./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2676636170 <...> Warning: Permanently added '10.128.1.121' (ED25519) to the list of known hosts. execve("./syz-executor2676636170", ["./syz-executor2676636170"], 0x7fffea0dd160 /* 10 vars */) = 0 brk(NULL) = 0x555587160000 brk(0x555587160d00) = 0x555587160d00 arch_prctl(ARCH_SET_FS, 0x555587160380) = 0 set_tid_address(0x555587160650) = 5831 set_robust_list(0x555587160660, 24) = 0 rseq(0x555587160ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2676636170", 4096) = 28 getrandom("\x19\x1a\x02\x59\xed\x72\xd5\x19", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555587160d00 brk(0x555587181d00) = 0x555587181d00 brk(0x555587182000) = 0x555587182000 mprotect(0x7ff653ba5000, 16384, PROT_READ) = 0 mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000 mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000 mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5832 attached [pid 5832] set_robust_list(0x555587160660, 24 [pid 5831] <... clone resumed>, child_tidptr=0x555587160650) = 5832 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5832] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5832] getppid() = 0 [pid 5832] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5832] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5832] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5832] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5832] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5832] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5832] unshare(CLONE_NEWNS) = 0 [pid 5832] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5832] unshare(CLONE_NEWIPC) = 0 [pid 5832] unshare(CLONE_NEWCGROUP) = 0 [pid 5832] unshare(CLONE_NEWUTS) = 0 [pid 5832] unshare(CLONE_SYSVSEM) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "16777216", 8) = 8 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "536870912", 9) = 9 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1024", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "8192", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1024", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1024", 4) = 4 [pid 5832] close(3) = 0 [pid 5832] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5832] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5832] close(3) = 0 [pid 5832] getpid() = 1 [pid 5832] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5836] set_robust_list(0x555587160660, 24 [pid 5832] <... clone resumed>, child_tidptr=0x555587160650) = 2 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] write(1, "executing program\n", 18executing program ) = 18 [pid 5836] memfd_create("syzkaller", 0) = 3 [pid 5836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff64b600000 [pid 5836] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5836] munmap(0x7ff64b600000, 138412032) = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5836] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] mkdir("./file0", 0777) = 0 [ 75.921001][ T5836] loop0: detected capacity change from 0 to 512 [ 75.949643][ T5836] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [pid 5836] mount("/dev/loop0", "./file0", "ext4", 0, "user_xattr,grpjquota=,nodelalloc,,errors=continue") = 0 [pid 5836] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5836] chdir("./file0") = 0 [pid 5836] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5836] fanotify_init(FAN_CLASS_PRE_CONTENT, O_RDONLY|O_NOATIME) = 4 [pid 5836] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = -1 EISDIR (Is a directory) [pid 5836] openat(AT_FDCWD, "/proc/self/fd/3", O_RDONLY) = 5 [pid 5836] fanotify_mark(4, FAN_MARK_ADD, FAN_ACCESS|FAN_CLOSE_NOWRITE|FAN_EVENT_ON_CHILD|0x100000, 5, NULL) = 0 [pid 