./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2250879043 <...> [ 29.029174][ T3178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.041348][ T3178] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 39.800487][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 39.800503][ T27] audit: type=1400 audit(1652419012.268:73): avc: denied { transition } for pid=3448 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.828971][ T27] audit: type=1400 audit(1652419012.278:74): avc: denied { write } for pid=3448 comm="sh" path="pipe:[27152]" dev="pipefs" ino=27152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts. execve("./syz-executor2250879043", ["./syz-executor2250879043"], 0x7ffd4d9edc50 /* 10 vars */) = 0 brk(NULL) = 0x55555599b000 brk(0x55555599bc40) = 0x55555599bc40 arch_prctl(ARCH_SET_FS, 0x55555599b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2250879043", 4096) = 28 brk(0x5555559bcc40) = 0x5555559bcc40 brk(0x5555559bd000) = 0x5555559bd000 mprotect(0x7fb7217cb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/fb0", O_RDONLY) = 3 mmap(0x20002000, 16384, PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSDOWN, MAP_PRIVATE|MAP_FIXED, 3, 0xa9000) = 0x20002000 openat(AT_FDCWD, "cpuacct.stat", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 50.475861][ T27] audit: type=1400 audit(1652419022.948:75): avc: denied { execmem } for pid=3599 comm="syz-executor225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 50.480298][ T3599] ------------[ cut here ]------------ [ 50.496607][ T27] audit: type=1400 audit(1652419022.948:76): avc: denied { read } for pid=3599 comm="syz-executor225" name="fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.501164][ T3599] kernel BUG at mm/memory.c:2132! [ 50.501191][ T3599] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 50.525099][ T27] audit: type=1400 audit(1652419022.948:77): avc: denied { open } for pid=3599 comm="syz-executor225" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.529503][ T3599] CPU: 0 PID: 3599 Comm: syz-executor225 Not tainted 5.18.0-rc6-syzkaller-00015-g0ac824f379fb #0 [ 50.535717][ T27] audit: type=1400 audit(1652419022.948:78): avc: denied { map } for pid=3599 comm="syz-executor225" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.559299][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.559314][ T3599] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 50.570098][ T27] audit: type=1400 audit(1652419022.948:79): avc: denied { execute } for pid=3599 comm="syz-executor225" path="/dev/fb0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 50.593586][ T3599] Code: 0f 0b e8 fb b5 c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 77 b8 c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 d8 b5 c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 c7 b5 c7 ff 4d 21 ee 4c 89 [ 50.593619][ T3599] RSP: 0018:ffffc9000304f5b8 EFLAGS: 00010293 [ 50.593636][ T3599] RAX: 0000000000000000 RBX: 1ffff92000609eb9 RCX: 0000000000000000 [ 50.593650][ T3599] RDX: ffff8880728c0100 RSI: ffffffff81b0bf78 RDI: 0000000000000003 [ 50.593667][ T3599] RBP: ffff888075cff460 R08: 0000000000000020 R09: ffffc9000304f59f [ 50.593680][ T3599] R10: ffffffff81b0bf69 R11: 0000000000000002 R12: 0000000020002000 [ 50.593692][ T3599] R13: 000000000001b72f R14: 000000000c140476 R15: 0000000000000020 [ 50.593704][ T3599] FS: 000055555599b300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 50.593725][ T3599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.593738][ T3599] CR2: 0000000020002000 CR3: 000000001a7d7000 CR4: 00000000003506f0 [ 50.593752][ T3599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.593763][ T3599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 50.593774][ T3599] Call Trace: [ 50.593779][ T3599] [ 50.593786][ T3599] ? insert_pfn+0x6d0/0x6d0 [ 50.748952][ T3599] drm_gem_shmem_fault+0x1e3/0x290 [ 50.754065][ T3599] __do_fault+0x10d/0x8c0 [ 50.758392][ T3599] __handle_mm_fault+0x2764/0x4150 [ 50.763495][ T3599] ? vm_iomap_memory+0x190/0x190 [ 50.768422][ T3599] handle_mm_fault+0x1c8/0x790 [ 50.773180][ T3599] do_user_addr_fault+0x489/0x11c0 [ 50.778286][ T3599] exc_page_fault+0x9e/0x180 [ 50.782880][ T3599] asm_exc_page_fault+0x1e/0x30 [ 50.787725][ T3599] RIP: 0010:fault_in_readable+0x175/0x290 [ 50.793440][ T3599] Code: 