Warning: Permanently added '[localhost]:64415' (ED25519) to the list of known hosts.
2024/11/09 07:26:15 ignoring optional flag "sandboxArg"="0"
2024/11/09 07:26:16 parsed 1 programs
[  105.071471][ T5579] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  110.090491][ T5636] chnl_net:caif_netlink_parms(): no params data found
[  110.126258][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.129089][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.131844][ T5636] bridge_slave_0: entered allmulticast mode
[  110.134956][ T5636] bridge_slave_0: entered promiscuous mode
[  110.140648][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.146092][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.148885][ T5636] bridge_slave_1: entered allmulticast mode
[  110.151904][ T5636] bridge_slave_1: entered promiscuous mode
[  110.168248][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.173378][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.190002][ T5636] team0: Port device team_slave_0 added
[  110.193808][ T5636] team0: Port device team_slave_1 added
[  110.207348][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.210116][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.220910][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.226768][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.229572][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.240480][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.260207][ T5636] hsr_slave_0: entered promiscuous mode
[  110.262797][ T5636] hsr_slave_1: entered promiscuous mode
[  110.763753][ T5636] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.778455][ T5636] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.788001][ T5636] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.807117][ T5636] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.893367][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.919123][ T5636] 8021q: adding VLAN 0 to HW filter on device team0
[  110.943158][ T1026] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.946085][ T1026] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.957222][ T1026] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.959977][ T1026] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.009240][ T5636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  111.198233][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.249830][ T5636] veth0_vlan: entered promiscuous mode
[  111.255710][ T5636] veth1_vlan: entered promiscuous mode
[  111.307716][ T5636] veth0_macvtap: entered promiscuous mode
[  111.312618][ T5636] veth1_macvtap: entered promiscuous mode
[  111.340351][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.344993][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.361632][ T5636] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.365032][ T5636] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.387359][ T5636] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.390944][ T5636] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.620145][ T1026] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.687835][ T1026] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.737854][ T1026] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.803750][ T1026] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.861633][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.864921][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.906370][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.909414][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  112.249214][   T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.253341][   T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.259128][   T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.262491][   T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.266273][   T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  112.270117][   T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/11/09 07:26:28 executed programs: 0
