Out of memory (oom_kill_allocating_task): Killed process 301 (syz-executor.2) total-vm:93280kB, anon-rss:364kB, file-rss:33940kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:0
------------[ cut here ]------------
kernfs_put: syz7/memory.events.local: released with incorrect active_ref 0
WARNING: CPU: 1 PID: 48 at fs/kernfs/dir.c:531 kernfs_put.part.0+0x433/0x540
------------[ cut here ]------------
Modules linked in:
CPU: 1 PID: 48 Comm: kworker/1:2 Not tainted 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
WARNING: CPU: 0 PID: 211 at fs/kernfs/dir.c:504 kernfs_get.part.0+0x69/0x80
Modules linked in:
RIP: 0010:kernfs_put.part.0+0x433/0x540
CPU: 0 PID: 211 Comm: in:imklog Not tainted 5.19.0-rc4-next-20220701 #1
Code: 03 80 3c 18 00 0f 85 ea 00 00 00 4d 8b 7d 38 e8 53 42 a7 ff 48 8b 14 24 44 89 f1 4c 89 fe 48 c7 c7 a0 58 72 84 e8 97 1c 6c 02 <0f> 0b e9 b9 fc ff ff 48 89 ef e8 8e b6 d9 ff e9 c1 fd ff ff e8 84
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RSP: 0018:ffff88800f26fbd8 EFLAGS: 00010286
RIP: 0010:kernfs_get.part.0+0x69/0x80
Code: 31 ff 89 ee e8 a8 43 a7 ff 85 ed 74 18 e8 cf 46 a7 ff be 04 00 00 00 48 89 df e8 52 be d9 ff f0 ff 03 5b 5d c3 e8 b7 46 a7 ff <0f> 0b eb df 48 89 df e8 fb ba d9 ff eb c6 66 0f 1f 84 00 00 00 00
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
RSP: 0018:ffff88806ce09c80 EFLAGS: 00010046
RDX: ffff88800f260000 RSI: ffffffff812b6848 RDI: ffffed1001e4df6d
RBP: ffff88803e889120 R08: 0000000000000005 R09: 0000000000000000
RAX: 0000000000000000 RBX: ffff88803e8890e8 RCX: 0000000000000100
RDX: ffff88800f9e5040 RSI: ffffffff819d2579 RDI: 0000000000000005
R10: 0000000080000000 R11: 0000000000000001 R12: ffff88803e8890e8
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888010029740 R14: 0000000000000000 R15: ffff8880440f92d0
R13: 1ffffffff0a01e40 R14: ffff88803e8890e8 R15: ffff8880453784f0
FS: 0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
FS: 00007f8f10781700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8922dcd65e CR3: 000000003a56e000 CR4: 0000000000350ee0
CR2: 00007f23a0761116 CR3: 000000000cb7e000 CR4: 0000000000350ef0
Call Trace:
Call Trace:
kernfs_get+0x1b/0x30
kernfs_put+0x42/0x50
kernfs_notify+0x180/0x350
kernfs_notify_workfn+0x417/0x560
cgroup_file_notify+0xf5/0x1a0
call_timer_fn+0x17d/0x5f0
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
__run_timers.part.0+0x65e/0xa50
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
run_timer_softirq+0xae/0x1a0
__do_softirq+0x1c8/0x8cc
irq event stamp: 457453
hardirqs last enabled at (457459): [] vprintk_emit+0x4fe/0x550
__irq_exit_rcu+0x113/0x170
hardirqs last disabled at (457468): [] console_emit_next_record.constprop.0+0x667/0x800
irq_exit_rcu+0x5/0x20
