Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts.
2024/07/14 03:09:51 ignoring optional flag "sandboxArg"="0"
2024/07/14 03:09:51 parsed 1 programs
2024/07/14 03:09:51 executed programs: 0
[   50.531763][ T1887] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   50.560422][ T1467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   50.567823][ T1467] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   50.575090][ T1467] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   50.582918][ T1467] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   50.590527][ T1467] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   50.597968][ T1467] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   50.739550][ T1892] chnl_net:caif_netlink_parms(): no params data found
[   51.938162][ T1892] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.615726][ T1467] Bluetooth: hci0: command tx timeout
[   52.769557][ T1892] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.326746][ T2294] loop0: detected capacity change from 0 to 32768
[   54.364641][ T2294] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[   54.378728][ T2294] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   54.393684][ T2294] ==================================================================
[   54.401767][ T2294] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x168/0x410
[   54.409835][ T2294] Read of size 40 at addr ffff88816d280000 by task syz-executor.0/2294
[   54.418154][ T2294] 
[   54.420593][ T2294] CPU: 0 PID: 2294 Comm: syz-executor.0 Not tainted 6.10.0-rc7-syzkaller #0
[   54.429499][ T2294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   54.439646][ T2294] Call Trace:
[   54.443048][ T2294]  <TASK>
[   54.445980][ T2294]  dump_stack_lvl+0x108/0x280
[   54.450846][ T2294]  ? __pfx_dump_stack_lvl+0x10/0x10
[   54.456030][ T2294]  ? __pfx__printk+0x10/0x10
[   54.460656][ T2294]  ? lock_acquire+0xc2/0x3a0
[   54.465796][ T2294]  ? __pfx_lock_acquire+0x10/0x10
[   54.470896][ T2294]  ? __virt_addr_valid+0x141/0x270
[   54.475985][ T2294]  ? __virt_addr_valid+0x229/0x270
[   54.481082][ T2294]  print_report+0x169/0x550
[   54.485609][ T2294]  ? __virt_addr_valid+0x141/0x270
[   54.490698][ T2294]  ? __virt_addr_valid+0x229/0x270
[   54.496152][ T2294]  ? scatterwalk_copychunks+0x168/0x410
[   54.501864][ T2294]  kasan_report+0x143/0x180
[   54.506451][ T2294]  ? scatterwalk_copychunks+0x168/0x410
[   54.512163][ T2294]  kasan_check_range+0x282/0x290
[   54.517164][ T2294]  ? scatterwalk_copychunks+0x168/0x410
[   54.522898][ T2294]  __asan_memcpy+0x29/0x70
[   54.527310][ T2294]  scatterwalk_copychunks+0x168/0x410
[   54.532662][ T2294]  skcipher_next_slow+0x315/0x410
[   54.537719][ T2294]  skcipher_walk_next+0x578/0xaa0
[   54.542732][ T2294]  chacha_simd_stream_xor+0x690/0xcb0
[   54.548573][ T2294]  ? __pfx_lock_release+0x10/0x10
[   54.554031][ T2294]  ? __pfx_chacha_simd_stream_xor+0x10/0x10
[   54.559924][ T2294]  ? do_raw_spin_unlock+0x13c/0x8b0
[   54.565285][ T2294]  do_encrypt+0x5e9/0x720
[   54.569598][ T2294]  ? btree_node_read_work+0x647/0x1160
