./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor533557820 <...> Warning: Permanently added '10.128.1.246' (ED25519) to the list of known hosts. execve("./syz-executor533557820", ["./syz-executor533557820"], 0x7ffcd235dbf0 /* 10 vars */) = 0 brk(NULL) = 0x55556b0c7000 brk(0x55556b0c7d00) = 0x55556b0c7d00 arch_prctl(ARCH_SET_FS, 0x55556b0c7380) = 0 set_tid_address(0x55556b0c7650) = 5873 set_robust_list(0x55556b0c7660, 24) = 0 rseq(0x55556b0c7ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor533557820", 4096) = 27 getrandom("\x79\x8a\x1d\xb5\xc3\x5d\xdd\xf4", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556b0c7d00 brk(0x55556b0e8d00) = 0x55556b0e8d00 brk(0x55556b0e9000) = 0x55556b0e9000 mprotect(0x7f675700d000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5874 attached [pid 5874] set_robust_list(0x55556b0c7660, 24 [pid 5873] <... clone resumed>, child_tidptr=0x55556b0c7650) = 5874 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5874] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5874] setpgid(0, 0) = 0 [pid 5874] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5874] write(3, "1000", 4) = 4 [pid 5874] close(3) = 0 [pid 5874] write(1, "executing program\n", 18executing program ) = 18 [pid 5874] madvise(0x200000000000, 8388608, MADV_HUGEPAGE) = 0 [pid 5874] clone3({flags=0, exit_signal=0, stack=NULL, stack_size=0, cgroup=4294967295}, 88./strace-static-x86_64: Process 5875 attached ) = 5875 [pid 5874] openat(AT_FDCWD, "/dev/raw-gadget", O_RDWR) = 3 [pid 5874] ioctl(3, USB_RAW_IOCTL_INIT, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, UI_DEV_CREATE or USB_RAW_IOCTL_RUN, 0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH [pid 5875] exit(0) = ? [pid 5875] +++ exited with 0 +++ [pid 5874] <... ioctl resumed>, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe1be2ca0) = 18 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [ 96.088973][ T5507] usb 1-1: new high-speed USB device number 2 using dummy_hcd [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe1be2ca0) = 18 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [ 96.258730][ T5507] usb 1-1: Using ep0 maxpacket: 16 [pid 5874] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe1be2ca0) = 9 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EP0_WRITE, 0x7fffe1be2ca0) = 36 [pid 5874] ioctl(3, USB_RAW_IOCTL_EVENT_FETCH, 0x7fffe1be3cb0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_VBUS_DRAW, 0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_CONFIGURE, 0) = 0 [pid 5874] ioctl(3, USB_RAW_IOCTL_EP_ENABLE, 0x7f67570133ec) = -1 EINVAL (Invalid argument) [pid 5874] ioctl(3, USB_RAW_IOCTL_EP0_READ, 0x7fffe1be2ca0) = 0 [ 96.317563][ T5507] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.328914][ T5507] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.338921][ T5507] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 96.347946][ T5507] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.359252][ T5507] usb 1-1: config 0 descriptor?? [pid 5874] io_uring_register(-1, IORING_REGISTER_RING_FDS, [{offset=0, resv=0x1, data=0}], 1) = -1 EINVAL (Invalid argument) [pid 5874] mprotect(0x200000000000, 8388608, PROT_WRITE|PROT_EXEC) = 0 [pid 