Warning: Permanently added '10.128.0.37' (ECDSA) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 37.136880][ T5968] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 37.186918][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.188953][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.191340][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 37.201052][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.202878][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.205213][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 37.211642][ T5970] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5970 'syz-executor862' [ 37.375098][ T5970] loop0: detected capacity change from 0 to 32768 [ 37.377939][ T5970] ======================================================= [ 37.377939][ T5970] WARNING: The mand mount option has been deprecated and [ 37.377939][ T5970] and is ignored by this kernel. Remove the mand [ 37.377939][ T5970] option from the mount to silence this warning. [ 37.377939][ T5970] ======================================================= [ 37.391135][ T5970] FAULT_INJECTION: forcing a failure. [ 37.391135][ T5970] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 37.393997][ T5970] CPU: 1 PID: 5970 Comm: syz-executor862 Not tainted 6.4.0-rc5-syzkaller-g177239177378 #0 [ 37.396179][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.398463][ T5970] Call trace: [ 37.399140][ T5970] dump_backtrace+0x1b8/0x1e4 [ 37.400157][ T5970] show_stack+0x2c/0x44 [ 37.401023][ T5970] dump_stack_lvl+0xd0/0x124 [ 37.402084][ T5970] dump_stack+0x1c/0x28 [ 37.402937][ T5970] should_fail_ex+0x3f8/0x5c4 [ 37.403974][ T5970] should_fail_alloc_page+0x74/0xb8 [ 37.405178][ T5970] prepare_alloc_pages+0x1b0/0x554 [ 37.406414][ T5970] __alloc_pages+0x150/0x698 [ 37.407393][ T5970] alloc_pages+0x4bc/0x7c0 [ 37.408340][ T5970] folio_alloc+0x28/0x6c [ 37.409312][ T5970] filemap_alloc_folio+0xc4/0x470 [ 37.410315][ T5970] do_read_cache_folio+0xd0/0x548 [ 37.411439][ T5970] read_cache_page+0x6c/0x170 [ 37.412508][ T5970] __get_metapage+0x2a0/0x1050 [ 37.413623][ T5970] diMount+0xd4/0x66c [ 37.414512][ T5970] jfs_mount_rw+0x270/0x5b8 [ 37.415537][ T5970] jfs_remount+0x328/0x594 [ 37.416528][ T5970] legacy_reconfigure+0xfc/0x114 [ 37.417611][ T5970] reconfigure_super+0x328/0x738 [ 37.418691][ T5970] path_mount+0xc0c/0xe04 [ 37.419674][ T5970] __arm64_sys_mount+0x45c/0x594 [ 37.420793][ T5970] invoke_syscall+0x98/0x2c0 [ 37.421778][ T5970] el0_svc_common+0x138/0x244 [ 37.422770][ T5970] do_el0_svc+0x64/0x198 [ 37.423728][ T5970] el0_svc+0x4c/0x160 [ 37.424529][ T5970] el0t_64_sync_handler+0x84/0xfc [ 37.425629][ T5970] el0t_64_sync+0x190/0x194 [ 37.426770][ T5970] read_mapping_page failed! [ 37.427841][ T5970] jfs_mount_rw: diMount failed! [ 37.439607][ T5970] ------------[ cut here ]------------ [ 37.440833][ T5970] WARNING: CPU: 1 PID: 5970 at mm/slab_common.c:934 free_large_kmalloc+0x34/0x12c [ 37.442765][ T5970] Modules linked in: [ 37.443566][ T5970] CPU: 1 PID: 5970 Comm: syz-executor862 Not tainted 6.4.0-rc5-syzkaller-g177239177378 #0 [ 37.445573][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.447616][ T5970] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.449206][ T5970] pc : free_large_kmalloc+0x34/0x12c [ 37.450316][ T5970] lr : kfree+0xf8/0x19c [ 37.451162][ T5970] sp : ffff800096c67840 [ 37.452066][ T5970] x29: ffff800096c67840 x28: ffff0000df3ba930 x27: ffff0000df3b9ff0 [ 37.453791][ T5970] x26: ffff0000ccb31a28 x25: ffff0000ccb31a20 x24: 0000000000000000 [ 37.455478][ T5970] x23: ffff0000df3b8d70 x22: dfff800000000000 x21: ffff80008082df98 [ 37.457131][ T5970] x20: ffff0000ce0c8000 x19: fffffc0003383200 x18: ffff800096c67360 [ 37.458924][ T5970] x17: ffff80008debd000 x16: ffff80008a43bfbc x15: ffff8000801ca42c [ 37.460669][ T5970] x14: 1ffff00011bd80ac x13: dfff800000000000 x12: 000000000000000f [ 37.462378][ T5970] x11: 0000000000000000 x10: 0000000000000000 x9 : 05ffc00000000000 [ 37.463976][ T5970] x8 : ffff800090b04000 x7 : 0000000000000000 