./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3091983172 <...> Warning: Permanently added '10.128.1.77' (ECDSA) to the list of known hosts. execve("./syz-executor3091983172", ["./syz-executor3091983172"], 0x7fffb0989a40 /* 10 vars */) = 0 brk(NULL) = 0x555555b1b000 brk(0x555555b1bc40) = 0x555555b1bc40 arch_prctl(ARCH_SET_FS, 0x555555b1b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3091983172", 4096) = 28 brk(0x555555b3cc40) = 0x555555b3cc40 brk(0x555555b3d000) = 0x555555b3d000 mprotect(0x7f6673044000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 ioctl(-1, FIOCLEX) = -1 EBADF (Bad file descriptor) openat(AT_FDCWD, "/dev/char/4:1", O_RDWR) = 3 syzkaller login: [ 44.464397][ T5073] usercopy: Kernel memory exposure attempt detected from page alloc (offset 0, size 4194560)! [ 44.474857][ T5073] ------------[ cut here ]------------ [ 44.480299][ T5073] kernel BUG at mm/usercopy.c:102! [ 44.485455][ T5073] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 44.491522][ T5073] CPU: 1 PID: 5073 Comm: syz-executor309 Not tainted 6.2.0-syzkaller-13277-g2eb29d59ddf0 #0 [ 44.501630][ T5073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 44.511692][ T5073] RIP: 0010:usercopy_abort+0xb7/0xd0 [ 44.517163][ T5073] Code: e8 fe e8 a1 ff 49 89 d9 4c 89 e1 48 89 ee 41 56 48 c7 c7 00 73 5b 8a 41 55 41 57 4c 8b 44 24 20 48 8b 54 24 18 e8 59 8b 85 ff <0f> 0b 48 c7 c3 00 71 5b 8a 49 89 df 49 89 d8 e9 71 ff ff ff 0f 1f [ 44.536837][ T5073] RSP: 0018:ffffc90003bcf9e0 EFLAGS: 00010286 [ 44.542882][ T5073] RAX: 000000000000005b RBX: ffffffff8a5b7100 RCX: 0000000000000000 [ 44.550921][ T5073] RDX: 0000000000000000 RSI: ffffffff816931fc RDI: 0000000000000005 [ 44.558874][ T5073] RBP: ffffffff8a5b72c0 R08: 0000000000000005 R09: 0000000000000000 [ 44.566824][ T5073] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a5b7500 [ 44.574775][ T5073] R13: 0000000000000000 R14: 0000000000400100 R15: ffffffff8a5b7100 [ 44.582728][ T5073] FS: 0000555555b1b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 44.591672][ T5073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.598328][ T5073] CR2: 0000000020000000 CR3: 0000000075655000 CR4: 0000000000350ee0 [ 44.606290][ T5073] Call Trace: [ 44.609556][ T5073] [ 44.612633][ T5073] __check_object_size+0x50a/0x6e0 [ 44.617759][ T5073] con_font_op+0x397/0xf10 [ 44.622172][ T5073] ? __might_fault+0xd9/0x180 [ 44.626924][ T5073] ? con_write+0x40/0x40 [ 44.631165][ T5073] vt_ioctl+0x620/0x2df0 [ 44.635397][ T5073] ? vt_waitactive+0x350/0x350 [ 44.640242][ T5073] ? tomoyo_path_number_perm+0x166/0x570 [ 44.645893][ T5073] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 44.651860][ T5073] ? vt_waitactive+0x350/0x350 [ 44.656623][ T5073] tty_ioctl+0x773/0x16e0 [ 44.660944][ T5073] ? tty_release_struct+0xf0/0xf0 [ 44.665959][ T5073] ? find_held_lock+0x2d/0x110 [ 44.670702][ T5073] ? ptrace_notify+0xfe/0x140 [ 44.675366][ T5073] ? bpf_lsm_file_ioctl+0x9/0x10 [ 44.680285][ T5073] ? tty_release_struct+0xf0/0xf0 [ 44.685317][ T5073] __x64_sys_ioctl+0x197/0x210 [ 44.690075][ T5073] do_syscall_64+0x39/0xb0 [ 44.694481][ T5073] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 44.700366][ T5073] RIP: 0033:0x7f6672fd82d9 [ 44.704767][ T5073] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 44.724447][ T5073] RSP: 002b:00007ffc66955e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.732850][ T5073] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6672fd82d9 [ 44.740835][ T5073] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000003 [ 44.748792][ T5073] RBP: 00007f6672f9c0c0 R08: 000000000000000d R09: 0000000000000000 [ 44.756749][ T5073] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6672f9c150 [ 44.764794][ T5073] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 44.772757][ T5073] [ 44.775763][ T5073] Modules linked in: [ 44.779977][ T5073] ---[ end trace 0000000000000000 ]--- [ 44.785627][ T5073] RIP: 0010:usercopy_abort+0xb7/0xd0 [ 44.790918][ T5073] Code: e8 fe e8 a1 ff 49 89 d9 4c 89 e1 48 89 ee 41 56 48 c7 c7 00 73 5b 8a 41 55 41 57 4c 8b 44 24 20 48 8b 54 24 18 e8 59 8b 85 ff <0f> 0b 48 c7 c3 00 71 5b 8a 49 89 df 49 89 d8 e9 71 ff ff ff 0f 1f [ 44.810901][ T5073] RSP: 0018:ffffc90003bcf9e0 EFLAGS: 00010286 [ 44.816986][ T5073] RAX: 000000000000005b RBX: ffffffff8a5b7100 RCX: 0000000000000000 [ 44.824980][ T5073] RDX: 0000000000000000 RSI: ffffffff816931fc RDI: 0000000000000005 [ 44.832934][ T5073] RBP: ffffffff8a5b72c0 R08: 0000000000000005 R09: 0000000000000000 [ 44.840940][ T5073] R10: 0000000080000000 R11: 0000000000000000 R12: ffffffff8a5b7500 [ 44.848952][ T5073] R13: 0000000000000000 R14: 0000000000400100 R15: ffffffff8a5b7100 [ 44.856967][ T5073] FS: 0000555555b1b300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 44.865927][ T5073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.872495][ T5073] CR2: 0000000020000000 CR3: 0000000075655000 CR4: 0000000000350ee0 [ 44.880485][ T5073] Kernel panic - not syncing: Fatal exception [ 44.887193][ T5073] Kernel Offset: disabled [ 44.891632][ T5073] Rebooting in 86400 seconds..