IP: [] __remove_shared_vm_struct+0x6d/0xe0 mm/mmap.c:137 PGD 1d00c7067 [ 52.393305] PUD 1d00c6067 Oops: 0002 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 5411 Comm: syzkaller263586 Not tainted 4.9.44-gc2e2621 #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d8b4e000 task.stack: ffff8801d8b50000 RIP: 0010:[] [] __remove_shared_vm_struct+0x6d/0xe0 mm/mmap.c:137 RSP: 0018:ffff8801d8b57b60 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8801d7ffcc28 RCX: 0000000000000000 RDX: 1ffff1003a346284 RSI: ffff8801d1a31400 RDI: ffff8801d1a31420 RBP: ffff8801d8b57b88 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 1ffff1003b16af3c R12: ffff8801d62037c0 R13: 0000000000000875 R14: ffff8801d6203810 R15: ffff8801d1a31400 FS: 0000000000c00880(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001d8 CR3: 00000001d00c3000 CR4: 00000000001406f0 Stack: ffff8801d1a31400 ffff8801d62037c0 ffff8801d7ffcc88 ffff8801d7ffcc28 00000000000000b1 ffff8801d8b57bb8 ffffffff814dcab3 ffff8801d62037c0 ffff8801d62038b8 dffffc0000000000 ffff8801d8b57c48 ffff8801d8b57c10 Call Trace: [] unlink_file_vma+0x83/0xb0 mm/mmap.c:157 [] free_pgtables+0xef/0x330 mm/memory.c:553 [] exit_mmap+0x21a/0x400 mm/mmap.c:2986 [] __mmput kernel/fork.c:863 [inline] [] mmput+0xf3/0x2d0 kernel/fork.c:885 [] exit_mm kernel/exit.c:514 [inline] [] do_exit+0x751/0x2a50 kernel/exit.c:820 [] do_group_exit+0x108/0x320 kernel/exit.c:937 [] SYSC_exit_group kernel/exit.c:948 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:946 [] entry_SYSCALL_64_fastpath+0x23/0xc6 Code: c5 00 08 00 00 74 47 e8 92 f3 e8 ff 49 8d 7f 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 61 49 8b 47 20 ff 80 d8 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 RIP [] __remove_shared_vm_struct+0x6d/0xe0 mm/mmap.c:137 RSP CR2: 00000000000001d8 ---[ end trace 6988daddf2b309b3 ]--- BUG: unable to handle kernel NULL pointer dereference at 00000000000001d8 IP: [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] IP: [] dup_mmap kernel/fork.c:629 [inline] IP: [] dup_mm kernel/fork.c:1135 [inline] IP: [] copy_mm kernel/fork.c:1189 [inline] IP: [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 PGD 1d605e067 PUD 1d68ec067 PMD 0 Oops: 0002 [#2] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 5470 Comm: syzkaller263586 Tainted: G D 4.9.44-gc2e2621 #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d6bbb000 task.stack: ffff8801d7340000 RIP: 0010:[] [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] RIP: 0010:[] [] dup_mmap kernel/fork.c:629 [inline] RIP: 0010:[] [] dup_mm kernel/fork.c:1135 [inline] RIP: 0010:[] [] copy_mm kernel/fork.c:1189 [inline] RIP: 0010:[] [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 RSP: 0018:ffff8801d7347c18 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff8801d606f9b0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffff8801d1a315b0 RBP: ffff8801d7347da8 R08: ffffed003ae68f22 R09: ffff8801d7347970 R10: 0000000000000008 R11: ffffed003ae68f21 R12: ffff8801d6e044d8 R13: ffff8801d606fa00 R14: ffff8801d736b480 R15: ffff8801d1a31400 FS: 00007fe9c66bc700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001d8 CR3: 00000001d6e2b000 CR4: 00000000001406e0 Stack: 0000000000000000 0000000000000000 ffffed003ae6d69c ffff8801d736b4e0 