./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor941125041 <...> Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. execve("./syz-executor941125041", ["./syz-executor941125041"], 0x7ffffc316990 /* 10 vars */) = 0 brk(NULL) = 0x555556f24000 brk(0x555556f24d00) = 0x555556f24d00 arch_prctl(ARCH_SET_FS, 0x555556f243c0) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor941125041", 4096) = 27 brk(0x555556f45d00) = 0x555556f45d00 brk(0x555556f46000) = 0x555556f46000 mprotect(0x7f6f30492000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f6f303e9020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6f303e9090}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f6f303e9020, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f6f303e9090}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/fb0", O_RDONLY|O_TRUNC|O_NONBLOCK) = 3 mmap(0x20000000, 8388608, PROT_EXEC|PROT_SEM|0x800000, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x20000000 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000240} --- [ 50.605463][ T27] audit: type=1400 audit(1665083113.299:75): avc: denied { execmem } for pid=3608 comm="syz-executor941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 50.625113][ T27] audit: type=1400 audit(1665083113.309:76): avc: denied { read write } for pid=3608 comm="syz-executor941" name="fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.627082][ T3608] ------------[ cut here ]------------ [ 50.649697][ T27] audit: type=1400 audit(1665083113.309:77): avc: denied { open } for pid=3608 comm="syz-executor941" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.654848][ T3608] kernel BUG at mm/memory.c:2218! [ 50.679015][ T27] audit: type=1400 audit(1665083113.309:78): avc: denied { map } for pid=3608 comm="syz-executor941" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.683677][ T3608] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 50.707646][ T27] audit: type=1400 audit(1665083113.309:79): avc: denied { execute } for pid=3608 comm="syz-executor941" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.713381][ T3608] CPU: 0 PID: 3608 Comm: syz-executor941 Not tainted 6.0.0-syzkaller-05118-g833477fce7a1 #0 [ 50.713405][ T3608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 50.757511][ T3608] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 50.763406][ T3608] Code: 0f 0b e8 8b 9d c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 57 9a c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 68 9d c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 57 9d c6 ff 4d 21 ee 4c 89 [ 50.783010][ T3608] RSP: 0018:ffffc900030ef8e8 EFLAGS: 00010293 [ 50.789250][ T3608] RAX: 0000000000000000 RBX: 1ffff9200061df1f RCX: 0000000000000000 [ 50.797219][ T3608] RDX: ffff88807e59c140 RSI: ffffffff81b3a3f8 RDI: 0000000000000007 [ 50.805185][ T3608] RBP: ffff88802125a528 R08: 0000000000000007 R09: 0000000000000020 [ 50.813150][ T3608] R10: 0000000000000020 R11: 0000000000000000 R12: 0000000020000000 [ 50.821125][ T3608] R13: 000000000001e9f3 R14: 000000000c040474 R15: 0000000000000020 [ 50.829103][ T3608] FS: 0000555556f243c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 50.838037][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.844621][ T3608] CR2: 0000000020000240 CR3: 000000001e965000 CR4: 00000000003506f0 [ 50.852588][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.860560][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.868545][ T3608] Call Trace: [ 50.871818][ T3608] [ 50.874748][ T3608] ? insert_pfn+0x680/0x680 [ 50.879273][ T3608] ? mark_held_locks+0x9f/0xe0 [ 50.884047][ T3608] drm_gem_shmem_fault+0x1e3/0x290 [ 50.889180][ T3608] __do_fault+0x10d/0x610 [ 50.893525][ T3608] __handle_mm_fault+0x2130/0x39b0 [ 50.898643][ T3608] ? vm_iomap_memory+0x190/0x190 [ 50.903585][ T3608] handle_mm_fault+0x1c8/0x780 [ 50.908350][ T3608] do_user_addr_fault+0x475/0x1210 [ 50.913472][ T3608] exc_page_fault+0x94/0x170 [ 50.918078][ T3608] asm_exc_page_fault+0x22/0x30 [ 50.923025][ T3608] RIP: 0010:strncpy_from_user+0x1bd/0x3c0 [ 50.928757][ T3608] Code: ed 08 4d 89 74 1d 00 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 c5 79 5a fd 48 83 fd 07 0f 86 c0 01 00 00 e8 d6 7c 5a fd 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 82 79 5a fd 45 85 ff 0f 84 [ 50.948365][ T3608] RSP: 0018:ffffc900030efd08 EFLAGS: 00050246 [ 50.954437][ T3608] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 50.962415][ T3608] RDX: ffff88807e59c140 RSI: ffffffff841fc48a RDI: 0000000000000007 [ 50.970388][ T3608] RBP: 0000000000000fe0 R08: 0000000000000007 R09: 0000000000000007 [ 50.978363][ T3608] R10: 0000000000000fe0 R11: 0000000000000000 R12: 0000000020000240 [ 50.986334][ T3608] R13: ffff88807e37a9a0 R14: ffff88807e37a9a0 R15: 0000000000000000 [ 50.994307][ T3608] ? strncpy_from_user+0x1ba/0x3c0 [ 50.999426][ T3608] ? strncpy_from_user+0x1ba/0x3c0 [ 51.004550][ T3608] getname_flags.part.0+0x95/0x4f0 [ 51.009675][ T3608] ? _raw_spin_lock_irq+0x41/0x50 [ 51.014708][ T3608] getname+0x8e/0xd0 [ 51.018611][ T3608] do_sys_openat2+0xf5/0x4c0 [ 51.023208][ T3608] ? build_open_flags+0x6f0/0x6f0 [ 51.028243][ T3608] ? ptrace_notify+0xfa/0x140 [ 51.032915][ T3608] ? lock_downgrade+0x6e0/0x6e0 [ 51.037785][ T3608] __x64_sys_openat+0x13f/0x1f0 [ 51.042648][ T3608] ? __ia32_sys_open+0x1c0/0x1c0 [ 51.047591][ T3608] ? _raw_spin_unlock_irq+0x1f/0x40 [ 51.052794][ T3608] ? lockdep_hardirqs_on+0x79/0x100 [ 51.058004][ T3608] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.063198][ T3608] ? ptrace_notify+0xfa/0x140 [ 51.067874][ T3608] do_syscall_64+0x35/0xb0 [ 51.072296][ T3608] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.078190][ T3608] RIP: 0033:0x7f6f30426159 [ 51.082600][ T3608] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.102216][ T3608] RSP: 002b:00007ffde672f708 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 51.110627][ T3608] RAX: ffffffffffffffda RBX: 00007ffde672f718 RCX: 00007f6f30426159 [ 51.118602][ T3608] RDX: 000000000000275a RSI: 0000000020000240 RDI: 00000000ffffff9c [ 51.126579][ T3608] RBP: 00007ffde672f710 R08: 00007ffde672f710 R09: 00007f6f303e9020 [ 51.134982][ T3608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.142950][ T3608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.150916][ T3608] [ 51.153929][ T3608] Modules linked in: [ 51.158066][ T3608] ---[ end trace 0000000000000000 ]--- [ 51.163545][ T3608] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 51.169503][ T3608] Code: 0f 0b e8 8b 9d c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 57 9a c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 68 9d c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 57 9d c6 ff 4d 21 ee 4c 89 [ 51.189131][ T3608] RSP: 0018:ffffc900030ef8e8 EFLAGS: 00010293 [ 51.195297][ T3608] RAX: 0000000000000000 RBX: 1ffff9200061df1f RCX: 0000000000000000 [ 51.203292][ T3608] RDX: ffff88807e59c140 RSI: ffffffff81b3a3f8 RDI: 0000000000000007 [ 51.211279][ T3608] RBP: ffff88802125a528 R08: 0000000000000007 R09: 0000000000000020 [ 51.219232][ T3608] R10: 0000000000000020 R11: 0000000000000000 R12: 0000000020000000 [ 51.227208][ T3608] R13: 000000000001e9f3 R14: 000000000c040474 R15: 0000000000000020 [ 51.235635][ T3608] FS: 0000555556f243c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 51.244583][ T3608] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.251188][ T3608] CR2: 0000000020000240 CR3: 000000001e965000 CR4: 00000000003506f0 [ 51.259143][ T3608] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.267134][ T3608] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.275170][ T3608] Kernel panic - not syncing: Fatal exception [ 51.281391][ T3608] Kernel Offset: disabled [ 51.285702][ T3608] Rebooting in 86400 seconds..