./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1028433795

<...>
forked to background, child pid 3189
no interfaces have a carrier
[   28.986099][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.989275][ T3190] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts.
execve("./syz-executor1028433795", ["./syz-executor1028433795"], 0x7ffcd57d25c0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556d91000
brk(0x555556d91c40)                     = 0x555556d91c40
arch_prctl(ARCH_SET_FS, 0x555556d91300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1028433795", 4096) = 28
brk(0x555556db2c40)                     = 0x555556db2c40
brk(0x555556db3000)                     = 0x555556db3000
mprotect(0x7f0a6aea4000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/dri/card0", O_RDONLY) = 3
ioctl(3, DRM_IOCTL_MODE_CREATE_DUMB, 0x20000080) = 0
mmap(0x20ffc000, 12328, PROT_NONE, MAP_PRIVATE|MAP_FIXED, 3, 0x100000000) = 0x20ffc000
exit_group(0)                           = ?
syzkaller login: [   50.698115][ T3610] ==================================================================
[   50.698123][ T3610] BUG: KASAN: vmalloc-out-of-bounds in check_move_unevictable_pages+0x3f6/0x440
[   50.698123][ T3610] BUG: KASAN: vmalloc-out-of-bounds in check_move_unevictable_pages+0x3f6/0x440
[   50.698145][ T3610] Write of size 8 at addr ffffc90002d30008 by task syz-executor102/3610
[   50.698158][ T3610] 
[   50.698161][ T3610] CPU: 0 PID: 3610 Comm: syz-executor102 Not tainted 5.19.0-rc1-next-20220607-syzkaller #0
[   50.698176][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.698184][ T3610] Call Trace:
[   50.698189][ T3610]  <TASK>
[   50.698194][ T3610]  dump_stack_lvl+0xcd/0x134
[   50.698226][ T3610]  print_address_description.constprop.0.cold+0xf/0x495
[   50.698249][ T3610]  ? check_move_unevictable_pages+0x3f6/0x440
[   50.698262][ T3610]  kasan_report.cold+0xf4/0x1c6
[   50.698282][ T3610]  ? pat_enabled+0x1/0x10
[   50.698297][ T3610]  ? check_move_unevictable_pages+0x3f6/0x440
[   50.698311][ T3610]  check_move_unevictable_pages+0x3f6/0x440
[   50.698326][ T3610]  ? check_move_unevictable_folios+0x1590/0x1590
[   50.698349][ T3610]  ? __change_page_attr_set_clr+0x1/0x1ec0
[   50.698377][ T3610]  ? pat_pagerange_is_ram+0xa8/0x140
[   50.698402][ T3610]  ? memtype_seq_stop+0x20/0x20
[   50.698429][ T3610]  ? cpa_flush+0x310/0x440
[   50.698455][ T3610]  drm_gem_put_pages+0x29f/0x3f0
[   50.698482][ T3610]  ? drm_gem_vm_open+0xc0/0xc0
[   50.698503][ T3610]  ? set_pages_array_wb+0x183/0x240
[   50.698537][ T3610]  drm_gem_shmem_put_pages_locked+0x13e/0x230
[   50.698564][ T3610]  ? drm_gem_shmem_object_get_sg_table+0x100/0x100
[   50.698599][ T3610]  drm_gem_shmem_vm_close+0x45/0x70
[   50.698614][ T3610]  remove_vma+0x81/0x130
[   50.698627][ T3610]  exit_mmap+0x2a1/0x750
[   50.698642][ T3610]  ? __ia32_sys_remap_file_pages+0x150/0x150
[   50.698668][ T3610]  __mmput+0x128/0x4c0
[   50.698683][ T3610]  mmput+0x5c/0x70
[   50.698696][ T3610]  do_exit+0xa18/0x2a00
[   50.698717][ T3610]  ? lock_downgrade+0x6e0/0x6e0
[   50.698739][ T3610]  ? mm_update_next_owner+0x7b0/0x7b0
[   50.698760][ T3610]  ? _raw_spin_unlock_irq+0x1f/0x40
[   50.698781][ T3610]  ? _raw_spin_unlock_irq+0x1f/0x40
[   50.698803][ T3610]  do_group_exit+0xd2/0x2f0
[   50.698823][ T3610]  __x64_sys_exit_group+0x3a/0x50
[   50.698844][ T3610]  do_syscall_64+0x35/0xb0
[   50.698859][ T3610]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   50.698881][ T3610] RIP: 0033:0x7f0a6ae36299
[   50.698892][ T3610] Code: Unable to access opcode bytes at RIP 0x7f0a6ae3626f.
