./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3804022743 <...> Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. execve("./syz-executor3804022743", ["./syz-executor3804022743"], 0x7fff7ab42240 /* 10 vars */) = 0 brk(NULL) = 0x555557128000 brk(0x555557128d00) = 0x555557128d00 arch_prctl(ARCH_SET_FS, 0x555557128380) = 0 set_tid_address(0x555557128650) = 5026 set_robust_list(0x555557128660, 24) = 0 rseq(0x555557128ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3804022743", 4096) = 28 getrandom("\xa9\x85\x3c\x40\x18\xc6\xa6\x47", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555557128d00 brk(0x555557149d00) = 0x555557149d00 brk(0x55555714a000) = 0x55555714a000 mprotect(0x7fb85a095000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/fb0", O_RDWR|O_APPEND) = 3 [ 79.547561][ T26] audit: type=1400 audit(1692029094.834:83): avc: denied { write } for pid=5023 comm="strace-static-x" path="pipe:[30052]" dev="pipefs" ino=30052 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 79.577348][ T26] audit: type=1400 audit(1692029094.864:84): avc: denied { execmem } for pid=5026 comm="syz-executor380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 bind(-1, NULL, 0) = -1 EBADF (Bad file descriptor) ioctl(-1, NILFS_IOCTL_DELETE_CHECKPOINT, 0) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, 0x20000000, O_RDWR|O_APPEND) = 4 mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0x2fc000) = 0x20000000 openat(AT_FDCWD, NULL, O_RDWR|O_APPEND) = -1 EFAULT (Bad address) mmap(0x20000000, 11755520, PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0x2fc000) = 0x20000000 [ 79.597254][ T26] audit: type=1400 audit(1692029094.874:85): avc: denied { read append } for pid=5026 comm="syz-executor380" name="fb0" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 79.621684][ T26] audit: type=1400 audit(1692029094.874:86): avc: denied { open } for pid=5026 comm="syz-executor380" path="/dev/fb0" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 79.622766][ T5026] page:ffffea0005007780 refcount:3 mapcount:1 mapping:ffff88801f86b030 index:0x2fc pfn:0x1401de [ 79.646018][ T26] audit: type=1400 audit(1692029094.874:87): avc: denied { map } for pid=5026 comm="syz-executor380" path="/dev/fb0" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 79.680777][ T26] audit: type=1400 audit(1692029094.874:88): avc: denied { write execute } for pid=5026 comm="syz-executor380" path="/dev/fb0" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 79.705395][ T5026] aops:fb_deferred_io_aops ino:276 dentry name:"fb0" [ 79.705461][ T5026] flags: 0x57ff18000000042(referenced|workingset|node=1|zone=2|lastcpupid=0x7ff) [ 79.721570][ T5026] page_type: 0x0() [ 79.723009][ T26] audit: type=1400 audit(1692029095.014:89): avc: denied { append } for pid=4453 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.725331][ T5026] raw: 057ff18000000042 0000000000000000 dead000000000122 ffff88801f86b030 [ 79.747637][ T26] audit: type=1400 audit(1692029095.014:90): avc: denied { open } for pid=4453 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.756577][ T5026] raw: 00000000000002fc 0000000000000000 0000000300000000 0000000000000000 [ 79.778839][ T26] audit: type=1400 audit(1692029095.014:91): avc: