Warning: Permanently added '10.128.1.235' (ED25519) to the list of known hosts. 2024/08/16 19:15:55 ignoring optional flag "sandboxArg"="0" 2024/08/16 19:15:55 parsed 1 programs 2024/08/16 19:15:55 executed programs: 0 [ 47.129516][ T1903] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.155441][ T1313] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 47.162654][ T1313] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 47.169834][ T1313] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 47.177683][ T1313] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 47.185285][ T1313] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 47.192559][ T1313] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 47.348203][ T1908] chnl_net:caif_netlink_parms(): no params data found [ 48.718250][ T1908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.261982][ T1313] Bluetooth: hci0: command tx timeout [ 49.598534][ T1908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.331916][ T1313] Bluetooth: hci0: command tx timeout [ 51.346771][ T2309] loop0: detected capacity change from 0 to 32768 [ 51.380063][ T2309] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 51.393904][ T2309] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 51.402065][ T2309] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.10: disk_accounting_v3 [ 51.402065][ T2309] running recovery passes: check_allocations [ 51.436104][ T2309] ================================================================== [ 51.444171][ T2309] BUG: KASAN: slab-use-after-free in scatterwalk_copychunks+0x168/0x410 [ 51.452476][ T2309] Read of size 40 at addr ffff88816c840000 by task syz-executor.0/2309 [ 51.460685][ T2309] [ 51.462984][ T2309] CPU: 1 UID: 0 PID: 2309 Comm: syz-executor.0 Not tainted 6.11.0-rc3-syzkaller #0 [ 51.472255][ T2309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 51.482290][ T2309] Call Trace: [ 51.485563][ T2309] [ 51.488572][ T2309] dump_stack_lvl+0x108/0x280 [ 51.493236][ T2309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 51.498427][ T2309] ? __pfx__printk+0x10/0x10 [ 51.503003][ T2309] ? lock_acquire+0xc2/0x3a0 [ 51.507592][ T2309] ? __pfx_lock_acquire+0x10/0x10 [ 51.512612][ T2309] ? __virt_addr_valid+0x141/0x270 [ 51.517699][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.523349][ T2309] ? __virt_addr_valid+0x229/0x270 [ 51.528442][ T2309] print_report+0x169/0x550 [ 51.532919][ T2309] ? __virt_addr_valid+0x141/0x270 [ 51.537999][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.543600][ T2309] ? __virt_addr_valid+0x229/0x270 [ 51.548679][ T2309] ? scatterwalk_copychunks+0x168/0x410 [ 51.554194][ T2309] kasan_report+0x143/0x180 [ 51.559018][ T2309] ? scatterwalk_copychunks+0x168/0x410 [ 51.564536][ T2309] kasan_check_range+0x282/0x290 [ 51.569476][ T2309] ? scatterwalk_copychunks+0x168/0x410 [ 51.574994][ T2309] __asan_memcpy+0x29/0x70 [ 51.579666][ T2309] scatterwalk_copychunks+0x168/0x410 [ 51.585026][ T2309] skcipher_next_slow+0x315/0x410 [ 51.590113][ T2309] skcipher_walk_next+0x578/0xaa0 [ 51.595112][ T2309] chacha_simd_stream_xor+0x690/0xcb0 [ 51.600472][ T2309] ? __pfx_lock_release+0x10/0x10 [ 51.605469][ T2309] ? __pfx_chacha_simd_stream_xor+0x10/0x10 [ 51.611451][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.617055][ T2309] ? do_raw_spin_unlock+0x13c/0x8b0 [ 51.622225][ T2309] do_encrypt+0x5e9/0x720 [ 51.626526][ T2309] ? btree_node_read_work+0x647/0x1160 [ 51.631994][ T2309] ? __pfx_do_encrypt+0x10/0x10 [ 51.636842][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.642459][ T2309] ? stack_depot_save_flags+0x629/0x6c0 [ 