./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3845226369

<...>
DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6
forked to background, child pid 3188
[   29.368561][ T3189] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.371217][ T3189] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.82' (ECDSA) to the list of known hosts.
execve("./syz-executor3845226369", ["./syz-executor3845226369"], 0x7ffe3b85ee90 /* 10 vars */) = 0
brk(NULL)                               = 0x555556c8a000
brk(0x555556c8ac40)                     = 0x555556c8ac40
arch_prctl(ARCH_SET_FS, 0x555556c8a300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3845226369", 4096) = 28
brk(0x555556cabc40)                     = 0x555556cabc40
brk(0x555556cac000)                     = 0x555556cac000
mprotect(0x7f2ba25a2000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/proc/self/exe", O_RDONLY) = 3
close(3)                                = 0
openat(-1, "/proc/self/exe", O_RDONLY)  = 3
openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 4
ioctl(4, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000040) = 0
close(3)                                = 0
ioctl(4, DRM_IOCTL_PRIME_HANDLE_TO_FD, 0x20000100) = 0
mmap(0x20ffb000, 8192, PROT_NONE, MAP_SHARED_VALIDATE|MAP_FIXED, 3, 0) = 0x20ffb000
exit_group(0)                           = ?
syzkaller login: [   51.553831][ T3609] ==================================================================
[   51.553843][ T3609] BUG: KASAN: vmalloc-out-of-bounds in check_move_unevictable_pages+0x3f6/0x440
[   51.553868][ T3609] Write of size 8 at addr ffffc90002e70008 by task syz-executor384/3609
[   51.553880][ T3609] 
[   51.553884][ T3609] CPU: 0 PID: 3609 Comm: syz-executor384 Not tainted 5.19.0-rc1-next-20220607-syzkaller #0
[   51.553903][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.553912][ T3609] Call Trace:
[   51.553916][ T3609]  <TASK>
[   51.553921][ T3609]  dump_stack_lvl+0xcd/0x134
[   51.553959][ T3609]  print_address_description.constprop.0.cold+0xf/0x495
[   51.553983][ T3609]  ? check_move_unevictable_pages+0x3f6/0x440
[   51.553996][ T3609]  kasan_report.cold+0xf4/0x1c6
[   51.554016][ T3609]  ? pat_enabled+0x1/0x10
[   51.554030][ T3609]  ? check_move_unevictable_pages+0x3f6/0x440
[   51.554044][ T3609]  check_move_unevictable_pages+0x3f6/0x440
[   51.554059][ T3609]  ? check_move_unevictable_folios+0x1590/0x1590
[   51.554073][ T3609]  ? __change_page_attr_set_clr+0x1/0x1ec0
[   51.554088][ T3609]  ? pat_pagerange_is_ram+0xa8/0x140
[   51.554103][ T3609]  ? memtype_seq_stop+0x20/0x20
[   51.554118][ T3609]  ? cpa_flush+0x310/0x440
[   51.554132][ T3609]  drm_gem_put_pages+0x341/0x3f0
[   51.554148][ T3609]  ? drm_gem_vm_open+0xc0/0xc0
[   51.554159][ T3609]  ? set_pages_array_wb+0x183/0x240
[   51.554179][ T3609]  drm_gem_shmem_put_pages_locked+0x13e/0x230
[   51.554195][ T3609]  ? drm_gem_shmem_object_get_sg_table+0x100/0x100
[   51.554211][ T3609]  drm_gem_shmem_vm_close+0x45/0x70
[   51.554226][ T3609]  remove_vma+0x81/0x130
[   51.554239][ T3609]  exit_mmap+0x2a1/0x750
[   51.554254][ T3609]  ? __ia32_sys_remap_file_pages+0x150/0x150
[   51.554280][ T3609]  __mmput+0x128/0x4c0
[   51.554295][ T3609]  mmput+0x5c/0x70
[   51.554308][ T3609]  do_exit+0xa18/0x2a00
[   51.554328][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   51.554361][ T3609]  ? mm_update_next_owner+0x7b0/0x7b0
[   51.554397][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.554430][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   51.554451][ T3609]  do_group_exit+0xd2/0x2f0
[   51.554472][ T3609]  __x64_sys_exit_group+0x3a/0x50
[   51.554493][ T3609]  do_syscall_64+0x35/0xb0
[   51.554508][ T3609]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   51.554530][ T3609] RIP: 0033:0x7f2ba25343a9
[   51.554541][ T3609] Code: Unable to access opcode bytes at RIP 0x7f2ba253437f.