softirqs last enabled at (454320): [] inode_switch_wbs_work_fn+0xa8b/0x1b00
sysvec_apic_timer_interrupt+0x8e/0xc0
softirqs last disabled at (454316): [] wb_wakeup+0x23/0xd0
---[ end trace 0000000000000000 ]---
==================================================================
asm_sysvec_apic_timer_interrupt+0x1b/0x20
BUG: KASAN: use-after-free in llist_del_first+0x89/0xa0
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60
Read of size 8 at addr ffff88803e889080 by task kworker/1:2/48
Code: 48 89 ef 5d e9 d1 d4 31 00 be 03 00 00 00 5d e9 c6 69 c3 00 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 <65> 8b 05 49 02 be 7e 89 c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b
CPU: 1 PID: 48 Comm: kworker/1:2 Tainted: G W 5.19.0-rc4-next-20220701 #1
RSP: 0018:ffff88800fe4f1b0 EFLAGS: 00000293
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81659c07
Call Trace:
RDX: ffff88800f9e5040 RSI: 0000000000000000 RDI: 0000000000000004
dump_stack_lvl+0x8b/0xb3
RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000000000
print_report.cold+0x5e/0x5e1
R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000002
R13: dffffc0000000000 R14: ffff88800e7d2000 R15: ffffed1001cfa419
kasan_report+0xb1/0x1b0
count_shadow_nodes+0x499/0x7f0
llist_del_first+0x89/0xa0
do_shrink_slab+0x83/0xb00
kernfs_notify_workfn+0x78/0x560
shrink_slab+0x3d7/0x6e0
process_one_work+0xa0f/0x1690
shrink_node+0x892/0x1d10
do_try_to_free_pages+0x3c7/0x1670
worker_thread+0x637/0x1250
kthread+0x2ed/0x3a0
try_to_free_pages+0x290/0x7a0
ret_from_fork+0x22/0x30
__alloc_pages_slowpath.constprop.0+0x842/0x1fa0
Allocated by task 302:
kasan_save_stack+0x1e/0x40
__kasan_slab_alloc+0x66/0x80
kmem_cache_alloc+0x1b1/0x490
__kernfs_new_node+0xd4/0x8b0
__alloc_pages+0x421/0x4f0
kernfs_new_node+0x93/0x120
__kernfs_create_file+0x51/0x350
cgroup_addrm_files+0x3e2/0x9d0
alloc_pages+0x1a0/0x2f0
css_populate_dir+0x19b/0x450
filemap_alloc_folio+0x2ce/0x360
cgroup_apply_control_enable+0x3ae/0xa40
cgroup_mkdir+0x824/0x11f0
__filemap_get_folio+0x2fb/0xd20
kernfs_iop_mkdir+0x149/0x1d0
vfs_mkdir+0x417/0x6a0
filemap_fault+0x1535/0x2270
do_mkdirat+0x17b/0x2e0
__x64_sys_mkdir+0xf2/0x140
__do_fault+0x10d/0x590
do_syscall_64+0x3b/0x90
__handle_mm_fault+0x135a/0x34f0
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Freed by task 48:
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
handle_mm_fault+0x2e6/0xa10
kasan_set_free_info+0x20/0x30
do_user_addr_fault+0x536/0x1300
__kasan_slab_free+0x108/0x190
exc_page_fault+0x98/0x1a0
kmem_cache_free+0xfb/0x600
asm_exc_page_fault+0x27/0x30
kernfs_put.part.0+0x2c7/0x540
RIP: 0033:0x7f8f111c408c
kernfs_put+0x42/0x50
Code: Unable to access opcode bytes at RIP 0x7f8f111c4062.
