./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1984983432 <...> Warning: Permanently added '10.128.1.49' (ED25519) to the list of known hosts. execve("./syz-executor1984983432", ["./syz-executor1984983432"], 0x7fff96b11250 /* 10 vars */) = 0 brk(NULL) = 0x555581bd9000 brk(0x555581bd9d00) = 0x555581bd9d00 arch_prctl(ARCH_SET_FS, 0x555581bd9380) = 0 set_tid_address(0x555581bd9650) = 5865 set_robust_list(0x555581bd9660, 24) = 0 rseq(0x555581bd9ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1984983432", 4096) = 28 getrandom("\x04\x30\xe0\x07\x8d\x4b\x2c\x51", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555581bd9d00 brk(0x555581bfad00) = 0x555581bfad00 brk(0x555581bfb000) = 0x555581bfb000 mprotect(0x7fcfc192c000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 write(1, "executing program\n", 18executing program ) = 18 madvise(0x200000000000, 8388608, MADV_HUGEPAGE) = 0 clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88./strace-static-x86_64: Process 5866 attached ) = 5866 [pid 5865] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5865] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffe15f77dd0) = 0 [pid 5865] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5865] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 [pid 5865] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5866] exit(0 [pid 5865] <... ioctl resumed>, 0x7ffe15f77dd0) = 0 [pid 5865] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5866] <... exit resumed>) = ? [pid 5866] +++ exited with 0 +++ <... ioctl resumed>, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe15f76dc0) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 [ 91.824982][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe15f76dc0) = 18 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe15f76dc0) = 9 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffe15f76dc0) = 36 [ 91.984753][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 92.019383][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffe15f77dd0) = 0 ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fcfc19323cc) = -1 EINVAL (Invalid argument) ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffe15f76dc0) = 0 [ 92.031542][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.041773][ T9] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 92.050965][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.062980][ T9] usb 1-1: config 0 descriptor?? [ 92.198400][ T1973] cfg80211: failed to load regulatory.db io_uring_register(-1, IORING_REGISTER_RING_FDS, [{offset=0, resv=0x1, data=0}], 1) = -1 EINVAL (Invalid argument) mprotect(0x200000000000, 8388608, PROT_WRITE|PROT_EXEC) = 0 socket(AF_XDP, SOCK_RAW, 0) = 4 [ 92.361304][ T5865] page: refcount:507 mapcount:1 mapping:0000000000000000 index:0x200000009 pfn:0x70609 [ 92.371543][ T5865] head: order:9 mapcount:505 entire_mapcount:0 nr_pages_mapped:505 pincount:2 [ 92.380666][ T5865] memcg:ffff88801ba80000 [ 92.385074][ T5865] anon flags: 0xfff6000002007c(referenced|uptodate|dirty|lru|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 92.397012][ T5865] raw: 00fff00000000000 ffffea0001c18001 dead000000000122 dead000000000400 [ 92.407692][ T5865] raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 92.416690][ T5865] head: 00fff6000002007c ffffea0000476b48 ffffea0000472b88 ffff888072f74aa1 [ 92.426934][ T5865] head: 0000000200000000 0000000000000000 000001fbffffffff ffff88801ba80000 [ 92.436594][ T5865] head: 00fff00000010a09 ffffea0001c18001 000001f9000001f8 00000002ffffffff [ 92.448560][ T5865] head: ffffffff000001f8 0000000000000016 0000000000000000 0000000000000200 [ 92.459042][ T5865] page dumped because: VM_WARN_ON_ONCE_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page)) [ 92.476084][ T5865] page_owner tracks the page as allocated [ 92.484683][ T5865] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5865, tgid 5865 (syz-executor198), ts 91521279565, free_ts 30537766353 [ 92.507021][ T5865] post_alloc_hook+0x240/0x2a0 [ 92.513078][ T5865] get_page_from_freelist+0x21e4/0x22c0 [ 92.519342][ T5865] __alloc_frozen_pages_noprof+0x181/0x370 [ 92.525689][ T5865] alloc_pages_mpol+0x1dc/0x4a0 [ 92.532056][ T5865] vma_alloc_folio_noprof+0xe4/0x200 [ 92.537836][ T5865] vma_alloc_anon_folio_pmd+0x39/0x320 [ 92.544776][ T5865] do_huge_pmd_anonymous_page+0x2b9/0xb60 [ 92.551903][ T5865] __handle_mm_fault+0x1139/0x5440 [ 92.557465][ T5865] handle_mm_fault+0x40a/0x8e0 [ 92.562388][ T5865] do_user_addr_fault+0xa81/0x1390 [ 92.567966][ T5865] exc_page_fault+0x76/0xf0 [ 92.573319][ T5865] asm_exc_page_fault+0x26/0x30 [ 92.579274][ T5865] page last free pid 1 tgid 1 stack trace: [ 92.585799][ T5865] __free_frozen_pages+0xbc4/0xd30 [ 92.591122][ T5865] free_contig_range+0x1bd/0x4a0 [ 92.596180][ T5865] destroy_args+0x64/0x4a0 [ 92.600771][ T5865] debug_vm_pgtable+0x39f/0x3b0 [ 92.606059][ T5865] do_one_initcall+0x233/0x820 [ 92.611800][ T5865] do_initcall_level+0x104/0x190 [ 92.617072][ T5865] do_initcalls+0x59/0xa0 [ 92.621996][ T5865] kernel_init_freeable+0x334/0x4b0 [ 92.628294][ T5865] kernel_init+0x1d/0x1d0 [ 92.633202][ T5865] ret_from_fork+0x3f9/0x770 [ 92.637970][ T5865] ret_from_fork_asm+0x1a/0x30 [ 92.643174][ T5865] ------------[ cut here ]------------ [ 92.649525][ T5865] WARNING: CPU: 1 PID: 5865 at mm/gup.c:869 follow_page_pte+0xe3c/0x13e0 [ 92.658780][ T5865] Modules linked in: [ 92.663498][ T5865] CPU: 1 UID: 0 PID: 5865 Comm: syz-executor198 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 92.676993][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 92.687894][ T5865] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 92.693921][ T5865] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 92.714443][ T5865] RSP: 0018:ffffc90003f0f8a0 EFLAGS: 00010246 [ 92.721501][ T5865] RAX: 3f311e2de65dbb00 RBX: 0000000000000000 RCX: 3f311e2de65dbb00 [ 92.729904][ T5865] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888030f58000 [ 92.738304][ T5865] RBP: ffffc90003f0f988 R08: ffffc90003f0f267 R09: 1ffff920007e1e4c [ 92.746818][ T5865] R10: dffffc0000000000 R11: fffff520007e1e4d R12: dffffc0000000000 [ 92.754876][ T5865] R13: 0000000000080101 R14: ffffea0001c18240 R15: 0000000070609867 [ 92.763062][ T5865] FS: 0000555581bd9380(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 [ 92.772345][ T5865] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 92.779036][ T5865] CR2: 00007fcfc19300f0 CR3: 0000000072fb4000 CR4: 00000000003526f0 [ 92.787541][ T5865] Call Trace: [ 92.791063][ T5865] [ 92.794052][ T5865] ? __pfx_follow_page_pte+0x10/0x10 [ 92.799916][ T5865] __get_user_pages+0xa8e/0x2ce0 [ 92.805220][ T5865] __gup_longterm_locked+0x3dc/0x1660 [ 92.810658][ T5865] ? rcu_is_watching+0x15/0xb0 [ 92.815544][ T5865] ? xdp_umem_pin_pages+0x52/0x340 [ 92.820926][ T5865] pin_user_pages+0x9e/0xd0 [ 92.825528][ T5865] xdp_umem_pin_pages+0x117/0x340 [ 92.830683][ T5865] xdp_umem_create+0x677/0x8e0 [ 92.835578][ T5865] xsk_setsockopt+0x7b0/0x8d0 [ 92.840288][ T5865] ? __pfx_xsk_setsockopt+0x10/0x10 [ 92.845671][ T5865] ? ptrace_notify+0x22d/0x2c0 [ 92.850490][ T5865] ? aa_sock_opt_perm+0xff/0x1b0 [ 92.855611][ T5865] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 92.861548][ T5865] ? __pfx_xsk_setsockopt+0x10/0x10 [ 92.867169][ T5865] do_sock_setsockopt+0x179/0x1b0 [ 92.872620][ T5865] __x64_sys_setsockopt+0x13f/0x1b0 [ 92.878245][ T5865] do_syscall_64+0xfa/0x3b0 [ 92.882875][ T5865] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.888272][ T5865] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.894760][ T5865] ? clear_bhb_loop+0x60/0xb0 [ 92.899604][ T5865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.905875][ T5865] RIP: 0033:0x7fcfc18b8f19 [ 92.910438][ T5865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 92.931464][ T5865] RSP: 002b:00007ffe15f78e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 92.940758][ T5865] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007fcfc18b8f19 [ 92.949467][ T5865] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 92.957550][ T5865] RBP: 00007fcfc192c610 