./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1911931726 <...> Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts. execve("./syz-executor1911931726", ["./syz-executor1911931726"], 0x7ffee16ecd60 /* 10 vars */) = 0 brk(NULL) = 0x5555562cf000 brk(0x5555562cfd00) = 0x5555562cfd00 arch_prctl(ARCH_SET_FS, 0x5555562cf380) = 0 set_tid_address(0x5555562cf650) = 5068 set_robust_list(0x5555562cf660, 24) = 0 rseq(0x5555562cfca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1911931726", 4096) = 28 getrandom("\x9f\x2c\xaa\xa4\xf5\x0e\x1f\x0d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555562cfd00 brk(0x5555562f0d00) = 0x5555562f0d00 brk(0x5555562f1000) = 0x5555562f1000 mprotect(0x7f4badb0e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 madvise(0x20a93000, 16384, MADV_HUGEPAGE) = 0 mremap(0x20a96000, 4096, 8388608, MREMAP_MAYMOVE|MREMAP_FIXED, 0x20130000) = 0x20130000 userfaultfd(UFFD_USER_MODE_ONLY|O_CLOEXEC) = 3 ioctl(3, UFFDIO_API, {api=0xaa, features=0 => features=UFFD_FEATURE_PAGEFAULT_FLAG_WP|UFFD_FEATURE_EVENT_FORK|UFFD_FEATURE_EVENT_REMAP|UFFD_FEATURE_EVENT_REMOVE|UFFD_FEATURE_MISSING_HUGETLBFS|UFFD_FEATURE_MISSING_SHMEM|UFFD_FEATURE_EVENT_UNMAP|UFFD_FEATURE_SIGBUS|UFFD_FEATURE_THREAD_ID|UFFD_FEATURE_MINOR_HUGETLBFS|UFFD_FEATURE_MINOR_SHMEM|UFFD_FEATURE_EXACT_ADDRESS|0x14000, ioctls=1<<_UFFDIO_REGISTER|1<<_UFFDIO_UNREGISTER|1<<_UFFDIO_API}) = 0 ioctl(3, UFFDIO_REGISTER, {range={start=0x200e2000, len=0xc00000}, mode=UFFDIO_REGISTER_MODE_WP, ioctls=1<<_UFFDIO_WAKE|1<<_UFFDIO_COPY|1<<_UFFDIO_ZEROPAGE|1<<_UFFDIO_WRITEPROTECT|0x120}) = 0 ioctl(3, UFFDIO_COPY, {dst=0x20bf1000, src=0x204f8000, len=0x1000, mode=UFFDIO_COPY_MODE_DONTWAKE, copy=0x1000}) = 0 [ 66.662403][ T5068] page:ffffea0001e40000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79000 [ 66.672920][ T5068] head:ffffea0001e40000 order:9 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.681895][ T5068] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 66.690557][ T5068] page_type: 0xffffffff() [ 66.694973][ T5068] raw: 00fff00000000040 0000000000000000 dead000000000122 0000000000000000 [ 66.703595][ T5068] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 66.712226][ T5068] page dumped because: VM_BUG_ON_PAGE(!PageAnon(page)) [ 66.719375][ T5068] page_owner tracks the page as allocated [ 66.725090][ T5068] page last allocated via order 9, migratetype Unmovable, gfp_mask 0x1c25c2(__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_ZERO|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_DIRECT_RECLAIM), pid 5068, tgid 5068 (syz-executor191), ts 66661780609, free_ts 22786670932 [ 66.751278][ T5068] post_alloc_hook+0x2d0/0x350 [ 66.756101][ T5068] get_page_from_freelist+0xa19/0x3740 [ 66.761557][ T5068] __alloc_pages+0x22e/0x2410 [ 66.766266][ T5068] alloc_pages_mpol+0x258/0x5f0 [ 66.771303][ T5068] mm_get_huge_zero_page+0x93/0x2e0 [ 66.776642][ T5068] do_huge_pmd_anonymous_page+0xaa3/0x2170 [ 66.782458][ T5068] __handle_mm_fault+0x2a9f/0x4900 [ 66.787685][ T5068] handle_mm_fault+0x476/0xa00 [ 66.792481][ T5068] do_user_addr_fault+0x3f6/0x1020 [ 