./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2759035254
<...>
Warning: Permanently added '10.128.0.89' (ECDSA) to the list of known hosts.
execve("./syz-executor2759035254", ["./syz-executor2759035254"], 0x7ffd2d2bb830 /* 10 vars */) = 0
brk(NULL) = 0x555555961000
brk(0x555555961d00) = 0x555555961d00
arch_prctl(ARCH_SET_FS, 0x5555559613c0) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2759035254", 4096) = 28
brk(0x555555982d00) = 0x555555982d00
brk(0x555555983000) = 0x555555983000
mprotect(0x7f5b684ed000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 3613
openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3
write(3, "10000000000", 11) = 11
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3
write(3, "20", 2) = 2
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
write(3, "100", 3) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3
write(3, "7 4 1 3", 7) = 7
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3
write(3, "3613", 4) = 4
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7f5b684425d0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5b684428a0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7f5b684425d0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5b684428a0}, NULL, 8) = 0
getpid() = 3613
mkdir("./syzkaller.o0lxtp", 0700) = 0
chmod("./syzkaller.o0lxtp", 0777) = 0
chdir("./syzkaller.o0lxtp") = 0
io_uring_setup(30617, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=32768, cq_entries=65536, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=1048896}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
mmap(0x20000000, 1179968, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
write(4, "19", 2) = 2
syzkaller login: [ 40.180120][ T3613] ------------[ cut here ]------------
[ 40.185708][ T3613] WARNING: CPU: 1 PID: 3613 at arch/x86/mm/pat/memtype.c:1107 untrack_pfn+0x247/0x290
[ 40.195288][ T3613] Modules linked in:
[ 40.199181][ T3613] CPU: 1 PID: 3613 Comm: syz-executor275 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0
[ 40.209084][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 40.219171][ T3613] RIP: 0010:untrack_pfn+0x247/0x290
[ 40.224397][ T3613] Code: 84 6c ff ff ff e8 39 45 44 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 45 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 45 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 aa 08 91 00 e9 98 fe ff ff e8 d0
[ 40.244042][ T3613] RSP: 0018:ffffc90003cff718 EFLAGS: 00010293
[ 40.250094][ T3613] RAX: 0000000000000000 RBX: ffff888025f4c6c0 RCX: 0000000000000000
[ 40.258078][ T3613] RDX: ffff8880253757c0 RSI: ffffffff8137e107 RDI: 0000000000000005
[ 40.266078][ T3613] RBP: 1ffff9200079fee3 R08: 0000000000000005 R09: 0000000000000000
[ 40.274067][ T3613] R10: 00000000ffffffea R11: 000000000008c07c R12: 00000000ffffffea
[ 40.282089][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888025f4c6e0
[ 40.290056][ T3613] FS: 00005555559613c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 40.299063][ T3613] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 40.305707][ T3613] CR2: 0000000000000000 CR3: 0000000021331000 CR4: 00000000003506e0
[ 40.313704][ T3613] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 40.321700][ T3613] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 40.329660][ T3613] Call Trace:
[ 40.332961][ T3613]
[ 40.335891][ T3613] ? track_pfn_insert+0x140/0x140
[ 40.340953][ T3613] ? mas_find+0x20d/0xce0
[ 40.345303][ T3613] ? uprobe_munmap+0x1c/0x550
[ 40.349997][ T3613] unmap_single_vma+0x1b4/0x380
[ 40.354874][ T3613] unmap_vmas+0x21e/0x370
[ 40.359219][ T3613] ? unmap_mapping_range+0x270/0x270
[ 40.364540][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.370008][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.375484][ T3613] ? lock_downgrade+0x6e0/0x6e0
[ 40.380368][ T3613] exit_mmap+0x189/0x720
[ 40.384675][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150
[ 40.390718][ T3613] ? lockdep_init_map_type+0x21a/0x7f0
[ 40.396181][ T3613] ? lock_release+0x560/0x780
[ 40.401066][ T3613] __mmput+0x128/0x4c0
[ 40.405149][ T3613] mmput+0x5c/0x70
[ 40.408913][ T3613] dup_mm+0x2e2/0x370
[ 40.412915][ T3613] copy_process+0x3be1/0x7120
[ 40.417623][ T3613] ? vtime_account_system+0x2c6/0x530
[ 40.423055][ T3613] ? __cleanup_sighand+0xb0/0xb0
[ 40.428014][ T3613] ? trace_hardirqs_on+0x2d/0x120
[ 40.433142][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.438613][ T3613] ? lock_acquire+0x480/0x570
[ 40.443320][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.448836][ T3613] kernel_clone+0xe7/0xab0
[ 40.453283][ T3613] ? create_io_thread+0xe0/0xe0
[ 40.458145][ T3613] ? rwlock_bug.part.0+0x90/0x90
[ 40.463112][ T3613] ? recalc_sigpending_tsk+0x18f/0x1d0
[ 40.468578][ T3613] ? ptrace_stop.part.0+0x746/0xa80
[ 40.473800][ T3613] __do_sys_clone+0xba/0x100
[ 40.478411][ T3613] ? kernel_clone+0xab0/0xab0
[ 40.483185][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40
[ 40.488392][ T3613] ? ptrace_notify+0xfa/0x140
[ 40.493093][ T3613] do_syscall_64+0x35/0xb0
[ 40.497526][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 40.503462][ T3613] RIP: 0033:0x7f5b68487a59
[ 40.507968][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 40.527626][ T3613] RSP: 002b:00007fffb99169d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 40.536089][ T3613] RAX: ffffffffffffffda RBX: 00007fffb9916a38 RCX: 00007f5b68487a59
[ 40.544126][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 40.552133][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffb9003931
[ 40.560103][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 40.568124][ T3613] R13: 00007f5b684c40a1 R14: 0000000000000000 R15: 0000000000000000
[ 40.576132][ T3613]
[ 40.579145][ T3613] Kernel panic - not syncing: panic_on_warn set ...
[ 40.585706][ T3613] CPU: 1 PID: 3613 Comm: syz-executor275 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0
[ 40.595576][ T3613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
[ 40.605625][ T3613] Call Trace:
[ 40.608886][ T3613]
[ 40.611800][ T3613] dump_stack_lvl+0xcd/0x134
[ 40.616378][ T3613] panic+0x2c8/0x622
[ 40.620268][ T3613] ? panic_print_sys_info.part.0+0x110/0x110
[ 40.626240][ T3613] ? __warn.cold+0x248/0x2c4
[ 40.630819][ T3613] ? untrack_pfn+0x247/0x290
[ 40.635398][ T3613] __warn.cold+0x259/0x2c4
[ 40.639830][ T3613] ? untrack_pfn+0x247/0x290
[ 40.644410][ T3613] report_bug+0x1bc/0x210
[ 40.648727][ T3613] handle_bug+0x3c/0x60
[ 40.652871][ T3613] exc_invalid_op+0x14/0x40
[ 40.657359][ T3613] asm_exc_invalid_op+0x16/0x20
[ 40.662197][ T3613] RIP: 0010:untrack_pfn+0x247/0x290
[ 40.667385][ T3613] Code: 84 6c ff ff ff e8 39 45 44 00 4c 89 ee 4c 89 e7 e8 be de ff ff e8 29 45 44 00 48 85 db 0f 85 58 ff ff ff eb 82 e8 19 45 44 00 <0f> 0b e9 76 ff ff ff 48 89 df e8 aa 08 91 00 e9 98 fe ff ff e8 d0
[ 40.686988][ T3613] RSP: 0018:ffffc90003cff718 EFLAGS: 00010293
[ 40.693153][ T3613] RAX: 0000000000000000 RBX: ffff888025f4c6c0 RCX: 0000000000000000
[ 40.701131][ T3613] RDX: ffff8880253757c0 RSI: ffffffff8137e107 RDI: 0000000000000005
[ 40.709111][ T3613] RBP: 1ffff9200079fee3 R08: 0000000000000005 R09: 0000000000000000
[ 40.717079][ T3613] R10: 00000000ffffffea R11: 000000000008c07c R12: 00000000ffffffea
[ 40.725046][ T3613] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888025f4c6e0
[ 40.733017][ T3613] ? untrack_pfn+0x247/0x290
[ 40.737632][ T3613] ? untrack_pfn+0x247/0x290
[ 40.742229][ T3613] ? track_pfn_insert+0x140/0x140
[ 40.747263][ T3613] ? mas_find+0x20d/0xce0
[ 40.751603][ T3613] ? uprobe_munmap+0x1c/0x550
[ 40.756289][ T3613] unmap_single_vma+0x1b4/0x380
[ 40.761146][ T3613] unmap_vmas+0x21e/0x370
[ 40.765478][ T3613] ? unmap_mapping_range+0x270/0x270
[ 40.770770][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.776330][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.781794][ T3613] ? lock_downgrade+0x6e0/0x6e0
[ 40.786654][ T3613] exit_mmap+0x189/0x720
[ 40.790910][ T3613] ? __ia32_sys_remap_file_pages+0x150/0x150
[ 40.796912][ T3613] ? lockdep_init_map_type+0x21a/0x7f0
[ 40.802372][ T3613] ? lock_release+0x560/0x780
[ 40.807058][ T3613] __mmput+0x128/0x4c0
[ 40.811134][ T3613] mmput+0x5c/0x70
[ 40.814860][ T3613] dup_mm+0x2e2/0x370
[ 40.818849][ T3613] copy_process+0x3be1/0x7120
[ 40.823537][ T3613] ? vtime_account_system+0x2c6/0x530
[ 40.828942][ T3613] ? __cleanup_sighand+0xb0/0xb0
[ 40.833888][ T3613] ? trace_hardirqs_on+0x2d/0x120
[ 40.838914][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.844386][ T3613] ? lock_acquire+0x480/0x570
[ 40.849070][ T3613] ? rcu_read_lock_sched_held+0xd/0x70
[ 40.854531][ T3613] kernel_clone+0xe7/0xab0
[ 40.858959][ T3613] ? create_io_thread+0xe0/0xe0
[ 40.863819][ T3613] ? rwlock_bug.part.0+0x90/0x90
[ 40.868763][ T3613] ? recalc_sigpending_tsk+0x18f/0x1d0
[ 40.874225][ T3613] ? ptrace_stop.part.0+0x746/0xa80
[ 40.879432][ T3613] __do_sys_clone+0xba/0x100
[ 40.884030][ T3613] ? kernel_clone+0xab0/0xab0
[ 40.888719][ T3613] ? _raw_spin_unlock_irq+0x2a/0x40
[ 40.893935][ T3613] ? ptrace_notify+0xfa/0x140
[ 40.898619][ T3613] do_syscall_64+0x35/0xb0
[ 40.903044][ T3613] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 40.908941][ T3613] RIP: 0033:0x7f5b68487a59
[ 40.913355][ T3613] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 40.932992][ T3613] RSP: 002b:00007fffb99169d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 40.941412][ T3613] RAX: ffffffffffffffda RBX: 00007fffb9916a38 RCX: 00007f5b68487a59
[ 40.949384][ T3613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 40.957361][ T3613] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffb9003931
[ 40.965347][ T3613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 40.973327][ T3613] R13: 00007f5b684c40a1 R14: 0000000000000000 R15: 0000000000000000
[ 40.981306][ T3613]
[ 40.984386][ T3613] Kernel Offset: disabled
[ 40.988717][ T3613] Rebooting in 86400 seconds..