kernfs_notify_workfn+0x417/0x560
RSP: 002b:00007f8f107604d0 EFLAGS: 00010246
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
RAX: 00000000000016a6 RBX: 0000000000000000 RCX: 00007f8f111c408c
kthread+0x2ed/0x3a0
RDX: 0000000000001fa0 RSI: 00007f8f10760d00 RDI: 0000000000000005
ret_from_fork+0x22/0x30
RBP: 000055fcba61e4c0 R08: 0000000000000000 R09: 000055fcba61ae88
The buggy address belongs to the object at ffff88803e889000
which belongs to the cache kernfs_node_cache of size 168
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f10760d00
The buggy address is located 128 bytes inside of
168-byte region [ffff88803e889000, ffff88803e8890a8)
R13: 0000000000001fa0 R14: 00007f8f10760d00 R15: 00007f8f10760d45
The buggy address belongs to the physical page:
page:000000003b4ffca3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3e889
irq event stamp: 17733
flags: 0x100000000000200(slab|node=0|zone=1)
hardirqs last enabled at (17732): [] _raw_spin_unlock_irq+0x1f/0x40
raw: 0100000000000200 0000000000000000 dead000000000122 ffff8880080718c0
hardirqs last disabled at (17733): [] _raw_spin_lock_irqsave+0x4e/0x50
raw: 0000000000000000 0000000000110011 00000001ffffffff 0000000000000000
softirqs last enabled at (17532): [] __irq_exit_rcu+0x113/0x170
page dumped because: kasan: bad access detected
softirqs last disabled at (17725): [] __irq_exit_rcu+0x113/0x170
Memory state around the buggy address:
---[ end trace 0000000000000000 ]---
ffff88803e888f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88803e889000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88803e889080: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb
^
ffff88803e889100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88803e889180: fb fb fc fc fc fc fc fc fc fc 00 00 00 00 00 00
==================================================================
systemd-journal invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=-250
CPU: 0 PID: 111 Comm: systemd-journal Tainted: G B W 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
dump_header+0x10b/0x7e4
oom_kill_process.cold+0x10/0x15
out_of_memory+0x11e7/0x14b0
__alloc_pages_slowpath.constprop.0+0x194b/0x1fa0
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
filemap_alloc_folio+0x2ce/0x360
__filemap_get_folio+0x2fb/0xd20
filemap_fault+0x1535/0x2270
__do_fault+0x10d/0x590
__handle_mm_fault+0x135a/0x34f0
handle_mm_fault+0x2e6/0xa10
do_user_addr_fault+0x536/0x1300
exc_page_fault+0x98/0x1a0
asm_exc_page_fault+0x27/0x30
RIP: 0033:0x7f23a0761116
Code: Unable to access opcode bytes at RIP 0x7f23a07610ec.
RSP: 002b:00007ffec8a851a0 EFLAGS: 00010293
RAX: 0000000000000001 RBX: 000055a569787360 RCX: 00007f23a0761116
RDX: 0000000000000014 RSI: 000055a56978d960 RDI: 0000000000000008
RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007ffec8b91080
R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000000
Mem-Info:
active_anon:999 inactive_anon:47353 isolated_anon:0
active_file:29 inactive_file:13 isolated_file:0
unevictable:0 dirty:0 writeback:0
slab_reclaimable:8646 slab_unreclaimable:59126
mapped:69650 shmem:112 pagetables:902 bounce:0
kernel_misc_reclaimable:0
free:2693 free_pcp:353 free_cma:0
Node 0 active_anon:3996kB inactive_anon:189412kB active_file:116kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278600kB dirty:0kB writeback:0kB shmem:448kB writeback_tmp:0kB kernel_stack:4256kB pagetables:3608kB all_unreclaimable? yes
Node 0 DMA free:6480kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:4292kB boost:0kB min:5120kB low:6772kB high:8424kB reserved_highatomic:4096KB active_anon:3996kB inactive_anon:189412kB active_file:80kB inactive_file:52kB unevictable:0kB writepending:0kB present:2080640kB managed:1658292kB mlocked:0kB bounce:0kB free_pcp:1412kB local_pcp:572kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB
Node 0 DMA32: 371*4kB (MEH) 117*8kB (M) 61*16kB (M) 18*32kB (M) 3*64kB (UMH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4292kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
