./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2453789319

<...>
[   33.651968][ T4647] 8021q: adding VLAN 0 to HW filter on device bond0
[   33.664374][ T4647] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
syzkaller login: [   42.735012][   T26] kauditd_printk_skb: 37 callbacks suppressed
[   42.735026][   T26] audit: type=1400 audit(1678905758.869:73): avc:  denied  { transition } for  pid=4854 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   42.764385][   T26] audit: type=1400 audit(1678905758.869:74): avc:  denied  { write } for  pid=4854 comm="sh" path="pipe:[29744]" dev="pipefs" ino=29744 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.0.224' (ECDSA) to the list of known hosts.
execve("./syz-executor2453789319", ["./syz-executor2453789319"], 0x7fff6d242b10 /* 10 vars */) = 0
brk(NULL)                               = 0x5555564cb000
brk(0x5555564cbc40)                     = 0x5555564cbc40
arch_prctl(ARCH_SET_FS, 0x5555564cb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x5555564cb5d0)         = 5067
set_robust_list(0x5555564cb5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fcaec8dc6b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fcaec8dcd80}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fcaec8dc750, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fcaec8dcd80}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor2453789319", 4096) = 28
brk(0x5555564ecc40)                     = 0x5555564ecc40
brk(0x5555564ed000)                     = 0x5555564ed000
mprotect(0x7fcaec99e000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy)
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21
close(3)                                = 0
openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3
write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24
close(3)                                = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564cb5d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid  5068] set_robust_list(0x5555564cb5e0, 24) = 0
[pid  5068] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5068] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3
[pid  5068] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4
[pid  5068] dup2(4, 202)                = 202
[pid  5068] close(4)                    = 0
[pid  5068] write(202, "\xff\x00", 2)   = 2
[pid  5068] read(202, "\xff\x00\x00\x00", 4) = 4
[pid  5068] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fcaec0cb000
[pid  5068] mprotect(0x7fcaec0cc000, 8388608, PROT_READ|PROT_WRITE) = 0
[pid  5068] clone(child_stack=0x7fcaec8cb3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[2], tls=0x7fcaec8cb700, child_tidptr=0x7fcaec8cb9d0) = 2
[pid  5068] ioctl(3, HCIDEVUP./strace-static-x86_64: Process 5070 attached
 <unfinished ...>
[pid  5070] set_robust_list(0x7fcaec8cb9e0, 24) = 0
[   52.618772][   T26] audit: type=1400 audit(1678905768.749:75): avc:  denied  { execmem } for  pid=5067 comm="syz-executor245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   52.639294][   T26] audit: type=1400 audit(1678905768.749:76): avc:  denied  { mounton } for  pid=5067 comm="syz-executor245" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[pid  5070] read(202, "\x01\x03\x0c\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   52.664661][   T26] audit: type=1400 audit(1678905768.749:77): avc:  denied  { mount } for  pid=5067 comm="syz-executor245" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   52.667310][ T5071] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   52.689147][   T26] audit: type=1400 audit(1678905768.759:78): avc:  denied  { mounton } for  pid=5068 comm="syz-executor245" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[pid  5070] read(202, "\x01\x03\x10\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202, "\x01\x01\x10\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   52.720428][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   52.728173][   T26] audit: type=1400 audit(1678905768.759:79): avc:  denied  { mount } for  pid=5068 comm="syz-executor245" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   52.729484][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[pid  5070] read(202, "\x01\x09\x10\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13
[pid  5070] read(202, "\x01\x05\x10\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14
[pid  5070] read(202, "\x01\x23\x0c\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202, "\x01\x14\x0c\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202, "\x01\x25\x0c\x00", 1024) = 4
[   52.750685][   T26] audit: type=1400 audit(1678905768.759:80): avc:  denied  { create } for  pid=5068 comm="syz-executor245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   52.760540][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   52.778559][   T26] audit: type=1400 audit(1678905768.759:81): avc:  denied  { read write } for  pid=5068 comm="syz-executor245" name="vhci" dev="devtmpfs" ino=1076 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   52.787181][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202, "\x01\x38\x0c\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[   52.809658][   T26] audit: type=1400 audit(1678905768.769:82): avc:  denied  { open } for  pid=5068 comm="syz-executor245" path="/dev/vhci" dev="devtmpfs" ino=1076 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   52.817552][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[pid  5070] read(202, "\x01\x39\x0c\x00", 1024) = 4
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255
[pid  5070] read(202,  <unfinished ...>
[pid  5068] <... ioctl resumed>, 0)     = -1 EALREADY (Operation already in progress)
[pid  5068] ioctl(3, HCISETSCAN <unfinished ...>
[pid  5070] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5
[pid  5070] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7
[pid  5070] madvise(0x7fcaec0cb000, 8372224, MADV_DONTNEED <unfinished ...>
[pid  5068] <... ioctl resumed>, 0x7ffe57cfe5a4) = 0
[pid  5070] <... madvise resumed>)      = 0
[pid  5068] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 <unfinished ...>
[pid  5070] exit(0 <unfinished ...>
[pid  5068] <... writev resumed>)       = 13
[pid  5070] <... exit resumed>)         = ?
