./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4073537112 <...> forked to background, child pid 3182 no interfa[ 17.658143][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 ces have a carrier [ 17.673405][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.120' (ECDSA) to the list of known hosts. execve("./syz-executor4073537112", ["./syz-executor4073537112"], 0x7ffc4b491450 /* 10 vars */) = 0 brk(NULL) = 0x555557369000 brk(0x555557369c40) = 0x555557369c40 arch_prctl(ARCH_SET_FS, 0x555557369300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor4073537112", 4096) = 28 brk(0x55555738ac40) = 0x55555738ac40 brk(0x55555738b000) = 0x55555738b000 mprotect(0x7f2d1929d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_ANONYMOUS|MAP_POPULATE|MAP_DENYWRITE|MAP_STACK|MAP_HUGETLB, -1, 0) = 0x20000000 madvise(0x20000000, 6291459, MADV_REMOVE) = 0 madvise(0x20800000, 8388608, MADV_DONTNEED) = 0 syzkaller login: [ 36.760628][ T3610] ------------[ cut here ]------------ [ 36.766101][ T3610] kernel BUG at include/linux/mm.h:1529! [ 36.771990][ T3610] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 36.778145][ T3610] CPU: 0 PID: 3610 Comm: syz-executor407 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 [ 36.788206][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 36.798238][ T3610] RIP: 0010:copy_hugetlb_page_range+0x1f16/0x2590 [ 36.804703][ T3610] Code: 20 2c ee ff 0f 0b e8 49 d9 b6 ff 83 8c 24 00 01 00 00 01 48 8d bc 24 e0 00 00 00 e8 14 15 02 00 e9 5d ef ff ff e8 2a d9 b6 ff <0f> 0b e8 23 d9 b6 ff 0f 0b e8 1c d9 b6 ff 49 c1 e4 0e 48 8b 84 24 [ 36.824377][ T3610] RSP: 0018:ffffc90003c8f5f0 EFLAGS: 00010293 [ 36.830528][ T3610] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 36.838490][ T3610] RDX: ffff888025235880 RSI: ffffffff81c47116 RDI: 0000000000000005 [ 36.846448][ T3610] RBP: ffffea0001170000 R08: 0000000000000005 R09: 0000000000000000 [ 36.854406][ T3610] R10: 0000000000000001 R11: 000000000008c07d R12: ffffea0001170008 [ 36.862372][ T3610] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000020000000 [ 36.870352][ T3610] FS: 0000555557369300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 36.879278][ T3610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.885852][ T3610] CR2: 0000000020003200 CR3: 000000001d225000 CR4: 0000000000350ef0 [ 36.893817][ T3610] Call Trace: [ 36.897083][ T3610] [ 36.900004][ T3610] ? huge_pte_alloc+0x4c0/0x4c0 [ 36.904849][ T3610] ? kasan_save_stack+0x2e/0x40 [ 36.909694][ T3610] ? kasan_save_stack+0x1e/0x40 [ 36.914556][ T3610] ? __kasan_slab_alloc+0x90/0xc0 [ 36.919576][ T3610] ? kmem_cache_alloc+0x267/0x3b0 [ 36.924587][ T3610] ? anon_vma_fork+0x1fc/0x640 [ 36.929338][ T3610] ? dup_mm+0xa52/0x13a0 [ 36.933569][ T3610] ? copy_process+0x3bd3/0x7110 [ 36.938410][ T3610] ? kernel_clone+0xe7/0x8f0 [ 36.942986][ T3610] ? __do_sys_clone3+0x1cd/0x2e0 [ 36.947912][ T3610] ? do_syscall_64+0x35/0xb0 [ 36.952494][ T3610] copy_page_range+0x2145/0x38e0 [ 36.957422][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 36.962346][ T3610] ? lock_release+0x780/0x780 [ 36.967006][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 36.972459][ T3610] ? lock_acquire+0x480/0x570 [ 36.977118][ T3610] ? lock_release+0x780/0x780 [ 36.981787][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 36.987242][ T3610] ? lock_release+0x780/0x780 [ 36.991907][ T3610] ? anon_vma_fork+0x4a6/0x640 [ 36.996660][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 