./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor76885313 <...> DUID 00:04:a3:03:08:15:93:78:e3:1f:4c:1c:fb:56:e6:f5:4b:05 forked to background, child pid 4811 [ 30.216812][ T4812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.228131][ T4812] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. execve("./syz-executor76885313", ["./syz-executor76885313"], 0x7ffc1bdd8820 /* 10 vars */) = 0 brk(NULL) = 0x55555620e000 brk(0x55555620ed00) = 0x55555620ed00 arch_prctl(ARCH_SET_FS, 0x55555620e3c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor76885313", 4096) = 26 brk(0x55555622fd00) = 0x55555622fd00 brk(0x555556230000) = 0x555556230000 mprotect(0x7f6650dd3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f6650d2a1c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6650d2a230}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f6650d2a1c0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6650d2a230}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/autofs", O_RDONLY) = 3 openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 4 mmap(0x20000000, 8192, PROT_READ|PROT_SEM, MAP_PRIVATE|MAP_FIXED, 4, 0x42000) = 0x20000000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000000c} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- syzkaller login: [ 54.825566][ T5233] ------------[ cut here ]------------ [ 54.831260][ T5233] kernel BUG at mm/memory.c:2185! [ 54.836814][ T5233] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 54.843426][ T5233] CPU: 1 PID: 5233 Comm: syz-executor768 Not tainted 6.1.0-rc3-next-20221104-syzkaller #0 [ 54.853321][ T5233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 54.863375][ T5233] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 54.869449][ T5233] Code: 0f 0b e8 9b b0 c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 77 ad c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 78 b0 c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 67 b0 c6 ff 4d 21 ee 4c 89 [ 54.889048][ T5233] RSP: 0018:ffffc90003b1f9d8 EFLAGS: 00010293 [ 54.895195][ T5233] RAX: 0000000000000000 RBX: 1ffff92000763f3d RCX: 0000000000000000 [ 54.903339][ T5233] RDX: ffff8880220c0000 RSI: ffffffff81b61f98 RDI: 0000000000000007 [ 54.911326][ T5233] RBP: ffff888026d5c000 R08: 0000000000000007 R09: 0000000000000020 [ 54.919335][ T5233] R10: 0000000000000020 R11: 1ffffffff2026c8a R12: 0000000020000000 [ 54.927413][ T5233] R13: 000000000001d26c R14: 000000000c040471 R15: 0000000000000020 [ 54.935394][ T5233] FS: 000055555620e3c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 54.944409][ T5233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.951004][ T5233] CR2: 0000000020000000 CR3: 0000000029cce000 CR4: 00000000003506e0 [ 54.959083][ T5233] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.967061][ T5233] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.975042][ T5233] Call Trace: [ 54.978316][ T5233] [ 54.981242][ T5233] ? __lock_acquire+0xbc3/0x56d0 [ 54.986237][ T5233] ? insert_pfn+0x680/0x680 [ 54.990758][ T5233] drm_gem_shmem_fault+0x1dd/0x290 [ 54.995898][ T5233] __do_fault+0x107/0x600 [ 55.000227][ T5233] __handle_mm_fault+0x2260/0x3e50 [ 55.006031][ T5233] ? vm_iomap_memory+0x180/0x180 [ 55.010980][ T5233] handle_mm_fault+0x164/0x6d0 [ 55.015834][ T5233] do_user_addr_fault+0x475/0x1210 [ 55.020946][ T5233] ? rcu_read_lock_sched_held+0x3a/0x70 [ 55.026500][ T5233] exc_page_fault+0x94/0x170 [ 55.031087][ T5233] asm_exc_page_fault+0x22/0x30 [ 55.035940][ T5233] RIP: 0010:copy_user_short_string+0xa/0x40 [ 55.041852][ T5233] Code: 83 f8 12 74 0a 89 d1 f3 a4 89 c8 0f 01 ca c3 89 d0 0f 01 ca c3 01 ca eb e7 0f 1f 80 00 00 00 00 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 [ 55.061483][ T5233] RSP: 0018:ffffc90003b1fdf0 EFLAGS: 00050206 [ 55.067553][ T5233] RAX: 0000000000000001 RBX: 0000000000000018 RCX: 0000000000000003 [ 55.075613][ T5233] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffc90003b1fe58 [ 55.083579][ T5233] RBP: ffffc90003b1fe58 R08: 0000000000000001 R09: ffffc90003b1fe6f [ 55.092411][ T5233] R10: fffff52000763fcd R11: 000000000008e001 R12: 00007fffffffefe8 [ 55.100379][ T5233] R13: 0000000020000000 R14: 0000000000000007 R15: 0000000020000000 [ 55.108376][ T5233] _copy_from_user+0x137/0x170 [ 55.113151][ T5233] _autofs_dev_ioctl+0x104/0x7f0 [ 55.118121][ T5233] ? autofs_dev_ioctl_openmount+0x2d0/0x2d0 [ 55.124045][ T5233] ? _autofs_dev_ioctl+0x7f0/0x7f0 [ 55.129257][ T5233] autofs_dev_ioctl+0x17/0x20 [ 55.133942][ T5233] __x64_sys_ioctl+0x193/0x200 [ 55.138714][ T5233] do_syscall_64+0x35/0xb0 [ 55.143157][ T5233] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.149079][ T5233] RIP: 0033:0x7f6650d672f9 [ 55.153515][ T5233] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.173134][ T5233] RSP: 002b:00007ffdeef681f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.181553][ T5233] RAX: ffffffffffffffda RBX: 00007ffdeef68208 RCX: 00007f6650d672f9 [ 55.189540][ T5233] RDX: 0000000020000000 RSI: 00000000c0189378 RDI: 0000000000000003 [ 55.197542][ T5233] RBP: 00007ffdeef68200 R08: 00007ffdeef68200 R09: 00007f6650d2a1c0 [ 55.205530][ T5233] R10: 00007ffdeef68200 R11: 0000000000000246 R12: 0000000000000000 [ 55.213507][ T5233] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 55.221508][ T5233] [ 55.224549][ T5233] Modules linked in: [ 55.228752][ T5233] ---[ end trace 0000000000000000 ]--- [ 55.234503][ T5233] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 55.240434][ T5233] Code: 0f 0b e8 9b b0 c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 77 ad c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 78 b0 c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 67 b0 c6 ff 4d 21 ee 4c 89 [ 55.260863][ T5233] RSP: 0018:ffffc90003b1f9d8 EFLAGS: 00010293 [ 55.267019][ T5233] RAX: 0000000000000000 RBX: 1ffff92000763f3d RCX: 0000000000000000 [ 55.275070][ T5233] RDX: ffff8880220c0000 RSI: ffffffff81b61f98 RDI: 0000000000000007 [ 55.283267][ T5233] RBP: ffff888026d5c000 R08: 0000000000000007 R09: 0000000000000020 [ 55.291238][ T5233] R10: 0000000000000020 R11: 1ffffffff2026c8a R12: 0000000020000000 [ 55.299260][ T5233] R13: 000000000001d26c R14: 000000000c040471 R15: 0000000000000020 [ 55.307314][ T5233] FS: 000055555620e3c0(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 55.316303][ T5233] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.322931][ T5233] CR2: 0000000020000000 CR3: 0000000029cce000 CR4: 00000000003506e0 [ 55.330911][ T5233] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.338942][ T5233] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.346941][ T5233] Kernel panic - not syncing: Fatal exception [ 55.353150][ T5233] Kernel Offset: disabled [ 55.357465][ T5233] Rebooting in 86400 seconds..