5836] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0777) = 6 [pid 5836] mmap(0x400000000000, 4096, PROT_EXEC, MAP_SHARED|MAP_FIXED, 6, 0) = 0x400000000000 [ 75.975363][ T5836] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.988187][ T5836] ext4 filesystem being mounted at /file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5836] clone(child_stack=0xfffffe10, flags=0./strace-static-x86_64: Process 5840 attached [pid 5840] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffe10} --- [pid 5836] <... clone resumed>) = 3 [pid 5836] close(3) = 0 [pid 5836] close(4) = 0 [pid 5836] close(5) = 0 [pid 5836] close(6) = 0 [pid 5836] close(7) = -1 EBADF (Bad file descriptor) [pid 5836] close(8) = -1 EBADF (Bad file descriptor) [pid 5836] close(9) = -1 EBADF (Bad file descriptor) [pid 5836] close(10) = -1 EBADF (Bad file descriptor) [pid 5836] close(11) = -1 EBADF (Bad file descriptor) [pid 5836] close(12) = -1 EBADF (Bad file descriptor) [ 76.012415][ T29] audit: type=1800 audit(1740497929.539:2): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor267" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 76.033522][ T29] audit: type=1800 audit(1740497929.549:3): pid=5836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor267" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 76.063033][ T5840] ------------[ cut here ]------------ [pid 5836] close(13) = -1 EBADF (Bad file descriptor) [pid 5836] close(14) = -1 EBADF (Bad file descriptor) [pid 5836] close(15) = -1 EBADF (Bad file descriptor) [pid 5836] close(16) = -1 EBADF (Bad file descriptor) [pid 5836] close(17) = -1 EBADF (Bad file descriptor) [pid 5836] close(18) = -1 EBADF (Bad file descriptor) [pid 5836] close(19) = -1 EBADF (Bad file descriptor) [pid 5836] close(20) = -1 EBADF (Bad file descriptor) [pid 5836] close(21) = -1 EBADF (Bad file descriptor) [pid 5836] close(22) = -1 EBADF (Bad file descriptor) [pid 5836] close(23) = -1 EBADF (Bad file descriptor) [pid 5836] close(24) = -1 EBADF (Bad file descriptor) [pid 5836] close(25) = -1 EBADF (Bad file descriptor) [pid 5836] close(26) = -1 EBADF (Bad file descriptor) [pid 5836] close(27) = -1 EBADF (Bad file descriptor) [pid 5836] close(28) = -1 EBADF (Bad file descriptor) [pid 5836] close(29) = -1 EBADF (Bad file descriptor) [pid 5836] exit_group(0) = ? [pid 5836] +++ exited with 0 +++ [ 76.068559][ T5840] WARNING: CPU: 0 PID: 5840 at mm/gup.c:1856 get_dump_page+0x242/0x2f0 [ 76.076983][ T5840] Modules linked in: [ 76.081018][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor267 Not tainted 6.14.0-rc4-syzkaller #0 [ 76.090489][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 76.100595][ T5840] RIP: 0010:get_dump_page+0x242/0x2f0 [ 76.105986][ T5840] Code: 00 00 00 48 3b 8c 24 80 00 00 00 0f 85 a3 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1f 37 03 ff e8 0f b4 b4 ff 90 <0f> 0b 90 eb ae 44 89 c9 80 e1 07 80 c1 03 38 c1 0f 8c db fe ff ff [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 76.126388][ T5840] RSP: 0018:ffffc900032c7180 EFLAGS: 00010293 [ 76.132551][ T5840] RAX: ffffffff820d09f1 RBX: 0000000000000000 RCX: ffff8880346f0000 [ 76.140616][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.148618][ T5840] RBP: ffffc900032c7250 R08: ffffffff820d0968 R09: 1ffffd4000399126 [ 76.156672][ T5840] R10: dffffc0000000000 R11: fffff94000399127 R12: 1ffff92000658e38 [ 76.164732][ T5840] R13: dffffc0000000000 R14: 1ffff92000658e34 R15: 0000000000000000 [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587160650) = 4 ./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x555587160660, 24) = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [ 76.172816][ T5840] FS: 0000555587160380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 