./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3810716290
<...>
DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57
forked to background, child pid 4670
[ 31.706989][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.719263][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts.
execve("./syz-executor3810716290", ["./syz-executor3810716290"], 0x7ffde4e963a0 /* 10 vars */) = 0
brk(NULL) = 0x555557541000
brk(0x555557541c40) = 0x555557541c40
arch_prctl(ARCH_SET_FS, 0x555557541300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3810716290", 4096) = 28
brk(0x555557562c40) = 0x555557562c40
brk(0x555557563000) = 0x555557563000
mprotect(0x7fef27de7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/vim2m", O_RDWR) = 3
ioctl(3, VIDIOC_REQBUFS, {type=V4L2_BUF_TYPE_VIDEO_OUTPUT, memory=V4L2_MEMORY_USERPTR, count=4294967264 => 27}) = 0
syzkaller login: [ 60.715531][ T5001] ------------[ cut here ]------------
[ 60.721115][ T5001] get_vaddr_frames() cannot follow VM_IO mapping
[ 60.721469][ T5001] WARNING: CPU: 0 PID: 5001 at drivers/media/common/videobuf2/frame_vector.c:63 get_vaddr_frames+0x220/0x230
[ 60.739925][ T5001] Modules linked in:
[ 60.744289][ T5001] CPU: 0 PID: 5001 Comm: syz-executor381 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 60.754382][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 60.764674][ T5001] RIP: 0010:get_vaddr_frames+0x220/0x230
[ 60.770337][ T5001] Code: c4 12 fb e9 06 ff ff ff e8 6d c4 12 fb e9 cd fe ff ff e8 e3 c3 bf fa 48 c7 c7 60 49 1f 8b c6 05 2b e0 a0 07 01 e8 e0 70 87 fa <0f> 0b e9 53 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55
[ 60.790221][ T5001] RSP: 0018:ffffc90003a1f818 EFLAGS: 00010282
[ 60.796545][ T5001] RAX: 0000000000000000 RBX: ffffc9000c400000 RCX: 0000000000000000
[ 60.804738][ T5001] RDX: ffff888023a00000 RSI: ffffffff814bd247 RDI: 0000000000000001
[ 60.812741][ T5001] RBP: ffffc9000c400004 R08: 0000000000000001 R09: 0000000000000000
[ 60.820952][ T5001] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000fffffff2
[ 60.829111][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88814126d000
[ 60.837362][ T5001] FS: 0000555557541300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 60.846542][ T5001] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.853539][ T5001] CR2: 00000000005fdeb8 CR3: 00000000767ea000 CR4: 00000000003506f0
[ 60.861536][ T5001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.869730][ T5001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.877890][ T5001] Call Trace:
[ 60.881172][ T5001]
[ 60.884137][ T5001] vb2_create_framevec+0x62/0xd0
[ 60.889103][ T5001] vb2_vmalloc_get_userptr+0x13b/0x530
[ 60.894640][ T5001] ? vb2_vmalloc_dmabuf_ops_attach+0x430/0x430
[ 60.900822][ T5001] __prepare_userptr+0x6a6/0x1630
[ 60.905923][ T5001] ? vb2_queue_error+0x60/0x60
[ 60.910736][ T5001] ? slab_free_freelist_hook+0x8b/0x1c0
[ 60.916434][ T5001] ? __kmem_cache_free+0xaf/0x2d0
[ 60.921494][ T5001] ? tomoyo_path_number_perm+0x43b/0x570
[ 60.927188][ T5001] ? security_file_ioctl+0x54/0xb0
[ 60.932326][ T5001] ? print_usage_bug.part.0+0x660/0x660