0000000000000000 0000000000000000 ffff8801d736b488 ffff8801d736b520 ffff8801d6205ae0 ffff8801d606f9c8 ffff8801d736b5c0 ffff8801d7350470 Call Trace: [] copy_process kernel/fork.c:1482 [inline] [] _do_fork+0x1c0/0xd70 kernel/fork.c:1940 [] SYSC_clone kernel/fork.c:2050 [inline] [] SyS_clone+0x37/0x50 kernel/fork.c:2044 [] do_syscall_64+0x197/0x490 arch/x86/entry/common.c:280 [] entry_SYSCALL64_slow_path+0x25/0x25 Code: 00 00 00 fc ff df 4c 89 e8 48 c1 e8 03 80 3c 30 00 74 08 4c 89 ef e8 32 ea 40 00 f6 43 51 08 74 11 e8 c7 be 23 00 48 8b 44 24 20 ff 88 d8 01 00 00 e8 b6 be 23 00 48 8b 44 24 70 48 83 c0 60 RIP [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] RIP [] dup_mmap kernel/fork.c:629 [inline] RIP [] dup_mm kernel/fork.c:1135 [inline] RIP [] copy_mm kernel/fork.c:1189 [inline] RIP [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 RSP CR2: 00000000000001d8 BUG: unable to handle kernel NULL pointer dereference at 00000000000001d8 IP: [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] IP: [] dup_mmap kernel/fork.c:629 [inline] IP: [] dup_mm kernel/fork.c:1135 [inline] IP: [] copy_mm kernel/fork.c:1189 [inline] IP: [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 PGD 1cf588067 PUD 1d68ea067 PMD 0 Oops: 0002 [#3] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 5473 Comm: syzkaller263586 Tainted: G D 4.9.44-gc2e2621 #32 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801d7351800 task.stack: ffff8801d8520000 RIP: 0010:[] [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] RIP: 0010:[] [] dup_mmap kernel/fork.c:629 [inline] RIP: 0010:[] [] dup_mm kernel/fork.c:1135 [inline] RIP: 0010:[] [] copy_mm kernel/fork.c:1189 [inline] RIP: 0010:[] [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 RSP: 0018:ffff8801d8527c18 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff8801d606fc98 RCX: 0000000000000000 RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffff8801d1a315b0 RBP: ffff8801d8527da8 R08: ffffed003b0a4f22 R09: ffff8801d8527970 R10: 0000000000000008 R11: ffffed003b0a4f21 R12: ffff8801d6e02d90 R13: ffff8801d606fce8 R14: ffff8801d736b9c0 R15: ffff8801d1a31400 FS: 00007fe9c66bc700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000001d8 CR3: 00000001d2393000 CR4: 00000000001406e0 Stack: 0000000000000000 0000000000000000 ffffed003ae6d744 ffff8801d736ba20 0000000000000000 0000000000000000 ffff8801d736b9c8 ffff8801d736ba60 ffff8801d62055a0 ffff8801d606fcb0 ffff8801d736bb00 ffff8801d7353470 Call Trace: [] copy_process kernel/fork.c:1482 [inline] [] _do_fork+0x1c0/0xd70 kernel/fork.c:1940 [] SYSC_clone kernel/fork.c:2050 [inline] [] SyS_clone+0x37/0x50 kernel/fork.c:2044 [] do_syscall_64+0x197/0x490 arch/x86/entry/common.c:280 [] entry_SYSCALL64_slow_path+0x25/0x25 Code: 00 00 00 fc ff df 4c 89 e8 48 c1 e8 03 80 3c 30 00 74 08 4c 89 ef e8 32 ea 40 00 f6 43 51 08 74 11 e8 c7 be 23 00 48 8b 44 24 20 ff 88 d8 01 00 00 e8 b6 be 23 00 48 8b 44 24 70 48 83 c0 60 RIP [] atomic_dec arch/x86/include/asm/atomic.h:103 [inline] RIP [] dup_mmap kernel/fork.c:629 [inline] RIP [] dup_mm kernel/fork.c:1135 [inline] RIP [] copy_mm kernel/fork.c:1189 [inline] RIP [] copy_process.part.50+0x468e/0x5d40 kernel/fork.c:1655 RSP CR2: 00000000000001d8 ---[ end trace 6988daddf2b309b4 ]---