Total swap = 0kB 524158 pages RAM 0 pages HighMem/MovableOnly 106457 pages reserved ================================================================== BUG: KASAN: null-ptr-deref in filemap_fault+0xac7/0x2170 Read of size 4 at addr 0000000000000028 by task syz-fuzzer/264 CPU: 0 PID: 264 Comm: syz-fuzzer Not tainted 6.3.0-next-20230428 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x91/0xf0 kasan_report+0xc0/0xf0 kasan_check_range+0x39/0x1d0 filemap_fault+0xac7/0x2170 __do_fault+0x10d/0x590 __handle_mm_fault+0x1289/0x30b0 handle_mm_fault+0x1af/0xba0 do_user_addr_fault+0x5f6/0x1310 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x4666e0 Code: Unable to access opcode bytes at 0x4666b6. RSP: 002b:000000c0003797f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000003e7 RCX: 00000000004666e0 RDX: 0000000000000080 RSI: 000000c000379840 RDI: 0000000000000003 RBP: 000000c000379e40 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000003e7 R11: 0000000000000246 R12: 0000000000000003 R13: 000000c0003b5680 R14: 0000000000000000 R15: ffffffffffffffff </TASK> ================================================================== general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 0 PID: 264 Comm: syz-fuzzer Tainted: G B 6.3.0-next-20230428 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:filemap_fault+0xad8/0x2170 Code: 00 00 e8 bb d0 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 f9 cd 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad RSP: 0018:ffff8880197b7bc8 EFLAGS: 00010216 RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000 RDX: 0000000000000005 RSI: ffffffff8180cf88 RDI: 0000000000000007 RBP: 0000000000000056 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4 R13: ffff88800ddf5180 R14: 0000000000000001 R15: ffff8880197b7d90 FS: 000000c000031590(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004666b6 CR3: 000000000e518000 CR4: 0000000000350ef0 Call Trace: <TASK> __do_fault+0x10d/0x590 __handle_mm_fault+0x1289/0x30b0 handle_mm_fault+0x1af/0xba0 do_user_addr_fault+0x5f6/0x1310 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x4666e0 Code: Unable to access opcode bytes at 0x4666b6. RSP: 002b:000000c0003797f0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000003e7 RCX: 00000000004666e0 RDX: 0000000000000080 RSI: 000000c000379840 RDI: 0000000000000003 RBP: 000000c000379e40 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000003e7 R11: 0000000000000246 R12: 0000000000000003 R13: 000000c0003b5680 R14: 0000000000000000 R15: ffffffffffffffff </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:filemap_fault+0xad8/0x2170 Code: 00 00 e8 bb d0 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 f9 cd 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad RSP: 0018:ffff8880197b7bc8 EFLAGS: 00010216 RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000 RDX: 0000000000000005 RSI: ffffffff8180cf88 RDI: 0000000000000007 RBP: 0000000000000056 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4 R13: ffff88800ddf5180 R14: 0000000000000001 R15: ffff8880197b7d90 FS: 000000c000031590(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004666b6 CR3: 000000000e518000 CR4: 0000000000350ef0 blktrace: Concurrent blktraces are not allowed on sg0 systemd-journal invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=-250 CPU: 1 PID: 86 Comm: systemd-journal Tainted: G B D 6.3.0-next-20230428 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xc1/0xf0 dump_header+0x10a/0xd50 oom_kill_process+0x25d/0x600 out_of_memory+0x1365/0x1660 __alloc_pages_slowpath.constprop.0+0x18bc/0x1f10 __alloc_pages+0x3f3/0x480 alloc_pages+0x1a0/0x260 filemap_alloc_folio+0x374/0x410 __filemap_get_folio+0x285/0x8d0 filemap_fault+0x14c3/0x2170 __do_fault+0x10d/0x590 __handle_mm_fault+0x1289/0x30b0 handle_mm_fault+0x1af/0xba0 do_user_addr_fault+0x5f6/0x1310 exc_page_fault+0x9c/0x1a0 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x7f398ffeba09 Code: Unable to access opcode bytes at 0x7f398ffeb9df. RSP: 002b:00007ffcdfdd60f0 EFLAGS: 00010206 RAX: 0000000000000001 RBX: 0000562c73fc4360 RCX: 00007f398fd3c116 RDX: 0000000000000015 RSI: 0000562c73fcacc0 RDI: 0000000000000000 RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007ffcdfdf0080 R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000015 R14: 0000000000000000 R15: 0000000000000000 </TASK> Mem-Info: active_anon:40 inactive_anon:7604 isolated_anon:0 active_file:456 inactive_file:404 isolated_file:0 unevictable:0 dirty:10 writeback:0 slab_reclaimable:9215 slab_unreclaimable:45741 mapped:18016 shmem:76 pagetables:321 sec_pagetables:0 bounce:0 kernel_misc_reclaimable:0 free:3603 free_pcp:166 free_cma:0 Node 0 active_anon:160kB inactive_anon:30416kB active_file:1736kB inactive_file:1700kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:71980kB dirty:40kB writeback:0kB shmem:304kB writeback_tmp:0kB kernel_stack:3232kB pagetables:1284kB sec_pagetables:0kB all_unreclaimable? no Node 0 DMA free:6444kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 1606 1606 1606 Node 0 DMA32 free:7968kB boost:12588kB min:17692kB low:19336kB high:20980kB reserved_highatomic:2048KB active_anon:160kB inactive_anon:30080kB active_file:1496kB inactive_file:2040kB unevictable:0kB writepending:796kB present:2080640kB managed:1655444kB mlocked:0kB bounce:0kB free_pcp:840kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 0*64kB 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6444kB Node 0 DMA32: 782*4kB (UME) 213*8kB (UMEH) 83*16kB (UMEH) 27*32kB (UMH) 3*64kB (UH) 2*128kB (H) 0*256kB 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 9008kB Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 701 total pagecache pages 0 pages in swap cache Free swap = 0kB Total swap = 0kB 524158 pages RAM 0 pages HighMem/MovableOnly 106457 pages reserved Unreclaimable slab info: Name Used Total pid_3 7KB 7KB pid_2 52KB 52KB IEEE-802.15.4-MAC 31KB 31KB fib6_nodes 28KB 28KB ip6_dst_cache 33KB 33KB PINGv6 61KB 61KB RAWv6 123KB 123KB UDPLITEv6 64KB 64KB UDPv6 64KB 64KB TCPv6 62KB 62KB scsi_sense_cache 8KB 8KB virtio_scsi_cmd 16KB 16KB bio-120 7KB 7KB mqueue_inode_cache 60KB 60KB nfs_commit_data 15KB 15KB nfs_write_data 47KB 47KB jbd2_inode 7KB 7KB ext4_system_zone 3KB 3KB ext4_io_end_vec 7KB 7KB kioctx 31KB 31KB aio_kiocb 7KB 7KB fasync_cache 3KB 3KB pid_namespace 7KB 7KB rpc_buffers 31KB 31KB rpc_tasks 3KB 3KB UNIX-STREAM 150KB 288KB UNIX 186KB 256KB UDP-Lite 30KB 30KB tcp_bind2_bucket 8KB 8KB tcp_bind_bucket 8KB 8KB ip_fib_trie 8KB 8KB ip_fib_alias 15KB 15KB ip_dst_cache 8KB 8KB RAW 61KB 61KB UDP 125KB 215KB request_sock_TCP 15KB 15KB TCP 60KB 60KB hugetlbfs_inode_cache 15KB 15KB bio-248 11KB 11KB ep_head 8KB 8KB eventpoll_pwq 23KB 23KB eventpoll_epi 47KB 47KB inotify_inode_mark 62KB 62KB sgpool-128 59KB 59KB sgpool-64 63KB 63KB sgpool-32 204KB 204KB sgpool-16 105KB 105KB sgpool-8 41KB 41KB request_queue 62KB 62KB blkdev_ioc 8KB 8KB bio-184 36KB 36KB biovec-max 480KB 480KB biovec-128 63KB 63KB biovec-64 236KB 236KB biovec-16 26KB 26KB user_namespace 30KB 30KB uid_cache 7KB 7KB dmaengine-unmap-2 4KB 4KB audit_buffer 7KB 7KB skbuff_small_head 1041KB 1228KB skbuff_fclone_cache 97KB 97KB skbuff_head_cache 573KB 615KB