[ 60.937944][ T5001] ? mark_lock.part.0+0xee/0x1970
[ 60.942999][ T5001] ? lock_sync+0x190/0x190
[ 60.947482][ T5001] ? rcu_is_watching+0x12/0xb0
[ 60.952350][ T5001] ? trace_lock_acquire+0x12d/0x180
[ 60.957618][ T5001] ? rcu_is_watching+0x12/0xb0
[ 60.962397][ T5001] ? trace_contention_end+0xd8/0x100
[ 60.967728][ T5001] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 60.973718][ T5001] __buf_prepare+0x602/0x7d0
[ 60.978310][ T5001] vb2_core_prepare_buf+0xe4/0x330
[ 60.983458][ T5001] vb2_prepare_buf+0x103/0x190
[ 60.988250][ T5001] v4l2_m2m_prepare_buf+0xe8/0x210
[ 60.993423][ T5001] v4l_prepare_buf+0x96/0xc0
[ 60.998030][ T5001] __video_do_ioctl+0xba6/0xf20
[ 61.002880][ T5001] ? v4l_reqbufs+0xd0/0xd0
[ 61.007325][ T5001] ? __might_fault+0xb2/0x190
[ 61.012026][ T5001] video_usercopy+0x4bf/0x14c0
[ 61.016873][ T5001] ? v4l_reqbufs+0xd0/0xd0
[ 61.021399][ T5001] ? v4l_enumstd+0x70/0x70
[ 61.025913][ T5001] ? lock_downgrade+0x690/0x690
[ 61.030816][ T5001] v4l2_ioctl+0x1b7/0x250
[ 61.035244][ T5001] ? v4l2_read+0x350/0x350
[ 61.039692][ T5001] __x64_sys_ioctl+0x197/0x210
[ 61.044516][ T5001] do_syscall_64+0x39/0xb0
[ 61.048961][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.054927][ T5001] RIP: 0033:0x7fef27d7ac49
[ 61.059365][ T5001] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.079033][ T5001] RSP: 002b:00007ffd44b922e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.087492][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef27d7ac49
[ 61.095522][ T5001] RDX: 0000000020000300 RSI: 00000000c058565d RDI: 0000000000000003
[ 61.103526][ T5001] RBP: 00007fef27d3edf0 R08: 0000000000000000 R09: 0000000000000000
[ 61.111490][ T5001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef27d3ee80
[ 61.119522][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 61.127536][ T5001]
[ 61.130548][ T5001] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 61.137869][ T5001] CPU: 0 PID: 5001 Comm: syz-executor381 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 61.147764][ T5001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 61.157828][ T5001] Call Trace:
[ 61.161111][ T5001]
[ 61.164045][ T5001] dump_stack_lvl+0xd9/0x150
[ 61.168668][ T5001] panic+0x686/0x730
[ 61.172611][ T5001] ? panic_smp_self_stop+0xa0/0xa0
[ 61.177744][ T5001] ? show_trace_log_lvl+0x285/0x390
[ 61.183150][ T5001] ? get_vaddr_frames+0x220/0x230
[ 61.188188][ T5001] check_panic_on_warn+0xb1/0xc0
[ 61.193151][ T5001] __warn+0xf2/0x390
[ 61.197063][ T5001] ? __wake_up_klogd.part.0+0x99/0xf0
[ 61.202451][ T5001] ? get_vaddr_frames+0x220/0x230
[ 61.207661][ T5001] report_bug+0x2da/0x500
[ 61.212014][ T5001] handle_bug+0x3c/0x70
[ 61.216179][ T5001] exc_invalid_op+0x18/0x50
[ 61.220687][ T5001] asm_exc_invalid_op+0x1a/0x20
[ 61.225557][ T5001] RIP: 0010:get_vaddr_frames+0x220/0x230
[ 61.231202][ T5001] Code: c4 12 fb e9 06 ff ff ff e8 6d c4 12 fb e9 cd fe ff ff e8 e3 c3 bf fa 48 c7 c7 60 49 1f 8b c6 05 2b e0 a0 07 01 e8 e0 70 87 fa <0f> 0b e9 53 ff ff ff 66 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55