149 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105745 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 18KB 18KB
fib6_nodes 28KB 28KB
ip6_dst_cache 26KB 26KB
RAWv6 126KB 126KB
UDPLITEv6 31KB 31KB
UDPv6 62KB 62KB
TCPv6 62KB 62KB
scsi_sense_cache 8KB 8KB
virtio_scsi_cmd 16KB 16KB
bio-120 7KB 7KB
sgpool-128 59KB 59KB
sgpool-64 63KB 63KB
sgpool-32 47KB 47KB
sgpool-16 15KB 15KB
sgpool-8 37KB 37KB
mqueue_inode_cache 60KB 60KB
nfs_commit_data 15KB 15KB
nfs_write_data 47KB 47KB
jbd2_inode 7KB 7KB
ext4_system_zone 3KB 3KB
ext4_io_end_vec 7KB 7KB
ext4_bio_post_read_ctx 15KB 15KB
pid_namespace 7KB 7KB
rpc_buffers 31KB 31KB
rpc_tasks 3KB 3KB
UNIX-STREAM 244KB 352KB
UNIX 174KB 256KB
tcp_bind_bucket 8KB 8KB
ip_fib_trie 8KB 8KB
ip_fib_alias 15KB 15KB
ip_dst_cache 8KB 8KB
RAW 31KB 31KB
UDP 106KB 189KB
request_sock_TCP 15KB 15KB
TCP 58KB 58KB
hugetlbfs_inode_cache 31KB 31KB
bio-248 11KB 11KB
ep_head 8KB 8KB
eventpoll_pwq 19KB 19KB
eventpoll_epi 31KB 31KB
inotify_inode_mark 19KB 19KB
request_queue 63KB 63KB
blkdev_ioc 4KB 4KB
bio-184 36KB 36KB
biovec-max 505KB 565KB
biovec-64 157KB 157KB
biovec-16 18KB 18KB
uid_cache 7KB 7KB
dmaengine-unmap-2 4KB 4KB
audit_buffer 7KB 7KB
skbuff_fclone_cache 90KB 120KB
skbuff_head_cache 977KB 1008KB
file_lock_cache 35KB 59KB
file_lock_ctx 7KB 7KB
fsnotify_mark_connector 12KB 12KB
taskstats 15KB 15KB
proc_dir_entry 311KB 311KB
pde_opener 7KB 7KB
seq_file 48KB 48KB
sigqueue 35KB 35KB
shmem_inode_cache 1282KB 1299KB
kernfs_iattrs_cache 277KB 277KB
kernfs_node_cache 5218KB 5218KB
mnt_cache 133KB 133KB
filp 1128KB 1365KB
names_cache 6999KB 8478KB
net_namespace 63KB 63KB
hashtab_node 278KB 278KB
ebitmap_node 1149KB 1149KB
avtab_node 4976KB 4976KB
avc_node 31KB 31KB
lsm_inode_cache 3315KB 3324KB
lsm_file_cache 59KB 96KB
key_jar 31KB 31KB
uts_namespace 15KB 15KB
nsproxy 7KB 7KB
vm_area_struct 634KB 1173KB
mm_struct 206KB 283KB
fs_cache 40KB 40KB
files_cache 164KB 175KB
signal_cache 278KB 394KB
sighand_cache 330KB 330KB
task_struct 1123KB 1310KB
cred_jar 87KB 128KB
anon_vma_chain 139KB 212KB
anon_vma 192KB 192KB
pid 74KB 75KB
Acpi-Operand 92KB 154KB
Acpi-ParseExt 31KB 31KB
Acpi-Parse 55KB 71KB
Acpi-State 35KB 51KB
Acpi-Namespace 28KB 28KB
numa_policy 3KB 3KB
perf_event 63KB 63KB
trace_event_file 175KB 175KB
ftrace_event_field 308KB 308KB
pool_workqueue 32KB 32KB
maple_node 1129KB 3672KB
task_group 8KB 8KB
vmap_area 35KB 35KB
page->ptl 118KB 161KB
kmemleak_scan_area 19KB 19KB
kmemleak_object 138011KB 147592KB
kmalloc-cg-8k 64KB 64KB
kmalloc-cg-4k 2104KB 2272KB
kmalloc-cg-2k 1760KB 1760KB
kmalloc-cg-1k 416KB 416KB
kmalloc-cg-512 233KB 256KB
kmalloc-cg-256 32KB 32KB
kmalloc-cg-192 36KB 36KB
kmalloc-cg-128 36KB 36KB
kmalloc-cg-96 16KB 16KB
kmalloc-cg-64 16KB 16KB
kmalloc-cg-32 46KB 60KB
kmalloc-cg-16 8KB 8KB
kmalloc-cg-8 15KB 15KB
kmalloc-8k 5216KB 5216KB
kmalloc-4k 3152KB 3296KB
kmalloc-2k 2976KB 3264KB
kmalloc-1k 7296KB 7296KB
kmalloc-512 4521KB 4656KB
kmalloc-256 996KB 1008KB
kmalloc-192 487KB 492KB
kmalloc-128 256KB 256KB
kmalloc-96 432KB 436KB
kmalloc-64 1327KB 1340KB
kmalloc-32 447KB 516KB
kmalloc-16 322KB 324KB
kmalloc-8 258KB 258KB
kmem_cache_node 51KB 51KB
kmem_cache 78KB 78KB
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=111,uid=0
Out of memory (oom_kill_allocating_task): Killed process 111 (systemd-journal) total-vm:31944kB, anon-rss:860kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:76kB oom_score_adj:-250
syz-executor.2: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0
CPU: 0 PID: 4022 Comm: syz-executor.2 Tainted: G B W 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
warn_alloc.cold+0x95/0x18a
__alloc_pages_slowpath.constprop.0+0x1ad9/0x1fa0
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
relay_open_buf.part.0+0x2a4/0xc00
relay_open+0x4ec/0x970
do_blk_trace_setup+0x4bc/0xb60
__blk_trace_setup+0xca/0x180
blk_trace_setup+0x43/0x60
sg_ioctl+0x6a8/0x2820
__x64_sys_ioctl+0x196/0x210
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f8922e20b19
Code: Unable to access opcode bytes at RIP 0x7f8922e20aef.
