Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts. 2024/05/05 13:41:18 ignoring optional flag "sandboxArg"="0" 2024/05/05 13:41:18 parsed 1 programs 2024/05/05 13:41:18 executed programs: 0 [ 49.536250][ T1956] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.562777][ T1448] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 49.570112][ T1448] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.577366][ T1448] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.584957][ T1448] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 49.592550][ T1448] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 49.599749][ T1448] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 49.734957][ T1960] chnl_net:caif_netlink_parms(): no params data found [ 50.866364][ T1960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.598691][ T1960] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.665814][ T1448] Bluetooth: hci0: command 0x0409 tx timeout [ 53.084977][ T2364] loop0: detected capacity change from 0 to 32768 [ 53.112576][ T2364] bcachefs (loop0): mounting version 1.7: (unknown version) opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 53.126735][ T2364] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 53.139188][ T2364] bcachefs (loop0): error validating btree node on loop0 at btree lru level 0/0 [ 53.139195][ T2364] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a11787a6b9c68820 written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0 [ 53.139197][ T2364] node offset 8 bset u64s 49390: invalid checksum, exiting [ 53.169518][ T2364] bcachefs (loop0): Unable to continue, halting [ 53.175911][ T2364] error reading btree root lru, exiting [ 53.181526][ T2364] bcachefs (loop0): Unable to continue, halting [ 53.187978][ T2364] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 53.196057][ T2364] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 53.205499][ T2364] bcachefs (loop0): shutting down [ 53.231212][ T2364] bcachefs (loop0): shutdown complete [ 53.523749][ T2372] loop0: detected capacity change from 0 to 32768 [ 53.550143][ T2372] bcachefs (loop0): mounting version 1.7: (unknown version) opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 53.564506][ T2372] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 53.575739][ T2372] bcachefs (loop0): error validating btree node on loop0 at btree lru level 0/0 [ 53.575747][ T2372] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a11787a6b9c68820 written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0 [ 53.575751][ T2372] node offset 8 bset u64s 49390: invalid checksum, exiting [ 53.605953][ T2372] bcachefs (loop0): Unable to continue, halting [ 53.612271][ T2372] error reading btree root lru, exiting [ 53.617871][ T2372] bcachefs (loop0): Unable to continue, halting [ 53.624660][ T2372] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 53.632672][ T2372] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 53.642143][ T2372] bcachefs (loop0): shutting down [ 53.667256][ T2372] bcachefs (loop0): shutdown complete [ 53.755739][ T1448] Bluetooth: hci0: command 0x041b tx timeout [ 53.968790][ T2380] loop0: detected capacity change from 0 to 32768 [ 53.994395][ T2380] bcachefs (loop0): mounting version 1.7: (unknown version) opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 54.008722][ T2380] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 54.020417][ T2380] bcachefs (loop0): error validating btree node on loop0 at btree lru level 0/0 [ 54.020423][ T2380] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq a11787a6b9c68820 written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0 [ 54.020426][ T2380] node offset 8 bset u64s 49390: invalid checksum, exiting [ 54.050828][ T2380] bcachefs (loop0): Unable to continue, halting [ 54.057213][ T2380] error reading btree root lru, exiting [ 54.062750][ T2380] bcachefs (loop0): Unable to continue, halting [ 54.069046][ T2380] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed [ 54.077027][ T2380] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed [ 54.086482][ T2380] bcachefs (loop0): shutting down [ 54.111425][ T2380] bcachefs (loop0): shutdown complete [ 54.402369][ T2388] loop0: detected capacity change from 0 to 32768 [ 54.427902][ T2388] bcachefs (loop0): mounting version 1.7: (unknown version) opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 54.441930][ T2388] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 54.453860][ T2388] ================================================================== [ 54.461924][ T2388] BUG: KASAN: slab-out-of-bounds in poly1305_update_arch+0x1a2/0x840 [ 54.469963][ T2388] Read of size 8 at addr ffff88816b441790 by task syz-executor.0/2388 [ 54.478084][ T2388] [ 54.480384][ T2388] CPU: 1 PID: 2388 Comm: syz-executor.0 Not tainted 6.6.0-rc1-syzkaller #0 [ 54.488964][ T2388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 54.498990][ T2388] Call Trace: [ 54.502243][ T2388] [ 54.505144][ T2388] dump_stack_lvl+0xf8/0x260 [ 54.509707][ T2388] ? __pfx_dump_stack_lvl+0x10/0x10 [ 54.514877][ T2388] ? __pfx__printk+0x10/0x10 [ 54.519433][ T2388] ? _printk+0xce/0x120 [ 54.523560][ T2388] print_report+0x167/0x540 [ 54.528034][ T2388] ? poly1305_update_arch+0x1a2/0x840 [ 54.533375][ T2388] kasan_report+0x175/0x1b0 [ 54.537849][ T2388] ? poly1305_update_arch+0x1a2/0x840 [ 54.543188][ T2388] kasan_check_range+0x282/0x290 [ 54.548113][ T2388] ? poly1305_update_arch+0x1a2/0x840 [ 54.553537][ T2388] __asan_memcpy+0x29/0x70 [ 54.557925][ T2388] poly1305_update_arch+0x1a2/0x840 [ 54.563093][ T2388] crypto_poly1305_update+0xd/0x20 [ 54.568173][ T2388] crypto_shash_update+0x220/0x2a0 [ 54.573253][ T2388] ? __pfx_crypto_shash_update+0x10/0x10 [ 54.578854][ T2388] ? __pfx_mempool_kmalloc+0x10/0x10 [ 54.584105][ T2388] ? __stack_depot_save+0x1e/0x440 [ 54.589185][ T2388] ? arch_stack_walk+0xfc/0x150 [ 54.594003][ T2388] ? __pfx_mempool_kmalloc+0x10/0x10 [ 54.599262][ T2388] ? kasan_set_track+0x61/0x80 [ 54.604262][ T2388] ? kasan_set_track+0x4f/0x80 [ 54.608993][ T2388] ? __kasan_kmalloc+0x98/0xb0 [ 54.613725][ T2388] ? __kmalloc+0xaa/0x1d0 [ 54.618031][ T2388] ? mempool_alloc+0x136/0x490 [ 54.622782][ T2388] bch2_checksum+0x3aa/0x700 [ 54.627358][ T2388] ? __se_sys_mount+0x242/0x2e0 [ 54.632176][ T2388] ? do_syscall_64+0x46/0xc0 [ 54.636752][ T2388] ? entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 54.642811][ T2388] ? __pfx_bch2_checksum+0x10/0x10 [ 54.647904][ T2388] ? kfree+0x2c/0x180 [ 54.651866][ T2388] ? bch2_printbuf_exit+0x4d/0x80 [ 54.656871][ T2388] ? validate_bset_keys+0x14bb/0x1650 [ 54.662220][ T2388] ? kfree+0x2c/0x180 [ 54.666185][ T2388] ? bch2_printbuf_exit+0x4d/0x80 [ 54.671392][ T2388] ? bch2_btree_node_read_done+0x1525/0x4a10 [ 54.677366][ T2388] bch2_btree_node_read_done+0xb51/0x4a10 [ 54.683074][ T2388] ? bch2_bkey_ptrs_to_text+0xfc9/0x1950 [ 54.688697][ T2388] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 54.694913][ T2388] ? __lock_acquire+0x5cc/0xc10 [ 54.699747][ T2388] btree_node_read_work+0x602/0x1250 [ 54.705004][ T2388] ? do_raw_spin_unlock+0x13b/0x8b0 [ 54.710195][ T2388] ? __pfx_btree_node_read_work+0x10/0x10 [ 54.715909][ T2388] ? submit_bio_wait+0x120/0x1a0 [ 54.720839][ T2388] bch2_btree_node_read+0x1dc7/0x2ae0 [ 54.726186][ T2388] ? __pfx_lock_release+0x10/0x10 [ 54.731182][ T2388] ? __mutex_unlock_slowpath+0x20d/0x5c0 [ 54.736793][ T2388] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 54.742504][ T2388] ? bch2_btree_node_mem_alloc+0x953/0x1070 [ 54.748369][ T2388] ? bch2_btree_node_hash_insert+0x16e/0x1c0 [ 54.754324][ T2388] bch2_btree_root_read+0x2fc/0x7e0 [ 54.759493][ T2388] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 54.765181][ T2388] ? bch2_journal_log_msg+0xd5/0x120 [ 54.770433][ T2388] ? __pfx_bch2_fs_journal_start+0x10/0x10 [ 54.776213][ T2388] ? __pfx_bch2_journal_log_msg+0x10/0x10 [ 54.781907][ T2388] read_btree_roots+0x281/0x4d0 [ 54.786735][ T2388] bch2_fs_recovery+0x2d0d/0x4420 [ 54.791746][ T2388] ? __pfx_lock_acquire+0x10/0x10 [ 54.796748][ T2388] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 54.802091][ T2388] ? bch2_fs_start+0x6f0/0x9a0 [ 54.807091][ T2388] ? __pfx_lock_release+0x10/0x10 [ 54.812084][ T2388] ? __mutex_unlock_slowpath+0x20d/0x5c0 [ 54.817687][ T2388] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 54.823551][ T2388] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 54.829616][ T2388] ? __pfx_bch2_recalc_capacity+0x10/0x10 [ 54.835343][ T2388] ? __raw_spin_lock_init+0x45/0x100 [ 54.840623][ T2388] bch2_fs_start+0x76a/0x9a0 [ 54.845192][ T2388] ? __pfx_bch2_fs_start+0x10/0x10 [ 54.850273][ T2388] ? bch2_dev_attach_bdev+0x33f/0x420 [ 54.855619][ T2388] bch2_fs_open+0x207d/0x2bb0 [ 54.860356][ T2388] ? sget+0x1d4/0x3b0 [ 54.864307][ T2388] ? __pfx_bch2_fs_open+0x10/0x10 [ 54.869373][ T2388] ? bch2_mount+0x4f2/0x1120 [ 54.873952][ T2388] ? __kmem_cache_free+0x294/0x460 [ 54.879068][ T2388] ? __pfx_bch2_test_super+0x10/0x10 [ 54.884427][ T2388] ? sget+0x1d4/0x3b0 [ 54.888558][ T2388] ? __pfx_bch2_noset_super+0x10/0x10 [ 54.893907][ T2388] bch2_mount+0x564/0x1120 [ 54.898306][ T2388] ? __pfx_bch2_mount+0x10/0x10 [ 54.903132][ T2388] ? vfs_parse_fs_string+0x17f/0x220 [ 54.908407][ T2388] ? kfree+0x2c/0x180 [ 54.912358][ T2388] ? vfs_parse_fs_string+0x17f/0x220 [ 54.917614][ T2388] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 54.923218][ T2388] legacy_get_tree+0xe9/0x180 [ 54.928211][ T2388] ? __pfx_bch2_mount+0x10/0x10 [ 54.933029][ T2388] vfs_get_tree+0x82/0x190 [ 54.937417][ T2388] do_new_mount+0x1e5/0x930 [ 54.941891][ T2388] ? __pfx_do_new_mount+0x10/0x10 [ 54.946887][ T2388] ? user_path_at_empty+0xf1/0x150 [ 54.951967][ T2388] __se_sys_mount+0x242/0x2e0 [ 54.956612][ T2388] ? __pfx___se_sys_mount+0x10/0x10 [ 54.961776][ T2388] ? switch_fpu_return+0xcd/0x130 [ 54.966947][ T2388] do_syscall_64+0x46/0xc0 [ 54.971421][ T2388] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 54.977292][ T2388] RIP: 0033:0x7f46ef67f3aa [ 54.981680][ T2388] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.001291][ T2388] RSP: 002b:00007f46f03dfef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.009692][ T2388] RAX: ffffffffffffffda RBX: 00007f46f03dff80 RCX: 00007f46ef67f3aa [ 55.017640][ T2388] RDX: 0000000020011a00 RSI: 0000000020011a40 RDI: 00007f46f03dff40 [ 55.025617][ T2388] RBP: 0000000020011a00 R08: 00007f46f03dff80 R09: 0000000001200014 [ 55.033559][ T2388] R10: 0000000001200014 R11: 0000000000000246 R12: 0000000020011a40 [ 55.041515][ T2388] R13: 00007f46f03dff40 R14: 00000000000119f9 R15: 0000000020000100 [ 55.049638][ T2388] [ 55.052628][ T2388] [ 55.054925][ T2388] Allocated by task 2132: [ 55.059313][ T2388] kasan_set_track+0x4f/0x80 [ 55.063878][ T2388] __kasan_slab_alloc+0x66/0x80 [ 55.068705][ T2388] slab_post_alloc_hook+0x67/0x3d0 [ 55.073792][ T2388] kmem_cache_alloc+0x11f/0x2a0 [ 55.078628][ T2388] security_file_alloc+0x23/0x100 [ 55.083620][ T2388] init_file+0x87/0x1e0 [ 55.087753][ T2388] alloc_empty_file+0x7f/0x160 [ 55.092487][ T2388] path_openat+0xff/0x2760 [ 55.096875][ T2388] do_filp_open+0x22a/0x440 [ 55.101347][ T2388] do_sys_openat2+0xf6/0x180 [ 55.105991][ T2388] __x64_sys_openat+0x20d/0x260 [ 55.110826][ T2388] do_syscall_64+0x46/0xc0 [ 55.115217][ T2388] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 55.121094][ T2388] [ 55.123397][ T2388] Freed by task 2132: [ 55.127353][ T2388] kasan_set_track+0x4f/0x80 [ 55.131920][ T2388] kasan_save_free_info+0x28/0x40 [ 55.137004][ T2388] ____kasan_slab_free+0x122/0x1f0 [ 55.142101][ T2388] kmem_cache_free+0x2ba/0x4f0 [ 55.146874][ T2388] __fput+0x4a3/0x6f0 [ 55.150827][ T2388] task_work_run+0x20e/0x280 [ 55.155392][ T2388] exit_to_user_mode_loop+0xa4/0xc0 [ 55.160589][ T2388] exit_to_user_mode_prepare+0x64/0xb0 [ 55.166038][ T2388] syscall_exit_to_user_mode+0x2c/0x1e0 [ 55.171677][ T2388] do_syscall_64+0x55/0xc0 [ 55.176082][ T2388] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 55.181962][ T2388] [ 55.184262][ T2388] The buggy address belongs to the object at ffff88816b441780 [ 55.184262][ T2388] which belongs to the cache lsm_file_cache of size 16 [ 55.198471][ T2388] The buggy address is located 0 bytes to the right of [ 55.198471][ T2388] allocated 16-byte region [ffff88816b441780, ffff88816b441790) [ 55.212931][ T2388] [ 55.215230][ T2388] The buggy address belongs to the physical page: [ 55.221612][ T2388] page:ffffea0005ad1040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16b441 [ 55.231821][ T2388] anon flags: 0x100000000000800(slab|node=0|zone=2) [ 55.238381][ T2388] page_type: 0xffffffff() [ 55.242678][ T2388] raw: 0100000000000800 ffff888101a63280 0000000000000000 0000000000000001 [ 55.251249][ T2388] raw: 0000000000000000 0000000000800080 00000001ffffffff 0000000000000000 [ 55.259820][ T2388] page dumped because: kasan: bad access detected [ 55.266201][ T2388] page_owner tracks the page as allocated [ 55.271906][ T2388] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1742, tgid 1742 (modprobe), ts 28104901894, free_ts 28084913327 [ 55.289868][ T2388] post_alloc_hook+0x10f/0x130 [ 55.294603][ T2388] get_page_from_freelist+0x3baa/0x3db0 [ 55.300121][ T2388] __alloc_pages+0x255/0x650 [ 55.304684][ T2388] alloc_slab_page+0x6a/0x170 [ 55.309329][ T2388] new_slab+0x70/0x270 [ 55.313373][ T2388] ___slab_alloc+0x834/0xd60 [ 55.318064][ T2388] kmem_cache_alloc+0x1a6/0x2a0 [ 55.322888][ T2388] security_file_alloc+0x23/0x100 [ 55.327885][ T2388] init_file+0x87/0x1e0 [ 55.332035][ T2388] alloc_empty_file+0x7f/0x160 [ 55.336784][ T2388] path_openat+0xff/0x2760 [ 55.341168][ T2388] do_filp_open+0x22a/0x440 [ 55.345760][ T2388] do_sys_openat2+0xf6/0x180 [ 55.350338][ T2388] __x64_sys_openat+0x20d/0x260 [ 55.355164][ T2388] do_syscall_64+0x46/0xc0 [ 55.359555][ T2388] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 55.365419][ T2388] page last free stack trace: [ 55.370064][ T2388] free_unref_page_prepare+0x7bd/0x8e0 [ 55.375509][ T2388] free_unref_page+0x37/0x3c0 [ 55.380157][ T2388] tlb_finish_mmu+0x13f/0x1c0 [ 55.384822][ T2388] exit_mmap+0x411/0x970 [ 55.389051][ T2388] __mmput+0x9b/0x2d0 [ 55.393008][ T2388] exit_mm+0x113/0x1b0 [ 55.397047][ T2388] do_exit+0x7c7/0x2350 [ 55.401176][ T2388] do_group_exit+0x1b9/0x280 [ 55.405736][ T2388] __x64_sys_exit_group+0x3f/0x40 [ 55.410754][ T2388] do_syscall_64+0x46/0xc0 [ 55.415140][ T2388] entry_SYSCALL_64_after_hwframe+0x6f/0xd9 [ 55.421025][ T2388] [ 55.423409][ T2388] Memory state around the buggy address: [ 55.429004][ T2388] ffff88816b441680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.437035][ T2388] ffff88816b441700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.445068][ T2388] >ffff88816b441780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.453093][ T2388] ^ [ 55.457648][ T2388] ffff88816b441800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.465680][ T2388] ffff88816b441880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 55.473712][ T2388] ================================================================== [ 55.482056][ T2388] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.489565][ T2388] Kernel Offset: disabled [ 55.493871][ T2388] Rebooting in 86400 seconds..