el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Not tainted 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 0000000000000368 x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 00000000000002b9 x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 000000000000024e x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000b0295e6f7d38 x14: 0000000000000026 x13: 0000000000000026 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ab7b90c85c66 x14: 0000000000000071 x13: 0000000000000071 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 0000000000000383 x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000b4cf6fe551c2 x14: 000000000000000d x13: 000000000000000d x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000a58 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 00009ffefe911fb6 x14: 00000000000001ca x13: 00000000000001ca x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 0000000000000334 x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f8ff000028943800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- __do_kernel_fault: 38776 callbacks suppressed ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000ace x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : ffff00007fbbc9c8 x4 : 0000000000015ff5 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000a7bc8c5e1922 x14: 00000000000003b5 x13: 00000000000003b5 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : ffff00007fbc3980 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000b1c x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000b43 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 000000000000024e x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f7ff00002894a800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000b91 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 0000000000000234 x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f7ff00002894a800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc04df018 x14: 00000000000001ad x13: 0000000000000001 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f7ff00002894a800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000c06 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000ae7dd93450e2 x14: 00000000000000ab x13: 00000000000000ab x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : f7ff00002894a800 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- __do_kernel_fault: 49787 callbacks suppressed ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000c55 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : ffff00007fbbc9c8 x4 : 0000000000015ff5 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000c7c x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000ca3 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000cca x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000cf1 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000d18 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000d3f x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000d66 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000d8d x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000db4 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- __do_kernel_fault: 51053 callbacks suppressed ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000ddc x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : ffff00007fbbc9c8 x4 : 0000000000015ff5 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000e03 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000e2a x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000e51 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000e78 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000e9f x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000ec6 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000eed x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000b1da34a05488 x14: 0000000000000227 x13: 0000000000000227 x12: ffff800009e648f8 x11: ffff80000a27feb8 x10: 1e6a3d37d93d9f4a x9 : 61324862b16bb242 x8 : fcff000005d10f38 x7 : ffff00007fbd7980 x6 : 0000004004276661 x5 : 00000000000f0510 x4 : 0000000000c0000e x3 : 000000000000ffff x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000f3b x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- __do_kernel_fault: 55154 callbacks suppressed ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000f63 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : ffff00007fbbc9c8 x4 : 0000000000015ff5 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000f8a x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000fb1 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000fd8 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000000fff x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001026 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 000000000000104d x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001074 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 000000000000109b x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 1 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 1 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 00000000000010c2 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- __do_kernel_fault: 49139 callbacks suppressed ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 00000000000010ea x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : ffff00007fbbc9c8 x4 : 0000000000015ff5 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001111 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001138 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 000000000000115f x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001186 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 00000000000011ad x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 00000000000011d4 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 00000000000011fb x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001222 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ Ignoring spurious kernel translation fault at virtual address 0000000000000034 WARNING: CPU: 0 PID: 7633 at arch/arm64/mm/fault.c:367 __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 Modules linked in: CPU: 0 PID: 7633 Comm: syz-executor.1 Tainted: G W 5.17.0-rc8-syzkaller-00072-g97e9c8eb4bb1 #0 Hardware name: linux,dummy-virt (DT) pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 lr : __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 sp : ffff80000ab7bab0 x29: ffff80000ab7bab0 x28: fcff000005d10000 x27: 0000000000000000 x26: 0000000000000020 x25: f5ff000028a57300 x24: f0ff0000035f0f00 x23: 0000000096000006 x22: 0000000000000034 x21: 0000000000000025 x20: ffff80000ab7bbd0 x19: 0000000096000006 x18: 00000000fffffffb x17: 3030207373657264 x16: 6461206c61757472 x15: 697620746120746c x14: 756166206e6f6974 x13: 0000000000001249 x12: ffff80000ab7b7b0 x11: ffff80000a35bdf0 x10: 00000000ffffe000 x9 : ffff80000a35bdf0 x8 : ffff80000a2abdf0 x7 : ffff80000a35bdf0 x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000015ff5 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : fcff000005d10000 Call trace: __do_kernel_fault+0x14c/0x1c0 arch/arm64/mm/fault.c:367 do_page_fault+0x1c0/0x3b0 arch/arm64/mm/fault.c:669 do_translation_fault+0xb0/0xc0 arch/arm64/mm/fault.c:680 do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:813 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:346 el1h_64_sync_handler+0xb0/0xd0 arch/arm64/kernel/entry-common.c:397 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:579 __lse_atomic_fetch_add arch/arm64/include/asm/atomic_lse.h:60 [inline] __lse_atomic_fetch_sub arch/arm64/include/asm/atomic_lse.h:74 [inline] __lse_atomic_sub_return arch/arm64/include/asm/atomic_lse.h:92 [inline] arch_atomic_sub_return arch/arm64/include/asm/atomic.h:53 [inline] arch_atomic_dec_return include/linux/atomic/atomic-arch-fallback.h:527 [inline] arch_atomic_dec_and_test include/linux/atomic/atomic-arch-fallback.h:1105 [inline] atomic_dec_and_test include/linux/atomic/atomic-instrumented.h:576 [inline] page_ref_dec_and_test include/linux/page_ref.h:210 [inline] put_page_testzero include/linux/mm.h:718 [inline] __free_pages+0x24/0x100 mm/page_alloc.c:5473 watch_queue_set_size+0x178/0x1e4 kernel/watch_queue.c:275 pipe_ioctl+0x70/0x18c fs/pipe.c:632 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __arm64_sys_ioctl+0xa8/0xec fs/ioctl.c:860 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:181 el0_svc+0x20/0x80 arch/arm64/kernel/entry-common.c:603 el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:621 el0t_64_sync+0x1ac/0x1b0 arch/arm64/kernel/entry.S:584 ---[ end trace 0000000000000000 ]---