./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3029833109 <...> Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. execve("./syz-executor3029833109", ["./syz-executor3029833109"], 0x7ffe900fea70 /* 10 vars */) = 0 brk(NULL) = 0x555557f15000 brk(0x555557f15d00) = 0x555557f15d00 arch_prctl(ARCH_SET_FS, 0x555557f15380) = 0 set_tid_address(0x555557f15650) = 5865 set_robust_list(0x555557f15660, 24) = 0 rseq(0x555557f15ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3029833109", 4096) = 28 getrandom("\x70\x15\x4c\x8f\xc3\xe3\xec\x20", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557f15d00 brk(0x555557f36d00) = 0x555557f36d00 brk(0x555557f37000) = 0x555557f37000 mprotect(0x7f9ea1d33000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5866 attached , child_tidptr=0x555557f15650) = 5866 [pid 5866] set_robust_list(0x555557f15660, 24) = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 executing program [pid 5866] write(1, "executing program\n", 18) = 18 [pid 5866] madvise(0x200000000000, 8388608, MADV_HUGEPAGE) = 0 [pid 5866] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88./strace-static-x86_64: Process 5867 attached ) = 5867 [pid 5866] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5866] ioctl(3, USB_RAW_IOCTL_INIT, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5867] exit(0) = ? [pid 5867] +++ exited with 0 +++ [pid 5866] <... ioctl resumed>, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc94f841a0) = 18 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [ 88.590741][ T981] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc94f841a0) = 18 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc94f841a0) = 9 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [ 88.770575][ T981] usb 1-1: Using ep0 maxpacket: 16 [pid 5866] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7ffc94f841a0) = 36 [pid 5866] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7ffc94f851b0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5866] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f9ea1d393ec) = -1 EINVAL (Invalid argument) [pid 5866] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7ffc94f841a0) = 0 [ 88.822150][ T981] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.833257][ T981] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.843418][ T981] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 88.852876][ T981] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.864082][ T981] usb 1-1: config 0 descriptor?? [pid 5866] io_uring_register(-1, IORING_REGISTER_RING_FDS, [{offset=0, resv=0x1, data=0}], 1) = -1 EINVAL (Invalid argument) [pid 5866] mprotect(0x200000000000, 8388608, PROT_WRITE|PROT_EXEC) = 0 [pid 5866] socket(AF_XDP, SOCK_RAW, 0) = 4 [ 89.134725][ T5866] page: refcount:507 mapcount:1 mapping:0000000000000000 index:0x200000009 pfn:0x70809 [ 89.144633][ T5866] head: order:9 mapcount:505 entire_mapcount:0 nr_pages_mapped:505 pincount:2 [ 89.153655][ T5866] memcg:ffff88801b6f8000 [ 89.157938][ T5866] anon flags: 0xfff6000002007c(referenced|uptodate|dirty|lru|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 89.170337][ T5866] raw: 00fff00000000000 ffffea0001c20001 dead000000000122 dead000000000400 [ 89.179013][ T5866] raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 89.188218][ T5866] head: 00fff6000002007c ffffea0001c52088 ffffea0001cc9988 ffff88807c250551 [ 89.196996][ T5866] head: 0000000200000000 0000000000000000 000001fbffffffff ffff88801b6f8000 [ 89.205866][ T5866] head: 00fff00000010a09 ffffea0001c20001 000001f9000001f8 00000002ffffffff [ 89.214719][ T5866] head: ffffffff000001f8 0000000000000015 0000000000000000 0000000000000200 [ 89.223502][ T5866] page dumped because: VM_WARN_ON_ONCE_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page)) [ 89.235247][ T5866] page_owner tracks the page as allocated [ 89.241191][ T5866] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5866, tgid 5866 (syz-executor302), ts 88334625720, free_ts 28109339748 [ 89.260320][ T5866] post_alloc_hook+0x240/0x2a0 [ 89.265209][ T5866] get_page_from_freelist+0x21e4/0x22c0 [ 89.270822][ T5866] __alloc_frozen_pages_noprof+0x181/0x370 [ 89.276918][ T5866] alloc_pages_mpol+0x1dc/0x4a0 [ 89.282299][ T5866] vma_alloc_folio_noprof+0xe4/0x200 [ 89.287713][ T5866] vma_alloc_anon_folio_pmd+0x39/0x320 [ 89.293325][ T5866] do_huge_pmd_anonymous_page+0x2b9/0xb60 [ 89.299068][ T5866] __handle_mm_fault+0x1139/0x5440 [ 89.304258][ T5866] handle_mm_fault+0x40a/0x8e0 [ 89.309225][ T5866] do_user_addr_fault+0xa81/0x1390 [ 89.314515][ T5866] exc_page_fault+0x76/0xf0 [ 89.319506][ T5866] asm_exc_page_fault+0x26/0x30 [ 89.324500][ T5866] page last free pid 1 tgid 1 stack trace: [ 89.330327][ T5866] __free_frozen_pages+0xbc4/0xd30 [ 89.335583][ T5866] free_contig_range+0x1bd/0x4a0 [ 89.340685][ T5866] destroy_args+0x64/0x4a0 [ 89.345244][ T5866] debug_vm_pgtable+0x39f/0x3b0 [ 89.350124][ T5866] do_one_initcall+0x233/0x820 [ 89.355030][ T5866] do_initcall_level+0x104/0x190 [ 89.360184][ T5866] do_initcalls+0x59/0xa0 [ 89.364768][ T5866] kernel_init_freeable+0x334/0x4b0 [ 89.370383][ T5866] kernel_init+0x1d/0x1d0 [ 89.374868][ T5866] ret_from_fork+0x3f9/0x770 [ 89.379493][ T5866] ret_from_fork_asm+0x1a/0x30 [ 89.384480][ T5866] ------------[ cut here ]------------ [ 89.389967][ T5866] WARNING: CPU: 0 PID: 5866 at mm/gup.c:869 follow_page_pte+0xe3c/0x13e0 [ 89.398582][ T5866] Modules linked in: [ 89.402550][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: syz-executor302 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 89.415826][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.426071][ T5866] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 89.431811][ T5866] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 89.452284][ T5866] RSP: 0018:ffffc90003ddf8a0 EFLAGS: 00010246 [ 89.458485][ T5866] RAX: 308c9254a9bba300 RBX: 0000000000000000 RCX: 308c9254a9bba300 [ 89.466591][ T5866] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff8880322c9e00 [ 89.474631][ T5866] RBP: ffffc90003ddf988 R08: 0000000000000003 R09: 0000000000000004 [ 89.482861][ T5866] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 89.491009][ T5866] R13: 0000000000080101 R14: ffffea0001c20240 R15: 0000000070809867 [ 89.498995][ T5866] FS: 0000555557f15380(0000) GS:ffff888125c24000(0000) knlGS:0000000000000000 [ 89.508106][ T5866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.514969][ T5866] CR2: 0000200000004340 CR3: 0000000072ff4000 CR4: 00000000003526f0 [ 89.523126][ T5866] Call Trace: [ 89.526524][ T5866] [ 89.529465][ T5866] ? __pfx_follow_page_pte+0x10/0x10 [ 89.535123][ T5866] __get_user_pages+0xa8e/0x2ce0 [ 89.540145][ T5866] __gup_longterm_locked+0x3dc/0x1660 [ 89.545626][ T5866] ? rcu_is_watching+0x15/0xb0 [ 89.550545][ T5866] ? xdp_umem_pin_pages+0x52/0x340 [ 89.555965][ T5866] pin_user_pages+0x9e/0xd0 [ 89.560591][ T5866] xdp_umem_pin_pages+0x117/0x340 [ 89.565716][ T5866] xdp_umem_create+0x677/0x8e0 [ 89.570672][ T5866] xsk_setsockopt+0x7b0/0x8d0 [ 89.575389][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 89.581122][ T5866] ? ptrace_notify+0x22d/0x2c0 [ 89.585929][ T5866] ? aa_sock_opt_perm+0xff/0x1b0 [ 89.591089][ T5866] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 89.596864][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 89.602232][ T5866] do_sock_setsockopt+0x179/0x1b0 [ 89.607341][ T5866] __x64_sys_setsockopt+0x13f/0x1b0 [ 89.612812][ T5866] do_syscall_64+0xfa/0x3b0 [ 89.617486][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 89.622948][ T5866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.629152][ T5866] ? clear_bhb_loop+0x60/0xb0 [ 89.633955][ T5866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.639883][ T5866] RIP: 0033:0x7f9ea1cc05b9 [ 89.644454][ T5866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 89.664431][ T5866] RSP: 002b:00007ffc94f86308 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 89.672930][ T5866] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ea1cc05b9 [ 89.680978][ T5866] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 89.689418][ T5866] RBP: 00007f9ea1d335f0 