./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2820486110 <...> forked to background, child pid 3186 no interfaces have a carrier [ 20.673961][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 20.686960][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. execve("./syz-executor2820486110", ["./syz-executor2820486110"], 0x7ffc6d035800 /* 10 vars */) = 0 brk(NULL) = 0x555556b3d000 brk(0x555556b3dc40) = 0x555556b3dc40 arch_prctl(ARCH_SET_FS, 0x555556b3d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2820486110", 4096) = 28 brk(0x555556b5ec40) = 0x555556b5ec40 brk(0x555556b5f000) = 0x555556b5f000 mprotect(0x7f9b4472e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 mmap(0x20002000, 16384, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSDOWN, MAP_PRIVATE|MAP_FIXED, 3, 0xa9000) = 0x20002000 openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 syzkaller login: [ 36.913665][ T3614] ------------[ cut here ]------------ [ 36.919426][ T3614] kernel BUG at mm/memory.c:2210! [ 36.924464][ T3614] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 36.930509][ T3614] CPU: 0 PID: 3614 Comm: syz-executor282 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0 [ 36.941087][ T3614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 36.951130][ T3614] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 36.957013][ T3614] Code: 0f 0b e8 3b e7 c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 87 e3 c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 18 e7 c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 07 e7 c6 ff 4d 21 ee 4c 89 [ 36.976610][ T3614] RSP: 0018:ffffc9000345f5b0 EFLAGS: 00010293 [ 36.982675][ T3614] RAX: 0000000000000000 RBX: 1ffff9200068beb8 RCX: 0000000000000000 [ 36.990640][ T3614] RDX: ffff88801ddfbb00 RSI: ffffffff81b37f98 RDI: 0000000000000007 [ 36.998605][ T3614] RBP: ffff888016ef6420 R08: 0000000000000007 R09: 0000000000000020 [ 37.006568][ T3614] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000020002000 [ 37.014529][ T3614] R13: 000000000001cd71 R14: 000000000c140476 R15: 0000000000000020 [ 37.022489][ T3614] FS: 0000555556b3d300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 37.031412][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.037985][ T3614] CR2: 0000000020002000 CR3: 000000007ef72000 CR4: 0000000000350ef0 [ 37.045943][ T3614] Call Trace: [ 37.049211][ T3614] [ 37.052131][ T3614] ? insert_pfn+0x6d0/0x6d0 [ 37.056635][ T3614] ? __lock_acquire+0xbca/0x5660 [ 37.061569][ T3614] drm_gem_shmem_fault+0x1e3/0x290 [ 37.066696][ T3614] __do_fault+0x10d/0x650 [ 37.071021][ T3614] __handle_mm_fault+0x2739/0x3f50 [ 37.076125][ T3614] ? vm_iomap_memory+0x190/0x190 [ 37.081062][ T3614] handle_mm_fault+0x1c8/0x790 [ 37.085816][ T3614] do_user_addr_fault+0x489/0x11c0 [ 37.090924][ T3614] exc_page_fault+0x9e/0x180 [ 37.095533][ T3614] asm_exc_page_fault+0x27/0x30 [ 37.100399][ T3614] RIP: 0010:fault_in_readable+0x175/0x290 [ 37.106110][ T3614] Code: a8 c9 ff 49 39 dd 0f 84 06 01 00 00 45 31 f6 eb 11 e8 4f a8 c9 ff 48 81 c3 00 10 00 00 4c 39 eb 74 1d e8 3e a8 c9 ff 45 89 f7 <8a> 03 31 ff 44 89 fe 88 44 24 28 e8 6b a4 c9 ff 45 85 ff 74 d2 e8 [ 37.125710][ T3614] RSP: 0018:ffffc9000345f9e0 EFLAGS: 00050293 [ 37.131765][ T3614] RAX: 0000000000000000 RBX: 0000000020002000 RCX: 0000000000000000 [ 37.139722][ T3614] RDX: ffff88801ddfbb00 RSI: ffffffff81b0be72 RDI: 0000000000000005 [ 37.147680][ T3614] RBP: 