Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts. 2024/05/12 03:28:05 ignoring optional flag "sandboxArg"="0" 2024/05/12 03:28:06 parsed 1 programs 2024/05/12 03:28:06 executed programs: 0 [ 48.094514][ T1963] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.123085][ T44] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 48.130383][ T44] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 48.137931][ T44] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 48.145401][ T44] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 48.153051][ T44] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 48.160347][ T44] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 48.290484][ T1969] chnl_net:caif_netlink_parms(): no params data found [ 49.363306][ T1969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.071075][ T1969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.207352][ T44] Bluetooth: hci0: command 0x0409 tx timeout [ 51.452273][ T2371] loop0: detected capacity change from 0 to 32768 [ 51.460362][ T2371] bcachefs (/dev/loop0): error reading default superblock: Not a bcachefs superblock [ 51.490089][ T2371] bcachefs (loop0): mounting version 1.7: (unknown version) opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 51.505835][ T2371] bcachefs (loop0): recovering from clean shutdown, journal seq 13 [ 51.513749][ T2371] bcachefs (loop0): Version downgrade required: [ 51.513749][ T2371] [ 51.528562][ T2371] bcachefs (loop0): alloc_read... done [ 51.534272][ T2371] bcachefs (loop0): stripes_read... done [ 51.540226][ T2371] bcachefs (loop0): snapshots_read... done [ 51.547072][ T2371] bcachefs (loop0): journal_replay... done [ 51.553092][ T2371] bcachefs (loop0): resume_logged_ops... done [ 51.559281][ T2371] bcachefs (loop0): going read-write [ 51.583668][ T1280] ================================================================== [ 51.591838][ T1280] BUG: KASAN: stack-out-of-bounds in __bch2_encrypt_bio+0x792/0xa60 [ 51.599825][ T1280] Read of size 8 at addr ffffc90004767720 by task kworker/u4:14/1280 [ 51.608139][ T1280] [ 51.610558][ T1280] CPU: 0 PID: 1280 Comm: kworker/u4:14 Not tainted 6.7.0-rc7-syzkaller #0 [ 51.619035][ T1280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 51.629077][ T1280] Workqueue: events_unbound __bch2_read_endio [ 51.635131][ T1280] Call Trace: [ 51.638574][ T1280] [ 51.641501][ T1280] dump_stack_lvl+0xf8/0x260 [ 51.646178][ T1280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 51.651551][ T1280] ? __pfx__printk+0x10/0x10 [ 51.656149][ T1280] ? _printk+0xce/0x120 [ 51.660303][ T1280] print_report+0x167/0x540 [ 51.664801][ T1280] ? __bch2_encrypt_bio+0x792/0xa60 [ 51.669998][ T1280] kasan_report+0x142/0x180 [ 51.674494][ T1280] ? __bch2_encrypt_bio+0x792/0xa60 [ 51.679699][ T1280] __bch2_encrypt_bio+0x792/0xa60 [ 51.684737][ T1280] ? __pfx___bch2_encrypt_bio+0x10/0x10 [ 51.690291][ T1280] ? kernel_fpu_begin_mask+0x229/0x310 [ 51.695834][ T1280] ? __pfx_kernel_fpu_begin_mask+0x10/0x10 [ 51.701638][ T1280] ? __poly1305_init_avx+0x172/0x1f0 [ 51.706915][ T1280] ? poly1305_blocks_avx2+0x273/0x790 [ 51.712368][ T1280] ? kernel_fpu_end+0x1d/0x40 [ 51.717214][ T1280] ? poly1305_simd_blocks+0x8b/0x4c0 [ 51.722492][ T1280] ? debug_objects_fill_pool+0x7f/0x980 [ 51.728036][ T1280] ? __pfx_lock_release+0x10/0x10 [ 51.733146][ T1280] ? __asan_memset+0x23/0x50 [ 51.737828][ T1280] ? __bch2_checksum_bio+0xafa/0x17d0 [ 51.743203][ T1280] ? __asan_memcpy+0x40/0x70 [ 51.748307][ T1280] ? __bch2_checksum_bio+0xafa/0x17d0 [ 51.753711][ T1280] ? __pfx___bch2_checksum_bio+0x10/0x10 [ 51.759349][ T1280] ? do_raw_spin_unlock+0x13b/0x8b0 [ 51.764637][ T1280] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 51.770616][ T1280] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 51.776948][ T1280] ? copy_page_to_iter+0xa4/0x250 [ 51.781993][ T1280] ? __bch2_read_endio+0x1fd/0x1f40 [ 51.787197][ T1280] __bch2_read_endio+0xa83/0x1f40 [ 51.792313][ T1280] ? __pfx___bch2_read_endio+0x10/0x10 [ 51.797773][ T1280] ? __pfx_lock_acquire+0x10/0x10 [ 51.802799][ T1280] ? do_raw_spin_unlock+0x13b/0x8b0 [ 51.807995][ T1280] ? kick_pool+0x246/0x310 [ 51.812415][ T1280] ? process_scheduled_works+0x758/0xfd0 [ 51.818046][ T1280] process_scheduled_works+0x7e9/0xfd0 [ 51.823692][ T1280] ? __pfx_process_scheduled_works+0x10/0x10 [ 51.829675][ T1280] ? assign_work+0x23f/0x350 [ 51.834530][ T1280] worker_thread+0x868/0xca0 [ 51.839132][ T1280] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 51.845676][ T1280] ? __pfx_worker_thread+0x10/0x10 [ 51.850895][ T1280] kthread+0x267/0x2c0 [ 51.854973][ T1280] ? __pfx_worker_thread+0x10/0x10 [ 51.860095][ T1280] ? __pfx_kthread+0x10/0x10 [ 51.864701][ T1280] ret_from_fork+0x32/0x60 [ 51.869115][ T1280] ? __pfx_kthread+0x10/0x10 [ 51.873708][ T1280] ret_from_fork_asm+0x1b/0x30 [ 51.878476][ T1280] [ 51.881510][ T1280] [ 51.883830][ T1280] The buggy address belongs to stack of task kworker/u4:14/1280 [ 51.891476][ T1280] and is located at offset 1120 in frame: [ 51.897287][ T1280] __bch2_encrypt_bio+0x0/0xa60 [ 51.902148][ T1280] [ 51.904468][ T1280] This frame has 5 objects: [ 51.908964][ T1280] [32, 48) 'nonce.i108' [ 51.908973][ T1280] [64, 528) '__req_desc.i109' [ 51.913208][ T1280] [592, 608) 'nonce.i' [ 51.917972][ T1280] [624, 1088) '__req_desc.i' [ 51.922215][ T1280] [1152, 1664) 'sgl' [ 51.926882][ T1280] [ 51.933174][ T1280] The buggy address belongs to the virtual mapping at [ 51.933174][ T1280] [ffffc90004760000, ffffc90004769000) created by: [ 51.933174][ T1280] copy_process+0x40f/0x3640 [ 51.950986][ T1280] [ 51.953424][ T1280] The buggy address belongs to the physical page: [ 51.959960][ T1280] page:ffffea000437cb00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10df2c [ 51.970366][ T1280] flags: 0x100000000000000(node=0|zone=2) [ 51.976081][ T1280] page_type: 0xffffffff() [ 51.980410][ T1280] raw: 0100000000000000 0000000000000000 dead000000000122 0000000000000000 [ 51.989516][ T1280] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 51.998093][ T1280] page dumped because: kasan: bad access detected [ 52.004507][ T1280] page_owner tracks the page as allocated [ 52.010220][ T1280] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 4541507685, free_ts 4541238255 [ 52.028526][ T1280] post_alloc_hook+0x10f/0x130 [ 52.033294][ T1280] get_page_from_freelist+0x3e5f/0x4080 [ 52.038841][ T1280] __alloc_pages+0x255/0x650 [ 52.043436][ T1280] alloc_pages_mpol+0x27f/0x4d0 [ 52.048383][ T1280] __vmalloc_node_range+0x761/0x1060 [ 52.053669][ T1280] dup_task_struct+0x841/0x9a0 [ 52.058430][ T1280] copy_process+0x40f/0x3640 [ 52.063018][ T1280] kernel_clone+0x194/0x6c0 [ 52.067605][ T1280] kernel_thread+0x1b7/0x230 [ 52.072198][ T1280] kthreadd+0x4b4/0x660 [ 52.076502][ T1280] ret_from_fork+0x32/0x60 [ 52.080917][ T1280] ret_from_fork_asm+0x1b/0x30 [ 52.085677][ T1280] page last free stack trace: [ 52.090441][ T1280] free_unref_page_prepare+0x7e7/0x900 [ 52.096083][ T1280] free_unref_page+0x37/0x3a0 [ 52.100794][ T1280] vfree+0x10e/0x210 [ 52.104697][ T1280] delayed_vfree_work+0x3c/0x70 [ 52.109557][ T1280] process_scheduled_works+0x7e9/0xfd0 [ 52.115037][ T1280] worker_thread+0x868/0xca0 [ 52.119628][ T1280] kthread+0x267/0x2c0 [ 52.123797][ T1280] ret_from_fork+0x32/0x60 [ 52.128388][ T1280] ret_from_fork_asm+0x1b/0x30 [ 52.133245][ T1280] [ 52.135582][ T1280] Memory state around the buggy address: [ 52.141208][ T1280] ffffc90004767600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.149272][ T1280] ffffc90004767680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.157333][ T1280] >ffffc90004767700: f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 [ 52.165481][ T1280] ^ [ 52.170585][ T1280] ffffc90004767780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.178644][ T1280] ffffc90004767800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.186703][ T1280] ================================================================== [ 52.194959][ T1280] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 52.202522][ T1280] Kernel Offset: disabled [ 52.206865][ T1280] Rebooting in 86400 seconds..