./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1268276243 <...> Warning: Permanently added '10.128.0.187' (ECDSA) to the list of known hosts. execve("./syz-executor1268276243", ["./syz-executor1268276243"], 0x7ffff6e91260 /* 10 vars */) = 0 brk(NULL) = 0x555556809000 brk(0x555556809c40) = 0x555556809c40 arch_prctl(ARCH_SET_FS, 0x555556809300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1268276243", 4096) = 28 brk(0x55555682ac40) = 0x55555682ac40 brk(0x55555682b000) = 0x55555682b000 mprotect(0x7f7fabe62000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 mmap(0x20002000, 16384, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSDOWN, MAP_PRIVATE|MAP_FIXED, 3, 0xa9000) = 0x20002000 openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 syzkaller login: [ 43.755562][ T3605] ------------[ cut here ]------------ [ 43.761463][ T3605] kernel BUG at mm/memory.c:2132! [ 43.766490][ T3605] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 43.772633][ T3605] CPU: 1 PID: 3605 Comm: syz-executor126 Not tainted 5.18.0-rc6-syzkaller-00015-g0ac824f379fb #0 [ 43.783110][ T3605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.793155][ T3605] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 43.799055][ T3605] Code: 0f 0b e8 bb 6a c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 37 6d c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 98 6a c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 87 6a c7 ff 4d 21 ee 4c 89 [ 43.818654][ T3605] RSP: 0018:ffffc90002f3f5b8 EFLAGS: 00010293 [ 43.824729][ T3605] RAX: 0000000000000000 RBX: 1ffff920005e7eb9 RCX: 0000000000000000 [ 43.832693][ T3605] RDX: ffff888019250000 RSI: ffffffff81b1d618 RDI: 0000000000000003 [ 43.840662][ T3605] RBP: ffff888074daea50 R08: 0000000000000020 R09: ffffc90002f3f59f [ 43.848629][ T3605] R10: ffffffff81b1d609 R11: 0000000000000001 R12: 0000000020002000 [ 43.856588][ T3605] R13: 000000000001a6bd R14: 000000000c140476 R15: 0000000000000020 [ 43.864545][ T3605] FS: 0000555556809300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 43.873464][ T3605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.880038][ T3605] CR2: 0000000020002000 CR3: 000000001f0f1000 CR4: 00000000003506e0 [ 43.888380][ T3605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.896338][ T3605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.904298][ T3605] Call Trace: [ 43.907559][ T3605] [ 43.910484][ T3605] ? insert_pfn+0x6d0/0x6d0 [ 43.914981][ T3605] drm_gem_shmem_fault+0x1e3/0x290 [ 43.920085][ T3605] __do_fault+0x10d/0x8c0 [ 43.924404][ T3605] __handle_mm_fault+0x2764/0x4150 [ 43.929506][ T3605] ? vm_iomap_memory+0x190/0x190 [ 43.934438][ T3605] handle_mm_fault+0x1c8/0x790 [ 43.939188][ T3605] do_user_addr_fault+0x489/0x11c0 [ 43.944289][ T3605] exc_page_fault+0x9e/0x180 [ 43.948881][ T3605] asm_exc_page_fault+0x1e/0x30 [ 43.953721][ T3605] RIP: 0010:fault_in_readable+0x175/0x290 [ 43.959435][ T3605] Code: f3 c9 ff 49 39 dd 0f 84 06 01 00 00 45 31 f6 eb 11 e8 6f f3 c9 ff 48 81 c3 00 10 00 00 4c 39 eb 74 1d e8 5e f3 c9 ff 45 89 f7 <8a> 03 31 ff 44 89 fe 88 44 24 28 e8 6b f5 c9 ff 45 85 ff 74 d2 e8 [ 43.979029][ T3605] RSP: 0018:ffffc90002f3f9e0 EFLAGS: 00050293 [ 43.985081][ T3605] RAX: 0000000000000000 RBX: 0000000020002000 RCX: 0000000000000000 [ 43.993464][ T3605] RDX: ffff888019250000 RSI: ffffffff81af4d52 RDI: 0000000000000003 [ 44.001422][ T3605] RBP: 0000000020001040 R08: 0000000000000000 R09: 0000000000000000 [ 44.009378][ T3605] R10: ffffffff81af4cf6 R11: 0000000000000000 R12: 0000000000001000 [ 44.017339][ T3605] R13: 0000000020003000 