[   50.698898][ T3610] RSP: 002b:00007ffe4d7cbe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   50.698913][ T3610] RAX: ffffffffffffffda RBX: 00007f0a6aeaa270 RCX: 00007f0a6ae36299
[   50.698928][ T3610] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   50.698936][ T3610] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000100000000
[   50.698950][ T3610] R10: 0000000000000012 R11: 0000000000000246 R12: 00007f0a6aeaa270
[   50.698959][ T3610] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   50.698972][ T3610]  </TASK>
[   50.698976][ T3610] 
[   50.698980][ T3610] The buggy address belongs to the virtual mapping at
[   50.698980][ T3610]  [ffffc90002d28000, ffffc90002d31000) created by:
[   50.698980][ T3610]  kernel_clone+0xe7/0xab0
[   50.699000][ T3610] 
[   50.699003][ T3610] Memory state around the buggy address:
[   50.699008][ T3610]  ffffc90002d2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.699017][ T3610]  ffffc90002d2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   50.699026][ T3610] >ffffc90002d30000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   50.699032][ T3610]                       ^
[   50.699038][ T3610]  ffffc90002d30080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   50.699046][ T3610]  ffffc90002d30100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   50.699052][ T3610] ==================================================================
[   50.716663][ T3610] Kernel panic - not syncing: panic_on_warn set ...
[   50.716677][ T3610] CPU: 1 PID: 3610 Comm: syz-executor102 Not tainted 5.19.0-rc1-next-20220607-syzkaller #0
[   50.716707][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.716720][ T3610] Call Trace:
[   50.716727][ T3610]  <TASK>
[   50.716735][ T3610]  dump_stack_lvl+0xcd/0x134
[   50.716772][ T3610]  panic+0x2d7/0x636
[   50.716804][ T3610]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   50.716844][ T3610]  ? preempt_schedule_common+0x59/0xc0
[   50.716877][ T3610]  ? check_move_unevictable_pages+0x3f6/0x440
[   50.716904][ T3610]  ? preempt_schedule_thunk+0x16/0x18
[   50.716943][ T3610]  ? check_move_unevictable_pages+0x3f6/0x440
[   50.716970][ T3610]  end_report.part.0+0x3f/0x7c
[   50.717005][ T3610]  kasan_report.cold+0x93/0x1c6
[   50.717035][ T3610]  ? pat_enabled+0x1/0x10
[   50.717057][ T3610]  ? check_move_unevictable_pages+0x3f6/0x440
[   50.717088][ T3610]  check_move_unevictable_pages+0x3f6/0x440
[   50.717113][ T3610]  ? check_move_unevictable_folios+0x1590/0x1590
[   50.717138][ T3610]  ? __change_page_attr_set_clr+0x1/0x1ec0
[   50.717164][ T3610]  ? pat_pagerange_is_ram+0xa8/0x140
[   50.717190][ T3610]  ? memtype_seq_stop+0x20/0x20
[   50.717218][ T3610]  ? cpa_flush+0x310/0x440
[   50.717244][ T3610]  drm_gem_put_pages+0x29f/0x3f0
[   50.717269][ T3610]  ? drm_gem_vm_open+0xc0/0xc0
[   50.717289][ T3610]  ? set_pages_array_wb+0x183/0x240
[   50.717327][ T3610]  drm_gem_shmem_put_pages_locked+0x13e/0x230
[   50.717355][ T3610]  ? drm_gem_shmem_object_get_sg_table+0x100/0x100
[   50.717382][ T3610]  drm_gem_shmem_vm_close+0x45/0x70
[   50.717407][ T3610]  remove_vma+0x81/0x130
[   50.717431][ T3610]  exit_mmap+0x2a1/0x750
[   50.717459][ T3610]  ? __ia32_sys_remap_file_pages+0x150/0x150
[   50.717503][ T3610]  __mmput+0x128/0x4c0
[   50.717529][ T3610]  mmput+0x5c/0x70
[   50.717554][ T3610]  do_exit+0xa18/0x2a00
[   50.717590][ T3610]  ? lock_downgrade+0x6e0/0x6e0
[   50.717629][ T3610]  ? mm_update_next_owner+0x7b0/0x7b0
[   50.717665][ T3610]  ? _raw_spin_unlock_irq+0x1f/0x40
[   50.717699][ T3610]  ? _raw_spin_unlock_irq+0x1f/0x40
[   50.717738][ T3610]  do_group_exit+0xd2/0x2f0
[   50.717774][ T3610]  __x64_sys_exit_group+0x3a/0x50
[   50.717812][ T3610]  do_syscall_64+0x35/0xb0
[   50.717838][ T3610]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[   50.717875][ T3610] RIP: 0033:0x7f0a6ae36299
[   50.717893][ T3610] Code: Unable to access opcode bytes at RIP 0x7f0a6ae3626f.
[   50.717904][ T3610] RSP: 002b:00007ffe4d7cbe58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   50.717928][ T3610] RAX: ffffffffffffffda RBX: 00007f0a6aeaa270 RCX: 00007f0a6ae36299
[   50.717944][ T3610] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   50.717958][ T3610] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000100000000
[   50.717973][ T3610] R10: 0000000000000012 R11: 0000000000000246 R12: 00007f0a6aeaa270
[   50.717989][ T3610] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   50.718012][ T3610]  </TASK>
[   50.718083][ T3610] Kernel Offset: disabled