Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. 2024/05/06 04:46:05 ignoring optional flag "sandboxArg"="0" 2024/05/06 04:46:05 parsed 1 programs 2024/05/06 04:46:05 executed programs: 0 [ 48.006235][ T1968] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.032029][ T1291] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 48.039263][ T1291] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 48.046462][ T1291] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 48.053748][ T1291] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 48.061060][ T1291] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 48.068255][ T1291] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 48.197819][ T1973] chnl_net:caif_netlink_parms(): no params data found [ 49.281906][ T1973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.991115][ T1973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.136126][ T1455] Bluetooth: hci0: command 0x0409 tx timeout [ 51.394928][ T2377] loop0: detected capacity change from 0 to 32768 [ 51.404575][ T2377] ================================================================== [ 51.412662][ T2377] BUG: KASAN: slab-out-of-bounds in bch2_sb_downgrade_to_text+0xe67/0x1e10 [ 51.421227][ T2377] Read of size 2 at addr ffff8881772f2000 by task syz-executor.0/2377 [ 51.429350][ T2377] [ 51.431672][ T2377] CPU: 1 PID: 2377 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller #0 [ 51.440252][ T2377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 51.450290][ T2377] Call Trace: [ 51.453561][ T2377] [ 51.456472][ T2377] dump_stack_lvl+0xf8/0x260 [ 51.461042][ T2377] ? __pfx_dump_stack_lvl+0x10/0x10 [ 51.466210][ T2377] ? __pfx__printk+0x10/0x10 [ 51.470780][ T2377] ? _printk+0xce/0x120 [ 51.474906][ T2377] print_report+0x167/0x540 [ 51.479390][ T2377] ? bch2_sb_downgrade_to_text+0xe67/0x1e10 [ 51.485252][ T2377] kasan_report+0x142/0x180 [ 51.489727][ T2377] ? bch2_sb_downgrade_to_text+0xe67/0x1e10 [ 51.495593][ T2377] bch2_sb_downgrade_to_text+0xe67/0x1e10 [ 51.501285][ T2377] bch2_sb_field_to_text+0x162/0x200 [ 51.506542][ T2377] bch2_sb_field_validate+0x1b5/0x270 [ 51.511886][ T2377] ? __pfx_bch2_sb_field_validate+0x10/0x10 [ 51.517752][ T2377] bch2_sb_validate+0x73d/0x910 [ 51.522576][ T2377] bch2_read_super+0x69a/0x11a0 [ 51.527406][ T2377] ? __pfx_bch2_read_super+0x10/0x10 [ 51.532690][ T2377] ? bch2_fs_open+0x2226/0x2b10 [ 51.537612][ T2377] ? rcu_is_watching+0x1f/0xa0 [ 51.542435][ T2377] ? kvmalloc_node+0x42/0xf0 [ 51.547082][ T2377] ? __kmalloc_node+0xd1/0x1d0 [ 51.551819][ T2377] ? __bch2_darray_resize+0x111/0x180 [ 51.557163][ T2377] ? kfree+0x2c/0x180 [ 51.561117][ T2377] ? __bch2_darray_resize+0x111/0x180 [ 51.566634][ T2377] bch2_fs_open+0x2c7/0x2b10 [ 51.571218][ T2377] ? unwind_next_frame+0x1a0d/0x2390 [ 51.576476][ T2377] ? __lock_acquire+0x5cc/0xc10 [ 51.581308][ T2377] ? __pfx_bch2_fs_open+0x10/0x10 [ 51.586305][ T2377] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 51.592171][ T2377] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 51.598467][ T2377] ? __pfx_stack_trace_save+0x10/0x10 [ 51.603815][ T2377] ? __stack_depot_save+0x358/0x440 [ 51.608986][ T2377] ? sget+0x1d4/0x3d0 [ 51.613028][ T2377] ? kasan_set_track+0x61/0x80 [ 51.617759][ T2377] ? kasan_set_track+0x4f/0x80 [ 51.622491][ T2377] ? kasan_save_free_info+0x28/0x40 [ 51.627662][ T2377] ? ____kasan_slab_free+0x122/0x1f0 [ 51.632917][ T2377] ? __kmem_cache_free+0x2bc/0x470 [ 51.638005][ T2377] ? sget+0x1d4/0x3d0 [ 51.641962][ T2377] ? bch2_mount+0x4e9/0x1080 [ 51.646527][ T2377] ? legacy_get_tree+0xe9/0x180 [ 51.651347][ T2377] ? vfs_get_tree+0x82/0x190 [ 51.656086][ T2377] ? do_new_mount+0x1e5/0x930 [ 51.660737][ T2377] ? __se_sys_mount+0x242/0x2e0 [ 51.665556][ T2377] ? do_syscall_64+0x4d/0x120 [ 51.670204][ T2377] ? entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 51.676280][ T2377] ? __pfx_bch2_test_super+0x10/0x10 [ 51.681553][ T2377] ? sget+0x1d4/0x3d0 [ 51.685529][ T2377] ? __pfx_bch2_noset_super+0x10/0x10 [ 51.690881][ T2377] bch2_mount+0x561/0x1080 [ 51.695366][ T2377] ? __pfx_bch2_mount+0x10/0x10 [ 51.700189][ T2377] ? vfs_parse_fs_string+0x17f/0x220 [ 51.705444][ T2377] ? kfree+0x2c/0x180 [ 51.709398][ T2377] ? vfs_parse_fs_string+0x17f/0x220 [ 51.714655][ T2377] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 51.720256][ T2377] legacy_get_tree+0xe9/0x180 [ 51.724909][ T2377] ? __pfx_bch2_mount+0x10/0x10 [ 51.729727][ T2377] vfs_get_tree+0x82/0x190 [ 51.734134][ T2377] do_new_mount+0x1e5/0x930 [ 51.738607][ T2377] ? __pfx_do_new_mount+0x10/0x10 [ 51.743627][ T2377] __se_sys_mount+0x242/0x2e0 [ 51.748292][ T2377] ? __pfx___se_sys_mount+0x10/0x10 [ 51.753482][ T2377] ? switch_fpu_return+0xcd/0x130 [ 51.758516][ T2377] do_syscall_64+0x4d/0x120 [ 51.763013][ T2377] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 51.768890][ T2377] RIP: 0033:0x7f596627f3aa [ 51.773281][ T2377] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 51.793032][ T2377] RSP: 002b:00007f59670c6ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.801438][ T2377] RAX: ffffffffffffffda RBX: 00007f59670c6f80 RCX: 00007f596627f3aa [ 51.809470][ T2377] RDX: 0000000020011a00 RSI: 0000000020000000 RDI: 00007f59670c6f40 [ 51.817588][ T2377] RBP: 0000000020011a00 R08: 00007f59670c6f80 R09: 0000000003a04000 [ 51.825721][ T2377] R10: 0000000003a04000 R11: 0000000000000246 R12: 0000000020000000 [ 51.834811][ T2377] R13: 00007f59670c6f40 R14: 0000000000011a04 R15: 0000000020000600 [ 51.842855][ T2377] [ 51.845946][ T2377] [ 51.848255][ T2377] Allocated by task 2377: [ 51.852657][ T2377] kasan_set_track+0x4f/0x80 [ 51.857227][ T2377] __kasan_kmalloc+0x98/0xb0 [ 51.861874][ T2377] __kmalloc_node_track_caller+0xab/0x1d0 [ 51.867571][ T2377] krealloc+0x7d/0x120 [ 51.871614][ T2377] bch2_sb_realloc+0x1bd/0x370 [ 51.876367][ T2377] read_one_super+0x6c2/0xd90 [ 51.881032][ T2377] bch2_read_super+0x54d/0x11a0 [ 51.885874][ T2377] bch2_fs_open+0x2c7/0x2b10 [ 51.890438][ T2377] bch2_mount+0x561/0x1080 [ 51.894826][ T2377] legacy_get_tree+0xe9/0x180 [ 51.899473][ T2377] vfs_get_tree+0x82/0x190 [ 51.903947][ T2377] do_new_mount+0x1e5/0x930 [ 51.908438][ T2377] __se_sys_mount+0x242/0x2e0 [ 51.913085][ T2377] do_syscall_64+0x4d/0x120 [ 51.917569][ T2377] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 51.923437][ T2377] [ 51.925741][ T2377] The buggy address belongs to the object at ffff8881772f0000 [ 51.925741][ T2377] which belongs to the cache kmalloc-8k of size 8192 [ 51.939768][ T2377] The buggy address is located 0 bytes to the right of [ 51.939768][ T2377] allocated 8192-byte region [ffff8881772f0000, ffff8881772f2000) [ 51.954315][ T2377] [ 51.956722][ T2377] The buggy address belongs to the physical page: [ 51.963112][ T2377] page:ffffea0005dcbc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1772f0 [ 51.973339][ T2377] head:ffffea0005dcbc00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 51.982248][ T2377] anon flags: 0x100000000000840(slab|head|node=0|zone=2) [ 51.989414][ T2377] page_type: 0xffffffff() [ 51.993716][ T2377] raw: 0100000000000840 ffff888100042280 0000000000000000 0000000000000001 [ 52.002275][ T2377] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 52.010914][ T2377] page dumped because: kasan: bad access detected [ 52.017558][ T2377] page_owner tracks the page as allocated [ 52.023260][ T2377] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1451, tgid 1451 (sh), ts 25066330815, free_ts 25029055594 [ 52.043015][ T2377] post_alloc_hook+0x10f/0x130 [ 52.047753][ T2377] get_page_from_freelist+0x3e5f/0x4080 [ 52.053272][ T2377] __alloc_pages+0x255/0x650 [ 52.057913][ T2377] alloc_pages_mpol+0x27f/0x4d0 [ 52.062740][ T2377] alloc_slab_page+0x6a/0x170 [ 52.067402][ T2377] new_slab+0x70/0x270 [ 52.071446][ T2377] ___slab_alloc+0x94b/0xee0 [ 52.076004][ T2377] __kmem_cache_alloc_node+0x1fb/0x2c0 [ 52.081431][ T2377] kmalloc_trace+0x2a/0xc0 [ 52.085818][ T2377] tomoyo_init_log+0x10ad/0x1fe0 [ 52.090732][ T2377] tomoyo_supervisor+0x316/0xfb0 [ 52.095643][ T2377] tomoyo_find_next_domain+0x2c7/0x1700 [ 52.101301][ T2377] tomoyo_bprm_check_security+0xfa/0x130 [ 52.106901][ T2377] security_bprm_check+0x2a/0x80 [ 52.111807][ T2377] bprm_execve+0x87f/0x13b0 [ 52.116284][ T2377] do_execveat_common+0x44f/0x620 [ 52.121302][ T2377] page last free stack trace: [ 52.125943][ T2377] free_unref_page_prepare+0x7e7/0x900 [ 52.131399][ T2377] free_unref_page+0x37/0x3a0 [ 52.136060][ T2377] __unfreeze_partials+0x1b1/0x200 [ 52.141167][ T2377] put_cpu_partial+0x150/0x1b0 [ 52.145922][ T2377] __slab_free+0x26f/0x330 [ 52.150341][ T2377] qlist_free_all+0x75/0xe0 [ 52.154836][ T2377] kasan_quarantine_reduce+0x14f/0x170 [ 52.160283][ T2377] __kasan_slab_alloc+0x23/0x80 [ 52.165107][ T2377] slab_post_alloc_hook+0x67/0x3c0 [ 52.170194][ T2377] __kmem_cache_alloc_node+0x1b2/0x2c0 [ 52.175631][ T2377] kmalloc_trace+0x2a/0xc0 [ 52.180017][ T2377] tomoyo_init_log+0x1d2/0x1fe0 [ 52.184836][ T2377] tomoyo_supervisor+0x316/0xfb0 [ 52.189741][ T2377] tomoyo_check_open_permission+0x679/0x960 [ 52.195603][ T2377] security_file_open+0x2a/0x90 [ 52.200429][ T2377] do_dentry_open+0x2ee/0x11c0 [ 52.205271][ T2377] [ 52.207571][ T2377] Memory state around the buggy address: [ 52.213256][ T2377] ffff8881772f1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.221287][ T2377] ffff8881772f1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.229337][ T2377] >ffff8881772f2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.237380][ T2377] ^ [ 52.241511][ T2377] ffff8881772f2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.249559][ T2377] ffff8881772f2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.257615][ T2377] ================================================================== [ 52.265877][ T2377] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 52.273415][ T2377] Kernel Offset: disabled [ 52.277735][ T2377] Rebooting in 86400 seconds..