Comment # 7 on bug 1192714 from
Another one, with more info:

[ 1562.396848]
==================================================================
[ 1562.401006] BUG: KASAN: use-after-free in
__bfq_deactivate_entity+0x72b/0xa50
[ 1562.403329] Read of size 8 at addr ffff8880218f60c0 by task swapper/0/0

[ 1562.407362] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G            E    
5.15.2-0.g5fb85fd-default #1 openSUSE Tumbleweed (unreleased)
f1f3b891c72369aebecd2e43e4641a6358867c70
[ 1562.412042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.14.0-0-g155821a-rebuilt.opensuse.org 04/01/2014
[ 1562.416385] Call Trace:
[ 1562.418285]  <IRQ>
[ 1562.420087]  dump_stack_lvl+0x46/0x5a
[ 1562.422053]  print_address_description.constprop.0+0x1f/0x140
[ 1562.424227]  ? __bfq_deactivate_entity+0x72b/0xa50
[ 1562.426309]  kasan_report.cold+0x7f/0x11b
[ 1562.428310]  ? update_curr+0x2b0/0x5d0
[ 1562.430273]  ? __bfq_deactivate_entity+0x72b/0xa50
[ 1562.432335]  __bfq_deactivate_entity+0x72b/0xa50
[ 1562.434377]  bfq_deactivate_entity+0xa0/0x1d0
[ 1562.436402]  bfq_del_bfqq_busy+0x28a/0x420
[ 1562.438366]  ? bfq_requeue_bfqq+0x70/0x70
[ 1562.440295]  ? update_curr+0x32f/0x5d0
[ 1562.442179]  __bfq_bfqq_expire+0x1a2/0x270
[ 1562.444061]  bfq_bfqq_expire+0xd16/0x2160
[ 1562.445896]  ? enqueue_entity+0x466/0x2520
[ 1562.447704]  ? bfq_end_wr_async_queues+0xe0/0xe0
[ 1562.449543]  ? _raw_write_unlock_bh+0x60/0x60
[ 1562.451317]  bfq_idle_slice_timer+0x109/0x280
[ 1562.453066]  ? bfq_dispatch_request+0x4870/0x4870
[ 1562.454811]  __hrtimer_run_queues+0x37d/0x700
[ 1562.456498]  ? enqueue_hrtimer+0x1b0/0x1b0
[ 1562.458121]  ? kvm_clock_get_cycles+0xd/0x10
[ 1562.459962]  ? ktime_get_update_offsets_now+0x6f/0x280
[ 1562.461690]  hrtimer_interrupt+0x2c8/0x740
[ 1562.463313]  __sysvec_apic_timer_interrupt+0xcd/0x260
[ 1562.465044]  sysvec_apic_timer_interrupt+0x6a/0x90
[ 1562.466712]  </IRQ>
[ 1562.468103]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1562.469783] RIP: 0010:native_safe_halt+0xb/0x10
[ 1562.471397] Code: ff ff ff 4c 89 e7 e8 34 e2 91 fe e9 f0 fe ff ff 48 89 ef
e8 27 e2 91 fe eb a3 cc cc cc cc cc eb 07 0f 00 2d 27 37 52 00 fb f4 <c3> 0f 1f
40 00 eb 07 0f 00 2d 17 37 52 00 f4 c3 cc cc cc cc cc 0f
[ 1562.475550] RSP: 0018:ffffffffb7e07e40 EFLAGS: 00000202
[ 1562.477283] RAX: ffffffffb6b5ded0 RBX: ffffffffb7e24780 RCX:
ffffffffb6b36fb6
[ 1562.479197] RDX: 0000000000000000 RSI: 0000000000000004 RDI:
0000000000024b46
[ 1562.481117] RBP: 0000000000000000 R08: 0000000000000001 R09:
ffff8880218388a3
[ 1562.483018] R10: ffffed1004307114 R11: 0000000000000001 R12:
0000000000000000
[ 1562.484915] R13: ffffffffb874e6a0 R14: 0000000000000000 R15:
dffffc0000000000
[ 1562.486801]  ? __cpuidle_text_start+0x8/0x8
[ 1562.488371]  ? rcu_eqs_enter.constprop.0+0x86/0xb0
[ 1562.489967]  default_idle+0xa/0x10
[ 1562.491412]  default_idle_call+0x71/0x1f0
[ 1562.492896]  do_idle+0x3e7/0x570
[ 1562.494287]  ? arch_cpu_idle_exit+0x40/0x40
[ 1562.495749]  cpu_startup_entry+0x19/0x20
[ 1562.497160]  start_kernel+0x3bb/0x3d9
[ 1562.498503]  secondary_startup_64_no_verify+0xc2/0xcb

