./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2148524456 <...> DUID 00:04:76:8b:f6:84:a4:3b:36:39:6c:68:e7:10:38:dd:b7:2c forked to background, child pid 5499 [ 42.851146][ T5500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.861541][ T5500] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts. execve("./syz-executor2148524456", ["./syz-executor2148524456"], 0x7ffd6d2447b0 /* 10 vars */) = 0 brk(NULL) = 0x555594c54000 brk(0x555594c54d40) = 0x555594c54d40 arch_prctl(ARCH_SET_FS, 0x555594c543c0) = 0 set_tid_address(0x555594c54690) = 5830 set_robust_list(0x555594c546a0, 24) = 0 rseq(0x555594c54ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2148524456", 4096) = 28 getrandom("\x7c\x16\xcf\xa8\x12\xfd\x15\xe3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555594c54d40 brk(0x555594c75d40) = 0x555594c75d40 brk(0x555594c76000) = 0x555594c76000 mprotect(0x7fd2c846b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5831 attached [pid 5831] set_robust_list(0x555594c546a0, 24 [pid 5830] <... clone resumed>, child_tidptr=0x555594c54690) = 5831 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5831] setpgid(0, 0) = 0 [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5831] write(3, "1000", 4) = 4 [pid 5831] close(3) = 0 [pid 5831] write(1, "executing program\n", 18executing program ) = 18 [pid 5831] futex(0x7fd2c84716ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] rt_sigaction(SIGRT_1, {sa_handler=0x7fd2c84014b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd2c83f2b60}, NULL, 8) = 0 [pid 5831] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd2c8372000 [pid 5831] mprotect(0x7fd2c8373000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5831] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd2c8392990, parent_tid=0x7fd2c8392990, exit_signal=0, stack=0x7fd2c8372000, stack_size=0x20300, tls=0x7fd2c83926c0}./strace-static-x86_64: Process 5833 attached [pid 5833] rseq(0x7fd2c8392fe0, 0x20, 0, 0x53053053) = 0 [pid 5831] <... clone3 resumed> => {parent_tid=[5833]}, 88) = 5833 [pid 5833] set_robust_list(0x7fd2c83929a0, 24 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], [pid 5833] <... set_robust_list resumed>) = 0 [pid 5831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5831] futex(0x7fd2c84716a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5833] memfd_create("syzkaller", 0 [pid 5831] futex(0x7fd2c84716ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5833] <... memfd_create resumed>) = 3 [pid 5833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd2bfe00000 [pid 5833] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5833] munmap(0x7fd2bfe00000, 138412032) = 0 [pid 5833] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5833] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5833] close(3) = 0 [pid 5833] close(4) = 0 [pid 5833] mkdir("./file0", 0777) = 0 syzkaller login: [ 76.256314][ T5833] loop0: detected capacity change from 0 to 32768 [ 76.331955][ T5833] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid device 255,noshard_inode_numbers,noinodes_use_key_cache,journal_flush_delay=1001,nojournal_transaction_names [ 76.356491][ T5833] bcachefs (loop0): recovering from clean shutdown, journal seq 13 [ 76.364623][ T5833] bcachefs (loop0): Version upgrade required: [ 76.364623][ T5833] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete [ 76.364623][ T5833] Doing incompatible version upgrade from 0.19: freespace to 1.13: inode_has_child_snapshots [ 76.364623][ T5833] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 76.443156][ T5833] ================================================================== [ 