./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2023836964 <...> DUID 00:04:cd:7d:74:7d:04:96:3f:c0:f2:1a:da:5a:49:b1:9f:fb forked to background, child pid 4654 [ 36.005734][ T4655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.024532][ T4655] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. execve("./syz-executor2023836964", ["./syz-executor2023836964"], 0x7ffe0c0793a0 /* 10 vars */) = 0 brk(NULL) = 0x55555563b000 brk(0x55555563bc40) = 0x55555563bc40 arch_prctl(ARCH_SET_FS, 0x55555563b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555563b5d0) = 5086 set_robust_list(0x55555563b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fb1ce986220, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fb1ce9868f0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fb1ce9862c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fb1ce9868f0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2023836964", 4096) = 28 brk(0x55555565cc40) = 0x55555565cc40 brk(0x55555565d000) = 0x55555565d000 mprotect(0x7fb1cea47000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached , child_tidptr=0x55555563b5d0) = 5087 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] set_robust_list(0x55555563b5e0, 24) = 0 ./strace-static-x86_64: Process 5088 attached [pid 5086] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5088 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5089 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5087] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5090 [pid 5086] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5091 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5089 attached [pid 5088] set_robust_list(0x55555563b5e0, 24) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5092 [pid 5088] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x55555563b5e0, 24) = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5088] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5093 [pid 5090] <... prctl resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5094 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5091 attached ) = 0x7fb1ce956000 [pid 5091] set_robust_list(0x55555563b5e0, 24 [pid 5090] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5091] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x55555563b5e0, 24 [pid 5091] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5090] <... mprotect resumed>) = 0 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5090] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5092] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] set_robust_list(0x55555563b5e0, 24) = 0 [pid 5089] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached ./strace-static-x86_64: Process 5094 attached [pid 5090] <... clone resumed>, parent_tid=[5095], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5095 [pid 5094] set_robust_list(0x55555563b5e0, 24 [pid 5090] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... set_robust_list resumed>) = 0 [pid 5094] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5089] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5097 [pid 5091] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5096 [pid 5095] set_robust_list(0x7fb1ce9769e0, 24./strace-static-x86_64: Process 5093 attached ) = 0 [pid 5093] set_robust_list(0x55555563b5e0, 24 [pid 5095] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5092] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5098 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5094] <... clone resumed>, child_tidptr=0x55555563b5d0) = 5099 [pid 5093] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5096 attached [pid 5093] setpgid(0, 0) = 0 [pid 5096] set_robust_list(0x55555563b5e0, 24 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5098 attached [pid 5096] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5099 attached [pid 5098] set_robust_list(0x55555563b5e0, 24 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5093] <... openat resumed>) = 3 [pid 5099] set_robust_list(0x55555563b5e0, 24 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5096] <... prctl resumed>) = 0 [pid 5093] write(3, "1000", 4 [pid 5099] <... set_robust_list resumed>) = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] setpgid(0, 0./strace-static-x86_64: Process 5097 attached [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5098] <... prctl resumed>) = 0 [pid 5096] <... setpgid resumed>) = 0 [pid 5093] <... write resumed>) = 4 [pid 5099] <... prctl resumed>) = 0 [pid 5098] setpgid(0, 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5099] setpgid(0, 0 [pid 5098] <... setpgid resumed>) = 0 [pid 5097] set_robust_list(0x55555563b5e0, 24 [pid 5096] <... openat resumed>) = 3 [pid 5093] close(3 [pid 5099] <... setpgid