Node 0 active_anon:212kB inactive_anon:29616kB active_file:80kB inactive_file:60kB unevictable:0kB isolated(anon):52kB isolated(file):16kB mapped:34832kB dirty:12kB writeback:0kB shmem:272kB writeback_tmp:0kB kernel_stack:3136kB pagetables:1420kB sec_pagetables:0kB all_unreclaimable? no
BUG: KASAN: null-ptr-deref in filemap_fault+0xac7/0x2170
Node 0
Read of size 4 at addr 0000000000000028 by task in:imklog/162
CPU: 0 PID: 162 Comm: in:imklog Not tainted 6.3.0-next-20230428 #1
DMA free:6444kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
lowmem_reserve[]:
Call Trace:
0
dump_stack_lvl+0x91/0xf0
1606
1606
kasan_report+0xc0/0xf0
1606
Node 0
kasan_check_range+0x39/0x1d0
DMA32 free:2004kB boost:4096kB min:9200kB low:10844kB high:12488kB reserved_highatomic:2048KB active_anon:212kB inactive_anon:29784kB active_file:196kB inactive_file:0kB unevictable:0kB writepending:264kB present:2080640kB managed:1655444kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
filemap_fault+0xac7/0x2170
lowmem_reserve[]: 0
0
0
0
__do_fault+0x10d/0x590
Node 0
__handle_mm_fault+0x1289/0x30b0
DMA:
1*4kB
(U)
1*8kB
handle_mm_fault+0x1af/0xba0
(U)
do_user_addr_fault+0x5f6/0x1310
0*16kB
exc_page_fault+0x9c/0x1a0
1*32kB
asm_exc_page_fault+0x26/0x30
(U)
RIP: 0033:0x7fb7b106a492
0*64kB
Code: Unable to access opcode bytes at 0x7fb7b106a468.
0*128kB
RSP: 002b:00007fb7b0b813e0 EFLAGS: 00010203
1*256kB
(U)
RAX: 0000000000000034 RBX: 00007fb7b0b8140c RCX: 0000000000000000
0*512kB
RDX: 0000000000000034 RSI: 00007fb7b0b8140c RDI: 00007fb7b0b81400
0*1024kB
RBP: 00007fb7b0b81d00 R08: 00007fb7b14a63c0 R09: 0000564eb6796e88
1*2048kB
R10: a3d70a3d70a3d70b R11: 0000000000000000 R12: 00007fb7b0b81400
R13: 0000564eb679a4c0 R14: 00007fb7b0b81d00 R15: 00007fb7b0b81d78
(M)
1*4096kB
==================================================================
(M)
= 6444kB
general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI
Node 0
KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
DMA32:
CPU: 0 PID: 162 Comm: in:imklog Tainted: G B 6.3.0-next-20230428 #1
224*4kB
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
(UME) 68*8kB
RIP: 0010:filemap_fault+0xad8/0x2170
(UME)
Code: 00 00 e8 bb d0 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 f9 cd 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
47*16kB
RSP: 0018:ffff88800dd2fbc8 EFLAGS: 00010216
(M)
11*32kB
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
(UME) 1*64kB
RDX: 0000000000000005 RSI: ffffffff8180cf88 RDI: 0000000000000007
(U)
RBP: 0000000000000162 R08: 0000000000000007 R09: 0000000000000000
0*128kB
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
0*256kB
R13: ffff88800f7aca00 R14: 0000000000000001 R15: ffff88800dd2fd90
0*512kB
FS: 00007fb7b0ba2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
0*1024kB
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
0*2048kB
CR2: 00007fb7b106a468 CR3: 00000000158ee000 CR4: 0000000000350ef0
0*4096kB
Call Trace:
= 2608kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
137 total pagecache pages
0 pages in swap cache
__do_fault+0x10d/0x590
Free swap = 0kB
__handle_mm_fault+0x1289/0x30b0
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
handle_mm_fault+0x1af/0xba0
106457 pages reserved
do_user_addr_fault+0x5f6/0x1310
Unreclaimable slab info:
exc_page_fault+0x9c/0x1a0
Name Used Total
asm_exc_page_fault+0x26/0x30
pid_3 7KB 7KB
RIP: 0033:0x7fb7b106a492
pid_2 52KB 71KB
Code: Unable to access opcode bytes at 0x7fb7b106a468.