[pid  5068] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 <unfinished ...>
[pid  5070] +++ exited with 0 +++
[pid  5068] <... writev resumed>)       = 14
[pid  5068] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14
[pid  5068] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22
[pid  5068] close(3)                    = 0
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setsid()                    = 1
[pid  5068] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5068] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5068] unshare(CLONE_NEWNS)        = 0
[pid  5068] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5068] unshare(CLONE_NEWIPC)       = 0
[pid  5068] unshare(CLONE_NEWCGROUP)    = 0
[pid  5068] unshare(CLONE_NEWUTS)       = 0
[pid  5068] unshare(CLONE_SYSVSEM)      = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "16777216", 8)     = 8
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "536870912", 9)    = 9
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "8192", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5068] close(3)                    = 0
[pid  5068] getpid()                    = 1
[pid  5068] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5068] unshare(CLONE_NEWNET)       = 0
[pid  5068] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "0 65535", 7)      = 7
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("/dev/binderfs", 0777) = 0
[pid  5068] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5068] symlink("/dev/binderfs", "./binderfs") = 0
[   52.847044][   T26] audit: type=1400 audit(1678905768.789:83): avc:  denied  { ioctl } for  pid=5068 comm="syz-executor245" path="socket:[29916]" dev="sockfs" ino=29916 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   52.889884][   T26] audit: type=1400 audit(1678905769.019:84): avc:  denied  { mounton } for  pid=5068 comm="syz-executor245" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcae3ccb000
[pid  5068] write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x7f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x7a\x6b\x61\x6c\x73\x79\x7a\x6b\x61\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768
[pid  5068] munmap(0x7fcae3ccb000, 32768) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
[pid  5068] mount("/dev/loop0", "./file0", "bfs", 0, "") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[pid  5068] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5068] close(4)                    = 0
[pid  5068] clone(child_stack=0x20000000, flags=0) = 3
[pid  5068] clone(child_stack=0x20000000, flags=0) = 4
[pid  5068] clone(child_stack=0x20000000, flags=0) = 5
[pid  5068] clone(child_stack=0x20000000, flags=0) = 6
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5073 attached
 <unfinished ...>
[pid  5073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
./strace-static-x86_64: Process 5076 attached
./strace-static-x86_64: Process 5075 attached
./strace-static-x86_64: Process 5074 attached
[pid  5076] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 7
[pid  5068] clone(child_stack=0x20000000, flags=0 <unfinished ...>
[pid  5075] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5074] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
./strace-static-x86_64: Process 5077 attached
./strace-static-x86_64: Process 5078 attached
[pid  5068] <... clone resumed>)        = 8
[pid  5077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5078] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5079 attached
) = 9
[pid  5068] clone(child_stack=0x20000000, flags=0 <unfinished ...>
[pid  5079] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
