./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3994368449 <...> Warning: Permanently added '10.128.0.89' (ED25519) to the list of known hosts. execve("./syz-executor3994368449", ["./syz-executor3994368449"], 0x7ffdec57e150 /* 10 vars */) = 0 brk(NULL) = 0x55559543e000 brk(0x55559543ed00) = 0x55559543ed00 arch_prctl(ARCH_SET_FS, 0x55559543e380) = 0 set_tid_address(0x55559543e650) = 5821 set_robust_list(0x55559543e660, 24) = 0 rseq(0x55559543eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3994368449", 4096) = 28 getrandom("\xc7\xa8\xb3\x0a\xa5\xc0\xe7\xe8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559543ed00 brk(0x55559545fd00) = 0x55559545fd00 brk(0x555595460000) = 0x555595460000 mprotect(0x7f0e60069000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0e57a00000 write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 munmap(0x7f0e57a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "ext4", MS_RELATIME, "grpquota,,errors=continue") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 chdir("./file0") = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) chdir("./file0") = 0 [ 76.973115][ T5821] loop0: detected capacity change from 0 to 4096 [ 77.004821][ T5821] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.039767][ T5821] usercopy: Kernel memory exposure attempt detected from SLUB object 'ext4_inode_cache' (offset 0, size 176)! [ 77.051814][ T5821] ------------[ cut here ]------------ [ 77.057334][ T5821] kernel BUG at mm/usercopy.c:102! [ 77.062503][ T5821] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 77.069435][ T5821] CPU: 0 UID: 0 PID: 5821 Comm: syz-executor399 Not tainted 6.13.0-syzkaller-09793-g69b8923f5003 #0 [ 77.080201][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 77.090245][ T5821] RIP: 0010:usercopy_abort+0x84/0x90 [ 77.095543][ T5821] Code: 49 89 ce 48 c7 c3 80 5f 18 8c 48 0f 44 de 48 c7 c7 20 5e 18 8c 4c 89 de 48 89 c1 41 52 41 56 53 e8 d1 3a f5 fe 48 83 c4 18 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 77.115167][ T5821] RSP: 0018:ffffc90003f3fc90 EFLAGS: 00010296 [ 77.121241][ T5821] RAX: 000000000000006b RBX: ffffffff8c185f80 RCX: 0bfd87bb0b365500 [ 77.129210][ T5821] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 77.137186][ T5821] RBP: 0000000000000000 R08: ffffffff819f1fbc R09: 1ffff920007e7f2c [ 77.145162][ T5821] R10: dffffc0000000000 R11: fffff520007e7f2d R12: ffffea0001cb0a00 [ 77.153141][ T5821] R13: 00000000000000b0 R14: 0000000000000000 R15: 00000000000000b0 [ 77.161117][ T5821] FS: 000055559543e380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 77.170050][ T5821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.176633][ T5821] CR2: 000000000066c7e0 CR3: 000000007b49c000 CR4: 00000000003526f0 [ 77.184629][ T5821] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.192605][ T5821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.200579][ T5821] Call Trace: [ 77.203860][ T5821] [ 77.206799][ T5821] ? __die_body+0x5f/0xb0 [ 77.211194][ T5821] ? die+0x9e/0xc0 [ 77.214916][ T5821] ? do_trap+0x15a/0x3a0 [ 77.219161][ T5821] ? usercopy_abort+0x84/0x90 [ 77.223846][ T5821] ? do_error_trap+0x1dc/0x2c0 [ 77.228624][ T5821] ? usercopy_abort+0x84/0x90 [ 77.233305][ T5821] ? __pfx_do_error_trap+0x10/0x10 [ 77.238419][ T5821] ? handle_invalid_op+0x34/0x40 [ 77.243355][ T5821] ? usercopy_abort+0x84/0x90 [ 77.248032][ T5821] ? exc_invalid_op+0x38/0x50 [ 77.252718][ T5821] ? asm_exc_invalid_op+0x1a/0x20 [ 77.257761][ T5821] ? __wake_up_klogd+0xcc/0x110 [ 77.262611][ T5821] ? usercopy_abort+0x84/0x90 [ 77.267283][ T5821] __check_heap_object+0xb1/0x100 [ 77.272309][ T5821] __check_object_size+0x1da/0x730 [ 77.277426][ T5821] vfs_readlink+0x1cf/0x550 [ 77.281935][ T5821] ? rcu_is_watching+0x15/0xb0 [ 77.286707][ T5821] ? __pfx_vfs_readlink+0x10/0x10 [ 77.291747][ T5821] ? touch_atime+0x521/0x690 [ 77.296344][ T5821] do_readlinkat+0x249/0x3a0 [ 77.300944][ T5821] ? __pfx_do_readlinkat+0x10/0x10 [ 77.306063][ T5821] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.312396][ T5821] ? do_syscall_64+0x100/0x230 [ 77.317162][ T5821] __x64_sys_readlinkat+0x9a/0xb0 [ 77.322191][ T5821] do_syscall_64+0xf3/0x230 [ 77.326702][ T5821] ? clear_bhb_loop+0x35/0x90 [ 77.331400][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.337296][ T5821] RIP: 0033:0x7f0e5fff5639 [ 77.341713][ T5821] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 77.361319][ T5821] RSP: 002b:00007ffe14c34798 EFLAGS: 00000246 ORIG_RAX: 000000000000010b [ 77.369735][ T5821] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f0e5fff5639 [ 77.377709][ T5821] RDX: 00000000200002c0 RSI: 0000000020000240 RDI: 00000000ffffff9c [ 77.385685][ T5821] RBP: 00007f0e60069610 R08: 0000000000000000 R09: 0000000000000000 [ 77.393654][ T5821] R10: 00000000000000b0 R11: 0000000000000246 R12: 0000000000000001 [ 77.401622][ T5821] R13: 00007ffe14c34968 R14: 0000000000000001 R15: 0000000000000001 [ 77.409598][ T5821] [ 77.412610][ T5821] Modules linked in: [ 77.416599][ T5821] ---[ end trace 0000000000000000 ]--- [ 77.422118][ T5821] RIP: 0010:usercopy_abort+0x84/0x90 [ 77.427504][ T5821] Code: 49 89 ce 48 c7 c3 80 5f 18 8c 48 0f 44 de 48 c7 c7 20 5e 18 8c 4c 89 de 48 89 c1 41 52 41 56 53 e8 d1 3a f5 fe 48 83 c4 18 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 77.447157][ T5821] RSP: 0018:ffffc90003f3fc90 EFLAGS: 00010296 [ 77.453221][ T5821] RAX: 000000000000006b RBX: ffffffff8c185f80 RCX: 0bfd87bb0b365500 [ 77.461226][ T5821] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 77.469268][ T5821] RBP: 0000000000000000 R08: ffffffff819f1fbc R09: 1ffff920007e7f2c [ 77.477264][ T5821] R10: dffffc0000000000 R11: fffff520007e7f2d R12: ffffea0001cb0a00 [ 77.485256][ T5821] R13: 00000000000000b0 R14: 0000000000000000 R15: 00000000000000b0 [ 77.493262][ T5821] FS: 000055559543e380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 77.502224][ T5821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.508852][ T5821] CR2: 000000000066c7e0 CR3: 000000007b49c000 CR4: 00000000003526f0 [ 77.516955][ T5821] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.524918][ T5821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.532955][ T5821] Kernel panic - not syncing: Fatal exception [ 77.539385][ T5821] Kernel Offset: disabled [ 77.543705][ T5821] Rebooting in 86400 seconds..