RSP: 002b:00007f8920396188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8922f33f60 RCX: 00007f8922e20b19
RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000005
RBP: 00007f8922e7af6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb887c16f R14: 00007f8920396300 R15: 0000000000022000
Mem-Info:
active_anon:999 inactive_anon:47353 isolated_anon:0
active_file:8 inactive_file:29 isolated_file:0
unevictable:0 dirty:0 writeback:0
slab_reclaimable:8646 slab_unreclaimable:59126
mapped:69650 shmem:112 pagetables:902 bounce:0
kernel_misc_reclaimable:0
free:1666 free_pcp:0 free_cma:0
Node 0 active_anon:3996kB inactive_anon:189412kB active_file:32kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278600kB dirty:0kB writeback:0kB shmem:448kB writeback_tmp:0kB kernel_stack:4256kB pagetables:3608kB all_unreclaimable? no
Node 0 DMA free:6480kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:184kB boost:0kB min:5120kB low:6772kB high:8424kB reserved_highatomic:4096KB active_anon:3996kB inactive_anon:189412kB active_file:80kB inactive_file:52kB unevictable:0kB writepending:0kB present:2080640kB managed:1658292kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6480kB
Node 0 DMA32: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
149 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105745 pages reserved
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL
systemd[1]: systemd-journald.service: Failed with result 'oom-kill'.
systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
blktrace: Concurrent blktraces are not allowed on sg0
systemd[1]: Stopping Flush Journal to Persistent Storage...
systemd[1]: systemd-journal-flush.service: Succeeded.
systemd[1]: Stopped Flush Journal to Persistent Storage.
systemd[1]: Stopped Journal Service.
systemd[1]: Starting Journal Service...
systemd[1]: Starting Load/Save RF Kill Switch Status...
systemd[1]: Started Load/Save RF Kill Switch Status.
systemd-journald[4049]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing.
systemd[1]: Started Journal Service.
systemd-journald[4049]: Received client request to flush runtime journal.