[  112.967534][ T4670] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.972073][ T4670] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.975206][ T4670] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.980601][ T4670] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.984595][ T4670] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  112.987854][ T4670] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.234012][ T5724] chnl_net:caif_netlink_parms(): no params data found
[  113.324026][ T5724] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.336294][ T5724] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.339171][ T5724] bridge_slave_0: entered allmulticast mode
[  113.348547][ T5724] bridge_slave_0: entered promiscuous mode
[  113.357778][ T5724] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.360671][ T5724] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.363438][ T5724] bridge_slave_1: entered allmulticast mode
[  113.387404][ T5724] bridge_slave_1: entered promiscuous mode
[  113.413866][ T5724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.439149][ T5724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.469334][ T5724] team0: Port device team_slave_0 added
[  113.487613][ T5724] team0: Port device team_slave_1 added
[  113.522887][ T5724] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.525660][ T5724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.559361][ T5724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.575212][ T5724] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.586374][ T5724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.617189][ T5724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.658126][ T5724] hsr_slave_0: entered promiscuous mode
[  113.661119][ T5724] hsr_slave_1: entered promiscuous mode
[  113.677971][ T5724] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.681447][ T5724] Cannot create hsr debugfs directory
[  114.140882][ T1026] bridge_slave_1: left allmulticast mode
[  114.142988][ T1026] bridge_slave_1: left promiscuous mode
[  114.145270][ T1026] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.165529][ T1026] bridge_slave_0: left allmulticast mode
[  114.178142][ T1026] bridge_slave_0: left promiscuous mode
[  114.180536][ T1026] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.564849][ T1026] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  114.569571][ T1026] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  114.574197][ T1026] bond0 (unregistering): Released all slaves
[  114.669925][ T1026] hsr_slave_0: left promiscuous mode
[  114.677343][ T1026] hsr_slave_1: left promiscuous mode
[  114.681311][ T1026] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  114.684175][ T1026] batman_adv: batadv0: Removing interface: batadv_slave_0
[  114.699124][ T1026] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  114.702113][ T1026] batman_adv: batadv0: Removing interface: batadv_slave_1
[  114.722669][ T1026] veth1_macvtap: left promiscuous mode
[  114.724732][ T1026] veth0_macvtap: left promiscuous mode
[  114.733867][ T1026] veth1_vlan: left promiscuous mode
[  114.745846][ T1026] veth0_vlan: left promiscuous mode
[  115.057227][ T4670] Bluetooth: hci0: command tx timeout
[  115.277872][ T1026] team0 (unregistering): Port device team_slave_1 removed
[  115.317903][ T1026] team0 (unregistering): Port device team_slave_0 removed
[  115.748147][ T5724] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  115.763818][ T5724] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  115.783359][ T5724] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  115.799376][ T5724] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  116.091548][ T5724] 8021q: adding VLAN 0 to HW filter on device bond0
[  116.171191][ T5724] 8021q: adding VLAN 0 to HW filter on device team0
[  116.200332][ T3069] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.202945][ T3069] bridge0: port 1(bridge_slave_0) entered forwarding state
[  116.238838][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.241542][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  116.579990][ T5724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.630264][ T5724] veth0_vlan: entered promiscuous mode
