./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2105765235 <...> Warning: Permanently added '10.128.0.104' (ED25519) to the list of known hosts. execve("./syz-executor2105765235", ["./syz-executor2105765235"], 0x7fff1018d820 /* 10 vars */) = 0 brk(NULL) = 0x55557e80e000 brk(0x55557e80ed00) = 0x55557e80ed00 arch_prctl(ARCH_SET_FS, 0x55557e80e380) = 0 set_tid_address(0x55557e80e650) = 5846 set_robust_list(0x55557e80e660, 24) = 0 rseq(0x55557e80eca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2105765235", 4096) = 28 getrandom("\xeb\x47\xb6\x2a\xad\x98\x61\xb5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557e80ed00 brk(0x55557e82fd00) = 0x55557e82fd00 brk(0x55557e830000) = 0x55557e830000 mprotect(0x7f432f095000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 write(1, "executing program\n", 18executing program ) = 18 memfd_create("\x5b\x0b\xdb\x58\xae\x5b\x1a\xa9\xfd\xfa\xad\xd1\x6d\x64\xc8\x85\x48\x58\xa9\x25\x0c\x1a\x65\xe0", 0) = 3 [ 75.284535][ T5846] process 'syz-executor210' launched '/dev/fd/3' with NULL argv: empty string added [ 75.312368][ T5846] ------------[ cut here ]------------ [ 75.317877][ T5846] kernel BUG at arch/x86/mm/physaddr.c:23! [ 75.323804][ T5846] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 75.330774][ T5846] CPU: 1 UID: 0 PID: 5846 Comm: syz-executor210 Not tainted 6.12.0-rc5-next-20241101-syzkaller #0 [ 75.341373][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 75.351436][ T5846] RIP: 0010:__phys_addr+0x16a/0x170 [ 75.356646][ T5846] Code: 40 a8 7a 8e 4c 89 f6 4c 89 fa e8 b1 4d aa 03 e9 45 ff ff ff e8 a7 1a 52 00 90 0f 0b e8 9f 1a 52 00 90 0f 0b e8 97 1a 52 00 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 75.376263][ T5846] RSP: 0018:ffffc90003dd7da0 EFLAGS: 00010293 [ 75.382366][ T5846] RAX: ffffffff8143a369 RBX: 000000007ffffff2 RCX: ffff88807bf53c00 [ 75.390331][ T5846] RDX: 0000000000000000 RSI: 000000007ffffff2 RDI: 000000001fffffff [ 75.398309][ T5846] RBP: 1ffff1100546a409 R08: ffffffff8143a305 R09: 1ffffffff203a1f6 [ 75.406329][ T5846] R10: dffffc0000000000 R11: fffffbfff203a1f7 R12: dffffc0000000000 [ 75.414299][ T5846] R13: fffffffffffffff2 R14: 000000007ffffff2 R15: ffff8880760fc158 [ 75.422285][ T5846] FS: 000055557e80e380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 75.431212][ T5846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.437801][ T5846] CR2: 00007f81836d5440 CR3: 000000002f60c000 CR4: 00000000003526f0 [ 75.445766][ T5846] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.453745][ T5846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.461705][ T5846] Call Trace: [ 75.464980][ T5846] [ 75.467911][ T5846] ? __die_body+0x5f/0xb0 [ 75.472247][ T5846] ? die+0x9e/0xc0 [ 75.475962][ T5846] ? do_trap+0x15a/0x3a0 [ 75.480227][ T5846] ? __phys_addr+0x16a/0x170 [ 75.484812][ T5846] ? do_error_trap+0x1dc/0x2c0 [ 75.489583][ T5846] ? __phys_addr+0x16a/0x170 [ 75.494178][ T5846] ? __pfx_do_error_trap+0x10/0x10 [ 75.499321][ T5846] ? handle_invalid_op+0x34/0x40 [ 75.504276][ T5846] ? __phys_addr+0x16a/0x170 [ 75.508876][ T5846] ? exc_invalid_op+0x38/0x50 [ 75.513559][ T5846] ? asm_exc_invalid_op+0x1a/0x20 [ 75.518578][ T5846] ? __phys_addr+0x105/0x170 [ 75.523167][ T5846] ? __phys_addr+0x169/0x170 [ 75.527767][ T5846] ? __phys_addr+0x16a/0x170 [ 75.532354][ T5846] ? free_bprm+0x2b5/0x300 [ 75.536772][ T5846] kfree+0x71/0x420 [ 75.540579][ T5846] ? free_bprm+0x295/0x300 [ 75.544994][ T5846] free_bprm+0x2b5/0x300 [ 75.549251][ T5846] do_execveat_common+0x3ae/0x750 [ 75.554275][ T5846] __x64_sys_execveat+0xc4/0xe0 [ 75.559147][ T5846] do_syscall_64+0xf3/0x230 [ 75.563650][ T5846] ? clear_bhb_loop+0x35/0x90 [ 75.568323][ T5846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.574238][ T5846] RIP: 0033:0x7f432f022329 [ 75.578650][ T5846] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 75.598253][ T5846] RSP: 002b:00007ffd7487b7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 75.606660][ T5846] RAX: ffffffffffffffda RBX: 00007ffd7487b9b8 RCX: 00007f432f022329 [ 75.614623][ T5846] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 75.622585][ T5846] RBP: 00007f432f095610 R08: 0000000000001000 R09: 00007ffd7487b9b8 [ 75.630548][ T5846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.638506][ T5846] R13: 00007ffd7487b9a8 R14: 0000000000000001 R15: 0000000000000001 [ 75.646473][ T5846] [ 75.649483][ T5846] Modules linked in: [ 75.653635][ T5846] ---[ end trace 0000000000000000 ]--- [ 75.659463][ T5846] RIP: 0010:__phys_addr+0x16a/0x170 [ 75.664705][ T5846] Code: 40 a8 7a 8e 4c 89 f6 4c 89 fa e8 b1 4d aa 03 e9 45 ff ff ff e8 a7 1a 52 00 90 0f 0b e8 9f 1a 52 00 90 0f 0b e8 97 1a 52 00 90 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 75.685179][ T5846] RSP: 0018:ffffc90003dd7da0 EFLAGS: 00010293 [ 75.691287][ T5846] RAX: ffffffff8143a369 RBX: 000000007ffffff2 RCX: ffff88807bf53c00 [ 75.699301][ T5846] RDX: 0000000000000000 RSI: 000000007ffffff2 RDI: 000000001fffffff [ 75.707267][ T5846] RBP: 1ffff1100546a409 R08: ffffffff8143a305 R09: 1ffffffff203a1f6 [ 75.715281][ T5846] R10: dffffc0000000000 R11: fffffbfff203a1f7 R12: dffffc0000000000 [ 75.723291][ T5846] R13: fffffffffffffff2 R14: 000000007ffffff2 R15: ffff8880760fc158 [ 75.731291][ T5846] FS: 000055557e80e380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 75.740258][ T5846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.746836][ T5846] CR2: 00007f81836d5440 CR3: 000000002f60c000 CR4: 00000000003526f0 [ 75.754860][ T5846] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.762879][ T5846] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 75.770906][ T5846] Kernel panic - not syncing: Fatal exception [ 75.777262][ T5846] Kernel Offset: disabled [ 75.781605][ T5846] Rebooting in 86400 seconds..