Warning: Permanently added '10.128.1.252' (ED25519) to the list of known hosts. 2024/09/16 00:51:46 ignoring optional flag "sandboxArg"="0" 2024/09/16 00:51:46 parsed 1 programs 2024/09/16 00:51:46 executed programs: 0 [ 50.157408][ T1912] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.183881][ T1332] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.191004][ T1332] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.198392][ T1332] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.206571][ T1332] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.214152][ T1332] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.221312][ T1332] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.379775][ T1918] chnl_net:caif_netlink_parms(): no params data found [ 51.696801][ T1918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.322239][ T1332] Bluetooth: hci0: command tx timeout [ 52.563364][ T1918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.252584][ T2319] loop0: detected capacity change from 0 to 32768 [ 54.287467][ T2319] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names [ 54.301152][ T2319] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 54.309101][ T2319] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.12: rebalance_work_acct_fix [ 54.309101][ T2319] running recovery passes: check_allocations [ 54.332254][ T2319] ================================================================== [ 54.340309][ T2319] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x168/0x410 [ 54.348192][ T2319] Read of size 40 at addr ffff88816b2e0000 by task syz-executor.0/2319 [ 54.356388][ T2319] [ 54.358680][ T2319] CPU: 0 UID: 0 PID: 2319 Comm: syz-executor.0 Not tainted 6.11.0-syzkaller #0 [ 54.367573][ T2319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 54.377592][ T2319] Call Trace: [ 54.380840][ T2319] [ 54.383761][ T2319] dump_stack_lvl+0x108/0x280 [ 54.388421][ T2319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 54.393587][ T2319] ? __pfx__printk+0x10/0x10 [ 54.398142][ T2319] ? lock_acquire+0xc2/0x3a0 [ 54.402700][ T2319] ? __pfx_lock_acquire+0x10/0x10 [ 54.407691][ T2319] ? __virt_addr_valid+0x141/0x270 [ 54.412771][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.418373][ T2319] ? __virt_addr_valid+0x229/0x270 [ 54.423457][ T2319] print_report+0x169/0x550 [ 54.427926][ T2319] ? __virt_addr_valid+0x141/0x270 [ 54.433003][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.438599][ T2319] ? __virt_addr_valid+0x229/0x270 [ 54.443678][ T2319] ? scatterwalk_copychunks+0x168/0x410 [ 54.449188][ T2319] kasan_report+0x143/0x180 [ 54.453656][ T2319] ? scatterwalk_copychunks+0x168/0x410 [ 54.459166][ T2319] kasan_check_range+0x282/0x290 [ 54.464067][ T2319] ? scatterwalk_copychunks+0x168/0x410 [ 54.469578][ T2319] __asan_memcpy+0x29/0x70 [ 54.473960][ T2319] scatterwalk_copychunks+0x168/0x410 [ 54.479308][ T2319] skcipher_next_slow+0x315/0x410 [ 54.484301][ T2319] skcipher_walk_next+0x578/0xaa0 [ 54.489295][ T2319] chacha_simd_stream_xor+0x690/0xcb0 [ 54.494631][ T2319] ? __pfx_lock_release+0x10/0x10 [ 54.499619][ T2319] ? __pfx_chacha_simd_stream_xor+0x10/0x10 [ 54.505483][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.511252][ T2319] ? do_raw_spin_unlock+0x13c/0x8b0 [ 54.516417][ T2319] do_encrypt+0x5e9/0x720 [ 54.520714][ T2319] ? btree_node_read_work+0x647/0x1160 [ 54.526139][ T2319] ? __pfx_do_encrypt+0x10/0x10 [ 54.530952][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.536549][ T2319] ? stack_depot_save_flags+0x629/0x6c0 [ 54.542060][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.547662][ T2319] ? kasan_save_track+0x51/0x80 [ 54.552476][ T2319] ? kasan_save_track+0x3f/0x80 [ 54.557289][ T2319] ? kasan_save_free_info+0x40/0x50 [ 54.562449][ T2319] ? poison_slab_object+0xe0/0x150 [ 54.567614][ T2319] ? __kasan_slab_free+0x37/0x60 [ 54.572527][ T2319] ? kfree+0x12f/0x310 [ 54.576560][ T2319] ? bch2_printbuf_exit+0x4d/0x80 [ 54.581547][ T2319] ? __btree_err+0x6ec/0xa30 [ 54.586101][ T2319] ? bch2_btree_node_read_done+0x11a5/0x5320 [ 54.592043][ T2319] ? btree_node_read_work+0x647/0x1160 [ 