./strace-static-x86_64: Process 5080 attached
[pid  5080] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[   52.942487][ T5068] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5068 'syz-executor245'
[   52.957549][ T5068] loop0: detected capacity change from 0 to 64
[pid  5076] +++ killed by SIGSEGV +++
[pid  5068] <... clone resumed>)        = 10
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5081 attached
) = 11
[pid  5081] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] clone(child_stack=0x20000000, flags=0) = 12
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5083 attached
./strace-static-x86_64: Process 5082 attached
) = 13
[pid  5068] clone(child_stack=0x20000000, flags=0) = 14
[pid  5068] clone(child_stack=0x20000000, flags=0) = 15
[pid  5068] clone(child_stack=0x20000000, flags=0) = 16
[pid  5068] clone(child_stack=0x20000000, flags=0 <unfinished ...>
[pid  5082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 17
[pid  5068] clone(child_stack=0x20000000, flags=0) = 18
[pid  5068] clone(child_stack=0x20000000, flags=0) = 19
[pid  5068] clone(child_stack=0x20000000, flags=0) = 20
[pid  5068] clone(child_stack=0x20000000, flags=0) = 21
[pid  5068] clone(child_stack=0x20000000, flags=0) = 22
[pid  5068] clone(child_stack=0x20000000, flags=0) = 23
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5087 attached
 <unfinished ...>
[pid  5087] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 24
[pid  5068] clone(child_stack=0x20000000, flags=0) = 25
[pid  5068] clone(child_stack=0x20000000, flags=0) = 26
[pid  5068] clone(child_stack=0x20000000, flags=0) = 27
[pid  5068] clone(child_stack=0x20000000, flags=0) = 28
[pid  5068] clone(child_stack=0x20000000, flags=0) = 29
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5095 attached
 <unfinished ...>
[pid  5095] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 30
[pid  5068] clone(child_stack=0x20000000, flags=0) = 31
[pid  5068] clone(child_stack=0x20000000, flags=0) = 32
[pid  5068] clone(child_stack=0x20000000, flags=0) = 33
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5100 attached
 <unfinished ...>
[pid  5100] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 34
[pid  5068] clone(child_stack=0x20000000, flags=0./strace-static-x86_64: Process 5101 attached
 <unfinished ...>
[pid  5101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
./strace-static-x86_64: Process 5102 attached
[pid  5102] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... clone resumed>)        = 35
[pid  5068] exit_group(1./strace-static-x86_64: Process 5103 attached
 <unfinished ...>
[pid  5103] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid  5068] <... exit_group resumed>)   = ?
./strace-static-x86_64: Process 5105 attached
[pid  5105] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5084 attached
[pid  5084] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5085 attached
[pid  5085] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5086 attached
[pid  5086] +++ killed by SIGKILL +++
[pid  5082] +++ killed by SIGKILL +++
[pid  5083] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5088 attached
[pid  5088] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5089 attached
[pid  5089] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5090 attached
[pid  5090] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5091 attached
[pid  5091] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5092 attached
[pid  5092] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5093 attached
[   53.010104][ T5075] ------------[ cut here ]------------
[   53.015865][ T5075] WARNING: CPU: 0 PID: 5075 at fs/buffer.c:1124 mark_buffer_dirty+0x376/0x3e0