x6 : 000000000000003f [ 37.465663][ T5970] x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000030 [ 37.467345][ T5970] x2 : 0000000000000008 x1 : ffff0000ce0c8000 x0 : fffffc0003383200 [ 37.469081][ T5970] Call trace: [ 37.469763][ T5970] free_large_kmalloc+0x34/0x12c [ 37.470832][ T5970] kfree+0xf8/0x19c [ 37.471579][ T5970] diUnmount+0xf4/0x10c [ 37.472476][ T5970] jfs_umount+0x15c/0x360 [ 37.473417][ T5970] jfs_put_super+0x90/0x188 [ 37.474521][ T5970] generic_shutdown_super+0x130/0x328 [ 37.475784][ T5970] kill_block_super+0x70/0xdc [ 37.476672][ T5970] deactivate_locked_super+0xac/0x124 [ 37.477645][ T5970] deactivate_super+0xe0/0x100 [ 37.478513][ T5970] cleanup_mnt+0x34c/0x3dc [ 37.479299][ T5970] __cleanup_mnt+0x20/0x30 [ 37.480072][ T5970] task_work_run+0x230/0x2e0 [ 37.480858][ T5970] do_exit+0x63c/0x1f58 [ 37.481672][ T5970] do_group_exit+0x194/0x22c [ 37.482681][ T5970] __wake_up_parent+0x0/0x60 [ 37.483732][ T5970] invoke_syscall+0x98/0x2c0 [ 37.484681][ T5970] el0_svc_common+0x138/0x244 [ 37.485781][ T5970] do_el0_svc+0x64/0x198 [ 37.486697][ T5970] el0_svc+0x4c/0x160 [ 37.487730][ T5970] el0t_64_sync_handler+0x84/0xfc [ 37.488889][ T5970] el0t_64_sync+0x190/0x194 [ 37.489927][ T5970] irq event stamp: 92610 [ 37.490792][ T5970] hardirqs last enabled at (92609): [] call_rcu+0x63c/0xaf4 [ 37.492694][ T5970] hardirqs last disabled at (92610): [] el1_dbg+0x24/0x80 [ 37.494498][ T5970] softirqs last enabled at (91690): [] __do_softirq+0xac0/0xd54 [ 37.496545][ T5970] softirqs last disabled at (91681): [] ____do_softirq+0x14/0x20 [ 37.498504][ T5970] ---[ end trace 0000000000000000 ]--- [ 37.499894][ T5970] object pointer: 0x00000000a77228db [ 37.500997][ T5970] ================================================================== [ 37.502625][ T5970] BUG: KASAN: double-free in kfree+0xf8/0x19c [ 37.503715][ T5970] Free of addr ffff0000ce0c8000 by task syz-executor862/5970 [ 37.504931][ T5970] [ 37.505502][ T5970] CPU: 1 PID: 5970 Comm: syz-executor862 Tainted: G W 6.4.0-rc5-syzkaller-g177239177378 #0 [ 37.507678][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.509643][ T5970] Call trace: [ 37.510312][ T5970] dump_backtrace+0x1b8/0x1e4 [ 37.511291][ T5970] show_stack+0x2c/0x44 [ 37.512077][ T5970] dump_stack_lvl+0xd0/0x124 [ 37.513080][ T5970] print_report+0x174/0x514 [ 37.514127][ T5970] kasan_report_invalid_free+0xc4/0x114 [ 37.515409][ T5970] __kasan_kfree_large+0xa4/0xc0 [ 37.516431][ T5970] free_large_kmalloc+0x64/0x12c [ 37.517506][ T5970] kfree+0xf8/0x19c [ 37.518363][ T5970] diUnmount+0xf4/0x10c [ 37.519255][ T5970] jfs_umount+0x15c/0x360 [ 37.520225][ T5970] jfs_put_super+0x90/0x188 [ 37.521154][ T5970] generic_shutdown_super+0x130/0x328 [ 37.522333][ T5970] kill_block_super+0x70/0xdc [ 37.523331][ T5970] deactivate_locked_super+0xac/0x124 [ 37.524494][ T5970] deactivate_super+0xe0/0x100 [ 37.525629][ T5970] cleanup_mnt+0x34c/0x3dc [ 37.526730][ T5970] __cleanup_mnt+0x20/0x30 [ 37.527674][ T5970] task_work_run+0x230/0x2e0 [ 37.528658][ T5970] do_exit+0x63c/0x1f58 [ 37.529526][ T5970] do_group_exit+0x194/0x22c [ 37.530496][ T5970] __wake_up_parent+0x0/0x60 [ 37.531533][ T5970] invoke_syscall+0x98/0x2c0 [ 37.532523][ T5970] el0_svc_common+0x138/0x244 [ 37.533518][ T5970] do_el0_svc+0x64/0x198 [ 37.534399][ T5970] el0_svc+0x4c/0x160 [ 37.535250][ T5970] el0t_64_sync_handler+0x84/0xfc [ 37.536313][ T5970] el0t_64_sync+0x190/0x194 [ 37.537303][ T5970] [ 37.537837][ T5970] The buggy address belongs to the physical page: [ 37.539141][ T5970] page:0000000070fae8bd refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e0c8 [ 37.541250][ T5970] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 37.542721][ T5970] page_type: 0xffffffff() [ 37.543572][ T5970] raw: 05ffc00000000000 fffffc0003375608 ffff0001b4260020 0000000000000000 [ 37.545332][ T5970] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.547185][ T5970] page dumped because: kasan: bad access detected [ 37.548495][ T5970] [ 37.548941][ T5970] Memory state around the buggy address: [ 37.550155][ T5970] ffff0000ce0c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.551744][ T5970] ffff0000ce0c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.553584][ T5970] >ffff0000ce0c8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.555345][ T5970] ^ [ 37.556245][ T5970] ffff0000ce0c8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.557725][ T5970] ffff0000ce0c8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 37.559072][ T5970] ================================================================== [ 37.560512][ T5970] Disabling lock debugging due to kernel taint [ 37.561539][ T5970] page:0000000070fae8bd refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e0c8 [ 37.563561][ T5970] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 37.565075][ T5970] page_type: 0xffffffff() [ 37.566065][ T5970] raw: 05ffc00000000000 fffffc0003375608 ffff0001b4260020 0000000000000000 [ 37.567919][ T5970] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 37.569730][ T5970] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) [ 37.571438][ T5970] ------------[ cut here ]------------ [ 37.572555][ T5970] kernel BUG at include/linux/mm.h:996! [ 37.573651][ T5970] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 37.575287][ T5970] Modules linked in: [ 37.576204][ T5970] CPU: 1 PID: 5970 Comm: syz-executor862 Tainted: G B W 6.4.0-rc5-syzkaller-g177239177378 #0 [ 37.578477][ T5970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 37.580549][ T5970] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.582164][ T5970] pc : __free_pages+0x15c/0x1cc [ 37.583193][ T5970] lr : __free_pages+0x15c/0x1cc [ 37.584216][ T5970] sp : ffff800096c67800 [ 37.585091][ T5970] x29: ffff800096c67800 x28: ffff0000df3ba930 x27: ffff0000df3b9ff0 [ 37.586787][ T5970] x26: ffff0000ccb31a28 x25: ffff0000ccb31a20 x24: 0000000000000000 [ 37.588570][ T5970] x23: dfff800000000000 x22: 05ffc00000000000 x21: fffffc0003383234 [ 37.590261][ T5970] x20: 0000000000000000 x19: fffffc0003383200 x18: ffff800096c67360 [ 37.591996][ T5970] x17: 0000000000000000 x16: ffff80008a43bfbc x15: 0000000000000001 [ 37.593678][ T5970] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 [ 37.595515][ T5970] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 [ 37.597249][ T5970] x8 : ffff0000c28d8000 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.598946][ T5970] x5 : ffff800096c67078 x4 : ffff80008df9ee80 x3 : ffff8000805974f4 [ 37.600665][ T5970] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000003e [ 37.602376][ T5970] Call trace: [ 37.602984][ T5970] __free_pages+0x15c/0x1cc [ 37.603912][ T5970] free_large_kmalloc+0xc8/0x12c [ 37.604951][ T5970] kfree+0xf8/0x19c [ 37.605706][ T5970] diUnmount+0xf4/0x10c [ 37.606550][ T5970] jfs_umount+0x15c/0x360 [ 37.607376][ T5970] jfs_put_super+0x90/0x188 [ 37.608142][ T5970] generic_shutdown_super+0x130/0x328 [ 37.609047][ T5970] kill_block_super+0x70/0xdc [ 37.609821][ T5970] deactivate_locked_super+0xac/0x124 [ 37.610725][ T5970] deactivate_super+0xe0/0x100 [ 37.611535][ T5970] cleanup_mnt+0x34c/0x3dc [ 37.612324][ T5970] __cleanup_mnt+0x20/0x30 [ 37.613204][ T5970] task_work_run+0x230/0x2e0 [ 37.614175][ T5970] do_exit+0x63c/0x1f58 [ 37.615044][ T5970] do_group_exit+0x194/0x22c [ 37.615993][ T5970] __wake_up_parent+0x0/0x60 [ 37.616909][ T5970] invoke_syscall+0x98/0x2c0 [ 37.617891][ T5970] el0_svc_common+0x138/0x244 [ 37.618843][ T5970] do_el0_svc+0x64/0x198 [ 37.619734][ T5970] el0_svc+0x4c/0x160 [ 37.620588][ T5970] el0t_64_sync_handler+0x84/0xfc [ 37.621688][ T5970] el0t_64_sync+0x190/0x194 [ 37.622615][ T5970] Code: d004ea61 91060021 aa1303e0 97fd8a02 (d4210000) [ 37.624046][ T5970] ---[ end trace 0000000000000000 ]--- [ 37.976159][ T5970] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 37.977741][ T5970] SMP: stopping secondary CPUs [ 37.978725][ T5970] Kernel Offset: disabled [ 37.979586][ T5970] CPU features: 0x0000004,0e008010,c4017203 [ 37.980858][ T5970] Memory Limit: none [ 38.297502][ T5970] Rebooting in 86400 seconds..