./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1108371310 <...> Warning: Permanently added '10.128.10.6' (ED25519) to the list of known hosts. execve("./syz-executor1108371310", ["./syz-executor1108371310"], 0x7ffed9888b60 /* 10 vars */) = 0 brk(NULL) = 0x55557f223000 brk(0x55557f223d00) = 0x55557f223d00 arch_prctl(ARCH_SET_FS, 0x55557f223380) = 0 set_tid_address(0x55557f223650) = 5866 set_robust_list(0x55557f223660, 24) = 0 rseq(0x55557f223ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1108371310", 4096) = 28 getrandom("\x54\x4f\x2f\x19\xcb\x7f\x09\x85", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557f223d00 brk(0x55557f244d00) = 0x55557f244d00 brk(0x55557f245000) = 0x55557f245000 mprotect(0x7ffbae3f4000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 executing program write(1, "executing program\n", 18) = 18 madvise(0x200000000000, 8388608, MADV_HUGEPAGE) = 0 clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88./strace-static-x86_64: Process 5867 attached ) = 5867 [pid 5866] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5866] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc3d81be20) = 0 [pid 5866] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] exit(0) = ? [pid 5867] +++ exited with 0 +++ <... ioctl resumed>, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc3d81ae10) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 [ 92.004595][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc3d81ae10) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc3d81ae10) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 [ 92.164329][ T9] usb 1-1: Using ep0 maxpacket: 16 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc3d81ae10) = 36 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc3d81be20) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7ffbae3fa3cc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc3d81ae10) = 0 [ 92.214909][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.226060][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.236107][ T9] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 92.245423][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.257004][ T9] usb 1-1: config 0 descriptor?? io_uring_register(-1, IORING_REGISTER_RING_FDS, [{offset=0, resv=0x1, data=0}], 1) = -1 EINVAL (Invalid argument) mprotect(0x200000000000, 8388608, PROT_WRITE|PROT_EXEC) = 0 socket(AF_XDP, SOCK_RAW, 0) = 4 [ 92.505204][ T5866] page: refcount:507 mapcount:1 mapping:0000000000000000 index:0x200000009 pfn:0x73209 [ 92.515591][ T5866] head: order:9 mapcount:505 entire_mapcount:0 nr_pages_mapped:505 pincount:2 [ 92.524887][ T5866] memcg:ffff8881404a8000 [ 92.529252][ T5866] anon flags: 0xfff6000002007c(referenced|uptodate|dirty|lru|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 92.540912][ T5866] raw: 00fff00000000000 ffffea0001cc8001 dead000000000122 dead000000000400 [ 92.549681][ T5866] raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 92.558370][ T5866] head: 00fff6000002007c ffffea0001ddbc88 ffffea0000475ac8 ffff888026d8d441 [ 92.567294][ T5866] head: 0000000200000000 0000000000000000 000001fbffffffff ffff8881404a8000 [ 92.576233][ T5866] head: 00fff00000010a09 ffffea0001cc8001 000001f9000001f8 00000002ffffffff [ 92.585017][ T5866] head: ffffffff000001f8 0000000000000015 0000000000000000 0000000000000200 [ 92.593744][ T5866] page dumped because: VM_WARN_ON_ONCE_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page)) [ 92.605642][ T5866] page_owner tracks the page as allocated [ 92.611566][ T5866] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5866, tgid 5866 (syz-executor110), ts 91746107895, free_ts 31872056599 [ 92.630638][ T5866] post_alloc_hook+0x240/0x2a0 [ 92.635530][ T5866] get_page_from_freelist+0x21e4/0x22c0 [ 92.641114][ T5866] __alloc_frozen_pages_noprof+0x181/0x370 [ 92.647018][ T5866] alloc_pages_mpol+0x1dc/0x4a0 [ 92.652001][ T5866] vma_alloc_folio_noprof+0xe4/0x200 [ 92.657432][ T5866] vma_alloc_anon_folio_pmd+0x39/0x320 [ 92.663141][ T5866] do_huge_pmd_anonymous_page+0x2b9/0xb60 [ 92.669106][ T5866] __handle_mm_fault+0x1139/0x5440 [ 92.674314][ T5866] handle_mm_fault+0x40a/0x8e0 [ 92.679131][ T5866] do_user_addr_fault+0xa81/0x1390 [ 92.684340][ T5866] exc_page_fault+0x76/0xf0 [ 92.688907][ T5866] asm_exc_page_fault+0x26/0x30 [ 92.693833][ T5866] page last free pid 1 tgid 1 stack trace: [ 92.699821][ T5866] __free_frozen_pages+0xbc4/0xd30 [ 92.705040][ T5866] free_contig_range+0x1bd/0x4a0 [ 92.710031][ T5866] destroy_args+0x64/0x4a0 [ 92.714580][ T5866] debug_vm_pgtable+0x39f/0x3b0 [ 92.719493][ T5866] do_one_initcall+0x233/0x820 [ 92.724341][ T5866] do_initcall_level+0x104/0x190 [ 92.729313][ T5866] do_initcalls+0x59/0xa0 [ 92.733713][ T5866] kernel_init_freeable+0x334/0x4b0 [ 92.739114][ T5866] kernel_init+0x1d/0x1d0 [ 92.743687][ T5866] ret_from_fork+0x3f9/0x770 [ 92.748380][ T5866] ret_from_fork_asm+0x1a/0x30 [ 92.753907][ T5866] ------------[ cut here ]------------ [ 92.759441][ T5866] WARNING: CPU: 1 PID: 5866 at mm/gup.c:869 follow_page_pte+0xe3c/0x13e0 [ 92.768368][ T5866] Modules linked in: [ 92.772353][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: syz-executor110 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 92.784575][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.794732][ T5866] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 92.800438][ T5866] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 92.820169][ T5866] RSP: 0018:ffffc90003f1f8a0 EFLAGS: 00010246 [ 92.826318][ T5866] RAX: 3616cae08f6b2c00 RBX: 0000000000000000 RCX: 3616cae08f6b2c00 [ 92.834478][ T5866] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff88803297bc00 [ 92.842510][ T5866] RBP: ffffc90003f1f988 R08: 0000000000000003 R09: 0000000000000004 [ 92.850585][ T5866] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 92.858656][ T5866] R13: 0000000000080101 R14: ffffea0001cc8240 R15: 0000000073209867 [ 92.866760][ T5866] FS: 000055557f223380(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 [ 92.875870][ T5866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.882580][ T5866] CR2: 00007fff2c744d94 CR3: 000000002eac2000 CR4: 00000000003526f0 [ 92.890667][ T5866] Call Trace: [ 92.894078][ T5866] [ 92.897194][ T5866] ? __pfx_follow_page_pte+0x10/0x10 [ 92.902538][ T5866] __get_user_pages+0xa8e/0x2ce0 [ 92.907805][ T5866] __gup_longterm_locked+0x3dc/0x1660 [ 92.913355][ T5866] ? rcu_is_watching+0x15/0xb0 [ 92.918219][ T5866] ? xdp_umem_pin_pages+0x52/0x340 [ 92.923814][ T5866] pin_user_pages+0x9e/0xd0 [ 92.928445][ T5866] xdp_umem_pin_pages+0x117/0x340 [ 92.933522][ T5866] xdp_umem_create+0x677/0x8e0 [ 92.938393][ T5866] xsk_setsockopt+0x7b0/0x8d0 [ 92.943144][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 92.948541][ T5866] ? ptrace_notify+0x22d/0x2c0 [ 92.953430][ T5866] ? aa_sock_opt_perm+0xff/0x1b0 [ 92.958479][ T5866] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 92.964099][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 92.969489][ T5866] do_sock_setsockopt+0x179/0x1b0 [ 92.974721][ T5866] __x64_sys_setsockopt+0x13f/0x1b0 [ 92.980249][ T5866] do_syscall_64+0xfa/0x3b0 [ 92.984871][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.990299][ T5866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.996568][ T5866] ? clear_bhb_loop+0x60/0xb0 [ 93.001305][ T5866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.007336][ T5866] RIP: 0033:0x7ffbae380f19 [ 93.011823][ T5866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.031624][ T5866] RSP: 002b:00007ffc3d81ce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.040138][ T5866] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007ffbae380f19 [ 93.048207][ T5866] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 93.056287][ T5866] RBP: 00007ffbae3f4610 R08: 000000000000001c R09: 0000000000000000 [ 93.064450][ T5866] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 