[   53.024831][ T5075] Modules linked in:
[   53.028770][ T5075] CPU: 0 PID: 5075 Comm: syz-executor245 Not tainted 6.3.0-rc2-syzkaller-00047-g6015b1aca1a2 #0
[   53.039257][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[pid  5093] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5094 attached
[pid  5094] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5096 attached
[pid  5096] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5097 attached
[pid  5097] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5098 attached
[pid  5098] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5099 attached
[pid  5099] +++ killed by SIGKILL +++
./strace-static-x86_64: Process 5104 attached
[pid  5104] +++ killed by SIGKILL +++
[   53.050014][ T5075] RIP: 0010:mark_buffer_dirty+0x376/0x3e0
[   53.065912][ T5075] Code: e9 cf 70 90 ff e8 ca 70 90 ff 48 89 ef e8 22 49 e8 ff 5b 5d e9 bb 70 90 ff e8 b6 70 90 ff 0f 0b e9 10 fe ff ff e8 aa 70 90 ff <0f> 0b e9 b7 fc ff ff e8 9e 70 90 ff 0f 0b e9 d6 fc ff ff 48 89 df
[   53.085605][ T5075] RSP: 0018:ffffc900033ff010 EFLAGS: 00010293
[   53.091700][ T5075] RAX: 0000000000000000 RBX: ffff888070e63dd8 RCX: 0000000000000000
[   53.099752][ T5075] RDX: ffff88802b142240 RSI: ffffffff81f19506 RDI: 0000000000000001
[   53.107781][ T5075] RBP: ffff888070dca200 R08: 0000000000000001 R09: 0000000000000000
[   53.115789][ T5075] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802b54c000
[   53.123845][ T5075] R13: ffffed10056a982c R14: ffff888070e63dd8 R15: 0000000000000016
[   53.131832][ T5075] FS:  00005555564cb300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   53.140806][ T5075] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.147425][ T5075] CR2: 0000000000000000 CR3: 0000000078da8000 CR4: 00000000003506f0
[   53.155432][ T5075] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.163517][ T5075] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.171483][ T5075] Call Trace:
[   53.174816][ T5075]  <TASK>
[   53.177758][ T5075]  bfs_get_block+0x39b/0xdd0
[   53.182356][ T5075]  __block_write_begin_int+0x3bd/0x14b0
[   53.187944][ T5075]  ? bfs_write_begin+0xd0/0xd0
[   53.192748][ T5075]  ? invalidate_bh_lrus_cpu+0x140/0x140
[   53.198345][ T5075]  ? folio_flags.constprop.0+0x53/0x150
[   53.203937][ T5075]  ? PageHeadHuge+0x9c/0xc0
[   53.208441][ T5075]  ? bfs_write_begin+0xd0/0xd0
[   53.213200][ T5075]  block_write_begin+0xb9/0x4d0
[   53.218108][ T5075]  bfs_write_begin+0x31/0xd0
[   53.222724][ T5075]  generic_perform_write+0x256/0x570
[   53.228059][ T5075]  ? generic_file_readonly_mmap+0x180/0x180
[   53.233994][ T5075]  ? new_inode+0x280/0x280
[   53.238409][ T5075]  ? generic_write_checks+0x2c0/0x400
[   53.243816][ T5075]  __generic_file_write_iter+0x2ae/0x500
[   53.249467][ T5075]  generic_file_write_iter+0xe3/0x350
[   53.254879][ T5075]  __kernel_write_iter+0x262/0x7a0
[   53.260007][ T5075]  ? vfs_read+0x930/0x930
[   53.264388][ T5075]  ? get_dump_page+0x148/0x210
[   53.269182][ T5075]  ? __kernel_write+0xcb/0x110
[   53.274003][ T5075]  ? __kernel_write_iter+0x7a0/0x7a0
[   53.279303][ T5075]  dump_user_range+0x234/0x700
[   53.284188][ T5075]  ? do_coredump+0x3cc0/0x3cc0
[   53.288988][ T5075]  ? dump_align+0xa0/0xc0
[   53.293373][ T5075]  ? notesize+0x90/0x90
[   53.297555][ T5075]  elf_core_dump+0x277e/0x36e0
[   53.302498][ T5075]  ? load_elf_phdrs+0x210/0x210
[   53.307397][ T5075]  ? kvmalloc_node+0xa2/0x1a0
[   53.312100][ T5075]  ? kasan_save_stack+0x32/0x40
[   53.316987][ T5075]  ? kasan_set_track+0x25/0x30
[   53.321768][ T5075]  ? __kasan_kmalloc+0xa3/0xb0
[   53.326576][ T5075]  ? __kmalloc_node+0x61/0x1a0
