./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4182839080 <...> Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. execve("./syz-executor4182839080", ["./syz-executor4182839080"], 0x7ffc5d187a20 /* 10 vars */) = 0 brk(NULL) = 0x555556684000 brk(0x555556684d00) = 0x555556684d00 arch_prctl(ARCH_SET_FS, 0x555556684380) = 0 set_tid_address(0x555556684650) = 5040 set_robust_list(0x555556684660, 24) = 0 rseq(0x555556684ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4182839080", 4096) = 28 getrandom("\x0d\x9d\x28\x47\x66\x29\xbb\x88", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556684d00 brk(0x5555566a5d00) = 0x5555566a5d00 brk(0x5555566a6000) = 0x5555566a6000 mprotect(0x7fb9590dc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 madvise(0x20a93000, 16384, MADV_HUGEPAGE) = 0 mremap(0x20a96000, 4096, 8388608, MREMAP_MAYMOVE|MREMAP_FIXED, 0x20130000) = 0x20130000 gettid() = 5040 process_vm_writev(5040, [{iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=247}], 1, [{iov_base=0x20217f28, iov_len=4294967118}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, {iov_base=NULL, iov_len=0}, ...], 570, 0) = 247 mremap(0x20251000, 8192, 4194304, MREMAP_MAYMOVE|MREMAP_FIXED, 0x2082a000) = 0x2082a000 [ 76.079789][ T5040] vma ffff888077381a00 start 0000000020c2a000 end 0000000021000000 mm ffff8880258a8980 [ 76.079789][ T5040] prot 25 anon_vma 0000000000000000 vm_ops 0000000000000000 [ 76.079789][ T5040] pgoff 20c2a file 0000000000000000 private_data 0000000000000000 [ 76.079789][ T5040] flags: 0x8100077(read|write|exec|mayread|maywrite|mayexec|account|softdirty) [ 76.115768][ T5040] ------------[ cut here ]------------ [ 76.121433][ T5040] kernel BUG at include/linux/mm.h:733! [ 76.127247][ T5040] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 76.133358][ T5040] CPU: 1 PID: 5040 Comm: syz-executor418 Not tainted 6.5.0-next-20230831-syzkaller #0 [ 76.143851][ T5040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 76.154860][ T5040] RIP: 0010:vma_replace_policy+0x406/0x4e0 [ 76.160713][ T5040] Code: ff 48 89 ef e8 db 78 ff ff e9 83 fe ff ff e8 d1 7c ad ff 4c 89 e7 e8 a9 86 eb ff 0f 0b e8 c2 7c ad ff 48 89 df e8 fa 83 eb ff <0f> 0b e8 b3 7c ad ff 41 89 ec e9 58 fe ff ff 48 c7 c7 d0 55 ce 8e [ 76.180704][ T5040] RSP: 0018:ffffc9000395fc58 EFLAGS: 00010282 [ 76.186903][ T5040] RAX: 000000000000011b RBX: ffff888077381a00 RCX: 0000000000000000 [ 76.195272][ T5040] RDX: 0000000000000000 RSI: ffffffff816b9a92 RDI: 0000000000000005 [ 76.203385][ T5040] RBP: ffff888014a7e030 R08: 0000000000000005 R09: 0000000000000000 [ 76.211879][ T5040] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000015 [ 76.221066][ T5040] R13: 0000000000000016 R14: 0000000000000001 R15: 0000000021000000 [ 76.229319][ T5040] FS: 0000555556684380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 76.238959][ T5040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.245989][ T5040] CR2: 00007ffd277b0020 CR3: 00000000773e1000 CR4: 00000000003506e0 [ 76.255203][ T5040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.263661][ T5040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.271663][ T5040] Call Trace: [ 76.275164][ T5040] [ 76.278558][ T5040] ? show_regs+0x8f/0xa0 [ 76.283276][ T5040] ? die+0x36/0xa0 [ 76.287077][ T5040] ? do_trap+0x22b/0x420 [ 