nfs: Unknown parameter '&&{#'
loop0: detected capacity change from 0 to 264192
audit: type=1400 audit(1656889074.957:10): avc: denied { block_suspend } for pid=4085 comm="syz-executor.7" capability=36 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
general protection fault, probably for non-canonical address 0x3c7e7de00000008: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 PID: 4086 Comm: syz-executor.7 Tainted: G B W 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:qlist_free_all+0xaf/0x190
Code: 80 4c 01 c2 0f 82 f0 00 00 00 48 c7 c0 00 00 00 80 48 2b 05 53 36 7c 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 31 36 7c 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48
RSP: 0018:ffff88801c0dfa30 EFLAGS: 00010207
RAX: 03c7e7de00000000 RBX: f1ff000000000000 RCX: 1ffffffff0b1d44d
RDX: f1ff000080000000 RSI: 0000000000000008 RDI: ffffffff81764e81
RBP: 0000000000000000 R08: f1ff000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88801c0dfa70 R14: 0000000000000000 R15: ffff8880149e31a2
FS: 00007fd764f40700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000c000 CR3: 000000003a14e000 CR4: 0000000000350ee0
Call Trace:
kasan_quarantine_reduce+0x180/0x200
__kasan_slab_alloc+0x78/0x80
kmem_cache_alloc_trace+0x1a1/0x3d0
device_add+0x10e9/0x1ec0
wakeup_source_device_create+0x220/0x2b0
wakeup_source_sysfs_add+0x1a/0x90
wakeup_source_register+0x99/0x130
ep_create_wakeup_source+0x1c0/0x2b0
do_epoll_ctl+0x19c1/0x2da0
__x64_sys_epoll_ctl+0x13f/0x1c0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fd7679cab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd764f40188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
RAX: ffffffffffffffda RBX: 00007fd767addf60 RCX: 00007fd7679cab19
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 00007fd767a24f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc5ee7a2bf R14: 00007fd764f40300 R15: 0000000000022000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:qlist_free_all+0xaf/0x190
Code: 80 4c 01 c2 0f 82 f0 00 00 00 48 c7 c0 00 00 00 80 48 2b 05 53 36 7c 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 31 36 7c 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48
RSP: 0018:ffff88801c0dfa30 EFLAGS: 00010207
RAX: 03c7e7de00000000 RBX: f1ff000000000000 RCX: 1ffffffff0b1d44d
RDX: f1ff000080000000 RSI: 0000000000000008 RDI: ffffffff81764e81
RBP: 0000000000000000 R08: f1ff000000000000 R09: 0000000000000000
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4086 at mm/kasan/shadow.c:134 kasan_unpoison+0x42/0x50
Modules linked in:
CPU: 1 PID: 4086 Comm: syz-executor.7 Tainted: G B D W 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:kasan_unpoison+0x42/0x50
Code: 89 fb 48 83 c6 01 e8 7d fe ff ff 48 89 e8 83 e0 07 74 14 48 ba 00 00 00 00 00 fc ff df 48 01 eb 48 c1 eb 03 88 04 13 5b 5d c3 <0f> 0b c3 66 66 2e 0f 1f 84 00 00 00 00 00 41 57 48 89 f8 41 56 48
RSP: 0018:ffff88806cf09a50 EFLAGS: 00010202
RAX: ffff8880149e31a2 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000170 RDI: ffff8880149e31a2
RBP: ffff88800784f780 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff8880149e31a2
R13: 0000000000092820 R14: 0000000000092820 R15: 0000000000092820
FS: 00007fd764f40700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000c000 CR3: 000000003a14e000 CR4: 0000000000350ee0
Call Trace:
__kasan_slab_alloc+0x2c/0x80
kmem_cache_alloc+0x1b1/0x490
__create_object.isra.0+0x3d/0xc10
kmem_cache_alloc_node+0x255/0x4a0
__alloc_skb+0x20c/0x340
__netdev_alloc_skb+0x72/0x3e0
__ieee80211_beacon_get+0x387/0x12d0
ieee80211_beacon_get_tim+0x95/0x4e0
mac80211_hwsim_beacon_tx+0x1a7/0xa10