76.181832][ T5840] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.188446][ T5840] CR2: 00007fff9150b8f8 CR3: 0000000075dae000 CR4: 0000000000350ef0 [ 76.196514][ T5840] Call Trace: [ 76.199843][ T5840] [ 76.202769][ T5840] ? __warn+0x165/0x4d0 [ 76.206930][ T5840] ? get_dump_page+0x242/0x2f0 [ 76.211774][ T5840] ? report_bug+0x2b3/0x500 [ 76.216311][ T5840] ? get_dump_page+0x242/0x2f0 [ 76.221153][ T5840] ? handle_bug+0x60/0x90 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff64b600000 [ 76.225512][ T5840] ? exc_invalid_op+0x1a/0x50 [ 76.230243][ T5840] ? asm_exc_invalid_op+0x1a/0x20 [ 76.235307][ T5840] ? get_dump_page+0x1b8/0x2f0 [ 76.240248][ T5840] ? get_dump_page+0x241/0x2f0 [ 76.245044][ T5840] ? get_dump_page+0x242/0x2f0 [ 76.249876][ T5840] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 76.255273][ T5840] ? __pfx_get_dump_page+0x10/0x10 [ 76.260559][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.266227][ T5840] ? set_page_refcounted+0xa1/0x1e0 [ 76.271499][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [pid 5841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5841] munmap(0x7ff64b600000, 138412032) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 76.277163][ T5840] ? alloc_pages_noprof+0x136/0x190 [ 76.282450][ T5840] dump_user_range+0x14d/0x970 [ 76.287271][ T5840] ? __pfx_dump_user_range+0x10/0x10 [ 76.292631][ T5840] ? __pfx_elf_coredump_extra_notes_write+0x10/0x10 [ 76.299317][ T5840] ? __pfx_writenote+0x10/0x10 [ 76.304118][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.309841][ T5840] ? __kmalloc_cache_noprof+0x243/0x390 [ 76.315861][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.321617][ T5840] ? dump_emit+0x99/0xd0 [pid 5841] close(3) = 0 [pid 5841] fanotify_init(FAN_CLASS_PRE_CONTENT, O_RDONLY|O_NOATIME) = 3 [pid 5841] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = -1 ENXIO (No such device or address) [pid 5841] openat(AT_FDCWD, "/proc/self/fd/3", O_RDONLY) = -1 ENXIO (No such device or address) [pid 5841] fanotify_mark(3, FAN_MARK_ADD, FAN_ACCESS|FAN_CLOSE_NOWRITE|FAN_EVENT_ON_CHILD|0x100000, FAN_NOFD, NULL) = -1 EBADF (Bad file descriptor) [ 76.325892][ T5840] elf_core_dump+0x4054/0x4a80 [ 76.330756][ T5840] ? __pfx_elf_core_dump+0x10/0x10 [ 76.335895][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.341613][ T5840] ? mark_lock+0x9a/0x360 [ 76.345963][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.351657][ T5840] ? __lock_acquire+0x1397/0x2100 [ 76.356725][ T5840] ? __pfx_cmp_vma_size+0x10/0x10 [ 76.361852][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.367517][ T5840] ? rcu_read_lock_any_held+0xb7/0x160 [pid 5841] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0777) = 4 [pid 5841] mmap(0x400000000000, 4096, PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0) = 0x400000000000 [ 76.373139][ T5840] ? getname_kernel+0x140/0x2f0 [ 76.378039][ T5840] do_coredump+0x232c/0x32c0 [ 76.382735][ T5840] ? mark_lock+0x9a/0x360 [ 76.387106][ T5840] ? __pfx_do_coredump+0x10/0x10 [ 76.392155][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.397839][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.398655][ T29] audit: type=1800 audit(1740497929.919:4): pid=5841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor267" name="file1" dev="tmpfs" ino=11 res=0 errno=0 [pid 5841] clone(child_stack=0xfffffe10, flags=0) = 5 [pid 5841] close(3) = 0 [pid 5841] close(4) = 0 [pid 5841] close(5) = -1 EBADF (Bad file descriptor) [pid 5841] close(6) = -1 EBADF (Bad file descriptor) [pid 5841] close(7) = -1 EBADF (Bad file descriptor) [pid 5841] close(8) = -1 EBADF (Bad file descriptor) [pid 5841] close(9) = -1 EBADF (Bad file descriptor) [pid 5841] close(10) = -1 EBADF (Bad file descriptor) [pid 