./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2231266855 <...> Warning: Permanently added '10.128.1.239' (ED25519) to the list of known hosts. execve("./syz-executor2231266855", ["./syz-executor2231266855"], 0x7ffc76397110 /* 10 vars */) = 0 brk(NULL) = 0x55557ccec000 brk(0x55557ccecd00) = 0x55557ccecd00 arch_prctl(ARCH_SET_FS, 0x55557ccec380) = 0 set_tid_address(0x55557ccec650) = 5094 set_robust_list(0x55557ccec660, 24) = 0 rseq(0x55557ccecca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2231266855", 4096) = 28 getrandom("\xbb\xac\xa6\x48\xfe\x64\x80\x64", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557ccecd00 brk(0x55557cd0dd00) = 0x55557cd0dd00 brk(0x55557cd0e000) = 0x55557cd0e000 mprotect(0x7f53c4522000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5095 attached , child_tidptr=0x55557ccec650) = 5095 [pid 5095] set_robust_list(0x55557ccec660, 24) = 0 [pid 5095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5095] setpgid(0, 0) = 0 [pid 5095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5095] write(3, "1000", 4) = 4 [pid 5095] close(3) = 0 [pid 5095] write(1, "executing program\n", 18executing program ) = 18 [pid 5095] openat(AT_FDCWD, "/dev/bus/usb/006/001", O_RDWR|O_NOCTTY|O_TRUNC|O_APPEND|O_LARGEFILE|FASYNC) = 3 [pid 5095] prctl(0x41 /* PR_??? */, 0x3, 0, 0, 0) = 0 [ 79.587965][ T5095] ------------[ cut here ]------------ [ 79.593815][ T5095] kernel BUG at mm/page_table_check.c:157! [ 79.600003][ T5095] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 79.607081][ T5095] CPU: 1 PID: 5095 Comm: syz-executor223 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 79.617764][ T5095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 79.627921][ T5095] RIP: 0010:__page_table_check_zero+0x274/0x350 [ 79.634202][ T5095] Code: c1 0f 8c 39 fe ff ff 48 89 df e8 97 41 f4 ff e9 2c fe ff ff e8 5d 8c 8e ff 90 0f 0b e8 55 8c 8e ff 90 0f 0b e8 4d 8c 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 15 91 8e [ 79.654172][ T5095] RSP: 0018:ffffc9000356f938 EFLAGS: 00010293 [ 79.660545][ T5095] RAX: ffffffff82079b03 RBX: dffffc0000000000 RCX: ffff8880201f9e00 [ 79.668625][ T5095] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801901936c [ 79.676626][ T5095] RBP: ffff88801901936c R08: ffff88801901936f R09: 1ffff1100320326d [ 79.684628][ T5095] R10: dffffc0000000000 R11: ffffed100320326e R12: ffff888019019320 [ 79.692706][ T5095] R13: 1ffffffff2901988 R14: 0000000000000000 R15: 0000000000000000 [ 79.700783][ T5095] FS: 000055557ccec380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 79.709907][ T5095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.716598][ T5095] CR2: 00007f53c45260f0 CR3: 000000001ec26000 CR4: 00000000003506f0 [ 79.724708][ T5095] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 79.733688][ T5095] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 79.741869][ T5095] Call Trace: [ 79.745173][ T5095] [ 79.748162][ T5095] ? __die_body+0x88/0xe0 [ 79.753050][ T5095] ? die+0xcf/0x110 [ 79.757325][ T5095] ? do_trap+0x15a/0x3a0 [ 79.762405][ T5095] ? __page_table_check_zero+0x274/0x350 [ 79.768162][ T5095] ? do_error_trap+0x1dc/0x2c0 [ 79.772955][ T5095] ? __page_table_check_zero+0x274/0x350 [ 79.778989][ T5095] ? __pfx_do_error_trap+0x10/0x10 [ 79.784196][ T5095] ? handle_invalid_op+0x34/0x40 [ 79.789172][ T5095] ? __page_table_check_zero+0x274/0x350 [ 79.795373][ T5095] ? exc_invalid_op+0x38/0x50 [ 79.800101][ T5095] ? asm_exc_invalid_op+0x1a/0x20 [ 79.805137][ T5095] ? __page_table_check_zero+0x273/0x350 [ 79.810797][ T5095] ? __page_table_check_zero+0x274/0x350 [ 79.816476][ T5095] ? __page_table_check_zero+0x273/0x350 [ 79.822139][ T5095] free_unref_page+0xd36/0xea0 [ 79.826930][ T5095] ? __virt_addr_valid+0x183/0x520 [ 79.832408][ T5095] dec_usb_memory_use_count+0x259/0x350 [ 79.838182][ T5095] ? __pfx_usbdev_vm_close+0x10/0x10 [ 79.843588][ T5095] mmap_region+0x13b4/0x2090 [ 79.848330][ T5095] ? __pfx_mmap_region+0x10/0x10 [ 79.853365][ T5095] ? thp_get_unmapped_area_vmflags+0x269/0x380 [ 79.859539][ T5095] ? cap_mmap_addr+0x163/0x2c0 [ 79.864329][ T5095] ? __get_unmapped_area+0x2f0/0x360 [ 79.869661][ T5095] do_mmap+0x8ad/0xfa0 [ 79.873842][ T5095] ? __pfx_do_mmap+0x10/0x10 [ 79.878585][ T5095] ? __pfx_ima_file_mmap+0x10/0x10 [ 79.883744][ T5095] vm_mmap_pgoff+0x1dd/0x3d0 [ 79.888377][ T5095] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 79.893570][ T5095] ? __fget_files+0x29/0x470 [ 79.898198][ T5095] ? __fget_files+0x3f6/0x470 [ 79.903008][ T5095] ksys_mmap_pgoff+0x4f1/0x720 [ 79.907810][ T5095] ? __x64_sys_mmap+0x7f/0x140 [ 79.912683][ T5095] do_syscall_64+0xf3/0x230 [ 79.917194][ T5095] ? clear_bhb_loop+0x35/0x90 [ 79.921875][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.927791][ T5095] RIP: 0033:0x7f53c44af879 [ 79.932241][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 79.952029][ T5095] RSP: 002b:00007ffeb7440f68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 79.960454][ T5095] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f53c44af879 [ 79.968646][ T5095] RDX: 0000000001000006 RSI: 0000000000001000 RDI: 0000000020527000 [ 79.976638][ T5095] RBP: 00007f53c45225f0 R08: 0000000000000003 R09: 0000000000000000 [ 79.984792][ T5095] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 79.993051][ T5095] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 80.001144][ T5095] [ 80.004816][ T5095] Modules linked in: [ 80.009276][ T5095] ---[ end trace 0000000000000000 ]--- [ 80.014863][ T5095] RIP: 0010:__page_table_check_zero+0x274/0x350 [ 80.021236][ T5095] Code: c1 0f 8c 39 fe ff ff 48 89 df e8 97 41 f4 ff e9 2c fe ff ff e8 5d 8c 8e ff 90 0f 0b e8 55 8c 8e ff 90 0f 0b e8 4d 8c 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 15 91 8e [ 80.041293][ T5095] RSP: 0018:ffffc9000356f938 EFLAGS: 00010293 [ 80.047712][ T5095] RAX: ffffffff82079b03 RBX: dffffc0000000000 RCX: ffff8880201f9e00 [ 80.055747][ T5095] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801901936c [ 80.063773][ T5095] RBP: ffff88801901936c R08: ffff88801901936f R09: 1ffff1100320326d [ 80.072164][ T5095] R10: dffffc0000000000 R11: ffffed100320326e R12: ffff888019019320 [ 80.080212][ T5095] R13: 1ffffffff2901988 R14: 0000000000000000 R15: 0000000000000000 [ 80.088321][ T5095] FS: 000055557ccec380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 80.097346][ T5095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.103963][ T5095] CR2: 00007f53c45260f0 CR3: 000000001ec26000 CR4: 00000000003506f0 [ 80.111992][ T5095] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.120153][ T5095] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.128314][ T5095] Kernel panic - not syncing: Fatal exception [ 80.134752][ T5095] Kernel Offset: disabled [ 80.139274][ T5095] Rebooting in 86400 seconds..