93.073006][ T5866] R13: 00007ffc3d81d128 R14: 0000000000000001 R15: 0000000000000001 [ 93.081246][ T5866] [ 93.084352][ T5866] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 93.091682][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: syz-executor110 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 93.104068][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.114170][ T5866] Call Trace: [ 93.117487][ T5866] [ 93.120444][ T5866] dump_stack_lvl+0x99/0x250 [ 93.125072][ T5866] ? __asan_memcpy+0x40/0x70 [ 93.129768][ T5866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.135104][ T5866] ? __pfx__printk+0x10/0x10 [ 93.139749][ T5866] vpanic+0x281/0x750 [ 93.143772][ T5866] ? __pfx__printk+0x10/0x10 [ 93.148475][ T5866] ? __pfx_vpanic+0x10/0x10 [ 93.153013][ T5866] ? is_bpf_text_address+0x26/0x2b0 [ 93.158277][ T5866] panic+0xb9/0xc0 [ 93.162063][ T5866] ? __pfx_panic+0x10/0x10 [ 93.166633][ T5866] __warn+0x31b/0x4b0 [ 93.170846][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 93.175915][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 93.180966][ T5866] report_bug+0x2be/0x4f0 [ 93.185311][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 93.190538][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 93.195600][ T5866] ? follow_page_pte+0xe3e/0x13e0 [ 93.200737][ T5866] handle_bug+0x84/0x160 [ 93.205090][ T5866] exc_invalid_op+0x1a/0x50 [ 93.209607][ T5866] asm_exc_invalid_op+0x1a/0x20 [ 93.214473][ T5866] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 93.220304][ T5866] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 93.240280][ T5866] RSP: 0018:ffffc90003f1f8a0 EFLAGS: 00010246 [ 93.246456][ T5866] RAX: 3616cae08f6b2c00 RBX: 0000000000000000 RCX: 3616cae08f6b2c00 [ 93.254538][ T5866] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff88803297bc00 [ 93.262611][ T5866] RBP: ffffc90003f1f988 R08: 0000000000000003 R09: 0000000000000004 [ 93.270687][ T5866] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 93.278757][ T5866] R13: 0000000000080101 R14: ffffea0001cc8240 R15: 0000000073209867 [ 93.286808][ T5866] ? __pfx_follow_page_pte+0x10/0x10 [ 93.292233][ T5866] __get_user_pages+0xa8e/0x2ce0 [ 93.297219][ T5866] __gup_longterm_locked+0x3dc/0x1660 [ 93.302713][ T5866] ? rcu_is_watching+0x15/0xb0 [ 93.307507][ T5866] ? xdp_umem_pin_pages+0x52/0x340 [ 93.312755][ T5866] pin_user_pages+0x9e/0xd0 [ 93.317546][ T5866] xdp_umem_pin_pages+0x117/0x340 [ 93.322593][ T5866] xdp_umem_create+0x677/0x8e0 [ 93.327375][ T5866] xsk_setsockopt+0x7b0/0x8d0 [ 93.332081][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.337393][ T5866] ? ptrace_notify+0x22d/0x2c0 [ 93.342263][ T5866] ? aa_sock_opt_perm+0xff/0x1b0 [ 93.347218][ T5866] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 93.352777][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.357998][ T5866] do_sock_setsockopt+0x179/0x1b0 [ 93.363132][ T5866] __x64_sys_setsockopt+0x13f/0x1b0 [ 93.368360][ T5866] do_syscall_64+0xfa/0x3b0 [ 93.372890][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.378364][ T5866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.384456][ T5866] ? clear_bhb_loop+0x60/0xb0 [ 93.389241][ T5866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.395356][ T5866] RIP: 0033:0x7ffbae380f19 [ 93.399805][ T5866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.419534][ T5866] RSP: 002b:00007ffc3d81ce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.428016][ T5866] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007ffbae380f19 [ 93.436216][ T5866] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 93.444477][ T5866] RBP: 00007ffbae3f4610 R08: 000000000000001c R09: 0000000000000000 [ 93.452653][ T5866] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 93.460737][ T5866] R13: 00007ffc3d81d128 R14: 0000000000000001 R15: 0000000000000001 [ 93.469023][ T5866] [ 93.472635][ T5866] Kernel Offset: disabled [ 93.476994][ T5866] Rebooting in 86400 seconds..