./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3177511313 <...> Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. execve("./syz-executor3177511313", ["./syz-executor3177511313"], 0x7ffd8d0cd1f0 /* 10 vars */) = 0 brk(NULL) = 0x555580c1f000 brk(0x555580c1fd00) = 0x555580c1fd00 arch_prctl(ARCH_SET_FS, 0x555580c1f380) = 0 set_tid_address(0x555580c1f650) = 5088 set_robust_list(0x555580c1f660, 24) = 0 rseq(0x555580c1fca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3177511313", 4096) = 28 getrandom("\xaf\x43\x9e\x22\xff\xb1\x6a\x1d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555580c1fd00 brk(0x555580c40d00) = 0x555580c40d00 brk(0x555580c41000) = 0x555580c41000 mprotect(0x7fc324e85000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached , child_tidptr=0x555580c1f650) = 5089 [pid 5089] set_robust_list(0x555580c1f660, 24) = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] write(1, "executing program\n", 18executing program ) = 18 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc31c800000 [pid 5089] write(3, "\x68\x73\x71\x73\x07\x00\x00\x00\xfd\xf1\x7c\x63\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\x0c\x00\xd0\x00\x01\x00\x04\x00\x00\x00\x27\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\xaf\x01\x00\x00\x00\x00\x00\x00\xe8\x01\x00\x00\x00\x00\x00\x00\x99\x00\x00\x00\x00\x00\x00\x00\x3c\x01\x00\x00\x00\x00\x00\x00\x83\x01\x00\x00\x00\x00\x00\x00\xa1\x01\x00\x00\x00\x00\x00\x00\x78\xda\x2b\xae"..., 4096) = 4096 [pid 5089] munmap(0x7fc31c800000, 138412032) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5089] close(3) = 0 [pid 5089] close(4) = 0 [pid 5089] mkdir("./file0", 0777) = 0 [pid 5089] mount("/dev/loop0", "./file0", "squashfs", MS_NODIRATIME, "") = 0 [pid 5089] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file0") = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5089] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=10, rlim_max=138}, NULL) = 0 [pid 5089] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5089] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_SOCKMAP, key_size=4, value_size=4, max_entries=14, map_flags=0, inner_map_fd=-1, map_name="", map_ifindex=0, btf_fd=-1, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72) = 6 [ 63.362196][ T5089] loop0: detected capacity change from 0 to 8 [pid 5089] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP) = 7 [pid 5089] openat(AT_FDCWD, "/dev/udmabuf", O_RDWR) = 8 [pid 5089] memfd_create("\x79\x10\x35\xfb\xf7\x75\x83\x25\x3a\x72\xc2\xb9\x78\xa4\x71\xc1\xea\x5f\x8c\x5a\x37\xe7\x61\x9b\x11\x78\x0e\xa1\xcf\x1a\x98\x53\x37\xc9", MFD_CLOEXEC|MFD_ALLOW_SEALING) = 9 [pid 5089] ftruncate(9, 65535) = 0 [pid 5089] fcntl(9, F_ADD_SEALS, F_SEAL_SEAL|F_SEAL_SHRINK|F_SEAL_GROW) = 0 [pid 5089] ioctl(8, UDMABUF_CREATE, 0x20000100) = -1 EMFILE (Too many open files) [pid 5089] exit_group(0) = ? [ 63.493435][ T5089] VFS: Close: file count is 0 (f_op=shmem_file_operations) [ 63.493566][ T5089] ------------[ cut here ]------------ [ 63.506296][ T5089] kernel BUG at fs/open.c:1514! [ 63.511251][ T5089] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 63.511266][ T5089] CPU: 1 PID: 5089 Comm: syz-executor317 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0 [ 63.511277][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 63.511286][ T5089] RIP: 0010:filp_flush+0x152/0x160 [ 63.511304][ T5089] Code: e9 80 e1 07 80 c1 03 38 c1 7c a6 48 89 ef e8 c5 03 f0 ff eb 9c e8 6e 16 8a ff 48 c7 c7 20 59 d8 8b 48 89 ee e8 6f 84 7d 09 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 [ 63.511312][ T5089] RSP: 0018:ffffc900033bfc80 EFLAGS: 00010246 [ 63.511322][ T5089] RAX: 0000000000000038 RBX: 0000000000000000 RCX: fe0d96255f7cdc00 [ 63.511329][ T5089] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 63.511335][ T5089] RBP: ffffffff8bd42dc0 R08: ffffffff8176b129 R09: 1ffff92000677f2c [ 63.511342][ T5089] R10: dffffc0000000000 R11: fffff52000677f2d R12: ffff8880784d9680 [ 63.511350][ T5089] R13: dffffc0000000000 R14: ffff88807aa761c0 R15: 0000000000000009 [ 63.511356][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 63.511364][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.511371][ T5089] CR2: 000000003f3be538 CR3: 000000007f062000 CR4: 00000000003506f0 [ 63.511380][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.511386][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.511392][ T5089] Call Trace: [ 63.511400][ T5089] [ 63.511404][ T5089] ? __die_body+0x88/0xe0 [ 63.511418][ T5089] ? die+0xcf/0x110 [ 63.511431][ T5089] ? do_trap+0x15a/0x3a0 [ 63.511444][ T5089] ? filp_flush+0x152/0x160 [ 63.511454][ T5089] ? do_error_trap+0x1dc/0x2c0 [ 63.511465][ T5089] ? filp_flush+0x152/0x160 [ 63.511477][ T5089] ? __pfx_do_error_trap+0x10/0x10 [ 63.511491][ T5089] ? handle_invalid_op+0x34/0x40 [ 63.511502][ T5089] ? filp_flush+0x152/0x160 [ 63.511512][ T5089] ? exc_invalid_op+0x38/0x50 [ 63.511524][ T5089] ? asm_exc_invalid_op+0x1a/0x20 [ 63.511538][ T5089] ? __wake_up_klogd+0x109/0x140 [ 63.511548][ T5089] ? filp_flush+0x152/0x160 [ 63.511560][ T5089] filp_close+0x1e/0x40 [ 63.511571][ T5089] put_files_struct+0x1b6/0x360 [ 63.511586][ T5089] do_exit+0xa08/0x28e0 [ 63.511601][ T5089] ? __pfx_do_exit+0x10/0x10 [ 63.511611][ T5089] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 63.511623][ T5089] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 63.511635][ T5089] ? _raw_spin_unlock_irq+0x23/0x50 [ 63.511648][ T5089] ? lockdep_hardirqs_on+0x99/0x150 [ 63.511659][ T5089] do_group_exit+0x207/0x2c0 [ 63.511672][ T5089] __x64_sys_exit_group+0x3f/0x40 [ 63.511684][ T5089] x64_sys_call+0x26a8/0x26b0 [ 63.511698][ T5089] do_syscall_64+0xf3/0x230 [ 63.511709][ T5089] ? clear_bhb_loop+0x35/0x90 [ 63.511721][ T5089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.511733][ T5089] RIP: 0033:0x7fc324e0fd09 [ 63.511744][ T5089] Code: Unable to access opcode bytes at 0x7fc324e0fcdf. [ 63.511749][ T5089] RSP: 002b:00007fffe9a711b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.511759][ T5089] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc324e0fd09 [ 63.511765][ T5089] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 63.511771][ T5089] RBP: 00007fc324e8b2d0 R08: ffffffffffffffb8 R09: 0000555580c204c0 [ 63.511778][ T5089] R10: 0000555580c204c0 R11: 0000000000000246 R12: 00007fc324e8b2d0 [ 63.511784][ T5089] R13: 0000000000000000 R14: 00007fc324e8c040 R15: 00007fc324dddf00 [ 63.511794][ T5089] [ 63.511797][ T5089] Modules linked in: [ 63.511811][ T5089] ---[ end trace 0000000000000000 ]--- [ 63.857097][ T5089] RIP: 0010:filp_flush+0x152/0x160 [ 63.862247][ T5089] Code: e9 80 e1 07 80 c1 03 38 c1 7c a6 48 89 ef e8 c5 03 f0 ff eb 9c e8 6e 16 8a ff 48 c7 c7 20 59 d8 8b 48 89 ee e8 6f 84 7d 09 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 [ 63.881942][ T5089] RSP: 0018:ffffc900033bfc80 EFLAGS: 00010246 [ 63.888022][ T5089] RAX: 0000000000000038 RBX: 0000000000000000 RCX: fe0d96255f7cdc00 [ 63.896075][ T5089] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 63.904075][ T5089] RBP: ffffffff8bd42dc0 R08: ffffffff8176b129 R09: 1ffff92000677f2c [ 63.912094][ T5089] R10: dffffc0000000000 R11: fffff52000677f2d R12: ffff8880784d9680 [ 63.920107][ T5089] R13: dffffc0000000000 R14: ffff88807aa761c0 R15: 0000000000000009 [ 63.928149][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 63.937130][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.943750][ T5089] CR2: 000000003f3be538 CR3: 000000007f062000 CR4: 00000000003506f0 [ 63.951752][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.959722][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.967726][ T5089] Kernel panic - not syncing: Fatal exception [ 63.973927][ T5089] Kernel Offset: disabled [ 63.978240][ T5089] Rebooting in 86400 seconds..