[   53.331392][ T5075]  ? 0xffffffffff600000
[   53.335598][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.341611][ T5075]  do_coredump+0x2d28/0x3cc0
[   53.346281][ T5075]  ? dump_emit+0x340/0x340
[   53.350723][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.356752][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.362772][ T5075]  ? __schedule+0xc99/0x5770
[   53.367411][ T5075]  ? lock_release+0x670/0x670
[   53.372171][ T5075]  ? find_held_lock+0x2d/0x110
[   53.377023][ T5075]  ? __err_print_to_sgl+0x1340/0x4ba0
[   53.382424][ T5075]  ? _raw_spin_unlock_irq+0x23/0x50
[   53.387675][ T5075]  get_signal+0x1bff/0x25b0
[   53.392194][ T5075]  ? exit_signals+0x910/0x910
[   53.396933][ T5075]  ? pgtable_bad+0x90/0x90
[   53.401383][ T5075]  arch_do_signal_or_restart+0x79/0x5c0
[   53.407062][ T5075]  ? get_sigframe_size+0x10/0x10
[   53.412080][ T5075]  ? __bad_area_nosemaphore+0x33b/0x6c0
[   53.417671][ T5075]  ? trace_hardirqs_off+0x6a/0x120
[   53.422845][ T5075]  ? __bad_area+0x5f/0xa0
[   53.427224][ T5075]  exit_to_user_mode_prepare+0x15f/0x250
[   53.432875][ T5075]  irqentry_exit_to_user_mode+0x9/0x40
[   53.438380][ T5075]  exc_page_fault+0xc0/0x170
[   53.442992][ T5075]  asm_exc_page_fault+0x26/0x30
[   53.447904][ T5075] RIP: 0033:0x0
[   53.451371][ T5075] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   53.458768][ T5075] RSP: 002b:0000000020000008 EFLAGS: 00010217
[   53.464894][ T5075] RAX: 0000000000000000 RBX: 000000000000001f RCX: 00007fcaec91f069
[   53.472877][ T5075] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000
[   53.480903][ T5075] RBP: 00007ffe57cfe5d0 R08: 0000000000000000 R09: 000000ff00ff000d
[   53.488920][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe57cfe5b8
[   53.496932][ T5075] R13: 00007ffe57cfe5d0 R14: 0000000000000000 R15: 0000000000000003
[   53.504947][ T5075]  </TASK>
[   53.507982][ T5075] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   53.515336][ T5075] CPU: 0 PID: 5075 Comm: syz-executor245 Not tainted 6.3.0-rc2-syzkaller-00047-g6015b1aca1a2 #0
[   53.525736][ T5075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[   53.535782][ T5075] Call Trace:
[   53.539059][ T5075]  <TASK>
[   53.542047][ T5075]  dump_stack_lvl+0xd9/0x150
[   53.546649][ T5075]  panic+0x688/0x730
[   53.550558][ T5075]  ? panic_smp_self_stop+0x90/0x90
[   53.555697][ T5075]  ? show_trace_log_lvl+0x285/0x390
[   53.560923][ T5075]  ? mark_buffer_dirty+0x376/0x3e0
[   53.566030][ T5075]  check_panic_on_warn+0xb1/0xc0
[   53.570997][ T5075]  __warn+0xf2/0x390
[   53.574885][ T5075]  ? mark_buffer_dirty+0x376/0x3e0
[   53.580071][ T5075]  report_bug+0x2da/0x500
[   53.584410][ T5075]  handle_bug+0x3c/0x70
[   53.588588][ T5075]  exc_invalid_op+0x18/0x50
[   53.593106][ T5075]  asm_exc_invalid_op+0x1a/0x20
[   53.598026][ T5075] RIP: 0010:mark_buffer_dirty+0x376/0x3e0
[   53.603754][ T5075] Code: e9 cf 70 90 ff e8 ca 70 90 ff 48 89 ef e8 22 49 e8 ff 5b 5d e9 bb 70 90 ff e8 b6 70 90 ff 0f 0b e9 10 fe ff ff e8 aa 70 90 ff <0f> 0b e9 b7 fc ff ff e8 9e 70 90 ff 0f 0b e9 d6 fc ff ff 48 89 df
[   53.623389][ T5075] RSP: 0018:ffffc900033ff010 EFLAGS: 00010293
[   53.629456][ T5075] RAX: 0000000000000000 RBX: ffff888070e63dd8 RCX: 0000000000000000
[   53.637417][ T5075] RDX: ffff88802b142240 RSI: ffffffff81f19506 RDI: 0000000000000001
[   53.645378][ T5075] RBP: ffff888070dca200 R08: 0000000000000001 R09: 0000000000000000
[   53.653359][ T5075] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88802b54c000
[   53.661319][ T5075] R13: ffffed10056a982c R14: ffff888070e63dd8 R15: 0000000000000016
[   53.669284][ T5075]  ? mark_buffer_dirty+0x376/0x3e0
