./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1119621033
<...>
Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts.
execve("./syz-executor1119621033", ["./syz-executor1119621033"], 0x7fff9db57100 /* 10 vars */) = 0
brk(NULL) = 0x555555da8000
brk(0x555555da8c40) = 0x555555da8c40
arch_prctl(ARCH_SET_FS, 0x555555da8300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1119621033", 4096) = 28
brk(0x555555dc9c40) = 0x555555dc9c40
brk(0x555555dca000) = 0x555555dca000
mprotect(0x7f1013906000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
io_uring_setup(1453, {flags=0, sq_thread_cpu=0, sq_thread_idle=0, sq_entries=2048, cq_entries=4096, features=IORING_FEAT_SINGLE_MMAP|IORING_FEAT_NODROP|IORING_FEAT_SUBMIT_STABLE|IORING_FEAT_RW_CUR_POS|IORING_FEAT_CUR_PERSONALITY|IORING_FEAT_FAST_POLL|IORING_FEAT_POLL_32BITS|IORING_FEAT_SQPOLL_NONFIXED|IORING_FEAT_EXT_ARG|IORING_FEAT_NATIVE_WORKERS|IORING_FEAT_RSRC_TAGS|IORING_FEAT_CQE_SKIP|0x1000, sq_off={head=0, tail=64, ring_mask=256, ring_entries=264, flags=276, dropped=272, array=65856}, cq_off={head=128, tail=192, ring_mask=260, ring_entries=268, overflow=284, cqes=320, flags=280}}) = 3
mmap(0x20000000, 74048, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0) = 0x20000000
mmap(0x20000000, 131008, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED|MAP_POPULATE, 3, 0x10000000) = 0x20000000
openat(AT_FDCWD, 0x20000140, O_RDWR) = 4
ioctl(4, VIDIOC_REQBUFS, 0x200000c0) = 0
syzkaller login: [ 52.050119][ T3631] ------------[ cut here ]------------
[ 52.055847][ T3631] get_vaddr_frames() cannot follow VM_IO mapping
[ 52.056084][ T3631] WARNING: CPU: 0 PID: 3631 at drivers/media/common/videobuf2/frame_vector.c:59 get_vaddr_frames+0x1d7/0x220
[ 52.074044][ T3631] Modules linked in:
[ 52.077924][ T3631] CPU: 0 PID: 3631 Comm: syz-executor111 Not tainted 6.1.0-rc7-syzkaller-00159-ga1e9185d20b5 #0
[ 52.088368][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.098467][ T3631] RIP: 0010:get_vaddr_frames+0x1d7/0x220
[ 52.104142][ T3631] Code: ff ff ff 4c 89 e7 e8 18 11 ba fa e9 0f ff ff ff e8 2e 0e 65 fa c6 05 aa 3e 54 07 01 48 c7 c7 60 0b e3 8b 31 c0 e8 69 0e 2c fa <0f> 0b e9 49 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 1d ff
[ 52.124083][ T3631] RSP: 0018:ffffc90003b4f5c8 EFLAGS: 00010246
[ 52.130173][ T3631] RAX: 630f97ff10018800 RBX: 1ffff11028e8e400 RCX: ffff8880249957c0
[ 52.138223][ T3631] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 52.146374][ T3631] RBP: 0000000000000096 R08: ffffffff816fdabd R09: ffffed1017304f1c
[ 52.154839][ T3631] R10: ffffed1017304f1c R11: 1ffff11017304f1b R12: ffff888147472004
[ 52.162985][ T3631] R13: dffffc0000000000 R14: 0000000000000000 R15: 00000000fffffff2
[ 52.170981][ T3631] FS: 0000555555da8300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 52.179913][ T3631] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.186560][ T3631] CR2: 00000000005d84c8 CR3: 00000000728ec000 CR4: 00000000003506f0
[ 52.194562][ T3631] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.202578][ T3631] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.210586][ T3631] Call Trace:
[ 52.213855][ T3631]
[ 52.216772][ T3631] vb2_create_framevec+0x4a/0xb0
[ 52.221761][ T3631] vb2_vmalloc_get_userptr+0xe5/0x3f0
[ 52.227138][ T3631] ? __fill_vb2_buffer+0x458/0x4b0
[ 52.232341][ T3631] ? vb2_vmalloc_get_dmabuf+0x270/0x270
[ 52.237893][ T3631] __buf_prepare+0xcc6/0x4530
[ 52.242662][ T3631] ? stack_trace_save+0x1f0/0x1f0
[ 52.247698][ T3631] ? vb2_core_prepare_buf+0x300/0x300
[ 52.253206][ T3631] ? arch_stack_walk+0xf8/0x140
[ 52.258062][ T3631] ? mark_lock+0x9a/0x350
[ 52.262654][ T3631] ? __lock_acquire+0x1292/0x1f60
[ 52.267775][ T3631] ? vb2_queue_or_prepare_buf+0x5ab/0xe30
[ 52.273541][ T3631] vb2_core_prepare_buf+0xde/0x300
[ 52.278663][ T3631] v4l2_m2m_ioctl_prepare_buf+0x136/0x3b0
[ 52.284435][ T3631] ? v4l_prepare_buf+0x67/0xc0
[ 52.289211][ T3631] __video_do_ioctl+0x9fd/0xdd0
[ 52.294113][ T3631] ? video_ioctl2+0x30/0x30
[ 52.298620][ T3631] ? smack_log+0x11f/0x530
[ 52.303104][ T3631] ? __might_fault+0xb2/0x110
[ 52.307795][ T3631] video_usercopy+0xa6f/0x10b0
[ 52.312603][ T3631] ? video_ioctl2+0x30/0x30
[ 52.317110][ T3631] ? v4l_printk_ioctl+0x130/0x130
[ 52.322184][ T3631] ? smack_file_ioctl+0x2f7/0x3a0
[ 52.327229][ T3631] ? print_irqtrace_events+0x220/0x220
[ 52.332717][ T3631] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 52.338704][ T3631] v4l2_ioctl+0x181/0x1d0
[ 52.343091][ T3631] ? v4l2_poll+0x2a0/0x2a0
[ 52.347512][ T3631] __se_sys_ioctl+0xfb/0x170
[ 52.352132][ T3631] do_syscall_64+0x2b/0x70
[ 52.356552][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.362607][ T3631] RIP: 0033:0x7f1013899d19
[ 52.367036][ T3631] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.386691][ T3631] RSP: 002b:00007ffd65c3dce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 52.395168][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1013899d19
[ 52.403197][ T3631] RDX: 0000000020000300 RSI: 00000000c058565d RDI: 0000000000000004
[ 52.411217][ T3631] RBP: 00007f101385dec0 R08: 0000000000000000 R09: 0000000000000000
[ 52.420316][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f101385df50
[ 52.428349][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.436386][ T3631]
[ 52.439413][ T3631] Kernel panic - not syncing: panic_on_warn set ...
[ 52.445982][ T3631] CPU: 0 PID: 3631 Comm: syz-executor111 Not tainted 6.1.0-rc7-syzkaller-00159-ga1e9185d20b5 #0
[ 52.456371][ T3631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 52.466405][ T3631] Call Trace:
[ 52.469668][ T3631]
[ 52.472582][ T3631] dump_stack_lvl+0x1e3/0x2cb
[ 52.477250][ T3631] ? nf_tcp_handle_invalid+0x62e/0x62e
[ 52.482703][ T3631] ? panic+0x766/0x766
[ 52.486777][ T3631] ? vscnprintf+0x59/0x80
[ 52.491091][ T3631] ? get_vaddr_frames+0x140/0x220
[ 52.496106][ T3631] panic+0x316/0x766
[ 52.500001][ T3631] ? __warn+0x131/0x220
[ 52.504150][ T3631] ? memcpy_page_flushcache+0xfc/0xfc
[ 52.509525][ T3631] ? get_vaddr_frames+0x1d7/0x220
[ 52.514537][ T3631] __warn+0x1fa/0x220
[ 52.518503][ T3631] ? get_vaddr_frames+0x1d7/0x220
[ 52.523522][ T3631] report_bug+0x1b3/0x2d0
[ 52.527855][ T3631] handle_bug+0x3d/0x70
[ 52.532022][ T3631] exc_invalid_op+0x16/0x40
[ 52.536533][ T3631] asm_exc_invalid_op+0x16/0x20