[ 61.250820][ T5001] RSP: 0018:ffffc90003a1f818 EFLAGS: 00010282
[ 61.256917][ T5001] RAX: 0000000000000000 RBX: ffffc9000c400000 RCX: 0000000000000000
[ 61.264900][ T5001] RDX: ffff888023a00000 RSI: ffffffff814bd247 RDI: 0000000000000001
[ 61.272879][ T5001] RBP: ffffc9000c400004 R08: 0000000000000001 R09: 0000000000000000
[ 61.280856][ T5001] R10: 0000000000000000 R11: 0000000000000001 R12: 00000000fffffff2
[ 61.288829][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88814126d000
[ 61.296812][ T5001] ? __warn_printk+0x187/0x310
[ 61.301600][ T5001] ? get_vaddr_frames+0x220/0x230
[ 61.306634][ T5001] vb2_create_framevec+0x62/0xd0
[ 61.311587][ T5001] vb2_vmalloc_get_userptr+0x13b/0x530
[ 61.317067][ T5001] ? vb2_vmalloc_dmabuf_ops_attach+0x430/0x430
[ 61.323244][ T5001] __prepare_userptr+0x6a6/0x1630
[ 61.328316][ T5001] ? vb2_queue_error+0x60/0x60
[ 61.333100][ T5001] ? slab_free_freelist_hook+0x8b/0x1c0
[ 61.338664][ T5001] ? __kmem_cache_free+0xaf/0x2d0
[ 61.343695][ T5001] ? tomoyo_path_number_perm+0x43b/0x570
[ 61.349336][ T5001] ? security_file_ioctl+0x54/0xb0
[ 61.354464][ T5001] ? print_usage_bug.part.0+0x660/0x660
[ 61.360027][ T5001] ? mark_lock.part.0+0xee/0x1970
[ 61.365076][ T5001] ? lock_sync+0x190/0x190
[ 61.369506][ T5001] ? rcu_is_watching+0x12/0xb0
[ 61.374279][ T5001] ? trace_lock_acquire+0x12d/0x180
[ 61.379495][ T5001] ? rcu_is_watching+0x12/0xb0
[ 61.384267][ T5001] ? trace_contention_end+0xd8/0x100
[ 61.389598][ T5001] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 61.395520][ T5001] __buf_prepare+0x602/0x7d0
[ 61.400127][ T5001] vb2_core_prepare_buf+0xe4/0x330
[ 61.405245][ T5001] vb2_prepare_buf+0x103/0x190
[ 61.410033][ T5001] v4l2_m2m_prepare_buf+0xe8/0x210
[ 61.415176][ T5001] v4l_prepare_buf+0x96/0xc0
[ 61.419811][ T5001] __video_do_ioctl+0xba6/0xf20
[ 61.424689][ T5001] ? v4l_reqbufs+0xd0/0xd0
[ 61.429112][ T5001] ? __might_fault+0xb2/0x190
[ 61.433910][ T5001] video_usercopy+0x4bf/0x14c0
[ 61.438696][ T5001] ? v4l_reqbufs+0xd0/0xd0
[ 61.443118][ T5001] ? v4l_enumstd+0x70/0x70
[ 61.447549][ T5001] ? lock_downgrade+0x690/0x690
[ 61.452425][ T5001] v4l2_ioctl+0x1b7/0x250
[ 61.456776][ T5001] ? v4l2_read+0x350/0x350
[ 61.461209][ T5001] __x64_sys_ioctl+0x197/0x210
[ 61.465986][ T5001] do_syscall_64+0x39/0xb0
[ 61.470429][ T5001] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 61.476344][ T5001] RIP: 0033:0x7fef27d7ac49
[ 61.480765][ T5001] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 61.500386][ T5001] RSP: 002b:00007ffd44b922e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 61.508806][ T5001] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fef27d7ac49
[ 61.516784][ T5001] RDX: 0000000020000300 RSI: 00000000c058565d RDI: 0000000000000003
[ 61.524760][ T5001] RBP: 00007fef27d3edf0 R08: 0000000000000000 R09: 0000000000000000
[ 61.532737][ T5001] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fef27d3ee80
[ 61.540718][ T5001] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 61.548722][ T5001]
[ 61.551898][ T5001] Kernel Offset: disabled
[ 61.556297][ T5001] Rebooting in 86400 seconds..