Call Trace:
dump_stack_lvl+0xc1/0xf0
==================================================================
warn_alloc+0x214/0x370
BUG: KASAN: null-ptr-deref in filemap_fault+0xac7/0x2170
Read of size 4 at addr 0000000000000028 by task systemd-journal/88
__alloc_pages_slowpath.constprop.0+0x1a5e/0x1f10
__alloc_pages+0x3f3/0x480
alloc_pages+0x1a0/0x260
relay_open_buf.part.0+0x285/0xbc0
relay_open+0x7ba/0xa70
do_blk_trace_setup+0x4b2/0xbb0
__blk_trace_setup+0xca/0x180
blk_trace_setup+0x47/0x70
sg_ioctl+0x6a5/0x26a0
__x64_sys_ioctl+0x19e/0x210
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7fa94c986b19
Code: Unable to access opcode bytes at 0x7fa94c986aef.
RSP: 002b:00007fa949edb188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa94ca9a020 RCX: 00007fa94c986b19
RDX: 0000000020000000 RSI: 00000000c0481273 RDI: 0000000000000004
RBP: 00007fa94c9e0f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff5d4d3e3f R14: 00007fa949edb300 R15: 0000000000022000
CPU: 0 PID: 88 Comm: systemd-journal Not tainted 6.3.0-next-20230425 #1
Mem-Info:
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
active_anon:6190 inactive_anon:41735 isolated_anon:13
active_file:0 inactive_file:28 isolated_file:14
unevictable:12 dirty:0 writeback:0
slab_reclaimable:9450 slab_unreclaimable:51579
mapped:69650 shmem:142 pagetables:1169
sec_pagetables:0 bounce:0
kernel_misc_reclaimable:0
free:2212 free_pcp:0 free_cma:0
Call Trace:
dump_stack_lvl+0x91/0xf0
Node 0 active_anon:24760kB inactive_anon:166940kB active_file:0kB inactive_file:112kB unevictable:48kB isolated(anon):52kB isolated(file):56kB mapped:278600kB dirty:0kB writeback:0kB shmem:568kB writeback_tmp:0kB kernel_stack:4160kB pagetables:4676kB sec_pagetables:0kB all_unreclaimable? no
Node 0
kasan_report+0xc0/0xf0
DMA free:6448kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]:
kasan_check_range+0x39/0x1d0
0
filemap_fault+0xac7/0x2170
1606
1606
1606
__do_fault+0x10d/0x590
__handle_mm_fault+0x1289/0x30b0
Node 0
DMA32 free:2400kB boost:2048kB min:7152kB low:8796kB high:10440kB reserved_highatomic:2048KB active_anon:24760kB inactive_anon:166940kB active_file:0kB inactive_file:492kB unevictable:48kB writepending:0kB present:2080640kB managed:1655444kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]:
0
handle_mm_fault+0x1af/0xba0
0
do_user_addr_fault+0x5f6/0x1310
0
exc_page_fault+0x9c/0x1a0
0
asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7fb1dd766527
Code: Unable to access opcode bytes at 0x7fb1dd7664fd.
Node 0
RSP: 002b:00007ffc6b8acb60 EFLAGS: 00010293
DMA:
RAX: 0000000000000034 RBX: 00007ffc6b8ad480 RCX: 00007fb1dd8983c0
0*4kB
RDX: 0000000000000034 RSI: 00007ffc6b8acbd0 RDI: 0000000000000000
0*8kB
RBP: 00007ffc6b8ad480 R08: 00007fb1dd8e54a0 R09: 00007ffc6b9ea080
1*16kB
R10: 00007ffc6b9ea0f0 R11: 0000000000000002 R12: 0000000000000000
(U)
R13: 00007ffc6b8ad480 R14: 0000000000000000 R15: 0000000000000000
1*32kB
==================================================================
(U)
0*64kB
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI
0*128kB
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
1*256kB
CPU: 0 PID: 88 Comm: systemd-journal Tainted: G B 6.3.0-next-20230425 #1
(U)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
0*512kB
RIP: 0010:filemap_fault+0xad8/0x2170
0*1024kB
Code: 00 00 e8 3b d1 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 d9 ce 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
1*2048kB
RSP: 0018:ffff888016b97bc8 EFLAGS: 00010216
(M)
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
1*4096kB
RDX: 0000000000000005 RSI: ffffffff8180cfe8 RDI: 0000000000000007
(M)
RBP: 0000000000000162 R08: 0000000000000007 R09: 0000000000000000
= 6448kB
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
Node 0
R13: ffff88800e284c80 R14: 0000000000000001 R15: ffff888016b97d90
DMA32:
FS: 00007fb1dcf5b900(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
335*4kB
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
(UME)
CR2: 00007fb1dd7664fd CR3: 000000000e6aa000 CR4: 0000000000350ef0
111*8kB
Call Trace:
(UME)
18*16kB
(UM)
1*32kB
__do_fault+0x10d/0x590
(U)
__handle_mm_fault+0x1289/0x30b0
1*64kB
(H)
0*128kB
1*256kB
handle_mm_fault+0x1af/0xba0
(H)
do_user_addr_fault+0x5f6/0x1310
0*512kB
exc_page_fault+0x9c/0x1a0
0*1024kB
asm_exc_page_fault+0x26/0x30
0*2048kB
RIP: 0033:0x7fb1dd766527
0*4096kB
Code: Unable to access opcode bytes at 0x7fb1dd7664fd.
