Warning: Permanently added '10.128.1.81' (ED25519) to the list of known hosts. executing program [ 46.876423][ T4221] loop0: detected capacity change from 0 to 4096 [ 46.957911][ T4221] ------------[ cut here ]------------ [ 46.959254][ T4221] virt_to_phys used for non-linear address: 0000000029a40bb7 (0xffff80001f109000) [ 46.961257][ T4221] WARNING: CPU: 0 PID: 4221 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x84/0x9c [ 46.963388][ T4221] Modules linked in: [ 46.964319][ T4221] CPU: 0 PID: 4221 Comm: syz-executor309 Not tainted 6.1.87-syzkaller #0 [ 46.966278][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 46.968558][ T4221] pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--) [ 46.970346][ T4221] pc : __virt_to_phys+0x84/0x9c [ 46.971537][ T4221] lr : __virt_to_phys+0x80/0x9c [ 46.972693][ T4221] sp : ffff80001e3078e0 [ 46.973657][ T4221] x29: ffff80001e3078e0 x28: 1ffff00002b09aa9 x27: dfff800000000000 [ 46.975525][ T4221] x26: 0000000000000002 x25: 1fffe0001976a4cf x24: dfff800000000000 [ 46.977355][ T4221] x23: dfff800000000000 x22: ffff0000d7d44900 x21: 0000000000040000 [ 46.979102][ T4221] x20: 000080001f109000 x19: ffff80001f109000 x18: ffff80001e306ce0 [ 46.980881][ T4221] x17: 6666783028203762 x16: ffff80001215c9dc x15: 0000000000000000 [ 46.982745][ T4221] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 [ 46.984641][ T4221] x11: 0000000000ff0100 x10: 0000000000000000 x9 : e33d9ce777365600 [ 46.986423][ T4221] x8 : ffff800015262000 x7 : 0000000000000001 x6 : 0000000000000001 [ 46.988196][ T4221] x5 : ffff80001e3071d8 x4 : ffff800015932b00 x3 : ffff80000858856c [ 46.990019][ T4221] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 46.991838][ T4221] Call trace: [ 46.992572][ T4221] __virt_to_phys+0x84/0x9c [ 46.993650][ T4221] kfree+0x90/0x1b8 [ 46.994521][ T4221] put_ntfs+0x80/0x240 [ 46.995520][ T4221] ntfs_put_super+0xbc/0x10c [ 46.996511][ T4221] generic_shutdown_super+0x130/0x328 [ 46.997762][ T4221] kill_block_super+0x70/0xdc [ 46.998721][ T4221] deactivate_locked_super+0xac/0x124 [ 47.000259][ T4221] deactivate_super+0xf0/0x110 [ 47.001376][ T4221] cleanup_mnt+0x394/0x41c [ 47.002298][ T4221] __cleanup_mnt+0x20/0x30 [ 47.003278][ T4221] task_work_run+0x240/0x2f0 [ 47.004319][ T4221] do_exit+0x554/0x1a88 [ 47.005263][ T4221] do_group_exit+0x194/0x22c [ 47.006333][ T4221] __wake_up_parent+0x0/0x60 [ 47.007348][ T4221] invoke_syscall+0x98/0x2c0 [ 47.008416][ T4221] el0_svc_common+0x138/0x258 [ 47.009465][ T4221] do_el0_svc+0x64/0x218 [ 47.010445][ T4221] el0_svc+0x58/0x168 [ 47.011378][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 47.012486][ T4221] el0t_64_sync+0x18c/0x190 [ 47.013509][ T4221] irq event stamp: 44798 [ 47.014585][ T4221] hardirqs last enabled at (44797): [] __up_console_sem+0xb4/0x100 [ 47.016773][ T4221] hardirqs last disabled at (44798): [] el1_dbg+0x24/0x80 [ 47.018774][ T4221] softirqs last enabled at (43316): [] __do_softirq+0xc1c/0xe38 [ 47.020912][ T4221] softirqs last disabled at (43311): [] ____do_softirq+0x14/0x20 [ 47.023152][ T4221] ---[ end trace 0000000000000000 ]--- [ 