[  116.648754][ T5724] veth1_vlan: entered promiscuous mode
[  116.681715][ T5724] veth0_macvtap: entered promiscuous mode
[  116.685561][ T5724] veth1_macvtap: entered promiscuous mode
[  116.711165][ T5724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.729421][ T5724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.733882][ T5724] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.745875][ T5724] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.749217][ T5724] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.752581][ T5724] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.868317][ T1026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.871844][ T1026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.907339][ T1026] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.910442][ T1026] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.137566][ T4670] Bluetooth: hci0: command tx timeout
[  117.369756][ T5813] loop0: detected capacity change from 0 to 32768
[  117.507013][ T5813] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid device 255,noshard_inode_numbers,noinodes_use_key_cache,journal_flush_delay=1001,nojournal_transaction_names
[  117.527445][ T5813] bcachefs (loop0): recovering from clean shutdown, journal seq 13
[  117.531254][ T5813] bcachefs (loop0): Version upgrade required:
[  117.531254][ T5813] Version upgrade from 0.19: freespace to 1.7: mi_btree_bitmap incomplete
[  117.531254][ T5813] Doing incompatible version upgrade from 0.19: freespace to 1.13: inode_has_child_snapshots
[  117.531254][ T5813]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  117.579426][ T5813] ==================================================================
[  117.582515][ T5813] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x1cc/0x460
[  117.585525][ T5813] Read of size 40 at addr ffff888049a40000 by task syz.0.15/5813
[  117.589744][ T5813] 
[  117.590644][ T5813] CPU: 0 UID: 0 PID: 5813 Comm: syz.0.15 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
[  117.594567][ T5813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  117.598234][ T5813] Call Trace:
[  117.599361][ T5813]  <TASK>
[  117.600424][ T5813]  dump_stack_lvl+0x241/0x360
[  117.602162][ T5813]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.603958][ T5813]  ? __pfx__printk+0x10/0x10
[  117.605605][ T5813]  ? _printk+0xd5/0x120
[  117.607063][ T5813]  ? __virt_addr_valid+0x183/0x530
[  117.608870][ T5813]  ? __virt_addr_valid+0x183/0x530
[  117.610728][ T5813]  print_report+0x169/0x550
[  117.612435][ T5813]  ? __virt_addr_valid+0x183/0x530
[  117.614351][ T5813]  ? __virt_addr_valid+0x183/0x530
[  117.616231][ T5813]  ? __virt_addr_valid+0x45f/0x530
[  117.618259][ T5813]  ? __phys_addr+0xba/0x170
[  117.620093][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  117.622256][ T5813]  kasan_report+0x143/0x180
[  117.623978][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  117.626033][ T5813]  kasan_check_range+0x282/0x290
[  117.627913][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  117.630018][ T5813]  __asan_memcpy+0x29/0x70
[  117.631691][ T5813]  scatterwalk_copychunks+0x1cc/0x460
[  117.633768][ T5813]  skcipher_next_slow+0x39d/0x480
[  117.635683][ T5813]  skcipher_walk_next+0x634/0xba0
[  117.637620][ T5813]  chacha_simd_stream_xor+0x67f/0xd10
[  117.639653][ T5813]  ? __pfx_validate_chain+0x10/0x10
[  117.641678][ T5813]  ? __pfx_chacha_simd_stream_xor+0x10/0x10
[  117.643922][ T5813]  ? validate_chain+0x11e/0x5920
[  117.645793][ T5813]  do_encrypt+0x992/0xd70
[  117.647415][ T5813]  ? __pfx_do_encrypt+0x10/0x10
[  117.649268][ T5813]  ? __pfx_lock_acquire+0x10/0x10
[  117.651195][ T5813]  ? is_bpf_text_address+0x26/0x2a0
[  117.653184][ T5813]  ? __pfx_lock_release+0x10/0x10
[  117.655034][ T5813]  ? unwind_next_frame+0x18e6/0x22d0
[  117.657005][ T5813]  ? preempt_count_add+0x93/0x190
[  117.658872][ T5813]  ? is_bpf_text_address+0x285/0x2a0
[  117.661019][ T5813]  ? is_bpf_text_address+0x26/0x2a0