[   54.575051][ T2294]  ? __pfx_do_encrypt+0x10/0x10
[   54.579873][ T2294]  ? stack_depot_save_flags+0x629/0x6c0
[   54.585483][ T2294]  ? kasan_save_track+0x51/0x80
[   54.590310][ T2294]  ? kasan_save_track+0x3f/0x80
[   54.595331][ T2294]  ? kasan_save_free_info+0x40/0x50
[   54.600883][ T2294]  ? poison_slab_object+0xe0/0x150
[   54.605994][ T2294]  ? __kasan_slab_free+0x37/0x60
[   54.610998][ T2294]  ? kfree+0x12f/0x310
[   54.615047][ T2294]  ? bch2_printbuf_exit+0x4d/0x80
[   54.620155][ T2294]  ? __btree_err+0x726/0xa40
[   54.625065][ T2294]  ? bch2_btree_node_read_done+0x11a4/0x57a0
[   54.631031][ T2294]  ? btree_node_read_work+0x647/0x1160
[   54.636574][ T2294]  ? bch2_btree_node_read+0x2001/0x2b70
[   54.642273][ T2294]  ? bch2_btree_root_read+0x2d5/0x860
[   54.647737][ T2294]  ? read_btree_roots+0x2bc/0x6a0
[   54.652737][ T2294]  ? bch2_fs_recovery+0x4214/0x6850
[   54.657912][ T2294]  ? bch2_fs_start+0x2d8/0x490
[   54.662652][ T2294]  ? bch2_fs_open+0x1d1f/0x2950
[   54.667474][ T2294]  ? bch2_mount+0x65d/0x1230
[   54.672045][ T2294]  ? legacy_get_tree+0xe9/0x180
[   54.676905][ T2294]  ? vfs_get_tree+0x82/0x190
[   54.681569][ T2294]  ? do_new_mount+0x21e/0x9b0
[   54.686821][ T2294]  ? __se_sys_mount+0x242/0x2e0
[   54.691929][ T2294]  ? do_syscall_64+0x8d/0x1a0
[   54.696643][ T2294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.702714][ T2294]  ? __pfx_bch2_csum_err_msg+0x10/0x10
[   54.708240][ T2294]  bch2_btree_node_read_done+0x1314/0x57a0
[   54.714024][ T2294]  ? __lock_acquire+0x5cd/0xc10
[   54.718856][ T2294]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[   54.725246][ T2294]  ? bch2_bkey_pick_read_device+0x1ef/0x19b0
[   54.731199][ T2294]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[   54.737616][ T2294]  ? bch2_bkey_val_to_text+0x6d/0x120
[   54.742985][ T2294]  ? btree_node_read_work+0x532/0x1160
[   54.748598][ T2294]  btree_node_read_work+0x647/0x1160
[   54.753862][ T2294]  ? __pfx_btree_node_read_work+0x10/0x10
[   54.759817][ T2294]  ? do_raw_spin_unlock+0x13c/0x8b0
[   54.765000][ T2294]  ? _raw_spin_unlock_irqrestore+0xcf/0x130
[   54.771043][ T2294]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   54.777517][ T2294]  ? __bch2_time_stats_update+0x1bb/0x290
[   54.783315][ T2294]  bch2_btree_node_read+0x2001/0x2b70
[   54.788662][ T2294]  ? __bch2_btree_node_hash_insert+0x7ed/0xe20
[   54.794788][ T2294]  ? __mutex_unlock_slowpath+0x20e/0x5c0
[   54.800397][ T2294]  ? __pfx_bch2_btree_node_read+0x10/0x10
[   54.806184][ T2294]  ? bch2_btree_node_hash_insert+0x16e/0x1c0
[   54.812160][ T2294]  bch2_btree_root_read+0x2d5/0x860
[   54.817330][ T2294]  ? __pfx_bch2_btree_root_read+0x10/0x10
[   54.823024][ T2294]  ? bch2_journal_log_msg+0xd5/0x120
[   54.828280][ T2294]  read_btree_roots+0x2bc/0x6a0
[   54.833106][ T2294]  bch2_fs_recovery+0x4214/0x6850
[   54.838137][ T2294]  ? legacy_get_tree+0xe9/0x180
[   54.842962][ T2294]  ? vfs_get_tree+0x82/0x190
[   54.847527][ T2294]  ? do_new_mount+0x21e/0x9b0
[   54.852184][ T2294]  ? __pfx_bch2_fs_recovery+0x10/0x10
[   54.857660][ T2294]  ? __lock_acquire+0x5cd/0xc10
