./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2336546888 <...> Warning: Permanently added '10.128.0.170' (ECDSA) to the list of known hosts. execve("./syz-executor2336546888", ["./syz-executor2336546888"], 0x7fff7fb53590 /* 10 vars */) = 0 brk(NULL) = 0x555555e4e000 brk(0x555555e4ec40) = 0x555555e4ec40 arch_prctl(ARCH_SET_FS, 0x555555e4e300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2336546888", 4096) = 28 brk(0x555555e6fc40) = 0x555555e6fc40 brk(0x555555e70000) = 0x555555e70000 mprotect(0x7f6a0712b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555e4e5d0) = 3612 ./strace-static-x86_64: Process 3612 attached [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/dev/bus/usb/007/001", O_RDONLY) = 3 [pid 3612] mmap(0x20000000, 4194304, PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_EXECUTABLE, 3, 0) = 0x20000000 [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3612] write(4, "20", 2) = 2 syzkaller login: [ 41.179004][ T3612] ------------[ cut here ]------------ [ 41.184604][ T3612] WARNING: CPU: 0 PID: 3612 at arch/x86/mm/pat/memtype.c:1107 untrack_pfn+0x247/0x290 [ 41.194803][ T3612] Modules linked in: [ 41.198729][ T3612] CPU: 0 PID: 3612 Comm: syz-executor233 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 [ 41.208926][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.219233][ T3612] RIP: 0010:untrack_pfn+0x247/0x290 [ 41.224757][ T3612] Code: 84 6c ff ff ff e8 39 45 44 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 45 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 45 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 aa 08 91 00 e9 98 fe ff ff e8 d0 [ 41.244623][ T3612] RSP: 0018:ffffc90003cbf718 EFLAGS: 00010293 [ 41.250949][ T3612] RAX: 0000000000000000 RBX: ffff8880205e8e58 RCX: 0000000000000000 [ 41.259024][ T3612] RDX: ffff8880229fd7c0 RSI: ffffffff8137e107 RDI: 0000000000000005 [ 41.267301][ T3612] RBP: 1ffff92000797ee3 R08: 0000000000000005 R09: 0000000000000000 [ 41.275584][ T3612] R10: 00000000ffffffea R11: 000000000008c07c R12: 00000000ffffffea [ 41.284064][ T3612] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880205e8e78 [ 41.292265][ T3612] FS: 0000555555e4e300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 41.301458][ T3612] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.308053][ T3612] CR2: 00007f6a071162a4 CR3: 0000000016a9b000 CR4: 00000000003506f0 [ 41.316275][ T3612] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.324485][ T3612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.332645][ T3612] Call Trace: [ 41.335929][ T3612] [ 41.338852][ T3612] ? track_pfn_insert+0x140/0x140 [ 41.344136][ T3612] ? mas_find+0x20d/0xce0 [ 41.348494][ T3612] ? uprobe_munmap+0x1c/0x550 [ 41.353428][ T3612] unmap_single_vma+0x1b4/0x380 [ 41.358333][ T3612] unmap_vmas+0x21e/0x370 [ 41.362922][ T3612] ? unmap_mapping_range+0x270/0x270 [ 41.368218][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.373915][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.379391][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 41.384475][ T3612] exit_mmap+0x189/0x720 [ 41.388751][ T3612] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 41.395149][ T3612] ? lockdep_init_map_type+0x21a/0x7f0 [ 41.401100][ T3612] ? lock_release+0x560/0x780 [ 41.405796][ T3612] __mmput+0x128/0x4c0 [ 41.409869][ T3612] mmput+0x5c/0x70 [ 41.413882][ T3612] dup_mm+0x2e2/0x370 [ 41.417875][ T3612] copy_process+0x3be1/0x7120 [ 41.422793][ T3612] ? vtime_account_system+0x2c6/0x530 [ 41.428192][ T3612] ? __cleanup_sighand+0xb0/0xb0 [ 41.433359][ T3612] ? trace_hardirqs_on+0x2d/0x120 [ 41.438420][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.444105][ T3612] ? lock_acquire+0x480/0x570 [ 41.448828][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.454631][ T3612] kernel_clone+0xe7/0xab0 [ 41.459071][ T3612] ? create_io_thread+0xe0/0xe0 [ 41.464155][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 41.469102][ T3612] ? recalc_sigpending_tsk+0x18f/0x1d0 [ 41.474842][ T3612] ? ptrace_stop.part.0+0x746/0xa80 [ 41.480060][ T3612] __do_sys_clone+0xba/0x100 [ 41.484898][ T3612] ? kernel_clone+0xab0/0xab0 [ 41.489587][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.495030][ T3612] ? ptrace_notify+0xfa/0x140 [ 41.499728][ T3612] do_syscall_64+0x35/0xb0 [ 41.504471][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.510408][ T3612] RIP: 0033:0x7f6a070be699 [ 41.515149][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.535236][ T3612] RSP: 002b:00007ffd5fbe1a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.544004][ T3612] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6a070be699 [ 41.552138][ T3612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.560125][ T3612] RBP: 00007ffd5fbe1a50 R08: 0000000000000000 R09: 0000000000000001 [ 41.568260][ T3612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 41.576404][ T3612] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 41.584560][ T3612] [ 41.587615][ T3612] Kernel panic - not syncing: panic_on_warn set ... [ 41.594197][ T3612] CPU: 0 PID: 3612 Comm: syz-executor233 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 [ 41.604089][ T3612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 41.614167][ T3612] Call Trace: [ 41.617466][ T3612] [ 41.620403][ T3612] dump_stack_lvl+0xcd/0x134 [ 41.624997][ T3612] panic+0x2c8/0x622 [ 41.628896][ T3612] ? panic_print_sys_info.part.0+0x110/0x110 [ 41.634885][ T3612] ? __warn.cold+0x248/0x2c4 [ 41.639541][ T3612] ? untrack_pfn+0x247/0x290 [ 41.644168][ T3612] __warn.cold+0x259/0x2c4 [ 41.648593][ T3612] ? untrack_pfn+0x247/0x290 [ 41.653194][ T3612] report_bug+0x1bc/0x210 [ 41.657541][ T3612] handle_bug+0x3c/0x60 [ 41.661696][ T3612] exc_invalid_op+0x14/0x40 [ 41.666200][ T3612] asm_exc_invalid_op+0x16/0x20 [ 41.671133][ T3612] RIP: 0010:untrack_pfn+0x247/0x290 [ 41.676335][ T3612] Code: 84 6c ff ff ff e8 39 45 44 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 45 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 45 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 aa 08 91 00 e9 98 fe ff ff e8 d0 [ 41.695937][ T3612] RSP: 0018:ffffc90003cbf718 EFLAGS: 00010293 [ 41.702000][ T3612] RAX: 0000000000000000 RBX: ffff8880205e8e58 RCX: 0000000000000000 [ 41.710028][ T3612] RDX: ffff8880229fd7c0 RSI: ffffffff8137e107 RDI: 0000000000000005 [ 41.718024][ T3612] RBP: 1ffff92000797ee3 R08: 0000000000000005 R09: 0000000000000000 [ 41.725989][ T3612] R10: 00000000ffffffea R11: 000000000008c07c R12: 00000000ffffffea [ 41.733978][ T3612] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880205e8e78 [ 41.741964][ T3612] ? untrack_pfn+0x247/0x290 [ 41.746558][ T3612] ? untrack_pfn+0x247/0x290 [ 41.751158][ T3612] ? track_pfn_insert+0x140/0x140 [ 41.756207][ T3612] ? mas_find+0x20d/0xce0 [ 41.760550][ T3612] ? uprobe_munmap+0x1c/0x550 [ 41.765226][ T3612] unmap_single_vma+0x1b4/0x380 [ 41.770081][ T3612] unmap_vmas+0x21e/0x370 [ 41.774410][ T3612] ? unmap_mapping_range+0x270/0x270 [ 41.779717][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.785208][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.790663][ T3612] ? lock_downgrade+0x6e0/0x6e0 [ 41.795518][ T3612] exit_mmap+0x189/0x720 [ 41.799774][ T3612] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 41.805810][ T3612] ? lockdep_init_map_type+0x21a/0x7f0 [ 41.811268][ T3612] ? lock_release+0x560/0x780 [ 41.815952][ T3612] __mmput+0x128/0x4c0 [ 41.820038][ T3612] mmput+0x5c/0x70 [ 41.823758][ T3612] dup_mm+0x2e2/0x370 [ 41.827737][ T3612] copy_process+0x3be1/0x7120 [ 41.832417][ T3612] ? vtime_account_system+0x2c6/0x530 [ 41.837801][ T3612] ? __cleanup_sighand+0xb0/0xb0 [ 41.842758][ T3612] ? trace_hardirqs_on+0x2d/0x120 [ 41.847801][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.853259][ T3612] ? lock_acquire+0x480/0x570 [ 41.857941][ T3612] ? rcu_read_lock_sched_held+0xd/0x70 [ 41.863420][ T3612] kernel_clone+0xe7/0xab0 [ 41.867850][ T3612] ? create_io_thread+0xe0/0xe0 [ 41.872731][ T3612] ? rwlock_bug.part.0+0x90/0x90 [ 41.877672][ T3612] ? recalc_sigpending_tsk+0x18f/0x1d0 [ 41.883128][ T3612] ? ptrace_stop.part.0+0x746/0xa80 [ 41.888414][ T3612] __do_sys_clone+0xba/0x100 [ 41.893006][ T3612] ? kernel_clone+0xab0/0xab0 [ 41.897699][ T3612] ? _raw_spin_unlock_irq+0x2a/0x40 [ 41.902915][ T3612] ? ptrace_notify+0xfa/0x140 [ 41.907629][ T3612] do_syscall_64+0x35/0xb0 [ 41.912076][ T3612] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.917976][ T3612] RIP: 0033:0x7f6a070be699 [ 41.922397][ T3612] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 41.942080][ T3612] RSP: 002b:00007ffd5fbe1a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 41.950512][ T3612] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f6a070be699 [ 41.958507][ T3612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.966490][ T3612] RBP: 00007ffd5fbe1a50 R08: 0000000000000000 R09: 0000000000000001 [ 41.974472][ T3612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 41.982440][ T3612] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 41.990423][ T3612] [ 41.993625][ T3612] Kernel Offset: disabled [ 41.997950][ T3612] Rebooting in 86400 seconds..