[  117.662991][ T5813]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  117.665324][ T5813]  ? kernel_text_address+0xa7/0xe0
[  117.667355][ T5813]  ? __kernel_text_address+0xd/0x40
[  117.669392][ T5813]  ? unwind_get_return_address+0x4d/0x90
[  117.671665][ T5813]  ? arch_stack_walk+0xfd/0x150
[  117.673535][ T5813]  ? stack_trace_save+0x118/0x1d0
[  117.675519][ T5813]  ? __pfx_stack_trace_save+0x10/0x10
[  117.677574][ T5813]  ? stack_depot_save_flags+0x29/0x830
[  117.679702][ T5813]  ? kasan_save_track+0x51/0x80
[  117.681611][ T5813]  ? kasan_save_track+0x3f/0x80
[  117.683596][ T5813]  ? kasan_save_free_info+0x40/0x50
[  117.685547][ T5813]  ? __kasan_slab_free+0x59/0x70
[  117.687460][ T5813]  ? kfree+0x1a0/0x440
[  117.689060][ T5813]  ? bch2_printbuf_exit+0x6d/0xa0
[  117.690988][ T5813]  ? __btree_err+0x3cb/0x760
[  117.692711][ T5813]  ? bch2_btree_node_read_done+0x15e1/0x5e90
[  117.694980][ T5813]  ? btree_node_read_work+0x68b/0x1260
[  117.697082][ T5813]  ? bch2_btree_node_read+0x2433/0x2a10
[  117.699176][ T5813]  ? bch2_btree_root_read+0x617/0x7a0
[  117.701224][ T5813]  ? read_btree_roots+0x296/0x840
[  117.703140][ T5813]  ? bch2_fs_recovery+0x2585/0x39d0
[  117.705126][ T5813]  ? bch2_fs_start+0x356/0x5b0
[  117.706940][ T5813]  ? bch2_fs_get_tree+0xd68/0x1710
[  117.708861][ T5813]  ? vfs_get_tree+0x90/0x2b0
[  117.710613][ T5813]  ? do_new_mount+0x2be/0xb40
[  117.712366][ T5813]  ? __se_sys_mount+0x2d6/0x3c0
[  117.714231][ T5813]  ? do_syscall_64+0xf3/0x230
[  117.716014][ T5813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.718317][ T5813]  ? bch2_printbuf_exit+0x6d/0xa0
[  117.720203][ T5813]  ? __btree_err+0x3cb/0x760
[  117.722011][ T5813]  ? bch2_printbuf_make_room+0xdd/0x350
[  117.724158][ T5813]  ? __pfx___btree_err+0x10/0x10
[  117.726025][ T5813]  ? __pfx_bch2_csum_to_text+0x10/0x10
[  117.728081][ T5813]  ? bch2_encrypt+0x3d/0xa0
[  117.730024][ T5813]  bch2_btree_node_read_done+0x17b4/0x5e90
[  117.732164][ T5813]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  117.734426][ T5813]  ? bch2_bkey_pick_read_device+0x137d/0x1670
[  117.736785][ T5813]  ? bch2_bkey_pick_read_device+0x221/0x1670
[  117.739071][ T5813]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  117.741380][ T5813]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  117.743611][ T5813]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  117.746012][ T5813]  btree_node_read_work+0x68b/0x1260
[  117.748080][ T5813]  ? __pfx_btree_node_read_work+0x10/0x10
[  117.750368][ T5813]  ? __bch2_time_stats_update+0x250/0x370
[  117.752664][ T5813]  ? __pfx_bch2_latency_acct+0x10/0x10
[  117.754740][ T5813]  ? bio_associate_blkg+0x6c/0x230
[  117.756667][ T5813]  bch2_btree_node_read+0x2433/0x2a10
[  117.758669][ T5813]  ? __pfx_lock_release+0x10/0x10
[  117.760629][ T5813]  ? bch2_trans_unlock+0x346/0x470
[  117.762626][ T5813]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  117.764777][ T5813]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  117.767312][ T5813]  ? bch2_trans_unlock+0x3a6/0x470
[  117.769222][ T5813]  bch2_btree_root_read+0x617/0x7a0
[  117.771238][ T5813]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  117.773459][ T5813]  ? bch2_current_has_btree_trans+0x142/0x180
[  117.775811][ T5813]  read_btree_roots+0x296/0x840
[  117.777757][ T5813]  bch2_fs_recovery+0x2585/0x39d0
[  117.779687][ T5813]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  117.781807][ T5813]  ? __pfx_lock_release+0x10/0x10
[  117.783668][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  117.785822][ T5813]  ? __pfx_lock_release+0x10/0x10
[  117.787671][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  117.789809][ T5813]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  117.791910][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  117.794018][ T5813]  ? llist_reverse_order+0x72/0x90
[  117.795912][ T5813]  bch2_fs_start+0x356/0x5b0
[  117.797606][ T5813]  bch2_fs_get_tree+0xd68/0x1710
[  117.799519][ T5813]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  117.801573][ T5813]  ? generic_parse_monolithic+0x387/0x400