R14: 0000000000000000 R15: 0000000000000000 [ 44.025296][ T3605] ? fault_in_readable+0x116/0x290 [ 44.030406][ T3605] ? fault_in_readable+0x172/0x290 [ 44.035511][ T3605] ? fault_in_writeable+0x200/0x200 [ 44.040696][ T3605] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 44.046662][ T3605] fault_in_iov_iter_readable+0x11f/0x1f0 [ 44.052377][ T3605] generic_perform_write+0x19e/0x560 [ 44.057664][ T3605] ? filemap_fdatawrite_wbc+0x1b0/0x1b0 [ 44.063207][ T3605] ? rwsem_down_write_slowpath+0x1110/0x1110 [ 44.069185][ T3605] ext4_buffered_write_iter+0x15b/0x330 [ 44.074733][ T3605] ext4_file_write_iter+0x43c/0x1510 [ 44.080018][ T3605] ? __lock_acquire+0x163e/0x56c0 [ 44.085051][ T3605] ? ext4_buffered_write_iter+0x330/0x330 [ 44.090772][ T3605] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 44.096744][ T3605] ? aa_path_link+0x2f0/0x2f0 [ 44.101415][ T3605] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 44.107645][ T3605] new_sync_write+0x38a/0x560 [ 44.112310][ T3605] ? new_sync_read+0x5f0/0x5f0 [ 44.117060][ T3605] ? lock_release+0x720/0x720 [ 44.121731][ T3605] vfs_write+0x7c0/0xac0 [ 44.125960][ T3605] ksys_write+0x127/0x250 [ 44.130275][ T3605] ? __ia32_sys_read+0xb0/0xb0 [ 44.135024][ T3605] ? lockdep_hardirqs_on+0x79/0x100 [ 44.140208][ T3605] ? _raw_spin_unlock_irq+0x2a/0x40 [ 44.145395][ T3605] ? ptrace_notify+0xfa/0x140 [ 44.150061][ T3605] do_syscall_64+0x35/0xb0 [ 44.154470][ T3605] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 44.160353][ T3605] RIP: 0033:0x7f7fabdf5b89 [ 44.164765][ T3605] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.184366][ T3605] RSP: 002b:00007ffe890ed408 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 44.192774][ T3605] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7fabdf5b89 [ 44.200736][ T3605] RDX: 000000000000fea7 RSI: 0000000020000040 RDI: 0000000000000004 [ 44.208700][ T3605] RBP: 00007f7fabdb9d30 R08: 00000000000a9000 R09: 0000000000000000 [ 44.216664][ T3605] R10: 00000000000a9000 R11: 0000000000000246 R12: 00007f7fabdb9dc0 [ 44.224623][ T3605] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.232595][ T3605] [ 44.235607][ T3605] Modules linked in: [ 44.239816][ T3605] ---[ end trace 0000000000000000 ]--- [ 44.245428][ T3605] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 44.251463][ T3605] Code: 0f 0b e8 bb 6a c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 37 6d c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 98 6a c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 87 6a c7 ff 4d 21 ee 4c 89 [ 44.271170][ T3605] RSP: 0018:ffffc90002f3f5b8 EFLAGS: 00010293 [ 44.277252][ T3605] RAX: 0000000000000000 RBX: 1ffff920005e7eb9 RCX: 0000000000000000 [ 44.285251][ T3605] RDX: ffff888019250000 RSI: ffffffff81b1d618 RDI: 0000000000000003 [ 44.293710][ T3605] RBP: ffff888074daea50 R08: 0000000000000020 R09: ffffc90002f3f59f [ 44.301706][ T3605] R10: ffffffff81b1d609 R11: 0000000000000001 R12: 0000000020002000 [ 44.309677][ T3605] R13: 000000000001a6bd R14: 000000000c140476 R15: 0000000000000020 [ 44.317661][ T3605] FS: 0000555556809300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 44.326675][ T3605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.333277][ T3605] CR2: 00007f7fabdd07b5 CR3: 000000001f0f1000 CR4: 00000000003506f0 [ 44.341261][ T3605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.349214][ T3605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.357438][ T3605] Kernel panic - not syncing: Fatal exception [ 44.363668][ T3605] Kernel Offset: disabled [ 44.367980][ T3605] Rebooting in 86400 seconds..