Extracting prog: 6m7.930538822s Minimizing prog: 59m22.742617062s Simplifying prog options: 0s Extracting C: 44.122216126s Simplifying C: 34m26.612584981s extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: WARNING in page_counter_uncharge single: successfully extracted reproducer found reproducer with 5 syscalls minimizing guilty program testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: lost connection to test machine ignore low priority crash: lost connection to test machine testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: lost connection to test machine ignore low priority crash: lost connection to test machine testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, 0x0, 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge simplifying C reproducer testing compiled C program (duration=7m8.360072053s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program did not crash testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program did not crash testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program did not crash testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing compiled C program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap program crashed: WARNING in page_counter_uncharge testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: WARNING in page_counter_uncharge validation run: crashed=true testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: WARNING in page_counter_uncharge validation run: crashed=true testing program (duration=7m8.360072053s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs-write$cgroup_pid-mmap detailed listing: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000380), 0x12) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) program crashed: WARNING in page_counter_uncharge validation run: crashed=true reproducing took 1h46m24.958456658s repro crashed as (corrupted=false): ------------[ cut here ]------------ page_counter underflow: -512 nr_pages=512 WARNING: mm/page_counter.c:60 at page_counter_cancel mm/page_counter.c:60 [inline], CPU#2: syz.3.2707/14164 WARNING: mm/page_counter.c:60 at page_counter_uncharge+0x140/0x1b0 mm/page_counter.c:184, CPU#2: syz.3.2707/14164 Modules linked in: CPU: 2 UID: 0 PID: 14164 Comm: syz.3.2707 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:page_counter_cancel mm/page_counter.c:60 [inline] RIP: 0010:page_counter_uncharge+0x147/0x1b0 mm/page_counter.c:184 Code: 2f b8 8a ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 17 b8 8a ff 48 8d 3d 30 0e 60 0e 48 8b 14 24 48 89 ee <67> 48 0f b9 3a be 08 00 00 00 48 89 df e8 d7 b3 f8 ff 48 89 da 48 RSP: 0018:ffffc9000ddef3a0 EFLAGS: 00010093 RAX: 0000000000000000 RBX: ffff88803693f380 RCX: ffffffff827e8c38 RDX: 0000000000000200 RSI: fffffffffffffe00 RDI: ffffffff90de9b00 RBP: fffffffffffffe00 R08: 0000000000000007 R09: 0000000000000000 R10: fffffffffffffe00 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000200 R14: 0000000000000001 R15: 00000000000000f4 FS: 0000000000000000(0000) GS:ffff8880d655f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb2f22beff8 CR3: 000000000e596000 CR4: 0000000000352ef0 Call Trace: __hugetlb_cgroup_uncharge_folio.part.0+0x238/0x620 mm/hugetlb_cgroup.c:354 __hugetlb_cgroup_uncharge_folio include/linux/hugetlb_cgroup.h:105 [inline] hugetlb_cgroup_uncharge_folio_rsvd+0x2e/0x40 mm/hugetlb_cgroup.c:382 free_huge_folio+0x6cc/0xce0 mm/hugetlb.c:1729 folios_put_refs+0x6a6/0xa90 mm/swap.c:989 folio_batch_release include/linux/folio_batch.h:101 [inline] remove_inode_hugepages+0x682/0x1090 fs/hugetlbfs/inode.c:582 hugetlbfs_evict_inode+0x8b/0x250 fs/hugetlbfs/inode.c:597 evict+0x3c2/0xad0 fs/inode.c:828 iput_final fs/inode.c:2022 [inline] iput.part.0+0x989/0x1050 fs/inode.c:2071 iput+0x35/0x40 fs/inode.c:2037 dentry_unlink_inode+0x284/0x470 fs/dcache.c:479 dentry_kill+0x25d/0xc20 fs/dcache.c:826 finish_dput fs/dcache.c:1001 [inline] dput.part.0+0xd7/0x240 fs/dcache.c:1042 dput+0x1f/0x30 fs/dcache.c:1037 __fput+0x519/0xb50 fs/file_table.c:520 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x951/0x2ae0 kernel/exit.c:1004 do_group_exit+0xd5/0x2a0 kernel/exit.c:1147 get_signal+0x1ec7/0x21e0 kernel/signal.c:3038 arch_do_signal_or_restart+0x91/0x7e0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:66 [inline] exit_to_user_mode_loop+0x139/0x6f0 kernel/entry/common.c:101 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline] do_syscall_64+0x666/0x870 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7a2eb9ce59 Code: Unable to access opcode bytes at 0x7f7a2eb9ce2f. RSP: 