./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor141851215 <...> Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts. execve("./syz-executor141851215", ["./syz-executor141851215"], 0x7ffd44649200 /* 10 vars */) = 0 brk(NULL) = 0x5555563a4000 brk(0x5555563a4d40) = 0x5555563a4d40 arch_prctl(ARCH_SET_FS, 0x5555563a43c0) = 0 set_tid_address(0x5555563a4690) = 5038 set_robust_list(0x5555563a46a0, 24) = 0 rseq(0x5555563a4ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor141851215", 4096) = 27 getrandom("\x5a\xe6\xcc\x92\x79\xa5\xa5\x5b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555563a4d40 brk(0x5555563c5d40) = 0x5555563c5d40 brk(0x5555563c6000) = 0x5555563c6000 mprotect(0x7fda97216000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563a4690) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] set_robust_list(0x5555563a46a0, 24) = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7fda971bb420, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda971acaa0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fda97133000 [pid 5039] mprotect(0x7fda97134000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda97153990, parent_tid=0x7fda97153990, exit_signal=0, stack=0x7fda97133000, stack_size=0x20300, tls=0x7fda971536c0} => {parent_tid=[5040]}, 88) = 5040 ./strace-static-x86_64: Process 5040 attached [pid 5039] rt_sigprocmask(SIG_SETMASK, [], [pid 5040] rseq(0x7fda97153fe0, 0x20, 0, 0x53053053) = 0 [pid 5039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5040] set_robust_list(0x7fda971539a0, 24) = 0 [pid 5039] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 3 [pid 5040] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7fda9721c3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5040] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5039] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... openat resumed>) = 4 [pid 5040] write(4, "11", 2) = 2 [ 79.290651][ T5040] FAULT_INJECTION: forcing a failure. [ 79.290651][ T5040] name failslab, interval 1, probability 0, space 0, times 1 [ 79.303495][ T5040] CPU: 0 PID: 5040 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 [ 79.312270][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 79.322334][ T5040] Call Trace: [ 79.325622][ T5040] [ 79.328563][ T5040] dump_stack_lvl+0x125/0x1b0 [ 79.333242][ T5040] should_fail_ex+0x496/0x5b0 [ 79.337934][ T5040] should_failslab+0x9/0x20 [ 79.342452][ T5040] kmem_cache_alloc+0x33a/0x3b0 [ 79.347316][ T5040] security_inode_alloc+0x38/0x180 [ 79.354614][ T5040] inode_init_always+0xbef/0xee0 [ 79.359565][ T5040] alloc_inode+0x7a/0x220 [ 79.363939][ T5040] new_inode+0x22/0x260 [ 79.368126][ T5040] __shmem_get_inode+0x1a1/0xe40 [ 79.373091][ T5040] __shmem_file_setup+0x16c/0x300 [ 79.378157][ T5040] drm_gem_object_init+0x38/0xa0 [ 79.383326][ T5040] __drm_gem_shmem_create+0x104/0x410 [ 79.388736][ T5040] drm_gem_shmem_dumb_create+0x1e3/0x310 [ 79.394403][ T5040] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 79.400128][ T5040] drm_ioctl_kernel+0x280/0x4c0 [ 79.405080][ T5040] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 79.410478][ T5040] ? drm_setversion+0x870/0x870 [ 79.415484][ T5040] drm_ioctl+0x5cb/0xbf0 [ 79.419793][ T5040] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 79.425201][ T5040] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 79.430293][ T5040] ? rcu_is_watching+0x12/0xb0 [ 79.435103][ T5040] ? bpf_lsm_file_ioctl+0x9/0x10 [ 79.440128][ T5040] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 79.445214][ T5040] __x64_sys_ioctl+0x18f/0x210 [ 79.450032][ T5040] do_syscall_64+0x38/0xb0 [ 79.454458][ T5040] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.460734][ T5040] RIP: 0033:0x7fda971954e9 [ 79.465161][ T5040] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5040] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5040] <... ioctl resumed>, 0x20000080) = -1 ENOSPC (No space left on device) [pid 5039] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... mmap resumed>) = 0x7fda97112000 [pid 5039] mprotect(0x7fda97113000, 131072, PROT_READ|PROT_WRITE [pid 5040] futex(0x7fda9721c3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... mprotect resumed>) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda97132990, parent_tid=0x7fda97132990, exit_signal=0, stack=0x7fda97112000, stack_size=0x20300, tls=0x7fda971326c0}./strace-static-x86_64: Process 5041 attached => {parent_tid=[5041]}, 88) = 5041 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7fda9721c3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7fda9721c3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] rseq(0x7fda97132fe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7fda971329a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 