R08: 000000000000001c R09: 0000000000000006 [ 89.697995][ T5866] R10: 00002000000000c0 R11: 0000000000000206 R12: 0000000000000001 [ 89.706157][ T5866] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 89.714325][ T5866] [ 89.717485][ T5866] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 89.724797][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: syz-executor302 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 89.736923][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 89.747001][ T5866] Call Trace: [ 89.750310][ T5866] [ 89.753269][ T5866] dump_stack_lvl+0x99/0x250 [ 89.757966][ T5866] ? __asan_memcpy+0x40/0x70 [ 89.762917][ T5866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.768213][ T5866] ? __pfx__printk+0x10/0x10 [ 89.772848][ T5866] vpanic+0x281/0x750 [ 89.776893][ T5866] ? __pfx__printk+0x10/0x10 [ 89.781513][ T5866] ? __pfx_vpanic+0x10/0x10 [ 89.786028][ T5866] ? is_bpf_text_address+0x26/0x2b0 [ 89.791450][ T5866] panic+0xb9/0xc0 [ 89.795269][ T5866] ? __pfx_panic+0x10/0x10 [ 89.800009][ T5866] __warn+0x31b/0x4b0 [ 89.804025][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 89.809606][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 89.814812][ T5866] report_bug+0x2be/0x4f0 [ 89.819192][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 89.824264][ T5866] ? follow_page_pte+0xe3c/0x13e0 [ 89.829308][ T5866] ? follow_page_pte+0xe3e/0x13e0 [ 89.834337][ T5866] handle_bug+0x84/0x160 [ 89.838692][ T5866] exc_invalid_op+0x1a/0x50 [ 89.843199][ T5866] asm_exc_invalid_op+0x1a/0x20 [ 89.848056][ T5866] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 89.853954][ T5866] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 89.873563][ T5866] RSP: 0018:ffffc90003ddf8a0 EFLAGS: 00010246 [ 89.879699][ T5866] RAX: 308c9254a9bba300 RBX: 0000000000000000 RCX: 308c9254a9bba300 [ 89.887683][ T5866] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff8880322c9e00 [ 89.895659][ T5866] RBP: ffffc90003ddf988 R08: 0000000000000003 R09: 0000000000000004 [ 89.903639][ T5866] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 89.912722][ T5866] R13: 0000000000080101 R14: ffffea0001c20240 R15: 0000000070809867 [ 89.920813][ T5866] ? __pfx_follow_page_pte+0x10/0x10 [ 89.926114][ T5866] __get_user_pages+0xa8e/0x2ce0 [ 89.931090][ T5866] __gup_longterm_locked+0x3dc/0x1660 [ 89.936594][ T5866] ? rcu_is_watching+0x15/0xb0 [ 89.941378][ T5866] ? xdp_umem_pin_pages+0x52/0x340 [ 89.946524][ T5866] pin_user_pages+0x9e/0xd0 [ 89.951038][ T5866] xdp_umem_pin_pages+0x117/0x340 [ 89.956165][ T5866] xdp_umem_create+0x677/0x8e0 [ 89.960949][ T5866] xsk_setsockopt+0x7b0/0x8d0 [ 89.965660][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 89.970925][ T5866] ? ptrace_notify+0x22d/0x2c0 [ 89.975722][ T5866] ? aa_sock_opt_perm+0xff/0x1b0 [ 89.980761][ T5866] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 89.986313][ T5866] ? __pfx_xsk_setsockopt+0x10/0x10 [ 89.991782][ T5866] do_sock_setsockopt+0x179/0x1b0 [ 89.996818][ T5866] __x64_sys_setsockopt+0x13f/0x1b0 [ 90.002115][ T5866] do_syscall_64+0xfa/0x3b0 [ 90.006641][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.011848][ T5866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.018003][ T5866] ? clear_bhb_loop+0x60/0xb0 [ 90.022773][ T5866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.028745][ T5866] RIP: 0033:0x7f9ea1cc05b9 [ 90.033165][ T5866] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.052773][ T5866] RSP: 002b:00007ffc94f86308 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 90.061201][ T5866] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ea1cc05b9 [ 90.069187][ T5866] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 90.077158][ T5866] RBP: 00007f9ea1d335f0 R08: 000000000000001c R09: 0000000000000006 [ 90.085198][ T5866] R10: 00002000000000c0 R11: 0000000000000206 R12: 0000000000000001 [ 90.093169][ T5866] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 90.101163][ T5866] [ 90.104643][ T5866] Kernel Offset: disabled [ 90.108967][ T5866] Rebooting in 86400 seconds..