./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor690919757
<...>
syzkaller
syzkaller login: [ 46.960574][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 46.960590][ T26] audit: type=1400 audit(1687884172.626:77): avc: denied { transition } for pid=4848 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.020646][ T26] audit: type=1400 audit(1687884172.666:78): avc: denied { noatsecure } for pid=4848 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.058810][ T26] audit: type=1400 audit(1687884172.666:79): avc: denied { write } for pid=4848 comm="sh" path="pipe:[29930]" dev="pipefs" ino=29930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 47.087870][ T26] audit: type=1400 audit(1687884172.676:80): avc: denied { rlimitinh } for pid=4848 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.107389][ T26] audit: type=1400 audit(1687884172.676:81): avc: denied { siginh } for pid=4848 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 47.505642][ T26] audit: type=1400 audit(1687884173.176:82): avc: denied { read } for pid=4431 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.1.184' (ECDSA) to the list of known hosts.
execve("./syz-executor690919757", ["./syz-executor690919757"], 0x7ffcfb6757e0 /* 10 vars */) = 0
brk(NULL) = 0x5555562eb000
brk(0x5555562ebc40) = 0x5555562ebc40
arch_prctl(ARCH_SET_FS, 0x5555562eb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor690919757", 4096) = 27
brk(0x55555630cc40) = 0x55555630cc40
brk(0x55555630d000) = 0x55555630d000
mprotect(0x7f3b71d35000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/vim2m", O_RDWR) = 3
ioctl(3, VIDIOC_REQBUFS, {type=V4L2_BUF_TYPE_VIDEO_OUTPUT, memory=V4L2_MEMORY_USERPTR, count=65539 => 27}) = 0
[ 62.876608][ T26] audit: type=1400 audit(1687884188.546:83): avc: denied { write } for pid=4990 comm="strace-static-x" path="pipe:[29632]" dev="pipefs" ino=29632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 62.902040][ T26] audit: type=1400 audit(1687884188.546:84): avc: denied { execmem } for pid=4993 comm="syz-executor690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 62.906997][ T4993] ------------[ cut here ]------------
[ 62.922708][ T26] audit: type=1400 audit(1687884188.576:85): avc: denied { read write } for pid=4993 comm="syz-executor690" name="video3" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 62.927134][ T4993] get_vaddr_frames() cannot follow VM_IO mapping
[ 62.927678][ T4993] WARNING: CPU: 0 PID: 4993 at drivers/media/common/videobuf2/frame_vector.c:63 get_vaddr_frames+0x220/0x230
[ 62.951412][ T26] audit: type=1400 audit(1687884188.576:86): avc: denied { open } for pid=4993 comm="syz-executor690" path="/dev/video3" dev="devtmpfs" ino=848 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 62.957229][ T4993] Modules linked in:
[ 62.969089][ T26] audit: type=1400 audit(1687884188.576:87): avc: denied { ioctl } for pid=4993 comm="syz-executor690" path="/dev/video3" dev="devtmpfs" ino=848 ioctlcmd=0x5608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 62.992433][ T4993] CPU: 0 PID: 4993 Comm: syz-executor690 Not tainted 6.4.0-syzkaller-01224-g1ef6663a587b #0
[ 62.992461][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 62.992475][ T4993] RIP: 0010:get_vaddr_frames+0x220/0x230
[ 63.047387][ T4993] Code: 75 12 fb e9 06 ff ff ff e8 ed 75 12 fb e9 cd fe ff ff e8 43 86 c0 fa 48 c7 c7 c0 fe 1e 8b c6 05 3e 76 a1 07 01 e8 60 1c 88 fa <0f> 0b e9 53 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55
[ 63.067053][ T4993] RSP: 0018:ffffc9000340f758 EFLAGS: 00010282
[ 63.073154][ T4993] RAX: 0000000000000000 RBX: ffff8880142c1000 RCX: 0000000000000000
[ 63.081152][ T4993] RDX: ffff88807a9e6040 RSI: ffffffff814b2487 RDI: 0000000000000001
[ 63.089139][ T4993] RBP: ffff8880142c1004 R08: 0000000000000001 R09: 0000000000000000
[ 63.097142][ T4993] R10: 0000000000000000 R11: 776f6c6c6f662074 R12: 00000000fffffff2
[ 63.105146][ T4993] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802b059800
[ 63.113160][ T4993] FS: 00005555562eb300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 63.122131][ T4993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.128702][ T4993] CR2: 00000000005fdeb8 CR3: 0000000020096000 CR4: 00000000003506f0