5 [pid 5041] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5041] futex(0x7fda9721c3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5040] ioctl(5, DRM_IOCTL_MODE_CREATE_DUMB [pid 5039] <... futex resumed>) = 1 [pid 5040] <... ioctl resumed>, 0x20000200) = 0 [pid 5039] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5040] futex(0x7fda9721c3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5040] ioctl(3, DRM_IOCTL_MODE_DESTROY_DUMB [pid 5039] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... ioctl resumed>, 0x20000200) = -1 EINVAL (Invalid argument) [pid 5040] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] exit_group(0 [pid 5040] <... futex resumed>) = 1 [pid 5040] futex(0x7fda9721c3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] <... exit_group resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] <... futex resumed>) = ? [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563a4690) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5042] set_robust_list(0x5555563a46a0, 24) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [ 79.484970][ T5040] RSP: 002b:00007fda971531f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.493498][ T5040] RAX: ffffffffffffffda RBX: 00007fda9721c3e8 RCX: 00007fda971954e9 [ 79.501501][ T5040] RDX: 0000000020000080 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 79.509663][ T5040] RBP: 00007fda9721c3e0 R08: 00007fda97152f96 R09: 0000000000000000 [ 79.517683][ T5040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c [ 79.525666][ T5040] R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f [ 79.534199][ T5040] [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7fda971bb420, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fda971acaa0}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fda97133000 [pid 5042] mprotect(0x7fda97134000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda97153990, parent_tid=0x7fda97153990, exit_signal=0, stack=0x7fda97133000, stack_size=0x20300, tls=0x7fda971536c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[5043]}, 88) = 5043 [pid 5043] rseq(0x7fda97153fe0, 0x20, 0, 0x53053053 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5043] <... rseq resumed>) = 0 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5043] set_robust_list(0x7fda971539a0, 24 [pid 5042] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], [pid 5042] <... futex resumed>) = 0 [pid 5043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] openat(AT_FDCWD, "/dev/dri/card1", O_RDONLY) = 3 [pid 5043] futex(0x7fda9721c3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] futex(0x7fda9721c3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fda9721c3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] futex(0x7fda9721c3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 5043] write(4, "11", 2) = 2 [pid 5043] ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB [pid 5042] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5042] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fda97112000 [pid 5042] mprotect(0x7fda97113000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 79.581169][ T5043] FAULT_INJECTION: forcing a failure. [ 79.581169][ T5043] name failslab, interval 1, probability 0, space 0, times 0 [ 79.594286][ T5043] CPU: 1 PID: 5043 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 [ 79.602994][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 79.613074][ T5043] Call Trace: [ 79.616359][ T5043] [ 79.619317][ T5043] dump_stack_lvl+0x125/0x1b0 [ 79.624000][ T5043] should_fail_ex+0x496/0x5b0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fda97132990, parent_tid=0x7fda97132990, exit_signal=0, stack=0x7fda97112000, stack_size=0x20300, tls=0x7fda971326c0}./strace-static-x86_64: Process 5044 attached [pid 5044] rseq(0x7fda97132fe0, 0x20, 0, 0x53053053) = 0 [pid 5044] set_robust_list(0x7fda971329a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] <... clone3 resumed> => {parent_tid=[5044]}, 88) = 5044 [pid 5044] futex(0x7fda9721c3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7fda9721c3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5044] openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY [pid 5042] futex(0x7fda9721c3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... openat resumed>) = 5 [pid 5044] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5044] futex(0x7fda9721c3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7fda9721c3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fda9721c3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] ioctl(5, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000200) = 