0000000020001040 R08: 0000000000000005 R09: 0000000000000000 [ 37.155643][ T3614] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000001000 [ 37.163601][ T3614] R13: 0000000020003000 R14: 0000000000000000 R15: 0000000000000000 [ 37.171569][ T3614] ? fault_in_readable+0x172/0x290 [ 37.176678][ T3614] ? fault_in_subpage_writeable+0x20/0x20 [ 37.182391][ T3614] fault_in_iov_iter_readable+0x11f/0x1f0 [ 37.188104][ T3614] generic_perform_write+0x19e/0x560 [ 37.193408][ T3614] ? filemap_fdatawrite_wbc+0x1b0/0x1b0 [ 37.198944][ T3614] ? down_write_killable+0x170/0x170 [ 37.204220][ T3614] ext4_buffered_write_iter+0x15b/0x330 [ 37.209759][ T3614] ext4_file_write_iter+0x43c/0x1520 [ 37.215035][ T3614] ? __lock_acquire+0x163e/0x5660 [ 37.220053][ T3614] ? ext4_buffered_write_iter+0x330/0x330 [ 37.225763][ T3614] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 37.231733][ T3614] ? aa_path_link+0x2f0/0x2f0 [ 37.236402][ T3614] new_sync_write+0x38a/0x560 [ 37.241070][ T3614] ? new_sync_read+0x5f0/0x5f0 [ 37.245824][ T3614] ? lock_release+0x780/0x780 [ 37.250497][ T3614] vfs_write+0x7c0/0xac0 [ 37.254735][ T3614] ksys_write+0x127/0x250 [ 37.259053][ T3614] ? __ia32_sys_read+0xb0/0xb0 [ 37.263807][ T3614] ? lockdep_hardirqs_on+0x79/0x100 [ 37.268995][ T3614] ? _raw_spin_unlock_irq+0x2a/0x40 [ 37.274182][ T3614] ? ptrace_notify+0xfa/0x140 [ 37.278845][ T3614] do_syscall_64+0x35/0xb0 [ 37.283249][ T3614] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 37.289135][ T3614] RIP: 0033:0x7f9b446c1b89 [ 37.293595][ T3614] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.313286][ T3614] RSP: 002b:00007ffc6c1fe898 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 37.321773][ T3614] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9b446c1b89 [ 37.329733][ T3614] RDX: 000000000000fea7 RSI: 0000000020000040 RDI: 0000000000000004 [ 37.337690][ T3614] RBP: 00007f9b44685d30 R08: 00000000000a9000 R09: 0000000000000000 [ 37.345648][ T3614] R10: 00000000000a9000 R11: 0000000000000246 R12: 00007f9b44685dc0 [ 37.353693][ T3614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.361656][ T3614] [ 37.364666][ T3614] Modules linked in: [ 37.368683][ T3614] ---[ end trace 0000000000000000 ]--- [ 37.374234][ T3614] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 37.380189][ T3614] Code: 0f 0b e8 3b e7 c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 87 e3 c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 18 e7 c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 07 e7 c6 ff 4d 21 ee 4c 89 [ 37.399834][ T3614] RSP: 0018:ffffc9000345f5b0 EFLAGS: 00010293 [ 37.405900][ T3614] RAX: 0000000000000000 RBX: 1ffff9200068beb8 RCX: 0000000000000000 [ 37.413898][ T3614] RDX: ffff88801ddfbb00 RSI: ffffffff81b37f98 RDI: 0000000000000007 [ 37.421876][ T3614] RBP: ffff888016ef6420 R08: 0000000000000007 R09: 0000000000000020 [ 37.429855][ T3614] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000020002000 [ 37.437830][ T3614] R13: 000000000001cd71 R14: 000000000c140476 R15: 0000000000000020 [ 37.445785][ T3614] FS: 0000555556b3d300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 37.454730][ T3614] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.461324][ T3614] CR2: 0000000020002000 CR3: 000000007ef72000 CR4: 0000000000350ef0 [ 37.469308][ T3614] Kernel panic - not syncing: Fatal exception [ 37.475966][ T3614] Kernel Offset: disabled [ 37.480275][ T3614] Rebooting in 86400 seconds..