Warning: Permanently added '10.128.10.53' (ED25519) to the list of known hosts. 2025/06/15 09:13:50 ignoring optional flag "sandboxArg"="0" 2025/06/15 09:13:51 parsed 1 programs [ 69.613000][ T2447] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.444249][ T1350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.451501][ T1350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.459074][ T1350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.466900][ T1350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.474913][ T1350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.482260][ T1350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.162839][ T2516] chnl_net:caif_netlink_parms(): no params data found [ 72.682084][ T2516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.635063][ T2516] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.481477][ T38] bond0 (unregistering): Released all slaves 2025/06/15 09:13:57 executed programs: 0 [ 75.743209][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.751051][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.758347][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.766766][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.774792][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.782114][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.957909][ T2936] chnl_net:caif_netlink_parms(): no params data found [ 77.416512][ T2936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.838779][ T1350] Bluetooth: hci0: command tx timeout [ 78.389947][ T2936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.918800][ T1350] Bluetooth: hci0: command tx timeout [ 80.263900][ T3338] loop2: detected capacity change from 0 to 32768 [ 80.302588][ T3338] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=/dev/loop2,noshard_inode_numbers,noinodes_use_key_cache,degraded,fsck,norecovery,nojournal_transaction_names [ 80.326766][ T3338] invalid bkey u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq d682cebdf2a7eb26 written 16 min_key 1970324836974592:0:0 durability: 0 (invalid extent entry 0000000000020000) [ 80.326772][ T3338] invalid extent entry type (got 17, shutting down [ 80.352230][ T3338] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 0 [ 80.362022][ T3338] invalid bkey u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq d771a06d670df06c written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0 [ 80.362027][ T3338] nonzero snapshot: delete?, shutting down [ 80.383934][ T3338] invalid bkey u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 93dda84068e88b3f written 16 min_key POS_MIN durability: 0 (invalid extent entry 00000000000100c0) [ 80.383939][ T3338] invalid extent entry type (got 6, shutting down [ 80.407155][ T3338] bcachefs (loop2): recovering from clean shutdown, journal seq 13 [ 80.415290][ T3338] bcachefs (loop2): Version upgrade required: [ 80.415290][ T3338] Version upgrade from 0.32: (unknown version) to 1.7: mi_btree_bitmap incomplete [ 80.415290][ T3338] Doing incompatible version upgrade from 0.32: (unknown version) to 1.10: disk_accounting_v3 [ 80.415290][ T3338] running recovery passes: check_allocations,check_snapshots,check_subvols,check_inodes,check_dirents,set_fs_needs_rebalance [ 80.457437][ T3338] ================================================================== [ 80.465516][ T3338] BUG: KASAN: use-after-free in crypto_poly1305_update+0xd/0x20 [ 80.473157][ T3338] Read of size 8 at addr ffff8881689e0070 by task syz.2.16/3338 [ 80.480762][ T3338] [ 80.483075][ T3338] CPU: 0 UID: 0 PID: 3338 Comm: syz.2.16 Not tainted 6.11.0-rc1-syzkaller #0 [ 80.491811][ T3338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.501852][ T3338] Call Trace: [ 80.505115][ T3338] [ 80.508035][ T3338] dump_stack_lvl+0xf5/0x170 [ 80.512608][ T3338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.517813][ T3338] ? _raw_spin_lock_irqsave+0xa6/0xe0 [ 80.523167][ T3338] ? __virt_addr_valid+0x262/0x2b0 [ 80.528443][ T3338] print_report+0xca/0x250 [ 80.532925][ T3338] ? crypto_poly1305_update+0xd/0x20 [ 80.538179][ T3338] kasan_report+0x118/0x150 [ 80.542829][ T3338] ? poly1305_blocks_avx2+0xe9/0x780 [ 80.548095][ T3338] ? crypto_poly1305_update+0xd/0x20 [ 80.553442][ T3338] kasan_check_range+0x2b0/0x2c0 [ 80.558530][ T3338] ? crypto_poly1305_update+0xd/0x20 [ 80.563880][ T3338] __asan_memcpy+0x29/0x70 [ 80.568416][ T3338] crypto_poly1305_update+0xd/0x20 [ 80.573583][ T3338] bch2_checksum+0x2eb/0x4f0 [ 80.578241][ T3338] ? __pfx_bch2_checksum+0x10/0x10 [ 80.583320][ T3338] ? vsnprintf+0x11dd/0x1b30 [ 80.587882][ T3338] ? bch2_prt_printf+0x6ad/0x860 [ 80.592794][ T3338] ? krealloc_noprof+0xd3/0x120 [ 80.597706][ T3338] ? bch2_btree_node_read_done+0x5d2/0x4c80 [ 80.603572][ T3338] bch2_btree_node_read_done+0x13e9/0x4c80 [ 80.609444][ T3338] ? __pfx_number+0x10/0x10 [ 80.614037][ T3338] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 80.620352][ T3338] ? __pfx_lock_release+0x10/0x10 [ 80.625352][ T3338] ? bch2_bkey_pick_read_device+0xe76/0xf60 [ 80.631221][ T3338] btree_node_read_work+0x507/0xcc0 [ 80.636402][ T3338] ? _raw_spin_unlock_irqrestore+0xa1/0x100 [ 80.642418][ T3338] ? __pfx_btree_node_read_work+0x10/0x10 [ 80.648288][ T3338] ? bch2_latency_acct+0x29d/0x310 [ 80.653571][ T3338] ? __pfx_bch2_latency_acct+0x10/0x10 [ 80.659006][ T3338] ? bio_associate_blkg+0x56/0x160 [ 80.664092][ T3338] bch2_btree_node_read+0x1d4a/0x21e0 [ 80.669448][ T3338] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 80.675171][ T3338] ? bch2_trans_unlock+0x6e/0x1a0 [ 80.680265][ T3338] bch2_btree_root_read+0x296/0x830 [ 80.685443][ T3338] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 80.691342][ T3338] ? bch2_current_has_btree_trans+0x136/0x170 [ 80.697399][ T3338] read_btree_roots+0x30c/0x6d0 [ 80.702258][ T3338] bch2_fs_recovery+0x1640/0x27f0 [ 80.707297][ T3338] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 80.712803][ T3338] ? __lock_acquire+0x5f5/0xc00 [ 80.717722][ T3338] ? __lock_acquire+0x5f5/0xc00 [ 80.722568][ T3338] ? bch2_get_next_online_dev+0x2e/0x390 [ 80.728302][ T3338] ? __pfx_lock_release+0x10/0x10 [ 80.733415][ T3338] ? bch2_get_next_online_dev+0x2e/0x390 [ 80.739132][ T3338] ? sysvec_call_function_single+0x9c/0xb0 [ 80.745071][ T3338] bch2_fs_start+0x2fa/0x4d0 [ 80.749768][ T3338] bch2_fs_get_tree+0x467/0xf90 [ 80.754639][ T3338] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 80.760230][ T3338] ? vfs_parse_monolithic_sep+0x172/0x280 [ 80.765949][ T3338] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 80.771652][ T3338] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 80.777698][ T3338] ? vfs_parse_fs_string+0xe6/0x150 [ 80.782909][ T3338] ? security_capable+0x41/0xa0 [ 80.787832][ T3338] vfs_get_tree+0x84/0x1a0 [ 80.792229][ T3338] do_new_mount+0x1c9/0x850 [ 80.796713][ T3338] __se_sys_mount+0x21c/0x2c0 [ 80.802066][ T3338] ? __pfx___se_sys_mount+0x10/0x10 [ 80.807443][ T3338] do_syscall_64+0x8f/0x180 [ 80.812030][ T3338] ? fpregs_assert_state_consistent+0x48/0x60 [ 80.818651][ T3338] ? clear_bhb_loop+0x55/0xb0 [ 80.823418][ T3338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.829292][ T3338] RIP: 0033:0x7ff9217900ca [ 80.833715][ T3338] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.853398][ T3338] RSP: 002b:00007ff9225d1e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 80.861818][ T3338] RAX: ffffffffffffffda RBX: 00007ff9225d1ef0 RCX: 00007ff9217900ca [ 80.869772][ T3338] RDX: 000020000000f640 RSI: 000020000000f680 RDI: 00007ff9225d1eb0 [ 80.877804][ T3338] RBP: 000020000000f640 R08: 00007ff9225d1ef0 R09: 0000000000000180 [ 80.885763][ T3338] R10: 0000000000000180 R11: 0000000000000246 R12: 000020000000f680 [ 80.893921][ T3338] R13: 00007ff9225d1eb0 R14: 000000000000f63b R15: 0000200000000080 [ 80.901882][ T3338] [ 80.905140][ T3338] [ 80.907456][ T3338] The buggy address belongs to the physical page: [ 80.914048][ T3338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1689e0 [ 80.923240][ T3338] flags: 0x100000000000000(node=0|zone=2) [ 80.929045][ T3338] page_type: 0xbfffffff(buddy) [ 80.933808][ T3338] raw: 0100000000000000 ffffea0005a28c08 ffffea0005c9f008 0000000000000000 [ 80.942498][ T3338] raw: 0000000000000000 0000000000000004 00000000bfffffff 0000000000000000 [ 80.951073][ T3338] page dumped because: kasan: bad access detected [ 80.957561][ T3338] page_owner tracks the page as freed [ 80.962922][ T3338] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), pid 2426, tgid 2426 (sshd-session), ts 60020722378, free_ts 60020866109 [ 80.980686][ T3338] post_alloc_hook+0x16e/0x1a0 [ 80.985452][ T3338] get_page_from_freelist+0x29f2/0x2ac0 [ 80.991090][ T3338] __alloc_pages_noprof+0x1e4/0x450 [ 80.996350][ T3338] alloc_pages_mpol_noprof+0x1d5/0x380 [ 81.001783][ T3338] pipe_write+0x519/0x1520 [ 81.006187][ T3338] vfs_write+0x85d/0xb30 [ 81.010446][ T3338] ksys_write+0x100/0x1c0 [ 81.014940][ T3338] do_syscall_64+0x8f/0x180 [ 81.019417][ T3338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.025297][ T3338] page last free pid 2427 tgid 2427 stack trace: [ 81.032739][ T3338] free_unref_page+0xbf1/0xca0 [ 81.037488][ T3338] __folio_put+0x19b/0x280 [ 81.042057][ T3338] pipe_read+0x4e4/0xde0 [ 81.046266][ T3338] vfs_read+0x6aa/0x8b0 [ 81.050479][ T3338] ksys_read+0x100/0x1c0 [ 81.054693][ T3338] do_syscall_64+0x8f/0x180 [ 81.059167][ T3338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.065044][ T3338] [ 81.067354][ T3338] Memory state around the buggy address: [ 81.072961][ T3338] ffff8881689dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.080997][ T3338] ffff8881689dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.089062][ T3338] >ffff8881689e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 81.097095][ T3338] ^ [ 81.105050][ T3338] ffff8881689e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 81.113256][ T3338] ffff8881689e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 81.121314][ T3338] ================================================================== [ 81.129794][ T3338] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.139521][ T3338] Kernel Offset: disabled [ 81.143877][ T3338] Rebooting in 86400 seconds..