[   51.554548][ T3609] RSP: 002b:00007ffe990141f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   51.554563][ T3609] RAX: ffffffffffffffda RBX: 00007f2ba25a8290 RCX: 00007f2ba25343a9
[   51.554572][ T3609] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   51.554581][ T3609] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[   51.554589][ T3609] R10: 0000000000000013 R11: 0000000000000246 R12: 00007f2ba25a8290
[   51.554598][ T3609] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   51.554611][ T3609]  </TASK>
[   51.554615][ T3609] 
[   51.554619][ T3609] The buggy address belongs to the virtual mapping at
[   51.554619][ T3609]  [ffffc90002e68000, ffffc90002e71000) created by:
[   51.554619][ T3609]  kernel_clone+0xe7/0xab0
[   51.554639][ T3609] 
[   51.554642][ T3609] Memory state around the buggy address:
[   51.554648][ T3609]  ffffc90002e6ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.554657][ T3609]  ffffc90002e6ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.554665][ T3609] >ffffc90002e70000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   51.554671][ T3609]                       ^
[   51.554677][ T3609]  ffffc90002e70080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   51.554685][ T3609]  ffffc90002e70100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   51.554692][ T3609] ==================================================================
[   51.554697][ T3609] Kernel panic - not syncing: panic_on_warn set ...
[   51.926124][ T3609] CPU: 0 PID: 3609 Comm: syz-executor384 Not tainted 5.19.0-rc1-next-20220607-syzkaller #0
[   51.936262][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.946338][ T3609] Call Trace:
[   51.949742][ T3609]  <TASK>
[   51.952684][ T3609]  dump_stack_lvl+0xcd/0x134
[   51.957327][ T3609]  panic+0x2d7/0x636
[   51.961252][ T3609]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   51.967415][ T3609]  ? mark_held_locks+0x9f/0xe0
[   51.972282][ T3609]  ? check_move_unevictable_pages+0x3f6/0x440
[   51.978366][ T3609]  ? check_move_unevictable_pages+0x3f6/0x440
[   51.984483][ T3609]  end_report.part.0+0x3f/0x7c
[   51.989263][ T3609]  kasan_report.cold+0x93/0x1c6
[   51.994148][ T3609]  ? pat_enabled+0x1/0x10
[   51.998599][ T3609]  ? check_move_unevictable_pages+0x3f6/0x440
[   52.004696][ T3609]  check_move_unevictable_pages+0x3f6/0x440
[   52.010617][ T3609]  ? check_move_unevictable_folios+0x1590/0x1590
[   52.016956][ T3609]  ? __change_page_attr_set_clr+0x1/0x1ec0
[   52.022849][ T3609]  ? pat_pagerange_is_ram+0xa8/0x140
[   52.028149][ T3609]  ? memtype_seq_stop+0x20/0x20
[   52.033008][ T3609]  ? cpa_flush+0x310/0x440
[   52.037449][ T3609]  drm_gem_put_pages+0x341/0x3f0
[   52.042403][ T3609]  ? drm_gem_vm_open+0xc0/0xc0
[   52.047243][ T3609]  ? set_pages_array_wb+0x183/0x240
[   52.053104][ T3609]  drm_gem_shmem_put_pages_locked+0x13e/0x230
[   52.059187][ T3609]  ? drm_gem_shmem_object_get_sg_table+0x100/0x100
[   52.065721][ T3609]  drm_gem_shmem_vm_close+0x45/0x70
[   52.071328][ T3609]  remove_vma+0x81/0x130
[   52.075619][ T3609]  exit_mmap+0x2a1/0x750
[   52.080991][ T3609]  ? __ia32_sys_remap_file_pages+0x150/0x150
[   52.087019][ T3609]  __mmput+0x128/0x4c0
[   52.091110][ T3609]  mmput+0x5c/0x70
[   52.094939][ T3609]  do_exit+0xa18/0x2a00
[   52.099197][ T3609]  ? lock_downgrade+0x6e0/0x6e0
[   52.104245][ T3609]  ? mm_update_next_owner+0x7b0/0x7b0
[   52.109632][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.114937][ T3609]  ? _raw_spin_unlock_irq+0x1f/0x40
[   52.120154][ T3609]  do_group_exit+0xd2/0x2f0
[   52.124678][ T3609]  __x64_sys_exit_group+0x3a/0x50
[   52.129719][ T3609]  do_syscall_64+0x35/0xb0
[   52.134438][ T3609]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   52.140383][ T3609] RIP: 0033:0x7f2ba25343a9
[   52.144807][ T3609] Code: Unable to access opcode bytes at RIP 0x7f2ba253437f.
[   52.152168][ T3609] RSP: 002b:00007ffe990141f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   52.160695][ T3609] RAX: ffffffffffffffda RBX: 00007f2ba25a8290 RCX: 00007f2ba25343a9
[   52.168747][ T3609] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   52.176728][ T3609] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[   52.184744][ T3609] R10: 0000000000000013 R11: 0000000000000246 R12: 00007f2ba25a8290
[   52.192809][ T3609] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   52.201062][ T3609]  </TASK>
[   52.204269][ T3609] Kernel Offset: disabled
[   52.208621][ T3609] Rebooting in 86400 seconds..