5841] close(11) = -1 EBADF (Bad file descriptor) [pid 5841] close(12) = -1 EBADF (Bad file descriptor) [pid 5841] close(13) = -1 EBADF (Bad file descriptor) [pid 5841] close(14) = -1 EBADF (Bad file descriptor) [pid 5841] close(15) = -1 EBADF (Bad file descriptor) [pid 5841] close(16) = -1 EBADF (Bad file descriptor) [pid 5841] close(17) = -1 EBADF (Bad file descriptor) [pid 5841] close(18) = -1 EBADF (Bad file descriptor) [pid 5841] close(19) = -1 EBADF (Bad file descriptor) [pid 5841] close(20) = -1 EBADF (Bad file descriptor) [pid 5841] close(21) = -1 EBADF (Bad file descriptor) [pid 5841] close(22) = -1 EBADF (Bad file descriptor) [pid 5841] close(23) = -1 EBADF (Bad file descriptor) [pid 5841] close(24) = -1 EBADF (Bad file descriptor) [pid 5841] close(25) = -1 EBADF (Bad file descriptor) [pid 5841] close(26) = -1 EBADF (Bad file descriptor) [pid 5841] close(27) = -1 EBADF (Bad file descriptor) [pid 5841] close(28) = -1 EBADF (Bad file descriptor) [pid 5841] close(29) = -1 EBADF (Bad file descriptor) [pid 5841] exit_group(0) = ? [pid 5841] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5832] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5832] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555587160650) = 6 ./strace-static-x86_64: Process 5842 attached ./strace-static-x86_64: Process 5843 attached [pid 5842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffe10} --- [pid 5843] set_robust_list(0x555587160660, 24) = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 76.403547][ T5840] ? proc_coredump_connector+0x1f4/0x660 [ 76.429947][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.435615][ T5840] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.441704][ T5840] ? __pfx_proc_coredump_connector+0x10/0x10 [ 76.447738][ T5840] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.453080][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.458755][ T5840] ? lockdep_hardirqs_on+0x99/0x150 [ 76.464043][ T5840] get_signal+0x13e5/0x1720 [ 76.468579][ T5840] ? __pfx_get_signal+0x10/0x10 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 executing program [pid 5843] write(1, "executing program\n", 18) = 18 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff64b600000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5843] munmap(0x7ff64b600000, 138412032) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5843] close(3) = 0 [pid 5843] fanotify_init(FAN_CLASS_PRE_CONTENT, O_RDONLY|O_NOATIME) = 3 [pid 5843] openat(AT_FDCWD, "/proc/self/fd/3", O_RDWR) = -1 ENXIO (No such device or address) [pid 5843] openat(AT_FDCWD, "/proc/self/fd/3", O_RDONLY) = -1 ENXIO (No such device or address) [pid 5843] fanotify_mark(3, FAN_MARK_ADD, FAN_ACCESS|FAN_CLOSE_NOWRITE|FAN_EVENT_ON_CHILD|0x100000, FAN_NOFD, NULL) = -1 EBADF (Bad file descriptor) [pid 5843] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT|O_SYNC|O_DIRECT, 0777) = 4 [ 76.473477][ T5840] ? __pfx_force_sig_fault+0x10/0x10 [ 76.478794][ T5840] arch_do_signal_or_restart+0x96/0x860 [ 76.484454][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.490163][ T5840] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 76.496364][ T5840] ? irqentry_exit_to_user_mode+0x53/0x250 [ 76.502280][ T5840] irqentry_exit_to_user_mode+0x7e/0x250 [ 76.507948][ T5840] exc_page_fault+0x590/0x8b0 [ 76.512737][ T5840] asm_exc_page_fault+0x26/0x30 [ 76.517631][ T5840] RIP: 0033:0x7ff653b312d1 [pid 5843] mmap(0x400000000000, 4096, PROT_EXEC, MAP_SHARED|MAP_FIXED, 4, 0) = 0x400000000000 [pid 5843] clone(child_stack=0xfffffe10, flags=0./strace-static-x86_64: Process 5844 attached ) = 7 [pid 5844] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xfffffe10} --- [ 76.522125][ T5840] Code: c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 