0 [pid 5044] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5044] <... futex resumed>) = 1 [pid 5044] ioctl(3, DRM_IOCTL_MODE_DESTROY_DUMB [pid 5042] futex(0x7fda9721c3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5044] <... ioctl resumed>, 0x20000200) = 0 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7fda9721c3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] futex(0x7fda9721c3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5044] <... futex resumed>) = 0 [ 79.628740][ T5043] should_failslab+0x9/0x20 [ 79.633300][ T5043] __kmem_cache_alloc_node+0x2fd/0x350 [ 79.638906][ T5043] ? vma_node_allow+0x56/0x300 [ 79.644870][ T5043] ? drm_gem_handle_create_tail+0x1b4/0x540 [ 79.650824][ T5043] kmalloc_trace+0x25/0xe0 [ 79.655272][ T5043] vma_node_allow+0x56/0x300 [ 79.659919][ T5043] drm_gem_handle_create_tail+0x227/0x540 [ 79.665675][ T5043] drm_gem_shmem_dumb_create+0x21a/0x310 [ 79.671439][ T5043] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 79.677178][ T5043] drm_ioctl_kernel+0x280/0x4c0 [ 79.682061][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 79.687529][ T5043] ? drm_setversion+0x870/0x870 [ 79.692653][ T5043] drm_ioctl+0x5cb/0xbf0 [ 79.696912][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 79.702306][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 79.707474][ T5043] ? rcu_is_watching+0x12/0xb0 [ 79.712286][ T5043] ? bpf_lsm_file_ioctl+0x9/0x10 [ 79.717271][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 79.722367][ T5043] __x64_sys_ioctl+0x18f/0x210 [ 79.727166][ T5043] do_syscall_64+0x38/0xb0 [ 79.731591][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 79.737584][ T5043] RIP: 0033:0x7fda971954e9 [ 79.742029][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 79.761708][ T5043] RSP: 002b:00007fda971531f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 79.770152][ T5043] RAX: ffffffffffffffda RBX: 00007fda9721c3e8 RCX: 00007fda971954e9 [pid 5044] futex(0x7fda9721c3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5042] <... exit_group resumed>) = ? [ 79.778151][ T5043] RDX: 0000000020000080 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 79.786220][ T5043] RBP: 00007fda9721c3e0 R08: 00007fda97152f96 R09: 0000000000000000 [ 79.794472][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c [ 79.802647][ T5043] R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f [ 79.810822][ T5043] [ 79.817234][ T5043] ------------[ cut here ]------------ [ 79.822833][ T5043] WARNING: CPU: 1 PID: 5043 at drivers/gpu/drm/drm_gem.c:225 drm_gem_object_handle_put_unlocked+0x299/0x390 [ 79.834601][ T5043] Modules linked in: [ 79.838513][ T5043] CPU: 1 PID: 5043 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 [ 79.847331][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 79.857632][ T5043] RIP: 0010:drm_gem_object_handle_put_unlocked+0x299/0x390 [ 79.865158][ T5043] Code: ea 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 2b 06 2a fd c7 83 20 01 00 00 00 00 00 00 e9 98 fe ff ff e8 57 44 d4 fc <0f> 0b 5b 5d 41 5c 41 5d 41 5e e9 48 44 d4 fc e8 43 44 d4 fc 48 8d [ 79.884919][ T5043] RSP: 0018:ffffc90003d5fbb8 EFLAGS: 00010293 [ 79.891205][ T5043] RAX: 0000000000000000 RBX: ffff888027b61000 RCX: 0000000000000000 [ 79.899488][ T5043] RDX: ffff888014fcbb80 RSI: ffffffff84b38a29 RDI: 0000000000000005 [ 79.907530][ T5043] RBP: ffff888027b61004 R08: 0000000000000005 R09: 0000000000000000 [ 79.915607][ T5043] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801d140000 [ 79.923646][ T5043] R13: ffff888027b61008 R14: 0000000000000000 R15: ffff888027b61018 [ 79.931635][ T5043] FS: 00007fda971536c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 79.940954][ T5043] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.947619][ T5043] CR2: 00007fda971fe794 CR3: 0000000072975000 CR4: 00000000003506e0 [ 79.956787][ T5043] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.965359][ T5043] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.973562][ T5043] Call Trace: [ 79.976973][ T5043] [ 79.979993][ T5043] ? show_regs+0x8f/0xa0 [ 79.984737][ T5043] ? __warn+0xe6/0x380 [ 79.989018][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 79.996409][ T5043] ? report_bug+0x3bc/0x580 [ 80.001017][ T5043] ? handle_bug+0x3c/0x70 [ 80.005432][ T5043] ? exc_invalid_op+0x17/0x40 [ 80.010143][ T5043] ? asm_exc_invalid_op+0x1a/0x20 [ 80.015342][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.021974][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.028652][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.035315][ T5043] drm_gem_handle_create_tail+0x32f/0x540 [ 80.041063][ T5043] drm_gem_shmem_dumb_create+0x21a/0x310 [ 80.046767][ T5043] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 80.052547][ T5043] drm_ioctl_kernel+0x280/0x4c0 [ 80.057485][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 80.062896][ T5043] ? drm_setversion+0x870/0x870 [ 80.067823][ T5043] drm_ioctl+0x5cb/0xbf0 [ 80.072100][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 80.077531][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 80.082636][ T5043] ? rcu_is_watching+0x12/0xb0 [ 80.087497][ T5043] ? bpf_lsm_file_ioctl+0x9/0x10 [ 80.092507][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 80.097717][ T5043] __x64_sys_ioctl+0x18f/0x210 [ 80.103125][ T5043] do_syscall_64+0x38/0xb0 [ 80.107603][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.113568][ T5043] RIP: 0033:0x7fda971954e9 [ 80.118203][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 80.138047][ T5043] RSP: 002b:00007fda971531f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.146626][ T5043] RAX: ffffffffffffffda RBX: 00007fda9721c3e8 RCX: 00007fda971954e9 [ 80.154669][ T5043] RDX: 0000000020000080 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 80.162689][ T5043] RBP: 00007fda9721c3e0 R08: 00007fda97152f96 R09: 0000000000000000 [ 80.170809][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c [ 80.178849][ T5043] R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f [ 80.186903][ T5043] [ 80.190088][ T5043] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 80.197387][ T5043] CPU: 1 PID: 5043 Comm: syz-executor141 Not tainted 6.6.0-rc1-syzkaller #0 [ 80.206089][ T5043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 80.216154][ T5043] Call Trace: [ 80.219448][ T5043] [ 80.222471][ T5043] dump_stack_lvl+0xd9/0x1b0 [ 80.227093][ T5043] panic+0x6a6/0x750 [ 80.231031][ T5043] ? panic_smp_self_stop+0xa0/0xa0 [ 80.236263][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.242870][ T5043] check_panic_on_warn+0xab/0xb0 [ 80.247912][ T5043] __warn+0xf2/0x380 [ 80.251830][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.258435][ T5043] report_bug+0x3bc/0x580 [ 80.262889][ T5043] handle_bug+0x3c/0x70 [ 80.267072][ T5043] exc_invalid_op+0x17/0x40 [ 80.271631][ T5043] asm_exc_invalid_op+0x1a/0x20 [ 80.276510][ T5043] RIP: 0010:drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.283732][ T5043] Code: ea 03 0f b6 04 02 84 c0 74 0c 3c 03 7f 08 4c 89 f7 e8 2b 06 2a fd c7 83 20 01 00 00 00 00 00 00 e9 98 fe ff ff e8 57 44 d4 fc <0f> 0b 5b 5d 41 5c 41 5d 41 5e e9 48 44 d4 fc e8 43 44 d4 fc 48 8d [ 80.303717][ T5043] RSP: 0018:ffffc90003d5fbb8 EFLAGS: 00010293 [ 80.309913][ T5043] RAX: 0000000000000000 RBX: ffff888027b61000 RCX: 0000000000000000 [ 80.317921][ T5043] RDX: ffff888014fcbb80 RSI: ffffffff84b38a29 RDI: 0000000000000005 [ 80.326447][ T5043] RBP: ffff888027b61004 R08: 0000000000000005 R09: 0000000000000000 [ 80.334453][ T5043] R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801d140000 [ 80.342543][ T5043] R13: ffff888027b61008 R14: 0000000000000000 R15: ffff888027b61018 [ 80.350533][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.357436][ T5043] ? drm_gem_object_handle_put_unlocked+0x299/0x390 [ 80.364073][ T5043] drm_gem_handle_create_tail+0x32f/0x540 [ 80.369954][ T5043] drm_gem_shmem_dumb_create+0x21a/0x310 [ 80.375638][ T5043] drm_mode_create_dumb_ioctl+0x268/0x2f0 [ 80.381395][ T5043] drm_ioctl_kernel+0x280/0x4c0 [ 80.386280][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 80.391690][ T5043] ? drm_setversion+0x870/0x870 [ 80.396569][ T5043] drm_ioctl+0x5cb/0xbf0 [ 80.400848][ T5043] ? drm_mode_create_dumb+0x2f0/0x2f0 [ 80.406443][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 80.411494][ T5043] ? rcu_is_watching+0x12/0xb0 [ 80.416275][ T5043] ? bpf_lsm_file_ioctl+0x9/0x10 [ 80.421247][ T5043] ? drm_ioctl_kernel+0x4c0/0x4c0 [ 80.426307][ T5043] __x64_sys_ioctl+0x18f/0x210 [ 80.431197][ T5043] do_syscall_64+0x38/0xb0 [ 80.435820][ T5043] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.441964][ T5043] RIP: 0033:0x7fda971954e9 [ 80.446388][ T5043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 80.466294][ T5043] RSP: 002b:00007fda971531f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.475174][ T5043] RAX: ffffffffffffffda RBX: 00007fda9721c3e8 RCX: 00007fda971954e9 [ 80.483425][ T5043] RDX: 0000000020000080 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 80.491529][ T5043] RBP: 00007fda9721c3e0 R08: 00007fda97152f96 R09: 0000000000000000 [ 80.500219][ T5043] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda971e917c [ 80.508353][ T5043] R13: 00007fda97153210 R14: 0023647261632f69 R15: 6972642f7665642f [ 80.516342][ T5043] [ 80.519552][ T5043] Kernel Offset: disabled [ 80.523923][ T5043] Rebooting in 86400 seconds..