[ 1562.501055] Allocated by task 463:
[ 1562.502353]  kasan_save_stack+0x1b/0x40
[ 1562.502359]  __kasan_kmalloc+0xa4/0xd0
[ 1562.502362]  bfq_pd_alloc+0xa8/0x170
[ 1562.502365]  blkg_alloc+0x397/0x540
[ 1562.502369]  blkg_create+0x66b/0xcd0
[ 1562.502372]  bio_associate_blkg_from_css+0x43c/0xb20
[ 1562.502375]  bio_associate_blkg+0x66/0x100
[ 1562.502378]  btrfs_map_bio+0x53e/0x10d0 [btrfs]
[ 1562.502447]  btrfs_submit_metadata_bio+0x209/0x410 [btrfs]
[ 1562.502489]  submit_one_bio+0x14f/0x1c0 [btrfs]
[ 1562.502536]  read_extent_buffer_pages+0x557/0xfb0 [btrfs]
[ 1562.502585]  btree_read_extent_buffer_pages+0x166/0x240 [btrfs]
[ 1562.502629]  read_tree_block+0x39/0x60 [btrfs]
[ 1562.502670]  read_block_for_search+0x420/0x710 [btrfs]
[ 1562.502710]  btrfs_search_slot+0x74f/0x1fe0 [btrfs]
[ 1562.502752]  btrfs_lookup_csum+0x108/0x350 [btrfs]
[ 1562.502797]  btrfs_lookup_bio_sums+0x71b/0x13a0 [btrfs]
[ 1562.502838]  btrfs_submit_data_bio+0x30f/0x7b0 [btrfs]
[ 1562.502880]  submit_one_bio+0x108/0x1c0 [btrfs]
[ 1562.502926]  extent_readahead+0x7fb/0xac0 [btrfs]
[ 1562.502975]  read_pages+0x1bf/0xb00
[ 1562.502979]  page_cache_ra_unbounded+0x329/0x720
[ 1562.502982]  filemap_fault+0xf35/0x1c70
[ 1562.502984]  __do_fault+0xf8/0x390
[ 1562.502988]  __handle_mm_fault+0x1a26/0x3020
[ 1562.502990]  handle_mm_fault+0x196/0x610
[ 1562.502992]  do_user_addr_fault+0x323/0xd60
[ 1562.502995]  exc_page_fault+0x5b/0xc0
[ 1562.502997]  asm_exc_page_fault+0x1e/0x30

[ 1562.504110] Freed by task 6904:
[ 1562.505366]  kasan_save_stack+0x1b/0x40
[ 1562.505370]  kasan_set_track+0x1c/0x30
[ 1562.505373]  kasan_set_free_info+0x20/0x30
[ 1562.505376]  __kasan_slab_free+0x10b/0x140
[ 1562.505379]  slab_free_freelist_hook+0x8e/0x180
[ 1562.505382]  kfree+0xc7/0x400
[ 1562.505385]  blkg_free.part.0+0x78/0xf0
[ 1562.505387]  rcu_do_batch+0x365/0x1280
[ 1562.505391]  rcu_core+0x493/0x8d0
[ 1562.505394]  __do_softirq+0x18e/0x544

[ 1562.506477] Last potentially related work creation:
[ 1562.507892]  kasan_save_stack+0x1b/0x40
[ 1562.507904]  kasan_record_aux_stack+0xbe/0xd0
[ 1562.507907]  call_rcu+0xe0/0x14e0
[ 1562.507909]  netlink_release+0x7ce/0x1140
[ 1562.507912]  __sock_release+0xc5/0x270
[ 1562.507916]  sock_close+0x11/0x20
[ 1562.507919]  __fput+0x1ec/0x8b0
[ 1562.507922]  task_work_run+0xd3/0x160
[ 1562.507926]  exit_to_user_mode_prepare+0x224/0x230
[ 1562.507930]  syscall_exit_to_user_mode+0x18/0x40
[ 1562.507932]  do_syscall_64+0x69/0x80
[ 1562.507936]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[ 1562.509029] Second to last potentially related work creation:
[ 1562.510539]  kasan_save_stack+0x1b/0x40
[ 1562.510544]  kasan_record_aux_stack+0xbe/0xd0
[ 1562.510546]  call_rcu+0xe0/0x14e0
[ 1562.510549]  netlink_release+0x7ce/0x1140
[ 1562.510551]  __sock_release+0xc5/0x270
[ 1562.510554]  sock_close+0x11/0x20
[ 1562.510556]  __fput+0x1ec/0x8b0
[ 1562.510559]  task_work_run+0xd3/0x160
[ 1562.510562]  exit_to_user_mode_prepare+0x224/0x230
[ 1562.510564]  syscall_exit_to_user_mode+0x18/0x40
[ 1562.510567]  do_syscall_64+0x69/0x80
[ 1562.510570]  entry_SYSCALL_64_after_hwframe+0x44/0xae

[ 1562.511666] The buggy address belongs to the object at ffff8880218f6000
                which belongs to the cache kmalloc-2k of size 2048
[ 1562.514812] The buggy address is located 192 bytes inside of
                2048-byte region [ffff8880218f6000, ffff8880218f6800)
[ 1562.517930] The buggy address belongs to the page:
[ 1562.519403] page:00000000d524ba6f refcount:1 mapcount:0
mapping:0000000000000000 index:0x0 pfn:0x218f0
[ 1562.519408] head:00000000d524ba6f order:3 compound_mapcount:0
compound_pincount:0
[ 1562.519410] flags:
0xfffffc0010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
[ 1562.519416] raw: 000fffffc0010200 0000000000000000 0000000100000001
ffff888001042000
[ 1562.519421] raw: 0000000000000000 0000000000080008 00000001ffffffff
0000000000000000
[ 1562.519423] page dumped because: kasan: bad access detected

[ 1562.520576] Memory state around the buggy address:
[ 1562.522053]  ffff8880218f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ 1562.523785]  ffff8880218f6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1562.525529] >ffff8880218f6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1562.527247]                                            ^
[ 1562.528790]  ffff8880218f6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1562.530535]  ffff8880218f6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 1562.532267]
==================================================================
[ 1562.534011] Disabling lock debugging due to kernel taint


You are receiving this mail because: