./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor222628753 <...> Warning: Permanently added '10.128.0.180' (ED25519) to the list of known hosts. execve("./syz-executor222628753", ["./syz-executor222628753"], 0x7ffff9ddbcb0 /* 10 vars */) = 0 brk(NULL) = 0x5555560ab000 brk(0x5555560abd00) = 0x5555560abd00 arch_prctl(ARCH_SET_FS, 0x5555560ab380) = 0 set_tid_address(0x5555560ab650) = 5023 set_robust_list(0x5555560ab660, 24) = 0 rseq(0x5555560abca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor222628753", 4096) = 27 getrandom("\x73\x01\x32\x72\x2c\xc5\x84\x93", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555560abd00 brk(0x5555560ccd00) = 0x5555560ccd00 brk(0x5555560cd000) = 0x5555560cd000 mprotect(0x7faa444b2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/fb0", O_RDWR|O_APPEND) = 3 mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 openat(AT_FDCWD, 0x20000000, O_RDWR|O_APPEND) = 4 mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0x2fc000) = 0x20000000 [ 57.899370][ T5023] page:ffffea00051fb440 refcount:3 mapcount:1 mapping:ffff88801f6590f8 index:0x2fc pfn:0x147ed1 [ 57.911135][ T5023] aops:fb_deferred_io_aops ino:276 dentry name:"fb0" [ 57.917946][ T5023] flags: 0x57ff08000000042(referenced|workingset|node=1|zone=2|lastcpupid=0x7ff) [ 57.927231][ T5023] page_type: 0x0() [ 57.930978][ T5023] raw: 057ff08000000042 0000000000000000 dead000000000122 ffff88801f6590f8 [ 57.939778][ T5023] raw: 00000000000002fc 0000000000000000 0000000300000000 0000000000000000 [ 57.949052][ T5023] page dumped because: VM_BUG_ON_PAGE(!PageLocked(page)) [ 57.956906][ T5023] page_owner tracks the page as allocated [ 57.962858][ T5023] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 1, tgid 1 (swapper/0), ts 8745308574, free_ts 0 [ 57.981192][ T5023] post_alloc_hook+0x2d2/0x350 [ 57.986032][ T5023] get_page_from_freelist+0x10a9/0x31e0 [ 57.991577][ T5023] __alloc_pages+0x1d0/0x4a0 [ 57.996244][ T5023] alloc_page_interleave+0x1e/0x250 [ 58.001561][ T5023] alloc_pages+0x22a/0x270 [ 58.006064][ T5023] __vmalloc_node_range+0xa6e/0x1540 [ 58.011376][ T5023] vzalloc+0x6b/0x80 [ 58.015349][ T5023] drm_fbdev_generic_helper_fb_probe+0x300/0x6d0 [ 58.021704][ T5023] __drm_fb_helper_initial_config_and_unlock+0xc31/0x1600 [ 58.028961][ T5023] drm_fb_helper_initial_config+0x44/0x60 [ 58.034932][ T5023] drm_fbdev_generic_client_hotplug+0x1a7/0x270 [ 58.041181][ T5023] drm_client_register+0x195/0x280 [ 58.046361][ T5023] drm_fbdev_generic_setup+0x11c/0x330 [ 58.051864][ T5023] vkms_init+0x625/0x760 [ 58.056310][ T5023] do_one_initcall+0x117/0x630 [ 58.061120][ T5023] kernel_init_freeable+0x5bd/0x8f0 [ 58.066561][ T5023] page_owner free stack trace missing [ 58.072096][ T5023] ------------[ cut here ]------------ [ 58.077611][ T5023] kernel BUG at mm/memory.c:2955! [ 58.082650][ T5023] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 58.088789][ T5023] CPU: 0 PID: 5023 Comm: syz-executor222 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 58.098849][ T5023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 58.109077][ T5023] RIP: 0010:do_page_mkwrite+0x468/0x680 [ 58.114629][ T5023] Code: de e8 6c 7c c1 ff 84 db 0f 85 c1 00 00 00 48 89 eb e9 76 fe ff ff e8 27 81 c1 ff 48 c7 c6 a0 e7 78 8a 48 89 ef e8 88 3d fe ff <0f> 0b 41 bc 02 00 00 00 e9 99 fe ff ff e8 06 81 c1 ff be 0c 04 00 [ 58.134331][ T5023] RSP: 0018:ffffc9000399fba8 EFLAGS: 00010293 [ 58.140508][ T5023] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 58.148570][ T5023] RDX: ffff888029153b80 RSI: ffffffff81c48c48 RDI: ffffffff8ac851a0 [ 58.156622][ T5023] RBP: ffffea00051fb440 R08: 0000000000000000 R09: fffffbfff1d5748a [ 58.164592][ T5023] R10: ffffffff8eaba457 R11: 1ffffffff1936441 R12: 0000000000000200 [ 58.172573][ T5023] R13: ffffea00051fb440 R14: 0000000000000a55 R15: 0000000000000000 [ 58.180539][ T5023] FS: 00005555560ab380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 58.189477][ T5023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.196070][ T5023] CR2: 0000000020000008 CR3: 000000001fa3d000 CR4: 00000000003506f0 [ 58.204049][ T5023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.212200][ T5023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.220181][ T5023] Call Trace: [ 58.223469][ T5023] [ 58.226399][ T5023] ? die+0x31/0x80 [ 58.230147][ T5023] ? do_trap+0x1ab/0x3b0 [ 58.234498][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.239536][ T5023] ? do_error_trap+0x9e/0x160 [ 58.244226][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.249177][ T5023] ? handle_invalid_op+0x2c/0x30 [ 58.254128][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.259079][ T5023] ? exc_invalid_op+0x2d/0x40 [ 58.263806][ T5023] ? asm_exc_invalid_op+0x1a/0x20 [ 58.268937][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.273891][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.278842][ T5023] ? do_page_mkwrite+0x468/0x680 [ 58.283796][ T5023] do_wp_page+0x3a0/0x3710 [ 58.288339][ T5023] ? lock_sync+0x190/0x190 [ 58.292790][ T5023] ? finish_mkwrite_fault+0x250/0x250 [ 58.298192][ T5023] ? do_raw_spin_lock+0x12e/0x2b0 [ 58.303232][ T5023] ? spin_bug+0x1d0/0x1d0 [ 58.307599][ T5023] __handle_mm_fault+0x1af7/0x3b80 [ 58.312766][ T5023] ? vm_iomap_memory+0x170/0x170 [ 58.317735][ T5023] ? find_vma+0x10e/0x1b0 [ 58.322072][ T5023] ? vma_link+0x290/0x290 [ 58.326410][ T5023] handle_mm_fault+0x2ab/0x9d0 [ 58.331205][ T5023] ? access_error+0x156/0x2d0 [ 58.335898][ T5023] ? lock_mm_and_find_vma+0xa6/0x760 [ 58.341214][ T5023] do_user_addr_fault+0x446/0xfc0 [ 58.346333][ T5023] ? rcu_is_watching+0x12/0xb0 [ 58.351123][ T5023] exc_page_fault+0x5c/0xd0 [ 58.355687][ T5023] asm_exc_page_fault+0x26/0x30 [ 58.360563][ T5023] RIP: 0033:0x7faa4440f726 [ 58.364990][ T5023] Code: 00 01 ba 00 60 b3 00 31 c0 68 00 c0 2f 00 41 b8 11 80 02 00 be 00 00 00 20 4c 8b 0d bc 69 0a 00 bf 09 00 00 00 e8 2a fc 02 00 04 25 08 00 00 20 00 45 31 c0 48 b8 2f 64 65 76 2f 66 62 30 b9 [ 58.384780][ T5023] RSP: 002b:00007ffc01834060 EFLAGS: 00010217 [ 58.390851][ T5023] RAX: 0000000020000000 RBX: 00007ffc01834238 RCX: 00007faa4443f369 [ 58.398913][ T5023] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000000020000000 [ 58.408191][ T5023] RBP: 00007faa444b2610 R08: 0000000000000004 R09: 00000000002fc000 [ 58.416541][ T5023] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001 [ 58.424512][ T5023] R13: 00007ffc01834228 R14: 0000000000000001 R15: 0000000000000001 [ 58.432580][ T5023] [ 58.435610][ T5023] Modules linked in: [ 58.439653][ T5023] ---[ end trace 0000000000000000 ]--- [ 58.445249][ T5023] RIP: 0010:do_page_mkwrite+0x468/0x680 [ 58.450833][ T5023] Code: de e8 6c 7c c1 ff 84 db 0f 85 c1 00 00 00 48 89 eb e9 76 fe ff ff e8 27 81 c1 ff 48 c7 c6 a0 e7 78 8a 48 89 ef e8 88 3d fe ff <0f> 0b 41 bc 02 00 00 00 e9 99 fe ff ff e8 06 81 c1 ff be 0c 04 00 [ 58.470771][ T5023] RSP: 0018:ffffc9000399fba8 EFLAGS: 00010293 [ 58.476892][ T5023] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 58.484943][ T5023] RDX: ffff888029153b80 RSI: ffffffff81c48c48 RDI: ffffffff8ac851a0 [ 58.492925][ T5023] RBP: ffffea00051fb440 R08: 0000000000000000 R09: fffffbfff1d5748a [ 58.501027][ T5023] R10: ffffffff8eaba457 R11: 1ffffffff1936441 R12: 0000000000000200 [ 58.509048][ T5023] R13: ffffea00051fb440 R14: 0000000000000a55 R15: 0000000000000000 [ 58.517058][ T5023] FS: 00005555560ab380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 58.526114][ T5023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.532686][ T5023] CR2: 000056269e66d0e8 CR3: 000000001fa3d000 CR4: 00000000003506e0 [ 58.540685][ T5023] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.548805][ T5023] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.557070][ T5023] Kernel panic - not syncing: Fatal exception [ 58.563391][ T5023] Kernel Offset: disabled [ 58.567721][ T5023] Rebooting in 86400 seconds..