5874] socket(AF_XDP, SOCK_RAW, 0) = 4 [ 96.607159][ T5874] page: refcount:507 mapcount:1 mapping:0000000000000000 index:0x200000009 pfn:0x73209 [ 96.617074][ T5874] head: order:9 mapcount:505 entire_mapcount:0 nr_pages_mapped:505 pincount:2 [ 96.626064][ T5874] memcg:ffff8881404a8000 [ 96.630357][ T5874] anon flags: 0xfff6000002007c(referenced|uptodate|dirty|lru|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 96.641976][ T5874] raw: 00fff00000000000 ffffea0001cc8001 dead000000000122 dead000000000400 [ 96.650610][ T5874] raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 96.659420][ T5874] head: 00fff6000002007c ffffea0001cc0248 ffffea0001ce32c8 ffff888074430dd1 [ 96.668182][ T5874] head: 0000000200000000 0000000000000000 000001fbffffffff ffff8881404a8000 [ 96.676923][ T5874] head: 00fff00000010a09 ffffea0001cc8001 000001f9000001f8 00000002ffffffff [ 96.685728][ T5874] head: ffffffff000001f8 0000000000000010 0000000000000000 0000000000000200 [ 96.694483][ T5874] page dumped because: VM_WARN_ON_ONCE_PAGE((flags & FOLL_PIN) && PageAnon(page) && !PageAnonExclusive(page)) [ 96.706164][ T5874] page_owner tracks the page as allocated [ 96.712063][ T5874] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5874, tgid 5874 (syz-executor533), ts 95845455447, free_ts 23773587301 [ 96.731067][ T5874] post_alloc_hook+0x240/0x2a0 [ 96.735884][ T5874] get_page_from_freelist+0x21e4/0x22c0 [ 96.741502][ T5874] __alloc_frozen_pages_noprof+0x181/0x370 [ 96.747418][ T5874] alloc_pages_mpol+0x1dc/0x4a0 [ 96.752319][ T5874] vma_alloc_folio_noprof+0xe4/0x200 [ 96.757616][ T5874] vma_alloc_anon_folio_pmd+0x39/0x320 [ 96.763127][ T5874] do_huge_pmd_anonymous_page+0x2b9/0xb60 [ 96.768883][ T5874] __handle_mm_fault+0x1139/0x5440 [ 96.773998][ T5874] handle_mm_fault+0x40a/0x8e0 [ 96.778801][ T5874] do_user_addr_fault+0xa81/0x1390 [ 96.784003][ T5874] exc_page_fault+0x76/0xf0 [ 96.788514][ T5874] asm_exc_page_fault+0x26/0x30 [ 96.793439][ T5874] page last free pid 1 tgid 1 stack trace: [ 96.799271][ T5874] __free_frozen_pages+0xbc4/0xd30 [ 96.804389][ T5874] free_contig_range+0x1bd/0x4a0 [ 96.809382][ T5874] destroy_args+0x64/0x4a0 [ 96.813820][ T5874] debug_vm_pgtable+0x39f/0x3b0 [ 96.818892][ T5874] do_one_initcall+0x233/0x820 [ 96.823670][ T5874] do_initcall_level+0x104/0x190 [ 96.828613][ T5874] do_initcalls+0x59/0xa0 [ 96.832986][ T5874] kernel_init_freeable+0x334/0x4b0 [ 96.838202][ T5874] kernel_init+0x1d/0x1d0 [ 96.842635][ T5874] ret_from_fork+0x3f9/0x770 [ 96.847229][ T5874] ret_from_fork_asm+0x1a/0x30 [ 96.852176][ T5874] ------------[ cut here ]------------ [ 96.857636][ T5874] WARNING: CPU: 1 PID: 5874 at mm/gup.c:869 follow_page_pte+0xe3c/0x13e0 [ 96.866115][ T5874] Modules linked in: [ 96.870167][ T5874] CPU: 1 UID: 0 PID: 5874 Comm: syz-executor533 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 96.882287][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.892405][ T5874] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 96.898063][ T5874] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 96.917849][ T5874] RSP: 0018:ffffc9000432f8a0 EFLAGS: 00010246 [ 96.924013][ T5874] RAX: 70d685ec8421f900 RBX: 0000000000000000 RCX: 70d685ec8421f900 [ 