Extracting prog: 3m53.26059955s
Minimizing prog: 23m23.547663774s
Simplifying prog options: 0s
Extracting C: 1m29.969061785s
Simplifying C: 15m17.412084107s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
single: successfully extracted reproducer
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
write$binfmt_script(0xffffffffffffffff, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
fdatasync(0xffffffffffffffff)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(0xffffffffffffffff, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, &(0x7f0000000240)=""/4096, 0x1000, 0x0)

program did not crash
testing program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
detailed listing:
executing program 0:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f00000000c0)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX, @ANYRES8=0x0], 0x3, 0x2cb, &(0x7f0000001240)="$eJzs3U1oU1kUwPHTj2k6HdqEYRiYgZk5M93MDENosh5og7QiBiq2kWpBeLUvGvJMQl6IpkgTQejGhRu/1iqIFAriQhBKXbiSFunOhbvuurCuLCI+SV/SzzTVmjaF/n+L5JBzz3039748khtIFv+/cTEetf1RIyONrQ3S2CMFWW4QnzRKWUH+uTT16rcBjxwPhcO9J1X7QoOBoKp2/DE9fGXyr5nMD6eedDzzyKzv7OJScGH259lfFj8NXojZGrM1kcyooSPJZMYYsUwdvWXH/aonLNOwTY0lbDO9IR+1kqlUTo3EaHtbKm3athqJnMbNnGaSmknn1DhvxBLq9/u1vU1Q3WT2bmj7bOTRsuPIUual43gK4jhO8cHWfRwe6mxl/R1n3fpfr/eQsI8GTp8pX9RbRayJbCQbce/dfCgqMbHElC7xykcpniPOvSln5VQp3l4OToXn/33xXFV9Mm7lS/X5bKRJPOWDFOsD4hWfW+Ny475j4d6AujbWfydt648fFK/8VLk+WLG+Rf7uXFfvF6/Mn5OkWDI3/ef7hf6J2+X68YDqkf7wpvrvZXRtmh6+q8fiAAAAAAAAAACwS35dtWX/fiVfbHBtTFXb3XxLqbDK9wOb9+e7Ku7PN8uvzfV73gAAAAAAHCZ2bixuWJaZ/sag+FG+Fv3UPvDIV1c112xa7NzY/atf3vj3vuptOrub5npeF1KWmc5LtQ5FDsDMrwYfhg7EMDYGUtp92qlxU41fKWvB25r001Aa3/Ztjg6/ebxjPy1b5mc7M3t/VQIAAACwF9be9HdLPvo0mx/672a9xwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwGGzi58cm7tTKaXF4McHlVKrB3P/XxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBA+RwAAP//AjzK4A==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64)
pread64(r0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
simplifying C reproducer
testing compiled C program (duration=2m6.170058454s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program did not crash
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program did not crash
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program did not crash
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
testing compiled C program (duration=2m6.170058454s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$vfat-openat$cgroup_ro-write$binfmt_script-mmap-fdatasync-madvise-pread64
program crashed: BUG: unable to handle kernel paging request in mem_cgroup_track_foreign_dirty_slowpath
reproducing took 44m4.189460966s
repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff80000000023d
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000023d] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 7277 Comm: syz-executor194 Not tainted 5.15.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
lr : trace_track_foreign_dirty include/trace/events/writeback.h:237 [inline]
lr : mem_cgroup_track_foreign_dirty_slowpath+0xd0/0x9f0 mm/memcontrol.c:4608
sp : ffff800026fa6e80
x29: ffff800026fa6e90 x28: 00000000ffffaf2c x27: 0000000000000000
x26: dfff800000000000 x25: dfff800000000000 x24: 05ffc0000040000d
x23: ffff0000cbe4e5e0 x22: 0000000000000000 x21: 00000000000011e8
x20: ffff0000cbe4e060 x19: 0000000000000000 x18: 1fffe0003682eb8e
x17: 1fffe0003682eb8e x16: ffff800011b4eaf8 x15: ffff800014c0fac0
x14: 1ffff0000296e06c x13: dfff800000000000 x12: 00000000aec46553
x11: 0000000000000002 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000000023d x7 : ffff800008922d08 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000010 x1 : ffff800012165740 x0 : 0000000000000001
Call trace:
 mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
 mem_cgroup_track_foreign_dirty include/linux/memcontrol.h:1593 [inline]
 account_page_dirtied mm/page-writeback.c:2485 [inline]
 __set_page_dirty+0x8c0/0xc7c mm/page-writeback.c:2522
 __set_page_dirty_buffers+0x288/0x4b4 fs/buffer.c:643
 set_page_dirty+0x23c/0x544 mm/page-writeback.c:2631
 filemap_page_mkwrite+0x5d4/0xb24 mm/filemap.c:3380
 do_page_mkwrite+0x144/0x37c mm/memory.c:2920
 wp_page_shared+0x14c/0x398 mm/memory.c:3257
 do_wp_page+0x7cc/0x9c4 mm/memory.c:3358
 handle_pte_fault mm/memory.c:4666 [inline]