__iterate_interfaces+0x2d3/0x560
ieee80211_iterate_active_interfaces_atomic+0x70/0x180
mac80211_hwsim_beacon+0xfd/0x200
__hrtimer_run_queues+0x5de/0xbc0
hrtimer_run_softirq+0x172/0x340
__do_softirq+0x1c8/0x8cc
__irq_exit_rcu+0x113/0x170
irq_exit_rcu+0x5/0x20
sysvec_apic_timer_interrupt+0x8e/0xc0
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:console_emit_next_record.constprop.0+0x4c8/0x800
Code: 83 e2 07 38 d0 7f 08 84 c0 0f 85 d5 02 00 00 88 5d 00 e8 db 3e 00 00 31 ff 4c 89 f6 e8 91 3f 19 00 4d 85 f6 0f 85 76 01 00 00 93 42 19 00 48 b8 00 00 00 00 00 fc ff df 48 03 04 24 48 c7 00
RSP: 0018:ffff88801c0df520 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: 1ffffffff0b1d44d
RDX: 0000000000000000 RSI: ffffffff812b2b13 RDI: ffffffff812b2b18
RBP: ffff88801c0df6c8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff86da8ba0 R14: 0000000000000200 R15: ffffffff8549fcf8
console_unlock+0x36c/0x590
vprintk_emit+0x1b9/0x550
vprintk+0x80/0x90
_printk+0xba/0xed
__show_regs.cold+0x182/0x481
oops_end+0x77/0xc0
exc_general_protection+0x121/0x210
asm_exc_general_protection+0x27/0x30
RIP: 0010:qlist_free_all+0xaf/0x190
Code: 80 4c 01 c2 0f 82 f0 00 00 00 48 c7 c0 00 00 00 80 48 2b 05 53 36 7c 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 31 36 7c 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48
RSP: 0018:ffff88801c0dfa30 EFLAGS: 00010207
RAX: 03c7e7de00000000 RBX: f1ff000000000000 RCX: 1ffffffff0b1d44d
RDX: f1ff000080000000 RSI: 0000000000000008 RDI: ffffffff81764e81
RBP: 0000000000000000 R08: f1ff000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88801c0dfa70 R14: 0000000000000000 R15: ffff8880149e31a2
kasan_quarantine_reduce+0x180/0x200
__kasan_slab_alloc+0x78/0x80
kmem_cache_alloc_trace+0x1a1/0x3d0
device_add+0x10e9/0x1ec0
wakeup_source_device_create+0x220/0x2b0
wakeup_source_sysfs_add+0x1a/0x90
wakeup_source_register+0x99/0x130
ep_create_wakeup_source+0x1c0/0x2b0
do_epoll_ctl+0x19c1/0x2da0
__x64_sys_epoll_ctl+0x13f/0x1c0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fd7679cab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd764f40188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
RAX: ffffffffffffffda RBX: 00007fd767addf60 RCX: 00007fd7679cab19
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 00007fd767a24f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc5ee7a2bf R14: 00007fd764f40300 R15: 0000000000022000
irq event stamp: 0
hardirqs last enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [] copy_process+0x1db6/0x6d60
softirqs last enabled at (0): [] copy_process+0x1dfa/0x6d60
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4086 at kernel/rcu/tree.c:2776 call_rcu+0x6c6/0xa20
Modules linked in:
CPU: 1 PID: 4086 Comm: syz-executor.7 Tainted: G B D W 5.19.0-rc4-next-20220701 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:call_rcu+0x6c6/0xa20
Code: c1 ea 03 80 3c 02 00 0f 85 c0 02 00 00 48 8b 85 a0 00 00 00 48 85 c0 0f 85 37 fa ff ff 4c 89 ff e8 bf d0 00 00 e9 2a fa ff ff <0f> 0b e9 50 f9 ff ff e8 0e 2e ff ff e9 05 fc ff ff e8 b4 f9 45 00
RSP: 0018:ffff88806cf09bf0 EFLAGS: 00010202
RAX: 0000000000000000 RBX: ffff8880149e3222 RCX: ffffffff817a3d65
RDX: 1ffff1100293c63c RSI: ffffffff817a3680 RDI: 0000000000000002
RBP: ffff88806cf09c78 R08: 0000000000000001 R09: ffff8880149e3235
R10: ffffed100293c646 R11: 0000000000000001 R12: ffffffff817a3680
R13: ffffffff833704cf R14: 0000000000005a74 R15: ffff888008076dc0
FS: 00007fd764f40700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000c000 CR3: 000000003a14e000 CR4: 0000000000350ee0
Call Trace:
kmem_cache_free+0xc1/0x600
kfree_skbmem+0xef/0x1b0
consume_skb+0xcf/0x160
mac80211_hwsim_tx_frame+0x1f6/0x2a0
