./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor561790451 <...> DUID 00:04:92:3d:a4:bf:d8:99:95:1d:d2:9f:0e:34:7d:20:a7:e6 forked to background, child pid 4654 [ 52.814137][ T4655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.840280][ T4655] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. execve("./syz-executor561790451", ["./syz-executor561790451"], 0x7fffe40e9af0 /* 10 vars */) = 0 brk(NULL) = 0x555556e84000 brk(0x555556e84c40) = 0x555556e84c40 arch_prctl(ARCH_SET_FS, 0x555556e84300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor561790451", 4096) = 27 brk(0x555556ea5c40) = 0x555556ea5c40 brk(0x555556ea6000) = 0x555556ea6000 mprotect(0x7fb0a3fad000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/udmabuf", O_RDWR) = 3 memfd_create("\x79\x10\x35\x25\xa3\xd5\xfa\xd7\xfa\x17\xe9\x99\xa2\x89\x8e\xcd\xfd", MFD_ALLOW_SEALING) = 4 fcntl(4, F_ADD_SEALS, F_SEAL_SEAL|F_SEAL_SHRINK|F_SEAL_GROW) = 0 dup(3) = 5 syzkaller login: [ 76.702607][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor561' [ 76.714140][ T5080] BUG: unable to handle page fault for address: ffffffffffffffed [ 76.721893][ T5080] #PF: supervisor read access in kernel mode [ 76.727871][ T5080] #PF: error_code(0x0000) - not-present page [ 76.733935][ T5080] PGD c570067 P4D c570067 PUD c572067 PMD 0 [ 76.739948][ T5080] Oops: 0000 [#1] PREEMPT SMP KASAN [ 76.745238][ T5080] CPU: 1 PID: 5080 Comm: syz-executor561 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0 [ 76.755245][ T5080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 76.765446][ T5080] RIP: 0010:folio_flags.constprop.0+0x2c/0x150 [ 76.771747][ T5080] Code: 49 89 fc 55 53 e8 84 4e b7 ff 49 8d 7c 24 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f8 00 00 00 <49> 8b 5c 24 08 31 ff 83 e3 01 48 89 de e8 c2 4a b7 ff 48 85 db 0f [ 76.792770][ T5080] RSP: 0018:ffffc90003cbfc08 EFLAGS: 00010246 [ 76.798846][ T5080] RAX: dffffc0000000000 RBX: ffffffffffffffe5 RCX: 0000000000000000 [ 76.806822][ T5080] RDX: 1ffffffffffffffd RSI: ffffffff81cd1f5c RDI: ffffffffffffffed [ 76.814817][ T5080] RBP: ffffffffffffffe5 R08: 0000000000000005 R09: 0000000000000000 [ 76.822808][ T5080] R10: 00000000ffffffe5 R11: 0000000000000000 R12: ffffffffffffffe5 [ 76.830811][ T5080] R13: 000feffffff00000 R14: 0000000000000046 R15: 000feffffff00000 [ 76.838790][ T5080] FS: 0000555556e84300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 76.847729][ T5080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.854318][ T5080] CR2: ffffffffffffffed CR3: 000000002bb37000 CR4: 00000000003506e0 [ 76.862296][ T5080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 76.870386][ T5080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.878483][ T5080] Call Trace: [ 76.881808][ T5080] [ 76.884745][ T5080] PageHeadHuge+0x18/0xc0 [ 76.889106][ T5080] shmem_read_mapping_page_gfp+0x34/0x100 [ 76.894869][ T5080] udmabuf_create+0x93b/0x1440 [ 76.899673][ T5080] ? __might_fault+0xd9/0x180 [ 76.904375][ T5080] ? put_page+0x280/0x280 [ 76.908833][ T5080] udmabuf_ioctl+0x156/0x2c0 [ 76.913447][ T5080] ? udmabuf_create+0x1440/0x1440 [ 76.918505][ T5080] ? bpf_lsm_file_ioctl+0x9/0x10 [ 76.923466][ T5080] ? udmabuf_create+0x1440/0x1440 [ 76.928506][ T5080] __x64_sys_ioctl+0x197/0x210 [ 76.933290][ T5080] do_syscall_64+0x39/0xb0 [ 76.937902][ T5080] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.943810][ T5080] RIP: 0033:0x7fb0a3f40bb9 [ 76.948232][ T5080] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.967875][ T5080] RSP: 002b:00007ffd5ab9a6e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.976312][ T5080] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb0a3f40bb9 [ 76.984292][ T5080] RDX: 0000000020000080 RSI: 0000000040187542 RDI: 0000000000000005 [ 76.992279][ T5080] RBP: 00007fb0a3f04d60 R08: 0000000000000000 R09: 0000000000000000 [ 77.000267][ T5080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb0a3f04df0 [ 77.008250][ T5080] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.016243][ T5080] [ 77.019615][ T5080] Modules linked in: [ 77.023509][ T5080] CR2: ffffffffffffffed [ 77.027673][ T5080] ---[ end trace 0000000000000000 ]--- [ 77.033135][ T5080] RIP: 0010:folio_flags.constprop.0+0x2c/0x150 [ 77.039304][ T5080] Code: 49 89 fc 55 53 e8 84 4e b7 ff 49 8d 7c 24 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f8 00 00 00 <49> 8b 5c 24 08 31 ff 83 e3 01 48 89 de e8 c2 4a b7 ff 48 85 db 0f [ 77.059005][ T5080] RSP: 0018:ffffc90003cbfc08 EFLAGS: 00010246 [ 77.065075][ T5080] RAX: dffffc0000000000 RBX: ffffffffffffffe5 RCX: 0000000000000000 [ 77.073053][ T5080] RDX: 1ffffffffffffffd RSI: ffffffff81cd1f5c RDI: ffffffffffffffed [ 77.081031][ T5080] RBP: ffffffffffffffe5 R08: 0000000000000005 R09: 0000000000000000 [ 77.089010][ T5080] R10: 00000000ffffffe5 R11: 0000000000000000 R12: ffffffffffffffe5 [ 77.097002][ T5080] R13: 000feffffff00000 R14: 0000000000000046 R15: 000feffffff00000 [ 77.104977][ T5080] FS: 0000555556e84300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 77.113926][ T5080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.120513][ T5080] CR2: ffffffffffffffed CR3: 000000002bb37000 CR4: 00000000003506e0 [ 77.128493][ T5080] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.136471][ T5080] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.144462][ T5080] Kernel panic - not syncing: Fatal exception [ 77.150692][ T5080] Kernel Offset: disabled [ 77.155028][ T5080] Rebooting in 86400 seconds..