./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2322146829

<...>
Warning: Permanently added '10.128.0.91' (ED25519) to the list of known hosts.
execve("./syz-executor2322146829", ["./syz-executor2322146829"], 0x7ffd75d25730 /* 10 vars */) = 0
brk(NULL)                               = 0x55557c8ba000
brk(0x55557c8bae00)                     = 0x55557c8bae00
arch_prctl(ARCH_SET_FS, 0x55557c8ba480) = 0
set_tid_address(0x55557c8ba750)         = 5823
set_robust_list(0x55557c8ba760, 24)     = 0
rseq(0x55557c8bada0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2322146829", 4096) = 28
getrandom("\xb4\x1b\x3b\x1b\x0f\xeb\xa2\xa6", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55557c8bae00
brk(0x55557c8dbe00)                     = 0x55557c8dbe00
brk(0x55557c8dc000)                     = 0x55557c8dc000
mprotect(0x7fda977e8000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0
rt_sigaction(SIGSEGV, {sa_handler=0x7fda97745480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fda9774c6a0}, NULL, 8) = 0
rt_sigaction(SIGBUS, {sa_handler=0x7fda97745480, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fda9774c6a0}, NULL, 8) = 0
write(1, "executing program\n", 18executing program
)     = 18
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x100} ---
socket(AF_PPPOX, SOCK_STREAM, 1)        = 3
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 4
socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 5
socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6
io_uring_setup(2079, {flags=IORING_SETUP_CLAMP, sq_thread_cpu=0x1, sq_thread_idle=847, sq_entries=4096, cq_entries=8192, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|IORING_FEAT_LINKED_FILE|0x1e000, sq_off={head=0, tail=4, ring_mask=16, ring_entries=24, flags=36, dropped=32, array=131136}, cq_off={head=8, tail=12, ring_mask=20, ring_entries=28, overflow=44, cqes=64, flags=40}}) = 7
mmap(NULL, 147520, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 7, 0) = 0x7fda97710000
mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_POPULATE, 7, 0x10000000) = 0x7fda976d0000
setsockopt(-1, SOL_SOCKET, SO_ATTACH_FILTER, 0x200000000400, -527) = -1 EBADF (Bad file descriptor)
mprotect(0x200000000000, 8388608, PROT_READ|PROT_EXEC) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000200} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000201} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000202} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000204} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000208} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000210} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000218} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000021c} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000220} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x200000000228} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000022a} ---
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000022c} ---
[   67.443033][ T5823] ------------[ cut here ]------------
[   67.448598][ T5823] refcount_t: underflow; use-after-free.
[   67.454851][ T5823] WARNING: CPU: 0 PID: 5823 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0
[   67.464316][ T5823] Modules linked in:
[   67.468220][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor232 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[   67.479400][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   67.489551][ T5823] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   67.495812][ T5823] Code: c0 e1 7f 8c e8 d7 bc 93 fc 90 0f 0b 90 90 eb 99 e8 6b 01 d4 fc c6 05 97 15 38 0b 01 90 48 c7 c7 20 e2 7f 8c e8 b7 bc 93 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 48 01 d4 fc c6 05 71 15 38 0b 01 90
[   67.515490][ T5823] RSP: 0018:ffffc90003e8f9c0 EFLAGS: 00010246
[   67.521580][ T5823] RAX: bae32b5aa58f9a00 RBX: ffff88807f4ad8d0 RCX: ffff888034e08000