51.647979][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.653599][ T2309] ? kasan_save_track+0x51/0x80 [ 51.658416][ T2309] ? kasan_save_track+0x3f/0x80 [ 51.663235][ T2309] ? kasan_save_free_info+0x40/0x50 [ 51.668485][ T2309] ? poison_slab_object+0xe0/0x150 [ 51.673565][ T2309] ? __kasan_slab_free+0x37/0x60 [ 51.678467][ T2309] ? kfree+0x12f/0x310 [ 51.682505][ T2309] ? bch2_printbuf_exit+0x4d/0x80 [ 51.687498][ T2309] ? __btree_err+0x726/0xa40 [ 51.692145][ T2309] ? bch2_btree_node_read_done+0x1213/0x58c0 [ 51.698089][ T2309] ? btree_node_read_work+0x647/0x1160 [ 51.703533][ T2309] ? bch2_btree_node_read+0x2001/0x2b70 [ 51.709045][ T2309] ? bch2_btree_root_read+0x2d5/0x860 [ 51.714470][ T2309] ? read_btree_roots+0x2e4/0x670 [ 51.719460][ T2309] ? bch2_fs_recovery+0x4022/0x6800 [ 51.724626][ T2309] ? bch2_fs_start+0x2d8/0x490 [ 51.729354][ T2309] ? bch2_fs_get_tree+0x78f/0x1490 [ 51.734431][ T2309] ? vfs_get_tree+0x84/0x190 [ 51.738988][ T2309] ? do_new_mount+0x21e/0x9b0 [ 51.743629][ T2309] ? __se_sys_mount+0x23c/0x2d0 [ 51.748469][ T2309] ? do_syscall_64+0x8d/0x190 [ 51.753218][ T2309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.759279][ T2309] ? __pfx_bch2_csum_err_msg+0x10/0x10 [ 51.764710][ T2309] bch2_btree_node_read_done+0x138a/0x58c0 [ 51.770496][ T2309] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 51.776622][ T2309] ? bch2_bkey_pick_read_device+0x1ef/0x19b0 [ 51.782574][ T2309] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 51.788801][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.794408][ T2309] ? bch2_bkey_val_to_text+0x6d/0x120 [ 51.799754][ T2309] ? btree_node_read_work+0x532/0x1160 [ 51.805186][ T2309] btree_node_read_work+0x647/0x1160 [ 51.810446][ T2309] ? __pfx_btree_node_read_work+0x10/0x10 [ 51.816132][ T2309] ? __bch2_time_stats_update+0xd0/0x290 [ 51.821737][ T2309] ? __pfx_bch2_latency_acct+0x10/0x10 [ 51.827162][ T2309] ? bio_associate_blkg+0x54/0x140 [ 51.832416][ T2309] bch2_btree_node_read+0x2001/0x2b70 [ 51.837758][ T2309] ? __bch2_btree_node_hash_insert+0x7ed/0xe20 [ 51.843881][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.849479][ T2309] ? __mutex_unlock_slowpath+0x20e/0x5c0 [ 51.855202][ T2309] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 51.860894][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.866497][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.872128][ T2309] ? bch2_btree_node_hash_insert+0x16e/0x1c0 [ 51.878074][ T2309] bch2_btree_root_read+0x2d5/0x860 [ 51.883241][ T2309] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 51.888934][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.894535][ T2309] ? bch2_current_has_btree_trans+0x103/0x140 [ 51.900568][ T2309] read_btree_roots+0x2e4/0x670 [ 51.905394][ T2309] bch2_fs_recovery+0x4022/0x6800 [ 51.910383][ T2309] ? do_new_mount+0x21e/0x9b0 [ 51.915025][ T2309] ? __se_sys_mount+0x23c/0x2d0 [ 51.919838][ T2309] ? do_syscall_64+0x8d/0x190 [ 51.924486][ T2309] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 51.929824][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.935421][ T2309] ? __lock_acquire+0x61d/0xc60 [ 51.940263][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.945949][ T2309] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 51.951574][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.957200][ T2309] ? __pfx_lock_release+0x10/0x10 [ 51.962192][ T2309] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 51.967792][ T2309] ? __pfx_lock_release+0x10/0x10 [ 51.972782][ T2309] ? __mutex_unlock_slowpath+0x20e/0x5c0 [ 51.978381][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.983998][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 