mac80211_hwsim_beacon_tx+0x53b/0xa10
__iterate_interfaces+0x2d3/0x560
ieee80211_iterate_active_interfaces_atomic+0x70/0x180
mac80211_hwsim_beacon+0xfd/0x200
__hrtimer_run_queues+0x5de/0xbc0
hrtimer_run_softirq+0x172/0x340
__do_softirq+0x1c8/0x8cc
__irq_exit_rcu+0x113/0x170
irq_exit_rcu+0x5/0x20
sysvec_apic_timer_interrupt+0x8e/0xc0
asm_sysvec_apic_timer_interrupt+0x1b/0x20
RIP: 0010:console_emit_next_record.constprop.0+0x4c8/0x800
Code: 83 e2 07 38 d0 7f 08 84 c0 0f 85 d5 02 00 00 88 5d 00 e8 db 3e 00 00 31 ff 4c 89 f6 e8 91 3f 19 00 4d 85 f6 0f 85 76 01 00 00 93 42 19 00 48 b8 00 00 00 00 00 fc ff df 48 03 04 24 48 c7 00
RSP: 0018:ffff88801c0df520 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: 1ffffffff0b1d44d
RDX: 0000000000000000 RSI: ffffffff812b2b13 RDI: ffffffff812b2b18
RBP: ffff88801c0df6c8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff86da8ba0 R14: 0000000000000200 R15: ffffffff8549fcf8
console_unlock+0x36c/0x590
vprintk_emit+0x1b9/0x550
vprintk+0x80/0x90
_printk+0xba/0xed
__show_regs.cold+0x182/0x481
oops_end+0x77/0xc0
exc_general_protection+0x121/0x210
asm_exc_general_protection+0x27/0x30
RIP: 0010:qlist_free_all+0xaf/0x190
Code: 80 4c 01 c2 0f 82 f0 00 00 00 48 c7 c0 00 00 00 80 48 2b 05 53 36 7c 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 31 36 7c 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48
RSP: 0018:ffff88801c0dfa30 EFLAGS: 00010207
RAX: 03c7e7de00000000 RBX: f1ff000000000000 RCX: 1ffffffff0b1d44d
RDX: f1ff000080000000 RSI: 0000000000000008 RDI: ffffffff81764e81
RBP: 0000000000000000 R08: f1ff000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88801c0dfa70 R14: 0000000000000000 R15: ffff8880149e31a2
kasan_quarantine_reduce+0x180/0x200
__kasan_slab_alloc+0x78/0x80
kmem_cache_alloc_trace+0x1a1/0x3d0
device_add+0x10e9/0x1ec0
wakeup_source_device_create+0x220/0x2b0
wakeup_source_sysfs_add+0x1a/0x90
wakeup_source_register+0x99/0x130
ep_create_wakeup_source+0x1c0/0x2b0
do_epoll_ctl+0x19c1/0x2da0
__x64_sys_epoll_ctl+0x13f/0x1c0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fd7679cab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd764f40188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
RAX: ffffffffffffffda RBX: 00007fd767addf60 RCX: 00007fd7679cab19
RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000005
RBP: 00007fd767a24f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc5ee7a2bf R14: 00007fd764f40300 R15: 0000000000022000
irq event stamp: 0
hardirqs last enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [] copy_process+0x1db6/0x6d60
softirqs last enabled at (0): [] copy_process+0x1dfa/0x6d60
softirqs last disabled at (0): [<0000000000000000>] 0x0
---[ end trace 0000000000000000 ]---
R10: 0000000000000000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff88801c0dfa70 R14: 0000000000000000 R15: ffff8880149e31a2
FS: 00007fd764f40700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000c000 CR3: 000000003a14e000 CR4: 0000000000350ee0
nfs: Unknown parameter '&&{#'
nfs: Unknown parameter '&&{#'
----------------
Code disassembly (best guess):
0: 48 89 ef mov %rbp,%rdi
3: 5d pop %rbp
4: e9 d1 d4 31 00 jmpq 0x31d4da
9: be 03 00 00 00 mov $0x3,%esi
e: 5d pop %rbp
f: e9 c6 69 c3 00 jmpq 0xc369da
14: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
1a: 48 8b be a8 01 00 00 mov 0x1a8(%rsi),%rdi
21: e8 b4 ff ff ff callq 0xffffffda
26: 31 c0 xor %eax,%eax
28: c3 retq
29: 90 nop
* 2a: 65 8b 05 49 02 be 7e mov %gs:0x7ebe0249(%rip),%eax # 0x7ebe027a <-- trapping instruction
31: 89 c1 mov %eax,%ecx
33: 48 8b 34 24 mov (%rsp),%rsi
37: 81 e1 00 01 00 00 and $0x100,%ecx
3d: 65 gs
3e: 48 rex.W
3f: 8b .byte 0x8b