1
------------[ cut here ]------------
WARNING: CPU: 3 PID: 3951 at fs/inode.c:339 drop_nlink+0x7c/0xac proc/self/cwd/common/fs/inode.c:339
Modules linked in: pptp(E) l2tp_ppp(E) r8153_ecm(E) cdc_ncm(E) hci_uart(E) btusb(E) pppox(E) bsd_comp(E) ppp_mppe(E) ppp_deflate(E) cdc_eem(E) ax88179_178a(E) aqc111(E) asix(E) cdc_ether(E) btqca(E) hidp(E) btsdio(E) btbcm(E) btintel(E) rfcomm(E) btrtl(E) clk_test(E) ptp(E) tipc_diag(E) ieee802154_socket(E) ieee802154_6lowpan(E) mac802154(E) nhc_hop(E) nhc_udp(E) nhc_routing(E) nhc_fragment(E) nhc_ipv6(E) nhc_dest(E) nhc_mobility(E) ppp_generic(E) regmap_kunit(E) usbnet(E) r8152(E) bluetooth(E) nfc(E) ftdi_sio(E) vcan(E) slcan(E) zram(E) can_bcm(E) can_raw(E) can_gw(E) soc_utils_test(E) platform_test(E) clk_gate_test(E) dev_addr_lists_test(E) kunit_example_test(E) input_test(E) kunit_test(E) time_test(E) hid_uclogic_test(E) lib_test(E) iio_test_format(E) soc_topology_test(E) of_kunit_helpers(E) ext4_inode_test(E) fat_test(E) clk_kunit_helpers(E) cdc_acm(E) vcpu_stall_detector(E) wwan(E) kheaders(E) gnss(E) rtl8150(E) 8021q(E) pps_core(E) libarc4(E) virtio_balloon(E) usbmon(E) pwrseq_core(E) tipc(E)
cctrng(E) macsec(E) ieee802154(E) vmw_vsock_virtio_transport(E) 6lowpan(E) tls(E) l2tp_core(E) slhc(E) gzvm(E) regmap_ram(E) mii(E) rfkill(E) usbserial(E) regmap_raw_ram(E) can_dev(E) zsmalloc(E) can(E) open_dice(E) kunit(E)
CPU: 3 UID: 0 PID: 3951 Comm: syz-executor Tainted: G E 6.12.18-android16-1-maybe-dirty-4k #1 1a4d89424bff5a9a16ff5f65913aeb3550a34f57
Tainted: [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : drop_nlink+0x7c/0xac proc/self/cwd/common/fs/inode.c:339
lr : drop_nlink+0x7c/0xac proc/self/cwd/common/fs/inode.c:339
sp : ffffffc085dabc50
x29: ffffffc085dabc50 x28: ffffff80ec139e80 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: ffffffc082ea5560
x23: ffffffffffffffff x22: ffffff80c0435e78 x21: 0000000000000001
x20: 0000000000000000 x19: ffffff80e4e5b6d8 x18: ffffffc0a5b4d060
x17: 0000000000000001 x16: ffffffc08323f738 x15: 0000000000000000
x14: 0000000000000001 x13: 00000000000000c8 x12: ffffff80ec13aad8
x11: 00000000db710fa1 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffffff80ec139e80 x7 : ffffffc0806e6e10 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : a815a3194c5fba52
x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
drop_nlink+0x7c/0xac proc/self/cwd/common/fs/inode.c:339
shmem_rmdir+0x48/0x84 proc/self/cwd/common/mm/shmem.c:3733
vfs_rmdir+0x204/0x28c proc/self/cwd/common/fs/namei.c:4340
incfs_kill_sb+0x64/0xf4 proc/self/cwd/common/fs/incfs/vfs.c:1968
deactivate_locked_super+0x90/0x1c8 proc/self/cwd/common/fs/super.c:476
deactivate_super+0xbc/0xc4 proc/self/cwd/common/fs/super.c:509
cleanup_mnt+0x174/0x1b0 proc/self/cwd/common/fs/namespace.c:1373
__cleanup_mnt+0x20/0x30 proc/self/cwd/common/fs/namespace.c:1380
task_work_run+0x108/0x14c proc/self/cwd/common/kernel/task_work.c:240
resume_user_mode_work proc/self/cwd/common/include/linux/resume_user_mode.h:50 [inline]
do_notify_resume+0xe4/0x130 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:153
