Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts. 2024/05/06 04:14:36 ignoring optional flag "sandboxArg"="0" 2024/05/06 04:14:37 parsed 1 programs 2024/05/06 04:14:37 executed programs: 0 [ 47.278058][ T1955] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.308717][ T1445] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.316485][ T1445] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.323924][ T1445] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.331736][ T1445] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.339188][ T1445] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 47.346458][ T1445] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.482460][ T1961] chnl_net:caif_netlink_parms(): no params data found [ 48.609194][ T1961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.360457][ T1961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.396301][ T1445] Bluetooth: hci0: command 0x0409 tx timeout [ 50.857520][ T2363] loop0: detected capacity change from 0 to 32768 [ 50.870180][ T2363] ================================================================== [ 50.878442][ T2363] BUG: KASAN: slab-out-of-bounds in bch2_sb_clean_to_text+0x139/0x1d0 [ 50.886577][ T2363] Read of size 1 at addr ffff888179486004 by task syz-executor.0/2363 [ 50.894983][ T2363] [ 50.897976][ T2363] CPU: 0 PID: 2363 Comm: syz-executor.0 Not tainted 6.6.0-rc1-syzkaller #0 [ 50.907792][ T2363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 50.917833][ T2363] Call Trace: [ 50.921624][ T2363] [ 50.924629][ T2363] dump_stack_lvl+0xf8/0x260 [ 50.929217][ T2363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 50.934398][ T2363] ? __pfx__printk+0x10/0x10 [ 50.939059][ T2363] ? vprintk_emit+0x1aa/0x280 [ 50.943720][ T2363] ? _printk+0xce/0x120 [ 50.947960][ T2363] print_report+0x167/0x540 [ 50.952727][ T2363] ? bch2_sb_clean_to_text+0x139/0x1d0 [ 50.958281][ T2363] kasan_report+0x175/0x1b0 [ 50.963378][ T2363] ? bch2_sb_clean_to_text+0x139/0x1d0 [ 50.969203][ T2363] bch2_sb_clean_to_text+0x139/0x1d0 [ 50.974495][ T2363] bch2_sb_field_to_text+0x162/0x200 [ 50.980068][ T2363] bch2_sb_field_validate+0x1b5/0x270 [ 50.985514][ T2363] ? __pfx_bch2_sb_field_validate+0x10/0x10 [ 50.991381][ T2363] bch2_sb_validate+0x73d/0x910 [ 50.996487][ T2363] bch2_read_super+0x7be/0x1350 [ 51.001435][ T2363] ? __pfx_bch2_read_super+0x10/0x10 [ 51.007689][ T2363] ? bch2_fs_open+0x15e/0x2bb0 [ 51.012435][ T2363] ? rcu_is_watching+0x1f/0xa0 [ 51.017283][ T2363] ? bch2_fs_open+0x15e/0x2bb0 [ 51.022042][ T2363] ? __kmalloc+0xce/0x1d0 [ 51.026372][ T2363] bch2_fs_open+0x1c5/0x2bb0 [ 51.031053][ T2363] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 51.036957][ T2363] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 51.043268][ T2363] ? __pfx_stack_trace_save+0x10/0x10 [ 51.048733][ T2363] ? __stack_depot_save+0x358/0x440 [ 51.053902][ T2363] ? sget+0x1d4/0x3b0 [ 51.057853][ T2363] ? kasan_set_track+0x61/0x80 [ 51.062682][ T2363] ? kasan_set_track+0x4f/0x80 [ 51.067505][ T2363] ? kasan_save_free_info+0x28/0x40 [ 51.072759][ T2363] ? __pfx_bch2_fs_open+0x10/0x10 [ 51.077755][ T2363] ? bch2_mount+0x4f2/0x1120 [ 51.082506][ T2363] ? __pfx_down_write+0x10/0x10 [ 51.087876][ T2363] ? __kmem_cache_free+0x294/0x460 [ 51.093639][ T2363] ? __pfx_bch2_test_super+0x10/0x10 [ 51.099369][ T2363] ? sget+0x1d4/0x3b0 [ 51.103332][ T2363] ? __pfx_bch2_noset_super+0x10/0x10 [ 51.108675][ T2363] bch2_mount+0x564/0x1120 [ 51.113094][ T2363] ? __pfx_bch2_mount+0x10/0x10 [ 51.117944][ T2363] ? vfs_parse_fs_string+0x17f/0x220 [ 51.124253][ T2363] ? kfree+0x2c/0x180 [ 51.128393][ T2363] ? vfs_parse_fs_string+0x17f/0x220 [ 51.133732][ T2363] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 51.139522][ T2363] legacy_get_tree+0xe9/0x180 [ 51.144439][ T2363] ? __pfx_bch2_mount+0x10/0x10 [ 51.149971][ T2363] vfs_get_tree+0x82/0x190 [ 51.155161][ T2363] do_new_mount+0x1e5/0x930 [ 51.159660][ T2363] ? __pfx_do_new_mount+0x10/0x10 [ 51.164742][ T2363] ? user_path_at_empty+0xf1/0x150 [ 51.170002][ T2363] __se_sys_mount+0x242/0x2e0 [ 51.174651][ T2363] ? __pfx___se_sys_mount+0x10/0x10 [ 51.179820][ T2363] ? switch_fpu_return+0xcd/0x130 [ 51.185078][ T2363] do_syscall_64+0x46/0xc0 [ 51.189728][ T2363] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 51.195602][ T2363] RIP: 0033:0x7fd98087f3aa [ 51.200084][ T2363] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 51.219747][ T2363] RSP: 002b:00007fd98155aef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.228508][ T2363] RAX: ffffffffffffffda RBX: 00007fd98155af80 RCX: 00007fd98087f3aa [ 51.236480][ T2363] RDX: 0000000020011a00 RSI: 0000000020011a40 RDI: 00007fd98155af40 [ 51.244517][ T2363] RBP: 0000000020011a00 R08: 00007fd98155af80 R09: 0000000003004000 [ 51.252564][ T2363] R10: 0000000003004000 R11: 0000000000000246 R12: 0000000020011a40 [ 51.260570][ T2363] R13: 00007fd98155af40 R14: 0000000000011a04 R15: 0000000020000040 [ 51.268700][ T2363] [ 51.271697][ T2363] [ 51.274614][ T2363] Allocated by task 2363: [ 51.279181][ T2363] kasan_set_track+0x4f/0x80 [ 51.286478][ T2363] __kasan_kmalloc+0x98/0xb0 [ 51.291150][ T2363] __kmalloc_node_track_caller+0xab/0x1d0 [ 51.296855][ T2363] krealloc+0x7d/0x120 [ 51.300993][ T2363] bch2_sb_realloc+0x1bd/0x370 [ 51.305989][ T2363] read_one_super+0x6c2/0xd90 [ 51.310730][ T2363] bch2_read_super+0x625/0x1350 [ 51.315660][ T2363] bch2_fs_open+0x1c5/0x2bb0 [ 51.320254][ T2363] bch2_mount+0x564/0x1120 [ 51.324678][ T2363] legacy_get_tree+0xe9/0x180 [ 51.329358][ T2363] vfs_get_tree+0x82/0x190 [ 51.333774][ T2363] do_new_mount+0x1e5/0x930 [ 51.338276][ T2363] __se_sys_mount+0x242/0x2e0 [ 51.343851][ T2363] do_syscall_64+0x46/0xc0 [ 51.348359][ T2363] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 51.354363][ T2363] [ 51.356669][ T2363] The buggy address belongs to the object at ffff888179484000 [ 51.356669][ T2363] which belongs to the cache kmalloc-8k of size 8192 [ 51.370805][ T2363] The buggy address is located 4 bytes to the right of [ 51.370805][ T2363] allocated 8192-byte region [ffff888179484000, ffff888179486000) [ 51.385979][ T2363] [ 51.388297][ T2363] The buggy address belongs to the physical page: [ 51.394819][ T2363] page:ffffea0005e52000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x179480 [ 51.405052][ T2363] head:ffffea0005e52000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.414341][ T2363] anon flags: 0x100000000000840(slab|head|node=0|zone=2) [ 51.421721][ T2363] page_type: 0xffffffff() [ 51.426267][ T2363] raw: 0100000000000840 ffff888100042280 ffffea0005e4b200 0000000000000003 [ 51.435720][ T2363] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 51.444463][ T2363] page dumped because: kasan: bad access detected [ 51.450850][ T2363] page_owner tracks the page as allocated [ 51.456712][ T2363] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1442, tgid 1442 (sh), ts 23922127046, free_ts 23894025301 [ 51.477576][ T2363] post_alloc_hook+0x10f/0x130 [ 51.482504][ T2363] get_page_from_freelist+0x3baa/0x3db0 [ 51.488134][ T2363] __alloc_pages+0x255/0x650 [ 51.493563][ T2363] alloc_slab_page+0x6a/0x170 [ 51.498231][ T2363] new_slab+0x70/0x270 [ 51.502312][ T2363] ___slab_alloc+0x834/0xd60 [ 51.506876][ T2363] __kmem_cache_alloc_node+0x1aa/0x260 [ 51.512339][ T2363] kmalloc_trace+0x2a/0xc0 [ 51.516737][ T2363] tomoyo_init_log+0x1081/0x1fb0 [ 51.521663][ T2363] tomoyo_supervisor+0x316/0xfb0 [ 51.526570][ T2363] tomoyo_env_perm+0x131/0x1f0 [ 51.531310][ T2363] tomoyo_find_next_domain+0xf49/0x1700 [ 51.536914][ T2363] tomoyo_bprm_check_security+0xd4/0x100 [ 51.542653][ T2363] security_bprm_check+0x2a/0x80 [ 51.547562][ T2363] bprm_execve+0x75e/0x11b0 [ 51.552037][ T2363] do_execveat_common+0x44f/0x620 [ 51.557252][ T2363] page last free stack trace: [ 51.561987][ T2363] free_unref_page_prepare+0x7bd/0x8e0 [ 51.568292][ T2363] free_unref_page+0x37/0x3c0 [ 51.572944][ T2363] __unfreeze_partials+0x1b1/0x200 [ 51.578211][ T2363] put_cpu_partial+0xdc/0x120 [ 51.582945][ T2363] __slab_free+0x26f/0x330 [ 51.587355][ T2363] qlist_free_all+0x22/0x70 [ 51.591841][ T2363] kasan_quarantine_reduce+0x15b/0x180 [ 51.597283][ T2363] __kasan_slab_alloc+0x23/0x80 [ 51.602107][ T2363] slab_post_alloc_hook+0x67/0x3d0 [ 51.607286][ T2363] __kmem_cache_alloc_node+0x141/0x260 [ 51.612717][ T2363] kmalloc_trace+0x2a/0xc0 [ 51.617106][ T2363] tomoyo_init_log+0x1d2/0x1fb0 [ 51.621971][ T2363] tomoyo_supervisor+0x316/0xfb0 [ 51.627001][ T2363] tomoyo_check_open_permission+0x3f1/0x920 [ 51.633224][ T2363] security_file_open+0x2a/0x90 [ 51.638083][ T2363] do_dentry_open+0x2e6/0x1030 [ 51.642841][ T2363] [ 51.645143][ T2363] Memory state around the buggy address: [ 51.650755][ T2363] ffff888179485f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.659159][ T2363] ffff888179485f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.667922][ T2363] >ffff888179486000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.675992][ T2363] ^ [ 51.680047][ T2363] ffff888179486080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.688353][ T2363] ffff888179486100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 51.696989][ T2363] ================================================================== [ 51.705304][ T2363] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 51.713095][ T2363] Kernel Offset: disabled [ 51.717399][ T2363] Rebooting in 86400 seconds..