[ 52.541472][ T3631] RIP: 0010:get_vaddr_frames+0x1d7/0x220
[ 52.547102][ T3631] Code: ff ff ff 4c 89 e7 e8 18 11 ba fa e9 0f ff ff ff e8 2e 0e 65 fa c6 05 aa 3e 54 07 01 48 c7 c7 60 0b e3 8b 31 c0 e8 69 0e 2c fa <0f> 0b e9 49 ff ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 1d ff
[ 52.566705][ T3631] RSP: 0018:ffffc90003b4f5c8 EFLAGS: 00010246
[ 52.572769][ T3631] RAX: 630f97ff10018800 RBX: 1ffff11028e8e400 RCX: ffff8880249957c0
[ 52.580734][ T3631] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 52.588713][ T3631] RBP: 0000000000000096 R08: ffffffff816fdabd R09: ffffed1017304f1c
[ 52.596683][ T3631] R10: ffffed1017304f1c R11: 1ffff11017304f1b R12: ffff888147472004
[ 52.604649][ T3631] R13: dffffc0000000000 R14: 0000000000000000 R15: 00000000fffffff2
[ 52.612621][ T3631] ? __wake_up_klogd+0xcd/0x100
[ 52.617484][ T3631] ? get_vaddr_frames+0x1d7/0x220
[ 52.622509][ T3631] vb2_create_framevec+0x4a/0xb0
[ 52.627458][ T3631] vb2_vmalloc_get_userptr+0xe5/0x3f0
[ 52.632827][ T3631] ? __fill_vb2_buffer+0x458/0x4b0
[ 52.637940][ T3631] ? vb2_vmalloc_get_dmabuf+0x270/0x270
[ 52.643483][ T3631] __buf_prepare+0xcc6/0x4530
[ 52.648170][ T3631] ? stack_trace_save+0x1f0/0x1f0
[ 52.653197][ T3631] ? vb2_core_prepare_buf+0x300/0x300
[ 52.658567][ T3631] ? arch_stack_walk+0xf8/0x140
[ 52.663419][ T3631] ? mark_lock+0x9a/0x350
[ 52.667747][ T3631] ? __lock_acquire+0x1292/0x1f60
[ 52.672823][ T3631] ? vb2_queue_or_prepare_buf+0x5ab/0xe30
[ 52.678563][ T3631] vb2_core_prepare_buf+0xde/0x300
[ 52.683685][ T3631] v4l2_m2m_ioctl_prepare_buf+0x136/0x3b0
[ 52.689424][ T3631] ? v4l_prepare_buf+0x67/0xc0
[ 52.694193][ T3631] __video_do_ioctl+0x9fd/0xdd0
[ 52.699051][ T3631] ? video_ioctl2+0x30/0x30
[ 52.703551][ T3631] ? smack_log+0x11f/0x530
[ 52.707971][ T3631] ? __might_fault+0xb2/0x110
[ 52.712655][ T3631] video_usercopy+0xa6f/0x10b0
[ 52.717428][ T3631] ? video_ioctl2+0x30/0x30
[ 52.721934][ T3631] ? v4l_printk_ioctl+0x130/0x130
[ 52.726959][ T3631] ? smack_file_ioctl+0x2f7/0x3a0
[ 52.731996][ T3631] ? print_irqtrace_events+0x220/0x220
[ 52.737453][ T3631] ? lockdep_hardirqs_on_prepare+0x448/0x7b0
[ 52.743435][ T3631] v4l2_ioctl+0x181/0x1d0
[ 52.747763][ T3631] ? v4l2_poll+0x2a0/0x2a0
[ 52.752174][ T3631] __se_sys_ioctl+0xfb/0x170
[ 52.756763][ T3631] do_syscall_64+0x2b/0x70
[ 52.761177][ T3631] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.767064][ T3631] RIP: 0033:0x7f1013899d19
[ 52.771474][ T3631] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.791071][ T3631] RSP: 002b:00007ffd65c3dce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 52.799479][ T3631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1013899d19
[ 52.807445][ T3631] RDX: 0000000020000300 RSI: 00000000c058565d RDI: 0000000000000004
[ 52.815408][ T3631] RBP: 00007f101385dec0 R08: 0000000000000000 R09: 0000000000000000
[ 52.823373][ T3631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f101385df50
[ 52.831334][ T3631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.839312][ T3631]
[ 52.842377][ T3631] Kernel Offset: disabled
[ 52.846761][ T3631] Rebooting in 86400 seconds..