resumed>) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5097] <... set_robust_list resumed>) = 0 [pid 5096] write(3, "1000", 4 [pid 5093] <... close resumed>) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5098] <... openat resumed>) = 3 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5096] <... write resumed>) = 4 [pid 5093] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... openat resumed>) = 3 [pid 5098] write(3, "1000", 4 [pid 5097] <... prctl resumed>) = 0 [pid 5096] close(3 [pid 5093] <... futex resumed>) = 0 [pid 5099] write(3, "1000", 4 [pid 5098] <... write resumed>) = 4 [pid 5097] setpgid(0, 0 [pid 5096] <... close resumed>) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5099] <... write resumed>) = 4 [pid 5098] close(3 [pid 5097] <... setpgid resumed>) = 0 [pid 5096] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... mmap resumed>) = 0x7fb1ce956000 [pid 5099] close(3 [pid 5098] <... close resumed>) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5096] <... futex resumed>) = 0 [pid 5093] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5099] <... close resumed>) = 0 [pid 5098] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... openat resumed>) = 3 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5093] <... mprotect resumed>) = 0 [pid 5099] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] write(3, "1000", 4 [pid 5096] <... mmap resumed>) = 0x7fb1ce956000 [pid 5093] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5099] <... futex resumed>) = 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] <... write resumed>) = 4 [pid 5096] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5098] <... mmap resumed>) = 0x7fb1ce956000 [pid 5097] close(3 [pid 5096] <... mprotect resumed>) = 0 [pid 5093] <... clone resumed>, parent_tid=[5100], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5100 [pid 5099] <... mmap resumed>) = 0x7fb1ce956000 [pid 5098] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5097] <... close resumed>) = 0 [pid 5096] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5093] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5100 attached [pid 5099] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5098] <... mprotect resumed>) = 0 [pid 5097] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... futex resumed>) = 0 [pid 5100] set_robust_list(0x7fb1ce9769e0, 24 [pid 5099] <... mprotect resumed>) = 0 [pid 5098] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5097] <... futex resumed>) = 0 [pid 5096] <... clone resumed>, parent_tid=[5101], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5101 [pid 5093] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... set_robust_list resumed>) = 0 [pid 5099] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5096] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5101 attached [pid 5100] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5098] <... clone resumed>, parent_tid=[5102], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5102 [pid 5097] <... mmap resumed>) = 0x7fb1ce956000 [pid 5096] <... futex resumed>) = 0 [pid 5101] set_robust_list(0x7fb1ce9769e0, 24 [pid 5099] <... clone resumed>, parent_tid=[5103], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5103 [pid 5098] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] mprotect(0x7fb1ce957000, 131072, PROT_READ|PROT_WRITE [pid 5096] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... set_robust_list resumed>) = 0 [pid 5099] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] <... mprotect resumed>) = 0 [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5103 attached [pid 5101] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5099] <... futex resumed>) = 0 [pid 5098] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] clone(child_stack=0x7fb1ce9763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5090] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5102 attached [pid 5103] set_robust_list(0x7fb1ce9769e0, 24 [pid 5099] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5090] <... futex resumed>) = 0 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] set_robust_list(0x7fb1ce9769e0, 24 [pid 5097] <... clone resumed>, parent_tid=[5104], tls=0x7fb1ce976700, child_tidptr=0x7fb1ce9769d0) = 5104 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5103] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5097] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5104 attached [pid 5102] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5097] <... futex resumed>) = 0 [pid 5104] set_robust_list(0x7fb1ce9769e0, 24 [pid 5097] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... set_robust_list resumed>) = 0 [pid 5104] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0xb635773f04ebbee0, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE, -1, 