./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1469468726 <...> Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts. execve("./syz-executor1469468726", ["./syz-executor1469468726"], 0x7ffd630d0380 /* 10 vars */) = 0 brk(NULL) = 0x555555f2c000 brk(0x555555f2cc40) = 0x555555f2cc40 arch_prctl(ARCH_SET_FS, 0x555555f2c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1469468726", 4096) = 28 brk(0x555555f4dc40) = 0x555555f4dc40 brk(0x555555f4e000) = 0x555555f4e000 mprotect(0x7fa87e878000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3610 attached , child_tidptr=0x555555f2c5d0) = 3610 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3610] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3610] write(4, "3", 1) = 1 [pid 3610] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3610] exit_group(0) = ? [pid 3610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3610, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3611 ./strace-static-x86_64: Process 3611 attached [pid 3611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3611] setpgid(0, 0) = 0 [pid 3611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3611] write(3, "1000", 4) = 4 [pid 3611] close(3) = 0 [pid 3611] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3611] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3611] write(4, "3", 1) = 1 [pid 3611] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3611] exit_group(0) = ? [pid 3611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3611, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3612 attached , child_tidptr=0x555555f2c5d0) = 3612 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3612] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3612] write(4, "3", 1) = 1 [pid 3612] write(3, NULL, 65326) = -1 EFAULT (Bad address) syzkaller login: [ 50.530466][ T3610] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.553338][ T3611] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3612] exit_group(0) = ? [pid 3612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3612, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3613 attached , child_tidptr=0x555555f2c5d0) = 3613 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3613] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3613] write(4, "3", 1) = 1 [pid 3613] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3613] exit_group(0) = ? [pid 3613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached , child_tidptr=0x555555f2c5d0) = 3614 [pid 3614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3614] setpgid(0, 0) = 0 [pid 3614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3614] write(3, "1000", 4) = 4 [pid 3614] close(3) = 0 [pid 3614] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3614] write(4, "3", 1) = 1 [pid 3614] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3614] exit_group(0) = ? [pid 3614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3614, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached , child_tidptr=0x555555f2c5d0) = 3615 [pid 3615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3615] setpgid(0, 0) = 0 [pid 3615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] write(3, "1000", 4) = 4 [pid 3615] close(3) = 0 [pid 3615] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3615] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3615] write(4, "3", 1) = 1 [pid 3615] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 50.573678][ T3612] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.595454][ T3613] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.615417][ T3614] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3615] exit_group(0) = ? [pid 3615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3615, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached , child_tidptr=0x555555f2c5d0) = 3616 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [pid 3616] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3616] write(4, "3", 1) = 1 [pid 3616] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3616] exit_group(0) = ? [pid 3616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3616, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3617 attached , child_tidptr=0x555555f2c5d0) = 3617 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3617] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3617] write(4, "3", 1) = 1 [pid 3617] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3617] exit_group(0) = ? [pid 3617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3617, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3618 attached , child_tidptr=0x555555f2c5d0) = 3618 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [ 50.635475][ T3615] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.657563][ T3616] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.676849][ T3617] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3618] write(4, "3", 1) = 1 [pid 3618] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3618] exit_group(0) = ? [pid 3618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3618, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3619 ./strace-static-x86_64: Process 3619 attached [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3619] setpgid(0, 0) = 0 [pid 3619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1000", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3619] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3619] write(4, "3", 1) = 1 [pid 3619] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3619] exit_group(0) = ? [pid 3619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3619, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3620 ./strace-static-x86_64: Process 3620 attached [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3620] setpgid(0, 0) = 0 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3620] write(3, "1000", 4) = 4 [pid 3620] close(3) = 0 [pid 3620] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3620] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3620] write(4, "3", 1) = 1 [pid 3620] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3620] exit_group(0) = ? [pid 3620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3620, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3621 attached , child_tidptr=0x555555f2c5d0) = 3621 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3621] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3621] write(4, "3", 1) = 1 [pid 3621] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3621] exit_group(0) = ? [pid 3621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3621, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3622 ./strace-static-x86_64: Process 3622 attached [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3622] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3622] write(4, "3", 1) = 1 [pid 3622] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3622] exit_group(0) = ? [pid 3622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3622, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [ 50.698508][ T3618] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 50.722998][ T3619] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3623 attached , child_tidptr=0x555555f2c5d0) = 3623 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3623] setpgid(0, 0) = 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3623] write(3, "1000", 4) = 4 [pid 3623] close(3) = 0 [pid 3623] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3623] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3623] write(4, "3", 1) = 1 [pid 3623] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3623] exit_group(0) = ? [pid 3623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3624 ./strace-static-x86_64: Process 3624 attached [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3624] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3624] write(4, "3", 1) = 1 [pid 3624] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3624] exit_group(0) = ? [pid 3624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3624, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3625 attached , child_tidptr=0x555555f2c5d0) = 3625 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3625] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3625] write(4, "3", 1) = 1 [pid 3625] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3625] exit_group(0) = ? [pid 3625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3625, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3626 ./strace-static-x86_64: Process 3626 attached [pid 3626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3626] setpgid(0, 0) = 0 [pid 3626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3626] write(3, "1000", 4) = 4 [pid 3626] close(3) = 0 [pid 3626] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3626] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3626] write(4, "3", 1) = 1 [pid 3626] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3626] exit_group(0) = ? [pid 3626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3626, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3627] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3627] write(4, "3", 1) = 1 [pid 3627] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3627] exit_group(0) = ? [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3628 ./strace-static-x86_64: Process 3628 attached [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3628] write(4, "3", 1) = 1 [pid 3628] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3628] exit_group(0) = ? [pid 3628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3628, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3629] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3629] write(4, "3", 1) = 1 [pid 3629] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3629] exit_group(0) = ? [pid 3629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3630 attached , child_tidptr=0x555555f2c5d0) = 3630 [pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3630] setpgid(0, 0) = 0 [pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3630] write(3, "1000", 4) = 4 [pid 3630] close(3) = 0 [pid 3630] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3630] write(4, "3", 1) = 1 [pid 3630] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3630] exit_group(0) = ? [pid 3630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3630, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3631 attached , child_tidptr=0x555555f2c5d0) = 3631 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3631] write(4, "3", 1) = 1 [pid 3631] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3631] exit_group(0) = ? [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3632 ./strace-static-x86_64: Process 3632 attached [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3632] write(4, "3", 1) = 1 [pid 3632] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3633 attached , child_tidptr=0x555555f2c5d0) = 3633 [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3633] setpgid(0, 0) = 0 [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3633] write(3, "1000", 4) = 4 [pid 3633] close(3) = 0 [pid 3633] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3633] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3633] write(4, "3", 1) = 1 [pid 3633] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3633] exit_group(0) = ? [pid 3633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3633, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3634 attached , child_tidptr=0x555555f2c5d0) = 3634 [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3634] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3634] write(4, "3", 1) = 1 [pid 3634] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3634] exit_group(0) = ? [pid 3634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3635] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3635] write(4, "3", 1) = 1 [pid 3635] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3635] exit_group(0) = ? [pid 3635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3636] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3636] write(4, "3", 1) = 1 [pid 3636] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3636] exit_group(0) = ? [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3637] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3637] write(4, "3", 1) = 1 [pid 3637] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3637] exit_group(0) = ? [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3638 ./strace-static-x86_64: Process 3638 attached [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4) = 4 [pid 3638] close(3) = 0 [pid 3638] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3638] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3638] write(4, "3", 1) = 1 [pid 3638] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3638] exit_group(0) = ? [pid 3638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3639 attached , child_tidptr=0x555555f2c5d0) = 3639 [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3639] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3639] write(4, "3", 1) = 1 [pid 3639] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3639] exit_group(0) = ? [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3640 attached , child_tidptr=0x555555f2c5d0) = 