54.597466][ T2319] ? bch2_btree_node_read+0x2001/0x2b70 [ 54.602974][ T2319] ? bch2_btree_root_read+0x2dd/0x870 [ 54.608309][ T2319] ? read_btree_roots+0x2bd/0x690 [ 54.613386][ T2319] ? bch2_fs_recovery+0x4079/0x6880 [ 54.618547][ T2319] ? bch2_fs_start+0x2d8/0x490 [ 54.623276][ T2319] ? bch2_fs_get_tree+0x78f/0x1490 [ 54.628352][ T2319] ? vfs_get_tree+0x88/0x1a0 [ 54.632904][ T2319] ? do_new_mount+0x21e/0x9b0 [ 54.637545][ T2319] ? __se_sys_mount+0x23c/0x2d0 [ 54.642359][ T2319] ? do_syscall_64+0x8d/0x190 [ 54.646999][ T2319] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.653071][ T2319] ? __pfx_bch2_csum_err_msg+0x10/0x10 [ 54.658508][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.664112][ T2319] bch2_btree_node_read_done+0x1310/0x5320 [ 54.669902][ T2319] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 54.676024][ T2319] ? bch2_bkey_pick_read_device+0x1ef/0x19b0 [ 54.681978][ T2319] ? __pfx_bch2_bkey_pick_read_device+0x10/0x10 [ 54.688194][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.693795][ T2319] ? bch2_bkey_val_to_text+0x6d/0x120 [ 54.699133][ T2319] ? btree_node_read_work+0x532/0x1160 [ 54.704558][ T2319] btree_node_read_work+0x647/0x1160 [ 54.709816][ T2319] ? __pfx_btree_node_read_work+0x10/0x10 [ 54.715508][ T2319] ? __bch2_time_stats_update+0x150/0x290 [ 54.721283][ T2319] ? __pfx_bch2_latency_acct+0x10/0x10 [ 54.726712][ T2319] ? bio_associate_blkg+0x54/0x140 [ 54.731794][ T2319] bch2_btree_node_read+0x2001/0x2b70 [ 54.737141][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.742743][ T2319] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 54.748430][ T2319] ? bch2_trans_unlock+0x4b/0x120 [ 54.753422][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.759022][ T2319] bch2_btree_root_read+0x2dd/0x870 [ 54.764190][ T2319] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 54.769882][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.775482][ T2319] ? bch2_current_has_btree_trans+0x103/0x140 [ 54.781524][ T2319] read_btree_roots+0x2bd/0x690 [ 54.786345][ T2319] bch2_fs_recovery+0x4079/0x6880 [ 54.791336][ T2319] ? do_new_mount+0x21e/0x9b0 [ 54.795976][ T2319] ? __se_sys_mount+0x23c/0x2d0 [ 54.800791][ T2319] ? do_syscall_64+0x8d/0x190 [ 54.805440][ T2319] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 54.810786][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.816381][ T2319] ? __lock_acquire+0x61d/0xc60 [ 54.821201][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.826799][ T2319] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 54.832397][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.837995][ T2319] ? __pfx_lock_release+0x10/0x10 [ 54.843158][ T2319] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 54.848759][ T2319] ? __pfx_lock_release+0x10/0x10 [ 54.853750][ T2319] ? __mutex_unlock_slowpath+0x20e/0x5c0 [ 54.859434][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.865032][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.870630][ T2319] ? bch2_get_next_online_dev+0x2fa/0x3a0 [ 54.876313][ T2319] ? bch2_get_next_online_dev+0x2e/0x3a0 [ 54.881910][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.887513][ T2319] bch2_fs_start+0x2d8/0x490 [ 54.892078][ T2319] bch2_fs_get_tree+0x78f/0x1490 [ 54.896990][ T2319] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 54.902329][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.908015][ T2319] ? aa_get_newest_label+0x9b/0x340 [ 54.913177][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.918771][ T2319] ? generic_parse_monolithic+0x115/0x3a0 [ 54.924460][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.930058][ T2319] ? apparmor_capable+0xb3/0xf0 [ 54.934878][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.940471][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.946070][ T2319] vfs_get_tree+0x88/0x1a0 [ 54.950452][ T2319] do_new_mount+0x21e/0x9b0 [ 54.954925][ T2319] ? __pfx_do_new_mount+0x10/0x10 [ 54.959915][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.965511][ T2319] ? kmem_cache_free+0x12c/0x3b0 [ 54.970414][ T2319] __se_sys_mount+0x23c/0x2d0 [ 54.975064][ T2319] ? __pfx___se_sys_mount+0x10/0x10 [ 54.980232][ T2319] ? srso_alias_return_thunk+0x5/0xfbef5 [ 54.985834][ T2319] ? switch_fpu_return+0xce/0x140 [ 54.990837][ T2319] do_syscall_64+0x8d/0x190 [ 54.995314][ T2319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.001174][ T2319] RIP: 0033:0x7f654a47f3aa [ 55.005557][ T2319] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.025216][ T2319] RSP: 002b:00007f654b137ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 55.033598][ T2319] RAX: ffffffffffffffda RBX: 00007f654b137f80 RCX: 00007f654a47f3aa [ 55.041540][ T2319] RDX: 0000000020011a00 RSI: 0000000020011a40 RDI: 00007f654b137f40 [ 55.049478][ T2319] RBP: 0000000020011a00 R08: 00007f654b137f80 R09: 0000000001200014 [ 55.057416][ T2319] R10: 0000000001200014 R11: 0000000000000246 R12: 0000000020011a40 [ 55.065361][ T2319] R13: 00007f654b137f40 R14: 00000000000119f9 R15: 0000000020000100 [ 55.073301][ T2319] [ 55.076296][ T2319] [ 55.078590][ T2319] The buggy address belongs to the physical page: [ 55.084965][ T2319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16b2e0 [ 55.093777][ T2319] flags: 0x100000000000000(node=0|zone=2) [ 55.099458][ T2319] page_type: 0xbfffffff(buddy) [ 55.104285][ T2319] raw: 0100000000000000 ffffea0005a97808 ffff88823fff8f88 0000000000000000 [ 55.112834][ T2319] raw: 0000000000000000 0000000000000005 00000000bfffffff 0000000000000000 [ 55.121380][ T2319] page dumped because: kasan: bad access detected [ 55.127756][ T2319] page_owner tracks the page as freed [ 55.133090][ T2319] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2319, tgid 2318 (syz-executor.0), ts 54269916639, free_ts 54331534095 [ 55.152494][ T2319] post_alloc_hook+0x10f/0x130 [ 55.157224][ T2319] get_page_from_freelist+0x3712/0x3820 [ 55.162741][ T2319] __alloc_pages_noprof+0x256/0x670 [ 55.167903][ T2319] ___kmalloc_large_node+0x8a/0x180 [ 55.173064][ T2319] __kmalloc_large_node_noprof+0x17/0xc0 [ 55.178660][ T2319] __kmalloc_node_noprof+0x2ec/0x470 [ 55.183908][ T2319] __kvmalloc_node_noprof+0x42/0xf0 [ 55.189069][ T2319] __bch2_btree_node_mem_alloc+0x256/0x500 [ 55.194840][ T2319] bch2_fs_btree_cache_init+0x4ad/0x590 [ 55.200351][ T2319] bch2_fs_open+0x220f/0x2980 [ 55.204992][ T2319] bch2_fs_get_tree+0x6ad/0x1490 [ 55.209892][ T2319] vfs_get_tree+0x88/0x1a0 [ 55.214275][ T2319] do_new_mount+0x21e/0x9b0 [ 55.218745][ T2319] __se_sys_mount+0x23c/0x2d0 [ 55.223387][ T2319] do_syscall_64+0x8d/0x190 [ 55.227857][ T2319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.233721][ T2319] page last free pid 2319 tgid 2318 stack trace: [ 55.240185][ T2319] __free_pages_ok+0x991/0xab0 [ 55.244929][ T2319] __folio_put+0x21b/0x320 [ 55.249332][ T2319] free_large_kmalloc+0xb5/0x170 [ 55.254232][ T2319] kfree+0x1a1/0x310 [ 55.258090][ T2319] bch2_btree_node_read_done+0x337c/0x5320 [ 55.263860][ T2319] btree_node_read_work+0x647/0x1160 [ 55.269106][ T2319] bch2_btree_node_read+0x2001/0x2b70 [ 55.274439][ T2319] bch2_btree_root_read+0x2dd/0x870 [ 55.279599][ T2319] read_btree_roots+0x2bd/0x690 [ 55.284414][ T2319] bch2_fs_recovery+0x4079/0x6880 [ 55.289402][ T2319] bch2_fs_start+0x2d8/0x490 [ 55.293957][ T2319] bch2_fs_get_tree+0x78f/0x1490 [ 55.298857][ T2319] vfs_get_tree+0x88/0x1a0 [ 55.303240][ T2319] do_new_mount+0x21e/0x9b0 [ 55.307707][ T2319] __se_sys_mount+0x23c/0x2d0 [ 55.312372][ T2319] do_syscall_64+0x8d/0x190 [ 55.316842][ T2319] [ 55.319134][ T2319] Memory state around the buggy address: [ 55.324730][ T2319] ffff88816b2dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.332758][ T2319] ffff88816b2dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.340785][ T2319] >ffff88816b2e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.348808][ T2319] ^ [ 55.353011][ T2319] ffff88816b2e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.361123][ T2319] ffff88816b2e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.369149][ T2319] ================================================================== [ 55.377582][ T2319] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.385015][ T2319] Kernel Offset: disabled [ 55.389342][ T2319] Rebooting in 86400 seconds..