= 2868kB
RSP: 002b:00007ffc6b8acb60 EFLAGS: 00010293
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
RAX: 0000000000000034 RBX: 00007ffc6b8ad480 RCX: 00007fb1dd8983c0
171 total pagecache pages
RDX: 0000000000000034 RSI: 00007ffc6b8acbd0 RDI: 0000000000000000
0 pages in swap cache
RBP: 00007ffc6b8ad480 R08: 00007fb1dd8e54a0 R09: 00007ffc6b9ea080
R10: 00007ffc6b9ea0f0 R11: 0000000000000002 R12: 0000000000000000
Free swap = 0kB
R13: 00007ffc6b8ad480 R14: 0000000000000000 R15: 0000000000000000
Total swap = 0kB
Modules linked in:
524158 pages RAM
---[ end trace 0000000000000000 ]---
0 pages HighMem/MovableOnly
RIP: 0010:filemap_fault+0xad8/0x2170
106457 pages reserved
Code: 00 00 e8 3b d1 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 d9 ce 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
RSP: 0018:ffff888016b97bc8 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffffffff8180cfe8 RDI: 0000000000000007
RBP: 0000000000000162 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
R13: ffff88800e284c80 R14: 0000000000000001 R15: ffff888016b97d90
FS: 00007fb1dcf5b900(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1dd7664fd CR3: 000000000e6aa000 CR4: 0000000000350ef0
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL
systemd[1]: systemd-journald.service: Failed with result 'oom-kill'.
systemd[1]: systemd-journald.service: Consumed 15.921s CPU time.
systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
blktrace: Concurrent blktraces are not allowed on sg0
blktrace: Concurrent blktraces are not allowed on sg0
systemd[1]: Stopping Flush Journal to Persistent Storage...
systemd[1]: Starting Load/Save RF Kill Switch Status...
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
blktrace: Concurrent blktraces are not allowed on sg0
systemd[1]: Started Load/Save RF Kill Switch Status.
systemd[1]: systemd-journal-flush.service: Succeeded.
systemd[1]: Stopped Flush Journal to Persistent Storage.
systemd[1]: Stopped Journal Service.
systemd[1]: systemd-journald.service: Consumed 15.921s CPU time.
systemd[1]: Starting Journal Service...
systemd-journald[11895]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing.
systemd[1]: Started Journal Service.
systemd-journald[11895]: Received client request to flush runtime journal.
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
blktrace: Concurrent blktraces are not allowed on sg0
program syz-executor.6 is using a deprecated SCSI ioctl, please convert it to SG_IO
program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO
syz-executor.0 invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
CPU: 1 PID: 277 Comm: syz-executor.0 Tainted: G B D 6.3.0-next-20230425 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0xc1/0xf0
dump_header+0x10a/0xd50
oom_kill_process+0x25d/0x600
out_of_memory+0x1365/0x1660
__alloc_pages_slowpath.constprop.0+0x18bc/0x1f10
__alloc_pages+0x3f3/0x480
alloc_pages+0x1a0/0x260
filemap_alloc_folio+0x374/0x410
__filemap_get_folio+0x285/0x8d0
filemap_fault+0x14c3/0x2170
__do_fault+0x10d/0x590
__handle_mm_fault+0x1289/0x30b0
handle_mm_fault+0x1af/0xba0
do_user_addr_fault+0x5f6/0x1310
exc_page_fault+0x9c/0x1a0
asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f4bb051c688
Code: Unable to access opcode bytes at 0x7f4bb051c65e.