37.001493][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 37.006948][ T3610] ? lock_release+0x560/0x780 [ 37.011610][ T3610] ? dup_mm+0x7a9/0x13a0 [ 37.016017][ T3610] ? handle_mm_fault+0x780/0x780 [ 37.020947][ T3610] ? validate_mm_rb+0x46/0x2d0 [ 37.025702][ T3610] ? down_write+0x153/0x220 [ 37.030219][ T3610] ? __vma_link_rb+0x553/0x710 [ 37.034974][ T3610] dup_mm+0xa99/0x13a0 [ 37.039037][ T3610] ? replace_mm_exe_file+0x480/0x480 [ 37.044322][ T3610] ? __raw_spin_lock_init+0x36/0x110 [ 37.049597][ T3610] copy_process+0x3bd3/0x7110 [ 37.054262][ T3610] ? lock_acquire+0x480/0x570 [ 37.058929][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 37.064384][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 37.069842][ T3610] ? __cleanup_sighand+0xb0/0xb0 [ 37.074774][ T3610] ? _copy_from_user+0xf9/0x170 [ 37.079618][ T3610] kernel_clone+0xe7/0x8f0 [ 37.084029][ T3610] ? rcu_read_lock_sched_held+0xd/0x70 [ 37.089485][ T3610] ? create_io_thread+0xe0/0xe0 [ 37.094329][ T3610] ? do_raw_spin_lock+0x120/0x2a0 [ 37.099361][ T3610] __do_sys_clone3+0x1cd/0x2e0 [ 37.104117][ T3610] ? __do_sys_clone+0x100/0x100 [ 37.108977][ T3610] ? recalc_sigpending_tsk+0x18f/0x1d0 [ 37.114436][ T3610] ? lock_downgrade+0x6e0/0x6e0 [ 37.119281][ T3610] ? trace_hardirqs_on+0x2d/0x120 [ 37.124387][ T3610] ? _raw_spin_unlock_irq+0x2a/0x40 [ 37.129572][ T3610] ? ptrace_notify+0xfa/0x140 [ 37.134237][ T3610] do_syscall_64+0x35/0xb0 [ 37.138649][ T3610] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 37.144535][ T3610] RIP: 0033:0x7f2d19230c39 [ 37.148953][ T3610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 37.168695][ T3610] RSP: 002b:00007fff4c74e768 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3 [ 37.177107][ T3610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d19230c39 [ 37.185088][ T3610] RDX: 00007f2d19230c39 RSI: 0000000000000058 RDI: 00007fff4c74e770 [ 37.193067][ T3610] RBP: 00007f2d191f4d80 R08: 0000000000000000 R09: 0000000000000000 [ 37.201033][ T3610] R10: 00007fff4c74e770 R11: 0000000000000246 R12: 00007f2d191f4e10 [ 37.208996][ T3610] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.216966][ T3610] [ 37.219981][ T3610] Modules linked in: [ 37.224020][ T3610] ---[ end trace 0000000000000000 ]--- [ 37.229517][ T3610] RIP: 0010:copy_hugetlb_page_range+0x1f16/0x2590 [ 37.235974][ T3610] Code: 20 2c ee ff 0f 0b e8 49 d9 b6 ff 83 8c 24 00 01 00 00 01 48 8d bc 24 e0 00 00 00 e8 14 15 02 00 e9 5d ef ff ff e8 2a d9 b6 ff <0f> 0b e8 23 d9 b6 ff 0f 0b e8 1c d9 b6 ff 49 c1 e4 0e 48 8b 84 24 [ 37.255652][ T3610] RSP: 0018:ffffc90003c8f5f0 EFLAGS: 00010293 [ 37.261778][ T3610] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 37.269810][ T3610] RDX: ffff888025235880 RSI: ffffffff81c47116 RDI: 0000000000000005 [ 37.277923][ T3610] RBP: ffffea0001170000 R08: 0000000000000005 R09: 0000000000000000 [ 37.285878][ T3610] R10: 0000000000000001 R11: 000000000008c07d R12: ffffea0001170008 [ 37.293922][ T3610] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000020000000 [ 37.301944][ T3610] FS: 0000555557369300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 37.310918][ T3610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.317512][ T3610] CR2: 0000000020003200 CR3: 000000001d225000 CR4: 0000000000350ef0 [ 37.325533][ T3610] Kernel panic - not syncing: Fatal exception [ 37.332590][ T3610] Kernel Offset: disabled [ 37.336903][ T3610] Rebooting in 86400 seconds..