47.024538][ T4221] ------------[ cut here ]------------ [ 47.025783][ T4221] WARNING: CPU: 0 PID: 4221 at mm/slab_common.c:923 free_large_kmalloc+0x34/0x15c [ 47.027846][ T4221] Modules linked in: [ 47.028752][ T4221] CPU: 0 PID: 4221 Comm: syz-executor309 Tainted: G W 6.1.87-syzkaller #0 [ 47.030910][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.033147][ T4221] pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--) [ 47.034867][ T4221] pc : free_large_kmalloc+0x34/0x15c [ 47.036113][ T4221] lr : kfree+0x10c/0x1b8 [ 47.036939][ T4221] sp : ffff80001e3078d0 [ 47.037905][ T4221] x29: ffff80001e3078d0 x28: 1ffff00002b09aa9 x27: dfff800000000000 [ 47.039917][ T4221] x26: 0000000000000002 x25: 1fffe0001976a4cf x24: dfff800000000000 [ 47.041832][ T4221] x23: dfff800000000000 x22: ffff0000d7d44900 x21: ffff800008812394 [ 47.043643][ T4221] x20: ffff80001f109000 x19: fffffc0005edc240 x18: ffff80001e306ce0 [ 47.045599][ T4221] x17: 6666783028203762 x16: ffff80001215c9dc x15: 0000000000000000 [ 47.047413][ T4221] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 [ 47.049337][ T4221] x11: 0000000000ff0100 x10: 0000000000000000 x9 : 0000000005edc240 [ 47.051199][ T4221] x8 : ffff800018178000 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.053093][ T4221] x5 : ffff80001e3071d8 x4 : ffff800015932b00 x3 : ffff80000858856c [ 47.054865][ T4221] x2 : 0000000000000001 x1 : ffff80001f109000 x0 : fffffc0005edc240 [ 47.056728][ T4221] Call trace: [ 47.057404][ T4221] free_large_kmalloc+0x34/0x15c [ 47.058512][ T4221] kfree+0x10c/0x1b8 [ 47.059462][ T4221] put_ntfs+0x80/0x240 [ 47.060357][ T4221] ntfs_put_super+0xbc/0x10c [ 47.061394][ T4221] generic_shutdown_super+0x130/0x328 [ 47.062714][ T4221] kill_block_super+0x70/0xdc [ 47.063766][ T4221] deactivate_locked_super+0xac/0x124 [ 47.065108][ T4221] deactivate_super+0xf0/0x110 [ 47.066134][ T4221] cleanup_mnt+0x394/0x41c [ 47.067046][ T4221] __cleanup_mnt+0x20/0x30 [ 47.067987][ T4221] task_work_run+0x240/0x2f0 [ 47.069063][ T4221] do_exit+0x554/0x1a88 [ 47.070072][ T4221] do_group_exit+0x194/0x22c [ 47.071124][ T4221] __wake_up_parent+0x0/0x60 [ 47.072174][ T4221] invoke_syscall+0x98/0x2c0 [ 47.073314][ T4221] el0_svc_common+0x138/0x258 [ 47.074349][ T4221] do_el0_svc+0x64/0x218 [ 47.075407][ T4221] el0_svc+0x58/0x168 [ 47.076285][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 47.077540][ T4221] el0t_64_sync+0x18c/0x190 [ 47.078504][ T4221] irq event stamp: 44822 [ 47.079507][ T4221] hardirqs last enabled at (44821): [] exit_to_kernel_mode+0xe8/0x118 [ 47.081777][ T4221] hardirqs last disabled at (44822): [] el1_dbg+0x24/0x80 [ 47.083700][ T4221] softirqs last enabled at (44816): [] __do_softirq+0xc1c/0xe38 [ 47.085873][ T4221] softirqs last disabled at (44803): [] ____do_softirq+0x14/0x20 [ 47.088276][ T4221] ---[ end trace 0000000000000000 ]--- [ 47.089971][ T4221] object pointer: 0x0000000029a40bb7 [ 47.091132][ T4221] ------------[ cut here ]------------ [ 47.092336][ T4221] virt_to_phys used for non-linear address: 0000000029a40bb7 (0xffff80001f109000) [ 47.094628][ T4221] WARNING: CPU: 0 PID: 4221 