IEEE-802.15.4-MAC 63KB 63KB
RSP: 002b:00007fb7b0b813e0 EFLAGS: 00010203
IEEE-802.15.4-RAW 31KB 31KB
RAX: 0000000000000034 RBX: 00007fb7b0b8140c RCX: 0000000000000000
ip6-frags 15KB 15KB
RDX: 0000000000000034 RSI: 00007fb7b0b8140c RDI: 00007fb7b0b81400
fib6_nodes 28KB 28KB
RBP: 00007fb7b0b81d00 R08: 00007fb7b14a63c0 R09: 0000564eb6796e88
ip6_dst_cache 22KB 22KB
R10: a3d70a3d70a3d70b R11: 0000000000000000 R12: 00007fb7b0b81400
RAWv6 154KB 154KB
R13: 0000564eb679a4c0 R14: 00007fb7b0b81d00 R15: 00007fb7b0b81d78
UDPLITEv6 64KB 64KB
UDPv6 64KB 64KB
Modules linked in:
tw_sock_TCPv6 7KB 7KB
TCPv6 62KB 62KB
---[ end trace 0000000000000000 ]---
scsi_sense_cache 8KB 8KB
virtio_scsi_cmd 16KB 16KB
bio-120 7KB 7KB
mqueue_inode_cache 60KB 60KB
RIP: 0010:filemap_fault+0xad8/0x2170
nfs_commit_data 15KB 15KB
nfs_write_data 47KB 47KB
Code: 00 00 e8 bb d0 e8 ff 49 8d 5c 24 34 be 04 00 00 00 48 89 df e8 f9 cd 1d 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ad
jbd2_inode 7KB 7KB
RSP: 0018:ffff88800dd2fbc8 EFLAGS: 00010216
ext4_system_zone 3KB 3KB
ext4_io_end_vec 7KB 7KB
RAX: dffffc0000000000 RBX: 0000000000000028 RCX: 0000000000000000
kioctx 31KB 31KB
RDX: 0000000000000005 RSI: ffffffff8180cf88 RDI: 0000000000000007
aio_kiocb 7KB 7KB
RBP: 0000000000000162 R08: 0000000000000007 R09: 0000000000000000
dio 15KB 15KB
R10: 0000000000000000 R11: 0000000000000000 R12: fffffffffffffff4
fasync_cache 7KB 7KB
R13: ffff88800f7aca00 R14: 0000000000000001 R15: ffff88800dd2fd90
pid_namespace 7KB 7KB
FS: 00007fb7b0ba2700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
rpc_buffers 31KB 31KB
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
rpc_tasks 3KB 3KB
CR2: 00007fb7b106a468 CR3: 00000000158ee000 CR4: 0000000000350ef0
UNIX-STREAM 152KB 352KB
UNIX 186KB 256KB
UDP-Lite 61KB 61KB
tcp_bind2_bucket 8KB 8KB
tcp_bind_bucket 8KB 8KB
xfrm_state 16KB 16KB
ip_fib_trie 8KB 8KB
ip_fib_alias 11KB 11KB
ip_dst_cache 53KB 76KB
RAW 61KB 61KB
UDP 123KB 215KB
tw_sock_TCP 7KB 7KB
request_sock_TCP 7KB 7KB
TCP 60KB 60KB
hugetlbfs_inode_cache 31KB 31KB
bio-248 11KB 11KB
ep_head 8KB 8KB
eventpoll_pwq 15KB 15KB
eventpoll_epi 39KB 39KB
inotify_inode_mark 35KB 35KB
sgpool-128 187KB 357KB
sgpool-64 63KB 63KB
sgpool-32 189KB 189KB
sgpool-16 82KB 82KB
sgpool-8 60KB 60KB
request_queue 62KB 62KB
blkdev_ioc 8KB 8KB
bio-184 36KB 36KB
biovec-max 752KB 803KB
biovec-128 63KB 63KB
biovec-64 299KB 299KB
biovec-16 33KB 33KB
uid_cache 7KB 7KB
dmaengine-unmap-2 4KB 4KB
audit_buffer 7KB 7KB
skbuff_small_head 921KB 921KB
skbuff_fclone_cache 82KB 82KB
skbuff_head_cache 532KB 532KB
file_lock_cache 39KB 39KB
file_lock_ctx 7KB 7KB
fsnotify_mark_connector 20KB 20KB
taskstats 69KB 69KB
proc_dir_entry 356KB 356KB
pde_opener 7KB 7KB
seq_file 63KB 82KB
sigqueue 27KB 47KB
shmem_inode_cache 1546KB 1546KB
kernfs_iattrs_cache 245KB 250KB
kernfs_node_cache 5025KB 5091KB
mnt_cache 149KB 149KB
filp 1451KB 1841KB
names_cache 8062KB 8062KB
net_namespace 137KB 137KB
hashtab_node 274KB 274KB
ebitmap_node 1149KB 1149KB
avtab_node 4976KB 4976KB
avc_node 31KB 31KB
lsm_inode_cache 2926KB 3360KB
lsm_file_cache 85KB 164KB
key_jar 31KB 31KB
uts_namespace 15KB 15KB
nsproxy 7KB 7KB
vma_lock 823KB 1009KB
vm_area_struct 891KB 1086KB
fs_cache 40KB 40KB
files_cache 161KB 175KB
signal_cache 320KB 394KB
sighand_cache 305KB 390KB
task_struct 1171KB 1689KB
cred_jar 87KB 112KB
anon_vma_chain 214KB 236KB
anon_vma 184KB 211KB
pid 45KB 63KB
Acpi-Operand 64KB 106KB
Acpi-ParseExt 27KB 27KB
Acpi-Parse 31KB 47KB
Acpi-State 19KB 35KB
Acpi-Namespace 24KB 24KB
numa_policy 7KB 7KB
perf_event 124KB 124KB
trace_event_file 183KB 183KB
