./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor520333715 <...> Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. execve("./syz-executor520333715", ["./syz-executor520333715"], 0x7ffd9491a9a0 /* 10 vars */) = 0 brk(NULL) = 0x555556795000 brk(0x555556795d00) = 0x555556795d00 arch_prctl(ARCH_SET_FS, 0x5555567953c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor520333715", 4096) = 27 brk(0x5555567b6d00) = 0x5555567b6d00 brk(0x5555567b7000) = 0x5555567b7000 mprotect(0x7f68b3196000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f68b30eb180, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f68b30eb8c0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f68b30eb180, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f68b30eb8c0}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3606 ./strace-static-x86_64: Process 3606 attached [pid 3606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3606] setpgid(0, 0) = 0 [pid 3606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3606] write(3, "1000", 4) = 4 [pid 3606] close(3) = 0 [pid 3606] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3606] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3606] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3606] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3606] write(4, "19", 2) = 2 [pid 3606] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 3606] exit_group(0) = ? [pid 3606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3606, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3607 ./strace-static-x86_64: Process 3607 attached [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setpgid(0, 0) = 0 [pid 3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1000", 4) = 4 [pid 3607] close(3) = 0 [ 40.522106][ T27] audit: type=1400 audit(1666004731.018:75): avc: denied { execmem } for pid=3605 comm="syz-executor520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.545739][ T27] audit: type=1400 audit(1666004731.038:76): avc: denied { create } for pid=3606 comm="syz-executor520" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [pid 3607] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3607] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3607] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3607] write(4, "19", 2) = 2 [pid 3607] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 3607] exit_group(0) = ? [pid 3607] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3607, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3608 ./strace-static-x86_64: Process 3608 attached [pid 3608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3608] setpgid(0, 0) = 0 [pid 3608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3608] write(3, "1000", 4) = 4 [pid 3608] close(3) = 0 [pid 3608] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3608] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3608] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3608] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3608] write(4, "19", 2) = 2 [pid 3608] clone(child_stack=NULL, flags=0) = 3609 [pid 3608] exit_group(0) = ? [pid 3608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3608, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3610 ./strace-static-x86_64: Process 3610 attached ./strace-static-x86_64: Process 3609 attached [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3610] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3610] write(4, "19", 2) = 2 [pid 3610] clone(child_stack=NULL, flags=0./strace-static-x86_64: Process 3611 attached ) = 3611 [pid 3610] exit_group(0) = ? [pid 3610] +++ exited with 0 +++ [pid 3605] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3610, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3605] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3605] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3612 ./strace-static-x86_64: Process 3612 attached [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3612] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3612] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3612] write(4, "19", 2) = 2 [pid 3612] clone(child_stack=NULL, flags=0) = -1 ENOMEM (Cannot allocate memory) [pid 3612] exit_group(0) = ? [pid 3612] +++ exited with 0 +++ [pid 3605] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 3605] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 3605] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556795690) = 3613 ./strace-static-x86_64: Process 3613 attached [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 [pid 3613] mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 [pid 3613] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 