76.291517][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.296925][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.302690][ T5040] ? do_error_trap+0xf4/0x230 [ 76.307477][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.313057][ T5040] ? handle_invalid_op+0x34/0x40 [ 76.319164][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.324609][ T5040] ? exc_invalid_op+0x2d/0x40 [ 76.329314][ T5040] ? asm_exc_invalid_op+0x1a/0x20 [ 76.334532][ T5040] ? vprintk+0x82/0x90 [ 76.338821][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.344568][ T5040] ? vma_replace_policy+0x406/0x4e0 [ 76.350185][ T5040] ? mbind_range+0x29e/0x530 [ 76.355176][ T5040] mbind_range+0x37c/0x530 [ 76.360093][ T5040] ? mas_find+0xec/0x320 [ 76.364375][ T5040] do_mbind+0x583/0xa00 [ 76.368651][ T5040] ? __ia32_sys_set_mempolicy_home_node+0xf0/0xf0 [ 76.375304][ T5040] ? get_bitmap+0x190/0x190 [ 76.379828][ T5040] ? ptrace_notify+0xf4/0x130 [ 76.384606][ T5040] ? reacquire_held_locks+0x4b0/0x4b0 [ 76.390197][ T5040] kernel_mbind+0x1d4/0x1f0 [ 76.394899][ T5040] ? do_mbind+0xa00/0xa00 [ 76.399555][ T5040] ? _raw_spin_unlock_irq+0x2e/0x50 [ 76.404819][ T5040] ? ptrace_notify+0xf4/0x130 [ 76.409563][ T5040] do_syscall_64+0x38/0xb0 [ 76.414216][ T5040] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.420668][ T5040] RIP: 0033:0x7fb959069369 [ 76.425183][ T5040] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 76.445261][ T5040] RSP: 002b:00007ffd276bed98 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 76.453821][ T5040] RAX: ffffffffffffffda RBX: 00007ffd276bef78 RCX: 00007fb959069369 [ 76.462214][ T5040] RDX: 0000000000000004 RSI: 0000000000c00000 RDI: 0000000020400000 [ 76.470542][ T5040] RBP: 00007fb9590dc610 R08: 0000000000000000 R09: 0000000000000003 [ 76.479108][ T5040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 76.487123][ T5040] R13: 00007ffd276bef68 R14: 0000000000000001 R15: 0000000000000001 [ 76.495674][ T5040] [ 76.498864][ T5040] Modules linked in: [ 76.503199][ T5040] ---[ end trace 0000000000000000 ]--- [ 76.509124][ T5040] RIP: 0010:vma_replace_policy+0x406/0x4e0 [ 76.515108][ T5040] Code: ff 48 89 ef e8 db 78 ff ff e9 83 fe ff ff e8 d1 7c ad ff 4c 89 e7 e8 a9 86 eb ff 0f 0b e8 c2 7c ad ff 48 89 df e8 fa 83 eb ff <0f> 0b e8 b3 7c ad ff 41 89 ec e9 58 fe ff ff 48 c7 c7 d0 55 ce 8e [ 76.536571][ T5040] RSP: 0018:ffffc9000395fc58 EFLAGS: 00010282 [ 76.544659][ T5040] RAX: 000000000000011b RBX: ffff888077381a00 RCX: 0000000000000000 [ 76.553454][ T5040] RDX: 0000000000000000 RSI: ffffffff816b9a92 RDI: 0000000000000005 [ 76.562715][ T5040] RBP: ffff888014a7e030 R08: 0000000000000005 R09: 0000000000000000 [ 76.572115][ T5040] R10: 0000000080000000 R11: 0000000000000001 R12: 0000000000000015 [ 76.581064][ T5040] R13: 0000000000000016 R14: 0000000000000001 R15: 0000000021000000 [ 76.589662][ T5040] FS: 0000555556684380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 76.599027][ T5040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.606804][ T5040] CR2: 00007ffd277b0020 CR3: 00000000773e1000 CR4: 00000000003506e0 [ 76.614922][ T5040] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.623545][ T5040] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.631795][ T5040] Kernel panic - not syncing: Fatal exception [ 76.638500][ T5040] Kernel Offset: disabled [ 76.643078][ T5040] Rebooting in 86400 seconds..