./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1221244281
<...>
[ 26.880672][ T3264] dhcpcd-run-hook (3264) used greatest stack depth: 22464 bytes left
forked to background, child pid 3260
[ 28.358710][ T3261] 8021q: adding VLAN 0 to HW filter on device bond0
[ 28.361144][ T3261] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts.
execve("./syz-executor1221244281", ["./syz-executor1221244281"], 0x7fffe1cd8780 /* 10 vars */) = 0
brk(NULL) = 0x555556480000
brk(0x555556480c40) = 0x555556480c40
arch_prctl(ARCH_SET_FS, 0x555556480300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1221244281", 4096) = 28
brk(0x5555564a1c40) = 0x5555564a1c40
brk(0x5555564a2000) = 0x5555564a2000
mprotect(0x7fefe0a32000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3689 attached
, child_tidptr=0x5555564805d0) = 3689
[pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3689] setpgid(0, 0) = 0
[pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3689] write(3, "1000", 4) = 4
[pid 3689] close(3) = 0
[pid 3689] io_uring_setup(6113, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
[pid 3689] mmap(0x20ffb000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ffb000
[pid 3689] mmap(0x20ffd000, 524288, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20ffd000
[pid 3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3689] write(4, "35", 2) = 2
[pid 3689] io_uring_setup(4544, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 5
[pid 3689] mmap(0x20fff000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0) = 0x20fff000
[pid 3689] mmap(0x20ffe000, 524288, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0x10000000) = -1 ENOMEM (Cannot allocate memory)
[pid 3689] exit_group(0) = ?
[pid 3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=1} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3690 attached
, child_tidptr=0x5555564805d0) = 3690
[pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 3690] setpgid(0, 0) = 0
[pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 3690] write(3, "1000", 4) = 4
[pid 3690] close(3) = 0
[pid 3690] io_uring_setup(6113, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
[pid 3690] mmap(0x20ffb000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20ffb000
[pid 3690] mmap(0x20ffd000, 524288, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20ffd000
[pid 3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 3690] write(4, "35", 2) = 2
[pid 3690] io_uring_setup(4544, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=8192, cq_entries=16384, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=262464}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 5
[pid 3690] mmap(0x20fff000, 295232, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 5, 0) = -1 ENOMEM (Cannot allocate memory)
[pid 3690] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
syzkaller login: [ 51.285410][ T3690] ------------[ cut here ]------------
[ 51.285418][ T3690] WARNING: CPU: 0 PID: 3690 at arch/x86/mm/pat/memtype.c:1099 untrack_pfn+0x247/0x290
[ 51.300927][ T3690] Modules linked in:
[ 51.305007][ T3690] CPU: 0 PID: 3690 Comm: syz-executor122 Not tainted 5.18.0-rc6-next-20220512-syzkaller #0
[ 51.315624][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.325800][ T3690] RIP: 0010:untrack_pfn+0x247/0x290