3613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3613] write(4, "19", 2) = 2 [ 40.567591][ T27] audit: type=1400 audit(1666004731.038:77): avc: denied { map } for pid=3606 comm="syz-executor520" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28283 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 40.592279][ T27] audit: type=1400 audit(1666004731.038:78): avc: denied { read write } for pid=3606 comm="syz-executor520" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28283 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 40.647009][ T3613] ------------[ cut here ]------------ [ 40.653388][ T3613] WARNING: CPU: 0 PID: 3613 at arch/x86/mm/pat/memtype.c:1107 untrack_pfn+0x247/0x290 [ 40.663990][ T3613] Modules linked in: [ 40.667935][ T3613] CPU: 0 PID: 3613 Comm: syz-executor520 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 40.678192][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 40.688529][ T3613] RIP: 0010:untrack_pfn+0x247/0x290 [ 40.693917][ T3613] Code: 84 6c ff ff ff e8 39 56 43 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 56 43 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 56 43 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 9a fd 8f 00 e9 98 fe ff ff e8 90 [ 40.713773][ T3613] RSP: 0018:ffffc900034176f8 EFLAGS: 00010293 [ 40.719859][ T3613] RAX: 0000000000000000 RBX: ffff888021715358 RCX: 0000000000000000 [ 40.728639][ T3613] RDX: ffff88807ac041c0 RSI: ffffffff81372097 RDI: 0000000000000005 [ 40.736809][ T3613] RBP: 1ffff92000682edf R08: 0000000000000005 R09: 0000000000000000 [pid 3613] clone(child_stack=NULL, flags=0 [pid 3609] exit(0) = ? [pid 3609] +++ exited with 0 +++ [pid 3611] exit(0) = ? [pid 3611] +++ exited with 0 +++ [ 40.744967][ T3613] R10: 00000000ffffffea R11: 000000000008c07d R12: 00000000ffffffea [ 40.753135][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880217153a8 [ 40.761243][ T3613] FS: 00005555567953c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 40.770854][ T3613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.777989][ T3613] CR2: 00007f68b3158cf0 CR3: 000000007559b000 CR4: 00000000003506f0 [ 40.786168][ T3613] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.794316][ T3613] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.802484][ T3613] Call Trace: [ 40.805768][ T3613] [ 40.808690][ T3613] ? track_pfn_insert+0x140/0x140 [ 40.813931][ T3613] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 40.819163][ T3613] ? unmap_vmas+0x148/0x310 [ 40.823862][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 40.828729][ T3613] ? folio_activate_fn+0x8c7/0x1280 [ 40.834260][ T3613] ? uprobe_munmap+0x1c/0x560 [ 40.838957][ T3613] unmap_single_vma+0x1ba/0x360 [ 40.844003][ T3613] unmap_vmas+0x18c/0x310 [ 40.848363][ T3613] ? unmap_mapping_range+0x280/0x280 [ 40.853829][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 40.858698][ T3613] ? lru_add_drain_cpu+0x584/0x850 [ 40.863975][ T3613] exit_mmap+0x1b8/0x490 [ 40.868327][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 40.874647][ T3613] ? lock_release+0x560/0x780 [ 40.879338][ T3613] ? dup_mm+0xb7e/0x13a0 [ 40.883759][ T3613] __mmput+0x122/0x4b0 [ 40.887847][ T3613] mmput+0x56/0x60 [ 40.891733][ T3613] dup_mm+0xdb4/0x13a0 [ 40.895824][ T3613] ? replace_mm_exe_file+0x480/0x480 [ 40.901279][ T3613] ? __raw_spin_lock_init+0x36/0x110 [ 40.906622][ T3613] copy_process+0x3bd3/0x7110 [ 40.911502][ T3613] ? vtime_account_system+0x2c6/0x530 [ 40.916903][ T3613] ? __cleanup_sighand+0xb0/0xb0 [ 40.922076][ T3613] ? trace_hardirqs_on+0x2d/0x120 [ 40.927127][ T3613] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.932742][ T3613] ? lock_acquire+0x480/0x570 [ 40.937442][ T3613] ? rcu_read_lock_sched_held+0xd/0x70 [ 40.943224][ T3613] kernel_clone+0xe7/0x8f0 [ 40.947669][ T3613] ? create_io_thread+0xe0/0xe0 [ 40.952687][ T3613] ? rwlock_bug.part.0+0x90/0x90 [ 40.957660][ T3613] ? recalc_sigpending_tsk+0x18f/0x1d0 [ 40.963455][ T3613] ? ptrace_stop.part.0+0x5f4/0x8c0 [ 40.968671][ T3613] __do_sys_clone+0xba/0x100 [ 40.973415][ T3613] ? kernel_clone+0x8f0/0x8f0 [ 40.978121][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 40.983482][ T3613] ? ptrace_notify+0xfa/0x140 [ 40.988238][ T3613] do_syscall_64+0x35/0xb0 [ 40.992819][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.998736][ T3613] RIP: 0033:0x7f68b31295e9 [ 41.003372][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.023150][ T3613] RSP: 002b:00007ffffb614d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.031796][ T3613] RAX: ffffffffffffffda RBX: 0000000000009e9b RCX: 00007f68b31295e9 [ 