[  117.803671][ T5813]  ? apparmor_capable+0x13b/0x1b0
[  117.805616][ T5813]  vfs_get_tree+0x90/0x2b0
[  117.807284][ T5813]  do_new_mount+0x2be/0xb40
[  117.809019][ T5813]  ? __pfx_do_new_mount+0x10/0x10
[  117.810944][ T5813]  __se_sys_mount+0x2d6/0x3c0
[  117.812665][ T5813]  ? __pfx___se_sys_mount+0x10/0x10
[  117.814602][ T5813]  ? exc_page_fault+0x590/0x8c0
[  117.816540][ T5813]  ? __x64_sys_mount+0x20/0xc0
[  117.818426][ T5813]  do_syscall_64+0xf3/0x230
[  117.820155][ T5813]  ? clear_bhb_loop+0x35/0x90
[  117.821960][ T5813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.823887][ T5813] RIP: 0033:0x7f6b0337feba
[  117.825564][ T5813] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.832725][ T5813] RSP: 002b:00007f6b041f5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  117.835860][ T5813] RAX: ffffffffffffffda RBX: 00007f6b041f5ef0 RCX: 00007f6b0337feba
[  117.838750][ T5813] RDX: 000000002000f700 RSI: 000000002000f680 RDI: 00007f6b041f5eb0
[  117.841745][ T5813] RBP: 000000002000f700 R08: 00007f6b041f5ef0 R09: 0000000000000012
[  117.844704][ T5813] R10: 0000000000000012 R11: 0000000000000246 R12: 000000002000f680
[  117.847695][ T5813] R13: 00007f6b041f5eb0 R14: 000000000000f60d R15: 0000000020000000
[  117.850685][ T5813]  </TASK>
[  117.851863][ T5813] 
[  117.852784][ T5813] The buggy address belongs to the physical page:
[  117.855131][ T5813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f416228f pfn:0x49a40
[  117.858580][ T5813] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  117.861275][ T5813] page_type: f0(buddy)
[  117.862876][ T5813] raw: 04fff00000000000 ffff88805ffd7090 ffff88805ffd7090 0000000000000000
[  117.866572][ T5813] raw: 00000007f416228f 0000000000000006 00000000f0000000 0000000000000000
[  117.869858][ T5813] page dumped because: kasan: bad access detected
[  117.872424][ T5813] page_owner tracks the page as freed
[  117.874525][ T5813] page last allocated via order 5, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5813, tgid 5812 (syz.0.15), ts 117407725795, free_ts 117578423295
[  117.882511][ T5813]  post_alloc_hook+0x1f3/0x230
[  117.884267][ T5813]  get_page_from_freelist+0x303f/0x3190
[  117.886306][ T5813]  __alloc_pages_noprof+0x292/0x710
[  117.888209][ T5813]  ___kmalloc_large_node+0x8b/0x1d0
[  117.890191][ T5813]  __kmalloc_large_node_noprof+0x1a/0x80
[  117.892378][ T5813]  __kmalloc_node_noprof+0x2d2/0x440
[  117.894371][ T5813]  __kvmalloc_node_noprof+0x72/0x190
[  117.896428][ T5813]  btree_node_data_alloc+0xdb/0x260
[  117.898427][ T5813]  __bch2_btree_node_mem_alloc+0x1d8/0x3e0
[  117.900695][ T5813]  bch2_fs_btree_cache_init+0x26f/0x630
[  117.902847][ T5813]  bch2_fs_open+0x2aa4/0x2f80
[  117.904673][ T5813]  bch2_fs_get_tree+0x738/0x1710
[  117.906540][ T5813]  vfs_get_tree+0x90/0x2b0
[  117.908265][ T5813]  do_new_mount+0x2be/0xb40
[  117.910056][ T5813]  __se_sys_mount+0x2d6/0x3c0
[  117.911859][ T5813]  do_syscall_64+0xf3/0x230
[  117.913653][ T5813] page last free pid 5813 tgid 5812 stack trace:
[  117.916061][ T5813]  __free_pages_ok+0xa9c/0xc80
[  117.917985][ T5813]  __folio_put+0x2c7/0x440
[  117.919702][ T5813]  free_large_kmalloc+0x105/0x1c0
[  117.921700][ T5813]  kfree+0x21c/0x440
[  117.923241][ T5813]  bch2_btree_node_read_done+0x3c8a/0x5e90
[  117.925527][ T5813]  btree_node_read_work+0x68b/0x1260
[  117.927558][ T5813]  bch2_btree_node_read+0x2433/0x2a10
[  117.929806][ T5813]  bch2_btree_root_read+0x617/0x7a0
[  117.931826][ T5813]  read_btree_roots+0x296/0x840
[  117.933777][ T5813]  bch2_fs_recovery+0x2585/0x39d0
[  117.935763][ T5813]  bch2_fs_start+0x356/0x5b0
[  117.937605][ T5813]  bch2_fs_get_tree+0xd68/0x1710
[  117.939539][ T5813]  vfs_get_tree+0x90/0x2b0
[  117.941335][ T5813]  do_new_mount+0x2be/0xb40
[  117.943107][ T5813]  __se_sys_mount+0x2d6/0x3c0
[  117.944931][ T5813]  do_syscall_64+0xf3/0x230
[  117.946625][ T5813] 
[  117.947501][ T5813] Memory state around the buggy address:
[  117.949593][ T5813]  ffff888049a3ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  117.952596][ T5813]  ffff888049a3ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  117.955657][ T5813] >ffff888049a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.958757][ T5813]                    ^