[ 63.136708][ T4993] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.144714][ T4993] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.152740][ T4993] Call Trace:
[ 63.156034][ T4993]
[ 63.158975][ T4993] ? __warn+0xe6/0x390
[ 63.163113][ T4993] ? __wake_up_klogd.part.0+0x99/0xf0
[ 63.168505][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.173571][ T4993] ? report_bug+0x2da/0x500
[ 63.178179][ T4993] ? handle_bug+0x3c/0x70
[ 63.182560][ T4993] ? exc_invalid_op+0x18/0x50
[ 63.187257][ T4993] ? asm_exc_invalid_op+0x1a/0x20
[ 63.192322][ T4993] ? __warn_printk+0x187/0x310
[ 63.197105][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.202168][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.207210][ T4993] vb2_create_framevec+0x62/0xd0
[ 63.212185][ T4993] vb2_vmalloc_get_userptr+0x13b/0x530
[ 63.217667][ T4993] ? arch_stack_walk+0x60/0xf0
[ 63.222470][ T4993] ? vb2_vmalloc_dmabuf_ops_attach+0x430/0x430
[ 63.228649][ T4993] __prepare_userptr+0x6a6/0x1630
[ 63.233713][ T4993] ? vb2_queue_error+0x60/0x60
[ 63.238493][ T4993] ? __stack_depot_save+0x39/0x510
[ 63.243646][ T4993] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.249648][ T4993] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.255669][ T4993] ? print_usage_bug.part.0+0x660/0x660
[ 63.261250][ T4993] ? kasan_save_stack+0x22/0x40
[ 63.266091][ T4993] ? kasan_set_track+0x25/0x30
[ 63.270900][ T4993] ? kasan_save_free_info+0x2b/0x40
[ 63.276123][ T4993] ? ____kasan_slab_free+0x13b/0x1a0
[ 63.281488][ T4993] ? lock_sync+0x190/0x190
[ 63.285936][ T4993] __buf_prepare+0x602/0x7d0
[ 63.290594][ T4993] ? vb2_queue_or_prepare_buf+0x5c0/0x2cb0
[ 63.296426][ T4993] vb2_core_qbuf+0xc79/0x14e0
[ 63.301153][ T4993] ? __mutex_lock+0x231/0x1350
[ 63.305945][ T4993] vb2_qbuf+0x13d/0x1d0
[ 63.310116][ T4993] ? vb2_ioctl_prepare_buf+0x140/0x140
[ 63.315645][ T4993] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 63.321260][ T4993] v4l2_m2m_qbuf+0x18e/0x920
[ 63.325856][ T4993] ? check_fmt+0x4f4/0x900
[ 63.330311][ T4993] v4l_qbuf+0x96/0xc0
[ 63.331574][ T26] audit: type=1400 audit(1687884189.006:88): avc: denied { append } for pid=4431 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 63.334303][ T4993] __video_do_ioctl+0xba6/0xf20
[ 63.356780][ T26] audit: type=1400 audit(1687884189.006:89): avc: denied { open } for pid=4431 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 63.361258][ T4993] ? v4l_reqbufs+0xd0/0xd0
[ 63.383991][ T26] audit: type=1400 audit(1687884189.006:90): avc: denied { getattr } for pid=4431 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 63.387973][ T4993] video_usercopy+0x4bf/0x14c0
[ 63.415402][ T4993] ? v4l_reqbufs+0xd0/0xd0
[ 63.419836][ T4993] ? selinux_bprm_creds_for_exec+0xa80/0xb20
[ 63.425887][ T4993] ? v4l_enumstd+0x70/0x70
[ 63.430366][ T4993] ? lock_downgrade+0x690/0x690
[ 63.435251][ T4993] v4l2_ioctl+0x1bd/0x250
[ 63.439581][ T4993] ? v4l2_write+0x350/0x350
[ 63.444116][ T4993] __x64_sys_ioctl+0x19d/0x210
[ 63.448893][ T4993] do_syscall_64+0x39/0xb0
[ 63.453352][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.459264][ T4993] RIP: 0033:0x7f3b71cc8c49
[ 63.463707][ T4993] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.483349][ T4993] RSP: 002b:00007ffc961d78d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 63.491791][ T4993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3b71cc8c49
[ 63.499772][ T4993] RDX: 0000000020000300 RSI: 00000000c058560f RDI: 0000000000000003
[ 63.507776][ T4993] RBP: 00007f3b71c8cdf0 R08: 0000000000000000 R09: 0000000000000000
[ 63.515786][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b71c8ce80
[ 63.523787][ T4993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 63.531823][ T4993]
[ 63.534855][ T4993] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 63.542117][ T4993] CPU: 0 PID: 4993 Comm: syz-executor690 Not tainted 6.4.0-syzkaller-01224-g1ef6663a587b #0
[ 63.552166][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 63.562209][ T4993] Call Trace:
[ 63.565474][ T4993]
[ 63.568390][ T4993] dump_stack_lvl+0xd9/0x150