3640 [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [pid 3640] close(3) = 0 [pid 3640] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3640] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3640] write(4, "3", 1) = 1 [pid 3640] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3640] exit_group(0) = ? [pid 3640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3641 attached , child_tidptr=0x555555f2c5d0) = 3641 [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3641] write(4, "3", 1) = 1 [pid 3641] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3641] exit_group(0) = ? [pid 3641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3642 attached , child_tidptr=0x555555f2c5d0) = 3642 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3642] write(4, "3", 1) = 1 [pid 3642] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3642] exit_group(0) = ? [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3643] write(4, "3", 1) = 1 [ 51.061379][ T3643] FAULT_INJECTION: forcing a failure. [ 51.061379][ T3643] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 51.074937][ T3643] CPU: 0 PID: 3643 Comm: syz-executor146 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.084944][ T3643] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 51.094305][ T3643] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3643, name: syz-executor146 [ 51.103759][ T3643] preempt_count: 0, expected: 0 [ 51.108608][ T3643] RCU nest depth: 0, expected: 0 [ 51.113531][ T3643] 2 locks held by syz-executor146/3643: [ 51.119059][ T3643] #0: ffff8880739fd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 51.128829][ T3643] #1: ffff8880739fd130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 51.140138][ T3643] irq event stamp: 3510 [ 51.144295][ T3643] hardirqs last enabled at (3509): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 51.154636][ T3643] hardirqs last disabled at (3510): [] dump_stack_lvl+0x2e/0x134 [ 51.163920][ T3643] softirqs last enabled at (3502): [] __irq_exit_rcu+0x123/0x180 [ 51.173308][ T3643] softirqs last disabled at (3395): [] __irq_exit_rcu+0x123/0x180 [ 51.182678][ T3643] CPU: 0 PID: 3643 Comm: syz-executor146 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.192665][ T3643] syz-executor146[3643] cmdline: ./syz-executor1469468726 [ 51.199783][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.209840][ T3643] Call Trace: [ 51.213107][ T3643] [ 51.216033][ T3643] dump_stack_lvl+0xcd/0x134 [ 51.220626][ T3643] __might_resched.cold+0x222/0x26b [ 51.225818][ T3643] down_read_killable+0x75/0x490 [ 51.230772][ T3643] ? down_read+0x450/0x450 [ 51.235233][ T3643] __access_remote_vm+0xac/0x6f0 [ 51.240206][ T3643] ? follow_phys+0x2c0/0x2c0 [ 51.244787][ T3643] ? do_raw_spin_lock+0x120/0x2a0 [ 51.249805][ T3643] ? rwlock_bug.part.0+0x90/0x90 [ 51.254768][ T3643] ? __up_console_sem+0x47/0xc0 [ 51.259632][ T3643] get_mm_cmdline.part.0+0x217/0x620 [ 51.264938][ T3643] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 51.270653][ T3643] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 51.276469][ T3643] get_task_cmdline_kernel+0x1d9/0x220 [ 51.281970][ T3643] dump_stack_print_cmdline.part.0+0x82/0x150 [ 51.288047][ T3643] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 51.294159][ T3643] ? dump_stack_print_info+0xc6/0x190 [ 51.299542][ T3643] dump_stack_print_info+0x185/0x190 [ 51.304855][ T3643] dump_stack_lvl+0xc1/0x134 [ 51.309453][ T3643] should_fail.cold+0x5/0xa [ 51.313995][ T3643] copyin+0x19/0x120 [ 51.317981][ T3643] _copy_from_iter+0x1ca/0x11c0 [ 51.322855][ T3643] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.328059][ T3643] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.333624][ T3643] ? __virt_addr_valid+0x5d/0x2d0 [ 51.338663][ T3643] ? __phys_addr+0xc4/0x140 [ 51.343157][ T3643] ? __phys_addr_symbol+0x2c/0x70 [ 51.348180][ T3643] ? __check_object_size+0x2de/0x700 [ 51.353490][ T3643] file_tty_write.constprop.0+0x449/0x8f0 [ 51.359237][ T3643] ? n_tty_close+0x1e0/0x1e0 [ 51.363861][ T3643] vfs_write+0x9e9/0xdd0 [ 51.368126][ T3643] ? vfs_read+0x930/0x930 [ 51.372475][ T3643] ? find_held_lock+0x2d/0x110 [ 51.377238][ T3643] ? lock_downgrade+0x6e0/0x6e0 [ 51.382093][ T3643] ? __fget_light+0x20a/0x270 [ 51.386785][ T3643] ksys_write+0x127/0x250 [ 51.391109][ T3643] ? __ia32_sys_read+0xb0/0xb0 [ 51.395863][ T3643] ? lockdep_hardirqs_on+0x79/0x100 [ 51.401060][ T3643] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.406256][ T3643] ? ptrace_notify+0xfa/0x140 [ 51.410956][ T3643] do_syscall_64+0x35/0xb0 [ 51.415367][ T3643] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.421253][ T3643] RIP: 0033:0x7fa87e80b059 [ 51.425657][ T3643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.445266][ T3643] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.453679][ T3643] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 51.461644][ T3643] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 51.469604][ T3643] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 51.477571][ T3643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 51.485551][ T3643] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 51.493525][ T3643] [ 51.496644][ T3643] syz-executor146[3643] cmdline: ./syz-executor1469468726 [ 51.503736][ T3643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.513778][ T3643] Call Trace: [ 51.517049][ T3643] [ 51.519982][ T3643] dump_stack_lvl+0xcd/0x134 [ 51.524584][ T3643] should_fail.cold+0x5/0xa [ 51.529231][ T3643] copyin+0x19/0x120 [ 51.533139][ T3643] _copy_from_iter+0x1ca/0x11c0 [ 51.538025][ T3643] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.543230][ T3643] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.548777][ T3643] ? __virt_addr_valid+0x5d/0x2d0 [ 51.553813][ T3643] ? __phys_addr+0xc4/0x140 [ 51.558305][ T3643] ? __phys_addr_symbol+0x2c/0x70 [ 51.563324][ T3643] ? __check_object_size+0x2de/0x700 [ 51.568622][ T3643] file_tty_write.constprop.0+0x449/0x8f0 [ 51.574376][ T3643] ? n_tty_close+0x1e0/0x1e0 [ 51.578987][ T3643] vfs_write+0x9e9/0xdd0 [ 51.583228][ T3643] ? vfs_read+0x930/0x930 [ 51.587554][ T3643] ? find_held_lock+0x2d/0x110 [ 51.592316][ T3643] ? lock_downgrade+0x6e0/0x6e0 [ 51.597173][ T3643] ? __fget_light+0x20a/0x270 [ 51.601868][ T3643] ksys_write+0x127/0x250 [ 51.606215][ T3643] ? __ia32_sys_read+0xb0/0xb0 [ 51.610971][ T3643] ? lockdep_hardirqs_on+0x79/0x100 [ 51.616168][ T3643] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.621368][ T3643] ? ptrace_notify+0xfa/0x140 [ 51.626078][ T3643] do_syscall_64+0x35/0xb0 [ 51.630503][ T3643] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.636388][ T3643] RIP: 0033:0x7fa87e80b059 [ 51.640792][ T3643] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 3643] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=65} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached , child_tidptr=0x555555f2c5d0) = 3644 [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3644] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3644] write(4, "3", 1) = 1 [pid 3644] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3644] exit_group(0) = ? [pid 3644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3645] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3645] write(4, "3", 1) = 1 [pid 3645] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 51.660387][ T3643] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.668798][ T3643] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 51.676771][ T3643] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 51.684760][ T3643] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 51.692820][ T3643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 51.700790][ T3643] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 51.708778][ T3643] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3646 ./strace-static-x86_64: Process 3646 attached [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3646] write(4, "3", 1) = 1 [pid 3646] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3646] exit_group(0) = ? [pid 3646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3647 attached , child_tidptr=0x555555f2c5d0) = 3647 [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [pid 3647] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3647] write(4, "3", 1) = 1 [pid 3647] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3647] exit_group(0) = ? [pid 3647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3648] write(4, "3", 1) = 1 [pid 3648] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3648] exit_group(0) = ? [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3649] write(4, "3", 1) = 1 [ 51.788721][ T3649] FAULT_INJECTION: forcing a failure. [ 51.788721][ T3649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.801946][ T3649] CPU: 0 PID: 3649 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.813348][ T3649] syz-executor146[3649] cmdline: ./syz-executor1469468726 [ 51.820443][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.830484][ T3649] Call Trace: [ 51.833750][ T3649] [ 51.836666][ T3649] dump_stack_lvl+0xcd/0x134 [ 51.841255][ T3649] should_fail.cold+0x5/0xa [ 51.845754][ T3649] copyin+0x19/0x120 [ 51.849639][ T3649] _copy_from_iter+0x1ca/0x11c0 [ 51.854490][ T3649] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.859678][ T3649] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.865212][ T3649] ? __virt_addr_valid+0x5d/0x2d0 [ 51.870225][ T3649] ? __phys_addr+0xc4/0x140 [ 51.874715][ T3649] ? __phys_addr_symbol+0x2c/0x70 [ 51.879724][ T3649] ? __check_object_size+0x2de/0x700 [ 51.885004][ T3649] file_tty_write.constprop.0+0x449/0x8f0 [ 51.890712][ T3649] ? n_tty_close+0x1e0/0x1e0 [ 51.895470][ T3649] vfs_write+0x9e9/0xdd0 [ 51.899705][ T3649] ? vfs_read+0x930/0x930 [ 51.904025][ T3649] ? find_held_lock+0x2d/0x110 [ 51.908780][ T3649] ? lock_downgrade+0x6e0/0x6e0 [ 51.913623][ T3649] ? __fget_light+0x20a/0x270 [ 51.918296][ T3649] ksys_write+0x127/0x250 [ 51.922620][ T3649] ? __ia32_sys_read+0xb0/0xb0 [ 51.927384][ T3649] ? lockdep_hardirqs_on+0x79/0x100 [ 51.932591][ T3649] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.937776][ T3649] ? ptrace_notify+0xfa/0x140 [ 51.942449][ T3649] do_syscall_64+0x35/0xb0 [ 51.946857][ T3649] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.952739][ T3649] RIP: 0033:0x7fa87e80b059 [ 51.957142][ T3649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.976735][ T3649] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3649] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3649] exit_group(0) = ? [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3650 attached , child_tidptr=0x555555f2c5d0) = 3650 [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3650] write(4, "3", 1) = 1 [pid 3650] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3650] exit_group(0) = ? [pid 3650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3651] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3651] write(4, "3", 1) = 1 [pid 3651] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3651] exit_group(0) = ? [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3652] write(4, "3", 1) = 1 [pid 3652] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3652] exit_group(0) = ? [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3653 ./strace-static-x86_64: Process 3653 attached [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 51.985138][ T3649] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 51.993095][ T3649] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.001053][ T3649] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 52.009009][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.016975][ T3649] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 52.024944][ T3649] [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3653] write(3, "1000", 4) = 4 [pid 3653] close(3) = 0 [pid 3653] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3653] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3653] write(4, "3", 1) = 1 [ 52.079737][ T3653] FAULT_INJECTION: forcing a failure. [ 52.079737][ T3653] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.092951][ T3653] CPU: 0 PID: 3653 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.104335][ T3653] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 52.113698][ T3653] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3653, name: syz-executor146 [ 52.123168][ T3653] preempt_count: 0, expected: 0 [ 52.128010][ T3653] RCU nest depth: 0, expected: 0 [ 52.132944][ T3653] 2 locks held by syz-executor146/3653: [ 52.138480][ T3653] #0: ffff888021e6c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 52.148235][ T3653] #1: ffff888021e6c130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 52.159686][ T3653] irq event stamp: 3356 [ 52.163844][ T3653] hardirqs last enabled at (3355): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 52.175944][ T3653] hardirqs last disabled at (3356): [] dump_stack_lvl+0x2e/0x134 [ 52.185238][ T3653] softirqs last enabled at (3348): [] __irq_exit_rcu+0x123/0x180 [ 52.194619][ T3653] softirqs last disabled at (3333): [] __irq_exit_rcu+0x123/0x180 [ 52.204013][ T3653] CPU: 0 PID: 3653 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.215393][ T3653] syz-executor146[3653] cmdline: ./syz-executor1469468726 [ 52.222490][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.232551][ T3653] Call Trace: [ 52.235835][ T3653] [ 52.238783][ T3653] dump_stack_lvl+0xcd/0x134 [ 52.243404][ T3653] __might_resched.cold+0x222/0x26b [ 52.248607][ T3653] down_read_killable+0x75/0x490 [ 52.253664][ T3653] ? down_read+0x450/0x450 [ 52.258088][ T3653] __access_remote_vm+0xac/0x6f0 [ 52.263039][ T3653] ? follow_phys+0x2c0/0x2c0 [ 52.267642][ T3653] ? do_raw_spin_lock+0x120/0x2a0 [ 52.272678][ T3653] ? rwlock_bug.part.0+0x90/0x90 [ 52.277633][ T3653] ? __up_console_sem+0x47/0xc0 [ 52.282484][ T3653] get_mm_cmdline.part.0+0x217/0x620 [ 52.287784][ T3653] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 52.293498][ T3653] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.299303][ T3653] get_task_cmdline_kernel+0x1d9/0x220 [ 52.304767][ T3653] dump_stack_print_cmdline.part.0+0x82/0x150 [ 52.310835][ T3653] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 52.316967][ T3653] ? dump_stack_print_info+0xc6/0x190 [ 52.322390][ T3653] dump_stack_print_info+0x185/0x190 [ 52.327691][ T3653] dump_stack_lvl+0xc1/0x134 [ 52.332282][ T3653] should_fail.cold+0x5/0xa [ 52.336799][ T3653] copyin+0x19/0x120 [ 52.340720][ T3653] _copy_from_iter+0x1ca/0x11c0 [ 52.345597][ T3653] ? _copy_mc_to_iter+0x1430/0x1430 [ 52.350831][ T3653] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.356388][ T3653] ? __virt_addr_valid+0x5d/0x2d0 [ 52.361415][ T3653] ? __phys_addr+0xc4/0x140 [ 52.365950][ T3653] ? __phys_addr_symbol+0x2c/0x70 [ 52.371008][ T3653] ? __check_object_size+0x2de/0x700 [ 52.376314][ T3653] file_tty_write.constprop.0+0x449/0x8f0 [ 52.382079][ T3653] ? n_tty_close+0x1e0/0x1e0 [ 52.386793][ T3653] vfs_write+0x9e9/0xdd0 [ 52.391049][ T3653] ? vfs_read+0x930/0x930 [ 52.395393][ T3653] ? find_held_lock+0x2d/0x110 [ 52.400156][ T3653] ? lock_downgrade+0x6e0/0x6e0 [ 52.405002][ T3653] ? __fget_light+0x20a/0x270 [ 52.409697][ T3653] ksys_write+0x127/0x250 [ 52.414146][ T3653] ? __ia32_sys_read+0xb0/0xb0 [ 52.418931][ T3653] ? lockdep_hardirqs_on+0x79/0x100 [ 52.424145][ T3653] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.429361][ T3653] ? ptrace_notify+0xfa/0x140 [ 52.434045][ T3653] do_syscall_64+0x35/0xb0 [ 52.438494][ T3653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.444420][ T3653] RIP: 0033:0x7fa87e80b059 [ 52.448834][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.468473][ T3653] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.476907][ T3653] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 52.484884][ T3653] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.492857][ T3653] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 52.500844][ T3653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.508803][ T3653] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 52.516775][ T3653] [ 52.519822][ T3653] syz-executor146[3653] cmdline: ./syz-executor1469468726 [ 52.526942][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.537024][ T3653] Call Trace: [ 52.540308][ T3653] [ 52.543227][ T3653] dump_stack_lvl+0xcd/0x134 [ 52.547825][ T3653] should_fail.cold+0x5/0xa [ 52.552329][ T3653] copyin+0x19/0x120 [ 52.556218][ T3653] _copy_from_iter+0x1ca/0x11c0 [ 52.561074][ T3653] ? _copy_mc_to_iter+0x1430/0x1430 [ 52.566293][ T3653] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.571832][ T3653] ? __virt_addr_valid+0x5d/0x2d0 [ 52.576857][ T3653] ? __phys_addr+0xc4/0x140 [ 52.581383][ T3653] ? __phys_addr_symbol+0x2c/0x70 [ 52.586412][ T3653] ? __check_object_size+0x2de/0x700 [ 52.591699][ T3653] file_tty_write.constprop.0+0x449/0x8f0 [ 52.597415][ T3653] ? n_tty_close+0x1e0/0x1e0 [ 52.602003][ T3653] vfs_write+0x9e9/0xdd0 [ 52.606242][ T3653] ? vfs_read+0x930/0x930 [ 52.610572][ T3653] ? find_held_lock+0x2d/0x110 [ 52.615346][ T3653] ? lock_downgrade+0x6e0/0x6e0 [ 52.620211][ T3653] ? __fget_light+0x20a/0x270 [ 52.624886][ T3653] ksys_write+0x127/0x250 [ 52.629297][ T3653] ? __ia32_sys_read+0xb0/0xb0 [ 52.634063][ T3653] ? lockdep_hardirqs_on+0x79/0x100 [ 52.639285][ T3653] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.644486][ T3653] ? ptrace_notify+0xfa/0x140 [ 52.649169][ T3653] do_syscall_64+0x35/0xb0 [ 52.653585][ T3653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.659569][ T3653] RIP: 0033:0x7fa87e80b059 [ 52.664001][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.683645][ T3653] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.692071][ T3653] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 52.700052][ T3653] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.708024][ T3653] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 52.716020][ T3653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.723988][ T3653] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3653] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3653] exit_group(0) = ? [pid 3653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=65} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3654 ./strace-static-x86_64: Process 3654 attached [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3654] write(4, "3", 1) = 1 [pid 3654] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3655 ./strace-static-x86_64: Process 3655 attached [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3655] write(4, "3", 1) = 1 [pid 3655] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3655] exit_group(0) = ? [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 52.731980][ T3653] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3656 attached , child_tidptr=0x555555f2c5d0) = 3656 [pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3656] setpgid(0, 0) = 0 [pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3656] write(3, "1000", 4) = 4 [pid 3656] close(3) = 0 [pid 3656] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3656] write(4, "3", 1) = 1 [pid 3656] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3656] exit_group(0) = ? [pid 3656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3657 ./strace-static-x86_64: Process 3657 attached [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3657] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3657] write(4, "3", 1) = 1 [pid 3657] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3657] exit_group(0) = ? [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3658] write(4, "3", 1) = 1 [pid 3658] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3658] exit_group(0) = ? [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3659 attached , child_tidptr=0x555555f2c5d0) = 3659 [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3659] setpgid(0, 0) = 0 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3659] write(3, "1000", 4) = 4 [pid 3659] close(3) = 0 [pid 3659] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3659] write(4, "3", 1) = 1 [pid 3659] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3659] exit_group(0) = ? [pid 3659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3660 attached , child_tidptr=0x555555f2c5d0) = 3660 [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3660] write(4, "3", 1) = 1 [pid 3660] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3660] exit_group(0) = ? [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3661 ./strace-static-x86_64: Process 3661 attached [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3661] write(4, "3", 1) = 1 [pid 3661] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3661] exit_group(0) = ? [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3662 ./strace-static-x86_64: Process 3662 attached [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3662] write(4, "3", 1) = 1 [ 52.871586][ T3662] FAULT_INJECTION: forcing a failure. [ 52.871586][ T3662] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.884726][ T3662] CPU: 0 PID: 3662 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.896123][ T3662] syz-executor146[3662] cmdline: ./syz-executor1469468726 [ 52.903250][ T3662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.913312][ T3662] Call Trace: [ 52.916592][ T3662] [ 52.919538][ T3662] dump_stack_lvl+0xcd/0x134 [ 52.924168][ T3662] should_fail.cold+0x5/0xa [ 52.928701][ T3662] copyin+0x19/0x120 [ 52.932606][ T3662] _copy_from_iter+0x1ca/0x11c0 [ 52.937482][ T3662] ? _copy_mc_to_iter+0x1430/0x1430 [ 52.942674][ T3662] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.948215][ T3662] ? __virt_addr_valid+0x5d/0x2d0 [ 52.953278][ T3662] ? __phys_addr+0xc4/0x140 [ 52.957826][ T3662] ? __phys_addr_symbol+0x2c/0x70 [ 52.962872][ T3662] ? __check_object_size+0x2de/0x700 [ 52.968186][ T3662] file_tty_write.constprop.0+0x449/0x8f0 [ 52.973928][ T3662] ? n_tty_close+0x1e0/0x1e0 [ 52.978543][ T3662] vfs_write+0x9e9/0xdd0 [ 52.982806][ T3662] ? vfs_read+0x930/0x930 [ 52.987157][ T3662] ? find_held_lock+0x2d/0x110 [ 52.991948][ T3662] ? lock_downgrade+0x6e0/0x6e0 [ 52.996819][ T3662] ? __fget_light+0x20a/0x270 [ 53.001510][ T3662] ksys_write+0x127/0x250 [ 53.005849][ T3662] ? __ia32_sys_read+0xb0/0xb0 [ 53.010621][ T3662] ? lockdep_hardirqs_on+0x79/0x100 [ 53.015836][ T3662] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.021042][ T3662] ? ptrace_notify+0xfa/0x140 [ 53.025747][ T3662] do_syscall_64+0x35/0xb0 [ 53.030354][ T3662] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.036258][ T3662] RIP: 0033:0x7fa87e80b059 [ 53.040676][ T3662] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.060289][ T3662] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3662] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3662] exit_group(0) = ? [pid 3662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3663 attached , child_tidptr=0x555555f2c5d0) = 3663 [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3663] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3663] write(4, "3", 1) = 1 [pid 3663] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3663] exit_group(0) = ? [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3664 ./strace-static-x86_64: Process 3664 attached [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3664] write(4, "3", 1) = 1 [pid 3664] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3664] exit_group(0) = ? [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3665 [ 53.068710][ T3662] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 53.076681][ T3662] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 53.084652][ T3662] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 53.092622][ T3662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 53.100595][ T3662] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 53.108583][ T3662] ./strace-static-x86_64: Process 3665 attached [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3665] write(3, "1000", 4) = 4 [pid 3665] close(3) = 0 [pid 3665] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3665] write(4, "3", 1) = 1 [pid 3665] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3665] exit_group(0) = ? [pid 3665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3666 attached , child_tidptr=0x555555f2c5d0) = 3666 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3666] write(4, "3", 1) = 1 [pid 3666] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3666] exit_group(0) = ? [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3667 ./strace-static-x86_64: Process 3667 attached [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3667] write(4, "3", 1) = 1 [pid 3667] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3667] exit_group(0) = ? [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3668 attached , child_tidptr=0x555555f2c5d0) = 3668 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3668] setpgid(0, 0) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3668] write(3, "1000", 4) = 4 [pid 3668] close(3) = 0 [pid 3668] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3668] write(4, "3", 1) = 1 [pid 3668] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3668] exit_group(0) = ? [pid 3668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3669] write(4, "3", 1) = 1 [pid 3669] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3669] exit_group(0) = ? [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3670 attached , child_tidptr=0x555555f2c5d0) = 3670 [pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3670] setpgid(0, 0) = 0 [pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3670] write(3, "1000", 4) = 4 [pid 3670] close(3) = 0 [pid 3670] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3670] write(4, "3", 1) = 1 [pid 3670] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3670] exit_group(0) = ? [pid 3670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3671 attached , child_tidptr=0x555555f2c5d0) = 3671 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [pid 3671] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3671] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3671] write(4, "3", 1) = 1 [pid 3671] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3671] exit_group(0) = ? [pid 3671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3672 attached , child_tidptr=0x555555f2c5d0) = 3672 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3672] write(4, "3", 1) = 1 [ 53.261159][ T3672] FAULT_INJECTION: forcing a failure. [ 53.261159][ T3672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.274494][ T3672] CPU: 0 PID: 3672 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.285869][ T3672] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 53.295238][ T3672] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3672, name: syz-executor146 [ 53.304690][ T3672] preempt_count: 0, expected: 0 [ 53.309547][ T3672] RCU nest depth: 0, expected: 0 [ 53.314483][ T3672] 2 locks held by syz-executor146/3672: [ 53.320021][ T3672] #0: ffff888021f88098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 53.329776][ T3672] #1: ffff888021f88130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 53.341116][ T3672] irq event stamp: 3558 [ 53.345267][ T3672] hardirqs last enabled at (3557): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 53.355607][ T3672] hardirqs last disabled at (3558): [] dump_stack_lvl+0x2e/0x134 [ 53.364931][ T3672] softirqs last enabled at (3550): [] __irq_exit_rcu+0x123/0x180 [ 53.374327][ T3672] softirqs last disabled at (3445): [] __irq_exit_rcu+0x123/0x180 [ 53.383720][ T3672] CPU: 0 PID: 3672 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.395119][ T3672] syz-executor146[3672] cmdline: ./syz-executor1469468726 [ 53.402226][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.412280][ T3672] Call Trace: [ 53.415561][ T3672] [ 53.418496][ T3672] dump_stack_lvl+0xcd/0x134 [ 53.423123][ T3672] __might_resched.cold+0x222/0x26b [ 53.428333][ T3672] down_read_killable+0x75/0x490 [ 53.433304][ T3672] ? down_read+0x450/0x450 [ 53.437756][ T3672] __access_remote_vm+0xac/0x6f0 [ 53.442713][ T3672] ? follow_phys+0x2c0/0x2c0 [ 53.447311][ T3672] ? do_raw_spin_lock+0x120/0x2a0 [ 53.452350][ T3672] ? rwlock_bug.part.0+0x90/0x90 [ 53.457304][ T3672] ? __up_console_sem+0x47/0xc0 [ 53.462184][ T3672] get_mm_cmdline.part.0+0x217/0x620 [ 53.467493][ T3672] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 53.473232][ T3672] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 53.479072][ T3672] get_task_cmdline_kernel+0x1d9/0x220 [ 53.484563][ T3672] dump_stack_print_cmdline.part.0+0x82/0x150 [ 53.490657][ T3672] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 53.496782][ T3672] ? dump_stack_print_info+0xc6/0x190 [ 53.502188][ T3672] dump_stack_print_info+0x185/0x190 [ 53.507500][ T3672] dump_stack_lvl+0xc1/0x134 [ 53.512114][ T3672] should_fail.cold+0x5/0xa [ 53.516642][ T3672] copyin+0x19/0x120 [ 53.520555][ T3672] _copy_from_iter+0x1ca/0x11c0 [ 53.525434][ T3672] ? _copy_mc_to_iter+0x1430/0x1430 [ 53.530648][ T3672] ? rcu_read_lock_sched_held+0x3a/0x70 [ 53.536201][ T3672] ? __virt_addr_valid+0x5d/0x2d0 [ 53.541258][ T3672] ? __phys_addr+0xc4/0x140 [ 53.545767][ T3672] ? __phys_addr_symbol+0x2c/0x70 [ 53.550798][ T3672] ? __check_object_size+0x2de/0x700 [ 53.556115][ T3672] file_tty_write.constprop.0+0x449/0x8f0 [ 53.561853][ T3672] ? n_tty_close+0x1e0/0x1e0 [ 53.566463][ T3672] vfs_write+0x9e9/0xdd0 [ 53.570723][ T3672] ? vfs_read+0x930/0x930 [ 53.575074][ T3672] ? find_held_lock+0x2d/0x110 [ 53.579850][ T3672] ? lock_downgrade+0x6e0/0x6e0 [ 53.584725][ T3672] ? __fget_light+0x20a/0x270 [ 53.589421][ T3672] ksys_write+0x127/0x250 [ 53.593765][ T3672] ? __ia32_sys_read+0xb0/0xb0 [ 53.598543][ T3672] ? lockdep_hardirqs_on+0x79/0x100 [ 53.603772][ T3672] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.608991][ T3672] ? ptrace_notify+0xfa/0x140 [ 53.613775][ T3672] do_syscall_64+0x35/0xb0 [ 53.618212][ T3672] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.624121][ T3672] RIP: 0033:0x7fa87e80b059 [ 53.628542][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.648151][ T3672] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.656569][ T3672] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 53.664543][ T3672] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 53.672513][ T3672] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 53.680483][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 53.688454][ T3672] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 53.696445][ T3672] [ 53.699488][ T3672] syz-executor146[3672] cmdline: ./syz-executor1469468726 [ 53.706593][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.716648][ T3672] Call Trace: [ 53.719927][ T3672] [ 53.722859][ T3672] dump_stack_lvl+0xcd/0x134 [ 53.727471][ T3672] should_fail.cold+0x5/0xa [ 53.731991][ T3672] copyin+0x19/0x120 [ 53.735903][ T3672] _copy_from_iter+0x1ca/0x11c0 [ 53.740772][ T3672] ? _copy_mc_to_iter+0x1430/0x1430 [ 53.745985][ T3672] ? rcu_read_lock_sched_held+0x3a/0x70 [ 53.751541][ T3672] ? __virt_addr_valid+0x5d/0x2d0 [ 53.756568][ T3672] ? __phys_addr+0xc4/0x140 [ 53.761087][ T3672] ? __phys_addr_symbol+0x2c/0x70 [ 53.766115][ T3672] ? __check_object_size+0x2de/0x700 [ 53.771422][ T3672] file_tty_write.constprop.0+0x449/0x8f0 [ 53.777154][ T3672] ? n_tty_close+0x1e0/0x1e0 [ 53.781773][ T3672] vfs_write+0x9e9/0xdd0 [ 53.786037][ T3672] ? vfs_read+0x930/0x930 [ 53.790378][ T3672] ? find_held_lock+0x2d/0x110 [ 53.795152][ T3672] ? lock_downgrade+0x6e0/0x6e0 [ 53.800037][ T3672] ? __fget_light+0x20a/0x270 [ 53.804725][ T3672] ksys_write+0x127/0x250 [ 53.809066][ T3672] ? __ia32_sys_read+0xb0/0xb0 [ 53.813851][ T3672] ? lockdep_hardirqs_on+0x79/0x100 [ 53.819069][ T3672] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.824297][ T3672] ? ptrace_notify+0xfa/0x140 [ 53.828993][ T3672] do_syscall_64+0x35/0xb0 [ 53.833423][ T3672] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.839338][ T3672] RIP: 0033:0x7fa87e80b059 [ 53.843754][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.863363][ T3672] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.871781][ T3672] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 53.879753][ T3672] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 53.887723][ T3672] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 53.895695][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 53.903669][ T3672] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3672] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3672] exit_group(0) = ? [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3673 attached , child_tidptr=0x555555f2c5d0) = 3673 [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3673] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3673] write(4, "3", 1) = 1 [pid 3673] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3673] exit_group(0) = ? [pid 3673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3674 ./strace-static-x86_64: Process 3674 attached [pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3674] setpgid(0, 0) = 0 [pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3674] write(3, "1000", 4) = 4 [pid 3674] close(3) = 0 [pid 3674] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3674] write(4, "3", 1) = 1 [pid 3674] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3674] exit_group(0) = ? [pid 3674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3675 ./strace-static-x86_64: Process 3675 attached [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [ 53.911670][ T3672] [pid 3675] write(4, "3", 1) = 1 [pid 3675] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3675] exit_group(0) = ? [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3676 attached , child_tidptr=0x555555f2c5d0) = 3676 [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3676] write(4, "3", 1) = 1 [pid 3676] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3676] exit_group(0) = ? [pid 3676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3677 attached , child_tidptr=0x555555f2c5d0) = 3677 [pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3677] setpgid(0, 0) = 0 [pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3677] write(3, "1000", 4) = 4 [pid 3677] close(3) = 0 [pid 3677] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3677] write(4, "3", 1) = 1 [pid 3677] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3677] exit_group(0) = ? [pid 3677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3678 ./strace-static-x86_64: Process 3678 attached [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3678] write(4, "3", 1) = 1 [pid 3678] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3678] exit_group(0) = ? [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3679 ./strace-static-x86_64: Process 3679 attached [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3679] write(4, "3", 1) = 1 [pid 3679] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3679] exit_group(0) = ? [pid 3679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3680 ./strace-static-x86_64: Process 3680 attached [pid 3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3680] setpgid(0, 0) = 0 [pid 3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3680] write(3, "1000", 4) = 4 [pid 3680] close(3) = 0 [pid 3680] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3680] write(4, "3", 1) = 1 [pid 3680] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3680] exit_group(0) = ? [pid 3680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3681 ./strace-static-x86_64: Process 3681 attached [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3681] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3681] write(4, "3", 1) = 1 [pid 3681] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3681] exit_group(0) = ? [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3682 attached , child_tidptr=0x555555f2c5d0) = 3682 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3682] write(4, "3", 1) = 1 [pid 3682] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3682] exit_group(0) = ? [pid 3682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3683 ./strace-static-x86_64: Process 3683 attached [pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3683] setpgid(0, 0) = 0 [pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3683] write(3, "1000", 4) = 4 [pid 3683] close(3) = 0 [pid 3683] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3683] write(4, "3", 1) = 1 [ 54.058156][ T3683] FAULT_INJECTION: forcing a failure. [ 54.058156][ T3683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.071617][ T3683] CPU: 0 PID: 3683 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.083009][ T3683] syz-executor146[3683] cmdline: ./syz-executor1469468726 [ 54.090105][ T3683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.100165][ T3683] Call Trace: [ 54.103461][ T3683] [ 54.106384][ T3683] dump_stack_lvl+0xcd/0x134 [ 54.110981][ T3683] should_fail.cold+0x5/0xa [ 54.115501][ T3683] copyin+0x19/0x120 [ 54.119397][ T3683] _copy_from_iter+0x1ca/0x11c0 [ 54.124249][ T3683] ? preempt_schedule_thunk+0x16/0x18 [ 54.129625][ T3683] ? _copy_mc_to_iter+0x1430/0x1430 [ 54.134844][ T3683] ? rcu_read_lock_sched_held+0x3a/0x70 [ 54.140383][ T3683] ? __virt_addr_valid+0x5d/0x2d0 [ 54.145411][ T3683] ? __phys_addr+0xc4/0x140 [ 54.149916][ T3683] ? __phys_addr_symbol+0x2c/0x70 [ 54.154977][ T3683] ? __check_object_size+0x2de/0x700 [ 54.160261][ T3683] file_tty_write.constprop.0+0x449/0x8f0 [ 54.165976][ T3683] ? n_tty_close+0x1e0/0x1e0 [ 54.170564][ T3683] vfs_write+0x9e9/0xdd0 [ 54.174801][ T3683] ? vfs_read+0x930/0x930 [ 54.179121][ T3683] ? find_held_lock+0x2d/0x110 [ 54.183875][ T3683] ? lock_downgrade+0x6e0/0x6e0 [ 54.188716][ T3683] ? __fget_light+0x20a/0x270 [ 54.193385][ T3683] ksys_write+0x127/0x250 [ 54.197705][ T3683] ? __ia32_sys_read+0xb0/0xb0 [ 54.202458][ T3683] ? lockdep_hardirqs_on+0x79/0x100 [ 54.207658][ T3683] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.212863][ T3683] ? ptrace_notify+0xfa/0x140 [ 54.217537][ T3683] do_syscall_64+0x35/0xb0 [ 54.221944][ T3683] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.227827][ T3683] RIP: 0033:0x7fa87e80b059 [ 54.232232][ T3683] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 3683] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3683] exit_group(0) = ? [pid 3683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3684] write(4, "3", 1) = 1 [pid 3684] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3684] exit_group(0) = ? [pid 3684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3685] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3685] write(4, "3", 1) = 1 [pid 3685] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3685] exit_group(0) = ? [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3686 attached , child_tidptr=0x555555f2c5d0) = 3686 [pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3686] setpgid(0, 0) = 0 [pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3686] write(3, "1000", 4) = 4 [pid 3686] close(3) = 0 [ 54.251823][ T3683] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.260222][ T3683] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 54.268177][ T3683] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 54.276141][ T3683] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 54.284096][ T3683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 54.292074][ T3683] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.300054][ T3683] [pid 3686] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3686] write(4, "3", 1) = 1 [pid 3686] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3686] exit_group(0) = ? [pid 3686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3687] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3687] write(4, "3", 1) = 1 [pid 3687] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3687] exit_group(0) = ? [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3688 attached , child_tidptr=0x555555f2c5d0) = 3688 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3688] write(4, "3", 1) = 1 [pid 3688] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3688] exit_group(0) = ? [pid 3688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3689 ./strace-static-x86_64: Process 3689 attached [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3689] setpgid(0, 0) = 0 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3689] write(3, "1000", 4) = 4 [pid 3689] close(3) = 0 [pid 3689] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3689] write(4, "3", 1) = 1 [pid 3689] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3689] exit_group(0) = ? [pid 3689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3690 ./strace-static-x86_64: Process 3690 attached [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3690] write(4, "3", 1) = 1 [pid 3690] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3690] exit_group(0) = ? [pid 3690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3691 attached , child_tidptr=0x555555f2c5d0) = 3691 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3691] write(4, "3", 1) = 1 [ 54.406579][ T3691] FAULT_INJECTION: forcing a failure. [ 54.406579][ T3691] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.420385][ T3691] CPU: 0 PID: 3691 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.431798][ T3691] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 54.441152][ T3691] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3691, name: syz-executor146 [ 54.450590][ T3691] preempt_count: 0, expected: 0 [ 54.455433][ T3691] RCU nest depth: 0, expected: 0 [ 54.460360][ T3691] 2 locks held by syz-executor146/3691: [ 54.465897][ T3691] #0: ffff888024fb9098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 54.475648][ T3691] #1: ffff888024fb9130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 54.486968][ T3691] irq event stamp: 3382 [ 54.491131][ T3691] hardirqs last enabled at (3381): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 54.501477][ T3691] hardirqs last disabled at (3382): [] dump_stack_lvl+0x2e/0x134 [ 54.510761][ T3691] softirqs last enabled at (3374): [] __irq_exit_rcu+0x123/0x180 [ 54.520125][ T3691] softirqs last disabled at (3273): [] __irq_exit_rcu+0x123/0x180 [ 54.529491][ T3691] CPU: 0 PID: 3691 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.540867][ T3691] syz-executor146[3691] cmdline: ./syz-executor1469468726 [ 54.547962][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.558011][ T3691] Call Trace: [ 54.561304][ T3691] [ 54.564249][ T3691] dump_stack_lvl+0xcd/0x134 [ 54.568878][ T3691] __might_resched.cold+0x222/0x26b [ 54.574077][ T3691] down_read_killable+0x75/0x490 [ 54.579060][ T3691] ? down_read+0x450/0x450 [ 54.583486][ T3691] __access_remote_vm+0xac/0x6f0 [ 54.588434][ T3691] ? follow_phys+0x2c0/0x2c0 [ 54.593024][ T3691] ? do_raw_spin_lock+0x120/0x2a0 [ 54.598075][ T3691] ? rwlock_bug.part.0+0x90/0x90 [ 54.603009][ T3691] ? __up_console_sem+0x47/0xc0 [ 54.607877][ T3691] get_mm_cmdline.part.0+0x217/0x620 [ 54.613181][ T3691] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 54.618934][ T3691] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 54.624779][ T3691] get_task_cmdline_kernel+0x1d9/0x220 [ 54.630358][ T3691] dump_stack_print_cmdline.part.0+0x82/0x150 [ 54.636441][ T3691] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 54.642566][ T3691] ? dump_stack_print_info+0xc6/0x190 [ 54.647950][ T3691] dump_stack_print_info+0x185/0x190 [ 54.653265][ T3691] dump_stack_lvl+0xc1/0x134 [ 54.657855][ T3691] should_fail.cold+0x5/0xa [ 54.662376][ T3691] copyin+0x19/0x120 [ 54.666288][ T3691] _copy_from_iter+0x1ca/0x11c0 [ 54.671149][ T3691] ? _copy_mc_to_iter+0x1430/0x1430 [ 54.676343][ T3691] ? rcu_read_lock_sched_held+0x3a/0x70 [ 54.681880][ T3691] ? __virt_addr_valid+0x5d/0x2d0 [ 54.686907][ T3691] ? __phys_addr+0xc4/0x140 [ 54.691419][ T3691] ? __phys_addr_symbol+0x2c/0x70 [ 54.696432][ T3691] ? __check_object_size+0x2de/0x700 [ 54.701731][ T3691] file_tty_write.constprop.0+0x449/0x8f0 [ 54.707444][ T3691] ? n_tty_close+0x1e0/0x1e0 [ 54.712034][ T3691] vfs_write+0x9e9/0xdd0 [ 54.716293][ T3691] ? vfs_read+0x930/0x930 [ 54.720622][ T3691] ? find_held_lock+0x2d/0x110 [ 54.725399][ T3691] ? lock_downgrade+0x6e0/0x6e0 [ 54.730252][ T3691] ? __fget_light+0x20a/0x270 [ 54.734930][ T3691] ksys_write+0x127/0x250 [ 54.739256][ T3691] ? __ia32_sys_read+0xb0/0xb0 [ 54.744022][ T3691] ? lockdep_hardirqs_on+0x79/0x100 [ 54.749234][ T3691] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.754424][ T3691] ? ptrace_notify+0xfa/0x140 [ 54.759111][ T3691] do_syscall_64+0x35/0xb0 [ 54.763549][ T3691] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.769447][ T3691] RIP: 0033:0x7fa87e80b059 [ 54.773884][ T3691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.793505][ T3691] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.801910][ T3691] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 54.809875][ T3691] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 54.817838][ T3691] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 54.825806][ T3691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 54.833779][ T3691] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.841771][ T3691] [ 54.844804][ T3691] syz-executor146[3691] cmdline: ./syz-executor1469468726 [ 54.851897][ T3691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.861942][ T3691] Call Trace: [ 54.865220][ T3691] [ 54.868188][ T3691] dump_stack_lvl+0xcd/0x134 [ 54.872824][ T3691] should_fail.cold+0x5/0xa [ 54.877328][ T3691] copyin+0x19/0x120 [ 54.881236][ T3691] _copy_from_iter+0x1ca/0x11c0 [ 54.886088][ T3691] ? _copy_mc_to_iter+0x1430/0x1430 [ 54.891302][ T3691] ? rcu_read_lock_sched_held+0x3a/0x70 [ 54.896854][ T3691] ? __virt_addr_valid+0x5d/0x2d0 [ 54.901885][ T3691] ? __phys_addr+0xc4/0x140 [ 54.906381][ T3691] ? __phys_addr_symbol+0x2c/0x70 [ 54.911398][ T3691] ? __check_object_size+0x2de/0x700 [ 54.916696][ T3691] file_tty_write.constprop.0+0x449/0x8f0 [ 54.922460][ T3691] ? n_tty_close+0x1e0/0x1e0 [ 54.927091][ T3691] vfs_write+0x9e9/0xdd0 [ 54.931366][ T3691] ? vfs_read+0x930/0x930 [ 54.935725][ T3691] ? find_held_lock+0x2d/0x110 [ 54.940494][ T3691] ? lock_downgrade+0x6e0/0x6e0 [ 54.945348][ T3691] ? __fget_light+0x20a/0x270 [ 54.950041][ T3691] ksys_write+0x127/0x250 [ 54.954368][ T3691] ? __ia32_sys_read+0xb0/0xb0 [ 54.959122][ T3691] ? lockdep_hardirqs_on+0x79/0x100 [ 54.964325][ T3691] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.969537][ T3691] ? ptrace_notify+0xfa/0x140 [ 54.974235][ T3691] do_syscall_64+0x35/0xb0 [ 54.978648][ T3691] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.984547][ T3691] RIP: 0033:0x7fa87e80b059 [ 54.988955][ T3691] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.008560][ T3691] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.016998][ T3691] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 55.024991][ T3691] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 55.032952][ T3691] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 55.040921][ T3691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 55.048904][ T3691] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 55.056899][ T3691] [pid 3691] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3691] exit_group(0) = ? [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3692 ./strace-static-x86_64: Process 3692 attached [pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3692] setpgid(0, 0) = 0 [pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3692] write(3, "1000", 4) = 4 [pid 3692] close(3) = 0 [pid 3692] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3692] write(4, "3", 1) = 1 [pid 3692] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3692] exit_group(0) = ? [pid 3692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3693 attached , child_tidptr=0x555555f2c5d0) = 3693 [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3693] write(4, "3", 1) = 1 [pid 3693] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3693] exit_group(0) = ? [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3694 ./strace-static-x86_64: Process 3694 attached [pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3694] setpgid(0, 0) = 0 [pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3694] write(3, "1000", 4) = 4 [pid 3694] close(3) = 0 [pid 3694] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3694] write(4, "3", 1) = 1 [pid 3694] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3694] exit_group(0) = ? [pid 3694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3695 attached , child_tidptr=0x555555f2c5d0) = 3695 [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3695] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3695] write(4, "3", 1) = 1 [pid 3695] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3695] exit_group(0) = ? [pid 3695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3696 attached , child_tidptr=0x555555f2c5d0) = 3696 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3696] write(4, "3", 1) = 1 [pid 3696] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3696] exit_group(0) = ? [pid 3696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3697 attached , child_tidptr=0x555555f2c5d0) = 3697 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3697] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3697] write(4, "3", 1) = 1 [pid 3697] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3697] exit_group(0) = ? [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3698 ./strace-static-x86_64: Process 3698 attached [pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3698] setpgid(0, 0) = 0 [pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3698] write(3, "1000", 4) = 4 [pid 3698] close(3) = 0 [pid 3698] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3698] write(4, "3", 1) = 1 [pid 3698] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3698] exit_group(0) = ? [pid 3698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3699 ./strace-static-x86_64: Process 3699 attached [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3699] write(4, "3", 1) = 1 [pid 3699] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3699] exit_group(0) = ? [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3700 attached , child_tidptr=0x555555f2c5d0) = 3700 [pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3700] setpgid(0, 0) = 0 [pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3700] write(3, "1000", 4) = 4 [pid 3700] close(3) = 0 [pid 3700] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3700] write(4, "3", 1) = 1 [ 55.200638][ T3700] FAULT_INJECTION: forcing a failure. [ 55.200638][ T3700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 55.213806][ T3700] CPU: 0 PID: 3700 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.225216][ T3700] syz-executor146[3700] cmdline: ./syz-executor1469468726 [ 55.232328][ T3700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.242396][ T3700] Call Trace: [ 55.245687][ T3700] [ 55.248642][ T3700] dump_stack_lvl+0xcd/0x134 [ 55.253296][ T3700] should_fail.cold+0x5/0xa [ 55.257847][ T3700] copyin+0x19/0x120 [ 55.261764][ T3700] _copy_from_iter+0x1ca/0x11c0 [ 55.266636][ T3700] ? _copy_mc_to_iter+0x1430/0x1430 [ 55.271855][ T3700] ? rcu_read_lock_sched_held+0x3a/0x70 [ 55.277394][ T3700] ? __virt_addr_valid+0x5d/0x2d0 [ 55.282412][ T3700] ? __phys_addr+0xc4/0x140 [ 55.286911][ T3700] ? __phys_addr_symbol+0x2c/0x70 [ 55.291971][ T3700] ? __check_object_size+0x2de/0x700 [ 55.297272][ T3700] file_tty_write.constprop.0+0x449/0x8f0 [ 55.303011][ T3700] ? n_tty_close+0x1e0/0x1e0 [ 55.307632][ T3700] vfs_write+0x9e9/0xdd0 [ 55.311907][ T3700] ? vfs_read+0x930/0x930 [ 55.316267][ T3700] ? find_held_lock+0x2d/0x110 [ 55.321070][ T3700] ? lock_downgrade+0x6e0/0x6e0 [ 55.325957][ T3700] ? __fget_light+0x20a/0x270 [ 55.330630][ T3700] ksys_write+0x127/0x250 [ 55.334976][ T3700] ? __ia32_sys_read+0xb0/0xb0 [ 55.339740][ T3700] ? lockdep_hardirqs_on+0x79/0x100 [ 55.344946][ T3700] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.350143][ T3700] ? ptrace_notify+0xfa/0x140 [ 55.354827][ T3700] do_syscall_64+0x35/0xb0 [ 55.359245][ T3700] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.365134][ T3700] RIP: 0033:0x7fa87e80b059 [ 55.369546][ T3700] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.389157][ T3700] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3700] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3700] exit_group(0) = ? [pid 3700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3701 ./strace-static-x86_64: Process 3701 attached [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3701] write(4, "3", 1) = 1 [pid 3701] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3701] exit_group(0) = ? [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3702 attached , child_tidptr=0x555555f2c5d0) = 3702 [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3702] write(4, "3", 1) = 1 [pid 3702] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.397580][ T3700] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 55.405565][ T3700] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 55.413530][ T3700] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 55.421490][ T3700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 