Warning: Permanently added '10.128.10.42' (ED25519) to the list of known hosts. 2023/08/08 03:05:16 ignoring optional flag "sandboxArg"="0" 2023/08/08 03:05:16 parsed 1 programs 2023/08/08 03:05:16 executed programs: 0 [ 51.110615][ T1911] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.154527][ T1242] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 51.161817][ T1242] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 51.173007][ T43] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 51.191115][ T1929] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 51.201398][ T1934] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 51.211438][ T1941] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 51.211889][ T1943] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 51.218579][ T1941] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 51.226348][ T1945] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 51.233050][ T1941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 51.240094][ T1945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 51.246703][ T1941] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 51.253748][ T1945] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 51.268451][ T1945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 51.268514][ T1941] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 51.275744][ T1945] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 51.283014][ T1941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 51.290569][ T1945] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 51.299127][ T1941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 51.306030][ T1945] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 51.313245][ T1941] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 51.320061][ T1945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 51.326986][ T1941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 51.334229][ T1945] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 51.340932][ T1941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 51.347913][ T1945] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 51.355089][ T1941] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 51.361800][ T1945] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 51.368980][ T1941] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 51.376137][ T1402] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 51.384397][ T1941] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 51.389558][ T1402] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 51.401175][ T1941] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 51.403646][ T1402] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 51.413019][ T1941] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 51.424661][ T1946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.108835][ T1918] chnl_net:caif_netlink_parms(): no params data found [ 52.140875][ T1940] chnl_net:caif_netlink_parms(): no params data found [ 52.262354][ T1925] chnl_net:caif_netlink_parms(): no params data found [ 52.280374][ T1935] chnl_net:caif_netlink_parms(): no params data found [ 52.312772][ T1930] chnl_net:caif_netlink_parms(): no params data found [ 52.321906][ T1926] chnl_net:caif_netlink_parms(): no params data found [ 53.492420][ T43] Bluetooth: hci4: command 0x0409 tx timeout [ 53.492887][ T1941] Bluetooth: hci2: command 0x0409 tx timeout [ 53.498514][ T43] Bluetooth: hci3: command 0x0409 tx timeout [ 53.504946][ T1941] Bluetooth: hci1: command 0x0409 tx timeout [ 53.512489][ T1946] Bluetooth: hci5: command 0x0409 tx timeout [ 53.517121][ T1941] Bluetooth: hci0: command 0x0409 tx timeout [ 55.573282][ T1941] Bluetooth: hci0: command 0x041b tx timeout [ 55.573323][ T43] Bluetooth: hci3: command 0x041b tx timeout [ 55.579279][ T1941] Bluetooth: hci5: command 0x041b tx timeout [ 55.586415][ T43] Bluetooth: hci1: command 0x041b tx timeout [ 55.591385][ T1934] Bluetooth: hci2: command 