DUID 00:04:ac:03:58:10:d0:76:5c:28:30:a7:8a:8b:4a:a3:06:e2
forked to background, child pid 4653
[   35.340990][ T4654] 8021q: adding VLAN 0 to HW filter on device bond0
[   35.362573][ T4654] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.122' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   59.323636][   T27] audit: type=1804 audit(1675905935.018:2): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
[   59.345148][   T27] audit: type=1804 audit(1675905935.018:3): pid=5087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
[   59.366657][   T27] audit: type=1804 audit(1675905935.018:4): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
[   59.388009][   T27] audit: type=1804 audit(1675905935.028:5): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
executing program
[   59.408851][   T27] audit: type=1804 audit(1675905935.028:6): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
[   59.430686][   T27] audit: type=1800 audit(1675905935.028:7): pid=5088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor416" name="bus" dev="sda1" ino=1137 res=0 errno=0
[   59.452263][   T27] audit: type=1804 audit(1675905935.028:8): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
executing program
executing program
[   59.473386][   T27] audit: type=1800 audit(1675905935.028:9): pid=5090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor416" name="bus" dev="sda1" ino=1137 res=0 errno=0
[   59.502965][   T27] audit: type=1800 audit(1675905935.028:10): pid=5080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor416" name="bus" dev="sda1" ino=1137 res=0 errno=0
executing program
executing program
executing program
executing program
[   59.525179][   T27] audit: type=1804 audit(1675905935.038:11): pid=5091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor416" name="/root/bus" dev="sda1" ino=1137 res=1 errno=0
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   60.661790][ T5203] BUG: Bad rss-counter state mm:ffff888029709b00 type:MM_ANONPAGES val:1
[   60.670316][ T5203] BUG: non-zero pgtables_bytes on freeing mm: 8192
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   62.888827][ T5460] page:ffffea0001d20e00 refcount:14 mapcount:11 mapping:ffff888076c2e928 index:0x40 pfn:0x74838
[   62.899686][ T5460] memcg:ffff888140090000
[   62.903998][ T5460] aops:ext4_da_aops ino:470 dentry name:"syz-executor4166618372"
[   62.911817][ T5460] flags: 0xfff0000000203e(referenced|uptodate|dirty|lru|active|private|node=0|zone=1|lastcpupid=0x7ff)
[   62.923232][ T5460] raw: 00fff0000000203e ffffea0001d20dc8 ffffea0001d20e48 ffff888076c2e928
[   62.931883][ T5460] raw: 0000000000000040 ffff888074017488 0000000f0000000b ffff888140090000
[   62.940540][ T5460] page dumped because: VM_BUG_ON_PAGE(batch->nr > batch->max)
[   62.948017][ T5460] page_owner tracks the page as allocated
[   62.953926][ T5460] page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_WRITE), pid 5070, tgid 5070 (scp), ts 53630762233, free_ts 51680073310
[   62.971947][ T5460]  get_page_from_freelist+0x11bb/0x2d50
[   62.977530][ T5460]  __alloc_pages+0x1cb/0x5c0
[   62.982185][ T5460]  alloc_pages+0x1aa/0x270
[   62.986633][ T5460]  folio_alloc+0x20/0x70
[   62.990926][ T5460]  filemap_alloc_folio+0x3ad/0x450
[   62.996091][ T5460]  __filemap_get_folio+0x32b/0xdc0
[   63.001528][ T5460]  pagecache_get_page+0x2e/0x280
[   63.006514][ T5460]  ext4_da_write_begin+0x421/0xb70
[   63.011696][ T5460]  generic_perform_write+0x256/0x570
[   63.017019][ T5460]  ext4_buffered_write_iter+0x15b/0x460
[   63.022626][ T5460]  ext4_file_write_iter+0x8bf/0x1710
[   63.028042][ T5460]  vfs_write+0x9ed/0xe10
[   63.032362][ T5460]  ksys_write+0x12b/0x250
[   63.036725][ T5460]  do_syscall_64+0x39/0xb0
[   63.041198][ T5460]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.047134][ T5460] page last free stack trace:
[   63.051867][ T5460]  free_pcp_prepare+0x4d0/0x910
[   63.056766][ T5460]  free_unref_page_list+0x176/0xcd0
[   63.062030][ T5460]  release_pages+0xcb1/0x1330
[   63.066725][ T5460]  tlb_batch_pages_flush+0xa8/0x1a0
[   63.071977][ T5460]  tlb_finish_mmu+0x14b/0x7e0
[   63.076685][ T5460]  unmap_region+0x23d/0x2d0
[   63.081233][ T5460]  do_vmi_align_munmap+0x9ca/0xf60
[   63.086381][ T5460]  do_vmi_munmap+0x26e/0x2c0
[   63.091014][ T5460]  __vm_munmap+0x136/0x280
[   63.095459][ T5460]  __x64_sys_munmap+0x59/0x80
[   63.100186][ T5460]  do_syscall_64+0x39/0xb0
[   63.104636][ T5460]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.110729][ T5460] ------------[ cut here ]------------
[   63.116204][ T5460] kernel BUG at mm/mmu_gather.c:139!
