./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2562610797

<...>
DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6
forked to background, child pid 3192
[   27.278046][ T3193] 8021q: adding VLAN 0 to HW filter on device bond0
[   27.280780][ T3193] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
execve("./syz-executor2562610797", ["./syz-executor2562610797"], 0x7ffd7992aa80 /* 10 vars */) = 0
brk(NULL)                               = 0x555556ef8000
brk(0x555556ef8c40)                     = 0x555556ef8c40
arch_prctl(ARCH_SET_FS, 0x555556ef8300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2562610797", 4096) = 28
brk(0x555556f19c40)                     = 0x555556f19c40
brk(0x555556f1a000)                     = 0x555556f1a000
mprotect(0x7f4282eba000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3621 attached
, child_tidptr=0x555556ef85d0) = 3621
[pid  3621] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3621] setsid()                    = 1
[pid  3621] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  3621] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  3621] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  3621] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  3621] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  3621] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  3621] unshare(CLONE_NEWNS)        = 0
[pid  3621] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  3621] unshare(CLONE_NEWIPC)       = 0
[pid  3621] unshare(CLONE_NEWCGROUP)    = 0
[pid  3621] unshare(CLONE_NEWUTS)       = 0
[pid  3621] unshare(CLONE_SYSVSEM)      = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "16777216", 8)     = 8
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "536870912", 9)    = 9
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "1024", 4)         = 4
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "8192", 4)         = 4
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "1024", 4)         = 4
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "1024", 4)         = 4
[pid  3621] close(3)                    = 0
[pid  3621] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  3621] write(3, "1024 1048576 500 1024", 21) = 21
[pid  3621] close(3)                    = 0
[pid  3621] getpid()                    = 1
[pid  3621] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3621] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  3621] unshare(CLONE_NEWNET)       = 0
[pid  3621] mkdir("/dev/binderfs", 0777) = 0
[pid  3621] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  3621] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3621] memfd_create("\x10\x33\x71\x7d\x32\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f\xf8\xd2\x38\xf4\x1c\xc0\xf9\x1c\xa6\xab\x08\x69\xe4\x5e\xd5\xfd\xa9\x0d\xac\x37\x41\x94\xeb\xcd\x09", 0) = 3
[pid  3621] mmap(0x20200000, 4194304, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_LOCKED, 3, 0) = 0x20200000
[pid  3621] userfaultfd(UFFD_USER_MODE_ONLY|O_CLOEXEC) = 4
[pid  3621] ioctl(4, UFFDIO_API, {api=0xaa, features=0 => features=UFFD_FEATURE_PAGEFAULT_FLAG_WP|UFFD_FEATURE_EVENT_FORK|UFFD_FEATURE_EVENT_REMAP|UFFD_FEATURE_EVENT_REMOVE|UFFD_FEATURE_MISSING_HUGETLBFS|UFFD_FEATURE_MISSING_SHMEM|UFFD_FEATURE_EVENT_UNMAP|UFFD_FEATURE_SIGBUS|UFFD_FEATURE_THREAD_ID|UFFD_FEATURE_MINOR_HUGETLBFS|UFFD_FEATURE_MINOR_SHMEM|0x800, ioctls=1<<_UFFDIO_REGISTER|1<<_UFFDIO_UNREGISTER|1<<_UFFDIO_API}) = 0
[pid  3621] ioctl(4, UFFDIO_REGISTER, {range={start=0x200e2000, len=0xc00000}, mode=UFFDIO_REGISTER_MODE_MISSING, ioctls=1<<_UFFDIO_WAKE|1<<_UFFDIO_COPY|1<<_UFFDIO_ZEROPAGE}) = 0
[pid  3621] close(3)                    = 0
syzkaller login: [   50.189828][ T3621] ------------[ cut here ]------------
[   50.189835][ T3621] WARNING: CPU: 0 PID: 3621 at mm/mmap.c:1096 vma_merge+0x32a/0x870
[   50.203660][ T3621] Modules linked in:
[   50.207566][ T3621] CPU: 0 PID: 3621 Comm: syz-executor256 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0
[   50.217626][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.227782][ T3621] RIP: 0010:vma_merge+0x32a/0x870
[   50.232956][ T3621] Code: c4 ff 4c 89 ee 4c 89 e7 e8 33 50 c4 ff 4d 39 ec 0f 86 13 04 00 00 e8 35 54 c4 ff e8 30 54 c4 ff 45 31 e4 eb a1 e8 26 54 c4 ff <0f> 0b e9 49 fe ff ff e8 1a 54 c4 ff 48 8d bd 88 00 00 00 48 b8 00
[   50.252667][ T3621] RSP: 0018:ffffc90002fafc80 EFLAGS: 00010293
[   50.258863][ T3621] RAX: 0000000000000000 RBX: ffff88802108c1b0 RCX: 0000000000000000
[   50.266954][ T3621] RDX: ffff8880228d3a80 RSI: ffffffff81b69a2a RDI: 0000000000000006
[   50.275040][ T3621] RBP: ffff88802108c798 R08: 0000000000000006 R09: 0000000020600000
[   50.283093][ T3621] R10: 0000000020ce2000 R11: 0000000000000001 R12: 0000000020ce2000
[   50.291087][ T3621] R13: 0000000020600000 R14: ffff88802108c1b0 R15: 0000000020600000
[   50.299157][ T3621] FS:  0000555556ef8300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
[   50.308145][ T3621] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   50.314825][ T3621] CR2: 00007f4282ebe130 CR3: 0000000073fdf000 CR4: 00000000003506f0
[   50.322925][ T3621] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   50.330904][ T3621] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   50.338966][ T3621] Call Trace:
[   50.342258][ T3621]  <TASK>
[   50.345310][ T3621]  userfaultfd_release+0x4c5/0x670
[   50.350521][ T3621]  ? userfaultfd_event_wait_completion+0xbd0/0xbd0
[   50.357173][ T3621]  ? ima_file_free+0xb6/0x410
[   50.361905][ T3621]  __fput+0x277/0x9d0
[   50.365969][ T3621]  ? userfaultfd_event_wait_completion+0xbd0/0xbd0
[   50.372493][ T3621]  task_work_run+0xdd/0x1a0
[   50.377140][ T3621]  ptrace_notify+0x114/0x140
[   50.381759][ T3621]  syscall_exit_to_user_mode_prepare+0xdb/0x230
[   50.388137][ T3621]  syscall_exit_to_user_mode+0x9/0x50
[   50.393636][ T3621]  do_syscall_64+0x42/0xb0
[   50.398075][ T3621]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   50.404072][ T3621] RIP: 0033:0x7f4282e103d3
[   50.408514][ T3621] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   50.428392][ T3621] RSP: 002b:00007ffcd91f7308 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   50.436920][ T3621] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f4282e103d3
[   50.445132][ T3621] RDX: 00000000200001c0 RSI: 00000000c020aa00 RDI: 0000000000000004
[   50.453211][ T3621] RBP: 00007ffcd91f7318 R08: 00007f4282ebae40 R09: 00007f4282ebae40
[   50.461195][ T3621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd91f7320
[   50.469260][ T3621] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.477341][ T3621]  </TASK>
[   50.480817][ T3621] Kernel panic - not syncing: panic_on_warn set ...
