./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1839877239 <...> Warning: Permanently added '10.128.0.167' (ED25519) to the list of known hosts. execve("./syz-executor1839877239", ["./syz-executor1839877239"], 0x7fff2a079200 /* 10 vars */) = 0 brk(NULL) = 0x555555999000 brk(0x555555999d40) = 0x555555999d40 arch_prctl(ARCH_SET_FS, 0x5555559993c0) = 0 set_tid_address(0x555555999690) = 5068 set_robust_list(0x5555559996a0, 24) = 0 rseq(0x555555999ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1839877239", 4096) = 28 getrandom("\xfa\x3e\xa7\x62\x41\x56\x60\x7f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555999d40 brk(0x5555559bad40) = 0x5555559bad40 brk(0x5555559bb000) = 0x5555559bb000 mprotect(0x7f7724a3f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f77249e3060, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f77249d46e0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f772495c000 mprotect(0x7f772495d000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f772497c990, parent_tid=0x7f772497c990, exit_signal=0, stack=0x7f772495c000, stack_size=0x20300, tls=0x7f772497c6c0}./strace-static-x86_64: Process 5069 attached [pid 5069] rseq(0x7f772497cfe0, 0x20, 0, 0x53053053 [pid 5068] <... clone3 resumed> => {parent_tid=[5069]}, 88) = 5069 [pid 5069] <... rseq resumed>) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] set_robust_list(0x7f772497c9a0, 24 [pid 5068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5068] <... futex resumed>) = 0 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5069] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... futex resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 4 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] ioctl(4, DRM_IOCTL_MODE_GETRESOURCES [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... ioctl resumed>, 0x200001c0) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] ioctl(4, DRM_IOCTL_MODE_GETCRTC [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... ioctl resumed>, 0x200003c0) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] ioctl(4, DRM_IOCTL_MODE_GETFB2 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... ioctl resumed>, 0x20000440) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000140) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] ioctl(4, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000080) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] ioctl(4, DRM_IOCTL_MODE_DESTROY_DUMB, 0x20000200) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] ioctl(4, DRM_IOCTL_MODE_GETFB2, 0x20000440) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] ioctl(4, DRM_IOCTL_PRIME_HANDLE_TO_FD [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... ioctl resumed>, 0x20000080) = 0 [pid 5069] futex(0x7f7724a4540c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] <... futex resumed>) = 0 [pid 5069] futex(0x7f7724a45408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] futex(0x7f7724a45408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5069] ioctl(4, DRM_IOCTL_PRIME_FD_TO_HANDLE [pid 5068] futex(0x7f7724a4540c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 70.674215][ T5069] ------------[ cut here ]------------ [ 70.680061][ T5069] WARNING: CPU: 1 PID: 5069 at drivers/gpu/drm/drm_prime.c:326 drm_gem_prime_fd_to_handle+0x4be/0x550 [ 70.691367][ T5069] Modules linked in: [ 70.695319][ T5069] CPU: 1 PID: 5069 Comm: syz-executor183 Not tainted 6.7.0-rc4-syzkaller #0 [ 70.704019][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 70.714110][ T5069] RIP: 0010:drm_gem_prime_fd_to_handle+0x4be/0x550 [ 70.720602][ T5069] Code: 00 00 48 89 df e8 72 71 6e ff e9 e9 fd ff ff e8 38 01 94 fc 4c 89 ff 41 89 dc e8 5d cd 8e 05 e9 b8 fe ff ff e8 23 01 94 fc 90 <0f> 0b 90 e9 47 fd ff ff e8 85 a7 ea fc e9 16 fc ff ff e8 7b a7 ea [ 70.740260][ T5069] RSP: 0018:ffffc90003d07c48 EFLAGS: 00010293 [ 70.746360][ T5069] RAX: 0000000000000000 RBX: ffff888146686800 RCX: ffffffff84f3861b [ 70.754456][ T5069] RDX: ffff88807a279dc0 RSI: ffffffff84f3891d RDI: ffff888146686928 [ 70.762457][ T5069] RBP: ffff88801f379c00 R08: 0000000000000007 R09: fffffffffffff000 [ 70.770704][ T5069] R10: ffff888146686800 R11: 0000000000000001 R12: ffff88801f378800 [ 70.778732][ T5069] R13: ffff888143b66000 R14: ffffc90003d07e10 R15: ffff88801cbd8c10 [ 70.786733][ T5069] FS: 00007f772497c6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 70.795746][ T5069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.802352][ T5069] CR2: 00000000005fdeb8 CR3: 000000007d240000 CR4: 00000000003506f0 [ 70.810404][ T5069] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.818441][ T5069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.826453][ T5069] Call Trace: [ 70.829739][ T5069] [ 70.832659][ T5069] ? show_regs+0x8f/0xa0 [ 70.836958][ T5069] ? __warn+0xe6/0x390 [ 70.841045][ T5069] ? drm_gem_prime_fd_to_handle+0x4be/0x550 [ 70.846998][ T5069] ? report_bug+0x3bc/0x580 [ 70.851518][ T5069] ? handle_bug+0x3d/0x70 [ 70.855903][ T5069] ? exc_invalid_op+0x17/0x40 [ 70.860598][ T5069] ? asm_exc_invalid_op+0x1a/0x20 [ 70.865666][ T5069] ? drm_gem_prime_fd_to_handle+0x1bb/0x550 [ 70.871582][ T5069] ? drm_gem_prime_fd_to_handle+0x4bd/0x550 [ 70.877554][ T5069] ? drm_gem_prime_fd_to_handle+0x4be/0x550 [ 70.883464][ T5069] ? drm_gem_prime_fd_to_handle+0x4bd/0x550 [ 70.889400][ T5069] drm_prime_fd_to_handle_ioctl+0xcf/0x100 [ 70.895282][ T5069] drm_ioctl_kernel+0x28c/0x4d0 [ 70.900127][ T5069] ? drm_prime_destroy_file_private+0x60/0x60 [ 70.906244][ T5069] ? drm_setversion+0x870/0x870 [ 70.911131][ T5069] drm_ioctl+0x5cb/0xbf0 [ 70.915460][ T5069] ? drm_prime_destroy_file_private+0x60/0x60 [ 70.921558][ T5069] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 70.926635][ T5069] ? reacquire_held_locks+0x4c0/0x4c0 [ 70.932060][ T5069] ? bpf_lsm_file_ioctl+0x9/0x10 [ 70.937098][ T5069] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 70.942156][ T5069] __x64_sys_ioctl+0x18f/0x210 [ 70.946986][ T5069] do_syscall_64+0x40/0x110 [ 70.951523][ T5069] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 70.957478][ T5069] RIP: 0033:0x7f77249bd1b9 [ 70.961899][ T5069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.981571][ T5069] RSP: 002b:00007f772497c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.990021][ T5069] RAX: ffffffffffffffda RBX: 00007f7724a45408 RCX: 00007f77249bd1b9 [ 70.998055][ T5069] RDX: 0000000020000180 RSI: 00000000c00c642e RDI: 0000000000000004 [ 71.006076][ T5069] RBP: 00007f7724a45400 R08: 0000000000000000 R09: 0000000000000000 [ 71.014093][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7724a4540c [pid 5068] exit_group(0) = ? [ 71.022072][ T5069] R13: 00007f7724a12018 R14: 0023647261632f69 R15: 6972642f7665642f [ 71.030139][ T5069] [ 