[ 51.331036][ T3690] Code: 84 6c ff ff ff e8 c9 40 43 00 4c 89 ee 4c 89 e7 e8 ae dd ff ff e8 b9 40 43 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 a9 40 43 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 6a e3 8f 00 e9 98 fe ff ff e8 e0
[ 51.350730][ T3690] RSP: 0018:ffffc90002ebf730 EFLAGS: 00010293
[ 51.356883][ T3690] RAX: 0000000000000000 RBX: ffff88801dbe9000 RCX: 0000000000000000
[ 51.364926][ T3690] RDX: ffff88801e213a80 RSI: ffffffff81372547 RDI: 0000000000000003
[ 51.372995][ T3690] RBP: 1ffff920005d7ee6 R08: 0000000000000000 R09: 000000000000000b
[ 51.380997][ T3690] R10: ffffffff81372416 R11: 0000000000000006 R12: 00000000ffffffea
[ 51.389305][ T3690] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801dbe9020
[ 51.397414][ T3690] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
[ 51.406554][ T3690] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.413328][ T3690] CR2: 0000000000000000 CR3: 000000001f554000 CR4: 00000000003506f0
[ 51.421342][ T3690] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.429422][ T3690] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.437524][ T3690] Call Trace:
[ 51.440819][ T3690]
[ 51.443820][ T3690] ? track_pfn_insert+0x140/0x140
[ 51.448887][ T3690] ? mas_find+0x1fd/0xc90
[ 51.453327][ T3690] ? uprobe_munmap+0x1c/0x550
[ 51.458051][ T3690] unmap_single_vma+0x1b4/0x350
[ 51.463022][ T3690] unmap_vmas+0x21e/0x370
[ 51.467381][ T3690] ? unmap_mapping_range+0x270/0x270
[ 51.472768][ T3690] ? find_held_lock+0x2d/0x110
[ 51.477562][ T3690] ? lock_downgrade+0x6e0/0x6e0
[ 51.482517][ T3690] exit_mmap+0x1ec/0x740
[ 51.486785][ T3690] ? __ia32_sys_remap_file_pages+0x150/0x150
[ 51.493142][ T3690] __mmput+0x128/0x4c0
[ 51.497524][ T3690] mmput+0x5c/0x70
[ 51.501508][ T3690] do_exit+0xa18/0x2a00
[ 51.506001][ T3690] ? find_held_lock+0x2d/0x110
[ 51.510846][ T3690] ? mm_update_next_owner+0x7b0/0x7b0
[ 51.516332][ T3690] ? linear_range_get_max_value+0x70/0x110
[ 51.522230][ T3690] do_group_exit+0xd2/0x2f0
[ 51.526769][ T3690] get_signal+0x2542/0x2600
[ 51.531281][ T3690] ? exit_signals+0x8b0/0x8b0
[ 51.536095][ T3690] arch_do_signal_or_restart+0x82/0x20f0
[ 51.541799][ T3690] ? force_sig+0xe0/0xe0
[ 51.546047][ T3690] ? pgtable_bad+0x90/0x90
[ 51.550483][ T3690] ? get_sigframe_size+0x10/0x10
[ 51.555560][ T3690] ? lockdep_hardirqs_off+0x90/0xd0
[ 51.560809][ T3690] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.567165][ T3690] ? trace_hardirqs_off+0x6b/0x1b0
[ 51.572509][ T3690] ? __bad_area+0x64/0xa0
[ 51.576902][ T3690] exit_to_user_mode_prepare+0x15f/0x250
[ 51.582681][ T3690] irqentry_exit_to_user_mode+0x5/0x30
[ 51.588162][ T3690] exc_page_fault+0xc6/0x180
[ 51.592874][ T3690] asm_exc_page_fault+0x27/0x30
[ 51.597763][ T3690] RIP: 0033:0x0
[ 51.601243][ T3690] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 51.609027][ T3690] RSP: 002b:00007ffc4b257370 EFLAGS: 00010217
[ 51.615465][ T3690] RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 00007fefe09c51a2
[ 51.623534][ T3690] RDX: ffffffffffffffc0 RSI: 0000000000048140 RDI: 0000000020fff000
[ 51.631542][ T3690] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 51.639645][ T3690] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020ffe000
[ 51.647721][ T3690] R13: 0000000020fff000 R14: 0000000000000000 R15: 0000000000000000
[ 51.655921][ T3690]
[ 51.658961][ T3690] Kernel panic - not syncing: panic_on_warn set ...