66.797647][ T5068] exc_page_fault+0x5c/0xc0 [ 66.802256][ T5068] asm_exc_page_fault+0x26/0x30 [ 66.807142][ T5068] page last free pid 1 tgid 1 stack trace: [ 66.812947][ T5068] free_unref_page_prepare+0x51f/0xb10 [ 66.818443][ T5068] free_unref_page+0x33/0x3c0 [ 66.823225][ T5068] free_contig_range+0xb6/0x190 [ 66.828390][ T5068] destroy_args+0xa69/0xe40 [ 66.832957][ T5068] debug_vm_pgtable+0x16fc/0x3250 [ 66.838048][ T5068] do_one_initcall+0x128/0x680 [ 66.842927][ T5068] kernel_init_freeable+0x692/0xc30 [ 66.848238][ T5068] kernel_init+0x1c/0x2a0 [ 66.852744][ T5068] ret_from_fork+0x45/0x80 [ 66.857214][ T5068] ret_from_fork_asm+0x11/0x20 [ 66.862110][ T5068] ------------[ cut here ]------------ [ 66.867705][ T5068] kernel BUG at include/linux/page-flags.h:1035! [ 66.874306][ T5068] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 66.880480][ T5068] CPU: 0 PID: 5068 Comm: syz-executor191 Not tainted 6.7.0-rc8-next-20240105-syzkaller #0 [ 66.890383][ T5068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 66.900432][ T5068] RIP: 0010:move_pages+0x1697/0x3d40 [ 66.905827][ T5068] Code: 00 00 48 c1 e8 0c 48 21 d0 48 c1 e0 06 48 01 c3 e9 b6 f7 ff ff e8 79 c6 9c ff 48 c7 c6 e0 7e dc 8a 48 89 df e8 0a 20 dc ff 90 <0f> 0b e8 62 c6 9c ff 48 89 da b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 [ 66.925618][ T5068] RSP: 0018:ffffc90003aefa98 EFLAGS: 00010293 [ 66.931686][ T5068] RAX: 0000000000000000 RBX: ffffea0001e40000 RCX: ffffffff81687599 [ 66.939762][ T5068] RDX: ffff88802a155940 RSI: ffffffff81eb5d46 RDI: 0000000000000000 [ 66.947727][ T5068] RBP: ffff88802abab810 R08: 0000000000000000 R09: fffffbfff1e75fda [ 66.955697][ T5068] R10: ffffffff8f3afed7 R11: 0000000000000001 R12: 0000000000000000 [ 66.963678][ T5068] R13: 0000000000000000 R14: 0000000020518000 R15: 0000000000000000 [ 66.971645][ T5068] FS: 00005555562cf380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 66.980573][ T5068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.987157][ T5068] CR2: 00000000204f8000 CR3: 000000006a725000 CR4: 00000000003506f0 [ 66.995296][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.003332][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.011382][ T5068] Call Trace: [ 67.014651][ T5068] [ 67.017611][ T5068] ? show_regs+0x8e/0xa0 [ 67.021872][ T5068] ? die+0x36/0xa0 [ 67.025605][ T5068] ? do_trap+0x22a/0x420 [ 67.029864][ T5068] ? move_pages+0x1697/0x3d40 [ 67.034544][ T5068] ? rcu_is_watching+0x12/0xb0 [ 67.039321][ T5068] ? move_pages+0x1697/0x3d40 [ 67.044004][ T5068] ? do_error_trap+0xf4/0x230 [ 67.048686][ T5068] ? move_pages+0x1697/0x3d40 [ 67.053456][ T5068] ? handle_invalid_op+0x34/0x40 [ 67.058397][ T5068] ? move_pages+0x1697/0x3d40 [ 67.063070][ T5068] ? exc_invalid_op+0x2e/0x40 [ 67.067859][ T5068] ? asm_exc_invalid_op+0x1a/0x20 [ 67.073168][ T5068] ? lock_release+0xa9/0x6a0 [ 67.077762][ T5068] ? move_pages+0x1696/0x3d40 [ 67.082443][ T5068] ? move_pages+0x1697/0x3d40 [ 67.087118][ T5068] ? move_pages+0x1696/0x3d40 [ 67.091813][ T5068] ? rwsem_read_trylock+0x129/0x250 [ 67.097284][ T5068] ? rcu_is_watching+0x12/0xb0 [ 67.102070][ T5068] ? down_write_trylock+0x3d0/0x3d0 [ 67.107296][ T5068] ? double_pt_unlock+0x40/0x40 [ 67.112174][ T5068] ? preempt_count_sub+0x160/0x160 [ 67.117319][ T5068] ? down_read+0xc9/0x330 [ 67.121736][ T5068] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 67.127462][ T5068] userfaultfd_ioctl+0x683/0x6420 [ 67.132615][ T5068] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 67.138439][ T5068] ? rcu_is_watching+0x12/0xb0 [ 67.143312][ T5068] ? userfaultfd_release+0x960/0x960 [ 67.148609][ T5068] ? do_vfs_ioctl+0x379/0x1920 [ 67.153897][ T5068] ? vfs_fileattr_set+0xbf0/0xbf0 [ 67.158930][ T5068] ? lock_release+0x4c8/0x6a0 [ 67.163605][ T5068] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 67.169584][ T5068] ? userfaultfd_release+0x960/0x960 [ 67.174972][ T5068] ? __x64_sys_ioctl+0x18f/0x210 [ 67.180009][ T5068] __x64_sys_ioctl+0x18f/0x210 [ 67.184794][ T5068] do_syscall_64+0xd0/0x250 [ 67.189349][ T5068] entry_SYSCALL_64_after_hwframe+0x62/0x6a [ 67.195340][ T5068] RIP: 0033:0x7f4bada9b3e9 [ 67.199840][ T5068] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.219443][ T5068] RSP: 002b:00007fff2c1d6998 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.227854][ T5068] RAX: ffffffffffffffda RBX: 00007fff2c1d6b68 RCX: 00007f4bada9b3e9 [ 67.236005][ T5068] RDX: 00000000200000c0 RSI: 00000000c028aa05 RDI: 0000000000000003 [ 67.244144][ T5068] RBP: 00007f4badb0e610 R08: 00007fff2c1d6b68 R09: 00007fff2c1d6b68 [ 67.252107][ T5068] R10: 00007fff2c1d6b68 R11: 0000000000000246 R12: 0000000000000001 [ 67.260161][ T5068] R13: 00007fff2c1d6b58 R14: 0000000000000001 R15: 0000000000000001 [ 67.268308][ T5068] [ 67.271316][ T5068] Modules linked in: [ 67.275497][ T5068] ---[ end trace 0000000000000000 ]--- [ 67.280961][ T5068] RIP: 0010:move_pages+0x1697/0x3d40 [ 67.286326][ T5068] Code: 00 00 48 c1 e8 0c 48 21 d0 48 c1 e0 06 48 01 c3 e9 b6 f7 ff ff e8 79 c6 9c ff 48 c7 c6 e0 7e dc 8a 48 89 df e8 0a 20 dc ff 90 <0f> 0b e8 62 c6 9c ff 48 89 da b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 [ 67.305979][ T5068] RSP: 0018:ffffc90003aefa98 EFLAGS: 00010293 [ 67.312142][ T5068] RAX: 0000000000000000 RBX: ffffea0001e40000 RCX: ffffffff81687599 [ 67.320142][ T5068] RDX: ffff88802a155940 RSI: ffffffff81eb5d46 RDI: 0000000000000000 [ 67.328364][ T5068] RBP: ffff88802abab810 R08: 0000000000000000 R09: fffffbfff1e75fda [ 67.336353][ T5068] R10: ffffffff8f3afed7 R11: 0000000000000001 R12: 0000000000000000 [ 67.344423][ T5068] R13: 0000000000000000 R14: 0000000020518000 R15: 0000000000000000 [ 67.352515][ T5068] FS: 00005555562cf380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 67.361474][ T5068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.368199][ T5068] CR2: 00000000204f8000 CR3: 000000006a725000 CR4: 00000000003506f0 [ 67.376392][ T5068] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.384352][ T5068] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.392346][ T5068] Kernel panic - not syncing: Fatal exception [ 67.398521][ T5068] Kernel Offset: disabled [ 67.402902][ T5068] Rebooting in 86400 seconds..