[   53.674398][ T5075]  bfs_get_block+0x39b/0xdd0
[   53.678982][ T5075]  __block_write_begin_int+0x3bd/0x14b0
[   53.684526][ T5075]  ? bfs_write_begin+0xd0/0xd0
[   53.689286][ T5075]  ? invalidate_bh_lrus_cpu+0x140/0x140
[   53.694860][ T5075]  ? folio_flags.constprop.0+0x53/0x150
[   53.700514][ T5075]  ? PageHeadHuge+0x9c/0xc0
[   53.705073][ T5075]  ? bfs_write_begin+0xd0/0xd0
[   53.709861][ T5075]  block_write_begin+0xb9/0x4d0
[   53.714718][ T5075]  bfs_write_begin+0x31/0xd0
[   53.719313][ T5075]  generic_perform_write+0x256/0x570
[   53.724600][ T5075]  ? generic_file_readonly_mmap+0x180/0x180
[   53.730492][ T5075]  ? new_inode+0x280/0x280
[   53.734905][ T5075]  ? generic_write_checks+0x2c0/0x400
[   53.740270][ T5075]  __generic_file_write_iter+0x2ae/0x500
[   53.745898][ T5075]  generic_file_write_iter+0xe3/0x350
[   53.751263][ T5075]  __kernel_write_iter+0x262/0x7a0
[   53.756364][ T5075]  ? vfs_read+0x930/0x930
[   53.760680][ T5075]  ? get_dump_page+0x148/0x210
[   53.765441][ T5075]  ? __kernel_write+0xcb/0x110
[   53.770193][ T5075]  ? __kernel_write_iter+0x7a0/0x7a0
[   53.775468][ T5075]  dump_user_range+0x234/0x700
[   53.780243][ T5075]  ? do_coredump+0x3cc0/0x3cc0
[   53.784997][ T5075]  ? dump_align+0xa0/0xc0
[   53.789316][ T5075]  ? notesize+0x90/0x90
[   53.793467][ T5075]  elf_core_dump+0x277e/0x36e0
[   53.798242][ T5075]  ? load_elf_phdrs+0x210/0x210
[   53.803286][ T5075]  ? kvmalloc_node+0xa2/0x1a0
[   53.807975][ T5075]  ? kasan_save_stack+0x32/0x40
[   53.812902][ T5075]  ? kasan_set_track+0x25/0x30
[   53.817658][ T5075]  ? __kasan_kmalloc+0xa3/0xb0
[   53.822448][ T5075]  ? __kmalloc_node+0x61/0x1a0
[   53.827208][ T5075]  ? 0xffffffffff600000
[   53.831366][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.837339][ T5075]  do_coredump+0x2d28/0x3cc0
[   53.841923][ T5075]  ? dump_emit+0x340/0x340
[   53.846418][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.852388][ T5075]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[   53.858377][ T5075]  ? __schedule+0xc99/0x5770
[   53.862979][ T5075]  ? lock_release+0x670/0x670
[   53.867648][ T5075]  ? find_held_lock+0x2d/0x110
[   53.872416][ T5075]  ? __err_print_to_sgl+0x1340/0x4ba0
[   53.877792][ T5075]  ? _raw_spin_unlock_irq+0x23/0x50
[   53.882985][ T5075]  get_signal+0x1bff/0x25b0
[   53.887477][ T5075]  ? exit_signals+0x910/0x910
[   53.892143][ T5075]  ? pgtable_bad+0x90/0x90
[   53.896568][ T5075]  arch_do_signal_or_restart+0x79/0x5c0
[   53.902107][ T5075]  ? get_sigframe_size+0x10/0x10
[   53.907062][ T5075]  ? __bad_area_nosemaphore+0x33b/0x6c0
[   53.912600][ T5075]  ? trace_hardirqs_off+0x6a/0x120
[   53.917709][ T5075]  ? __bad_area+0x5f/0xa0
[   53.922031][ T5075]  exit_to_user_mode_prepare+0x15f/0x250
[   53.927677][ T5075]  irqentry_exit_to_user_mode+0x9/0x40
[   53.933144][ T5075]  exc_page_fault+0xc0/0x170
[   53.937768][ T5075]  asm_exc_page_fault+0x26/0x30
[   53.942622][ T5075] RIP: 0033:0x0
[   53.946068][ T5075] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   53.953420][ T5075] RSP: 002b:0000000020000008 EFLAGS: 00010217
[   53.959477][ T5075] RAX: 0000000000000000 RBX: 000000000000001f RCX: 00007fcaec91f069
[   53.967456][ T5075] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000
[   53.975436][ T5075] RBP: 00007ffe57cfe5d0 R08: 0000000000000000 R09: 000000ff00ff000d
[   53.983417][ T5075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe57cfe5b8
[   53.991379][ T5075] R13: 00007ffe57cfe5d0 R14: 0000000000000000 R15: 0000000000000003
[   53.999342][ T5075]  </TASK>
[   54.002427][ T5075] Kernel Offset: disabled
[   54.006822][ T5075] Rebooting in 86400 seconds..