3e ca ff 49 39 dd 0f 84 06 01 00 00 45 31 f6 eb 11 e8 af 3e ca ff 48 81 c3 00 10 00 00 4c 39 eb 74 1d e8 9e 3e ca ff 45 89 f7 <8a> 03 31 ff 44 89 fe 88 44 24 28 e8 ab 40 ca ff 45 85 ff 74 d2 e8 [ 50.813037][ T3599] RSP: 0018:ffffc9000304f9e0 EFLAGS: 00050293 [ 50.819094][ T3599] RAX: 0000000000000000 RBX: 0000000020002000 RCX: 0000000000000000 [ 50.827063][ T3599] RDX: ffff8880728c0100 RSI: ffffffff81ae36b2 RDI: 0000000000000003 [ 50.835020][ T3599] RBP: 0000000020001040 R08: 0000000000000000 R09: 0000000000000000 [ 50.842979][ T3599] R10: ffffffff81ae3656 R11: 0000000000000000 R12: 0000000000001000 [ 50.850938][ T3599] R13: 0000000020003000 R14: 0000000000000000 R15: 0000000000000000 [ 50.858898][ T3599] ? fault_in_readable+0x116/0x290 [ 50.864007][ T3599] ? fault_in_readable+0x172/0x290 [ 50.869113][ T3599] ? fault_in_writeable+0x200/0x200 [ 50.874304][ T3599] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 50.880013][ T3599] fault_in_iov_iter_readable+0x11f/0x1f0 [ 50.885733][ T3599] generic_perform_write+0x19e/0x560 [ 50.891012][ T3599] ? filemap_fdatawrite_wbc+0x1b0/0x1b0 [ 50.896561][ T3599] ? rwsem_down_write_slowpath+0x1110/0x1110 [ 50.902542][ T3599] ext4_buffered_write_iter+0x15b/0x330 [ 50.908080][ T3599] ext4_file_write_iter+0x43c/0x1510 [ 50.913358][ T3599] ? __lock_acquire+0x163e/0x56c0 [ 50.918377][ T3599] ? ext4_buffered_write_iter+0x330/0x330 [ 50.924085][ T3599] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 50.930062][ T3599] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 50.936295][ T3599] new_sync_write+0x38a/0x560 [ 50.940964][ T3599] ? new_sync_read+0x5f0/0x5f0 [ 50.945721][ T3599] ? lock_release+0x720/0x720 [ 50.950389][ T3599] ? avc_policy_seqno+0x9/0x70 [ 50.955154][ T3599] ? __sanitizer_cov_trace_cmp4+0x1c/0x70 [ 50.960900][ T3599] vfs_write+0x7c0/0xac0 [ 50.965135][ T3599] ksys_write+0x127/0x250 [ 50.969459][ T3599] ? __ia32_sys_read+0xb0/0xb0 [ 50.974222][ T3599] ? lockdep_hardirqs_on+0x79/0x100 [ 50.979410][ T3599] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.984602][ T3599] ? ptrace_notify+0xfa/0x140 [ 50.989278][ T3599] do_syscall_64+0x35/0xb0 [ 50.993693][ T3599] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 50.999583][ T3599] RIP: 0033:0x7fb72175eb89 [ 51.003990][ T3599] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.023588][ T3599] RSP: 002b:00007ffda17b9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.031994][ T3599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb72175eb89 [ 51.039951][ T3599] RDX: 000000000000fea7 RSI: 0000000020000040 RDI: 0000000000000004 [ 51.047910][ T3599] RBP: 00007fb721722d30 R08: 00000000000a9000 R09: 0000000000000000 [ 51.055867][ T3599] R10: 00000000000a9000 R11: 0000000000000246 R12: 00007fb721722dc0 [ 51.063824][ T3599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 51.071783][ T3599] [ 51.074785][ T3599] Modules linked in: [ 51.079437][ T3599] ---[ end trace 0000000000000000 ]--- [ 51.087157][ T3599] RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 [ 51.093065][ T3599] Code: 0f 0b e8 fb b5 c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 77 b8 c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 d8 b5 c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 c7 b5 c7 ff 4d 21 ee 4c 89 [ 51.112944][ T3599] RSP: 0018:ffffc9000304f5b8 EFLAGS: 00010293 [ 51.119174][ T3599] RAX: 0000000000000000 RBX: 1ffff92000609eb9 RCX: 0000000000000000 [ 51.127182][ T3599] RDX: ffff8880728c0100 RSI: ffffffff81b0bf78 RDI: 0000000000000003 [ 51.135168][ T3599] RBP: ffff888075cff460 R08: 0000000000000020 R09: ffffc9000304f59f [ 51.143122][ T3599] R10: ffffffff81b0bf69 R11: 0000000000000002 R12: 0000000020002000 [ 51.151102][ T3599] R13: 000000000001b72f R14: 000000000c140476 R15: 0000000000000020 [ 51.159106][ T3599] FS: 000055555599b300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 51.168053][ T3599] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.174662][ T3599] CR2: 000055ec1671a018 CR3: 000000001a7d7000 CR4: 00000000003506e0 [ 51.182615][ T3599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.190590][ T3599] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.198583][ T3599] Kernel panic - not syncing: Fatal exception [ 51.204780][ T3599] Kernel Offset: disabled [ 51.209087][ T3599] Rebooting in 86400 seconds..