[   67.529613][ T5823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   67.537708][ T5823] RBP: 0000000000000003 R08: ffffffff81819d62 R09: fffffbfff1d3a69c
[   67.545724][ T5823] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: dffffc0000000000
[   67.553750][ T5823] R13: 1ffff11005aa3f80 R14: 1ffff1100fe95af6 R15: ffff88807f4ad7b0
[   67.561720][ T5823] FS:  000055557c8ba480(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[   67.570746][ T5823] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.577385][ T5823] CR2: 000020000000022c CR3: 000000003574c000 CR4: 00000000003526f0
[   67.585414][ T5823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.593437][ T5823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.601406][ T5823] Call Trace:
[   67.604735][ T5823]  <TASK>
[   67.607687][ T5823]  ? __warn+0x165/0x4d0
[   67.611924][ T5823]  ? refcount_warn_saturate+0x15a/0x1d0
[   67.617504][ T5823]  ? report_bug+0x2b3/0x500
[   67.622096][ T5823]  ? refcount_warn_saturate+0x15a/0x1d0
[   67.627673][ T5823]  ? handle_bug+0x60/0x90
[   67.632097][ T5823]  ? exc_invalid_op+0x1a/0x50
[   67.636806][ T5823]  ? asm_exc_invalid_op+0x1a/0x20
[   67.641932][ T5823]  ? __warn_printk+0x292/0x360
[   67.646730][ T5823]  ? refcount_warn_saturate+0x15a/0x1d0
[   67.652360][ T5823]  io_send_zc_cleanup+0x121/0x170
[   67.657413][ T5823]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[   67.663014][ T5823]  io_clean_op+0x58c/0x9a0
[   67.667459][ T5823]  ? __io_submit_flush_completions+0xa9f/0xd20
[   67.673694][ T5823]  __io_submit_flush_completions+0xc16/0xd20
[   67.679699][ T5823]  ? __pfx___io_submit_flush_completions+0x10/0x10
[   67.686248][ T5823]  io_handle_tw_list+0x473/0x500
[   67.691203][ T5823]  tctx_task_work_run+0x9a/0x370
[   67.696286][ T5823]  tctx_task_work+0x9a/0x100
[   67.700896][ T5823]  ? __pfx_tctx_task_work+0x10/0x10
[   67.706140][ T5823]  ? _raw_spin_unlock_irq+0x23/0x50
[   67.711353][ T5823]  ? lockdep_hardirqs_on+0x99/0x150
[   67.716616][ T5823]  task_work_run+0x24f/0x310
[   67.721223][ T5823]  ? __pfx_task_work_run+0x10/0x10
[   67.726389][ T5823]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[   67.732418][ T5823]  ptrace_notify+0x2d9/0x380
[   67.737025][ T5823]  ? lockdep_hardirqs_on+0x99/0x150
[   67.742270][ T5823]  ? _raw_spin_unlock_irq+0x2e/0x50
[   67.747489][ T5823]  ? ptrace_notify+0x27f/0x380
[   67.752308][ T5823]  ? __pfx_ptrace_notify+0x10/0x10
[   67.757436][ T5823]  ? __pfx_ptrace_notify+0x10/0x10
[   67.762625][ T5823]  syscall_exit_work+0xc7/0x1d0
[   67.767514][ T5823]  syscall_exit_to_user_mode+0x24a/0x340
[   67.773228][ T5823]  do_syscall_64+0x100/0x230
[   67.777866][ T5823]  ? clear_bhb_loop+0x35/0x90
[   67.782604][ T5823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   67.788513][ T5823] RIP: 0033:0x7fda97775569
[   67.792986][ T5823] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   67.812634][ T5823] RSP: 002b:00007ffe9ef18ea8 EFLAGS: 00000216 ORIG_RAX: 00000000000001aa
[   67.821041][ T5823] RAX: 0000000000001000 RBX: 0000000000000007 RCX: 00007fda97775569
[   67.829051][ T5823] RDX: 0000000000000000 RSI: 00000000000047bc RDI: 0000000000000007
[   67.837111][ T5823] RBP: 0000200000000480 R08: 0000000000000000 R09: 0000000000000000
[   67.845144][ T5823] R10: 0000000000000021 R11: 0000000000000216 R12: 000000000000081f
[   67.853157][ T5823] R13: 00002000000000c0 R14: 0000000000000001 R15: 0000000000000001
[   67.861130][ T5823]  </TASK>
[   67.864205][ T5823] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   67.871494][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor232 Not tainted 6.14.0-rc7-syzkaller-00186-gd07de43e3f05 #0
[   67.882595][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   67.892645][ T5823] Call Trace:
[   67.895916][ T5823]  <TASK>
[   67.898841][ T5823]  dump_stack_lvl+0x241/0x360