 __handle_mm_fault mm/memory.c:4783 [inline]
 handle_mm_fault+0x1bdc/0x33a8 mm/memory.c:4881
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x700/0xb60 arch/arm64/mm/fault.c:605
 do_mem_abort+0x70/0x1d8 arch/arm64/mm/fault.c:819
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:358
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:418
 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:522
 __arch_copy_to_user+0x190/0x218 arch/arm64/lib/copy_template.S:158
 filemap_read+0x164c/0x1bd8 mm/filemap.c:2698
 generic_file_read_iter+0xa0/0x3c4 mm/filemap.c:2794
 call_read_iter include/linux/fs.h:2168 [inline]
 new_sync_read fs/read_write.c:404 [inline]
 vfs_read+0x874/0xb18 fs/read_write.c:485
 ksys_pread64 fs/read_write.c:675 [inline]
 __do_sys_pread64 fs/read_write.c:685 [inline]
 __se_sys_pread64 fs/read_write.c:682 [inline]
 __arm64_sys_pread64+0x188/0x220 fs/read_write.c:682
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 36002f20 52823d08 8b080275 d343fea8 (38796908) 
---[ end trace 2b7ae07dc90f343f ]---
----------------
Code disassembly (best guess):
   0:	36002f20 	tbz	w0, #0, 0x5e4
   4:	52823d08 	mov	w8, #0x11e8                	// #4584
   8:	8b080275 	add	x21, x19, x8
   c:	d343fea8 	lsr	x8, x21, #3
* 10:	38796908 	ldrb	w8, [x8, x25] <-- trapping instruction

final repro crashed as (corrupted=false):
Unable to handle kernel paging request at virtual address dfff80000000023d
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000023d] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 7277 Comm: syz-executor194 Not tainted 5.15.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
lr : trace_track_foreign_dirty include/trace/events/writeback.h:237 [inline]
lr : mem_cgroup_track_foreign_dirty_slowpath+0xd0/0x9f0 mm/memcontrol.c:4608
sp : ffff800026fa6e80
x29: ffff800026fa6e90 x28: 00000000ffffaf2c x27: 0000000000000000
x26: dfff800000000000 x25: dfff800000000000 x24: 05ffc0000040000d
x23: ffff0000cbe4e5e0 x22: 0000000000000000 x21: 00000000000011e8
x20: ffff0000cbe4e060 x19: 0000000000000000 x18: 1fffe0003682eb8e
x17: 1fffe0003682eb8e x16: ffff800011b4eaf8 x15: ffff800014c0fac0
x14: 1ffff0000296e06c x13: dfff800000000000 x12: 00000000aec46553
x11: 0000000000000002 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000000023d x7 : ffff800008922d08 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000010 x1 : ffff800012165740 x0 : 0000000000000001
Call trace:
 mem_cgroup_track_foreign_dirty_slowpath+0xe0/0x9f0 mm/memcontrol.c:4617
 mem_cgroup_track_foreign_dirty include/linux/memcontrol.h:1593 [inline]
 account_page_dirtied mm/page-writeback.c:2485 [inline]
 __set_page_dirty+0x8c0/0xc7c mm/page-writeback.c:2522
 __set_page_dirty_buffers+0x288/0x4b4 fs/buffer.c:643
 set_page_dirty+0x23c/0x544 mm/page-writeback.c:2631
 filemap_page_mkwrite+0x5d4/0xb24 mm/filemap.c:3380
 do_page_mkwrite+0x144/0x37c mm/memory.c:2920
 wp_page_shared+0x14c/0x398 mm/memory.c:3257
 do_wp_page+0x7cc/0x9c4 mm/memory.c:3358
 handle_pte_fault mm/memory.c:4666 [inline]
 __handle_mm_fault mm/memory.c:4783 [inline]
 handle_mm_fault+0x1bdc/0x33a8 mm/memory.c:4881
 __do_page_fault arch/arm64/mm/fault.c:505 [inline]
 do_page_fault+0x700/0xb60 arch/arm64/mm/fault.c:605
 do_mem_abort+0x70/0x1d8 arch/arm64/mm/fault.c:819
 el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:358
 el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:418
 el1h_64_sync+0x78/0x7c arch/arm64/kernel/entry.S:522
 __arch_copy_to_user+0x190/0x218 arch/arm64/lib/copy_template.S:158
 filemap_read+0x164c/0x1bd8 mm/filemap.c:2698
 generic_file_read_iter+0xa0/0x3c4 mm/filemap.c:2794
 call_read_iter include/linux/fs.h:2168 [inline]
 new_sync_read fs/read_write.c:404 [inline]
 vfs_read+0x874/0xb18 fs/read_write.c:485
 ksys_pread64 fs/read_write.c:675 [inline]
 __do_sys_pread64 fs/read_write.c:685 [inline]
 __se_sys_pread64 fs/read_write.c:682 [inline]
 __arm64_sys_pread64+0x188/0x220 fs/read_write.c:682
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 36002f20 52823d08 8b080275 d343fea8 (38796908) 
---[ end trace 2b7ae07dc90f343f ]---
----------------
Code disassembly (best guess):
   0:	36002f20 	tbz	w0, #0, 0x5e4
   4:	52823d08 	mov	w8, #0x11e8                	// #4584
   8:	8b080275 	add	x21, x19, x8
   c:	d343fea8 	lsr	x8, x21, #3
* 10:	38796908 	ldrb	w8, [x8, x25] <-- trapping instruction