[   54.862748][ T2294]  ? __lock_acquire+0x5cd/0xc10
[   54.867574][ T2294]  ? bch2_get_next_online_dev+0x2e/0x3a0
[   54.873255][ T2294]  ? __pfx_lock_release+0x10/0x10
[   54.878252][ T2294]  ? bch2_get_next_online_dev+0x2e/0x3a0
[   54.884378][ T2294]  ? __pfx_lock_release+0x10/0x10
[   54.889373][ T2294]  ? __mutex_unlock_slowpath+0x20e/0x5c0
[   54.895074][ T2294]  ? bch2_get_next_online_dev+0x2fa/0x3a0
[   54.900782][ T2294]  ? bch2_get_next_online_dev+0x2e/0x3a0
[   54.906390][ T2294]  bch2_fs_start+0x2d8/0x490
[   54.911505][ T2294]  bch2_fs_open+0x1d1f/0x2950
[   54.916178][ T2294]  ? __pfx_bch2_fs_open+0x10/0x10
[   54.921284][ T2294]  ? kfree+0x12f/0x310
[   54.925326][ T2294]  ? sget+0x26d/0x4a0
[   54.929473][ T2294]  ? bch2_mount+0x58c/0x1230
[   54.934044][ T2294]  ? legacy_get_tree+0xe9/0x180
[   54.938878][ T2294]  ? vfs_get_tree+0x82/0x190
[   54.943538][ T2294]  ? do_new_mount+0x21e/0x9b0
[   54.948189][ T2294]  ? __se_sys_mount+0x242/0x2e0
[   54.953013][ T2294]  ? do_syscall_64+0x8d/0x1a0
[   54.957684][ T2294]  ? __pfx_bch2_test_super+0x10/0x10
[   54.963184][ T2294]  ? sget+0x26d/0x4a0
[   54.967439][ T2294]  ? __pfx_bch2_noset_super+0x10/0x10
[   54.973082][ T2294]  bch2_mount+0x65d/0x1230
[   54.977588][ T2294]  ? __pfx_bch2_mount+0x10/0x10
[   54.982416][ T2294]  ? vfs_parse_fs_string+0x17f/0x220
[   54.988552][ T2294]  ? kfree+0x45/0x310
[   54.992597][ T2294]  ? vfs_parse_fs_string+0x17f/0x220
[   54.998039][ T2294]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[   55.003770][ T2294]  legacy_get_tree+0xe9/0x180
[   55.008762][ T2294]  ? __pfx_bch2_mount+0x10/0x10
[   55.013674][ T2294]  vfs_get_tree+0x82/0x190
[   55.018066][ T2294]  do_new_mount+0x21e/0x9b0
[   55.022632][ T2294]  ? __pfx_do_new_mount+0x10/0x10
[   55.027652][ T2294]  ? user_path_at_empty+0x3f/0x50
[   55.032820][ T2294]  ? kmem_cache_free+0x12c/0x3b0
[   55.037732][ T2294]  __se_sys_mount+0x242/0x2e0
[   55.042384][ T2294]  ? __pfx___se_sys_mount+0x10/0x10
[   55.047728][ T2294]  ? switch_fpu_return+0xce/0x140
[   55.052728][ T2294]  do_syscall_64+0x8d/0x1a0
[   55.057381][ T2294]  ? clear_bhb_loop+0x55/0xb0
[   55.062118][ T2294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.068177][ T2294] RIP: 0033:0x7ff12c07f3aa
[   55.072574][ T2294] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   55.092249][ T2294] RSP: 002b:00007ff12ce24ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   55.101171][ T2294] RAX: ffffffffffffffda RBX: 00007ff12ce24f80 RCX: 00007ff12c07f3aa
[   55.109328][ T2294] RDX: 0000000020011a00 RSI: 0000000020011a40 RDI: 00007ff12ce24f40
[   55.117370][ T2294] RBP: 0000000020011a00 R08: 00007ff12ce24f80 R09: 0000000001200014
[   55.125316][ T2294] R10: 0000000001200014 R11: 0000000000000246 R12: 0000000020011a40
[   55.133266][ T2294] R13: 00007ff12ce24f40 R14: 00000000000119f9 R15: 0000000020000100
[   55.141216][ T2294]  </TASK>
[   55.144211][ T2294] 
[   55.146516][ T2294] The buggy address belongs to the physical page:
[   55.152996][ T2294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16d280
[   55.161902][ T2294] flags: 0x100000000000000(node=0|zone=2)
