forked to background, child pid 3174 no interfaces have a carrier [ 21.929884][ T3175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.939221][ T3175] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 76.160131][ T22] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.174' (ECDSA) to the list of known hosts. executing program [ 88.148436][ T3608] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 124.673034][ T4931] page:ffffea00008f4c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23d30 [ 124.683229][ T4931] head:ffffea00008f4c00 order:3 compound_mapcount:0 compound_pincount:0 [ 124.691583][ T4931] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 124.699591][ T4931] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c42140 [ 124.708194][ T4931] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 124.716783][ T4931] page dumped because: VM_BUG_ON_FOLIO(folio_test_slab(folio)) [ 124.724313][ T4931] page_owner tracks the page as allocated [ 124.730052][ T4931] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4331, tgid 4331 (syz-executor107), ts 108496403643, free_ts 108451060751 [ 124.753277][ T4931] get_page_from_freelist+0xba2/0x3df0 [ 124.758747][ T4931] __alloc_pages+0x1b2/0x500 [ 124.763359][ T4931] alloc_pages+0x1aa/0x310 [ 124.767756][ T4931] allocate_slab+0x26c/0x3c0 [ 124.772363][ T4931] ___slab_alloc+0x8df/0xf20 [ 124.776936][ T4931] __slab_alloc.constprop.0+0x4d/0xa0 [ 124.782311][ T4931] __kmalloc+0x318/0x350 [ 124.786536][ T4931] hcd_buffer_alloc+0x1ed/0x290 [ 124.791405][ T4931] usb_alloc_coherent+0x5d/0x80 [ 124.796240][ T4931] usbdev_mmap+0x20a/0x9a0 [ 124.800657][ T4931] mmap_region+0xba5/0x14a0 [ 124.805140][ T4931] do_mmap+0x863/0xfa0 [ 124.809190][ T4931] vm_mmap_pgoff+0x1b7/0x290 [ 124.813791][ T4931] ksys_mmap_pgoff+0x40d/0x5a0 [ 124.818534][ T4931] do_syscall_64+0x35/0x80 [ 124.822959][ T4931] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 124.828848][ T4931] page last free stack trace: [ 124.833527][ T4931] free_pcp_prepare+0x549/0xd20 [ 124.838363][ T4931] free_unref_page+0x19/0x690 [ 124.843061][ T4931] qlist_free_all+0x6a/0x170 [ 124.847650][ T4931] kasan_quarantine_reduce+0x180/0x200 [ 124.853127][ T4931] __kasan_slab_alloc+0xa2/0xc0 [ 124.857981][ T4931] __kmalloc_node+0x23a/0x390 [ 124.862676][ T4931] kvmalloc_node+0x3e/0x130 [ 124.867177][ T4931] seq_read_iter+0x7f7/0x1280 [ 124.871879][ T4931] kernfs_fop_read_iter+0x514/0x6f0 [ 124.877079][ T4931] new_sync_read+0x384/0x5f0 [ 124.881719][ T4931] vfs_read+0x492/0x5d0 [ 124.885876][ T4931] ksys_read+0x127/0x250 [ 124.890156][ T4931] do_syscall_64+0x35/0x80 [ 124.894581][ T4931] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 124.900609][ T4931] ------------[ cut here ]------------ [ 124.906050][ T4931] kernel BUG at include/linux/memcontrol.h:472! [ 124.912310][ T4931] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 124.918374][ T4931] CPU: 1 PID: 4931 Comm: syz-executor107 Tainted: G W 5.17.0-syzkaller-13532-gb4a5ea09b293 #0 [ 124.929887][ T4931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 