[ 63.572977][ T4993] panic+0x686/0x730
[ 63.576864][ T4993] ? panic_smp_self_stop+0xa0/0xa0
[ 63.581965][ T4993] ? show_trace_log_lvl+0x284/0x390
[ 63.587154][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.592172][ T4993] check_panic_on_warn+0xb1/0xc0
[ 63.597101][ T4993] __warn+0xf2/0x390
[ 63.600989][ T4993] ? __wake_up_klogd.part.0+0x99/0xf0
[ 63.606352][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.611367][ T4993] report_bug+0x2da/0x500
[ 63.615688][ T4993] handle_bug+0x3c/0x70
[ 63.619834][ T4993] exc_invalid_op+0x18/0x50
[ 63.624329][ T4993] asm_exc_invalid_op+0x1a/0x20
[ 63.629168][ T4993] RIP: 0010:get_vaddr_frames+0x220/0x230
[ 63.634793][ T4993] Code: 75 12 fb e9 06 ff ff ff e8 ed 75 12 fb e9 cd fe ff ff e8 43 86 c0 fa 48 c7 c7 c0 fe 1e 8b c6 05 3e 76 a1 07 01 e8 60 1c 88 fa <0f> 0b e9 53 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55
[ 63.654387][ T4993] RSP: 0018:ffffc9000340f758 EFLAGS: 00010282
[ 63.660448][ T4993] RAX: 0000000000000000 RBX: ffff8880142c1000 RCX: 0000000000000000
[ 63.668402][ T4993] RDX: ffff88807a9e6040 RSI: ffffffff814b2487 RDI: 0000000000000001
[ 63.676360][ T4993] RBP: ffff8880142c1004 R08: 0000000000000001 R09: 0000000000000000
[ 63.684317][ T4993] R10: 0000000000000000 R11: 776f6c6c6f662074 R12: 00000000fffffff2
[ 63.692276][ T4993] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802b059800
[ 63.700245][ T4993] ? __warn_printk+0x187/0x310
[ 63.705017][ T4993] ? get_vaddr_frames+0x220/0x230
[ 63.710029][ T4993] vb2_create_framevec+0x62/0xd0
[ 63.714959][ T4993] vb2_vmalloc_get_userptr+0x13b/0x530
[ 63.720415][ T4993] ? arch_stack_walk+0x60/0xf0
[ 63.725172][ T4993] ? vb2_vmalloc_dmabuf_ops_attach+0x430/0x430
[ 63.731322][ T4993] __prepare_userptr+0x6a6/0x1630
[ 63.736337][ T4993] ? vb2_queue_error+0x60/0x60
[ 63.741090][ T4993] ? __stack_depot_save+0x39/0x510
[ 63.746188][ T4993] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.752159][ T4993] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 63.758127][ T4993] ? print_usage_bug.part.0+0x660/0x660
[ 63.763663][ T4993] ? kasan_save_stack+0x22/0x40
[ 63.768508][ T4993] ? kasan_set_track+0x25/0x30
[ 63.773261][ T4993] ? kasan_save_free_info+0x2b/0x40
[ 63.778449][ T4993] ? ____kasan_slab_free+0x13b/0x1a0
[ 63.783723][ T4993] ? lock_sync+0x190/0x190
[ 63.788130][ T4993] __buf_prepare+0x602/0x7d0
[ 63.792711][ T4993] ? vb2_queue_or_prepare_buf+0x5c0/0x2cb0
[ 63.798518][ T4993] vb2_core_qbuf+0xc79/0x14e0
[ 63.803184][ T4993] ? __mutex_lock+0x231/0x1350
[ 63.807942][ T4993] vb2_qbuf+0x13d/0x1d0
[ 63.812091][ T4993] ? vb2_ioctl_prepare_buf+0x140/0x140
[ 63.817540][ T4993] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 63.823083][ T4993] v4l2_m2m_qbuf+0x18e/0x920
[ 63.827661][ T4993] ? check_fmt+0x4f4/0x900
[ 63.832066][ T4993] v4l_qbuf+0x96/0xc0
[ 63.836036][ T4993] __video_do_ioctl+0xba6/0xf20
[ 63.840875][ T4993] ? v4l_reqbufs+0xd0/0xd0
[ 63.845285][ T4993] video_usercopy+0x4bf/0x14c0
[ 63.850037][ T4993] ? v4l_reqbufs+0xd0/0xd0
[ 63.854449][ T4993] ? selinux_bprm_creds_for_exec+0xa80/0xb20
[ 63.860427][ T4993] ? v4l_enumstd+0x70/0x70
[ 63.864834][ T4993] ? lock_downgrade+0x690/0x690
[ 63.869674][ T4993] v4l2_ioctl+0x1bd/0x250
[ 63.874002][ T4993] ? v4l2_write+0x350/0x350
[ 63.878498][ T4993] __x64_sys_ioctl+0x19d/0x210
[ 63.883248][ T4993] do_syscall_64+0x39/0xb0
[ 63.887658][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 63.893544][ T4993] RIP: 0033:0x7f3b71cc8c49
[ 63.897943][ T4993] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 63.917535][ T4993] RSP: 002b:00007ffc961d78d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 63.925934][ T4993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3b71cc8c49
[ 63.933898][ T4993] RDX: 0000000020000300 RSI: 00000000c058560f RDI: 0000000000000003
[ 63.941856][ T4993] RBP: 00007f3b71c8cdf0 R08: 0000000000000000 R09: 0000000000000000
[ 63.949813][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3b71c8ce80
[ 63.957771][ T4993] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 63.965730][ T4993]
[ 63.968933][ T4993] Kernel Offset: disabled
[ 63.973312][ T4993] Rebooting in 86400 seconds..