[   55.167602][ T2294] page_type: 0xffffff7f(buddy)
[   55.172385][ T2294] raw: 0100000000000000 ffff88823fff8f88 ffff88823fff8f88 0000000000000000
[   55.181030][ T2294] raw: 0000000000000000 0000000000000005 00000000ffffff7f 0000000000000000
[   55.189603][ T2294] page dumped because: kasan: bad access detected
[   55.196104][ T2294] page_owner tracks the page as freed
[   55.201552][ T2294] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2294, tgid 2293 (syz-executor.0), ts 54347614769, free_ts 54393032479
[   55.221073][ T2294]  post_alloc_hook+0x10f/0x130
[   55.225914][ T2294]  get_page_from_freelist+0x3712/0x3820
[   55.231473][ T2294]  __alloc_pages_noprof+0x256/0x670
[   55.236738][ T2294]  __kmalloc_large_node+0x8a/0x180
[   55.241916][ T2294]  __kmalloc_node_noprof+0x2ec/0x470
[   55.247262][ T2294]  kvmalloc_node_noprof+0x42/0xf0
[   55.252270][ T2294]  __bch2_btree_node_mem_alloc+0x256/0x500
[   55.258134][ T2294]  bch2_fs_btree_cache_init+0x4ad/0x590
[   55.263768][ T2294]  bch2_fs_open+0x21dd/0x2950
[   55.268422][ T2294]  bch2_mount+0x65d/0x1230
[   55.272974][ T2294]  legacy_get_tree+0xe9/0x180
[   55.277936][ T2294]  vfs_get_tree+0x82/0x190
[   55.282435][ T2294]  do_new_mount+0x21e/0x9b0
[   55.286950][ T2294]  __se_sys_mount+0x242/0x2e0
[   55.291688][ T2294]  do_syscall_64+0x8d/0x1a0
[   55.296252][ T2294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.302213][ T2294] page last free pid 2294 tgid 2293 stack trace:
[   55.308861][ T2294]  __free_pages_ok+0x949/0xa60
[   55.313887][ T2294]  __folio_put+0x2d3/0x490
[   55.318276][ T2294]  free_large_kmalloc+0xb5/0x170
[   55.323271][ T2294]  kfree+0x1a1/0x310
[   55.327136][ T2294]  bch2_btree_node_read_done+0x33ba/0x57a0
[   55.332918][ T2294]  btree_node_read_work+0x647/0x1160
[   55.338172][ T2294]  bch2_btree_node_read+0x2001/0x2b70
[   55.343599][ T2294]  bch2_btree_root_read+0x2d5/0x860
[   55.348772][ T2294]  read_btree_roots+0x2bc/0x6a0
[   55.353602][ T2294]  bch2_fs_recovery+0x4214/0x6850
[   55.358687][ T2294]  bch2_fs_start+0x2d8/0x490
[   55.363434][ T2294]  bch2_fs_open+0x1d1f/0x2950
[   55.368080][ T2294]  bch2_mount+0x65d/0x1230
[   55.372733][ T2294]  legacy_get_tree+0xe9/0x180
[   55.377457][ T2294]  vfs_get_tree+0x82/0x190
[   55.381993][ T2294]  do_new_mount+0x21e/0x9b0
[   55.386490][ T2294] 
[   55.388797][ T2294] Memory state around the buggy address:
[   55.394544][ T2294]  ffff88816d27ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.403021][ T2294]  ffff88816d27ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   55.411230][ T2294] >ffff88816d280000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.419526][ T2294]                    ^
[   55.423651][ T2294]  ffff88816d280080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.431684][ T2294]  ffff88816d280100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.439712][ T2294] ==================================================================
[   55.448094][ T2294] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   55.455822][ T2294] Kernel Offset: disabled
[   55.460136][ T2294] Rebooting in 86400 seconds..