Warning: Permanently added '10.128.10.5' (ED25519) to the list of known hosts. 2025/06/10 09:43:29 ignoring optional flag "sandboxArg"="0" 2025/06/10 09:43:30 parsed 1 programs [ 70.450853][ T2470] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.694490][ T1376] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.702922][ T1376] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.710815][ T1376] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.719878][ T1376] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.727832][ T1376] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.147267][ T2529] chnl_net:caif_netlink_parms(): no params data found [ 73.939842][ T2529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.119472][ T2529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.369849][ T1112] bond0 (unregistering): Released all slaves 2025/06/10 09:43:38 executed programs: 0 [ 77.829388][ T1376] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.836818][ T1376] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.844241][ T1376] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.852341][ T1376] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.860263][ T1376] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.070010][ T2959] chnl_net:caif_netlink_parms(): no params data found [ 79.894953][ T49] Bluetooth: hci0: command tx timeout [ 79.900073][ T2959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.094510][ T2959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.975039][ T49] Bluetooth: hci0: command tx timeout 2025/06/10 09:43:43 executed programs: 2 [ 83.367114][ T3361] loop2: detected capacity change from 0 to 32768 [ 83.374210][ T3361] ======================================================= [ 83.374210][ T3361] WARNING: The mand mount option has been deprecated and [ 83.374210][ T3361] and is ignored by this kernel. Remove the mand [ 83.374210][ T3361] option from the mount to silence this warning. [ 83.374210][ T3361] ======================================================= [ 83.434094][ T3361] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 83.434094][ T3361] allowing incompatible features above 0.0: (unknown version) [ 83.434094][ T3361] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 83.476674][ T3361] bcachefs (loop2): invalid bkey in superblock btree=lru level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key 144115188075855872:0:0 durability: 0 (invalid extent entry 0000000000000000) [ 83.476680][ T3361] invalid extent entry type (got 7, max 7), deleting [ 83.510212][ T3361] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 83.518845][ T3361] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 83.518845][ T3361] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 83.541321][ T3361] bcachefs (loop2): dropping and reconstructing all alloc info [ 83.558334][ T3361] bcachefs (loop2): accounting_read... done [ 83.565215][ T3361] bcachefs (loop2): alloc_read... done [ 83.571000][ T3361] bcachefs (loop2): snapshots_read... done [ 83.577302][ T3361] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean [ 83.587301][ T3361] bcachefs (loop2): done starting filesystem [ 83.610530][ T2959] bcachefs (loop2): hash table key at wrong offset: btree dirents inode 4096 offset 4330382808765833931, hashed to 8607060773457356477 [ 83.610541][ T2959] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0:  -> 536870912 type unknown, fixing [ 83.636621][ T2959] ================================================================== [ 83.644689][ T2959] BUG: KASAN: slab-use-after-free in __bch2_str_hash_check_key+0xb22/0x3ac0 [ 83.653355][ T2959] Read of size 8 at addr ffff888176e3e028 by task syz-executor/2959 [ 83.661317][ T2959] [ 83.663646][ T2959] CPU: 1 UID: 0 PID: 2959 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(undef) [ 83.663652][ T2959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.663656][ T2959] Call Trace: [ 83.663661][ T2959] [ 83.663666][ T2959] dump_stack_lvl+0xf4/0x170 [ 83.663676][ T2959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 83.663689][ T2959] ? rcu_is_watching+0x1f/0xa0 [ 83.663694][ T2959] ? lock_release+0x42/0x2f0 [ 83.663698][ T2959] ? lock_acquire+0x69/0x210 [ 83.663703][ T2959] ? __virt_addr_valid+0x142/0x270 [ 83.663707][ T2959] ? __virt_addr_valid+0x223/0x270 [ 83.663711][ T2959] print_report+0xb4/0x290 [ 83.663716][ T2959] ? __bch2_str_hash_check_key+0xb22/0x3ac0 [ 83.663720][ T2959] kasan_report+0x118/0x150 [ 83.663725][ T2959] ? __bch2_str_hash_check_key+0xb22/0x3ac0 [ 83.663729][ T2959] __bch2_str_hash_check_key+0xb22/0x3ac0 [ 83.663733][ T2959] ? __pfx_dirent_hash_bkey+0x10/0x10 [ 83.663740][ T2959] ? __bch2_str_hash_check_key+0xf0b/0x3ac0 [ 83.663743][ T2959] ? __pfx_dirent_is_visible+0x10/0x10 [ 83.663748][ T2959] ? __pfx_dirent_cmp_bkey+0x10/0x10 [ 83.663753][ T2959] ? __bch2_str_hash_check_key+0x223e/0x3ac0 [ 83.663756][ T2959] ? __pfx___bch2_str_hash_check_key+0x10/0x10 [ 83.663763][ T2959] ? __asan_memcpy+0x40/0x70 [ 83.663767][ T2959] ? bch2_btree_iter_peek_max+0x47bd/0x71f0 [ 83.663772][ T2959] ? bch2_readdir+0x235/0x15c0 [ 83.663779][ T2959] ? __bch2_subvolume_get_snapshot+0x1f2/0x470 [ 83.663784][ T2959] ? bch2_readdir+0x459/0x15c0 [ 83.663790][ T2959] ? __bch2_str_hash_check_key+0x223e/0x3ac0 [ 83.663794][ T2959] ? __bch2_str_hash_check_key+0x2403/0x3ac0 [ 83.663797][ T2959] ? __pfx___bch2_subvolume_get_snapshot+0x10/0x10 [ 83.663802][ T2959] ? __bch2_subvolume_get_snapshot+0x138/0x470 [ 83.663805][ T2959] ? bch2_readdir+0x538/0x15c0 [ 83.663809][ T2959] bch2_readdir+0xf10/0x15c0 [ 83.663816][ T2959] ? __pfx_bch2_readdir+0x10/0x10 [ 83.663821][ T2959] ? __lock_acquire+0x5b/0x490 [ 83.663828][ T2959] ? bch2_readdir+0x235/0x15c0 [ 83.663833][ T2959] bch2_vfs_readdir+0x3d0/0x530 [ 83.663837][ T2959] ? __pfx_filldir64+0x10/0x10 [ 83.663842][ T2959] ? __pfx_bch2_vfs_readdir+0x10/0x10 [ 83.663846][ T2959] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 83.663851][ T2959] ? iterate_dir+0xb5/0x4c0 [ 83.663854][ T2959] ? down_read_killable+0x120/0x1a0 [ 83.663859][ T2959] iterate_dir+0x1a7/0x4c0 [ 83.663864][ T2959] __se_sys_getdents64+0xd3/0x1a0 [ 83.663868][ T2959] ? __pfx___se_sys_getdents64+0x10/0x10 [ 83.663872][ T2959] ? exc_page_fault+0x54/0xc0 [ 83.663877][ T2959] ? __pfx_filldir64+0x10/0x10 [ 83.663881][ T2959] ? do_user_addr_fault+0x378/0xc30 [ 83.663887][ T2959] do_syscall_64+0x8f/0x170 [ 83.663891][ T2959] ? fpregs_assert_state_consistent+0x48/0x60 [ 83.663896][ T2959] ? clear_bhb_loop+0x25/0x80 [ 83.663900][ T2959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.663904][ T2959] RIP: 0033:0x7f95105c1293 [ 83.663914][ T2959] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 72 3e f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 83.663918][ T2959] RSP: 002b:00007ffd1f893688 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 83.663923][ T2959] RAX: ffffffffffffffda RBX: 000055556ad04600 RCX: 00007f95105c1293 [ 83.663926][ T2959] RDX: 0000000000008000 RSI: 000055556ad04600 RDI: 0000000000000005 [ 83.663929][ T2959] RBP: 000055556ad045d4 R08: 0000000000028a41 R09: 0000000000000000 [ 83.663931][ T2959] R10: 00007f9510784ca0 R11: 0000000000000293 R12: ffffffffffffffa8 [ 83.663934][ T2959] R13: 0000000000000010 R14: 000055556ad045d0 R15: 00007ffd1f895940 [ 83.663938][ T2959] [ 83.663940][ T2959] [ 84.021298][ T2959] Allocated by task 2959: [ 84.025694][ T2959] kasan_save_track+0x3e/0x80 [ 84.030373][ T2959] __kasan_kmalloc+0x93/0xb0 [ 84.034954][ T2959] __kmalloc_node_track_caller_noprof+0x25f/0x4f0 [ 84.041346][ T2959] krealloc_noprof+0x122/0x300 [ 84.046077][ T2959] __bch2_trans_kmalloc+0x19d/0x980 [ 84.051282][ T2959] __bch2_str_hash_check_key+0x1e7c/0x3ac0 [ 84.057071][ T2959] bch2_readdir+0xf10/0x15c0 [ 84.061630][ T2959] bch2_vfs_readdir+0x3d0/0x530 [ 84.066534][ T2959] iterate_dir+0x1a7/0x4c0 [ 84.071008][ T2959] __se_sys_getdents64+0xd3/0x1a0 [ 84.076000][ T2959] do_syscall_64+0x8f/0x170 [ 84.080561][ T2959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.086423][ T2959] [ 84.088729][ T2959] Freed by task 2959: [ 84.092680][ T2959] kasan_save_track+0x3e/0x80 [ 84.097336][ T2959] kasan_save_free_info+0x46/0x50 [ 84.102417][ T2959] __kasan_slab_free+0x62/0x70 [ 84.107171][ T2959] kfree+0x179/0x3e0 [ 84.111414][ T2959] krealloc_noprof+0x1cb/0x300 [ 84.116300][ T2959] __bch2_trans_kmalloc+0x19d/0x980 [ 84.121495][ T2959] __bch2_str_hash_check_key+0x3003/0x3ac0 [ 84.127277][ T2959] bch2_readdir+0xf10/0x15c0 [ 84.131849][ T2959] bch2_vfs_readdir+0x3d0/0x530 [ 84.136776][ T2959] iterate_dir+0x1a7/0x4c0 [ 84.141188][ T2959] __se_sys_getdents64+0xd3/0x1a0 [ 84.146209][ T2959] do_syscall_64+0x8f/0x170 [ 84.150727][ T2959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.156847][ T2959] [ 84.159162][ T2959] The buggy address belongs to the object at ffff888176e3e000 [ 84.159162][ T2959] which belongs to the cache kmalloc-128 of size 128 [ 84.173185][ T2959] The buggy address is located 40 bytes inside of [ 84.173185][ T2959] freed 128-byte region [ffff888176e3e000, ffff888176e3e080) [ 84.186877][ T2959] [ 84.189186][ T2959] The buggy address belongs to the physical page: [ 84.195670][ T2959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x176e3e [ 84.204609][ T2959] anon flags: 0x100000000000000(node=0|zone=2) [ 84.210830][ T2959] page_type: f5(slab) [ 84.214811][ T2959] raw: 0100000000000000 ffff888100041a00 ffffea0005db89c0 dead000000000003 [ 84.223473][ T2959] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 84.232047][ T2959] page dumped because: kasan: bad access detected [ 84.238460][ T2959] page_owner tracks the page as allocated [ 84.244150][ T2959] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1442, tgid 1442 (udevd), ts 10470055918, free_ts 7418661746 [ 84.262700][ T2959] post_alloc_hook+0xec/0x120 [ 84.267442][ T2959] get_page_from_freelist+0x3bf8/0x3d50 [ 84.273096][ T2959] __alloc_frozen_pages_noprof+0x26b/0x460 [ 84.278911][ T2959] alloc_pages_mpol+0x150/0x320 [ 84.283747][ T2959] allocate_slab+0x8a/0x350 [ 84.288229][ T2959] ___slab_alloc+0x9dc/0x10e0 [ 84.292878][ T2959] __kmalloc_noprof+0x2e8/0x500 [ 84.297966][ T2959] tomoyo_encode+0xa5/0x460 [ 84.302538][ T2959] tomoyo_realpath_from_path+0x51a/0x550 [ 84.308159][ T2959] tomoyo_check_open_permission+0x1a6/0x520 [ 84.314031][ T2959] security_file_open+0x45/0xd0 [ 84.318854][ T2959] do_dentry_open+0x2fd/0x1060 [ 84.323599][ T2959] vfs_open+0x36/0x2b0 [ 84.327634][ T2959] path_openat+0x23e3/0x2bb0 [ 84.332204][ T2959] do_filp_open+0x1e4/0x3c0 [ 84.336672][ T2959] do_sys_openat2+0xfa/0x180 [ 84.341229][ T2959] page last free pid 1 tgid 1 stack trace: [ 84.347103][ T2959] __free_frozen_pages+0x9f9/0xbe0 [ 84.352199][ T2959] free_contig_range+0x149/0x3b0 [ 84.357210][ T2959] destroy_args+0x6d/0x360 [ 84.361613][ T2959] debug_vm_pgtable+0x2d0/0x460 [ 84.366453][ T2959] do_one_initcall+0x194/0x4d0 [ 84.371311][ T2959] do_initcall_level+0x117/0x1d0 [ 84.376227][ T2959] do_initcalls+0x59/0xa0 [ 84.380788][ T2959] kernel_init_freeable+0x306/0x460 [ 84.385957][ T2959] kernel_init+0x17/0x130 [ 84.390254][ T2959] ret_from_fork+0x32/0x70 [ 84.394990][ T2959] ret_from_fork_asm+0x1a/0x30 [ 84.400158][ T2959] [ 84.402459][ T2959] Memory state around the buggy address: [ 84.408076][ T2959] ffff888176e3df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.416203][ T2959] ffff888176e3df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.424236][ T2959] >ffff888176e3e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.432455][ T2959] ^ [ 84.437814][ T2959] ffff888176e3e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.445851][ T2959] ffff888176e3e100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.453885][ T2959] ================================================================== [ 84.462369][ T2959] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 84.469817][ T2959] Kernel Offset: disabled [ 84.474172][ T2959] Rebooting in 86400 seconds..