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x84/0x9c [ 47.096692][ T4221] Modules linked in: [ 47.097533][ T4221] CPU: 0 PID: 4221 Comm: syz-executor309 Tainted: G W 6.1.87-syzkaller #0 [ 47.099741][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.101998][ T4221] pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--) [ 47.103768][ T4221] pc : __virt_to_phys+0x84/0x9c [ 47.104945][ T4221] lr : __virt_to_phys+0x80/0x9c [ 47.106178][ T4221] sp : ffff80001e307870 [ 47.107143][ T4221] x29: ffff80001e307870 x28: 1ffff00002b09aa9 x27: dfff800000000000 [ 47.109172][ T4221] x26: 0000000000000002 x25: 1fffe0001976a4cf x24: dfff800000000000 [ 47.111072][ T4221] x23: 0000000000040000 x22: ffff800015262000 x21: fffffc0000000000 [ 47.112970][ T4221] x20: 000080001f109000 x19: ffff80001f109000 x18: ffff80001e306ce0 [ 47.114797][ T4221] x17: 6666783028203762 x16: ffff80001215c9dc x15: 0000000000000000 [ 47.116803][ T4221] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 [ 47.118662][ T4221] x11: 0000000000ff0100 x10: 0000000000000000 x9 : e33d9ce777365600 [ 47.120646][ T4221] x8 : ffff800015262000 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.122621][ T4221] x5 : ffff80001e307158 x4 : ffff800015932b00 x3 : ffff80000aa9158c [ 47.124383][ T4221] x2 : ffff0001b4357cd0 x1 : 0000000100000000 x0 : 0000000000000000 [ 47.126152][ T4221] Call trace: [ 47.126858][ T4221] __virt_to_phys+0x84/0x9c [ 47.127885][ T4221] __kasan_kfree_large+0x34/0xc0 [ 47.129029][ T4221] free_large_kmalloc+0x70/0x15c [ 47.130180][ T4221] kfree+0x10c/0x1b8 [ 47.131146][ T4221] put_ntfs+0x80/0x240 [ 47.132144][ T4221] ntfs_put_super+0xbc/0x10c [ 47.133267][ T4221] generic_shutdown_super+0x130/0x328 [ 47.134551][ T4221] kill_block_super+0x70/0xdc [ 47.135592][ T4221] deactivate_locked_super+0xac/0x124 [ 47.136759][ T4221] deactivate_super+0xf0/0x110 [ 47.137794][ T4221] cleanup_mnt+0x394/0x41c [ 47.138775][ T4221] __cleanup_mnt+0x20/0x30 [ 47.139774][ T4221] task_work_run+0x240/0x2f0 [ 47.140832][ T4221] do_exit+0x554/0x1a88 [ 47.141784][ T4221] do_group_exit+0x194/0x22c [ 47.142763][ T4221] __wake_up_parent+0x0/0x60 [ 47.143895][ T4221] invoke_syscall+0x98/0x2c0 [ 47.144977][ T4221] el0_svc_common+0x138/0x258 [ 47.146020][ T4221] do_el0_svc+0x64/0x218 [ 47.146944][ T4221] el0_svc+0x58/0x168 [ 47.147796][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 47.148843][ T4221] el0t_64_sync+0x18c/0x190 [ 47.149836][ T4221] irq event stamp: 45072 [ 47.150815][ T4221] hardirqs last enabled at (45071): [] __up_console_sem+0xb4/0x100 [ 47.153072][ T4221] hardirqs last disabled at (45072): [] el1_dbg+0x24/0x80 [ 47.155127][ T4221] softirqs last enabled at (45038): [] __do_softirq+0xc1c/0xe38 [ 47.157246][ T4221] softirqs last disabled at (44825): [] ____do_softirq+0x14/0x20 [ 47.159427][ T4221] ---[ end trace 0000000000000000 ]--- [ 47.160959][ T4221] ================================================================== [ 47.162710][ T4221] BUG: KASAN: invalid-free in kfree+0x10c/0x1b8 [ 47.164225][ T4221] Free of addr ffff80001f109000 by task syz-executor309/4221 [ 47.165963][ T4221] [ 