76.534848][ T29] audit: type=1800 audit(1740497930.049:5): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor267" name="file1" dev="tmpfs" ino=11 res=0 errno=0 [ 76.541838][ T5840] RSP: 002b:00000000fffffe10 EFLAGS: 00010217 [ 76.568594][ T5840] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007ff653b312c9 [pid 5843] close(3) = 0 [pid 5843] close(4) = 0 [pid 5843] close(5) = -1 EBADF (Bad file descriptor) [pid 5843] close(6) = -1 EBADF (Bad file descriptor) [pid 5843] close(7) = -1 EBADF (Bad file descriptor) [pid 5843] close(8) = -1 EBADF (Bad file descriptor) [pid 5843] close(9) = -1 EBADF (Bad file descriptor) [pid 5843] close(10) = -1 EBADF (Bad file descriptor) [pid 5843] close(11) = -1 EBADF (Bad file descriptor) [pid 5843] close(12) = -1 EBADF (Bad file descriptor) [pid 5843] close(13) = -1 EBADF (Bad file descriptor) [pid 5843] close(14) = -1 EBADF (Bad file descriptor) [pid 5843] close(15) = -1 EBADF (Bad file descriptor) [pid 5843] close(16) = -1 EBADF (Bad file descriptor) [pid 5843] close(17) = -1 EBADF (Bad file descriptor) [pid 5843] close(18) = -1 EBADF (Bad file descriptor) [pid 5843] close(19) = -1 EBADF (Bad file descriptor) [pid 5843] close(20) = -1 EBADF (Bad file descriptor) [pid 5843] close(21) = -1 EBADF (Bad file descriptor) [pid 5843] close(22) = -1 EBADF (Bad file descriptor) [pid 5843] close(23) = -1 EBADF (Bad file descriptor) [pid 5843] close(24) = -1 EBADF (Bad file descriptor) [pid 5843] close(25) = -1 EBADF (Bad file descriptor) [pid 5843] close(26) = -1 EBADF (Bad file descriptor) [pid 5843] close(27) = -1 EBADF (Bad file descriptor) [pid 5843] close(28) = -1 EBADF (Bad file descriptor) [pid 5843] close(29) = -1 EBADF (Bad file descriptor) [pid 5843] exit_group(0) = ? [pid 5843] +++ exited with 0 +++ [pid 5832] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 76.576686][ T5840] RDX: 0000000000000000 RSI: 00000000fffffe10 RDI: 0000000000000000 [ 76.584739][ T5840] RBP: 00007fff9150b940 R08: 0000000000000000 R09: 0000000000000000 [ 76.592801][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000f4240 [ 76.600851][ T5840] R13: 00007ff653b7f9dc R14: 00007ff653b7a0e2 R15: 00007fff9150b930 [ 76.608991][ T5840] [ 76.612031][ T5840] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.619321][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor267 Not tainted 6.14.0-rc4-syzkaller #0 [ 76.628713][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 76.638777][ T5840] Call Trace: [ 76.642052][ T5840] [ 76.644980][ T5840] dump_stack_lvl+0x241/0x360 [ 76.649666][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.654872][ T5840] ? __pfx__printk+0x10/0x10 [ 76.659460][ T5840] ? _printk+0xd5/0x120 [ 76.663617][ T5840] ? __init_begin+0x41000/0x41000 [ 76.668655][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.674304][ T5840] ? vscnprintf+0x5d/0x90 [ 76.678636][ T5840] panic+0x349/0x880 [ 76.682533][ T5840] ? __warn+0x174/0x4d0 [ 76.686708][ T5840] ? __pfx_panic+0x10/0x10 [ 76.691147][ T5840] __warn+0x344/0x4d0 [ 76.695142][ T5840] ? get_dump_page+0x242/0x2f0 [ 76.699926][ T5840] report_bug+0x2b3/0x500 [ 76.704264][ T5840] ? get_dump_page+0x242/0x2f0 [ 76.709045][ T5840] handle_bug+0x60/0x90 [ 76.713210][ T5840] exc_invalid_op+0x1a/0x50 [ 76.717725][ T5840] asm_exc_invalid_op+0x1a/0x20 [ 76.722582][ T5840] RIP: 0010:get_dump_page+0x242/0x2f0 [ 76.727965][ T5840] Code: 00 00 00 48 3b 8c 24 80 00 00 00 0f 85 a3 00 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1f 37 03 ff e8 0f b4 b4 ff 90 <0f> 0b 90 eb ae 44 89 c9 80 e1 07 80 c1 03 38 c1 0f 8c db fe ff ff [ 76.747570][ T5840] RSP: 0018:ffffc900032c7180 EFLAGS: 00010293 [ 76.753644][ T5840] RAX: ffffffff820d09f1 RBX: 0000000000000000 RCX: ffff8880346f0000 [ 