RSP: 002b:00007fffe0eb9760 EFLAGS: 00010202
RAX: 0000001b2c720000 RBX: 0000000000000396 RCX: 00000000002523d0
RDX: 0000000000252431 RSI: 00007fffe0eb9820 RDI: 0000000000000001
RBP: 00007fffe0eb97bc R08: 0000000000000982 R09: 00007fffe0f51080
R10: 00007fffe0f51090 R11: 000000000044ecd4 R12: 0000000000000032
R13: 00000000002523b9 R14: 0000000000000008 R15: 00007fffe0eb9820
Mem-Info:
active_anon:2353 inactive_anon:41501 isolated_anon:0
active_file:54 inactive_file:0 isolated_file:0
unevictable:8 dirty:0 writeback:0
slab_reclaimable:7807 slab_unreclaimable:52833
mapped:60946 shmem:132 pagetables:1063
sec_pagetables:0 bounce:0
kernel_misc_reclaimable:0
free:3090 free_pcp:118 free_cma:0
Node 0 active_anon:9412kB inactive_anon:166004kB active_file:216kB inactive_file:68kB unevictable:32kB isolated(anon):0kB isolated(file):0kB mapped:243784kB dirty:0kB writeback:0kB shmem:528kB writeback_tmp:0kB kernel_stack:4032kB pagetables:4252kB sec_pagetables:0kB all_unreclaimable? no
Node 0 DMA free:6448kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1606 1606 1606
Node 0 DMA32 free:5912kB boost:0kB min:5104kB low:6748kB high:8392kB reserved_highatomic:2048KB active_anon:9412kB inactive_anon:166004kB active_file:224kB inactive_file:48kB unevictable:32kB writepending:0kB present:2080640kB managed:1655444kB mlocked:0kB bounce:0kB free_pcp:472kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6448kB
Node 0 DMA32: 519*4kB (UME) 161*8kB (UME) 19*16kB (UMH) 1*32kB (H) 1*64kB (H) 1*128kB (H) 1*256kB (H) 1*512kB (H) 1*1024kB (H) 0*2048kB 0*4096kB = 5684kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
200 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
106457 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 45KB 52KB
IEEE-802.15.4-RAW 63KB 63KB
fib6_nodes 28KB 28KB
ip6_dst_cache 30KB 30KB
RAWv6 92KB 92KB
UDPLITEv6 32KB 32KB
UDPv6 64KB 64KB
TCPv6 62KB 62KB
scsi_sense_cache 8KB 8KB
virtio_scsi_cmd 16KB 16KB
bio-120 7KB 7KB
mqueue_inode_cache 60KB 60KB
nfs_commit_data 15KB 15KB
nfs_write_data 47KB 47KB
jbd2_inode 7KB 7KB
ext4_system_zone 3KB 3KB
ext4_io_end_vec 7KB 7KB
kioctx 31KB 31KB
aio_kiocb 7KB 7KB
dio 30KB 30KB
fasync_cache 7KB 7KB
pid_namespace 7KB 7KB
rpc_buffers 31KB 31KB
rpc_tasks 3KB 3KB
UNIX-STREAM 206KB 320KB
UNIX 174KB 256KB
ip4-frags 15KB 15KB
UDP-Lite 61KB 61KB
tcp_bind2_bucket 8KB 8KB
tcp_bind_bucket 8KB 8KB
inet_peer_cache 4KB 4KB
ip_fib_trie 8KB 8KB
ip_fib_alias 11KB 11KB
ip_dst_cache 27KB 44KB
PING 61KB 61KB
RAW 61KB 61KB
UDP 215KB 215KB
request_sock_TCP 7KB 7KB
TCP 60KB 60KB
hugetlbfs_inode_cache 15KB 15KB
bio-248 11KB 11KB
ep_head 8KB 8KB
eventpoll_pwq 19KB 19KB
eventpoll_epi 47KB 47KB
inotify_inode_mark 42KB 42KB
sgpool-128 59KB 59KB
sgpool-64 63KB 63KB
sgpool-32 65KB 126KB
sgpool-16 52KB 52KB
sgpool-8 60KB 60KB
request_queue 62KB 62KB
blkdev_ioc 8KB 8KB
bio-184 36KB 36KB
biovec-max 446KB 446KB
biovec-128 31KB 31KB
biovec-64 236KB 299KB
biovec-16 30KB 30KB
uid_cache 7KB 7KB
dmaengine-unmap-2 4KB 4KB