[   67.903514][ T5823]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.908702][ T5823]  ? __pfx__printk+0x10/0x10
[   67.913285][ T5823]  ? _printk+0xd5/0x120
[   67.917446][ T5823]  ? __init_begin+0x41000/0x41000
[   67.922474][ T5823]  ? vscnprintf+0x5d/0x90
[   67.926810][ T5823]  panic+0x349/0x880
[   67.930716][ T5823]  ? __warn+0x174/0x4d0
[   67.934877][ T5823]  ? __pfx_panic+0x10/0x10
[   67.939310][ T5823]  __warn+0x344/0x4d0
[   67.943296][ T5823]  ? refcount_warn_saturate+0x15a/0x1d0
[   67.948843][ T5823]  report_bug+0x2b3/0x500
[   67.953176][ T5823]  ? refcount_warn_saturate+0x15a/0x1d0
[   67.958727][ T5823]  handle_bug+0x60/0x90
[   67.962876][ T5823]  exc_invalid_op+0x1a/0x50
[   67.967380][ T5823]  asm_exc_invalid_op+0x1a/0x20
[   67.972239][ T5823] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0
[   67.978396][ T5823] Code: c0 e1 7f 8c e8 d7 bc 93 fc 90 0f 0b 90 90 eb 99 e8 6b 01 d4 fc c6 05 97 15 38 0b 01 90 48 c7 c7 20 e2 7f 8c e8 b7 bc 93 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 48 01 d4 fc c6 05 71 15 38 0b 01 90
[   67.998013][ T5823] RSP: 0018:ffffc90003e8f9c0 EFLAGS: 00010246
[   68.004093][ T5823] RAX: bae32b5aa58f9a00 RBX: ffff88807f4ad8d0 RCX: ffff888034e08000
[   68.012063][ T5823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   68.020026][ T5823] RBP: 0000000000000003 R08: ffffffff81819d62 R09: fffffbfff1d3a69c
[   68.028000][ T5823] R10: dffffc0000000000 R11: fffffbfff1d3a69c R12: dffffc0000000000
[   68.035975][ T5823] R13: 1ffff11005aa3f80 R14: 1ffff1100fe95af6 R15: ffff88807f4ad7b0
[   68.043970][ T5823]  ? __warn_printk+0x292/0x360
[   68.048759][ T5823]  io_send_zc_cleanup+0x121/0x170
[   68.053793][ T5823]  ? __pfx_io_send_zc_cleanup+0x10/0x10
[   68.059347][ T5823]  io_clean_op+0x58c/0x9a0
[   68.063767][ T5823]  ? __io_submit_flush_completions+0xa9f/0xd20
[   68.069928][ T5823]  __io_submit_flush_completions+0xc16/0xd20
[   68.075921][ T5823]  ? __pfx___io_submit_flush_completions+0x10/0x10
[   68.082436][ T5823]  io_handle_tw_list+0x473/0x500
[   68.087385][ T5823]  tctx_task_work_run+0x9a/0x370
[   68.092334][ T5823]  tctx_task_work+0x9a/0x100
[   68.096934][ T5823]  ? __pfx_tctx_task_work+0x10/0x10
[   68.102135][ T5823]  ? _raw_spin_unlock_irq+0x23/0x50
[   68.107340][ T5823]  ? lockdep_hardirqs_on+0x99/0x150
[   68.112551][ T5823]  task_work_run+0x24f/0x310
[   68.117149][ T5823]  ? __pfx_task_work_run+0x10/0x10
[   68.122273][ T5823]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[   68.128290][ T5823]  ptrace_notify+0x2d9/0x380
[   68.132884][ T5823]  ? lockdep_hardirqs_on+0x99/0x150
[   68.138096][ T5823]  ? _raw_spin_unlock_irq+0x2e/0x50
[   68.143308][ T5823]  ? ptrace_notify+0x27f/0x380
[   68.148075][ T5823]  ? __pfx_ptrace_notify+0x10/0x10
[   68.153190][ T5823]  ? __pfx_ptrace_notify+0x10/0x10
[   68.158308][ T5823]  syscall_exit_work+0xc7/0x1d0
[   68.163221][ T5823]  syscall_exit_to_user_mode+0x24a/0x340
[   68.168862][ T5823]  do_syscall_64+0x100/0x230
[   68.173559][ T5823]  ? clear_bhb_loop+0x35/0x90
[   68.178290][ T5823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.184199][ T5823] RIP: 0033:0x7fda97775569
[   68.188617][ T5823] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   68.208225][ T5823] RSP: 002b:00007ffe9ef18ea8 EFLAGS: 00000216 ORIG_RAX: 00000000000001aa
[   68.216667][ T5823] RAX: 0000000000001000 RBX: 0000000000000007 RCX: 00007fda97775569
[   68.224643][ T5823] RDX: 0000000000000000 RSI: 00000000000047bc RDI: 0000000000000007
[   68.232611][ T5823] RBP: 0000200000000480 R08: 0000000000000000 R09: 0000000000000000
[   68.240577][ T5823] R10: 0000000000000021 R11: 0000000000000216 R12: 000000000000081f
[   68.248542][ T5823] R13: 00002000000000c0 R14: 0000000000000001 R15: 0000000000000001
[   68.256527][ T5823]  </TASK>
[   68.259871][ T5823] Kernel Offset: disabled
[   68.264250][ T5823] Rebooting in 86400 seconds..