51.989598][ T2309] ? bch2_get_next_online_dev+0x2fa/0x3a0 [ 51.995285][ T2309] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 52.000887][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.006490][ T2309] bch2_fs_start+0x2d8/0x490 [ 52.011049][ T2309] bch2_fs_get_tree+0x78f/0x1490 [ 52.015960][ T2309] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 52.021302][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.026897][ T2309] ? aa_get_newest_label+0x9b/0x340 [ 52.032059][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.037672][ T2309] ? generic_parse_monolithic+0x115/0x3a0 [ 52.043363][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.048958][ T2309] ? apparmor_capable+0xb3/0xf0 [ 52.053799][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.059396][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.064991][ T2309] ? security_capable+0x45/0xa0 [ 52.069808][ T2309] vfs_get_tree+0x84/0x190 [ 52.074193][ T2309] do_new_mount+0x21e/0x9b0 [ 52.078672][ T2309] ? __pfx_do_new_mount+0x10/0x10 [ 52.083749][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.089349][ T2309] ? kmem_cache_free+0x12c/0x3b0 [ 52.094270][ T2309] __se_sys_mount+0x23c/0x2d0 [ 52.099004][ T2309] ? __pfx___se_sys_mount+0x10/0x10 [ 52.104168][ T2309] ? srso_alias_return_thunk+0x5/0xfbef5 [ 52.109766][ T2309] ? switch_fpu_return+0xce/0x140 [ 52.114757][ T2309] do_syscall_64+0x8d/0x190 [ 52.119228][ T2309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.125087][ T2309] RIP: 0033:0x7fe64167f3aa [ 52.129556][ T2309] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 52.149140][ T2309] RSP: 002b:00007fe642362ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.157524][ T2309] RAX: ffffffffffffffda RBX: 00007fe642362f80 RCX: 00007fe64167f3aa [ 52.165557][ T2309] RDX: 0000000020011a00 RSI: 0000000020011a40 RDI: 00007fe642362f40 [ 52.173503][ T2309] RBP: 0000000020011a00 R08: 00007fe642362f80 R09: 0000000001200014 [ 52.181444][ T2309] R10: 0000000001200014 R11: 0000000000000246 R12: 0000000020011a40 [ 52.189405][ T2309] R13: 00007fe642362f40 R14: 00000000000119f9 R15: 0000000020000100 [ 52.197361][ T2309] [ 52.200350][ T2309] [ 52.202643][ T2309] Allocated by task 2038: [ 52.206950][ T2309] kasan_save_track+0x3f/0x80 [ 52.211596][ T2309] __kasan_slab_alloc+0x66/0x80 [ 52.216411][ T2309] kmem_cache_alloc_noprof+0x12b/0x350 [ 52.221836][ T2309] mas_alloc_nodes+0x22e/0x780 [ 52.226564][ T2309] mas_wr_spanning_store+0x46c/0x3750 [ 52.231901][ T2309] mas_store_gfp+0x20b/0x420 [ 52.236453][ T2309] do_vmi_align_munmap+0xa63/0x13c0 [ 52.241616][ T2309] do_vmi_munmap+0x1c4/0x230 [ 52.246170][ T2309] mmap_region+0x60d/0x1970 [ 52.250649][ T2309] do_mmap+0x709/0xc80 [ 52.254686][ T2309] vm_mmap_pgoff+0x1aa/0x320 [ 52.259327][ T2309] do_syscall_64+0x8d/0x190 [ 52.263793][ T2309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.269737][ T2309] [ 52.272032][ T2309] Freed by task 2038: [ 52.276062][ T2309] kasan_save_track+0x3f/0x80 [ 52.280702][ T2309] kasan_save_free_info+0x40/0x50 [ 52.285688][ T2309] poison_slab_object+0xe0/0x150 [ 52.290589][ T2309] __kasan_slab_free+0x37/0x60 [ 52.295315][ T2309] kmem_cache_free+0x12c/0x3b0 [ 52.300043][ T2309] mas_destroy+0x212d/0x2b00 [ 52.304620][ T2309] mas_nomem+0x47/0x190 [ 52.308743][ T2309] mas_store_gfp+0x217/0x420 [ 52.313301][ T2309] do_vmi_align_munmap+0xa63/0x13c0 [ 52.318463][ T2309] do_vmi_munmap+0x1c4/0x230 [ 52.323102][ T2309] mmap_region+0x60d/0x1970 [ 52.327567][ T2309] do_mmap+0x709/0xc80 [ 52.331687][ T2309] vm_mmap_pgoff+0x1aa/0x320 [ 52.336243][ T2309] do_syscall_64+0x8d/0x190 [ 52.340708][ T2309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.346565][ T2309] [ 52.348861][ T2309] The buggy address belongs to the object at ffff88816c840000 [ 52.348861][ T2309] which belongs to the cache maple_node of size 256 [ 52.363057][ T2309] The buggy address is located 0 bytes inside of [ 52.363057][ T2309] freed 256-byte region [ffff88816c840000, ffff88816c840100) [ 52.376645][ T2309] [ 52.378941][ T2309] The buggy address belongs to the physical page: [ 52.385335][ T2309] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16c840 [ 52.394147][ T2309] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 52.402611][ T2309] flags: 0x100000000000040(head|node=0|zone=2) [ 52.408820][ T2309] page_type: 0xfdffffff(slab) [ 52.413462][ T2309] raw: 0100000000000040 ffff88810008e000 dead000000000122 0000000000000000 [ 52.422096][ T2309] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 52.430644][ T2309] head: 0100000000000040 ffff88810008e000 dead000000000122 0000000000000000 [ 52.439393][ T2309] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 52.448143][ T2309] head: 0100000000000001 ffffea0005b21001 ffffffffffffffff 0000000000000000 [ 52.456804][ T2309] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 52.465445][ T2309] page dumped because: kasan: bad access detected [ 52.471830][ T2309] page_owner tracks the page as allocated [ 52.477515][ T2309] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x152800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2038, tgid 2038 (modprobe), ts 48506674807, free_ts 48412659452 [ 52.496705][ T2309] post_alloc_hook+0x10f/0x130 [ 52.501676][ T2309] get_page_from_freelist+0x3712/0x3820 [ 52.507237][ T2309] __alloc_pages_noprof+0x256/0x670 [ 52.512411][ T2309] alloc_slab_page+0x5f/0x120 [ 52.517057][ T2309] allocate_slab+0x5d/0x290 [ 52.521527][ T2309] ___slab_alloc+0xa7f/0x11d0 [ 52.526177][ T2309] kmem_cache_alloc_noprof+0x1eb/0x350 [ 52.531605][ T2309] mas_alloc_nodes+0x22e/0x780 [ 52.536340][ T2309] mas_wr_spanning_store+0x46c/0x3750 [ 52.541679][ T2309] mas_store_gfp+0x20b/0x420 [ 52.546234][ T2309] do_vmi_align_munmap+0xa63/0x13c0 [ 52.551402][ T2309] do_vmi_munmap+0x1c4/0x230 [ 52.555959][ T2309] mmap_region+0x60d/0x1970 [ 52.560430][ T2309] do_mmap+0x709/0xc80 [ 52.564464][ T2309] vm_mmap_pgoff+0x1aa/0x320 [ 52.569020][ T2309] do_syscall_64+0x8d/0x190 [ 52.573490][ T2309] page last free pid 10 tgid 10 stack trace: [ 52.579438][ T2309] free_unref_page+0xbff/0xd50 [ 52.584169][ T2309] vfree+0x10e/0x210 [ 52.588034][ T2309] delayed_vfree_work+0x3c/0x70 [ 52.592850][ T2309] process_scheduled_works+0x8d1/0x1320 [ 52.598363][ T2309] worker_thread+0x869/0xc60 [ 52.602921][ T2309] kthread+0x26a/0x2c0 [ 52.607005][ T2309] ret_from_fork+0x34/0x60 [ 52.611388][ T2309] ret_from_fork_asm+0x1a/0x30 [ 52.616120][ T2309] [ 52.618498][ T2309] Memory state around the buggy address: [ 52.624094][ T2309] ffff88816c83ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.632124][ T2309] ffff88816c83ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.640174][ T2309] >ffff88816c840000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.648215][ T2309] ^ [ 52.652269][ T2309] ffff88816c840080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 52.660299][ T2309] ffff88816c840100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 52.668330][ T2309] ================================================================== [ 52.676839][ T2309] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 52.684223][ T2309] Kernel Offset: disabled [ 52.688519][ T2309] Rebooting in 86400 seconds..