[ 51.665573][ T3690] CPU: 0 PID: 3690 Comm: syz-executor122 Not tainted 5.18.0-rc6-next-20220512-syzkaller #0
[ 51.675558][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.685636][ T3690] Call Trace:
[ 51.688927][ T3690]
[ 51.691854][ T3690] dump_stack_lvl+0xcd/0x134
[ 51.696451][ T3690] panic+0x2d7/0x636
[ 51.700348][ T3690] ? panic_print_sys_info.part.0+0x10b/0x10b
[ 51.706336][ T3690] ? __warn.cold+0x1d9/0x2cd
[ 51.710942][ T3690] ? untrack_pfn+0x247/0x290
[ 51.715558][ T3690] __warn.cold+0x1ea/0x2cd
[ 51.719977][ T3690] ? untrack_pfn+0x247/0x290
[ 51.724568][ T3690] report_bug+0x1bd/0x210
[ 51.728905][ T3690] handle_bug+0x3c/0x60
[ 51.733062][ T3690] exc_invalid_op+0x14/0x40
[ 51.737564][ T3690] asm_exc_invalid_op+0x1b/0x20
[ 51.742431][ T3690] RIP: 0010:untrack_pfn+0x247/0x290
[ 51.747643][ T3690] Code: 84 6c ff ff ff e8 c9 40 43 00 4c 89 ee 4c 89 e7 e8 ae dd ff ff e8 b9 40 43 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 a9 40 43 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 6a e3 8f 00 e9 98 fe ff ff e8 e0
[ 51.767273][ T3690] RSP: 0018:ffffc90002ebf730 EFLAGS: 00010293
[ 51.773348][ T3690] RAX: 0000000000000000 RBX: ffff88801dbe9000 RCX: 0000000000000000
[ 51.781323][ T3690] RDX: ffff88801e213a80 RSI: ffffffff81372547 RDI: 0000000000000003
[ 51.789300][ T3690] RBP: 1ffff920005d7ee6 R08: 0000000000000000 R09: 000000000000000b
[ 51.797273][ T3690] R10: ffffffff81372416 R11: 0000000000000006 R12: 00000000ffffffea
[ 51.805247][ T3690] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801dbe9020
[ 51.813225][ T3690] ? untrack_pfn+0x116/0x290
[ 51.817830][ T3690] ? untrack_pfn+0x247/0x290
[ 51.822446][ T3690] ? track_pfn_insert+0x140/0x140
[ 51.827484][ T3690] ? mas_find+0x1fd/0xc90
[ 51.831823][ T3690] ? uprobe_munmap+0x1c/0x550
[ 51.836523][ T3690] unmap_single_vma+0x1b4/0x350
[ 51.841394][ T3690] unmap_vmas+0x21e/0x370
[ 51.845736][ T3690] ? unmap_mapping_range+0x270/0x270
[ 51.851031][ T3690] ? find_held_lock+0x2d/0x110
[ 51.855816][ T3690] ? lock_downgrade+0x6e0/0x6e0
[ 51.860703][ T3690] exit_mmap+0x1ec/0x740
[ 51.864955][ T3690] ? __ia32_sys_remap_file_pages+0x150/0x150
[ 51.870966][ T3690] __mmput+0x128/0x4c0
[ 51.875047][ T3690] mmput+0x5c/0x70
[ 51.878776][ T3690] do_exit+0xa18/0x2a00
[ 51.882949][ T3690] ? find_held_lock+0x2d/0x110
[ 51.887733][ T3690] ? mm_update_next_owner+0x7b0/0x7b0
[ 51.893119][ T3690] ? linear_range_get_max_value+0x70/0x110
[ 51.898951][ T3690] do_group_exit+0xd2/0x2f0
[ 51.903472][ T3690] get_signal+0x2542/0x2600
[ 51.908013][ T3690] ? exit_signals+0x8b0/0x8b0
[ 51.912708][ T3690] arch_do_signal_or_restart+0x82/0x20f0
[ 51.918356][ T3690] ? force_sig+0xe0/0xe0
[ 51.922605][ T3690] ? pgtable_bad+0x90/0x90
[ 51.927037][ T3690] ? get_sigframe_size+0x10/0x10
[ 51.931991][ T3690] ? lockdep_hardirqs_off+0x90/0xd0
[ 51.937210][ T3690] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 51.943462][ T3690] ? trace_hardirqs_off+0x6b/0x1b0
[ 51.948595][ T3690] ? __bad_area+0x64/0xa0
[ 51.952946][ T3690] exit_to_user_mode_prepare+0x15f/0x250
[ 51.958597][ T3690] irqentry_exit_to_user_mode+0x5/0x30
[ 51.964060][ T3690] exc_page_fault+0xc6/0x180
[ 51.968669][ T3690] asm_exc_page_fault+0x27/0x30
[ 51.973556][ T3690] RIP: 0033:0x0
[ 51.977021][ T3690] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[ 51.984730][ T3690] RSP: 002b:00007ffc4b257370 EFLAGS: 00010217
[ 51.990804][ T3690] RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 00007fefe09c51a2
[ 51.998787][ T3690] RDX: ffffffffffffffc0 RSI: 0000000000048140 RDI: 0000000020fff000
[ 52.006762][ T3690] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 52.014735][ T3690] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020ffe000
[ 52.022709][ T3690] R13: 0000000020fff000 R14: 0000000000000000 R15: 0000000000000000
[ 52.030783][ T3690]
[ 52.034102][ T3690] Kernel Offset: disabled
[ 52.038486][ T3690] Rebooting in 86400 seconds..