[   50.487385][ T3621] CPU: 0 PID: 3621 Comm: syz-executor256 Not tainted 5.19.0-rc1-next-20220610-syzkaller #0
[   50.497349][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.507389][ T3621] Call Trace:
[   50.510654][ T3621]  <TASK>
[   50.513574][ T3621]  dump_stack_lvl+0xcd/0x134
[   50.518157][ T3621]  panic+0x2d7/0x636
[   50.522048][ T3621]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   50.528026][ T3621]  ? __warn.cold+0x1d9/0x2cd
[   50.532626][ T3621]  ? vma_merge+0x32a/0x870
[   50.537036][ T3621]  __warn.cold+0x1ea/0x2cd
[   50.541558][ T3621]  ? vma_merge+0x32a/0x870
[   50.545977][ T3621]  report_bug+0x1bc/0x210
[   50.550308][ T3621]  handle_bug+0x3c/0x60
[   50.554467][ T3621]  exc_invalid_op+0x14/0x40
[   50.558979][ T3621]  asm_exc_invalid_op+0x1b/0x20
[   50.563842][ T3621] RIP: 0010:vma_merge+0x32a/0x870
[   50.568884][ T3621] Code: c4 ff 4c 89 ee 4c 89 e7 e8 33 50 c4 ff 4d 39 ec 0f 86 13 04 00 00 e8 35 54 c4 ff e8 30 54 c4 ff 45 31 e4 eb a1 e8 26 54 c4 ff <0f> 0b e9 49 fe ff ff e8 1a 54 c4 ff 48 8d bd 88 00 00 00 48 b8 00
[   50.588509][ T3621] RSP: 0018:ffffc90002fafc80 EFLAGS: 00010293
[   50.594580][ T3621] RAX: 0000000000000000 RBX: ffff88802108c1b0 RCX: 0000000000000000
[   50.602548][ T3621] RDX: ffff8880228d3a80 RSI: ffffffff81b69a2a RDI: 0000000000000006
[   50.610513][ T3621] RBP: ffff88802108c798 R08: 0000000000000006 R09: 0000000020600000
[   50.618480][ T3621] R10: 0000000020ce2000 R11: 0000000000000001 R12: 0000000020ce2000
[   50.626446][ T3621] R13: 0000000020600000 R14: ffff88802108c1b0 R15: 0000000020600000
[   50.634431][ T3621]  ? vma_merge+0x32a/0x870
[   50.638865][ T3621]  userfaultfd_release+0x4c5/0x670
[   50.643991][ T3621]  ? userfaultfd_event_wait_completion+0xbd0/0xbd0
[   50.650503][ T3621]  ? ima_file_free+0xb6/0x410
[   50.655185][ T3621]  __fput+0x277/0x9d0
[   50.659166][ T3621]  ? userfaultfd_event_wait_completion+0xbd0/0xbd0
[   50.665671][ T3621]  task_work_run+0xdd/0x1a0
[   50.670181][ T3621]  ptrace_notify+0x114/0x140
[   50.674770][ T3621]  syscall_exit_to_user_mode_prepare+0xdb/0x230
[   50.681009][ T3621]  syscall_exit_to_user_mode+0x9/0x50
[   50.686384][ T3621]  do_syscall_64+0x42/0xb0
[   50.690802][ T3621]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   50.696696][ T3621] RIP: 0033:0x7f4282e103d3
[   50.701107][ T3621] Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
[   50.720710][ T3621] RSP: 002b:00007ffcd91f7308 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   50.729123][ T3621] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f4282e103d3
[   50.737104][ T3621] RDX: 00000000200001c0 RSI: 00000000c020aa00 RDI: 0000000000000004
[   50.745168][ T3621] RBP: 00007ffcd91f7318 R08: 00007f4282ebae40 R09: 00007f4282ebae40
[   50.753134][ T3621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcd91f7320
[   50.761101][ T3621] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   50.769168][ T3621]  </TASK>
[   50.772469][ T3621] Kernel Offset: disabled
[   50.776833][ T3621] Rebooting in 86400 seconds..