[   63.121572][ T5460] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   63.127649][ T5460] CPU: 1 PID: 5460 Comm: syz-executor416 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0
[   63.137550][ T5460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[   63.147598][ T5460] RIP: 0010:__tlb_remove_page_size+0x24c/0x480
[   63.153798][ T5460] Code: 01 00 00 8b 6d 0c e9 e1 fe ff ff e8 ae 4e c1 ff 0f 0b e8 a7 4e c1 ff 4c 89 f7 48 c7 c6 00 7b 58 8a 48 83 e7 fc e8 04 f6 f9 ff <0f> 0b e8 8d 4e c1 ff 4c 8d 6b 24 48 b8 00 00 00 00 00 fc ff df 4c
[   63.173400][ T5460] RSP: 0018:ffffc9000411f6c0 EFLAGS: 00010293
[   63.179471][ T5460] RAX: 0000000000000000 RBX: ffffc9000411fac0 RCX: 0000000000000000
[   63.187444][ T5460] RDX: ffff888021f71d40 RSI: ffffffff81c31f4c RDI: 0000000000000000
[   63.195503][ T5460] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e75bd17
[   63.203471][ T5460] R10: fffffbfff1ceb7a2 R11: 0000000000000000 R12: 0000000000000000
[   63.211443][ T5460] R13: 0000000000000001 R14: ffffea0001d20e00 R15: ffffc9000411fae8
[   63.219938][ T5460] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   63.228875][ T5460] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.235460][ T5460] CR2: 00007f99f2574c48 CR3: 000000002220e000 CR4: 00000000003506e0
[   63.243437][ T5460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.251404][ T5460] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.259370][ T5460] Call Trace:
[   63.262643][ T5460]  <TASK>
[   63.265575][ T5460]  unmap_page_range+0x1226/0x3ce0
[   63.270619][ T5460]  ? vm_normal_page_pmd+0x5a0/0x5a0
[   63.275823][ T5460]  ? uprobe_munmap+0x20/0x550
[   63.280510][ T5460]  unmap_single_vma+0x194/0x2a0
[   63.285369][ T5460]  unmap_vmas+0x234/0x380
[   63.289723][ T5460]  ? unmap_single_vma+0x2a0/0x2a0
[   63.294759][ T5460]  ? find_held_lock+0x2d/0x110
[   63.299530][ T5460]  ? lock_downgrade+0x690/0x690
[   63.304388][ T5460]  ? trace_lock_acquire+0x1f1/0x2b0
[   63.309606][ T5460]  exit_mmap+0x190/0x7d0
[   63.313874][ T5460]  ? do_vma_munmap+0xa0/0xa0
[   63.318497][ T5460]  __mmput+0x128/0x4c0
[   63.322576][ T5460]  mmput+0x60/0x70
[   63.326310][ T5460]  do_exit+0x9d7/0x2b60
[   63.330464][ T5460]  ? find_held_lock+0x2d/0x110
[   63.335235][ T5460]  ? get_signal+0x8a0/0x25b0
[   63.339833][ T5460]  ? mm_update_next_owner+0x7b0/0x7b0
[   63.345212][ T5460]  do_group_exit+0xd4/0x2a0
[   63.349719][ T5460]  get_signal+0x2321/0x25b0
[   63.354225][ T5460]  ? fput+0x2f/0x1a0
[   63.358127][ T5460]  ? exit_signals+0x910/0x910
[   63.362813][ T5460]  arch_do_signal_or_restart+0x79/0x5c0
[   63.368386][ T5460]  ? get_sigframe_size+0x10/0x10
[   63.373335][ T5460]  exit_to_user_mode_prepare+0x11f/0x240
[   63.378983][ T5460]  syscall_exit_to_user_mode+0x1d/0x50
[   63.384463][ T5460]  do_syscall_64+0x46/0xb0
[   63.388899][ T5460]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.394811][ T5460] RIP: 0033:0x7f99f251fa69
[   63.399221][ T5460] Code: Unable to access opcode bytes at 0x7f99f251fa3f.
[   63.406230][ T5460] RSP: 002b:00007f99f24b0318 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   63.414646][ T5460] RAX: 000000000000a800 RBX: 00007f99f25a7438 RCX: 00007f99f251fa69
[   63.422616][ T5460] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
[   63.430585][ T5460] RBP: 00007f99f25a7430 R08: 0000000000000000 R09: 0000000000000000
[   63.438555][ T5460] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f99f2575074
[   63.446528][ T5460] R13: 00007ffc0d4cfb5f R14: 00007f99f24b0400 R15: 0000000000022000
[   63.454505][ T5460]  </TASK>
[   63.457520][ T5460] Modules linked in:
[   63.461543][ T5460] ---[ end trace 0000000000000000 ]---
[   63.467012][ T5460] RIP: 0010:__tlb_remove_page_size+0x24c/0x480
[   63.473232][ T5460] Code: 01 00 00 8b 6d 0c e9 e1 fe ff ff e8 ae 4e c1 ff 0f 0b e8 a7 4e c1 ff 4c 89 f7 48 c7 c6 00 7b 58 8a 48 83 e7 fc e8 04 f6 f9 ff <0f> 0b e8 8d 4e c1 ff 4c 8d 6b 24 48 b8 00 00 00 00 00 fc ff df 4c
[   63.492884][ T5460] RSP: 0018:ffffc9000411f6c0 EFLAGS: 00010293
[   63.498968][ T5460] RAX: 0000000000000000 RBX: ffffc9000411fac0 RCX: 0000000000000000
[   63.506995][ T5460] RDX: ffff888021f71d40 RSI: ffffffff81c31f4c RDI: 0000000000000000
[   63.514997][ T5460] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e75bd17
[   63.522987][ T5460] R10: fffffbfff1ceb7a2 R11: 0000000000000000 R12: 0000000000000000
[   63.530981][ T5460] R13: 0000000000000001 R14: ffffea0001d20e00 R15: ffffc9000411fae8
[   63.538960][ T5460] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[   63.547934][ T5460] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.554539][ T5460] CR2: 00007f99f2574c48 CR3: 000000002220e000 CR4: 00000000003506e0
[   63.562532][ T5460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.570520][ T5460] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.578477][ T5460] Kernel panic - not syncing: Fatal exception
[   63.584681][ T5460] Kernel Offset: disabled
[   63.588993][ T5460] Rebooting in 86400 seconds..