71.033317][ T5069] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 71.040582][ T5069] CPU: 1 PID: 5069 Comm: syz-executor183 Not tainted 6.7.0-rc4-syzkaller #0 [ 71.049239][ T5069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 71.059276][ T5069] Call Trace: [ 71.062538][ T5069] [ 71.065454][ T5069] dump_stack_lvl+0xd9/0x1b0 [ 71.070034][ T5069] panic+0x6dc/0x790 [ 71.073924][ T5069] ? panic_smp_self_stop+0xa0/0xa0 [ 71.079026][ T5069] ? show_trace_log_lvl+0x363/0x4f0 [ 71.084231][ T5069] ? check_panic_on_warn+0x1f/0xb0 [ 71.089346][ T5069] ? drm_gem_prime_fd_to_handle+0x4be/0x550 [ 71.095239][ T5069] check_panic_on_warn+0xab/0xb0 [ 71.100184][ T5069] __warn+0xf2/0x390 [ 71.104081][ T5069] ? drm_gem_prime_fd_to_handle+0x4be/0x550 [ 71.109977][ T5069] report_bug+0x3bc/0x580 [ 71.114313][ T5069] handle_bug+0x3d/0x70 [ 71.118474][ T5069] exc_invalid_op+0x17/0x40 [ 71.122983][ T5069] asm_exc_invalid_op+0x1a/0x20 [ 71.127832][ T5069] RIP: 0010:drm_gem_prime_fd_to_handle+0x4be/0x550 [ 71.134358][ T5069] Code: 00 00 48 89 df e8 72 71 6e ff e9 e9 fd ff ff e8 38 01 94 fc 4c 89 ff 41 89 dc e8 5d cd 8e 05 e9 b8 fe ff ff e8 23 01 94 fc 90 <0f> 0b 90 e9 47 fd ff ff e8 85 a7 ea fc e9 16 fc ff ff e8 7b a7 ea [ 71.154056][ T5069] RSP: 0018:ffffc90003d07c48 EFLAGS: 00010293 [ 71.160119][ T5069] RAX: 0000000000000000 RBX: ffff888146686800 RCX: ffffffff84f3861b [ 71.168086][ T5069] RDX: ffff88807a279dc0 RSI: ffffffff84f3891d RDI: ffff888146686928 [ 71.176053][ T5069] RBP: ffff88801f379c00 R08: 0000000000000007 R09: fffffffffffff000 [ 71.184021][ T5069] R10: ffff888146686800 R11: 0000000000000001 R12: ffff88801f378800 [ 71.191986][ T5069] R13: ffff888143b66000 R14: ffffc90003d07e10 R15: ffff88801cbd8c10 [ 71.199960][ T5069] ? drm_gem_prime_fd_to_handle+0x1bb/0x550 [ 71.205852][ T5069] ? drm_gem_prime_fd_to_handle+0x4bd/0x550 [ 71.211748][ T5069] ? drm_gem_prime_fd_to_handle+0x4bd/0x550 [ 71.217652][ T5069] drm_prime_fd_to_handle_ioctl+0xcf/0x100 [ 71.223460][ T5069] drm_ioctl_kernel+0x28c/0x4d0 [ 71.228312][ T5069] ? drm_prime_destroy_file_private+0x60/0x60 [ 71.234379][ T5069] ? drm_setversion+0x870/0x870 [ 71.239263][ T5069] drm_ioctl+0x5cb/0xbf0 [ 71.243526][ T5069] ? drm_prime_destroy_file_private+0x60/0x60 [ 71.249599][ T5069] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 71.254626][ T5069] ? reacquire_held_locks+0x4c0/0x4c0 [ 71.260024][ T5069] ? bpf_lsm_file_ioctl+0x9/0x10 [ 71.264963][ T5069] ? drm_ioctl_kernel+0x4d0/0x4d0 [ 71.269993][ T5069] __x64_sys_ioctl+0x18f/0x210 [ 71.274770][ T5069] do_syscall_64+0x40/0x110 [ 71.279281][ T5069] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 71.285186][ T5069] RIP: 0033:0x7f77249bd1b9 [ 71.289608][ T5069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 71.309226][ T5069] RSP: 002b:00007f772497c218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.317643][ T5069] RAX: ffffffffffffffda RBX: 00007f7724a45408 RCX: 00007f77249bd1b9 [ 71.325611][ T5069] RDX: 0000000020000180 RSI: 00000000c00c642e RDI: 0000000000000004 [ 71.333579][ T5069] RBP: 00007f7724a45400 R08: 0000000000000000 R09: 0000000000000000 [ 71.341562][ T5069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7724a4540c [ 71.349532][ T5069] R13: 00007f7724a12018 R14: 0023647261632f69 R15: 6972642f7665642f [ 71.357516][ T5069] [ 71.360699][ T5069] Kernel Offset: disabled [ 71.365082][ T5069] Rebooting in 86400 seconds..