41.039778][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.047911][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000003931 [ 41.056241][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 41.064411][ T3613] R13: 431bde82d7b634db R14: 00007ffffb614d90 R15: 0000000000000000 [ 41.072561][ T3613] [ 41.075590][ T3613] Kernel panic - not syncing: panic_on_warn set ... [ 41.082164][ T3613] CPU: 0 PID: 3613 Comm: syz-executor520 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 41.092337][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 41.102384][ T3613] Call Trace: [ 41.105662][ T3613] [ 41.108580][ T3613] dump_stack_lvl+0xcd/0x134 [ 41.113173][ T3613] panic+0x2c8/0x622 [ 41.117082][ T3613] ? panic_print_sys_info.part.0+0x10b/0x10b [ 41.123161][ T3613] ? __warn.cold+0x248/0x2c4 [ 41.127752][ T3613] ? untrack_pfn+0x247/0x290 [ 41.132337][ T3613] __warn.cold+0x259/0x2c4 [ 41.136751][ T3613] ? untrack_pfn+0x247/0x290 [ 41.141337][ T3613] report_bug+0x1bc/0x210 [ 41.145668][ T3613] handle_bug+0x3c/0x70 [ 41.149827][ T3613] exc_invalid_op+0x14/0x40 [ 41.154359][ T3613] asm_exc_invalid_op+0x16/0x20 [ 41.159202][ T3613] RIP: 0010:untrack_pfn+0x247/0x290 [ 41.164399][ T3613] Code: 84 6c ff ff ff e8 39 56 43 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 56 43 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 56 43 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 9a fd 8f 00 e9 98 fe ff ff e8 90 [ 41.184100][ T3613] RSP: 0018:ffffc900034176f8 EFLAGS: 00010293 [ 41.190172][ T3613] RAX: 0000000000000000 RBX: ffff888021715358 RCX: 0000000000000000 [ 41.198141][ T3613] RDX: ffff88807ac041c0 RSI: ffffffff81372097 RDI: 0000000000000005 [ 41.206111][ T3613] RBP: 1ffff92000682edf R08: 0000000000000005 R09: 0000000000000000 [ 41.214133][ T3613] R10: 00000000ffffffea R11: 000000000008c07d R12: 00000000ffffffea [ 41.222193][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880217153a8 [ 41.230166][ T3613] ? untrack_pfn+0x247/0x290 [ 41.234768][ T3613] ? untrack_pfn+0x247/0x290 [ 41.239370][ T3613] ? track_pfn_insert+0x140/0x140 [ 41.246681][ T3613] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 41.251905][ T3613] ? unmap_vmas+0x148/0x310 [ 41.256441][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 41.261305][ T3613] ? folio_activate_fn+0x8c7/0x1280 [ 41.266528][ T3613] ? uprobe_munmap+0x1c/0x560 [ 41.271218][ T3613] unmap_single_vma+0x1ba/0x360 [ 41.276093][ T3613] unmap_vmas+0x18c/0x310 [ 41.280443][ T3613] ? unmap_mapping_range+0x280/0x280 [ 41.285754][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 41.290611][ T3613] ? lru_add_drain_cpu+0x584/0x850 [ 41.295737][ T3613] exit_mmap+0x1b8/0x490 [ 41.299991][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 41.306030][ T3613] ? lock_release+0x560/0x780 [ 41.310821][ T3613] ? dup_mm+0xb7e/0x13a0 [ 41.315084][ T3613] __mmput+0x122/0x4b0 [ 41.319161][ T3613] mmput+0x56/0x60 [ 41.322889][ T3613] dup_mm+0xdb4/0x13a0 [ 41.326980][ T3613] ? replace_mm_exe_file+0x480/0x480 [ 41.332296][ T3613] ? __raw_spin_lock_init+0x36/0x110 [ 41.337603][ T3613] copy_process+0x3bd3/0x7110 [ 41.342307][ T3613] ? vtime_account_system+0x2c6/0x530 [ 41.347689][ T3613] ? __cleanup_sighand+0xb0/0xb0 [ 41.352635][ T3613] ? trace_hardirqs_on+0x2d/0x120 [ 41.357675][ T3613] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.363150][ T3613] ? lock_acquire+0x480/0x570 [ 41.367825][ T3613] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.373308][ T3613] kernel_clone+0xe7/0x8f0 [ 41.377818][ T3613] ? create_io_thread+0xe0/0xe0 [ 41.382779][ T3613] ? rwlock_bug.part.0+0x90/0x90 [ 41.387748][ T3613] ? recalc_sigpending_tsk+0x18f/0x1d0 [ 41.393237][ T3613] ? ptrace_stop.part.0+0x5f4/0x8c0 [ 41.398530][ T3613] __do_sys_clone+0xba/0x100 [ 41.403131][ T3613] ? kernel_clone+0x8f0/0x8f0 [ 41.407816][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.413019][ T3613] ? ptrace_notify+0xfa/0x140 [ 41.417704][ T3613] do_syscall_64+0x35/0xb0 [ 41.422131][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.428035][ T3613] RIP: 0033:0x7f68b31295e9 [ 41.432458][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.452163][ T3613] RSP: 002b:00007ffffb614d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.460600][ T3613] RAX: ffffffffffffffda RBX: 0000000000009e9b RCX: 00007f68b31295e9 [ 41.468578][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.476548][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000003931 [ 41.484519][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 41.492487][ T3613] R13: 431bde82d7b634db R14: 00007ffffb614d90 R15: 0000000000000000 [ 41.500462][ T3613] [ 41.503630][ T3613] Kernel Offset: disabled [ 41.507948][ T3613] Rebooting in 86400 seconds..