exit_to_user_mode_prepare proc/self/cwd/common/arch/arm64/kernel/entry-common.c:171 [inline]
exit_to_user_mode proc/self/cwd/common/arch/arm64/kernel/entry-common.c:180 [inline]
el0_svc+0xa8/0xac proc/self/cwd/common/arch/arm64/kernel/entry-common.c:716
el0t_64_sync_handler+0x70/0xbc proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
el0t_64_sync+0x1a8/0x1ac proc/self/cwd/common/arch/arm64/kernel/entry.S:598
irq event stamp: 2265420
hardirqs last enabled at (2265419): [<ffffffc081b546ec>] __raw_spin_unlock_irqrestore proc/self/cwd/common/include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (2265419): [<ffffffc081b546ec>] _raw_spin_unlock_irqrestore+0x38/0x74 proc/self/cwd/common/kernel/locking/spinlock.c:194
hardirqs last disabled at (2265420): [<ffffffc081b3fdac>] el1_dbg+0x24/0x74 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:473
softirqs last enabled at (2265376): [<ffffffc080145bb8>] softirq_handle_end proc/self/cwd/common/kernel/softirq.c:426 [inline]
softirqs last enabled at (2265376): [<ffffffc080145bb8>] handle_softirqs+0x4ac/0x508 proc/self/cwd/common/kernel/softirq.c:631
softirqs last disabled at (2265369): [<ffffffc0800102ec>] __do_softirq+0x14/0x20 proc/self/cwd/common/kernel/softirq.c:637
---[ end trace 0000000000000000 ]---
Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000218
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 39-bit VAs, pgdp=0000000123dc8000
[0000000000000218] pgd=0800000115915003, p4d=0800000115915003, pud=0800000115915003, pmd=0000000000000000
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in: pptp(E) l2tp_ppp(E) r8153_ecm(E) cdc_ncm(E) hci_uart(E) btusb(E) pppox(E) bsd_comp(E) ppp_mppe(E) ppp_deflate(E) cdc_eem(E) ax88179_178a(E) aqc111(E) asix(E) cdc_ether(E) btqca(E) hidp(E) btsdio(E) btbcm(E) btintel(E) rfcomm(E) btrtl(E) clk_test(E) ptp(E) tipc_diag(E) ieee802154_socket(E) ieee802154_6lowpan(E) mac802154(E) nhc_hop(E) nhc_udp(E) nhc_routing(E) nhc_fragment(E) nhc_ipv6(E) nhc_dest(E) nhc_mobility(E) ppp_generic(E) regmap_kunit(E) usbnet(E) r8152(E) bluetooth(E) nfc(E) ftdi_sio(E) vcan(E) slcan(E) zram(E) can_bcm(E) can_raw(E) can_gw(E) soc_utils_test(E) platform_test(E) clk_gate_test(E) dev_addr_lists_test(E) kunit_example_test(E) input_test(E) kunit_test(E) time_test(E) hid_uclogic_test(E) lib_test(E) iio_test_format(E) soc_topology_test(E) of_kunit_helpers(E) ext4_inode_test(E) fat_test(E) clk_kunit_helpers(E) cdc_acm(E) vcpu_stall_detector(E) wwan(E) kheaders(E) gnss(E) rtl8150(E) 8021q(E) pps_core(E) libarc4(E) virtio_balloon(E) usbmon(E) pwrseq_core(E) tipc(E)
cctrng(E) macsec(E) ieee802154(E) vmw_vsock_virtio_transport(E) 6lowpan(E) tls(E) l2tp_core(E) slhc(E) gzvm(E) regmap_ram(E) mii(E) rfkill(E) usbserial(E) regmap_raw_ram(E) can_dev(E) zsmalloc(E) can(E) open_dice(E) kunit(E)
CPU: 3 UID: 0 PID: 3951 Comm: syz-executor Tainted: G W E 6.12.18-android16-1-maybe-dirty-4k #1 1a4d89424bff5a9a16ff5f65913aeb3550a34f57
Tainted: [W]=WARN, [E]=UNSIGNED_MODULE
Hardware name: linux,dummy-virt (DT)
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
pc : arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
