./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3103757717 <...> Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts. execve("./syz-executor3103757717", ["./syz-executor3103757717"], 0x7ffc111b4c40 /* 10 vars */) = 0 brk(NULL) = 0x555557046000 brk(0x555557046d00) = 0x555557046d00 arch_prctl(ARCH_SET_FS, 0x555557046380) = 0 set_tid_address(0x555557046650) = 5058 set_robust_list(0x555557046660, 24) = 0 rseq(0x555557046ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3103757717", 4096) = 28 getrandom("\x76\x41\x2c\xf9\x4b\x4b\x1b\x6f", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557046d00 brk(0x555557067d00) = 0x555557067d00 brk(0x555557068000) = 0x555557068000 mprotect(0x7f10ada58000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_secret(0) = 3 mmap(0x20ffc000, 16384, PROT_READ, MAP_SHARED|MAP_FIXED, 3, 0) = 0x20ffc000 [ 81.396510][ T5058] mmap: map_count 13 vma iterator 14 [ 81.402364][ T5058] mm ffff88802c6b8000 task_size 140737488351232 [ 81.402364][ T5058] get_unmapped_area ffffffff8130cec0 [ 81.402364][ T5058] mmap_base 139709609558016 mmap_legacy_base 47923185610752 [ 81.402364][ T5058] pgd ffff88807b434000 mm_users 1 mm_count 1 pgtables_bytes 40960 map_count 13 [ 81.402364][ T5058] hiwater_rss a0 hiwater_vm 1103 total_vm 1101 locked_vm 2 [ 81.402364][ T5058] pinned_vm 0 data_vm 1026 exec_vm 7b stack_vm 21 [ 81.402364][ T5058] start_code 7f10ad9b5000 end_code 7f10ada2d901 start_data 7f10ada585f8 end_data 7f10ada5e270 [ 81.402364][ T5058] start_brk 555557046000 brk 555557068000 start_stack 7fffd9276500 [ 81.402364][ T5058] arg_start 7fffd9277efb arg_end 7fffd9277f14 env_start 7fffd9277f14 env_end 7fffd9277fdf [ 81.402364][ T5058] binfmt ffffffff8d9c5c00 flags 80007fd [ 81.402364][ T5058] ioctx_table 0000000000000000 [ 81.402364][ T5058] owner ffff88802c0cda00 exe_file ffff88801ff60500 [ 81.402364][ T5058] notifier_subscriptions 0000000000000000 [ 81.402364][ T5058] numa_next_scan 0 numa_scan_offset 0 numa_scan_seq 0 [ 81.402364][ T5058] tlb_flush_pending 0 [ 81.402364][ T5058] def_flags: 0x0() [ 81.506888][ T5058] ------------[ cut here ]------------ [ 81.512416][ T5058] kernel BUG at mm/mmap.c:328! [ 81.517206][ T5058] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 81.523620][ T5058] CPU: 1 PID: 5058 Comm: syz-executor310 Not tainted 6.8.0-rc1-next-20240129-syzkaller #0 [ 81.533597][ T5058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 81.543642][ T5058] RIP: 0010:validate_mm+0x3f3/0x4b0 [ 81.548866][ T5058] Code: 0f 84 a4 fd ff ff e9 47 ff ff ff e8 77 91 b9 ff 44 89 f2 89 de 48 c7 c7 e0 af 19 8b e8 56 69 9b ff 4c 89 ff e8 ce c4 fa ff 90 <0f> 0b e8 56 91 b9 ff 0f b6 15 1f dd b1 0d 31 ff 89 d6 88 14 24 e8 [ 81.568470][ T5058] RSP: 0018:ffffc900035df958 EFLAGS: 00010282 [ 81.574531][ T5058] RAX: 000000000000032a RBX: 000000000000000d RCX: ffffffff816e2f59 [ 81.582497][ T5058] RDX: 0000000000000000 RSI: ffffffff816eb7e6 RDI: 0000000000000005 [ 81.590461][ T5058] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 81.598427][ T5058] R10: 0000000080000000 R11: 0000000000000001 R12: 00007fffd92ff000 [ 81.606393][ T5058] R13: 0000000000000000 R14: 000000000000000e R15: ffff88802c6b8000 [ 81.614356][ T5058] FS: 0000555557046380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 81.623288][ T5058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.629880][ T5058] CR2: 00007f10ada208a0 CR3: 000000007b434000 CR4: 00000000003506f0 [ 81.637855][ T5058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.645828][ T5058] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.653798][ T5058] Call Trace: [ 81.657161][ T5058] [ 81.660085][ T5058] ? show_regs+0x8e/0xa0 [ 81.664345][ T5058] ? die+0x36/0xa0 [ 81.668070][ T5058] ? do_trap+0x22a/0x420 [ 81.672310][ T5058] ? validate_mm+0x3f3/0x4b0 [ 81.676896][ T5058] ? validate_mm+0x3f3/0x4b0 [ 81.681478][ T5058] ? do_error_trap+0xf4/0x230 [ 81.686154][ T5058] ? validate_mm+0x3f3/0x4b0 [ 81.690741][ T5058] ? handle_invalid_op+0x34/0x40 [ 81.695678][ T5058] ? validate_mm+0x3f3/0x4b0 [ 81.700263][ T5058] ? exc_invalid_op+0x2e/0x50 [ 81.704949][ T5058] ? asm_exc_invalid_op+0x1a/0x20 [ 81.709984][ T5058] ? __wake_up_klogd.part.0+0x99/0xf0 [ 81.715358][ T5058] ? vprintk+0x86/0xa0 [ 81.719422][ T5058] ? validate_mm+0x3f3/0x4b0 [ 81.724007][ T5058] ? validate_mm+0x3f2/0x4b0 [ 81.728592][ T5058] ? __pfx_validate_mm+0x10/0x10 [ 81.733525][ T5058] ? vma_complete+0xa73/0xdf0 [ 81.738200][ T5058] vma_merge+0x16a9/0x3d70 [ 81.742624][ T5058] ? __pfx_vma_merge+0x10/0x10 [ 81.747392][ T5058] ? up_write+0x1b2/0x520 [ 81.751728][ T5058] mmap_region+0x206b/0x2760 [ 81.757277][ T5058] ? __pfx_mmap_region+0x10/0x10 [ 81.762299][ T5058] ? security_mmap_addr+0x8e/0xb0 [ 81.767327][ T5058] ? get_unmapped_area+0x2c4/0x3f0 [ 81.772434][ T5058] do_mmap+0x8ae/0xf10 [ 81.776505][ T5058] vm_mmap_pgoff+0x1ab/0x3c0 [ 81.781269][ T5058] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 81.786382][ T5058] ? __fget_files+0x256/0x400 [ 81.791066][ T5058] ksys_mmap_pgoff+0x425/0x5b0 [ 81.795822][ T5058] ? lockdep_hardirqs_on+0x7c/0x110 [ 81.801022][ T5058] __x64_sys_mmap+0x125/0x190 [ 81.805702][ T5058] do_syscall_64+0xd2/0x260 [ 81.810199][ T5058] entry_SYSCALL_64_after_hwframe+0x6d/0x75 [ 81.816114][ T5058] RIP: 0033:0x7f10ad9e52a9 [ 81.820529][ T5058] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.840140][ T5058] RSP: 002b:00007fffd9276338 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 81.848551][ T5058] RAX: ffffffffffffffda RBX: 00007fffd9276518 RCX: 00007f10ad9e52a9 [ 81.856526][ T5058] RDX: 0000000000000001 RSI: 0000000000002000 RDI: 0000000020ffc000 [ 81.864488][ T5058] RBP: 00007f10ada58610 R08: 0000000000000003 R09: 0000000000000000 [ 81.872472][ T5058] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 81.880440][ T5058] R13: 00007fffd9276508 R14: 0000000000000001 R15: 0000000000000001 [ 81.888416][ T5058] [ 81.891426][ T5058] Modules linked in: [ 81.895511][ T5058] ---[ end trace 0000000000000000 ]--- [ 81.900978][ T5058] RIP: 0010:validate_mm+0x3f3/0x4b0 [ 81.906228][ T5058] Code: 0f 84 a4 fd ff ff e9 47 ff ff ff e8 77 91 b9 ff 44 89 f2 89 de 48 c7 c7 e0 af 19 8b e8 56 69 9b ff 4c 89 ff e8 ce c4 fa ff 90 <0f> 0b e8 56 91 b9 ff 0f b6 15 1f dd b1 0d 31 ff 89 d6 88 14 24 e8 [ 81.926074][ T5058] RSP: 0018:ffffc900035df958 EFLAGS: 00010282 [ 81.932187][ T5058] RAX: 000000000000032a RBX: 000000000000000d RCX: ffffffff816e2f59 [ 81.940144][ T5058] RDX: 0000000000000000 RSI: ffffffff816eb7e6 RDI: 0000000000000005 [ 81.948480][ T5058] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 [ 81.956806][ T5058] R10: 0000000080000000 R11: 0000000000000001 R12: 00007fffd92ff000 [ 81.964906][ T5058] R13: 0000000000000000 R14: 000000000000000e R15: ffff88802c6b8000 [ 81.972946][ T5058] FS: 0000555557046380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 81.982009][ T5058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.988596][ T5058] CR2: 0000000000664740 CR3: 000000007b434000 CR4: 00000000003506f0 [ 81.996603][ T5058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.004609][ T5058] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.012613][ T5058] Kernel panic - not syncing: Fatal exception [ 82.018844][ T5058] Kernel Offset: disabled [ 82.023153][ T5058] Rebooting in 86400 seconds..