0x041b tx timeout [ 55.597333][ T1946] Bluetooth: hci4: command 0x041b tx timeout [ 57.652940][ T1934] Bluetooth: hci2: command 0x040f tx timeout [ 57.659322][ T1934] Bluetooth: hci5: command 0x040f tx timeout [ 57.668500][ T1941] Bluetooth: hci1: command 0x040f tx timeout [ 57.668651][ T43] Bluetooth: hci4: command 0x040f tx timeout [ 57.675204][ T1941] Bluetooth: hci3: command 0x040f tx timeout [ 57.680479][ T1242] Bluetooth: hci0: command 0x040f tx timeout [ 59.640500][ T1935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.732356][ T1242] Bluetooth: hci0: command 0x0419 tx timeout [ 59.738471][ T1242] Bluetooth: hci3: command 0x0419 tx timeout [ 59.744924][ T43] Bluetooth: hci4: command 0x0419 tx timeout [ 59.744983][ T1941] Bluetooth: hci5: command 0x0419 tx timeout [ 59.751160][ T43] Bluetooth: hci1: command 0x0419 tx timeout [ 59.760235][ T1941] Bluetooth: hci2: command 0x0419 tx timeout [ 59.776982][ T1930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.884766][ T1940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.000005][ T1926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.018829][ T1918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.190398][ T1925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.558405][ T1935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.850416][ T1930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.977933][ T1918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.995580][ T1926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.018667][ T1940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.134590][ T1925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.341737][ T4300] loop0: detected capacity change from 0 to 32768 [ 74.358404][ T4300] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (4300) [ 74.408830][ T4300] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.418274][ T4300] BTRFS info (device loop0): force clearing of disk cache [ 74.422588][ T4313] loop4: detected capacity change from 0 to 32768 [ 74.425440][ T4300] BTRFS info (device loop0): setting nodatasum [ 74.438621][ T4300] BTRFS error (device loop0): unrecognized mount option 'rescan ' [ 74.455696][ T4313] BTRFS warning: duplicate device /dev/loop4 devid 1 generation 8 scanned by syz-executor.4 (4313) [ 74.498550][ T4300] BTRFS error (device loop0): open_ctree failed 2023/08/08 03:05:40 executed programs: 6 [ 74.648531][ T4332] loop2: detected capacity change from 0 to 32768 [ 74.673431][ T4332] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz-executor.2 (4332) [ 74.717875][ T4332] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.727226][ T4332] BTRFS info (device loop2): force clearing of disk cache [ 74.734391][ T4332] BTRFS info (device loop2): setting nodatasum [ 74.740541][ T4332] BTRFS error (device loop2): unrecognized mount option 'rescan ' [ 74.760699][ T4338] loop5: detected capacity change from 0 to 32768 [ 74.806019][ T4336] loop3: detected capacity change from 0 to 32768 [ 74.819321][ T4332] BTRFS error (device loop2): open_ctree failed [ 74.819939][ T4338] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz-executor.5 (4338) [ 74.859754][ T4341] loop1: detected capacity change from 0 to 32768 [ 74.871897][ T4338] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 74.872953][ T4341] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz-executor.1 (4341) [ 74.881282][ T4338] BTRFS info (device loop3): force clearing of disk cache [ 74.899280][ T4338] BTRFS info (device loop3): setting nodatasum [ 74.905702][ T4338] BTRFS error (device loop3): unrecognized mount option 'rescan ' [ 74.923358][ T4338] BTRFS error (device loop3): open_ctree failed [ 74.929707][ T4336] ================================================================== [ 74.937958][ T4336] BUG: KASAN: slab-use-after-free in btrfs_open_devices+0x95/0xa0 [ 74.945844][ T4336] Read of size 4 at addr ffff88817b06e130 by task syz-executor.3/4336 [ 74.954002][ T4336] [ 74.956428][ T4336] CPU: 1 PID: 4336 Comm: syz-executor.3 Not tainted 6.5.0-rc1-syzkaller #0 [ 74.965001][ T4336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 74.975049][ T4336] Call Trace: [ 74.978322][ T4336] [ 74.981244][ T4336] dump_stack_lvl+0x3d/0x60 [ 74.986009][ T4336] print_report+0xc4/0x620 [ 74.990428][ T4336] kasan_report+0xda/0x110 [ 74.994914][ T4336] ? btrfs_open_devices+0x95/0xa0 [ 74.999948][ T4336] ? btrfs_open_devices+0x95/0xa0 [ 75.004967][ T4336] btrfs_open_devices+0x95/0xa0 [ 75.009968][ T4336] btrfs_mount_root+0x52f/0xb40 [ 75.014804][ T4336] ? __bpf_trace_btrfs__block_group+0xc0/0xc0 [ 75.021020][ T4336] ? vfs_parse_fs_param_source+0x3a/0x1b0 [ 75.026880][ T4336] ? legacy_parse_param+0x6f/0x7e0 [ 75.031962][ T4336] ? kfree+0xfd/0x120 [ 75.036000][ T4336] ? vfs_parse_fs_string+0xd3/0x120 [ 75.041339][ T4336] ? __bpf_trace_btrfs__block_group+0xc0/0xc0 [ 75.047465][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.052308][ T4336] ? alloc_fs_context+0x4bb/0x880 [ 75.057307][ T4336] vfs_get_tree+0x82/0x210 [ 75.061694][ T4336] vfs_kern_mount.part.0+0x6e/0x100 [ 75.066952][ T4336] btrfs_mount+0x1e5/0x9f0 [ 75.071337][ T4336] ? btrfs_show_options+0xe80/0xe80 [ 75.076513][ T4336] ? vfs_parse_fs_param_source+0x3a/0x1b0 [ 75.082207][ T4336] ? legacy_parse_param+0x6f/0x7e0 [ 75.087285][ T4336] ? apparmor_sb_pivotroot+0x2c0/0x2c0 [ 75.092888][ T4336] ? vfs_parse_fs_string+0xd3/0x120 [ 75.098125][ T4336] ? btrfs_show_options+0xe80/0xe80 [ 75.103295][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.107942][ T4336] ? security_capable+0x67/0xa0 [ 75.112764][ T4336] vfs_get_tree+0x82/0x210 [ 75.117501][ T4336] path_mount+0x878/0x1a00 [ 75.121890][ T4336] ? finish_automount+0x720/0x720 [ 75.126970][ T4336] ? kmem_cache_free+0xe9/0x460 [ 75.131963][ T4336] ? getname_flags.part.0+0x88/0x430 [ 75.137831][ T4336] __x64_sys_mount+0x208/0x280 [ 75.142566][ T4336] ? copy_mnt_ns+0xa70/0xa70 [ 75.147300][ T4336] ? do_user_addr_fault+0x29e/0x900 [ 75.152470][ T4336] do_syscall_64+0x38/0xb0 [ 75.156950][ T4336] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.162816][ T4336] RIP: 0033:0x7feee287e1ea [ 75.167205][ T4336] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 75.186877][ T4336] RSP: 002b:00007feee3590ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 75.195261][ T4336] RAX: ffffffffffffffda RBX: 00007feee3590f80 RCX: 00007feee287e1ea [ 75.203205][ T4336] RDX: 00000000200051c0 RSI: 0000000020005200 RDI: 00007feee3590f40 [ 75.211150][ T4336] RBP: 00000000200051c0 R08: 00007feee3590f80 R09: 0000000001000008 [ 75.219184][ T4336] R10: 0000000001000008 R11: 0000000000000246 R12: 0000000020005200 [ 75.227129][ T4336] R13: 00007feee3590f40 R14: 00000000000051ab R15: 0000000020000280 [ 75.235079][ T4336] [ 75.238076][ T4336] [ 75.240467][ T4336] Allocated by task 4338: [ 75.244762][ T4336] kasan_save_stack+0x33/0x50 [ 75.249448][ T4336] kasan_set_track+0x25/0x30 [ 75.254025][ T4336] __kasan_kmalloc+0xa2/0xb0 [ 75.258674][ T4336] alloc_fs_devices+0x4f/0x280 [ 75.263498][ T4336] device_list_add.constprop.0+0x331/0x15d0 [ 75.269445][ T4336] btrfs_scan_one_device+0xe6/0x1b0 [ 75.274666][ T4336] btrfs_mount_root+0x3c5/0xb40 [ 75.279570][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.284213][ T4336] vfs_get_tree+0x82/0x210 [ 75.288683][ T4336] vfs_kern_mount.part.0+0x6e/0x100 [ 75.293847][ T4336] btrfs_mount+0x1e5/0x9f0 [ 75.298238][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.302891][ T4336] vfs_get_tree+0x82/0x210 [ 75.307279][ T4336] path_mount+0x878/0x1a00 [ 75.311756][ T4336] __x64_sys_mount+0x208/0x280 [ 75.316490][ T4336] do_syscall_64+0x38/0xb0 [ 75.320873][ T4336] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.326741][ T4336] [ 75.329047][ T4336] Freed by task 4338: [ 75.332993][ T4336] kasan_save_stack+0x33/0x50 [ 75.337671][ T4336] kasan_set_track+0x25/0x30 [ 75.342318][ T4336] kasan_save_free_info+0x2b/0x40 [ 75.347396][ T4336] ____kasan_slab_free+0x15e/0x1b0 [ 75.352475][ T4336] slab_free_freelist_hook+0x10b/0x1e0 [ 75.357986][ T4336] __kmem_cache_free+0xba/0x340 [ 75.362808][ T4336] btrfs_close_devices+0x44e/0x5b0 [ 75.367888][ T4336] open_ctree+0x1ac/0x50c0 [ 75.372361][ T4336] btrfs_mount_root+0x7b3/0xb40 [ 75.377283][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.381928][ T4336] vfs_get_tree+0x82/0x210 [ 75.386340][ T4336] vfs_kern_mount.part.0+0x6e/0x100 [ 75.391510][ T4336] btrfs_mount+0x1e5/0x9f0 [ 75.395898][ T4336] legacy_get_tree+0xfe/0x1f0 [ 75.400638][ T4336] vfs_get_tree+0x82/0x210 [ 75.405029][ T4336] path_mount+0x878/0x1a00 [ 75.409422][ T4336] __x64_sys_mount+0x208/0x280 [ 75.414239][ T4336] do_syscall_64+0x38/0xb0 [ 75.418726][ T4336] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.424590][ T4336] [ 75.426973][ T4336] The buggy address belongs to the object at ffff88817b06e000 [ 75.426973][ T4336] which belongs to the cache kmalloc-512 of size 512 [ 75.441180][ T4336] The buggy address is located 304 bytes inside of [ 75.441180][ T4336] freed 512-byte region [ffff88817b06e000, ffff88817b06e200) [ 75.455031][ T4336] [ 75.457341][ T4336] The buggy address belongs to the physical page: [ 75.464157][ T4336] page:ffffea0005ec1b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17b06c [ 75.474541][ T4336] head:ffffea0005ec1b00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 75.483555][ T4336] anon flags: 0x100000000010200(slab|head|node=0|zone=2) [ 75.490562][ T4336] page_type: 0xffffffff() [ 75.494876][ T4336] raw: 0100000000010200 ffff888100041c80 0000000000000000 dead000000000001 [ 75.504130][ T4336] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 75.512678][ T4336] page dumped because: kasan: bad access detected [ 75.519062][ T4336] page_owner tracks the page as allocated [ 75.524745][ T4336] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1292, tgid 1292 (udevadm), ts 7303380805, free_ts 5626251086 [ 75.546098][ T4336] post_alloc_hook+0x281/0x2f0 [ 75.550844][ T4336] get_page_from_freelist+0x1131/0x3d90 [ 75.556693][ T4336] __alloc_pages+0x1d0/0x470 [ 75.561434][ T4336] allocate_slab+0x24e/0x360 [ 75.565994][ T4336] ___slab_alloc+0x7a7/0x1000 [ 75.570696][ T4336] __slab_alloc.constprop.0+0x4d/0x90 [ 75.576034][ T4336] __kmem_cache_alloc_node+0x143/0x390 [ 75.581459][ T4336] kmalloc_trace+0x25/0xb0 [ 75.585844][ T4336] kernfs_fop_open+0x259/0xd30 [ 75.590576][ T4336] do_dentry_open+0x5db/0x1200 [ 75.596189][ T4336] path_openat+0x18b8/0x27c0 [ 75.600845][ T4336] do_filp_open+0x1bc/0x400 [ 75.605587][ T4336] do_sys_openat2+0x12c/0x170 [ 75.610237][ T4336] __x64_sys_openat+0x134/0x1d0 [ 75.615057][ T4336] do_syscall_64+0x38/0xb0 [ 75.619533][ T4336] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 75.625583][ T4336] page last free stack trace: [ 75.630231][ T4336] free_unref_page_prepare+0x5ac/0xcf0 [ 75.635934][ T4336] free_unref_page+0x33/0x350 [ 75.640756][ T4336] free_contig_range+0xa1/0x150 [ 75.645578][ T4336] destroy_args+0x4f4/0x6b0 [ 75.650136][ T4336] debug_vm_pgtable+0x19f9/0x2c50 [ 75.655174][ T4336] do_one_initcall+0xcd/0x3c0 [ 75.659823][ T4336] kernel_init_freeable+0x504/0x840 [ 75.665078][ T4336] kernel_init+0x1a/0x1c0 [ 75.669380][ T4336] ret_from_fork+0x1f/0x30 [ 75.673768][ T4336] [ 75.676071][ T4336] Memory state around the buggy address: [ 75.681672][ T4336] ffff88817b06e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.689703][ T4336] ffff88817b06e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.697732][ T4336] >ffff88817b06e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.705859][ T4336] ^ [ 75.711459][ T4336] ffff88817b06e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.719667][ T4336] ffff88817b06e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.727706][ T4336] ================================================================== [ 75.736054][ T4336] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.743810][ T4336] Kernel Offset: disabled [ 75.748115][ T4336] Rebooting in 86400 seconds..