ T1153] ret_from_fork+0x3f9/0x770
[ 88.842556][ T1153] ? __pfx_ret_from_fork+0x10/0x10
[ 88.847677][ T1153] ? __switch_to_asm+0x39/0x70
[ 88.852429][ T1153] ? __switch_to_asm+0x33/0x70
[ 88.857179][ T1153] ? __pfx_kthread+0x10/0x10
[ 88.861759][ T1153] ret_from_fork_asm+0x1a/0x30
[ 88.866525][ T1153]
[ 88.869687][ T1153] Kernel Offset: disabled
[ 88.874000][ T1153] Rebooting in 86400 seconds..