./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1039483186 <...> Warning: Permanently added '10.128.1.4' (ED25519) to the list of known hosts. execve("./syz-executor1039483186", ["./syz-executor1039483186"], 0x7fffdbe00cf0 /* 10 vars */) = 0 brk(NULL) = 0x555587eea000 brk(0x555587eead00) = 0x555587eead00 arch_prctl(ARCH_SET_FS, 0x555587eea380) = 0 set_tid_address(0x555587eea650) = 5862 set_robust_list(0x555587eea660, 24) = 0 rseq(0x555587eeaca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1039483186", 4096) = 28 getrandom("\xb9\xe1\xb8\x63\xd8\x3b\x90\x4a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555587eead00 brk(0x555587f0bd00) = 0x555587f0bd00 brk(0x555587f0c000) = 0x555587f0c000 mprotect(0x7fd676d0d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5863 attached , child_tidptr=0x555587eea650) = 5863 [pid 5863] set_robust_list(0x555587eea660, 24) = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] write(1, "executing program\n", 18executing program ) = 18 [pid 5863] madvise(0x200000000000, 8388608, MADV_HUGEPAGE) = 0 [pid 5863] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88./strace-static-x86_64: Process 5864 attached ) = 5864 [pid 5863] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5863] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5864] exit(0) = ? [pid 5864] +++ exited with 0 +++ [pid 5863] <... ioctl resumed>, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0e1a91c0) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [ 89.745901][ T928] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0e1a91c0) = 18 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0e1a91c0) = 9 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fff0e1a91c0) = 36 [ 89.905748][ T928] usb 1-1: Using ep0 maxpacket: 16 [pid 5863] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fff0e1aa1d0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5863] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7fd676d133ec) = -1 EINVAL (Invalid argument) [pid 5863] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fff0e1a91c0) = 0 [ 89.944768][ T928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.956030][ T928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.965917][ T928] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 89.974976][ T928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.987204][ T928] usb 1-1: config 0 descriptor?? [pid 5863] io_uring_register(-1, IORING_REGISTER_RING_FDS, [{offset=0, resv=0x1, data=0}], 1) = -1 EINVAL (Invalid argument) [pid 5863] mprotect(0x200000000000, 8388608, PROT_WRITE|PROT_EXEC) = 0 [pid 5863] socket(AF_XDP, SOCK_RAW, 0) = 4 [ 90.248733][ T5863] page: refcount:507 mapcount:1 mapping:0000000000000000 index:0x200000009 pfn:0x70809 [ 90.258750][ T5863] head: order:9 mapcount:505 entire_mapcount:0 nr_pages_mapped:505 pincount:2 [ 90.267694][ T5863] memcg:ffff8881404a8000 [ 90.271956][ T5863] anon flags: 0xfff6000002007c(referenced|uptodate|dirty|lru|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 90.284031][ T5863] raw: 00fff00000000000 ffffea0001c20001 dead000000000122 dead000000000400 [ 90.292680][ T5863] raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 90.301341][ T5863] head: 00fff6000002007c ffffea0001fdcf48 ffffea0001fe63c8 ffff88807195f331 [ 90.310137][ T5863] head: 0000000200000000 0000000000000000 000001fbffffffff ffff8881404a8000 [ 90.318898][ T5863] head: 00fff00000010a09 ffffea0001c20001 000001f9000001f8 00000002ffffffff [ 90.327665][ T5863] head: ffffffff000001f8 0000000000000015 0000000000000000 0000000000000200 [ 90.336452][ T5863] page dumped because: VM_WARN_ON_ONCE_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page)) [ 90.348153][ T5863] page_owner tracks the page as allocated [ 90.354044][ T5863] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5863, tgid 5863 (syz-executor103), ts 89468626730, free_ts 30142186626 [ 90.373073][ T5863] post_alloc_hook+0x240/0x2a0 [ 90.377945][ T5863] get_page_from_freelist+0x21e4/0x22c0 [ 