R08: 000000000000001c R09: 0000000000000000 [ 92.965625][ T5865] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 92.973824][ T5865] R13: 00007ffe15f790d8 R14: 0000000000000001 R15: 0000000000000001 [ 92.982111][ T5865] [ 92.985402][ T5865] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 92.992849][ T5865] CPU: 1 UID: 0 PID: 5865 Comm: syz-executor198 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 93.006367][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 93.017596][ T5865] Call Trace: [ 93.020924][ T5865] [ 93.023989][ T5865] dump_stack_lvl+0x99/0x250 [ 93.029051][ T5865] ? __asan_memcpy+0x40/0x70 [ 93.033904][ T5865] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.039534][ T5865] ? __pfx__printk+0x10/0x10 [ 93.044360][ T5865] vpanic+0x281/0x750 [ 93.049042][ T5865] ? __pfx__printk+0x10/0x10 [ 93.054421][ T5865] ? __pfx_vpanic+0x10/0x10 [ 93.060390][ T5865] ? is_bpf_text_address+0x26/0x2b0 [ 93.066431][ T5865] panic+0xb9/0xc0 [ 93.070965][ T5865] ? __pfx_panic+0x10/0x10 [ 93.075824][ T5865] __warn+0x31b/0x4b0 [ 93.080031][ T5865] ? follow_page_pte+0xe3c/0x13e0 [ 93.085880][ T5865] ? follow_page_pte+0xe3c/0x13e0 [ 93.091152][ T5865] report_bug+0x2be/0x4f0 [ 93.096086][ T5865] ? follow_page_pte+0xe3c/0x13e0 [ 93.101602][ T5865] ? follow_page_pte+0xe3c/0x13e0 [ 93.109029][ T5865] ? follow_page_pte+0xe3e/0x13e0 [ 93.115326][ T5865] handle_bug+0x84/0x160 [ 93.119898][ T5865] exc_invalid_op+0x1a/0x50 [ 93.125430][ T5865] asm_exc_invalid_op+0x1a/0x20 [ 93.131040][ T5865] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 93.138007][ T5865] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 93.161552][ T5865] RSP: 0018:ffffc90003f0f8a0 EFLAGS: 00010246 [ 93.168374][ T5865] RAX: 3f311e2de65dbb00 RBX: 0000000000000000 RCX: 3f311e2de65dbb00 [ 93.176408][ T5865] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888030f58000 [ 93.185567][ T5865] RBP: ffffc90003f0f988 R08: ffffc90003f0f267 R09: 1ffff920007e1e4c [ 93.194309][ T5865] R10: dffffc0000000000 R11: fffff520007e1e4d R12: dffffc0000000000 [ 93.203028][ T5865] R13: 0000000000080101 R14: ffffea0001c18240 R15: 0000000070609867 [ 93.212015][ T5865] ? __pfx_follow_page_pte+0x10/0x10 [ 93.217555][ T5865] __get_user_pages+0xa8e/0x2ce0 [ 93.223008][ T5865] __gup_longterm_locked+0x3dc/0x1660 [ 93.228664][ T5865] ? rcu_is_watching+0x15/0xb0 [ 93.234407][ T5865] ? xdp_umem_pin_pages+0x52/0x340 [ 93.239908][ T5865] pin_user_pages+0x9e/0xd0 [ 93.245421][ T5865] xdp_umem_pin_pages+0x117/0x340 [ 93.250695][ T5865] xdp_umem_create+0x677/0x8e0 [ 93.258587][ T5865] xsk_setsockopt+0x7b0/0x8d0 [ 93.264496][ T5865] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.270629][ T5865] ? ptrace_notify+0x22d/0x2c0 [ 93.275655][ T5865] ? aa_sock_opt_perm+0xff/0x1b0 [ 93.281423][ T5865] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 93.287715][ T5865] ? __pfx_xsk_setsockopt+0x10/0x10 [ 93.293483][ T5865] do_sock_setsockopt+0x179/0x1b0 [ 93.298835][ T5865] __x64_sys_setsockopt+0x13f/0x1b0 [ 93.304668][ T5865] do_syscall_64+0xfa/0x3b0 [ 93.309665][ T5865] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.315385][ T5865] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.322070][ T5865] ? clear_bhb_loop+0x60/0xb0 [ 93.326794][ T5865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.333614][ T5865] RIP: 0033:0x7fcfc18b8f19 [ 93.338356][ T5865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 93.360054][ T5865] RSP: 002b:00007ffe15f78e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 93.368767][ T5865] RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007fcfc18b8f19 [ 93.376940][ T5865] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 93.385109][ T5865] RBP: 00007fcfc192c610 R08: 000000000000001c R09: 0000000000000000 [ 93.393398][ T5865] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 93.401576][ T5865] R13: 00007ffe15f790d8 R14: 0000000000000001 R15: 0000000000000001 [ 93.409759][ T5865] [ 93.413280][ T5865] Kernel Offset: disabled [ 93.417627][ T5865] Rebooting in 86400 seconds..