file_lock_cache 39KB 39KB file_lock_ctx 7KB 7KB fsnotify_mark_connector 44KB 44KB taskstats 54KB 54KB proc_dir_entry 363KB 363KB pde_opener 7KB 7KB seq_file 48KB 48KB sigqueue 31KB 31KB shmem_inode_cache 1359KB 1454KB kernfs_iattrs_cache 250KB 250KB kernfs_node_cache 5153KB 5153KB mnt_cache 149KB 149KB filp 1025KB 1380KB names_cache 5384KB 5384KB net_namespace 82KB 82KB hashtab_node 274KB 274KB ebitmap_node 1149KB 1149KB avtab_node 4976KB 4976KB avc_node 31KB 31KB lsm_inode_cache 3044KB 3411KB lsm_file_cache 55KB 128KB key_jar 31KB 31KB uts_namespace 15KB 15KB nsproxy 7KB 7KB vma_lock 780KB 892KB vm_area_struct 828KB 959KB fs_cache 32KB 32KB files_cache 149KB 159KB signal_cache 291KB 334KB sighand_cache 293KB 360KB task_struct 1049KB 1280KB cred_jar 57KB 92KB anon_vma_chain 183KB 236KB anon_vma 168KB 195KB pid 57KB 67KB Acpi-Operand 73KB 106KB Acpi-ParseExt 31KB 31KB Acpi-Parse 35KB 51KB Acpi-State 27KB 43KB Acpi-Namespace 24KB 24KB numa_policy 3KB 3KB perf_event 125KB 217KB trace_event_file 183KB 183KB ftrace_event_field 438KB 438KB pool_workqueue 40KB 40KB maple_node 2512KB 2512KB task_group 16KB 16KB mm_struct 301KB 306KB vmap_area 63KB 63KB page->ptl 135KB 177KB kmemleak_scan_area 26KB 31KB kmemleak_object 96389KB 105391KB kmalloc-cg-8k 64KB 64KB kmalloc-cg-4k 2464KB 2464KB kmalloc-cg-2k 1696KB 1760KB kmalloc-cg-1k 516KB 576KB kmalloc-cg-512 336KB 336KB kmalloc-cg-256 40KB 40KB kmalloc-cg-192 44KB 44KB kmalloc-cg-128 44KB 44KB kmalloc-cg-96 40KB 40KB kmalloc-cg-64 20KB 20KB kmalloc-cg-32 35KB 44KB kmalloc-cg-16 8KB 8KB kmalloc-cg-8 11KB 11KB kmalloc-8k 2240KB 2272KB kmalloc-4k 4576KB 4576KB kmalloc-2k 3292KB 3424KB kmalloc-1k 3468KB 3776KB kmalloc-512 1540KB 1632KB kmalloc-256 1038KB 1048KB kmalloc-192 626KB 636KB kmalloc-128 252KB 312KB kmalloc-96 500KB 780KB kmalloc-64 672KB 748KB kmalloc-32 476KB 528KB kmalloc-16 320KB 332KB kmalloc-8 256KB 262KB kmem_cache_node 51KB 51KB kmem_cache 82KB 82KB oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=86,uid=0 Out of memory (oom_kill_allocating_task): Killed process 86 (systemd-journal) total-vm:31836kB, anon-rss:896kB, file-rss:256kB, shmem-rss:4kB, UID:0 pgtables:80kB oom_score_adj:-250 systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL systemd[1]: systemd-journald.service: Failed with result 'oom-kill'. systemd[1]: systemd-journald.service: Consumed 2.182s CPU time. systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. systemd[1]: Stopped target Bluetooth. systemd[1]: Stopping Flush Journal to Persistent Storage... systemd[1]: Started OpenBSD Secure Shell server. systemd[1]: systemd-journal-flush.service: Succeeded. systemd[1]: Stopped Flush Journal to Persistent Storage. systemd[1]: Stopped Journal Service. systemd[1]: systemd-journald.service: Consumed 2.182s CPU time. systemd[1]: Starting Journal Service... systemd-journald[10929]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing. systemd[1]: Started Journal Service. systemd-journald[10929]: Received client request to flush runtime journal. ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: e8 bb d0 e8 ff callq 0xffe8d0c2 7: 49 8d 5c 24 34 lea 0x34(%r12),%rbx c: be 04 00 00 00 mov $0x4,%esi 11: 48 89 df mov %rbx,%rdi 14: e8 f9 cd 1d 00 callq 0x1dce12 19: 48 89 da mov %rbx,%rdx 1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 23: fc ff df 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction 2e: 48 89 d8 mov %rbx,%rax 31: 83 e0 07 and $0x7,%eax 34: 83 c0 03 add $0x3,%eax 37: 38 d0 cmp %dl,%al 39: 7c 08 jl 0x43 3b: 84 d2 test %dl,%dl 3d: 0f .byte 0xf 3e: 85 .byte 0x85 3f: ad lods %ds:(%rsi),%eax