0x2000 [pid 5093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5096] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5096] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5096] <... futex resumed>) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5099] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5098] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5099] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5098] <... futex resumed>) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5097] futex(0x7fb1cea4d4bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5097] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5095] <... mmap resumed>) = 0x20000000 [pid 5090] <... mmap resumed>) = 0x7fb1ce935000 [pid 5095] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] mprotect(0x7fb1ce936000, 131072, PROT_READ|PROT_WRITE [pid 5095] <... futex resumed>) = 0 [pid 5095] futex(0x7fb1cea4d4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... mprotect resumed>) = 0 [pid 5090] clone(child_stack=0x7fb1ce9553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7fb1ce955700, child_tidptr=0x7fb1ce9559d0) = 5105 [pid 5090] futex(0x7fb1cea4d4b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7fb1cea4d4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7fb1ce9559e0, 24) = 0 [pid 5105] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 3 [pid 5105] write(3, "4", 1) = 1 [pid 5105] madvise(0x20000000, 6291551, 0x19 /* MADV_??? */ [pid 5090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5090] futex(0x7fb1cea4d4a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... mmap resumed>) = 0x20000000 [pid 5098] <... mmap resumed>) = 0x7fb1ce935000 [pid 5095] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5104] <... mmap resumed>) = 0x20000000 [pid 5102] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] mprotect(0x7fb1ce936000, 131072, PROT_READ|PROT_WRITE [pid 5097] <... mmap resumed>) = 0x7fb1ce935000 [pid 5095] madvise(0x20000000, 12583684, MADV_PAGEOUT [pid 5090] futex(0x7fb1cea4d4ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... mmap resumed>) = 0x20000000 [pid 5102] <... futex resumed>) = 0 [pid 5099] <... mmap resumed>) = 0x7fb1ce935000 [pid 5098] <... mprotect resumed>) = 0 [pid 5097] mprotect(0x7fb1ce936000, 131072, PROT_READ|PROT_WRITE [pid 5104] <... futex resumed>) = 0 [pid 5103] futex(0x7fb1cea4d4ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] futex(0x7fb1cea4d4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] mprotect(0x7fb1ce936000, 131072, PROT_READ|PROT_WRITE [pid 5098] clone(child_stack=0x7fb1ce9553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5104] futex(0x7fb1cea4d4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5099] <... mprotect resumed>) = 0 [pid 5097] <... mprotect resumed>) = 0 [pid 5103] futex(0x7fb1cea4d4a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] clone(child_stack=0x7fb1ce9553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5097] clone(child_stack=0x7fb1ce9553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5098] <... clone resumed>, parent_tid=[5106], tls=0x7fb1ce955700, child_tidptr=0x7fb1ce9559d0) = 5106 [pid 5099] <... clone resumed>, parent_tid=[5107], tls=0x7fb1ce955700, child_tidptr=0x7fb1ce9559d0) = 5107 [pid 5098] futex(0x7fb1cea4d4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... clone resumed>, parent_tid=[5108], tls=0x7fb1ce955700, child_tidptr=0x7fb1ce9559d0) = 5108 [pid 5099] futex(0x7fb1cea4d4b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5097] futex(0x7fb1cea4d4b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5108 attached ./strace-static-x86_64: Process 5107 attached [pid 5099] <... futex resumed>) = 0 [pid 5098] futex(0x7fb1cea4d4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5106 attached [pid 5108] set_robust_list(0x7fb1ce9559e0, 24 [pid 5107] set_robust_list(0x7fb1ce9559e0, 24 [pid 5099] futex(0x7fb1cea4d4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] futex(0x7fb1cea4d4bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5096] <... mmap resumed>) = 0x7fb1ce935000 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] <... set_robust_list resumed>) = 0 [pid 5106] set_robust_list(0x7fb1ce9559e0, 24 [pid 5096] mprotect(0x7fb1ce936000, 131072, PROT_READ|PROT_WRITE syzkaller login: [ 61.396246][ T5105] ------------[ cut here ]------------ [ 61.402008][ T5105] kernel BUG at mm/khugepaged.c:1920! [ 61.407384][ T5105] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 61.413434][ T5105] CPU: 1 PID: 5105 Comm: syz-executor202 Not tainted 6.2.0-rc8-next-20230217-syzkaller #0 [ 61.423303][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 61.434378][ T5105] RIP: 0010:collapse_file+0x3414/0x5880 [ 61.440364][ T5105] Code: ff 48 c7 c2 00 5a 5a 8a be cf 00 00 00 48 c7 c7 60 5a 5a 8a c6 05 09 ed 86 0c 01 e8 76 58 89 ff e9 b7 e6 ff ff e8 1c a8 a8 ff <0f> 0b e8 15 a8 a8 ff 0f 0b e9 ef ce ff ff e8 09 a8 a8 ff 4c 8b 65 [ 61.459956][ T5105] RSP: 0018:ffffc90003d0f7e8 EFLAGS: 00010093 [ 61.466022][ T5105] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 61.473978][ T5105] RDX: ffff888027848000 RSI: ffffffff81dbeb44 RDI: 0000000000000006 [ 61.481935][ T5105] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000280 [ 61.489893][ T5105] R10: 0000000000000281 R11: 0000000000000000 R12: 0000000000000280 [ 61.497846][ T5105] R13: ffff88801daf67e8 R14: 0000000000000400 R15: 0000000000000281 [ 61.505799][ T5105] FS: 00007fb1ce955700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 61.514717][ T5105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.521286][ T5105] CR2: 00007fb1cea31904 CR3: 000000007e1dd000 CR4: 00000000003506e0 [ 61.529242][ T5105] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.537199][ T5105] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.545152][ T5105] Call Trace: [ 61.548418][ T5105] [ 61.551350][ T5105] ? lockdep_hardirqs_on_prepare+0x3f1/0x410 [ 61.557323][ T5105] ? hpage_collapse_scan_pmd+0x4780/0x4780 [ 61.563119][ T5105] ? find_held_lock+0x2d/0x110 [ 61.567870][ T5105] ? hpage_collapse_scan_file+0x2b5/0x1680 [ 61.573665][ T5105] ? xas_next_entry+0x26f/0x3c0 [ 61.578507][ T5105] hpage_collapse_scan_file+0xcd3/0x1680 [ 61.584478][ T5105] ? collapse_file+0x5880/0x5880 [ 61.589410][ T5105] madvise_collapse+0x52f/0xb70 [ 61.594254][ T5105] ? current_is_khugepaged+0x30/0x30 [ 61.599531][ T5105] madvise_vma_behavior+0x63d/0x20c0 [ 61.604808][ T5105] ? madvise_vma_anon_name+0xf0/0xf0 [ 61.610091][ T5105] ? mas_walk+0x4cd/0x6e0 [ 61.614407][ T5105] ? find_vma_prev+0xe4/0x160 [ 61.619068][ T5105] ? vm_unmapped_area+0x770/0x770 [ 61.624082][ T5105] ? down_write_nested+0x200/0x200 [ 61.629181][ T5105] madvise_walk_vmas+0x1c7/0x2b0 [ 61.634109][ T5105] ? madvise_vma_anon_name+0xf0/0xf0 [ 61.639407][ T5105] ? __remove_memory+0x40/0x40 [ 61.644162][ T5105] ? do_madvise.part.0+0x217/0x340 [ 61.649263][ T5105] ? lock_acquire+0x32/0xc0 [ 61.653752][ T5105] ? do_madvise.part.0+0x217/0x340 [ 61.658854][ T5105] do_madvise.part.0+0x24a/0x340 [ 61.663803][ T5105] ? madvise_pageout+0x550/0x550 [ 61.668732][ T5105] ? _raw_spin_unlock_irq+0x23/0x50 [ 61.673916][ T5105] ? lockdep_hardirqs_on+0x7d/0x100 [ 61.679109][ T5105] __x64_sys_madvise+0x117/0x150 [ 61.684037][ T5105] ? syscall_trace_enter.constprop.0+0xb0/0x250 [ 61.690268][ T5105] do_syscall_64+0x39/0xb0 [ 61.694673][ T5105] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.700558][ T5105] RIP: 0033:0x7fb1ce9c4c49 [ 61.704958][ T5105] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 61.724550][ T5105] RSP: 002b:00007fb1ce9552f8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 61.732948][ T5105] RAX: ffffffffffffffda RBX: 00007fb1cea4d4b8 RCX: 00007fb1ce9c4c49 [ 61.740905][ T5105] RDX: 0000000000000019 RSI: 000000000060005f RDI: 0000000020000000 [ 61.748862][ T5105] RBP: 00007fb1cea4d4b0 R08: 0000000000000001 R09: 0000000000000034 [ 61.756831][ T5105] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1ce955300 [ 61.764786][ T5105] R13: 0000000000000001 R14: 00007fb1ce955400 R15: 0000000000022000 [ 61.772745][ T5105] [ 61.775748][ T5105] Modules linked in: [ 61.779627][ T5105] ---[ end trace 0000000000000000 ]--- [ 61.785063][ T5105] RIP: 0010:collapse_file+0x3414/0x5880 [ 61.790600][ T5105] Code: ff 48 c7 c2 00 5a 5a 8a be cf 00 00 00 48 c7 c7 60 5a 5a 8a c6 05 09 ed 86 0c 01 e8 76 58 89 ff e9 b7 e6 ff ff e8 1c a8 a8 ff <0f> 0b e8 15 a8 a8 ff 0f 0b e9 ef ce ff ff e8 09 a8 a8 ff 4c 8b 65 [ 61.810190][ T5105] RSP: 0018:ffffc90003d0f7e8 EFLAGS: 00010093 [ 61.816240][ T5105] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 61.824193][ T5105] RDX: ffff888027848000 RSI: ffffffff81dbeb44 RDI: 0000000000000006 [ 61.832148][ T5105] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000280 [ 61.840101][ T5105] R10: 0000000000000281 R11: 0000000000000000 R12: 0000000000000280 [ 61.848059][ T5105] R13: ffff88801daf67e8 R14: 0000000000000400 R15: 0000000000000281 [ 61.856013][ T5105] FS: 00007fb1ce955700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 61.864935][ T5105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.871501][ T5105] CR2: 00007fb1cea31904 CR3: 000000007e1dd000 CR4: 00000000003506e0 [ 61.879459][ T5105] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.887414][ T5105] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.895370][ T5105] Kernel panic - not syncing: Fatal exception [ 62.960774][ T5105] Shutting down cpus with NMI [ 62.965752][ T5105] Kernel Offset: disabled [ 62.970078][ T5105] Rebooting in 86400 seconds..