pc : raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
pc : raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
pc : atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
pc : ihold+0x70/0x8c proc/self/cwd/common/fs/inode.c:451
lr : __ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
lr : arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
lr : raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
lr : raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
lr : atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
lr : ihold+0x68/0x8c proc/self/cwd/common/fs/inode.c:451
sp : ffffffc085dabc80
x29: ffffffc085dabc80 x28: ffffff80ec139e80 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: ffffffc082ea5560
x23: ffffffffffffffff x22: ffffff80c0435e78 x21: 0000000000000000
x20: ffffff80c0435e78 x19: 0000000000000000 x18: ffffffc0a5b4d058
x17: 000000008c623181 x16: 000000008c623181 x15: 0000000000000000
x14: 0000000000000106 x13: ffffffc083bef000 x12: ffffff80ec13aad8
x11: ffffffc08323f738 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000218 x7 : ffffffc0802609f4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
__ll_sc_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic_ll_sc.h:95 [inline]
arch_atomic_add_return proc/self/cwd/common/arch/arm64/include/asm/atomic.h:52 [inline]
raw_atomic_add_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:564 [inline]
raw_atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-arch-fallback.h:1020 [inline]
atomic_inc_return proc/self/cwd/common/include/linux/atomic/atomic-instrumented.h:454 [inline]
ihold+0x70/0x8c proc/self/cwd/common/fs/inode.c:451
d_delete_notify proc/self/cwd/common/include/linux/fsnotify.h:354 [inline]
vfs_rmdir+0x160/0x28c proc/self/cwd/common/fs/namei.c:4353
incfs_kill_sb+0x64/0xf4 proc/self/cwd/common/fs/incfs/vfs.c:1968
deactivate_locked_super+0x90/0x1c8 proc/self/cwd/common/fs/super.c:476
deactivate_super+0xbc/0xc4 proc/self/cwd/common/fs/super.c:509
cleanup_mnt+0x174/0x1b0 proc/self/cwd/common/fs/namespace.c:1373
__cleanup_mnt+0x20/0x30 proc/self/cwd/common/fs/namespace.c:1380
task_work_run+0x108/0x14c proc/self/cwd/common/kernel/task_work.c:240
resume_user_mode_work proc/self/cwd/common/include/linux/resume_user_mode.h:50 [inline]
do_notify_resume+0xe4/0x130 proc/self/cwd/common/arch/arm64/kernel/entry-common.c:153
exit_to_user_mode_prepare proc/self/cwd/common/arch/arm64/kernel/entry-common.c:171 [inline]
exit_to_user_mode proc/self/cwd/common/arch/arm64/kernel/entry-common.c:180 [inline]
el0_svc+0xa8/0xac proc/self/cwd/common/arch/arm64/kernel/entry-common.c:716
el0t_64_sync_handler+0x70/0xbc proc/self/cwd/common/arch/arm64/kernel/entry-common.c:733
el0t_64_sync+0x1a8/0x1ac proc/self/cwd/common/arch/arm64/kernel/entry.S:598
Code: 17fffffa 97f1c03a 91086268 f9800111 (885f7d13)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 17fffffa b 0xffffffffffffffe8
4: 97f1c03a bl 0xffffffffffc700ec
8: 91086268 add x8, x19, #0x218
c: f9800111 prfm pstl1strm, [x8]
* 10: 885f7d13 ldxr w19, [x8] <-- trapping instruction
For immediate assistance, please email our customer support: [email protected]