90.383520][ T5863] __alloc_frozen_pages_noprof+0x181/0x370 [ 90.389672][ T5863] alloc_pages_mpol+0x1dc/0x4a0 [ 90.394569][ T5863] vma_alloc_folio_noprof+0xe4/0x200 [ 90.399918][ T5863] vma_alloc_anon_folio_pmd+0x39/0x320 [ 90.405417][ T5863] do_huge_pmd_anonymous_page+0x2b9/0xb60 [ 90.411259][ T5863] __handle_mm_fault+0x1139/0x5440 [ 90.416437][ T5863] handle_mm_fault+0x40a/0x8e0 [ 90.421219][ T5863] do_user_addr_fault+0xa81/0x1390 [ 90.426421][ T5863] exc_page_fault+0x76/0xf0 [ 90.430974][ T5863] asm_exc_page_fault+0x26/0x30 [ 90.435877][ T5863] page last free pid 1 tgid 1 stack trace: [ 90.441694][ T5863] __free_frozen_pages+0xbc4/0xd30 [ 90.446877][ T5863] free_contig_range+0x1bd/0x4a0 [ 90.451847][ T5863] destroy_args+0x64/0x4a0 [ 90.456348][ T5863] debug_vm_pgtable+0x39f/0x3b0 [ 90.461229][ T5863] do_one_initcall+0x233/0x820 [ 90.466062][ T5863] do_initcall_level+0x104/0x190 [ 90.471027][ T5863] do_initcalls+0x59/0xa0 [ 90.475374][ T5863] kernel_init_freeable+0x334/0x4b0 [ 90.480647][ T5863] kernel_init+0x1d/0x1d0 [ 90.485018][ T5863] ret_from_fork+0x3f9/0x770 [ 90.489688][ T5863] ret_from_fork_asm+0x1a/0x30 [ 90.494656][ T5863] ------------[ cut here ]------------ [ 90.500216][ T5863] WARNING: CPU: 1 PID: 5863 at mm/gup.c:869 follow_page_pte+0xe3c/0x13e0 [ 90.508704][ T5863] Modules linked in: [ 90.512649][ T5863] CPU: 1 UID: 0 PID: 5863 Comm: syz-executor103 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 90.524775][ T5863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.534917][ T5863] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 90.540709][ T5863] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 90.560399][ T5863] RSP: 0018:ffffc9000407f8a0 EFLAGS: 00010246 [ 90.566540][ T5863] RAX: d8e571135c0bbd00 RBX: 0000000000000000 RCX: d8e571135c0bbd00 [ 90.574537][ T5863] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888031b79e00 [ 90.582592][ T5863] RBP: ffffc9000407f988 R08: ffffc9000407f267 R09: 1ffff9200080fe4c [ 90.590619][ T5863] R10: dffffc0000000000 R11: fffff5200080fe4d R12: dffffc0000000000 [ 90.598660][ T5863] R13: 0000000000080101 R14: ffffea0001c20240 R15: 0000000070809867 [ 90.606788][ T5863] FS: 0000555587eea380(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 [ 90.615829][ T5863] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 90.622453][ T5863] CR2: 00007fd676d110f0 CR3: 000000002078c000 CR4: 00000000003526f0 [ 90.630512][ T5863] Call Trace: [ 90.633823][ T5863] [ 90.636872][ T5863] ? __pfx_follow_page_pte+0x10/0x10 [ 90.642209][ T5863] __get_user_pages+0xa8e/0x2ce0 [ 90.647264][ T5863] __gup_longterm_locked+0x3dc/0x1660 [ 90.652689][ T5863] ? rcu_is_watching+0x15/0xb0 [ 90.657528][ T5863] ? xdp_umem_pin_pages+0x52/0x340 [ 90.662681][ T5863] pin_user_pages+0x9e/0xd0 [ 90.667342][ T5863] xdp_umem_pin_pages+0x117/0x340 [ 90.672402][ T5863] xdp_umem_create+0x677/0x8e0 [ 90.677256][ T5863] xsk_setsockopt+0x7b0/0x8d0 [ 90.681975][ T5863] ? __pfx_xsk_setsockopt+0x10/0x10 [ 90.687245][ T5863] ? ptrace_notify+0x22d/0x2c0 [ 90.692053][ T5863] ? aa_sock_opt_perm+0xff/0x1b0 [ 90.697095][ T5863] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 90.702671][ T5863] ? __pfx_xsk_setsockopt+0x10/0x10 [ 90.708204][ T5863] do_sock_setsockopt+0x179/0x1b0 [ 90.713291][ T5863] __x64_sys_setsockopt+0x13f/0x1b0 [ 90.718648][ T5863] do_syscall_64+0xfa/0x3b0 [ 90.723210][ T5863] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.728484][ T5863] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.734690][ T5863] ? clear_bhb_loop+0x60/0xb0 [ 90.739478][ T5863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.745493][ T5863] RIP: 0033:0x7fd676c9a5b9 [ 90.750093][ T5863] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 90.769868][ T5863] RSP: 002b:00007fff0e1ab328 EFLAGS: 00000202 ORIG_RAX: 0000000000000036 [ 90.778811][ T5863] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd676c9a5b9 [ 90.786866][ T5863] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 90.794872][ T5863] RBP: 00007fd676d0d5f0 