[  117.960280][ T5813]  ffff888049a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.963344][ T5813]  ffff888049a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  117.966296][ T5813] ==================================================================
[  117.997556][ T5813] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  118.000504][ T5813] CPU: 0 UID: 0 PID: 5813 Comm: syz.0.15 Not tainted 6.12.0-rc6-syzkaller-00272-gda4373fbcf00 #0
[  118.004644][ T5813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  118.008870][ T5813] Call Trace:
[  118.010214][ T5813]  <TASK>
[  118.011402][ T5813]  dump_stack_lvl+0x241/0x360
[  118.013466][ T5813]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.015643][ T5813]  ? __pfx__printk+0x10/0x10
[  118.017387][ T5813]  ? preempt_schedule+0xe1/0xf0
[  118.019282][ T5813]  ? vscnprintf+0x5d/0x90
[  118.021105][ T5813]  panic+0x349/0x880
[  118.022645][ T5813]  ? check_panic_on_warn+0x21/0xb0
[  118.024641][ T5813]  ? __pfx_panic+0x10/0x10
[  118.026307][ T5813]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  118.028693][ T5813]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  118.030940][ T5813]  ? print_report+0x502/0x550
[  118.032719][ T5813]  check_panic_on_warn+0x86/0xb0
[  118.034579][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  118.036639][ T5813]  end_report+0x77/0x160
[  118.038291][ T5813]  kasan_report+0x154/0x180
[  118.040036][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  118.042148][ T5813]  kasan_check_range+0x282/0x290
[  118.044017][ T5813]  ? scatterwalk_copychunks+0x1cc/0x460
[  118.046098][ T5813]  __asan_memcpy+0x29/0x70
[  118.047786][ T5813]  scatterwalk_copychunks+0x1cc/0x460
[  118.049849][ T5813]  skcipher_next_slow+0x39d/0x480
[  118.051790][ T5813]  skcipher_walk_next+0x634/0xba0
[  118.053700][ T5813]  chacha_simd_stream_xor+0x67f/0xd10
[  118.055788][ T5813]  ? __pfx_validate_chain+0x10/0x10
[  118.057739][ T5813]  ? __pfx_chacha_simd_stream_xor+0x10/0x10
[  118.059973][ T5813]  ? validate_chain+0x11e/0x5920
[  118.061926][ T5813]  do_encrypt+0x992/0xd70
[  118.063583][ T5813]  ? __pfx_do_encrypt+0x10/0x10
[  118.065501][ T5813]  ? __pfx_lock_acquire+0x10/0x10
[  118.067454][ T5813]  ? is_bpf_text_address+0x26/0x2a0
[  118.069457][ T5813]  ? __pfx_lock_release+0x10/0x10
[  118.071376][ T5813]  ? unwind_next_frame+0x18e6/0x22d0
[  118.073397][ T5813]  ? preempt_count_add+0x93/0x190
[  118.075290][ T5813]  ? is_bpf_text_address+0x285/0x2a0
[  118.077349][ T5813]  ? is_bpf_text_address+0x26/0x2a0
[  118.079313][ T5813]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  118.081731][ T5813]  ? kernel_text_address+0xa7/0xe0
[  118.083633][ T5813]  ? __kernel_text_address+0xd/0x40
[  118.085650][ T5813]  ? unwind_get_return_address+0x4d/0x90
[  118.087825][ T5813]  ? arch_stack_walk+0xfd/0x150
[  118.089807][ T5813]  ? stack_trace_save+0x118/0x1d0
[  118.091734][ T5813]  ? __pfx_stack_trace_save+0x10/0x10
[  118.093819][ T5813]  ? stack_depot_save_flags+0x29/0x830
[  118.096180][ T5813]  ? kasan_save_track+0x51/0x80
[  118.098146][ T5813]  ? kasan_save_track+0x3f/0x80
[  118.099983][ T5813]  ? kasan_save_free_info+0x40/0x50
[  118.102021][ T5813]  ? __kasan_slab_free+0x59/0x70
[  118.103941][ T5813]  ? kfree+0x1a0/0x440
[  118.105532][ T5813]  ? bch2_printbuf_exit+0x6d/0xa0
[  118.107560][ T5813]  ? __btree_err+0x3cb/0x760
[  118.109349][ T5813]  ? bch2_btree_node_read_done+0x15e1/0x5e90
[  118.111594][ T5813]  ? btree_node_read_work+0x68b/0x1260
[  118.113623][ T5813]  ? bch2_btree_node_read+0x2433/0x2a10
[  118.115718][ T5813]  ? bch2_btree_root_read+0x617/0x7a0
[  118.117817][ T5813]  ? read_btree_roots+0x296/0x840
[  118.119795][ T5813]  ? bch2_fs_recovery+0x2585/0x39d0
[  118.121835][ T5813]  ? bch2_fs_start+0x356/0x5b0
[  118.123697][ T5813]  ? bch2_fs_get_tree+0xd68/0x1710
[  118.125666][ T5813]  ? vfs_get_tree+0x90/0x2b0
[  118.127422][ T5813]  ? do_new_mount+0x2be/0xb40