76.761613][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.769581][ T5840] RBP: ffffc900032c7250 R08: ffffffff820d0968 R09: 1ffffd4000399126 [ 76.777550][ T5840] R10: dffffc0000000000 R11: fffff94000399127 R12: 1ffff92000658e38 [ 76.785532][ T5840] R13: dffffc0000000000 R14: 1ffff92000658e34 R15: 0000000000000000 [ 76.793529][ T5840] ? get_dump_page+0x1b8/0x2f0 [ 76.798308][ T5840] ? get_dump_page+0x241/0x2f0 [ 76.803093][ T5840] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 76.808473][ T5840] ? __pfx_get_dump_page+0x10/0x10 [ 76.813597][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.819241][ T5840] ? set_page_refcounted+0xa1/0x1e0 [ 76.824451][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.830094][ T5840] ? alloc_pages_noprof+0x136/0x190 [ 76.835301][ T5840] dump_user_range+0x14d/0x970 [ 76.840080][ T5840] ? __pfx_dump_user_range+0x10/0x10 [ 76.845377][ T5840] ? __pfx_elf_coredump_extra_notes_write+0x10/0x10 [ 76.851975][ T5840] ? __pfx_writenote+0x10/0x10 [ 76.856743][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.862388][ T5840] ? __kmalloc_cache_noprof+0x243/0x390 [ 76.867940][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.873588][ T5840] ? dump_emit+0x99/0xd0 [ 76.877838][ T5840] elf_core_dump+0x4054/0x4a80 [ 76.882629][ T5840] ? __pfx_elf_core_dump+0x10/0x10 [ 76.887748][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.893395][ T5840] ? mark_lock+0x9a/0x360 [ 76.897728][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.903371][ T5840] ? __lock_acquire+0x1397/0x2100 [ 76.908426][ T5840] ? __pfx_cmp_vma_size+0x10/0x10 [ 76.913486][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.919149][ T5840] ? rcu_read_lock_any_held+0xb7/0x160 [ 76.924620][ T5840] ? getname_kernel+0x140/0x2f0 [ 76.929492][ T5840] do_coredump+0x232c/0x32c0 [ 76.934084][ T5840] ? mark_lock+0x9a/0x360 [ 76.938437][ T5840] ? __pfx_do_coredump+0x10/0x10 [ 76.943407][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.949056][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.954697][ T5840] ? proc_coredump_connector+0x1f4/0x660 [ 76.960696][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.966348][ T5840] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.972338][ T5840] ? __pfx_proc_coredump_connector+0x10/0x10 [ 76.978335][ T5840] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.983532][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 76.989176][ T5840] ? lockdep_hardirqs_on+0x99/0x150 [ 76.994401][ T5840] get_signal+0x13e5/0x1720 [ 76.998923][ T5840] ? __pfx_get_signal+0x10/0x10 [ 77.003777][ T5840] ? __pfx_force_sig_fault+0x10/0x10 [ 77.009069][ T5840] arch_do_signal_or_restart+0x96/0x860 [ 77.014626][ T5840] ? srso_alias_return_thunk+0x5/0xfbef5 [ 77.020273][ T5840] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 77.026445][ T5840] ? irqentry_exit_to_user_mode+0x53/0x250 [ 77.032259][ T5840] irqentry_exit_to_user_mode+0x7e/0x250 [ 77.037900][ T5840] exc_page_fault+0x590/0x8b0 [ 77.042588][ T5840] asm_exc_page_fault+0x26/0x30 [ 77.047446][ T5840] RIP: 0033:0x7ff653b312d1 [ 77.051859][ T5840] Code: c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 77.071465][ T5840] RSP: 002b:00000000fffffe10 EFLAGS: 00010217 [ 77.077638][ T5840] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007ff653b312c9 [ 77.085606][ T5840] RDX: 0000000000000000 RSI: 00000000fffffe10 RDI: 0000000000000000 [ 77.093575][ T5840] RBP: 00007fff9150b940 R08: 0000000000000000 R09: 0000000000000000 [ 77.101544][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000f4240 [ 77.109509][ T5840] R13: 00007ff653b7f9dc R14: 00007ff653b7a0e2 R15: 00007fff9150b930 [ 77.117497][ T5840] [ 77.120721][ T5840] Kernel Offset: disabled [ 77.125087][ T5840] Rebooting in 86400 seconds..