audit_buffer 7KB 7KB
skbuff_small_head 1881KB 1881KB
skbuff_fclone_cache 75KB 75KB
skbuff_head_cache 821KB 821KB
configfs_dir_cache 8KB 8KB
file_lock_cache 31KB 31KB
file_lock_ctx 7KB 7KB
fsnotify_mark_connector 28KB 28KB
taskstats 69KB 69KB
proc_dir_entry 302KB 330KB
pde_opener 7KB 7KB
seq_file 71KB 71KB
sigqueue 35KB 51KB
shmem_inode_cache 1435KB 1546KB
kernfs_iattrs_cache 273KB 273KB
kernfs_node_cache 5038KB 5068KB
mnt_cache 133KB 133KB
filp 2199KB 2302KB
names_cache 16651KB 16808KB
net_namespace 82KB 82KB
hashtab_node 274KB 274KB
ebitmap_node 1149KB 1149KB
avtab_node 4976KB 4976KB
avc_node 31KB 31KB
lsm_inode_cache 2748KB 3071KB
lsm_file_cache 119KB 148KB
key_jar 23KB 23KB
uts_namespace 15KB 15KB
nsproxy 7KB 7KB
vma_lock 990KB 1089KB
vm_area_struct 1070KB 1170KB
fs_cache 44KB 44KB
files_cache 159KB 159KB
signal_cache 259KB 394KB
sighand_cache 289KB 360KB
task_struct 1205KB 1362KB
cred_jar 88KB 108KB
anon_vma_chain 233KB 252KB
anon_vma 204KB 227KB
pid 50KB 60KB
Acpi-Operand 76KB 114KB
Acpi-ParseExt 23KB 23KB
Acpi-Parse 43KB 59KB
Acpi-State 27KB 43KB
Acpi-Namespace 20KB 20KB
shared_policy_node 8KB 8KB
numa_policy 7KB 7KB
perf_event 93KB 186KB
trace_event_file 183KB 183KB
ftrace_event_field 438KB 438KB
pool_workqueue 32KB 32KB
maple_node 4341KB 4928KB
task_group 16KB 16KB
mm_struct 196KB 275KB
vmap_area 41KB 51KB
page->ptl 159KB 208KB
kmemleak_scan_area 31KB 31KB
kmemleak_object 97268KB 105364KB
kmalloc-cg-8k 64KB 64KB
kmalloc-cg-4k 2480KB 2688KB
kmalloc-cg-2k 1580KB 1760KB
kmalloc-cg-1k 436KB 512KB
kmalloc-cg-512 342KB 368KB
kmalloc-cg-256 40KB 40KB
kmalloc-cg-192 40KB 40KB
kmalloc-cg-128 40KB 40KB
kmalloc-cg-96 44KB 44KB
kmalloc-cg-64 28KB 28KB
kmalloc-cg-32 26KB 40KB
kmalloc-cg-16 8KB 8KB
kmalloc-cg-8 11KB 11KB
kmalloc-8k 1824KB 2144KB
kmalloc-4k 3744KB 4064KB
kmalloc-2k 2868KB 3264KB
kmalloc-1k 5940KB 5984KB
kmalloc-512 1568KB 1664KB
kmalloc-256 1058KB 1144KB
kmalloc-192 634KB 648KB
kmalloc-128 274KB 296KB
kmalloc-96 633KB 804KB
kmalloc-64 684KB 732KB
kmalloc-32 500KB 532KB
kmalloc-16 323KB 332KB
kmalloc-8 260KB 266KB
kmem_cache_node 47KB 47KB
kmem_cache 78KB 78KB
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz0,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=277,uid=0
Out of memory (oom_kill_allocating_task): Killed process 277 (syz-executor.0) total-vm:93280kB, anon-rss:284kB, file-rss:34944kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:0
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: e8 3b d1 e8 ff callq 0xffe8d142
7: 49 8d 5c 24 34 lea 0x34(%r12),%rbx
c: be 04 00 00 00 mov $0x4,%esi
11: 48 89 df mov %rbx,%rdi
14: e8 d9 ce 1d 00 callq 0x1dcef2
19: 48 89 da mov %rbx,%rdx
1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
23: fc ff df
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction
2e: 48 89 d8 mov %rbx,%rax
31: 83 e0 07 and $0x7,%eax
34: 83 c0 03 add $0x3,%eax
37: 38 d0 cmp %dl,%al
39: 7c 08 jl 0x43
3b: 84 d2 test %dl,%dl
3d: 0f .byte 0xf
3e: 85 .byte 0x85
3f: ad lods %ds:(%rsi),%eax