[  118.129168][ T5813]  ? __se_sys_mount+0x2d6/0x3c0
[  118.130990][ T5813]  ? do_syscall_64+0xf3/0x230
[  118.132820][ T5813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.135103][ T5813]  ? bch2_printbuf_exit+0x6d/0xa0
[  118.136997][ T5813]  ? __btree_err+0x3cb/0x760
[  118.138774][ T5813]  ? bch2_printbuf_make_room+0xdd/0x350
[  118.140916][ T5813]  ? __pfx___btree_err+0x10/0x10
[  118.142846][ T5813]  ? __pfx_bch2_csum_to_text+0x10/0x10
[  118.144882][ T5813]  ? bch2_encrypt+0x3d/0xa0
[  118.146629][ T5813]  bch2_btree_node_read_done+0x17b4/0x5e90
[  118.148883][ T5813]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  118.151236][ T5813]  ? bch2_bkey_pick_read_device+0x137d/0x1670
[  118.153531][ T5813]  ? bch2_bkey_pick_read_device+0x221/0x1670
[  118.155770][ T5813]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  118.158172][ T5813]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  118.160373][ T5813]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  118.162740][ T5813]  btree_node_read_work+0x68b/0x1260
[  118.164824][ T5813]  ? __pfx_btree_node_read_work+0x10/0x10
[  118.167005][ T5813]  ? __bch2_time_stats_update+0x250/0x370
[  118.169177][ T5813]  ? __pfx_bch2_latency_acct+0x10/0x10
[  118.171251][ T5813]  ? bio_associate_blkg+0x6c/0x230
[  118.173240][ T5813]  bch2_btree_node_read+0x2433/0x2a10
[  118.175307][ T5813]  ? __pfx_lock_release+0x10/0x10
[  118.177197][ T5813]  ? bch2_trans_unlock+0x346/0x470
[  118.179175][ T5813]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  118.181380][ T5813]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  118.183936][ T5813]  ? bch2_trans_unlock+0x3a6/0x470
[  118.185902][ T5813]  bch2_btree_root_read+0x617/0x7a0
[  118.187863][ T5813]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  118.190108][ T5813]  ? bch2_current_has_btree_trans+0x142/0x180
[  118.192412][ T5813]  read_btree_roots+0x296/0x840
[  118.194229][ T5813]  bch2_fs_recovery+0x2585/0x39d0
[  118.196152][ T5813]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  118.198250][ T5813]  ? __pfx_lock_release+0x10/0x10
[  118.200191][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  118.202201][ T5813]  ? __pfx_lock_release+0x10/0x10
[  118.204128][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  118.206324][ T5813]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  118.208504][ T5813]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  118.210559][ T5813]  ? llist_reverse_order+0x72/0x90
[  118.212463][ T5813]  bch2_fs_start+0x356/0x5b0
[  118.214317][ T5813]  bch2_fs_get_tree+0xd68/0x1710
[  118.216213][ T5813]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  118.218305][ T5813]  ? generic_parse_monolithic+0x387/0x400
[  118.220522][ T5813]  ? apparmor_capable+0x13b/0x1b0
[  118.222504][ T5813]  vfs_get_tree+0x90/0x2b0
[  118.224252][ T5813]  do_new_mount+0x2be/0xb40
[  118.226039][ T5813]  ? __pfx_do_new_mount+0x10/0x10
[  118.228053][ T5813]  __se_sys_mount+0x2d6/0x3c0
[  118.229914][ T5813]  ? __pfx___se_sys_mount+0x10/0x10
[  118.231934][ T5813]  ? exc_page_fault+0x590/0x8c0
[  118.233848][ T5813]  ? __x64_sys_mount+0x20/0xc0
[  118.235644][ T5813]  do_syscall_64+0xf3/0x230
[  118.237446][ T5813]  ? clear_bhb_loop+0x35/0x90
[  118.239249][ T5813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.241624][ T5813] RIP: 0033:0x7f6b0337feba
[  118.243354][ T5813] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  118.250741][ T5813] RSP: 002b:00007f6b041f5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  118.254018][ T5813] RAX: ffffffffffffffda RBX: 00007f6b041f5ef0 RCX: 00007f6b0337feba
[  118.257030][ T5813] RDX: 000000002000f700 RSI: 000000002000f680 RDI: 00007f6b041f5eb0
[  118.260027][ T5813] RBP: 000000002000f700 R08: 00007f6b041f5ef0 R09: 0000000000000012
[  118.263018][ T5813] R10: 0000000000000012 R11: 0000000000000246 R12: 000000002000f680
[  118.266023][ T5813] R13: 00007f6b041f5eb0 R14: 000000000000f60d R15: 0000000020000000
[  118.269044][ T5813]  </TASK>
[  118.270463][ T5813] Kernel Offset: disabled
[  118.272113][ T5813] Rebooting in 86400 seconds..