./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1184693799 <...> Warning: Permanently added '10.128.0.157' (ECDSA) to the list of known hosts. execve("./syz-executor1184693799", ["./syz-executor1184693799"], 0x7ffda3d9bbf0 /* 10 vars */) = 0 brk(NULL) = 0x555556412000 brk(0x555556412d00) = 0x555556412d00 arch_prctl(ARCH_SET_FS, 0x5555564123c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1184693799", 4096) = 28 brk(0x555556433d00) = 0x555556433d00 brk(0x555556434000) = 0x555556434000 mprotect(0x7f069cfdc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3613 openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 write(3, "10000000000", 11) = 11 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 write(3, "20", 2) = 2 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 write(3, "100", 3) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 write(3, "7 4 1 3", 7) = 7 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 write(3, "3613", 4) = 4 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f069cf32570, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f069cf32840}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f069cf32570, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f069cf32840}, NULL, 8) = 0 io_uring_setup(243, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=256, cq_entries=512, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=8512}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3 mmap(0x20000000, 9536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 write(4, "17", 2) = 2 [ 48.551881][ T3613] ------------[ cut here ]------------ [ 48.557638][ T3613] WARNING: CPU: 1 PID: 3613 at arch/x86/mm/pat/memtype.c:1099 untrack_pfn+0x247/0x290 [ 48.567236][ T3613] Modules linked in: [ 48.571139][ T3613] CPU: 1 PID: 3613 Comm: syz-executor118 Not tainted 5.19.0-next-20220809-syzkaller #0 [ 48.580847][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.591027][ T3613] RIP: 0010:untrack_pfn+0x247/0x290 [ 48.596238][ T3613] Code: 84 6c ff ff ff e8 c9 47 44 00 4c 89 ee 4c 89 e7 e8 ee dd ff ff e8 b9 47 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 a9 47 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 0a a0 90 00 e9 98 fe ff ff e8 70 [ 48.616255][ T3613] RSP: 0018:ffffc9000379f6f8 EFLAGS: 00010293 [ 48.622398][ T3613] RAX: 0000000000000000 RBX: ffff888025262630 RCX: 0000000000000000 [ 48.630464][ T3613] RDX: ffff8880252bbb00 RSI: ffffffff8137be57 RDI: 0000000000000005 [ 48.638483][ T3613] RBP: 1ffff920006f3edf R08: 0000000000000005 R09: 0000000000000000 [ 48.646511][ T3613] R10: 00000000ffffffea R11: 0000000000000000 R12: 00000000ffffffea [ 48.654486][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888025262680 [ 48.662529][ T3613] FS: 00005555564123c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 48.671505][ T3613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 48.678138][ T3613] CR2: 0000000000000000 CR3: 00000000720e7000 CR4: 00000000003506e0 [ 48.686251][ T3613] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 48.694282][ T3613] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 48.702320][ T3613] Call Trace: [ 48.705592][ T3613] [ 48.708619][ T3613] ? track_pfn_insert+0x140/0x140 [ 48.713666][ T3613] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 48.719218][ T3613] ? unmap_vmas+0x148/0x310 [ 48.723747][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 48.728684][ T3613] ? uprobe_munmap+0x1c/0x560 [ 48.733410][ T3613] unmap_single_vma+0x1ba/0x360 [ 48.738351][ T3613] unmap_vmas+0x18c/0x310 [ 48.742700][ T3613] ? unmap_mapping_range+0x280/0x280 [ 48.748153][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 48.753023][ T3613] ? lru_add_drain_cpu+0x474/0x850 [ 48.758196][ T3613] exit_mmap+0x1b8/0x490 [ 48.762462][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 48.768742][ T3613] ? dup_mm+0xb7e/0x13a0 [ 48.773005][ T3613] __mmput+0x122/0x4b0 [ 48.777140][ T3613] mmput+0x56/0x60 [ 48.780894][ T3613] dup_mm+0xdb4/0x13a0 [ 48.784967][ T3613] ? replace_mm_exe_file+0x480/0x480 [ 48.790322][ T3613] ? __raw_spin_lock_init+0x36/0x110 [ 48.795627][ T3613] copy_process+0x3bee/0x7120 [ 48.800379][ T3613] ? __cleanup_sighand+0xb0/0xb0 [ 48.805363][ T3613] kernel_clone+0xe7/0xab0 [ 48.809846][ T3613] ? create_io_thread+0xe0/0xe0 [ 48.814709][ T3613] ? rwlock_bug.part.0+0x90/0x90 [ 48.819679][ T3613] ? _raw_spin_lock_irq+0x41/0x50 [ 48.824739][ T3613] ? find_held_lock+0x2d/0x110 [ 48.829582][ T3613] __do_sys_clone+0xba/0x100 [ 48.834199][ T3613] ? kernel_clone+0xab0/0xab0 [ 48.838999][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 48.844240][ T3613] ? ptrace_notify+0xfa/0x140 [ 48.849015][ T3613] do_syscall_64+0x35/0xb0 [ 48.853446][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.859387][ T3613] RIP: 0033:0x7f069cf77979 [ 48.863898][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 48.883580][ T3613] RSP: 002b:00007ffd672b2148 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 48.892043][ T3613] RAX: ffffffffffffffda RBX: 00007ffd672b2188 RCX: 00007f069cf77979 [ 48.900106][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 48.908126][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000003731 [ 48.916086][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 48.924122][ T3613] R13: 00007f069cfb30a1 R14: 0000000000000000 R15: 0000000000000000 [ 48.932140][ T3613] [ 48.935151][ T3613] Kernel panic - not syncing: panic_on_warn set ... [ 48.941719][ T3613] CPU: 0 PID: 3613 Comm: syz-executor118 Not tainted 5.19.0-next-20220809-syzkaller #0 [ 48.951339][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 48.961402][ T3613] Call Trace: [ 48.964695][ T3613] [ 48.967639][ T3613] dump_stack_lvl+0xcd/0x134 [ 48.972257][ T3613] panic+0x2c8/0x627 [ 48.976177][ T3613] ? panic_print_sys_info.part.0+0x10b/0x10b [ 48.982175][ T3613] ? __warn.cold+0x248/0x2c4 [ 48.986775][ T3613] ? untrack_pfn+0x247/0x290 [ 48.991379][ T3613] __warn.cold+0x259/0x2c4 [ 48.995803][ T3613] ? untrack_pfn+0x247/0x290 [ 49.000401][ T3613] report_bug+0x1bc/0x210 [ 49.004752][ T3613] handle_bug+0x3c/0x60 [ 49.008934][ T3613] exc_invalid_op+0x14/0x40 [ 49.013455][ T3613] asm_exc_invalid_op+0x16/0x20 [ 49.018309][ T3613] RIP: 0010:untrack_pfn+0x247/0x290 [ 49.023520][ T3613] Code: 84 6c ff ff ff e8 c9 47 44 00 4c 89 ee 4c 89 e7 e8 ee dd ff ff e8 b9 47 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 a9 47 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 0a a0 90 00 e9 98 fe ff ff e8 70 [ 49.043127][ T3613] RSP: 0018:ffffc9000379f6f8 EFLAGS: 00010293 [ 49.049193][ T3613] RAX: 0000000000000000 RBX: ffff888025262630 RCX: 0000000000000000 [ 49.057162][ T3613] RDX: ffff8880252bbb00 RSI: ffffffff8137be57 RDI: 0000000000000005 [ 49.065132][ T3613] RBP: 1ffff920006f3edf R08: 0000000000000005 R09: 0000000000000000 [ 49.073100][ T3613] R10: 00000000ffffffea R11: 0000000000000000 R12: 00000000ffffffea [ 49.081070][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888025262680 [ 49.089066][ T3613] ? untrack_pfn+0x247/0x290 [ 49.093670][ T3613] ? untrack_pfn+0x247/0x290 [ 49.098276][ T3613] ? track_pfn_insert+0x140/0x140 [ 49.103308][ T3613] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 49.108513][ T3613] ? unmap_vmas+0x148/0x310 [ 49.113015][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 49.117883][ T3613] ? uprobe_munmap+0x1c/0x560 [ 49.122567][ T3613] unmap_single_vma+0x1ba/0x360 [ 49.127423][ T3613] unmap_vmas+0x18c/0x310 [ 49.131755][ T3613] ? unmap_mapping_range+0x280/0x280 [ 49.137042][ T3613] ? lock_downgrade+0x6e0/0x6e0 [ 49.141903][ T3613] ? lru_add_drain_cpu+0x474/0x850 [ 49.147047][ T3613] exit_mmap+0x1b8/0x490 [ 49.151298][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 49.157299][ T3613] ? dup_mm+0xb7e/0x13a0 [ 49.161572][ T3613] __mmput+0x122/0x4b0 [ 49.165650][ T3613] mmput+0x56/0x60 [ 49.169375][ T3613] dup_mm+0xdb4/0x13a0 [ 49.173470][ T3613] ? replace_mm_exe_file+0x480/0x480 [ 49.178766][ T3613] ? __raw_spin_lock_init+0x36/0x110 [ 49.184062][ T3613] copy_process+0x3bee/0x7120 [ 49.188778][ T3613] ? __cleanup_sighand+0xb0/0xb0 [ 49.193738][ T3613] kernel_clone+0xe7/0xab0 [ 49.198164][ T3613] ? create_io_thread+0xe0/0xe0 [ 49.203020][ T3613] ? rwlock_bug.part.0+0x90/0x90 [ 49.207959][ T3613] ? _raw_spin_lock_irq+0x41/0x50 [ 49.213012][ T3613] ? find_held_lock+0x2d/0x110 [ 49.217779][ T3613] __do_sys_clone+0xba/0x100 [ 49.222379][ T3613] ? kernel_clone+0xab0/0xab0 [ 49.227083][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40 [ 49.232292][ T3613] ? ptrace_notify+0xfa/0x140 [ 49.236981][ T3613] do_syscall_64+0x35/0xb0 [ 49.241401][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.247296][ T3613] RIP: 0033:0x7f069cf77979 [ 49.251716][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 49.271349][ T3613] RSP: 002b:00007ffd672b2148 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 49.279866][ T3613] RAX: ffffffffffffffda RBX: 00007ffd672b2188 RCX: 00007f069cf77979 [ 49.287861][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 49.295832][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000003731 [ 49.303800][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 49.311772][ T3613] R13: 00007f069cfb30a1 R14: 0000000000000000 R15: 0000000000000000 [ 49.319776][ T3613] [ 49.323066][ T3613] Kernel Offset: disabled [ 49.327455][ T3613] Rebooting in 86400 seconds..