002b:00007f7a2f9a40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f7a2ee15fa8 RCX: 00007f7a2eb9ce59 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7a2ee15fa8 RBP: 00007f7a2ee15fa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7a2ee16038 R14: 00007ffc6d42d140 R15: 00007ffc6d42d228 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 8a ff mov %bh,%bh 2: 48 83 c4 10 add $0x10,%rsp 6: 5b pop %rbx 7: 5d pop %rbp 8: 41 5c pop %r12 a: 41 5d pop %r13 c: 41 5e pop %r14 e: 41 5f pop %r15 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: e8 17 b8 8a ff call 0xff8ab831 1a: 48 8d 3d 30 0e 60 0e lea 0xe600e30(%rip),%rdi # 0xe600e51 21: 48 8b 14 24 mov (%rsp),%rdx 25: 48 89 ee mov %rbp,%rsi * 28: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2d: be 08 00 00 00 mov $0x8,%esi 32: 48 89 df mov %rbx,%rdi 35: e8 d7 b3 f8 ff call 0xfff8b411 3a: 48 89 da mov %rbx,%rdx 3d: 48 rex.W final repro crashed as (corrupted=false): ------------[ cut here ]------------ page_counter underflow: -512 nr_pages=512 WARNING: mm/page_counter.c:60 at page_counter_cancel mm/page_counter.c:60 [inline], CPU#2: syz.3.2707/14164 WARNING: mm/page_counter.c:60 at page_counter_uncharge+0x140/0x1b0 mm/page_counter.c:184, CPU#2: syz.3.2707/14164 Modules linked in: CPU: 2 UID: 0 PID: 14164 Comm: syz.3.2707 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:page_counter_cancel mm/page_counter.c:60 [inline] RIP: 0010:page_counter_uncharge+0x147/0x1b0 mm/page_counter.c:184 Code: 2f b8 8a ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc e8 17 b8 8a ff 48 8d 3d 30 0e 60 0e 48 8b 14 24 48 89 ee <67> 48 0f b9 3a be 08 00 00 00 48 89 df e8 d7 b3 f8 ff 48 89 da 48 RSP: 0018:ffffc9000ddef3a0 EFLAGS: 00010093 RAX: 0000000000000000 RBX: ffff88803693f380 RCX: ffffffff827e8c38 RDX: 0000000000000200 RSI: fffffffffffffe00 RDI: ffffffff90de9b00 RBP: fffffffffffffe00 R08: 0000000000000007 R09: 0000000000000000 R10: fffffffffffffe00 R11: 0000000000000000 R12: dffffc0000000000 R13: 0000000000000200 R14: 0000000000000001 R15: 00000000000000f4 FS: 0000000000000000(0000) GS:ffff8880d655f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb2f22beff8 CR3: 000000000e596000 CR4: 0000000000352ef0 Call Trace: __hugetlb_cgroup_uncharge_folio.part.0+0x238/0x620 mm/hugetlb_cgroup.c:354 __hugetlb_cgroup_uncharge_folio include/linux/hugetlb_cgroup.h:105 [inline] hugetlb_cgroup_uncharge_folio_rsvd+0x2e/0x40 mm/hugetlb_cgroup.c:382 free_huge_folio+0x6cc/0xce0 mm/hugetlb.c:1729 folios_put_refs+0x6a6/0xa90 mm/swap.c:989 folio_batch_release include/linux/folio_batch.h:101 [inline] remove_inode_hugepages+0x682/0x1090 fs/hugetlbfs/inode.c:582 hugetlbfs_evict_inode+0x8b/0x250 fs/hugetlbfs/inode.c:597 evict+0x3c2/0xad0 fs/inode.c:828 iput_final fs/inode.c:2022 [inline] iput.part.0+0x989/0x1050 fs/inode.c:2071 iput+0x35/0x40 fs/inode.c:2037 dentry_unlink_inode+0x284/0x470 fs/dcache.c:479 dentry_kill+0x25d/0xc20 fs/dcache.c:826 finish_dput fs/dcache.c:1001 [inline] dput.part.0+0xd7/0x240 fs/dcache.c:1042 dput+0x1f/0x30 fs/dcache.c:1037 __fput+0x519/0xb50 fs/file_table.c:520 task_work_run+0x150/0x240 kernel/task_work.c:233 exit_task_work include/linux/task_work.h:40 [inline] do_exit+0x951/0x2ae0 kernel/exit.c:1004 do_group_exit+0xd5/0x2a0 kernel/exit.c:1147 get_signal+0x1ec7/0x21e0 kernel/signal.c:3038 arch_do_signal_or_restart+0x91/0x7e0 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:66 [inline] exit_to_user_mode_loop+0x139/0x6f0 kernel/entry/common.c:101 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline] do_syscall_64+0x666/0x870 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7a2eb9ce59 Code: Unable to access opcode bytes at 0x7f7a2eb9ce2f. RSP: 002b:00007f7a2f9a40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f7a2ee15fa8 RCX: 00007f7a2eb9ce59 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f7a2ee15fa8 RBP: 00007f7a2ee15fa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f7a2ee16038 R14: 00007ffc6d42d140 R15: 00007ffc6d42d228 ---------------- Code disassembly (best guess), 2 bytes skipped: 0: 8a ff mov %bh,%bh 2: 48 83 c4 10 add $0x10,%rsp 6: 5b pop %rbx 7: 5d pop %rbp 8: 41 5c pop %r12 a: 41 5d pop %r13 c: 41 5e pop %r14 e: 41 5f pop %r15 10: c3 ret 11: cc int3 12: cc int3 13: cc int3 14: cc int3 15: e8 17 b8 8a ff call 0xff8ab831 1a: 48 8d 3d 30 0e 60 0e lea 0xe600e30(%rip),%rdi # 0xe600e51 21: 48 8b 14 24 mov (%rsp),%rdx 25: 48 89 ee mov %rbp,%rsi * 28: 67 48 0f b9 3a ud1 (%edx),%rdi <-- trapping instruction 2d: be 08 00 00 00 mov $0x8,%esi 32: 48 89 df mov %rbx,%rdi 35: e8 d7 b3 f8 ff call 0xfff8b411 3a: 48 89 da mov %rbx,%rdx 3d: 48 rex.W