R08: 000000000000001c R09: 0000000000000006 [ 90.802966][ T5863] R10: 00002000000000c0 R11: 0000000000000202 R12: 0000000000000001 [ 90.811005][ T5863] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 90.819056][ T5863] [ 90.822110][ T5863] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 90.829449][ T5863] CPU: 1 UID: 0 PID: 5863 Comm: syz-executor103 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 90.841535][ T5863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.851622][ T5863] Call Trace: [ 90.854924][ T5863] [ 90.857880][ T5863] dump_stack_lvl+0x99/0x250 [ 90.862553][ T5863] ? __asan_memcpy+0x40/0x70 [ 90.867173][ T5863] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.872400][ T5863] ? __pfx__printk+0x10/0x10 [ 90.877056][ T5863] vpanic+0x281/0x750 [ 90.881067][ T5863] ? __pfx__printk+0x10/0x10 [ 90.885674][ T5863] ? __pfx_vpanic+0x10/0x10 [ 90.890205][ T5863] ? is_bpf_text_address+0x26/0x2b0 [ 90.895448][ T5863] panic+0xb9/0xc0 [ 90.899188][ T5863] ? __pfx_panic+0x10/0x10 [ 90.903632][ T5863] __warn+0x31b/0x4b0 [ 90.907635][ T5863] ? follow_page_pte+0xe3c/0x13e0 [ 90.912694][ T5863] ? follow_page_pte+0xe3c/0x13e0 [ 90.917741][ T5863] report_bug+0x2be/0x4f0 [ 90.922090][ T5863] ? follow_page_pte+0xe3c/0x13e0 [ 90.927228][ T5863] ? follow_page_pte+0xe3c/0x13e0 [ 90.932268][ T5863] ? follow_page_pte+0xe3e/0x13e0 [ 90.937307][ T5863] handle_bug+0x84/0x160 [ 90.941593][ T5863] exc_invalid_op+0x1a/0x50 [ 90.946120][ T5863] asm_exc_invalid_op+0x1a/0x20 [ 90.950987][ T5863] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 90.956656][ T5863] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 90.976283][ T5863] RSP: 0018:ffffc9000407f8a0 EFLAGS: 00010246 [ 90.982368][ T5863] RAX: d8e571135c0bbd00 RBX: 0000000000000000 RCX: d8e571135c0bbd00 [ 90.990349][ T5863] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888031b79e00 [ 90.998423][ T5863] RBP: ffffc9000407f988 R08: ffffc9000407f267 R09: 1ffff9200080fe4c [ 91.006935][ T5863] R10: dffffc0000000000 R11: fffff5200080fe4d R12: dffffc0000000000 [ 91.015074][ T5863] R13: 0000000000080101 R14: ffffea0001c20240 R15: 0000000070809867 [ 91.023121][ T5863] ? __pfx_follow_page_pte+0x10/0x10 [ 91.028475][ T5863] __get_user_pages+0xa8e/0x2ce0 [ 91.033478][ T5863] __gup_longterm_locked+0x3dc/0x1660 [ 91.038884][ T5863] ? rcu_is_watching+0x15/0xb0 [ 91.043662][ T5863] ? xdp_umem_pin_pages+0x52/0x340 [ 91.048797][ T5863] pin_user_pages+0x9e/0xd0 [ 91.053317][ T5863] xdp_umem_pin_pages+0x117/0x340 [ 91.058385][ T5863] xdp_umem_create+0x677/0x8e0 [ 91.063175][ T5863] xsk_setsockopt+0x7b0/0x8d0 [ 91.067870][ T5863] ? __pfx_xsk_setsockopt+0x10/0x10 [ 91.073076][ T5863] ? ptrace_notify+0x22d/0x2c0 [ 91.077862][ T5863] ? aa_sock_opt_perm+0xff/0x1b0 [ 91.082818][ T5863] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 91.088378][ T5863] ? __pfx_xsk_setsockopt+0x10/0x10 [ 91.093605][ T5863] do_sock_setsockopt+0x179/0x1b0 [ 91.098652][ T5863] __x64_sys_setsockopt+0x13f/0x1b0 [ 91.103873][ T5863] do_syscall_64+0xfa/0x3b0 [ 91.108393][ T5863] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.113607][ T5863] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.119682][ T5863] ? clear_bhb_loop+0x60/0xb0 [ 91.124375][ T5863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.130281][ T5863] RIP: 0033:0x7fd676c9a5b9 [ 91.134704][ T5863] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 91.154333][ T5863] RSP: 002b:00007fff0e1ab328 EFLAGS: 00000202 ORIG_RAX: 0000000000000036 [ 91.162775][ T5863] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd676c9a5b9 [ 91.170771][ T5863] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 91.178762][ T5863] RBP: 00007fd676d0d5f0 R08: 000000000000001c R09: 0000000000000006 [ 91.186828][ T5863] R10: 00002000000000c0 R11: 0000000000000202 R12: 0000000000000001 [ 91.194834][ T5863] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 91.202835][ T5863] [ 91.206141][ T5863] Kernel Offset: disabled [ 91.210466][ T5863] Rebooting in 86400 seconds..