ftrace_event_field 438KB 438KB
pool_workqueue 40KB 40KB
maple_node 1103KB 1280KB
task_group 16KB 16KB
mm_struct 273KB 336KB
vmap_area 46KB 47KB
page->ptl 171KB 232KB
kmemleak_scan_area 24KB 31KB
kmemleak_object 94074KB 105600KB
kmalloc-cg-8k 96KB 96KB
kmalloc-cg-4k 2536KB 2632KB
kmalloc-cg-2k 1660KB 1824KB
kmalloc-cg-1k 472KB 512KB
kmalloc-cg-512 496KB 496KB
kmalloc-cg-256 48KB 48KB
kmalloc-cg-192 56KB 56KB
kmalloc-cg-128 48KB 48KB
kmalloc-cg-96 44KB 44KB
kmalloc-cg-64 28KB 28KB
kmalloc-cg-32 28KB 48KB
kmalloc-cg-16 8KB 8KB
kmalloc-cg-8 15KB 15KB
kmalloc-8k 2048KB 2272KB
kmalloc-4k 6224KB 6224KB
kmalloc-2k 3136KB 3616KB
kmalloc-1k 2976KB 3104KB
kmalloc-512 1560KB 1712KB
kmalloc-256 1043KB 1056KB
kmalloc-192 684KB 684KB
kmalloc-128 292KB 488KB
kmalloc-96 489KB 724KB
kmalloc-64 660KB 744KB
kmalloc-32 469KB 536KB
kmalloc-16 321KB 332KB
kmalloc-8 258KB 266KB
kmem_cache_node 51KB 51KB
kmem_cache 82KB 82KB
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=9287,uid=0
Out of memory (oom_kill_allocating_task): Killed process 9287 (syz-executor.5) total-vm:93940kB, anon-rss:16kB, file-rss:34944kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000
systemd[1]: ssh.service: A process of this unit has been killed by the OOM killer.
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL
systemd[1]: systemd-journald.service: Failed with result 'oom-kill'.
systemd[1]: systemd-journald.service: Consumed 54.109s CPU time.
systemd[1]: ssh.service: Control process exited, code=killed, status=9/KILL
systemd[1]: ssh.service: Failed with result 'oom-kill'.
systemd[1]: ssh.service: Unit process 231 (sshd) remains running after unit stopped.
systemd[1]: Failed to start OpenBSD Secure Shell server.
systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopping Flush Journal to Persistent Storage...
systemd[1]: Stopped target Bluetooth.
systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL
systemd[1]: rsyslog.service: Failed with result 'oom-kill'.
systemd[1]: rsyslog.service: Consumed 1.715s CPU time.
systemd[1]: ssh.service: Scheduled restart job, restart counter is at 2.
systemd[1]: Stopped OpenBSD Secure Shell server.
systemd[1]: Starting OpenBSD Secure Shell server...
systemd[1]: Started Load/Save RF Kill Switch Status.
systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopped System Logging Service.
systemd[1]: rsyslog.service: Consumed 1.715s CPU time.
systemd[1]: Starting System Logging Service...
systemd[1]: systemd-journal-flush.service: Succeeded.
systemd[1]: Stopped Flush Journal to Persistent Storage.
systemd[1]: Stopped Journal Service.
systemd[1]: systemd-journald.service: Consumed 54.109s CPU time.
systemd[1]: Starting Journal Service...
systemd[1]: Started System Logging Service.
systemd-journald[9304]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing.
systemd[1]: Started OpenBSD Secure Shell server.
systemd[1]: Started Journal Service.
systemd-journald[9304]: Received client request to flush runtime journal.
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: e8 bb d0 e8 ff callq 0xffe8d0c2
7: 49 8d 5c 24 34 lea 0x34(%r12),%rbx
c: be 04 00 00 00 mov $0x4,%esi
11: 48 89 df mov %rbx,%rdi
14: e8 f9 cd 1d 00 callq 0x1dce12
19: 48 89 da mov %rbx,%rdx
1c: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
23: fc ff df
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruction
2e: 48 89 d8 mov %rbx,%rax
31: 83 e0 07 and $0x7,%eax
34: 83 c0 03 add $0x3,%eax
37: 38 d0 cmp %dl,%al
39: 7c 08 jl 0x43
3b: 84 d2 test %dl,%dl
3d: 0f .byte 0xf
3e: 85 .byte 0x85
3f: ad lods %ds:(%rsi),%eax