76.451227][ T5833] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x1cc/0x460 [ 76.459145][ T5833] Read of size 40 at addr ffff888071260000 by task syz-executor214/5833 [ 76.467460][ T5833] [ 76.469804][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor214 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 [ 76.480897][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 76.490947][ T5833] Call Trace: [ 76.494228][ T5833] [ 76.497146][ T5833] dump_stack_lvl+0x241/0x360 [ 76.501824][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.507035][ T5833] ? __pfx__printk+0x10/0x10 [ 76.511882][ T5833] ? _printk+0xd5/0x120 [ 76.516072][ T5833] ? __virt_addr_valid+0x183/0x530 [ 76.521195][ T5833] ? __virt_addr_valid+0x183/0x530 [ 76.526314][ T5833] print_report+0x169/0x550 [ 76.530848][ T5833] ? __virt_addr_valid+0x183/0x530 [ 76.535956][ T5833] ? __virt_addr_valid+0x183/0x530 [ 76.541057][ T5833] ? __virt_addr_valid+0x45f/0x530 [ 76.546157][ T5833] ? __phys_addr+0xba/0x170 [ 76.550652][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 76.556206][ T5833] kasan_report+0x143/0x180 [ 76.560729][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 76.566272][ T5833] kasan_check_range+0x282/0x290 [ 76.571211][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 76.576751][ T5833] __asan_memcpy+0x29/0x70 [ 76.581170][ T5833] scatterwalk_copychunks+0x1cc/0x460 [ 76.586573][ T5833] skcipher_next_slow+0x39d/0x480 [ 76.591608][ T5833] skcipher_walk_next+0x634/0xba0 [ 76.596626][ T5833] chacha_simd_stream_xor+0x67f/0xd10 [ 76.601991][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 76.607182][ T5833] ? __pfx_chacha_simd_stream_xor+0x10/0x10 [ 76.613117][ T5833] ? validate_chain+0x11e/0x5920 [ 76.618050][ T5833] do_encrypt+0x992/0xd70 [ 76.622377][ T5833] ? __pfx_do_encrypt+0x10/0x10 [ 76.627228][ T5833] ? __pfx_lock_acquire+0x10/0x10 [ 76.632251][ T5833] ? is_bpf_text_address+0x26/0x2a0 [ 76.637470][ T5833] ? __pfx_lock_release+0x10/0x10 [ 76.642522][ T5833] ? unwind_next_frame+0x18e6/0x22d0 [ 76.647817][ T5833] ? preempt_count_add+0x93/0x190 [ 76.652842][ T5833] ? is_bpf_text_address+0x285/0x2a0 [ 76.658125][ T5833] ? is_bpf_text_address+0x26/0x2a0 [ 76.663321][ T5833] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 76.669483][ T5833] ? kernel_text_address+0xa7/0xe0 [ 76.674589][ T5833] ? __kernel_text_address+0xd/0x40 [ 76.679867][ T5833] ? unwind_get_return_address+0x4d/0x90 [ 76.685590][ T5833] ? arch_stack_walk+0xfd/0x150 [ 76.690438][ T5833] ? stack_trace_save+0x118/0x1d0 [ 76.695470][ T5833] ? __pfx_stack_trace_save+0x10/0x10 [ 76.700833][ T5833] ? stack_depot_save_flags+0x29/0x830 [ 76.706289][ T5833] ? kasan_save_track+0x51/0x80 [ 76.711131][ T5833] ? kasan_save_track+0x3f/0x80 [ 76.715976][ T5833] ? kasan_save_free_info+0x40/0x50 [ 76.721160][ T5833] ? __kasan_slab_free+0x59/0x70 [ 76.726093][ T5833] ? kfree+0x1a0/0x440 [ 76.730148][ T5833] ? bch2_printbuf_exit+0x6d/0xa0 [ 76.735164][ T5833] ? __btree_err+0x3cb/0x760 [ 76.739762][ T5833] ? bch2_btree_node_read_done+0x15e1/0x5e90 [ 76.745740][ T5833] ? btree_node_read_work+0x68b/0x1260 [ 76.751269][ T5833] ? bch2_btree_node_read+0x2433/0x2a10 [ 76.756802][ T5833] ? bch2_btree_root_read+0x617/0x7a0 [ 76.762156][ T5833] ? read_btree_roots+0x296/0x840 [ 76.767174][ T5833] ? bch2_fs_recovery+0x2585/0x39d0 [ 76.772385][ T5833] ? bch2_fs_start+0x356/0x5b0 [ 76.777141][ T5833] ? bch2_fs_get_tree+0xd68/0x1710 [ 76.782242][ T5833] ? vfs_get_tree+0x90/0x2b0 [ 76.786824][ T5833] ? do_new_mount+0x2be/0xb40 [ 76.791495][ T5833] ? __se_sys_mount+0x2d6/0x3c0 [ 76.796345][ T5833] ? do_syscall_64+0xf3/0x230 [ 76.801022][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.807095][ T5833] ? bch2_printbuf_exit+0x6d/0xa0 [ 76.812111][ T5833] ? __btree_err+0x3cb/0x760 [ 76.816693][ T5833] ? bch2_printbuf_make_room+0xdd/0x350 [ 76.822227][ T5833] ? __pfx___btree_err+0x10/0x10 [ 76.827162][ T5833] ? __pfx_bch2_csum_to_text+0x10/0x10 [ 76.832604][ T5833] ? bch2_encrypt+0x3d/0xa0 [ 76.837119][ T5833] bch2_btree_node_read_done+0x17b4/0x5e90 [ 76.842943][ T5833] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 76.849099][ T5833] ? bch2_bkey_pick_read_device+0x137d/0x1670 [ 76.855166][ T5833] ? bch2_bkey_pick_read_device+0x221/0x1670 [ 76.861154][ T5833] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 76.867405][ T5833] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0 [ 76.873210][ T5833] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10 [ 76.879382][ T5833] btree_node_read_work+0x68b/0x1260 [ 76.884671][ T5833] ? __pfx_btree_node_read_work+0x10/0x10 [ 76.890384][ T5833] ? __bch2_time_stats_update+0x280/0x370 [ 76.896114][ T5833] ? __pfx_bch2_latency_acct+0x10/0x10 [ 76.901595][ T5833] ? bio_associate_blkg+0x6c/0x230 [ 76.906716][ T5833] bch2_btree_node_read+0x2433/0x2a10 [ 76.912080][ T5833] ? __pfx_lock_release+0x10/0x10 [ 76.917104][ T5833] ? bch2_trans_unlock+0x346/0x470 [ 76.922231][ T5833] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 76.927952][ T5833] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 76.934462][ T5833] ? bch2_trans_unlock+0x3a6/0x470 [ 76.939570][ T5833] bch2_btree_root_read+0x617/0x7a0 [ 76.944763][ T5833] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 76.950502][ T5833] ? bch2_current_has_btree_trans+0x142/0x180 [ 76.956598][ T5833] read_btree_roots+0x296/0x840 [ 76.961463][ T5833] bch2_fs_recovery+0x2585/0x39d0 [ 76.966487][ T5833] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 76.971869][ T5833] ? __pfx_lock_release+0x10/0x10 [ 76.976891][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 76.982519][ T5833] ? __pfx_lock_release+0x10/0x10 [ 76.987558][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 76.993188][ T5833] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 76.998996][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 77.004629][ T5833] ? llist_reverse_order+0x72/0x90 [ 77.009741][ T5833] bch2_fs_start+0x356/0x5b0 [ 77.014343][ T5833] bch2_fs_get_tree+0xd68/0x1710 [ 77.019295][ T5833] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 77.024706][ T5833] ? smack_fs_context_parse_param+0xff/0x170 [ 77.030686][ T5833] ? generic_parse_monolithic+0x387/0x400 [ 77.036408][ T5833] ? cap_capable+0x1b4/0x250 [ 77.041002][ T5833] ? safesetid_security_capable+0xb2/0x1d0 [ 77.046813][ T5833] vfs_get_tree+0x90/0x2b0 [ 77.051241][ T5833] do_new_mount+0x2be/0xb40 [ 77.055746][ T5833] ? __pfx_do_new_mount+0x10/0x10 [ 77.060772][ T5833] __se_sys_mount+0x2d6/0x3c0 [ 77.065561][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 77.070767][ T5833] ? do_syscall_64+0x100/0x230 [ 77.075530][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 77.080301][ T5833] do_syscall_64+0xf3/0x230 [ 77.084831][ T5833] ? clear_bhb_loop+0x35/0x90 [ 77.089504][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.095401][ T5833] RIP: 0033:0x7fd2c83dc9ea [ 77.099817][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.119432][ T5833] RSP: 002b:00007fd2c8392088 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 77.127838][ T5833] RAX: ffffffffffffffda RBX: 00007fd2c83920a0 RCX: 00007fd2c83dc9ea [ 77.135798][ T5833] RDX: 000000002000f700 RSI: 000000002000f680 RDI: 00007fd2c83920a0 [ 