47.166557][ T4221] CPU: 0 PID: 4221 Comm: syz-executor309 Tainted: G W 6.1.87-syzkaller #0 [ 47.168972][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.171196][ T4221] Call trace: [ 47.171904][ T4221] dump_backtrace+0x1c8/0x1f4 [ 47.173021][ T4221] show_stack+0x2c/0x3c [ 47.173971][ T4221] dump_stack_lvl+0x108/0x170 [ 47.175037][ T4221] print_report+0x174/0x4c0 [ 47.176124][ T4221] kasan_report_invalid_free+0xc4/0x114 [ 47.177316][ T4221] __kasan_kfree_large+0xa4/0xc0 [ 47.178475][ T4221] free_large_kmalloc+0x70/0x15c [ 47.179605][ T4221] kfree+0x10c/0x1b8 [ 47.180539][ T4221] put_ntfs+0x80/0x240 [ 47.181393][ T4221] ntfs_put_super+0xbc/0x10c [ 47.182402][ T4221] generic_shutdown_super+0x130/0x328 [ 47.183663][ T4221] kill_block_super+0x70/0xdc [ 47.184717][ T4221] deactivate_locked_super+0xac/0x124 [ 47.185882][ T4221] deactivate_super+0xf0/0x110 [ 47.186911][ T4221] cleanup_mnt+0x394/0x41c [ 47.187896][ T4221] __cleanup_mnt+0x20/0x30 [ 47.189010][ T4221] task_work_run+0x240/0x2f0 [ 47.190082][ T4221] do_exit+0x554/0x1a88 [ 47.191097][ T4221] do_group_exit+0x194/0x22c [ 47.192284][ T4221] __wake_up_parent+0x0/0x60 [ 47.193385][ T4221] invoke_syscall+0x98/0x2c0 [ 47.194424][ T4221] el0_svc_common+0x138/0x258 [ 47.195482][ T4221] do_el0_svc+0x64/0x218 [ 47.196507][ T4221] el0_svc+0x58/0x168 [ 47.197519][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 47.198805][ T4221] el0t_64_sync+0x18c/0x190 [ 47.199798][ T4221] [ 47.200369][ T4221] The buggy address belongs to the virtual mapping at [ 47.200369][ T4221] [ffff80001f109000, ffff80001f90a000) created by: [ 47.200369][ T4221] ntfs_fill_super+0x2870/0x3458 [ 47.204490][ T4221] [ 47.204983][ T4221] The buggy address belongs to the physical page: [ 47.206505][ T4221] page:00000000039e5e54 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c031 [ 47.208992][ T4221] flags: 0x5ffe00000000000(node=0|zone=2|lastcpupid=0xfff) [ 47.210674][ T4221] raw: 05ffe00000000000 0000000000000000 dead000000000122 0000000000000000 [ 47.212638][ T4221] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 47.214538][ T4221] page dumped because: kasan: bad access detected [ 47.215992][ T4221] [ 47.216553][ T4221] Memory state around the buggy address: [ 47.217852][ T4221] ffff80001f108f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 47.219897][ T4221] ffff80001f108f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 47.221733][ T4221] >ffff80001f109000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.223673][ T4221] ^ [ 47.224667][ T4221] ffff80001f109080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.226437][ T4221] ffff80001f109100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.228148][ T4221] ================================================================== [ 47.234679][ T4221] Disabling lock debugging due to kernel taint [ 47.236129][ T4221] page:000000008b38237d refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bb709 [ 47.238515][ T4221] flags: 0x5ffe00000000000(node=0|zone=2|lastcpupid=0xfff) [ 47.240042][ T4221] raw: 05ffe00000000000 fffffc0005edc248 fffffc0005edc248 0000000000000000 [ 47.241844][ T4221] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 47.243776][ T4221] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 47.245647][ T4221] ------------[ cut here ]------------ [ 47.247047][ T4221] kernel BUG at include/linux/mm.h:765! [ 47.248322][ T4221] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 47.250118][ T4221] Modules linked in: [ 47.251071][ T4221] CPU: 1 PID: 4221 Comm: syz-executor309 Tainted: G B W 6.1.87-syzkaller #0 [ 47.253478][ T4221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.255950][ T4221] pstate: 80401005 (Nzcv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--) [ 47.257746][ T4221] pc : __free_pages+0x15c/0x1cc [ 47.258853][ T4221] lr : __free_pages+0x15c/0x1cc [ 47.259943][ T4221] sp : ffff80001e307890 [ 47.260955][ T4221] x29: ffff80001e307890 x28: 1ffff00002b09aa9 x27: dfff800000000000 [ 47.262858][ T4221] x26: 0000000000000002 x25: 1fffe0001976a4cf x24: dfff800000000000 [ 47.264792][ T4221] x23: dfff800000000000 x22: 05ffe00000000000 x21: fffffc0005edc274 [ 47.266776][ T4221] x20: 0000000000000000 x19: fffffc0005edc240 x18: 1fffe0003686f176 [ 47.268515][ T4221] x17: 0000000000000000 x16: ffff80001215c9dc x15: 0000000000000000 [ 47.270449][ T4221] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 [ 47.272337][ T4221] x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff8000088364e4 [ 47.274369][ T4221] x8 : ffff0000d6e59bc0 x7 : 0000000000000000 x6 : ffff800012227564 [ 47.276184][ T4221] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000aa9158c [ 47.278140][ T4221] x2 : ffff0001b4378cd0 x1 : 0000000100000000 x0 : 000000000000003e [ 47.280003][ T4221] Call trace: [ 47.280720][ T4221] __free_pages+0x15c/0x1cc [ 47.281726][ T4221] free_large_kmalloc+0xd0/0x15c [ 47.282880][ T4221] kfree+0x10c/0x1b8 [ 47.283758][ T4221] put_ntfs+0x80/0x240 [ 47.284672][ T4221] ntfs_put_super+0xbc/0x10c [ 47.285777][ T4221] generic_shutdown_super+0x130/0x328 [ 47.287004][ T4221] kill_block_super+0x70/0xdc [ 47.288139][ T4221] deactivate_locked_super+0xac/0x124 [ 47.289395][ T4221] deactivate_super+0xf0/0x110 [ 47.290562][ T4221] cleanup_mnt+0x394/0x41c [ 47.291706][ T4221] __cleanup_mnt+0x20/0x30 [ 47.292732][ T4221] task_work_run+0x240/0x2f0 [ 47.293800][ T4221] do_exit+0x554/0x1a88 [ 47.294784][ T4221] do_group_exit+0x194/0x22c [ 47.295953][ T4221] __wake_up_parent+0x0/0x60 [ 47.297009][ T4221] invoke_syscall+0x98/0x2c0 [ 47.298090][ T4221] el0_svc_common+0x138/0x258 [ 47.299129][ T4221] do_el0_svc+0x64/0x218 [ 47.300230][ T4221] el0_svc+0x58/0x168 [ 47.301170][ T4221] el0t_64_sync_handler+0x84/0xf0 [ 47.302338][ T4221] el0t_64_sync+0x18c/0x190 [ 47.303379][ T4221] Code: 9004d481 913a0021 aa1303e0 97fdce19 (d4210000) [ 47.305065][ T4221] ---[ end trace 0000000000000000 ]--- [ 47.657319][ T4221] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 47.658901][ T4221] SMP: stopping secondary CPUs [ 47.659922][ T4221] Kernel Offset: disabled [ 47.660886][ T4221] CPU features: 0x00000,02070084,26017203 [ 47.662163][ T4221] Memory Limit: none [ 47.973478][ T4221] Rebooting in 86400 seconds..