denied { getattr } for pid=4453 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.787405][ T5026] page dumped because: VM_BUG_ON_PAGE(!PageLocked(page)) [ 79.816888][ T5026] page_owner tracks the page as allocated [ 79.822823][ T5026] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 1, tgid 1 (swapper/0), ts 12502537446, free_ts 0 [ 79.840592][ T5026] post_alloc_hook+0x2d2/0x350 [ 79.845458][ T5026] get_page_from_freelist+0x10a9/0x31e0 [ 79.851096][ T5026] __alloc_pages+0x1d0/0x4a0 [ 79.855734][ T5026] alloc_page_interleave+0x1e/0x250 [ 79.861037][ T5026] alloc_pages+0x22a/0x270 [ 79.865512][ T5026] __vmalloc_node_range+0xa6e/0x1540 [ 79.870880][ T5026] vzalloc+0x6b/0x80 [ 79.874829][ T5026] drm_fbdev_generic_helper_fb_probe+0x300/0x6d0 [ 79.881229][ T5026] __drm_fb_helper_initial_config_and_unlock+0xc31/0x1600 [ 79.888387][ T5026] drm_fb_helper_initial_config+0x44/0x60 [ 79.894193][ T5026] drm_fbdev_generic_client_hotplug+0x1a7/0x270 [ 79.900486][ T5026] drm_client_register+0x195/0x280 [ 79.905675][ T5026] drm_fbdev_generic_setup+0x11c/0x330 [ 79.911200][ T5026] vkms_init+0x625/0x760 [ 79.915462][ T5026] do_one_initcall+0x117/0x630 [ 79.920250][ T5026] kernel_init_freeable+0x5bd/0x8f0 [ 79.925517][ T5026] page_owner free stack trace missing [ 79.931464][ T5026] ------------[ cut here ]------------ [ 79.936927][ T5026] kernel BUG at mm/memory.c:2955! [ 79.942405][ T5026] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 79.948507][ T5026] CPU: 1 PID: 5026 Comm: syz-executor380 Not tainted 6.5.0-rc6-syzkaller #0 [ 79.957189][ T5026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 79.967250][ T5026] RIP: 0010:do_page_mkwrite+0x468/0x680 [ 79.972816][ T5026] Code: de e8 cc 15 c2 ff 84 db 0f 85 c1 00 00 00 48 89 eb e9 76 fe ff ff e8 87 1a c2 ff 48 c7 c6 a0 b3 78 8a 48 89 ef e8 78 3d fe ff <0f> 0b 41 bc 02 00 00 00 e9 99 fe ff ff e8 66 1a c2 ff be d0 03 00 [ 79.992432][ T5026] RSP: 0018:ffffc900030efba8 EFLAGS: 00010293 [ 79.998524][ T5026] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 80.006515][ T5026] RDX: ffff888079cec200 RSI: ffffffff81c30648 RDI: ffffffff8ac7eec0 [ 80.014505][ T5026] RBP: ffffea0005007780 R08: 0000000000000000 R09: fffffbfff1d55d7a [ 80.022490][ T5026] R10: ffffffff8eaaebd7 R11: 0000000000000001 R12: 0000000000000200 [ 80.030477][ T5026] R13: ffffea0005007780 R14: 0000000000000a55 R15: 0000000000000000 [ 80.038460][ T5026] FS: 0000555557128380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 80.047408][ T5026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.054010][ T5026] CR2: 00007fb85a07fe08 CR3: 0000000023b67000 CR4: 00000000003506e0 [ 80.062000][ T5026] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.069982][ T5026] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.077984][ T5026] Call Trace: [ 80.081272][ T5026] [ 80.084214][ T5026] ? die+0x31/0x80 [ 80.087965][ T5026] ? do_trap+0x1ab/0x3b0 [ 80.092236][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.097196][ T5026] ? do_error_trap+0x9e/0x160 [ 80.101915][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.106875][ T5026] ? handle_invalid_op+0x2c/0x30 [ 80.111843][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.116803][ T5026] ? exc_invalid_op+0x2d/0x40 [ 80.121501][ T5026] ? asm_exc_invalid_op+0x1a/0x20 [ 80.126551][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.131514][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.136476][ T5026] ? do_page_mkwrite+0x468/0x680 [ 80.141438][ T5026] do_wp_page+0x3a0/0x3710 [ 80.145876][ T5026] ? lock_sync+0x190/0x190 [ 80.150319][ T5026] ? finish_mkwrite_fault+0x250/0x250 [ 80.155731][ T5026] ? do_raw_spin_lock+0x12e/0x2b0 [ 80.160786][ T5026] ? spin_bug+0x1d0/0x1d0 [ 80.165146][ T5026] __handle_mm_fault+0x1af7/0x3b80 [ 80.170284][ T5026] ? vm_iomap_memory+0x170/0x170 [ 80.175250][ T5026] ? find_vma+0x10e/0x1b0 [ 80.179610][ T5026] ? vma_link+0x290/0x290 [ 80.183967][ T5026] handle_mm_fault+0x2ab/0x9d0 [ 80.188753][ T5026] ? access_error+0x156/0x2d0 [ 80.193453][ T5026] ? lock_mm_and_find_vma+0xc2/0x780 [ 80.198761][ T5026] do_user_addr_fault+0x446/0xfc0 [ 80.203808][ T5026] ? rcu_is_watching+0x12/0xb0 [ 80.208619][ T5026] exc_page_fault+0x5c/0xd0 [ 80.213158][ T5026] asm_exc_page_fault+0x26/0x30 [ 80.218124][ T5026] RIP: 0033:0x7fb859ff27a0 [ 80.222556][ T5026] Code: 00 41 b8 11 80 02 00 b9 06 00 00 01 ba 00 60 b3 00 be 00 00 00 20 bf 09 00 00 00 31 c0 48 c7 04 24 00 c0 2f 00 e8 30 fc 02 00 04 25 08 00 00 20 00 45 31 c0 48 b8 2f 64 65 76 2f 66 62 30 b9 [ 80.242185][ T5026] RSP: 002b:00007ffeec409b10 EFLAGS: 00010217 [ 80.248368][ T5026] RAX: 0000000020000000 RBX: 00007ffeec409ce8 RCX: 00007fb85a0223e9 [ 80.256353][ T5026] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000000020000000 [ 80.264343][ T5026] RBP: 00007fb85a095610 R08: 0000000000000004 R09: 00000000002fc000 [ 80.272332][ T5026] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001 [ 80.280317][ T5026] R13: 00007ffeec409cd8 R14: 0000000000000001 R15: 0000000000000001 [ 80.288305][ T5026] [ 80.291334][ T5026] Modules linked in: [ 80.295481][ T5026] ---[ end trace 0000000000000000 ]--- [ 80.300994][ T5026] RIP: 0010:do_page_mkwrite+0x468/0x680 [ 80.306586][ T5026] Code: de e8 cc 15 c2 ff 84 db 0f 85 c1 00 00 00 48 89 eb e9 76 fe ff ff e8 87 1a c2 ff 48 c7 c6 a0 b3 78 8a 48 89 ef e8 78 3d fe ff <0f> 0b 41 bc 02 00 00 00 e9 99 fe ff ff e8 66 1a c2 ff be d0 03 00 [ 80.326262][ T5026] RSP: 0018:ffffc900030efba8 EFLAGS: 00010293 [ 80.332400][ T5026] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 80.340400][ T5026] RDX: ffff888079cec200 RSI: ffffffff81c30648 RDI: ffffffff8ac7eec0 [ 80.348414][ T5026] RBP: ffffea0005007780 R08: 0000000000000000 R09: fffffbfff1d55d7a [ 80.356433][ T5026] R10: ffffffff8eaaebd7 R11: 0000000000000001 R12: 0000000000000200 [ 80.364442][ T5026] R13: ffffea0005007780 R14: 0000000000000a55 R15: 0000000000000000 [ 80.372454][ T5026] FS: 0000555557128380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 80.381436][ T5026] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.388054][ T5026] CR2: 00007fb85a07fe08 CR3: 0000000023b67000 CR4: 00000000003506e0 [ 80.396108][ T5026] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.404150][ T5026] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.412171][ T5026] Kernel panic - not syncing: Fatal exception [ 80.418574][ T5026] Kernel Offset: disabled [ 80.422914][ T5026] Rebooting in 86400 seconds..