Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes syzkaller login: [ 37.044534][ T4216] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 37.098924][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.100752][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.103248][ T4013] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.115344][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.117055][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.119372][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 37.298675][ T4218] loop0: detected capacity change from 0 to 32768 [ 37.301719][ T4218] ======================================================= [ 37.301719][ T4218] WARNING: The mand mount option has been deprecated and [ 37.301719][ T4218] and is ignored by this kernel. Remove the mand [ 37.301719][ T4218] option from the mount to silence this warning. [ 37.301719][ T4218] ======================================================= [ 37.315045][ T4218] FAULT_INJECTION: forcing a failure. [ 37.315045][ T4218] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 37.317949][ T4218] CPU: 0 PID: 4218 Comm: syz-executor778 Not tainted 6.1.34-syzkaller #0 [ 37.319698][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.321869][ T4218] Call trace: [ 37.322522][ T4218] dump_backtrace+0x1c8/0x1f4 [ 37.323500][ T4218] show_stack+0x2c/0x3c [ 37.324328][ T4218] dump_stack_lvl+0x108/0x170 [ 37.325339][ T4218] dump_stack+0x1c/0x58 [ 37.326183][ T4218] should_fail_ex+0x408/0x5d4 [ 37.327140][ T4218] should_fail_alloc_page+0x74/0xb8 [ 37.328369][ T4218] prepare_alloc_pages+0x1bc/0x560 [ 37.329464][ T4218] __alloc_pages+0x150/0x730 [ 37.330434][ T4218] __kmalloc_large_node+0xbc/0x21c [ 37.331468][ T4218] kmalloc_large+0x2c/0xc8 [ 37.332385][ T4218] diMount+0x38/0x66c [ 37.333185][ T4218] jfs_mount_rw+0x250/0x57c [ 37.334085][ T4218] jfs_remount+0x328/0x594 [ 37.334982][ T4218] legacy_reconfigure+0xfc/0x114 [ 37.336033][ T4218] reconfigure_super+0x328/0x738 [ 37.337075][ T4218] path_mount+0xc6c/0xe58 [ 37.337965][ T4218] __arm64_sys_mount+0x45c/0x594 [ 37.338974][ T4218] invoke_syscall+0x98/0x2c0 [ 37.340016][ T4218] el0_svc_common+0x138/0x258 [ 37.341017][ T4218] do_el0_svc+0x64/0x218 [ 37.341971][ T4218] el0_svc+0x58/0x168 [ 37.342768][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 37.343889][ T4218] el0t_64_sync+0x18c/0x190 [ 37.345109][ T4218] jfs_mount_rw: diMount failed! [ 37.349888][ T4218] ------------[ cut here ]------------ [ 37.351040][ T4218] WARNING: CPU: 0 PID: 4218 at mm/slab_common.c:923 free_large_kmalloc+0x34/0x15c [ 37.352953][ T4218] Modules linked in: [ 37.353764][ T4218] CPU: 0 PID: 4218 Comm: syz-executor778 Not tainted 6.1.34-syzkaller #0 [ 37.355425][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.357509][ T4218] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.359187][ T4218] pc : free_large_kmalloc+0x34/0x15c [ 37.360344][ T4218] lr : kfree+0x10c/0x1b8 [ 37.361240][ T4218] sp : ffff80001dbe7880 [ 37.362046][ T4218] x29: ffff80001dbe7880 x28: ffff0000c0b77200 x27: dfff800000000000 [ 37.363775][ T4218] x26: 1fffe0001816ee45 x25: 0000000000000002 x24: ffff0000c0b77220 [ 37.365503][ T4218] x23: ffff0000d6c4a930 x22: dfff800000000000 x21: ffff80000880c87c [ 37.367215][ T4218] x20: ffff0000d8540000 x19: fffffc0003615000 x18: ffff80001dbe7540 [ 37.368955][ T4218] x17: ffff8000155bd000 x16: ffff8000121062b4 x15: ffff8000081c0440 [ 37.370720][ T4218] x14: 1ffff00002ab80b0 x13: ffff700003b7cedc x12: 000000000000000f [ 37.372495][ T4218] x11: ff80800008098054 x10: 0000000000000000 x9 : 0000000003615000 [ 37.374203][ T4218] x8 : ffff800017ed6000 x7 : 0000000000000000 x6 : 000000000000003f [ 37.375855][ T4218] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000030 [ 37.377532][ T4218] x2 : 0000000000000008 x1 : ffff0000d8540000 x0 : fffffc0003615000 [ 37.379126][ T4218] Call trace: [ 37.379775][ T4218] free_large_kmalloc+0x34/0x15c [ 37.380797][ T4218] kfree+0x10c/0x1b8 [ 37.381631][ T4218] diUnmount+0xf4/0x10c [ 37.382529][ T4218] jfs_umount+0x110/0x338 [ 37.383372][ T4218] jfs_put_super+0x90/0x188 [ 37.384380][ T4218] generic_shutdown_super+0x130/0x328 [ 37.385544][ T4218] kill_block_super+0x70/0xdc [ 37.386536][ T4218] deactivate_locked_super+0xac/0x124 [ 37.387625][ T4218] deactivate_super+0xf0/0x110 [ 37.388670][ T4218] cleanup_mnt+0x394/0x41c [ 37.389709][ T4218] __cleanup_mnt+0x20/0x30 [ 37.390767][ T4218] task_work_run+0x240/0x2f0 [ 37.391782][ T4218] do_exit+0x554/0x1a88 [ 37.392724][ T4218] do_group_exit+0x194/0x22c [ 37.393726][ T4218] __wake_up_parent+0x0/0x60 [ 37.394700][ T4218] invoke_syscall+0x98/0x2c0 [ 37.395704][ T4218] el0_svc_common+0x138/0x258 [ 37.396747][ T4218] do_el0_svc+0x64/0x218 [ 37.397663][ T4218] el0_svc+0x58/0x168 [ 37.398554][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 37.399585][ T4218] el0t_64_sync+0x18c/0x190 [ 37.400586][ T4218] irq event stamp: 93196 [ 37.401490][ T4218] hardirqs last enabled at (93195): [] call_rcu+0x614/0xa40 [ 37.403425][ T4218] hardirqs last disabled at (93196): [] el1_dbg+0x24/0x80 [ 37.405077][ T4218] softirqs last enabled at (92086): [] __do_softirq+0xc14/0xea0 [ 37.406724][ T4218] softirqs last disabled at (92013): [] ____do_softirq+0x14/0x20 [ 37.408239][ T4218] ---[ end trace 0000000000000000 ]--- [ 37.409438][ T4218] object pointer: 0x00000000028b1b81 [ 37.410466][ T4218] ================================================================== [ 37.412145][ T4218] BUG: KASAN: double-free in kfree+0x10c/0x1b8 [ 37.413566][ T4218] Free of addr ffff0000d8540000 by task syz-executor778/4218 [ 37.415053][ T4218] [ 37.415475][ T4218] CPU: 0 PID: 4218 Comm: syz-executor778 Tainted: G W 6.1.34-syzkaller #0 [ 37.417492][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.419516][ T4218] Call trace: [ 37.420183][ T4218] dump_backtrace+0x1c8/0x1f4 [ 37.421233][ T4218] show_stack+0x2c/0x3c [ 37.422096][ T4218] dump_stack_lvl+0x108/0x170 [ 37.423012][ T4218] print_report+0x174/0x4c0 [ 37.423972][ T4218] kasan_report_invalid_free+0xc4/0x114 [ 37.425070][ T4218] __kasan_kfree_large+0xa4/0xc0 [ 37.426005][ T4218] free_large_kmalloc+0x70/0x15c [ 37.426940][ T4218] kfree+0x10c/0x1b8 [ 37.427779][ T4218] diUnmount+0xf4/0x10c [ 37.428638][ T4218] jfs_umount+0x110/0x338 [ 37.429517][ T4218] jfs_put_super+0x90/0x188 [ 37.430429][ T4218] generic_shutdown_super+0x130/0x328 [ 37.431543][ T4218] kill_block_super+0x70/0xdc [ 37.432589][ T4218] deactivate_locked_super+0xac/0x124 [ 37.433740][ T4218] deactivate_super+0xf0/0x110 [ 37.434703][ T4218] cleanup_mnt+0x394/0x41c [ 37.435539][ T4218] __cleanup_mnt+0x20/0x30 [ 37.436381][ T4218] task_work_run+0x240/0x2f0 [ 37.437298][ T4218] do_exit+0x554/0x1a88 [ 37.438209][ T4218] do_group_exit+0x194/0x22c [ 37.439159][ T4218] __wake_up_parent+0x0/0x60 [ 37.440043][ T4218] invoke_syscall+0x98/0x2c0 [ 37.441082][ T4218] el0_svc_common+0x138/0x258 [ 37.442074][ T4218] do_el0_svc+0x64/0x218 [ 37.442924][ T4218] el0_svc+0x58/0x168 [ 37.443738][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 37.444793][ T4218] el0t_64_sync+0x18c/0x190 [ 37.445729][ T4218] [ 37.446196][ T4218] The buggy address belongs to the physical page: [ 37.447482][ T4218] page:000000009b8cb9f3 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118540 [ 37.449462][ T4218] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 37.450874][ T4218] raw: 05ffc00000000000 fffffc0003612408 ffff0001b45c82a0 0000000000000000 [ 37.452590][ T4218] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.454440][ T4218] page dumped because: kasan: bad access detected [ 37.455735][ T4218] [ 37.456238][ T4218] Memory state around the buggy address: [ 37.457362][ T4218] ffff0000d853ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.458969][ T4218] ffff0000d853ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.460672][ T4218] >ffff0000d8540000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.462369][ T4218] ^ [ 37.463265][ T4218] ffff0000d8540080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.464836][ T4218] ffff0000d8540100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.466515][ T4218] ================================================================== [ 37.468744][ T4218] Disabling lock debugging due to kernel taint [ 37.469959][ T4218] page:000000009b8cb9f3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118540 [ 37.472154][ T4218] head:000000009b8cb9f3 order:3 compound_mapcount:0 compound_pincount:0 [ 37.473917][ T4218] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 37.475467][ T4218] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900 [ 37.477266][ T4218] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 37.478983][ T4218] page dumped because: VM_BUG_ON_FOLIO(folio_test_slab(folio)) [ 37.480568][ T4218] ------------[ cut here ]------------ [ 37.481665][ T4218] kernel BUG at include/linux/memcontrol.h:379! [ 37.483000][ T4218] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 37.484528][ T4218] Modules linked in: [ 37.485299][ T4218] CPU: 0 PID: 4218 Comm: syz-executor778 Tainted: G B W 6.1.34-syzkaller #0 [ 37.487424][ T4218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.489491][ T4218] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.491155][ T4218] pc : folio_memcg+0x148/0x174 [ 37.492152][ T4218] lr : folio_memcg+0x148/0x174 [ 37.493112][ T4218] sp : ffff80001dbe77f0 [ 37.493985][ T4218] x29: ffff80001dbe77f0 x28: ffff0000c0b77200 x27: dfff800000000000 [ 37.495689][ T4218] x26: 1fffe0001816ee45 x25: 0000000000000002 x24: dfff800000000000 [ 37.497443][ T4218] x23: 1fffff80006c2a01 x22: dfff800000000000 x21: 0000000000000000 [ 37.499089][ T4218] x20: fffffc0003615008 x19: fffffc0003615000 x18: 1fffe000368b5f76 [ 37.500726][ T4218] x17: 0000000000000000 x16: ffff8000121062b4 x15: 0000000000000000 [ 37.502367][ T4218] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 [ 37.504084][ T4218] x11: ff80800008830644 x10: 0000000000000000 x9 : ffff800008830644 [ 37.505848][ T4218] x8 : ffff0000c6303780 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.507495][ T4218] x5 : ffff80001dbe7078 x4 : ffff8000156a2a40 x3 : ffff8000085879f4 [ 37.509125][ T4218] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003c [ 37.510725][ T4218] Call trace: [ 37.511416][ T4218] folio_memcg+0x148/0x174 [ 37.512282][ T4218] __mod_lruvec_page_state+0x110/0x2ec [ 37.513458][ T4218] free_large_kmalloc+0xa8/0x15c [ 37.514538][ T4218] kfree+0x10c/0x1b8 [ 37.515339][ T4218] diUnmount+0xf4/0x10c [ 37.516172][ T4218] jfs_umount+0x110/0x338 [ 37.517003][ T4218] jfs_put_super+0x90/0x188 [ 37.517940][ T4218] generic_shutdown_super+0x130/0x328 [ 37.519094][ T4218] kill_block_super+0x70/0xdc [ 37.520053][ T4218] deactivate_locked_super+0xac/0x124 [ 37.521173][ T4218] deactivate_super+0xf0/0x110 [ 37.522139][ T4218] cleanup_mnt+0x394/0x41c [ 37.523132][ T4218] __cleanup_mnt+0x20/0x30 [ 37.523992][ T4218] task_work_run+0x240/0x2f0 [ 37.524915][ T4218] do_exit+0x554/0x1a88 [ 37.525810][ T4218] do_group_exit+0x194/0x22c [ 37.526754][ T4218] __wake_up_parent+0x0/0x60 [ 37.527718][ T4218] invoke_syscall+0x98/0x2c0 [ 37.528610][ T4218] el0_svc_common+0x138/0x258 [ 37.529616][ T4218] do_el0_svc+0x64/0x218 [ 37.530435][ T4218] el0_svc+0x58/0x168 [ 37.531182][ T4218] el0t_64_sync_handler+0x84/0xf0 [ 37.532289][ T4218] el0t_64_sync+0x18c/0x190 [ 37.533236][ T4218] Code: d004ca41 91320021 aa1303e0 97f9c811 (d4210000) [ 37.534721][ T4218] ---[ end trace 0000000000000000 ]--- [ 37.901848][ T4218] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 37.903249][ T4218] SMP: stopping secondary CPUs [ 37.904214][ T4218] Kernel Offset: disabled [ 37.905081][ T4218] CPU features: 0x00000,02070084,26017203 [ 37.906216][ T4218] Memory Limit: none [ 38.237290][ T4218] Rebooting in 86400 seconds..