96.932025][ T5874] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888031b8da00 [ 96.940301][ T5874] RBP: ffffc9000432f988 R08: 0000000000000003 R09: 0000000000000004 [ 96.948264][ T5874] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 96.956304][ T5874] R13: 0000000000080101 R14: ffffea0001cc8240 R15: 0000000073209867 [ 96.964403][ T5874] FS: 000055556b0c7380(0000) GS:ffff888125d24000(0000) knlGS:0000000000000000 [ 96.973471][ T5874] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.980352][ T5874] CR2: 00007f67570110f0 CR3: 0000000077bd2000 CR4: 00000000003526f0 [ 96.988431][ T5874] Call Trace: [ 96.991762][ T5874] [ 96.994706][ T5874] ? __pfx_follow_page_pte+0x10/0x10 [ 97.000045][ T5874] __get_user_pages+0xa8e/0x2ce0 [ 97.005012][ T5874] __gup_longterm_locked+0x3dc/0x1660 [ 97.010954][ T5874] ? rcu_is_watching+0x15/0xb0 [ 97.015741][ T5874] ? xdp_umem_pin_pages+0x52/0x340 [ 97.021001][ T5874] pin_user_pages+0x9e/0xd0 [ 97.025524][ T5874] xdp_umem_pin_pages+0x117/0x340 [ 97.030614][ T5874] xdp_umem_create+0x677/0x8e0 [ 97.035404][ T5874] xsk_setsockopt+0x7b0/0x8d0 [ 97.040127][ T5874] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.045468][ T5874] ? ptrace_notify+0x22d/0x2c0 [ 97.050301][ T5874] ? aa_sock_opt_perm+0xff/0x1b0 [ 97.055355][ T5874] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 97.061048][ T5874] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.066262][ T5874] do_sock_setsockopt+0x179/0x1b0 [ 97.071362][ T5874] __x64_sys_setsockopt+0x13f/0x1b0 [ 97.076579][ T5874] do_syscall_64+0xfa/0x3b0 [ 97.081156][ T5874] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.086460][ T5874] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.092596][ T5874] ? clear_bhb_loop+0x60/0xb0 [ 97.097294][ T5874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.103402][ T5874] RIP: 0033:0x7f6756f9a5b9 [ 97.107855][ T5874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.127837][ T5874] RSP: 002b:00007fffe1be4e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 97.136427][ T5874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6756f9a5b9 [ 97.144549][ T5874] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 97.152589][ T5874] RBP: 00007f675700d5f0 R08: 000000000000001c R09: 0000000000000006 [ 97.160635][ T5874] R10: 00002000000000c0 R11: 0000000000000206 R12: 0000000000000001 [ 97.168611][ T5874] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 97.176679][ T5874] [ 97.179728][ T5874] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 97.187021][ T5874] CPU: 1 UID: 0 PID: 5874 Comm: syz-executor533 Not tainted 6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT(full) [ 97.199080][ T5874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.209137][ T5874] Call Trace: [ 97.212417][ T5874] [ 97.215339][ T5874] dump_stack_lvl+0x99/0x250 [ 97.219940][ T5874] ? __asan_memcpy+0x40/0x70 [ 97.224518][ T5874] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.229727][ T5874] ? __pfx__printk+0x10/0x10 [ 97.234327][ T5874] vpanic+0x281/0x750 [ 97.238298][ T5874] ? __pfx__printk+0x10/0x10 [ 97.242889][ T5874] ? __pfx_vpanic+0x10/0x10 [ 97.247420][ T5874] ? is_bpf_text_address+0x26/0x2b0 [ 97.252684][ T5874] panic+0xb9/0xc0 [ 97.256410][ T5874] ? __pfx_panic+0x10/0x10 [ 97.260841][ T5874] __warn+0x31b/0x4b0 [ 97.264830][ T5874] ? follow_page_pte+0xe3c/0x13e0 [ 97.269870][ T5874] ? follow_page_pte+0xe3c/0x13e0 [ 97.274891][ T5874] report_bug+0x2be/0x4f0 [ 97.279231][ T5874] ? follow_page_pte+0xe3c/0x13e0 [ 97.284257][ T5874] ? follow_page_pte+0xe3c/0x13e0 [ 97.289270][ T5874] ? follow_page_pte+0xe3e/0x13e0 [ 97.294287][ T5874] handle_bug+0x84/0x160 [ 97.298528][ T5874] exc_invalid_op+0x1a/0x50 [ 97.303039][ T5874] asm_exc_invalid_op+0x1a/0x20 [ 97.307912][ T5874] RIP: 0010:follow_page_pte+0xe3c/0x13e0 [ 97.313555][ T5874] Code: ff e8 f8 7a b7 ff 48 ff cb e9 a2 fc ff ff e8 eb 7a b7 ff 4c 89 f7 48 c7 c6 c0 11 96 8b e8 5c cb 1f ff c6 05 75 f7 84 0d 01 90 <0f> 0b 90 e9 0c fd ff ff e8 d7 46 70 09 89 d9 80 e1 07 80 c1 03 38 [ 97.333152][ T5874] RSP: 0018:ffffc9000432f8a0 EFLAGS: 00010246 [ 97.339221][ T5874] RAX: 70d685ec8421f900 RBX: 0000000000000000 RCX: 70d685ec8421f900 [ 97.347268][ T5874] RDX: 0000000000000004 RSI: ffffffff8dba2d77 RDI: ffff888031b8da00 [ 97.355235][ T5874] RBP: ffffc9000432f988 R08: 0000000000000003 R09: 0000000000000004 [ 97.363197][ T5874] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 97.371247][ T5874] R13: 0000000000080101 R14: ffffea0001cc8240 R15: 0000000073209867 [ 97.379237][ T5874] ? __pfx_follow_page_pte+0x10/0x10 [ 97.384523][ T5874] __get_user_pages+0xa8e/0x2ce0 [ 97.389491][ T5874] __gup_longterm_locked+0x3dc/0x1660 [ 97.394864][ T5874] ? rcu_is_watching+0x15/0xb0 [ 97.399619][ T5874] ? xdp_umem_pin_pages+0x52/0x340 [ 97.404718][ T5874] pin_user_pages+0x9e/0xd0 [ 97.409213][ T5874] xdp_umem_pin_pages+0x117/0x340 [ 97.414234][ T5874] xdp_umem_create+0x677/0x8e0 [ 97.418997][ T5874] xsk_setsockopt+0x7b0/0x8d0 [ 97.423682][ T5874] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.428880][ T5874] ? ptrace_notify+0x22d/0x2c0 [ 97.433645][ T5874] ? aa_sock_opt_perm+0xff/0x1b0 [ 97.438613][ T5874] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 97.444149][ T5874] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.449340][ T5874] do_sock_setsockopt+0x179/0x1b0 [ 97.454368][ T5874] __x64_sys_setsockopt+0x13f/0x1b0 [ 97.459561][ T5874] do_syscall_64+0xfa/0x3b0 [ 97.464054][ T5874] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.469236][ T5874] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.475284][ T5874] ? clear_bhb_loop+0x60/0xb0 [ 97.479952][ T5874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.485834][ T5874] RIP: 0033:0x7f6756f9a5b9 [ 97.490248][ T5874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 97.510021][ T5874] RSP: 002b:00007fffe1be4e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 97.518426][ T5874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6756f9a5b9 [ 97.526391][ T5874] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004 [ 97.534347][ T5874] RBP: 00007f675700d5f0 R08: 000000000000001c R09: 0000000000000006 [ 97.542307][ T5874] R10: 00002000000000c0 R11: 0000000000000206 R12: 0000000000000001 [ 97.550352][ T5874] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 97.558322][ T5874] [ 97.561609][ T5874] Kernel Offset: disabled [ 97.565937][ T5874] Rebooting in 86400 seconds..