124.939942][ T4931] RIP: 0010:workingset_activation+0x5d6/0x6d0 [ 124.945991][ T4931] Code: 48 89 ef e8 1c 01 00 00 c6 05 4f 2c f3 0b 01 0f 0b e9 00 fc ff ff e8 d9 f5 c9 ff 48 c7 c6 c0 5a d7 89 48 89 ef e8 fa 00 00 00 <0f> 0b e8 c3 f5 c9 ff 0f 0b e9 02 fb ff ff e8 b7 f5 c9 ff 48 c7 c6 [ 124.965576][ T4931] RSP: 0018:ffffc900069a7550 EFLAGS: 00010293 [ 124.971621][ T4931] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 124.979568][ T4931] RDX: ffff88801e115700 RSI: ffffffff81aea756 RDI: 0000000000000003 [ 124.987521][ T4931] RBP: ffffea00008f4c00 R08: 0000000000000029 R09: 00000000ffffffff [ 124.995492][ T4931] R10: ffffffff891b91b5 R11: 00000000ffffffff R12: 0000000000000000 [ 125.003448][ T4931] R13: ffff8880b9d34da8 R14: dffffc0000000000 R15: 0000000000000003 [ 125.011399][ T4931] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 125.020313][ T4931] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.026890][ T4931] CR2: 00007f0a5da701f0 CR3: 000000001b4e3000 CR4: 00000000003526e0 [ 125.034854][ T4931] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.042814][ T4931] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.050777][ T4931] Call Trace: [ 125.054042][ T4931] [ 125.056964][ T4931] folio_mark_accessed+0x596/0xdd0 [ 125.062076][ T4931] kvm_set_pfn_accessed+0x1d7/0x220 [ 125.067275][ T4931] handle_changed_spte_acc_track+0x1bc/0x290 [ 125.073250][ T4931] __handle_changed_spte+0xb88/0x1510 [ 125.078619][ T4931] ? tdp_mmu_init_child_sp+0x590/0x590 [ 125.084080][ T4931] ? stack_trace_save+0x8c/0xc0 [ 125.088928][ T4931] __handle_changed_spte+0xb79/0x1510 [ 125.094299][ T4931] ? tdp_mmu_init_child_sp+0x590/0x590 [ 125.099751][ T4931] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 125.105990][ T4931] ? kvm_mmu_reset_all_pte_masks+0x370/0x370 [ 125.111967][ T4931] __tdp_mmu_set_spte+0x197/0x850 [ 125.116988][ T4931] ? __handle_changed_spte+0x1510/0x1510 [ 125.122613][ T4931] ? spte_to_child_pt+0xa0/0xa0 [ 125.127454][ T4931] ? rcu_read_lock_sched_held+0xd/0x70 [ 125.132912][ T4931] ? lock_acquire+0x442/0x510 [ 125.137588][ T4931] __tdp_mmu_zap_root+0x783/0x7e0 [ 125.142607][ T4931] ? clear_dirty_pt_masked+0x510/0x510 [ 125.148057][ T4931] ? lock_acquire+0x442/0x510 [ 125.152727][ T4931] ? lock_release+0x720/0x720 [ 125.157401][ T4931] ? tdp_mmu_zap_root_work+0x70/0x70 [ 125.162681][ T4931] ? lock_release+0x720/0x720 [ 125.167354][ T4931] tdp_mmu_zap_root+0x12e/0x330 [ 125.172202][ T4931] kvm_tdp_mmu_zap_all+0x154/0x1b0 [ 125.177310][ T4931] ? kvm_make_vcpu_request+0x230/0x230 [ 125.182765][ T4931] kvm_mmu_zap_all+0x27c/0x2c0 [ 125.187523][ T4931] ? kvm_mmu_slot_leaf_clear_dirty+0x4c0/0x4c0 [ 125.193669][ T4931] ? lock_release+0x720/0x720 [ 125.198339][ T4931] ? __mmu_notifier_invalidate_range_end+0x3fa/0x560 [ 125.205009][ T4931] ? __sanitizer_cov_trace_cmp2+0x41/0x80 [ 125.210725][ T4931] ? kvm_make_vcpu_request+0x230/0x230 [ 125.216178][ T4931] kvm_mmu_notifier_release+0x5f/0xa0 [ 125.221545][ T4931] ? kvm_make_vcpu_request+0x230/0x230 [ 125.227007][ T4931] __mmu_notifier_release+0x1a9/0x600 [ 125.232388][ T4931] ? mmu_interval_notifier_insert+0x170/0x170 [ 125.238460][ T4931] ? uprobe_clear_state+0xf8/0x420 [ 125.243579][ T4931] ? lock_downgrade+0x6e0/0x6e0 [ 125.248453][ T4931] ? __mutex_lock+0x21a/0x12f0 [ 125.253220][ T4931] exit_mmap+0x3c5/0x4a0 [ 125.257461][ T4931] ? __ia32_sys_remap_file_pages+0x150/0x150 [ 125.263437][ T4931] ? ioctx_alloc+0x2370/0x2370 [ 125.268196][ T4931] ? rcu_read_lock_sched_held+0xd/0x70 [ 125.273650][ T4931] ? lock_acquire+0x442/0x510 [ 125.278324][ T4931] ? lock_release+0x522/0x720 [ 125.283003][ T4931] __mmput+0x122/0x4b0 [ 125.287063][ T4931] mmput+0x56/0x60 [ 125.290782][ T4931] do_exit+0xa12/0x2a00 [ 125.294941][ T4931] ? lock_downgrade+0x6e0/0x6e0 [ 125.299789][ T4931] ? mm_update_next_owner+0x7a0/0x7a0 [ 125.305162][ T4931] do_group_exit+0xd2/0x2f0 [ 125.309665][ T4931] __x64_sys_exit_group+0x3a/0x50 [ 125.314687][ T4931] do_syscall_64+0x35/0x80 [ 125.319094][ T4931] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 125.324986][ T4931] RIP: 0033:0x7f0a5d9fad59 [ 125.329390][ T4931] Code: Unable to access opcode bytes at RIP 0x7f0a5d9fad2f. [ 125.336736][ T4931] RSP: 002b:00007ffee2e47398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 125.345226][ T4931] RAX: ffffffffffffffda RBX: 00007f0a5da6f350 RCX: 00007f0a5d9fad59 [ 125.353197][ T4931] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 125.361165][ T4931] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 00007ffee2e47588 [ 125.369134][ T4931] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0a5da6f350 [ 125.377109][ T4931] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 125.385084][ T4931] [ 125.388095][ T4931] Modules linked in: [ 125.392117][ T4931] ---[ end trace 0000000000000000 ]--- [ 125.397574][ T4931] RIP: 0010:workingset_activation+0x5d6/0x6d0 [ 125.403696][ T4931] Code: 48 89 ef e8 1c 01 00 00 c6 05 4f 2c f3 0b 01 0f 0b e9 00 fc ff ff e8 d9 f5 c9 ff 48 c7 c6 c0 5a d7 89 48 89 ef e8 fa 00 00 00 <0f> 0b e8 c3 f5 c9 ff 0f 0b e9 02 fb ff ff e8 b7 f5 c9 ff 48 c7 c6 [ 125.423360][ T4931] RSP: 0018:ffffc900069a7550 EFLAGS: 00010293 [ 125.429428][ T4931] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 125.437414][ T4931] RDX: ffff88801e115700 RSI: ffffffff81aea756 RDI: 0000000000000003 [ 125.445402][ T4931] RBP: ffffea00008f4c00 R08: 0000000000000029 R09: 00000000ffffffff [ 125.453384][ T4931] R10: ffffffff891b91b5 R11: 00000000ffffffff R12: 0000000000000000 [ 125.461361][ T4931] R13: ffff8880b9d34da8 R14: dffffc0000000000 R15: 0000000000000003 [ 125.469323][ T4931] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 125.478416][ T4931] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 125.485065][ T4931] CR2: 00007f0a5da701f0 CR3: 000000001b4e3000 CR4: 00000000003526e0 [ 125.493053][ T4931] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 125.501048][ T4931] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 125.509014][ T4931] Kernel panic - not syncing: Fatal exception [ 125.515249][ T4931] Kernel Offset: disabled [ 125.519560][ T4931] Rebooting in 86400 seconds..