Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts. 2025/09/05 22:51:30 parsed 1 programs [ 66.732483][ T2451] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.741058][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.765787][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.781271][ T1595] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.799341][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.809519][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.974141][ T2517] chnl_net:caif_netlink_parms(): no params data found [ 70.750225][ T2517] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.983250][ T2517] 8021q: adding VLAN 0 to HW filter on device batadv0 2025/09/05 22:51:38 executed programs: 0 [ 74.224296][ T1595] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.233814][ T1595] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.241472][ T1595] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.253308][ T1595] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.253912][ T1353] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.261466][ T1595] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.270404][ T1353] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.275057][ T1595] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.283405][ T1353] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.289169][ T1595] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.323824][ T1353] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.335643][ T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.344727][ T48] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.352784][ T48] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.360293][ T48] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.369085][ T48] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.381433][ T2960] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.390681][ T2960] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.399085][ T2960] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.407364][ T2960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.424027][ T1353] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 74.431795][ T1353] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 74.443171][ T2960] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 74.457833][ T2960] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 74.469364][ T2960] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 74.646733][ T708] bond0 (unregistering): Released all slaves [ 75.197970][ T2956] chnl_net:caif_netlink_parms(): no params data found [ 75.388448][ T2967] chnl_net:caif_netlink_parms(): no params data found [ 75.420848][ T2961] chnl_net:caif_netlink_parms(): no params data found [ 75.523395][ T2971] chnl_net:caif_netlink_parms(): no params data found [ 75.534074][ T2954] chnl_net:caif_netlink_parms(): no params data found [ 76.322276][ T2960] Bluetooth: hci1: command tx timeout [ 76.400556][ T2960] Bluetooth: hci0: command tx timeout [ 76.490028][ T2960] Bluetooth: hci2: command tx timeout [ 76.498175][ T2960] Bluetooth: hci3: command tx timeout [ 76.562450][ T2960] Bluetooth: hci4: command tx timeout [ 78.400909][ T2960] Bluetooth: hci1: command tx timeout [ 78.480695][ T2960] Bluetooth: hci0: command tx timeout [ 78.560624][ T2960] Bluetooth: hci3: command tx timeout [ 78.566250][ T48] Bluetooth: hci2: command tx timeout [ 78.640587][ T48] Bluetooth: hci4: command tx timeout [ 80.480893][ T48] Bluetooth: hci1: command tx timeout [ 80.560619][ T48] Bluetooth: hci0: command tx timeout [ 80.650565][ T48] Bluetooth: hci2: command tx timeout [ 80.656077][ T48] Bluetooth: hci3: command tx timeout [ 80.720864][ T48] Bluetooth: hci4: command tx timeout [ 82.564012][ T48] Bluetooth: hci1: command tx timeout [ 82.642901][ T48] Bluetooth: hci0: command tx timeout [ 82.720835][ T48] Bluetooth: hci3: command tx timeout [ 82.726507][ T48] Bluetooth: hci2: command tx timeout [ 82.809386][ T48] Bluetooth: hci4: command tx timeout [ 82.966112][ T2956] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.038795][ T2954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.336731][ T2961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.389898][ T2967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.562937][ T2971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.045183][ T2956] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.115194][ T2954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.358396][ T2967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.373645][ T2961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.695708][ T2971] 8021q: adding VLAN 0 to HW filter on device batadv0 2025/09/05 22:52:01 executed programs: 10 [ 97.441250][ T4921] loop1: detected capacity change from 0 to 16384 [ 97.529169][ T4921] bcachefs (loop1): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none [ 97.529169][ T4921] features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 97.556564][ T4921] bcachefs (loop1): invalid bkey in superblock btree=accounting level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2964fe5219fc11c5 written 16 min_key 347136:0:0 durability: 0 (invalid extent entry 0000000000017200) [ 97.556574][ T4921] invalid extent entry type (got 9, max 7), deleting [ 97.590652][ T4921] bcachefs (loop1): recovering from clean shutdown, journal seq 15 [ 97.599273][ T4921] bcachefs (loop1): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.25: extent_flags [ 97.599273][ T4921] running recovery passes: check_allocations,check_extents_to_backpointers [ 97.726135][ T4951] loop6: detected capacity change from 0 to 16384 [ 97.764033][ T4921] ================================================================== [ 97.772776][ T4921] BUG: KASAN: use-after-free in string+0x1f7/0x240 [ 97.776347][ T4951] bcachefs (loop6): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none [ 97.776347][ T4951] features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 97.779464][ T4921] Read of size 1 at addr ffff88812f1f74f7 by task syz.1.18/4921 [ 97.816478][ T4921] [ 97.816509][ T4921] CPU: 1 UID: 0 PID: 4921 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(undef) [ 97.816517][ T4921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.816529][ T4921] Call Trace: [ 97.816533][ T4921] [ 97.816537][ T4921] dump_stack_lvl+0xf4/0x170 [ 97.816550][ T4921] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.816558][ T4921] ? rcu_is_watching+0x1f/0xa0 [ 97.816565][ T4921] ? __virt_addr_valid+0x176/0x2b0 [ 97.816572][ T4921] ? lock_release+0x42/0x2f0 [ 97.816579][ T4921] ? lock_acquire+0x69/0x210 [ 97.816586][ T4921] ? __virt_addr_valid+0x176/0x2b0 [ 97.816592][ T4921] ? __virt_addr_valid+0x262/0x2b0 [ 97.816599][ T4921] print_report+0xd2/0x2b0 [ 97.816607][ T4921] ? string+0x1f7/0x240 [ 97.816614][ T4921] kasan_report+0x118/0x150 [ 97.816623][ T4921] ? number+0x16e/0x10d0 [ 97.816630][ T4921] ? string+0x1f7/0x240 [ 97.816638][ T4921] string+0x1f7/0x240 [ 97.816646][ T4921] vsnprintf+0x734/0xc60 [ 97.816656][ T4921] bch2_prt_printf+0x1cb/0x860 [ 97.816669][ T4921] ? __pfx_bch2_prt_printf+0x10/0x10 [ 97.816677][ T4921] ? __pfx_bch2_prt_printf+0x10/0x10 [ 97.816686][ T4921] bch2_dirent_to_text+0x1ee/0xaf0 [ 97.816694][ T4921] ? bch2_bkey_val_to_text+0x64/0x110 [ 97.816702][ T4921] __bch2_bkey_fsck_err+0x329/0x470 [ 97.816712][ T4921] ? __pfx___bch2_bkey_fsck_err+0x10/0x10 [ 97.816718][ T4921] ? do_raw_spin_lock+0x121/0x2c0 [ 97.816727][ T4921] ? do_raw_spin_unlock+0x122/0x240 [ 97.816734][ T4921] ? _raw_spin_unlock_irqrestore+0xa0/0x100 [ 97.816743][ T4921] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 97.816751][ T4921] bch2_dirent_validate+0x5cb/0xd60 [ 97.816759][ T4921] ? __pfx_bch2_dirent_validate+0x10/0x10 [ 97.816765][ T4921] ? do_raw_spin_unlock+0x122/0x240 [ 97.816772][ T4921] ? _raw_spin_unlock+0x28/0x50 [ 97.816780][ T4921] bch2_bkey_val_validate+0x1bf/0x3a0 [ 97.816788][ T4921] ? __pfx_bch2_bkey_val_validate+0x10/0x10 [ 97.816798][ T4921] bch2_btree_node_read_done+0x2fbd/0x48c0 [ 97.816817][ T4921] ? __pfx_bch2_btree_node_read_done+0x10/0x10 [ 97.816827][ T4921] ? bch2_extent_ptr_to_text+0x57/0x4d0 [ 97.816835][ T4921] ? bch2_extent_ptr_to_text+0x1da/0x4d0 [ 97.816843][ T4921] ? bch2_bkey_ptrs_to_text+0x8d4/0xfa0 [ 97.816852][ T4921] ? enumerated_ref_put+0x74/0x200 [ 97.816860][ T4921] btree_node_read_work+0x398/0xbd0 [ 97.816871][ T4921] ? __pfx_btree_node_read_work+0x10/0x10 [ 97.816878][ T4921] ? bch2_latency_acct+0x29c/0x310 [ 97.816885][ T4921] ? __pfx_bch2_latency_acct+0x10/0x10 [ 97.816891][ T4921] ? bio_associate_blkg+0x56/0x160 [ 97.816898][ T4921] ? bio_associate_blkg+0x56/0x160 [ 97.816905][ T4921] bch2_btree_node_read+0x1e0c/0x22a0 [ 97.816917][ T4921] ? bch2_btree_node_hash_insert+0x7e/0xe0 [ 97.816925][ T4921] ? __mutex_unlock_slowpath+0x19b/0x4d0 [ 97.816931][ T4921] ? __pfx_bch2_btree_node_read+0x10/0x10 [ 97.816941][ T4921] ? bch2_trans_unlock+0x69/0x1a0 [ 97.816949][ T4921] ? bch2_trans_unlock+0x6e/0x1a0 [ 97.816956][ T4921] bch2_btree_root_read+0x29d/0x690 [ 97.816964][ T4921] ? __pfx_bch2_btree_root_read+0x10/0x10 [ 97.816974][ T4921] ? bch2_current_has_btree_trans+0x136/0x170 [ 97.816980][ T4921] read_btree_roots+0x3a3/0x610 [ 97.816990][ T4921] ? __pfx_read_btree_roots+0x10/0x10 [ 97.816996][ T4921] ? bch2_fs_resize_on_mount+0x182/0x540 [ 97.817003][ T4921] ? journal_replay_entry_early+0x22e/0xac0 [ 97.817011][ T4921] bch2_fs_recovery+0x19ed/0x2e70 [ 97.817022][ T4921] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 97.817034][ T4921] ? rcu_is_watching+0x1f/0xa0 [ 97.817040][ T4921] ? __mutex_lock+0x5b6/0x18d0 [ 97.817046][ T4921] ? bch2_fs_start+0x453/0xc60 [ 97.817053][ T4921] ? preempt_count_add+0x91/0x140 [ 97.817060][ T4921] ? bch2_fs_start+0x48d/0xc60 [ 97.817068][ T4921] ? bch2_fs_start+0x76e/0xc60 [ 97.817078][ T4921] ? bch2_fs_start+0x921/0xc60 [ 97.817086][ T4921] bch2_fs_start+0x9c0/0xc60 [ 97.817093][ T4921] ? bch2_fs_start+0x554/0xc60 [ 97.817100][ T4921] ? __pfx_bch2_opts_apply+0x10/0x10 [ 97.817106][ T4921] ? __pfx_bch2_fs_start+0x10/0x10 [ 97.817116][ T4921] ? sget+0x25a/0x4f0 [ 97.817124][ T4921] bch2_fs_get_tree+0x4d2/0x1130 [ 97.817137][ T4921] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 97.817142][ T4921] ? smack_fs_context_parse_param+0x93/0x130 [ 97.817155][ T4921] ? vfs_parse_monolithic_sep+0x170/0x280 [ 97.817162][ T4921] ? __pfx_vfs_parse_comma_sep+0x10/0x10 [ 97.817169][ T4921] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 97.817177][ T4921] ? cap_capable+0xa7/0x2d0 [ 97.817184][ T4921] ? bch2_init_fs_context+0x7e/0x100 [ 97.817192][ T4921] vfs_get_tree+0x84/0x1a0 [ 97.817199][ T4921] do_new_mount+0x1c7/0x850 [ 97.817209][ T4921] __se_sys_mount+0x218/0x2b0 [ 97.817218][ T4921] ? __pfx___se_sys_mount+0x10/0x10 [ 97.817227][ T4921] do_syscall_64+0x8f/0x180 [ 97.817234][ T4921] ? fpregs_assert_state_consistent+0x48/0x60 [ 97.817242][ T4921] ? clear_bhb_loop+0x25/0x80 [ 97.817257][ T4921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.817263][ T4921] RIP: 0033:0x7fd8af05038a [ 97.817272][ T4921] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.817278][ T4921] RSP: 002b:00007fd8ae6bde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 97.817291][ T4921] RAX: ffffffffffffffda RBX: 00007fd8ae6bdef0 RCX: 00007fd8af05038a [ 97.817297][ T4921] RDX: 0000200000000040 RSI: 0000200000004940 RDI: 00007fd8ae6bdeb0 [ 97.817301][ T4921] RBP: 0000200000000040 R08: 00007fd8ae6bdef0 R09: 0000000000004000 [ 97.817316][ T4921] R10: 0000000000004000 R11: 0000000000000246 R12: 0000200000004940 [ 97.817320][ T4921] R13: 00007fd8ae6bdeb0 R14: 000000000000496e R15: 0000200000000000 [ 97.817329][ T4921] [ 97.817332][ T4921] [ 97.817335][ T4921] The buggy address belongs to the physical page: [ 97.817344][ T4921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f1f7 [ 97.817358][ T4921] flags: 0x100000000000000(node=0|zone=2) [ 97.817368][ T4921] raw: 0100000000000000 ffffea0004bc7dc8 ffffea0004bc7dc8 0000000000000000 [ 97.817374][ T4921] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 97.817378][ T4921] page dumped because: kasan: bad access detected [ 97.817387][ T4921] page_owner info is not present (never set?) [ 97.817390][ T4921] [ 97.817392][ T4921] Memory state around the buggy address: [ 97.817397][ T4921] ffff88812f1f7380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 97.817402][ T4921] ffff88812f1f7400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 97.817407][ T4921] >ffff88812f1f7480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 97.817411][ T4921] ^ [ 97.817416][ T4921] ffff88812f1f7500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 97.817420][ T4921] ffff88812f1f7580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 97.817424][ T4921] ================================================================== [ 97.817585][ T4921] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 97.818025][ T4921] Kernel Offset: disabled