77.143758][ T5833] RBP: 0000000000000004 R08: 00007fd2c83920e0 R09: 0037373737373737 [ 77.151730][ T5833] R10: 0000000000000012 R11: 0000000000000282 R12: 00007fd2c83920e0 [ 77.159697][ T5833] R13: 0000000000000012 R14: 0000000000000003 R15: 0000000001000000 [ 77.167671][ T5833] [ 77.170679][ T5833] [ 77.172989][ T5833] The buggy address belongs to the physical page: [ 77.179398][ T5833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71260 [ 77.188151][ T5833] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 77.195250][ T5833] page_type: f0(buddy) [ 77.199321][ T5833] raw: 00fff00000000000 ffffea0001c4b008 ffff88813fffc7a8 0000000000000000 [ 77.207929][ T5833] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 77.216502][ T5833] page dumped because: kasan: bad access detected [ 77.222910][ T5833] page_owner tracks the page as freed [ 77.228286][ T5833] page last allocated via order 5, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5833, tgid 5831 (syz-executor214), ts 76310183556, free_ts 76441926427 [ 77.250337][ T5833] post_alloc_hook+0x1f3/0x230 [ 77.255117][ T5833] get_page_from_freelist+0x3033/0x3180 [ 77.260655][ T5833] __alloc_pages_noprof+0x292/0x710 [ 77.265898][ T5833] ___kmalloc_large_node+0x8b/0x1d0 [ 77.271083][ T5833] __kmalloc_large_node_noprof+0x1a/0x80 [ 77.276700][ T5833] __kmalloc_node_noprof+0x2d2/0x440 [ 77.281980][ T5833] __kvmalloc_node_noprof+0x72/0x190 [ 77.287248][ T5833] btree_node_data_alloc+0xdb/0x260 [ 77.292431][ T5833] __bch2_btree_node_mem_alloc+0x1d8/0x3e0 [ 77.298228][ T5833] bch2_fs_btree_cache_init+0x26f/0x630 [ 77.303758][ T5833] bch2_fs_open+0x2aa4/0x2f80 [ 77.308425][ T5833] bch2_fs_get_tree+0x738/0x1710 [ 77.313363][ T5833] vfs_get_tree+0x90/0x2b0 [ 77.317770][ T5833] do_new_mount+0x2be/0xb40 [ 77.322259][ T5833] __se_sys_mount+0x2d6/0x3c0 [ 77.326927][ T5833] do_syscall_64+0xf3/0x230 [ 77.331434][ T5833] page last free pid 5833 tgid 5831 stack trace: [ 77.337746][ T5833] __free_pages_ok+0xa91/0xc70 [ 77.342493][ T5833] __folio_put+0x2c7/0x440 [ 77.346896][ T5833] free_large_kmalloc+0x105/0x1c0 [ 77.351904][ T5833] kfree+0x21c/0x440 [ 77.355786][ T5833] bch2_btree_node_read_done+0x3c8a/0x5e90 [ 77.361679][ T5833] btree_node_read_work+0x68b/0x1260 [ 77.367038][ T5833] bch2_btree_node_read+0x2433/0x2a10 [ 77.372395][ T5833] bch2_btree_root_read+0x617/0x7a0 [ 77.377575][ T5833] read_btree_roots+0x296/0x840 [ 77.382407][ T5833] bch2_fs_recovery+0x2585/0x39d0 [ 77.387420][ T5833] bch2_fs_start+0x356/0x5b0 [ 77.391997][ T5833] bch2_fs_get_tree+0xd68/0x1710 [ 77.396933][ T5833] vfs_get_tree+0x90/0x2b0 [ 77.401353][ T5833] do_new_mount+0x2be/0xb40 [ 77.405848][ T5833] __se_sys_mount+0x2d6/0x3c0 [ 77.410514][ T5833] do_syscall_64+0xf3/0x230 [ 77.415003][ T5833] [ 77.417315][ T5833] Memory state around the buggy address: [ 77.422929][ T5833] ffff88807125ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.431010][ T5833] ffff88807125ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.439049][ T5833] >ffff888071260000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.447087][ T5833] ^ [ 77.451138][ T5833] ffff888071260080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.459187][ T5833] ffff888071260100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.467229][ T5833] ================================================================== [ 77.475580][ T5833] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.482799][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor214 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0 [ 77.493908][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 77.503956][ T5833] Call Trace: [ 77.507226][ T5833] [ 77.510153][ T5833] dump_stack_lvl+0x241/0x360 [ 77.514837][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.520033][ T5833] ? __pfx__printk+0x10/0x10 [ 77.524624][ T5833] ? preempt_schedule+0xe1/0xf0 [ 77.529471][ T5833] ? vscnprintf+0x5d/0x90 [ 77.533811][ T5833] panic+0x349/0x880 [ 77.537714][ T5833] ? check_panic_on_warn+0x21/0xb0 [ 77.542843][ T5833] ? __pfx_panic+0x10/0x10 [ 77.547256][ T5833] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 77.553231][ T5833] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 77.559578][ T5833] ? print_report+0x502/0x550 [ 77.564264][ T5833] check_panic_on_warn+0x86/0xb0 [ 77.569198][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 77.574748][ T5833] end_report+0x77/0x160 [ 77.578996][ T5833] kasan_report+0x154/0x180 [ 77.583505][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 77.589056][ T5833] kasan_check_range+0x282/0x290 [ 77.594013][ T5833] ? scatterwalk_copychunks+0x1cc/0x460 [ 77.599562][ T5833] __asan_memcpy+0x29/0x70 [ 77.603988][ T5833] scatterwalk_copychunks+0x1cc/0x460 [ 77.609383][ T5833] skcipher_next_slow+0x39d/0x480 [ 77.614409][ T5833] skcipher_walk_next+0x634/0xba0 [ 77.619436][ T5833] chacha_simd_stream_xor+0x67f/0xd10 [ 77.624812][ T5833] ? __pfx_validate_chain+0x10/0x10 [ 77.630008][ T5833] ? __pfx_chacha_simd_stream_xor+0x10/0x10 [ 77.635920][ T5833] ? validate_chain+0x11e/0x5920 [ 77.640860][ T5833] do_encrypt+0x992/0xd70 [ 77.645189][ T5833] ? __pfx_do_encrypt+0x10/0x10 [ 77.650040][ T5833] ? __pfx_lock_acquire+0x10/0x10 [ 77.655073][ T5833] ? is_bpf_text_address+0x26/0x2a0 [ 77.660281][ T5833] ? __pfx_lock_release+0x10/0x10 [ 77.665326][ T5833] ? unwind_next_frame+0x18e6/0x22d0 [ 77.670647][ T5833] ? preempt_count_add+0x93/0x190 [ 77.675680][ T5833] ? is_bpf_text_address+0x285/0x2a0 [ 77.680966][ T5833] ? is_bpf_text_address+0x26/0x2a0 [ 77.686163][ T5833] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 77.692314][ T5833] ? kernel_text_address+0xa7/0xe0 [ 77.697432][ T5833] ? __kernel_text_address+0xd/0x40 [ 77.702622][ T5833] ? unwind_get_return_address+0x4d/0x90 [ 77.708257][ T5833] ? arch_stack_walk+0xfd/0x150 [ 77.713113][ T5833] ? stack_trace_save+0x118/0x1d0 [ 77.718139][ T5833] ? __pfx_stack_trace_save+0x10/0x10 [ 77.723508][ T5833] ? stack_depot_save_flags+0x29/0x830 [ 77.728965][ T5833] ? kasan_save_track+0x51/0x80 [ 77.733817][ T5833] ? kasan_save_track+0x3f/0x80 [ 77.738662][ T5833] ? kasan_save_free_info+0x40/0x50 [ 77.743854][ T5833] ? __kasan_slab_free+0x59/0x70 [ 77.748794][ T5833] ? kfree+0x1a0/0x440 [ 77.752859][ T5833] ? bch2_printbuf_exit+0x6d/0xa0 [ 77.757882][ T5833] ? __btree_err+0x3cb/0x760 [ 77.762482][ T5833] ? bch2_btree_node_read_done+0x15e1/0x5e90 [ 77.768477][ T5833] ? btree_node_read_work+0x68b/0x1260 [ 77.773939][ T5833] ? bch2_btree_node_read+0x2433/0x2a10 [ 77.779483][ T5833] ? bch2_btree_root_read+0x617/0x7a0 [ 77.784854][ T5833] ? read_btree_roots+0x296/0x840 [ 77.789874][ T5833] ? bch2_fs_recovery+0x2585/0x39d0 [ 77.795209][ T5833] ? bch2_fs_start+0x356/0x5b0 [ 77.799992][ T5833] ? bch2_fs_get_tree+0xd68/0x1710 [ 77.805114][ T5833] ? vfs_get_tree+0x90/0x2b0 [ 77.809796][ T5833] ? do_new_mount+0x2be/0xb40 [ 77.814487][ T5833] ? __se_sys_mount+0x2d6/0x3c0 [ 77.819365][ T5833] ? do_syscall_64+0xf3/0x230 [ 77.824057][ T5833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.830161][ T5833] ? bch2_printbuf_exit+0x6d/0xa0 [ 77.835201][ T5833] ? __btree_err+0x3cb/0x760 [ 77.840664][ T5833] ? bch2_printbuf_make_room+0xdd/0x350 [ 77.846217][ T5833] ? __pfx___btree_err+0x10/0x10 [ 77.851197][ T5833] ? __pfx_bch2_csum_to_text+0x10/0x10 [ 77.856659][ T5833] ? bch2_encrypt+0x3d/0xa0 [ 77.861179][ T5833] bch2_btree_node_read_done+0x17b4/0x5e90 [ 77.867036][ T5833] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 77.873219][ T5833] ? bch2_bkey_pick_read_device+0x137d/0x1670 [ 77.879304][ T5833] ? bch2_bkey_pick_read_device+0x221/0x1670 [ 77.885319][ T5833] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 77.891577][ T5833] ? bch2_btree_ptr_v2_to_text+0x209/0x2f0 [ 77.897392][ T5833] ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10 [ 77.903557][ T5833] btree_node_read_work+0x68b/0x1260 [ 77.908848][ T5833] ? __pfx_btree_node_read_work+0x10/0x10 [ 77.914588][ T5833] ? __bch2_time_stats_update+0x280/0x370 [ 77.920321][ T5833] ? __pfx_bch2_latency_acct+0x10/0x10 [ 77.925812][ T5833] ? bio_associate_blkg+0x6c/0x230 [ 77.930966][ T5833] bch2_btree_node_read+0x2433/0x2a10 [ 77.936345][ T5833] ? __pfx_lock_release+0x10/0x10 [ 77.941384][ T5833] ? bch2_trans_unlock+0x346/0x470 [ 77.946497][ T5833] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 77.952216][ T5833] ? __pfx___bch2_btree_node_hash_insert+0x10/0x10 [ 77.958819][ T5833] ? bch2_trans_unlock+0x3a6/0x470 [ 77.963939][ T5833] bch2_btree_root_read+0x617/0x7a0 [ 77.969147][ T5833] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 77.974875][ T5833] ? bch2_current_has_btree_trans+0x142/0x180 [ 77.980950][ T5833] read_btree_roots+0x296/0x840 [ 77.985802][ T5833] bch2_fs_recovery+0x2585/0x39d0 [ 77.990834][ T5833] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 77.996210][ T5833] ? __pfx_lock_release+0x10/0x10 [ 78.001241][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.006889][ T5833] ? __pfx_lock_release+0x10/0x10 [ 78.011928][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.017562][ T5833] ? bch2_get_next_online_dev+0x4b9/0x4f0 [ 78.023280][ T5833] ? bch2_get_next_online_dev+0x2b/0x4f0 [ 78.028914][ T5833] ? llist_reverse_order+0x72/0x90 [ 78.034029][ T5833] bch2_fs_start+0x356/0x5b0 [ 78.038638][ T5833] bch2_fs_get_tree+0xd68/0x1710 [ 78.043591][ T5833] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 78.048971][ T5833] ? smack_fs_context_parse_param+0xff/0x170 [ 78.054961][ T5833] ? generic_parse_monolithic+0x387/0x400 [ 78.060689][ T5833] ? cap_capable+0x1b4/0x250 [ 78.065281][ T5833] ? safesetid_security_capable+0xb2/0x1d0 [ 78.071097][ T5833] vfs_get_tree+0x90/0x2b0 [ 78.075530][ T5833] do_new_mount+0x2be/0xb40 [ 78.080049][ T5833] ? __pfx_do_new_mount+0x10/0x10 [ 78.085097][ T5833] __se_sys_mount+0x2d6/0x3c0 [ 78.089787][ T5833] ? __pfx___se_sys_mount+0x10/0x10 [ 78.095081][ T5833] ? do_syscall_64+0x100/0x230 [ 78.099853][ T5833] ? __x64_sys_mount+0x20/0xc0 [ 78.104627][ T5833] do_syscall_64+0xf3/0x230 [ 78.109131][ T5833] ? clear_bhb_loop+0x35/0x90 [ 78.113809][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.119719][ T5833] RIP: 0033:0x7fd2c83dc9ea [ 78.124138][ T5833] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 78.143740][ T5833] RSP: 002b:00007fd2c8392088 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 78.152153][ T5833] RAX: ffffffffffffffda RBX: 00007fd2c83920a0 RCX: 00007fd2c83dc9ea [ 78.160124][ T5833] RDX: 000000002000f700 RSI: 000000002000f680 RDI: 00007fd2c83920a0 [ 78.168097][ T5833] RBP: 0000000000000004 R08: 00007fd2c83920e0 R09: 0037373737373737 [ 78.176074][ T5833] R10: 0000000000000012 R11: 0000000000000282 R12: 00007fd2c83920e0 [ 78.184044][ T5833] R13: 0000000000000012 R14: 0000000000000003 R15: 0000000001000000 [ 78.192039][ T5833] [ 78.195400][ T5833] Kernel Offset: disabled [ 78.199721][ T5833] Rebooting in 86400 seconds..