55.429453][ T3700] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 55.437446][ T3700] [pid 3702] exit_group(0) = ? [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3703 ./strace-static-x86_64: Process 3703 attached [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3703] write(4, "3", 1) = 1 [pid 3703] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3703] exit_group(0) = ? [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3704 attached , child_tidptr=0x555555f2c5d0) = 3704 [pid 3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3704] setpgid(0, 0) = 0 [pid 3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3704] write(3, "1000", 4) = 4 [pid 3704] close(3) = 0 [pid 3704] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3704] write(4, "3", 1) = 1 [pid 3704] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3704] exit_group(0) = ? [pid 3704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3705 ./strace-static-x86_64: Process 3705 attached [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3705] write(4, "3", 1) = 1 [pid 3705] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3705] exit_group(0) = ? [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3706 attached , child_tidptr=0x555555f2c5d0) = 3706 [pid 3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3706] setpgid(0, 0) = 0 [pid 3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3706] write(3, "1000", 4) = 4 [pid 3706] close(3) = 0 [pid 3706] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3706] write(4, "3", 1) = 1 [pid 3706] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3706] exit_group(0) = ? [pid 3706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3707 attached , child_tidptr=0x555555f2c5d0) = 3707 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3707] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3707] write(4, "3", 1) = 1 [pid 3707] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3707] exit_group(0) = ? [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3708 ./strace-static-x86_64: Process 3708 attached [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3708] write(4, "3", 1) = 1 [ 55.540540][ T3706] pagefault_out_of_memory: 78 callbacks suppressed [ 55.540557][ T3706] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.568354][ T3707] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.588085][ T3708] FAULT_INJECTION: forcing a failure. [ 55.588085][ T3708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 55.601509][ T3708] CPU: 0 PID: 3708 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.612890][ T3708] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 55.622259][ T3708] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3708, name: syz-executor146 [ 55.631701][ T3708] preempt_count: 0, expected: 0 [ 55.636546][ T3708] RCU nest depth: 0, expected: 0 [ 55.641486][ T3708] 2 locks held by syz-executor146/3708: [ 55.647014][ T3708] #0: ffff888017044098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 55.656769][ T3708] #1: ffff888017044130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 55.668136][ T3708] irq event stamp: 3364 [ 55.672284][ T3708] hardirqs last enabled at (3363): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 55.682602][ T3708] hardirqs last disabled at (3364): [] dump_stack_lvl+0x2e/0x134 [ 55.691899][ T3708] softirqs last enabled at (3356): [] __irq_exit_rcu+0x123/0x180 [ 55.701307][ T3708] softirqs last disabled at (3247): [] __irq_exit_rcu+0x123/0x180 [ 55.710691][ T3708] CPU: 0 PID: 3708 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.722616][ T3708] syz-executor146[3708] cmdline: ./syz-executor1469468726 [ 55.729802][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.739901][ T3708] Call Trace: [ 55.743177][ T3708] [ 55.746119][ T3708] dump_stack_lvl+0xcd/0x134 [ 55.750754][ T3708] __might_resched.cold+0x222/0x26b [ 55.755964][ T3708] down_read_killable+0x75/0x490 [ 55.760906][ T3708] ? down_read+0x450/0x450 [ 55.765329][ T3708] __access_remote_vm+0xac/0x6f0 [ 55.770297][ T3708] ? follow_phys+0x2c0/0x2c0 [ 55.774911][ T3708] ? do_raw_spin_lock+0x120/0x2a0 [ 55.779952][ T3708] ? rwlock_bug.part.0+0x90/0x90 [ 55.784894][ T3708] ? __up_console_sem+0x47/0xc0 [ 55.789750][ T3708] get_mm_cmdline.part.0+0x217/0x620 [ 55.795051][ T3708] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 55.800780][ T3708] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 55.806586][ T3708] get_task_cmdline_kernel+0x1d9/0x220 [ 55.812049][ T3708] dump_stack_print_cmdline.part.0+0x82/0x150 [ 55.818205][ T3708] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 55.824325][ T3708] ? dump_stack_print_info+0xc6/0x190 [ 55.829706][ T3708] dump_stack_print_info+0x185/0x190 [ 55.835008][ T3708] dump_stack_lvl+0xc1/0x134 [ 55.839630][ T3708] should_fail.cold+0x5/0xa [ 55.844164][ T3708] copyin+0x19/0x120 [ 55.848071][ T3708] _copy_from_iter+0x1ca/0x11c0 [ 55.852925][ T3708] ? _copy_mc_to_iter+0x1430/0x1430 [ 55.858134][ T3708] ? rcu_read_lock_sched_held+0x3a/0x70 [ 55.863705][ T3708] ? __virt_addr_valid+0x5d/0x2d0 [ 55.868752][ T3708] ? __phys_addr+0xc4/0x140 [ 55.873250][ T3708] ? __phys_addr_symbol+0x2c/0x70 [ 55.878279][ T3708] ? __check_object_size+0x2de/0x700 [ 55.883578][ T3708] file_tty_write.constprop.0+0x449/0x8f0 [ 55.889332][ T3708] ? n_tty_close+0x1e0/0x1e0 [ 55.893954][ T3708] vfs_write+0x9e9/0xdd0 [ 55.898206][ T3708] ? vfs_read+0x930/0x930 [ 55.902544][ T3708] ? find_held_lock+0x2d/0x110 [ 55.907311][ T3708] ? lock_downgrade+0x6e0/0x6e0 [ 55.912166][ T3708] ? __fget_light+0x20a/0x270 [ 55.916858][ T3708] ksys_write+0x127/0x250 [ 55.921239][ T3708] ? __ia32_sys_read+0xb0/0xb0 [ 55.926017][ T3708] ? lockdep_hardirqs_on+0x79/0x100 [ 55.931230][ T3708] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.936439][ T3708] ? ptrace_notify+0xfa/0x140 [ 55.941135][ T3708] do_syscall_64+0x35/0xb0 [ 55.945576][ T3708] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.951465][ T3708] RIP: 0033:0x7fa87e80b059 [ 55.955874][ T3708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.975653][ T3708] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.984067][ T3708] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 55.992036][ T3708] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.000017][ T3708] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 56.007998][ T3708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 56.015975][ T3708] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.023949][ T3708] [ 56.026977][ T3708] syz-executor146[3708] cmdline: ./syz-executor1469468726 [ 56.034068][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.044111][ T3708] Call Trace: [ 56.047380][ T3708] [ 56.050300][ T3708] dump_stack_lvl+0xcd/0x134 [ 56.054904][ T3708] should_fail.cold+0x5/0xa [ 56.059444][ T3708] copyin+0x19/0x120 [ 56.063373][ T3708] _copy_from_iter+0x1ca/0x11c0 [ 56.068224][ T3708] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.073433][ T3708] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.078984][ T3708] ? __virt_addr_valid+0x5d/0x2d0 [ 56.084000][ T3708] ? __phys_addr+0xc4/0x140 [ 56.088513][ T3708] ? __phys_addr_symbol+0x2c/0x70 [ 56.093538][ T3708] ? __check_object_size+0x2de/0x700 [ 56.098863][ T3708] file_tty_write.constprop.0+0x449/0x8f0 [ 56.104579][ T3708] ? n_tty_close+0x1e0/0x1e0 [ 56.109180][ T3708] vfs_write+0x9e9/0xdd0 [ 56.113457][ T3708] ? vfs_read+0x930/0x930 [ 56.117818][ T3708] ? find_held_lock+0x2d/0x110 [ 56.122597][ T3708] ? lock_downgrade+0x6e0/0x6e0 [ 56.127440][ T3708] ? __fget_light+0x20a/0x270 [ 56.132126][ T3708] ksys_write+0x127/0x250 [ 56.136482][ T3708] ? __ia32_sys_read+0xb0/0xb0 [ 56.141258][ T3708] ? lockdep_hardirqs_on+0x79/0x100 [ 56.146463][ T3708] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.151673][ T3708] ? ptrace_notify+0xfa/0x140 [ 56.156358][ T3708] do_syscall_64+0x35/0xb0 [ 56.160810][ T3708] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.166736][ T3708] RIP: 0033:0x7fa87e80b059 [ 56.171142][ T3708] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [pid 3708] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3708] exit_group(0) = ? [pid 3708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3709 ./strace-static-x86_64: Process 3709 attached [pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3709] setpgid(0, 0) = 0 [pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3709] write(3, "1000", 4) = 4 [pid 3709] close(3) = 0 [pid 3709] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3709] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3709] write(4, "3", 1) = 1 [pid 3709] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 56.190747][ T3708] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.199160][ T3708] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 56.207141][ T3708] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.215143][ T3708] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 56.223121][ T3708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 56.231102][ T3708] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.239254][ T3708] [pid 3709] exit_group(0) = ? [pid 3709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3710 ./strace-static-x86_64: Process 3710 attached [pid 3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3710] setpgid(0, 0) = 0 [pid 3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3710] write(3, "1000", 4) = 4 [pid 3710] close(3) = 0 [pid 3710] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3710] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3710] write(4, "3", 1) = 1 [pid 3710] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3710] exit_group(0) = ? [pid 3710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3711 attached , child_tidptr=0x555555f2c5d0) = 3711 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3711] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3711] write(4, "3", 1) = 1 [pid 3711] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3711] exit_group(0) = ? [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3712 attached , child_tidptr=0x555555f2c5d0) = 3712 [pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3712] setpgid(0, 0) = 0 [pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3712] write(3, "1000", 4) = 4 [pid 3712] close(3) = 0 [pid 3712] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3712] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3712] write(4, "3", 1) = 1 [ 56.265804][ T3709] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 56.286682][ T3710] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 56.307571][ T3711] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3712] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3712] exit_group(0) = ? [pid 3712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3713 ./strace-static-x86_64: Process 3713 attached [pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3713] setpgid(0, 0) = 0 [pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3713] write(3, "1000", 4) = 4 [pid 3713] close(3) = 0 [pid 3713] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3713] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3713] write(4, "3", 1) = 1 [pid 3713] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3713] exit_group(0) = ? [pid 3713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3714 attached , child_tidptr=0x555555f2c5d0) = 3714 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3714] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3714] write(4, "3", 1) = 1 [pid 3714] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 56.331204][ T3712] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 56.352515][ T3713] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3714] exit_group(0) = ? [pid 3714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3715 attached , child_tidptr=0x555555f2c5d0) = 3715 [pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3715] setpgid(0, 0) = 0 [pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3715] write(3, "1000", 4) = 4 [pid 3715] close(3) = 0 [pid 3715] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3715] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3715] write(4, "3", 1) = 1 [ 56.384462][ T3714] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 56.403668][ T3715] FAULT_INJECTION: forcing a failure. [ 56.403668][ T3715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.416856][ T3715] CPU: 0 PID: 3715 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.428269][ T3715] syz-executor146[3715] cmdline: ./syz-executor1469468726 [ 56.435362][ T3715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.445419][ T3715] Call Trace: [ 56.448693][ T3715] [ 56.451617][ T3715] dump_stack_lvl+0xcd/0x134 [ 56.456210][ T3715] should_fail.cold+0x5/0xa [ 56.460714][ T3715] copyin+0x19/0x120 [ 56.464608][ T3715] _copy_from_iter+0x1ca/0x11c0 [ 56.469465][ T3715] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.474665][ T3715] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.480216][ T3715] ? __virt_addr_valid+0x5d/0x2d0 [ 56.485244][ T3715] ? __phys_addr+0xc4/0x140 [ 56.489741][ T3715] ? __phys_addr_symbol+0x2c/0x70 [ 56.494770][ T3715] ? __check_object_size+0x2de/0x700 [ 56.500084][ T3715] file_tty_write.constprop.0+0x449/0x8f0 [ 56.505802][ T3715] ? n_tty_close+0x1e0/0x1e0 [ 56.510408][ T3715] vfs_write+0x9e9/0xdd0 [ 56.514647][ T3715] ? vfs_read+0x930/0x930 [ 56.518986][ T3715] ? find_held_lock+0x2d/0x110 [ 56.523758][ T3715] ? lock_downgrade+0x6e0/0x6e0 [ 56.528634][ T3715] ? __fget_light+0x20a/0x270 [ 56.533320][ T3715] ksys_write+0x127/0x250 [ 56.537647][ T3715] ? __ia32_sys_read+0xb0/0xb0 [ 56.542420][ T3715] ? lockdep_hardirqs_on+0x79/0x100 [ 56.547617][ T3715] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.552810][ T3715] ? ptrace_notify+0xfa/0x140 [ 56.557485][ T3715] do_syscall_64+0x35/0xb0 [ 56.561900][ T3715] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.567818][ T3715] RIP: 0033:0x7fa87e80b059 [ 56.572251][ T3715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.591882][ T3715] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.600310][ T3715] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 56.608278][ T3715] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.616246][ T3715] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 56.624326][ T3715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3715] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3715] exit_group(0) = ? [pid 3715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3716 ./strace-static-x86_64: Process 3716 attached [pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3716] setpgid(0, 0) = 0 [pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3716] write(3, "1000", 4) = 4 [pid 3716] close(3) = 0 [pid 3716] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3716] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3716] write(4, "3", 1) = 1 [pid 3716] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3716] exit_group(0) = ? [pid 3716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3717 attached , child_tidptr=0x555555f2c5d0) = 3717 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3717] write(4, "3", 1) = 1 [pid 3717] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 56.632307][ T3715] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.640298][ T3715] [ 56.661348][ T3716] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3717] exit_group(0) = ? [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3718 attached , child_tidptr=0x555555f2c5d0) = 3718 [pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3718] setpgid(0, 0) = 0 [pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3718] write(3, "1000", 4) = 4 [pid 3718] close(3) = 0 [pid 3718] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3718] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3718] write(4, "3", 1) = 1 [ 56.681276][ T3717] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 56.713616][ T3718] FAULT_INJECTION: forcing a failure. [ 56.713616][ T3718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.727084][ T3718] CPU: 0 PID: 3718 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.738489][ T3718] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 56.747849][ T3718] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3718, name: syz-executor146 [ 56.757294][ T3718] preempt_count: 0, expected: 0 [ 56.762130][ T3718] RCU nest depth: 0, expected: 0 [ 56.767080][ T3718] 2 locks held by syz-executor146/3718: [ 56.772615][ T3718] #0: ffff88801fedf098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 56.782367][ T3718] #1: ffff88801fedf130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 56.793687][ T3718] irq event stamp: 3422 [ 56.797839][ T3718] hardirqs last enabled at (3421): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 56.808174][ T3718] hardirqs last disabled at (3422): [] dump_stack_lvl+0x2e/0x134 [ 56.817483][ T3718] softirqs last enabled at (3414): [] __irq_exit_rcu+0x123/0x180 [ 56.826857][ T3718] softirqs last disabled at (3323): [] __irq_exit_rcu+0x123/0x180 [ 56.836230][ T3718] CPU: 0 PID: 3718 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.847606][ T3718] syz-executor146[3718] cmdline: ./syz-executor1469468726 [ 56.854703][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.864745][ T3718] Call Trace: [ 56.868028][ T3718] [ 56.870975][ T3718] dump_stack_lvl+0xcd/0x134 [ 56.875601][ T3718] __might_resched.cold+0x222/0x26b [ 56.880808][ T3718] down_read_killable+0x75/0x490 [ 56.885792][ T3718] ? down_read+0x450/0x450 [ 56.890220][ T3718] __access_remote_vm+0xac/0x6f0 [ 56.895160][ T3718] ? follow_phys+0x2c0/0x2c0 [ 56.899757][ T3718] ? do_raw_spin_lock+0x120/0x2a0 [ 56.904803][ T3718] ? rwlock_bug.part.0+0x90/0x90 [ 56.909750][ T3718] ? __up_console_sem+0x47/0xc0 [ 56.914626][ T3718] get_mm_cmdline.part.0+0x217/0x620 [ 56.919942][ T3718] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 56.925656][ T3718] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 56.931488][ T3718] get_task_cmdline_kernel+0x1d9/0x220 [ 56.936974][ T3718] dump_stack_print_cmdline.part.0+0x82/0x150 [ 56.943155][ T3718] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 56.949267][ T3718] ? dump_stack_print_info+0xc6/0x190 [ 56.954653][ T3718] dump_stack_print_info+0x185/0x190 [ 56.959964][ T3718] dump_stack_lvl+0xc1/0x134 [ 56.964581][ T3718] should_fail.cold+0x5/0xa [ 56.969126][ T3718] copyin+0x19/0x120 [ 56.973028][ T3718] _copy_from_iter+0x1ca/0x11c0 [ 56.977905][ T3718] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.983110][ T3718] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.988679][ T3718] ? __virt_addr_valid+0x5d/0x2d0 [ 56.993716][ T3718] ? __phys_addr+0xc4/0x140 [ 56.998210][ T3718] ? __phys_addr_symbol+0x2c/0x70 [ 57.003223][ T3718] ? __check_object_size+0x2de/0x700 [ 57.008521][ T3718] file_tty_write.constprop.0+0x449/0x8f0 [ 57.014272][ T3718] ? n_tty_close+0x1e0/0x1e0 [ 57.019334][ T3718] vfs_write+0x9e9/0xdd0 [ 57.023576][ T3718] ? vfs_read+0x930/0x930 [ 57.027931][ T3718] ? find_held_lock+0x2d/0x110 [ 57.032706][ T3718] ? lock_downgrade+0x6e0/0x6e0 [ 57.037593][ T3718] ? __fget_light+0x20a/0x270 [ 57.042267][ T3718] ksys_write+0x127/0x250 [ 57.046595][ T3718] ? __ia32_sys_read+0xb0/0xb0 [ 57.051362][ T3718] ? lockdep_hardirqs_on+0x79/0x100 [ 57.056591][ T3718] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.061780][ T3718] ? ptrace_notify+0xfa/0x140 [ 57.066454][ T3718] do_syscall_64+0x35/0xb0 [ 57.070893][ T3718] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.076791][ T3718] RIP: 0033:0x7fa87e80b059 [ 57.081403][ T3718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.101028][ T3718] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.109470][ T3718] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 57.117447][ T3718] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.125424][ T3718] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 57.133416][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 57.141382][ T3718] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 57.149367][ T3718] [ 57.152420][ T3718] syz-executor146[3718] cmdline: ./syz-executor1469468726 [ 57.159540][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.169610][ T3718] Call Trace: [ 57.172911][ T3718] [ 57.175850][ T3718] dump_stack_lvl+0xcd/0x134 [ 57.180444][ T3718] should_fail.cold+0x5/0xa [ 57.184965][ T3718] copyin+0x19/0x120 [ 57.188876][ T3718] _copy_from_iter+0x1ca/0x11c0 [ 57.193744][ T3718] ? _copy_mc_to_iter+0x1430/0x1430 [ 57.198975][ T3718] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.204515][ T3718] ? __virt_addr_valid+0x5d/0x2d0 [ 57.209543][ T3718] ? __phys_addr+0xc4/0x140 [ 57.214075][ T3718] ? __phys_addr_symbol+0x2c/0x70 [ 57.219123][ T3718] ? __check_object_size+0x2de/0x700 [ 57.224426][ T3718] file_tty_write.constprop.0+0x449/0x8f0 [ 57.230185][ T3718] ? n_tty_close+0x1e0/0x1e0 [ 57.234804][ T3718] vfs_write+0x9e9/0xdd0 [ 57.239055][ T3718] ? vfs_read+0x930/0x930 [ 57.243402][ T3718] ? find_held_lock+0x2d/0x110 [ 57.248259][ T3718] ? lock_downgrade+0x6e0/0x6e0 [ 57.253117][ T3718] ? __fget_light+0x20a/0x270 [ 57.257841][ T3718] ksys_write+0x127/0x250 [ 57.262170][ T3718] ? __ia32_sys_read+0xb0/0xb0 [ 57.266941][ T3718] ? lockdep_hardirqs_on+0x79/0x100 [ 57.272142][ T3718] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.277342][ T3718] ? ptrace_notify+0xfa/0x140 [ 57.282038][ T3718] do_syscall_64+0x35/0xb0 [ 57.286474][ T3718] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.292381][ T3718] RIP: 0033:0x7fa87e80b059 [ 57.296824][ T3718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.316426][ T3718] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.324833][ T3718] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 57.332812][ T3718] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.340914][ T3718] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 57.348888][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 57.356868][ T3718] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3718] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3718] exit_group(0) = ? [pid 3718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=65} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3719 attached , child_tidptr=0x555555f2c5d0) = 3719 [pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3719] setpgid(0, 0) = 0 [pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3719] write(3, "1000", 4) = 4 [pid 3719] close(3) = 0 [pid 3719] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3719] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3719] write(4, "3", 1) = 1 [pid 3719] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3719] exit_group(0) = ? [pid 3719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3720 ./strace-static-x86_64: Process 3720 attached [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3720] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [ 57.364846][ T3718] [pid 3720] write(4, "3", 1) = 1 [pid 3720] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3720] exit_group(0) = ? [pid 3720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3721 attached , child_tidptr=0x555555f2c5d0) = 3721 [pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3721] setpgid(0, 0) = 0 [pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3721] write(3, "1000", 4) = 4 [pid 3721] close(3) = 0 [pid 3721] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3721] write(4, "3", 1) = 1 [pid 3721] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3721] exit_group(0) = ? [pid 3721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3722 ./strace-static-x86_64: Process 3722 attached [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3722] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3722] write(4, "3", 1) = 1 [pid 3722] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3722] exit_group(0) = ? [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3723 attached , child_tidptr=0x555555f2c5d0) = 3723 [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3723] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3723] write(4, "3", 1) = 1 [pid 3723] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3723] exit_group(0) = ? [pid 3723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3724 ./strace-static-x86_64: Process 3724 attached [pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3724] setpgid(0, 0) = 0 [pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3724] write(3, "1000", 4) = 4 [pid 3724] close(3) = 0 [pid 3724] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3724] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3724] write(4, "3", 1) = 1 [pid 3724] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3724] exit_group(0) = ? [pid 3724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3725 ./strace-static-x86_64: Process 3725 attached [pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3725] setpgid(0, 0) = 0 [pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3725] write(3, "1000", 4) = 4 [pid 3725] close(3) = 0 [pid 3725] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3725] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3725] write(4, "3", 1) = 1 [pid 3725] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3725] exit_group(0) = ? [pid 3725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3726 ./strace-static-x86_64: Process 3726 attached [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3726] write(4, "3", 1) = 1 [pid 3726] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3726] exit_group(0) = ? [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3727 attached , child_tidptr=0x555555f2c5d0) = 3727 [pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3727] setpgid(0, 0) = 0 [pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3727] write(3, "1000", 4) = 4 [pid 3727] close(3) = 0 [pid 3727] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3727] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3727] write(4, "3", 1) = 1 [pid 3727] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3727] exit_group(0) = ? [pid 3727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3728 attached , child_tidptr=0x555555f2c5d0) = 3728 [pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3728] setpgid(0, 0) = 0 [pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3728] write(3, "1000", 4) = 4 [pid 3728] close(3) = 0 [pid 3728] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3728] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3728] write(4, "3", 1) = 1 [ 57.516000][ T3728] FAULT_INJECTION: forcing a failure. [ 57.516000][ T3728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.529396][ T3728] CPU: 0 PID: 3728 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.540782][ T3728] syz-executor146[3728] cmdline: ./syz-executor1469468726 [ 57.547880][ T3728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.557938][ T3728] Call Trace: [ 57.561243][ T3728] [ 57.564187][ T3728] dump_stack_lvl+0xcd/0x134 [ 57.568839][ T3728] should_fail.cold+0x5/0xa [ 57.573343][ T3728] copyin+0x19/0x120 [ 57.577233][ T3728] _copy_from_iter+0x1ca/0x11c0 [ 57.582092][ T3728] ? _copy_mc_to_iter+0x1430/0x1430 [ 57.587292][ T3728] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.592843][ T3728] ? __virt_addr_valid+0x5d/0x2d0 [ 57.597856][ T3728] ? __phys_addr+0xc4/0x140 [ 57.602362][ T3728] ? __phys_addr_symbol+0x2c/0x70 [ 57.607399][ T3728] ? __check_object_size+0x2de/0x700 [ 57.612691][ T3728] file_tty_write.constprop.0+0x449/0x8f0 [ 57.618407][ T3728] ? n_tty_close+0x1e0/0x1e0 [ 57.623012][ T3728] vfs_write+0x9e9/0xdd0 [ 57.627285][ T3728] ? vfs_read+0x930/0x930 [ 57.631648][ T3728] ? find_held_lock+0x2d/0x110 [ 57.636427][ T3728] ? lock_downgrade+0x6e0/0x6e0 [ 57.641269][ T3728] ? __fget_light+0x20a/0x270 [ 57.645955][ T3728] ksys_write+0x127/0x250 [ 57.650311][ T3728] ? __ia32_sys_read+0xb0/0xb0 [ 57.655164][ T3728] ? lockdep_hardirqs_on+0x79/0x100 [ 57.660375][ T3728] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.665587][ T3728] ? ptrace_notify+0xfa/0x140 [ 57.670282][ T3728] do_syscall_64+0x35/0xb0 [ 57.674694][ T3728] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.680593][ T3728] RIP: 0033:0x7fa87e80b059 [ 57.684997][ T3728] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.704601][ T3728] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3728] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3728] exit_group(0) = ? [pid 3728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3729 attached , child_tidptr=0x555555f2c5d0) = 3729 [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3729] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3729] write(4, "3", 1) = 1 [pid 3729] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3729] exit_group(0) = ? [pid 3729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3730 attached [ 57.713014][ T3728] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 57.721078][ T3728] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.729040][ T3728] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 57.737011][ T3728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 57.744989][ T3728] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 57.752966][ T3728] , child_tidptr=0x555555f2c5d0) = 3730 [pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3730] setpgid(0, 0) = 0 [pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3730] write(3, "1000", 4) = 4 [pid 3730] close(3) = 0 [pid 3730] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3730] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3730] write(4, "3", 1) = 1 [pid 3730] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3730] exit_group(0) = ? [pid 3730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3731 ./strace-static-x86_64: Process 3731 attached [pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3731] setpgid(0, 0) = 0 [pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3731] write(3, "1000", 4) = 4 [pid 3731] close(3) = 0 [pid 3731] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3731] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3731] write(4, "3", 1) = 1 [pid 3731] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3731] exit_group(0) = ? [pid 3731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3732] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3732] write(4, "3", 1) = 1 [pid 3732] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3732] exit_group(0) = ? [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3733 attached , child_tidptr=0x555555f2c5d0) = 3733 [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3733] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3733] write(4, "3", 1) = 1 [pid 3733] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3733] exit_group(0) = ? [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3734 attached , child_tidptr=0x555555f2c5d0) = 3734 [pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3734] setpgid(0, 0) = 0 [pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3734] write(3, "1000", 4) = 4 [pid 3734] close(3) = 0 [pid 3734] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3734] write(4, "3", 1) = 1 [pid 3734] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3734] exit_group(0) = ? [pid 3734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3735 attached , child_tidptr=0x555555f2c5d0) = 3735 [pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3735] setpgid(0, 0) = 0 [pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3735] write(3, "1000", 4) = 4 [pid 3735] close(3) = 0 [pid 3735] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3735] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3735] write(4, "3", 1) = 1 [pid 3735] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3735] exit_group(0) = ? [pid 3735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3736 attached , child_tidptr=0x555555f2c5d0) = 3736 [pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3736] setpgid(0, 0) = 0 [pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3736] write(3, "1000", 4) = 4 [pid 3736] close(3) = 0 [pid 3736] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3736] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3736] write(4, "3", 1) = 1 [pid 3736] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3736] exit_group(0) = ? [pid 3736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3737 attached , child_tidptr=0x555555f2c5d0) = 3737 [pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3737] setpgid(0, 0) = 0 [pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3737] write(3, "1000", 4) = 4 [pid 3737] close(3) = 0 [pid 3737] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3737] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3737] write(4, "3", 1) = 1 [ 57.896594][ T3737] FAULT_INJECTION: forcing a failure. [ 57.896594][ T3737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.909805][ T3737] CPU: 0 PID: 3737 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.921206][ T3737] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 57.930576][ T3737] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3737, name: syz-executor146 [ 57.940014][ T3737] preempt_count: 0, expected: 0 [ 57.944847][ T3737] RCU nest depth: 0, expected: 0 [ 57.949782][ T3737] 2 locks held by syz-executor146/3737: [ 57.955310][ T3737] #0: ffff888074ee8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 57.965066][ T3737] #1: ffff888074ee8130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 57.976368][ T3737] irq event stamp: 3280 [ 57.980505][ T3737] hardirqs last enabled at (3279): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 57.990823][ T3737] hardirqs last disabled at (3280): [] dump_stack_lvl+0x2e/0x134 [ 58.000115][ T3737] softirqs last enabled at (3272): [] __irq_exit_rcu+0x123/0x180 [ 58.009508][ T3737] softirqs last disabled at (3255): [] __irq_exit_rcu+0x123/0x180 [ 58.018879][ T3737] CPU: 0 PID: 3737 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.030292][ T3737] syz-executor146[3737] cmdline: ./syz-executor1469468726 [ 58.037397][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.047450][ T3737] Call Trace: [ 58.050729][ T3737] [ 58.053660][ T3737] dump_stack_lvl+0xcd/0x134 [ 58.058276][ T3737] __might_resched.cold+0x222/0x26b [ 58.063485][ T3737] down_read_killable+0x75/0x490 [ 58.068441][ T3737] ? down_read+0x450/0x450 [ 58.072880][ T3737] __access_remote_vm+0xac/0x6f0 [ 58.077834][ T3737] ? follow_phys+0x2c0/0x2c0 [ 58.082432][ T3737] ? do_raw_spin_lock+0x120/0x2a0 [ 58.087465][ T3737] ? rwlock_bug.part.0+0x90/0x90 [ 58.092412][ T3737] ? __up_console_sem+0x47/0xc0 [ 58.097288][ T3737] get_mm_cmdline.part.0+0x217/0x620 [ 58.102600][ T3737] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 58.108331][ T3737] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 58.114154][ T3737] get_task_cmdline_kernel+0x1d9/0x220 [ 58.119634][ T3737] dump_stack_print_cmdline.part.0+0x82/0x150 [ 58.125722][ T3737] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 58.131842][ T3737] ? dump_stack_print_info+0xc6/0x190 [ 58.137235][ T3737] dump_stack_print_info+0x185/0x190 [ 58.142552][ T3737] dump_stack_lvl+0xc1/0x134 [ 58.147161][ T3737] should_fail.cold+0x5/0xa [ 58.151690][ T3737] copyin+0x19/0x120 [ 58.155595][ T3737] _copy_from_iter+0x1ca/0x11c0 [ 58.160465][ T3737] ? _copy_mc_to_iter+0x1430/0x1430 [ 58.165691][ T3737] ? rcu_read_lock_sched_held+0x3a/0x70 [ 58.171260][ T3737] ? __virt_addr_valid+0x5d/0x2d0 [ 58.176296][ T3737] ? __phys_addr+0xc4/0x140 [ 58.180818][ T3737] ? __phys_addr_symbol+0x2c/0x70 [ 58.185855][ T3737] ? __check_object_size+0x2de/0x700 [ 58.191167][ T3737] file_tty_write.constprop.0+0x449/0x8f0 [ 58.196908][ T3737] ? n_tty_close+0x1e0/0x1e0 [ 58.201522][ T3737] vfs_write+0x9e9/0xdd0 [ 58.205781][ T3737] ? vfs_read+0x930/0x930 [ 58.210122][ T3737] ? find_held_lock+0x2d/0x110 [ 58.214897][ T3737] ? lock_downgrade+0x6e0/0x6e0 [ 58.219758][ T3737] ? __fget_light+0x20a/0x270 [ 58.224447][ T3737] ksys_write+0x127/0x250 [ 58.228791][ T3737] ? __ia32_sys_read+0xb0/0xb0 [ 58.233565][ T3737] ? lockdep_hardirqs_on+0x79/0x100 [ 58.238780][ T3737] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.243984][ T3737] ? ptrace_notify+0xfa/0x140 [ 58.248681][ T3737] do_syscall_64+0x35/0xb0 [ 58.253114][ T3737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.259017][ T3737] RIP: 0033:0x7fa87e80b059 [ 58.263437][ T3737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.283050][ T3737] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.291469][ T3737] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 58.299443][ T3737] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 58.307427][ T3737] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 58.315421][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.323505][ T3737] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 58.331499][ T3737] [ 58.334543][ T3737] syz-executor146[3737] cmdline: ./syz-executor1469468726 [ 58.341650][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.351719][ T3737] Call Trace: [ 58.355345][ T3737] [ 58.358298][ T3737] dump_stack_lvl+0xcd/0x134 [ 58.362923][ T3737] should_fail.cold+0x5/0xa [ 58.367463][ T3737] copyin+0x19/0x120 [ 58.371394][ T3737] _copy_from_iter+0x1ca/0x11c0 [ 58.376274][ T3737] ? _copy_mc_to_iter+0x1430/0x1430 [ 58.381489][ T3737] ? rcu_read_lock_sched_held+0x3a/0x70 [ 58.387056][ T3737] ? __virt_addr_valid+0x5d/0x2d0 [ 58.392095][ T3737] ? __phys_addr+0xc4/0x140 [ 58.396614][ T3737] ? __phys_addr_symbol+0x2c/0x70 [ 58.401649][ T3737] ? __check_object_size+0x2de/0x700 [ 58.406962][ T3737] file_tty_write.constprop.0+0x449/0x8f0 [ 58.412704][ T3737] ? n_tty_close+0x1e0/0x1e0 [ 58.417313][ T3737] vfs_write+0x9e9/0xdd0 [ 58.421572][ T3737] ? vfs_read+0x930/0x930 [ 58.425913][ T3737] ? find_held_lock+0x2d/0x110 [ 58.430693][ T3737] ? lock_downgrade+0x6e0/0x6e0 [ 58.435567][ T3737] ? __fget_light+0x20a/0x270 [ 58.440256][ T3737] ksys_write+0x127/0x250 [ 58.444596][ T3737] ? __ia32_sys_read+0xb0/0xb0 [ 58.449368][ T3737] ? lockdep_hardirqs_on+0x79/0x100 [ 58.454588][ T3737] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.459790][ T3737] ? ptrace_notify+0xfa/0x140 [ 58.464482][ T3737] do_syscall_64+0x35/0xb0 [ 58.468910][ T3737] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.474811][ T3737] RIP: 0033:0x7fa87e80b059 [ 58.479231][ T3737] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.498841][ T3737] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.507258][ T3737] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 58.515229][ T3737] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 58.523217][ T3737] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 58.531191][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.539161][ T3737] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3737] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3737] exit_group(0) = ? [pid 3737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3738 ./strace-static-x86_64: Process 3738 attached [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3738] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3738] write(4, "3", 1) = 1 [pid 3738] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3738] exit_group(0) = ? [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3739 attached , child_tidptr=0x555555f2c5d0) = 3739 [pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3739] setpgid(0, 0) = 0 [pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3739] write(3, "1000", 4) = 4 [pid 3739] close(3) = 0 [pid 3739] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [ 58.547154][ T3737] [pid 3739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3739] write(4, "3", 1) = 1 [pid 3739] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3739] exit_group(0) = ? [pid 3739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3740 ./strace-static-x86_64: Process 3740 attached [pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3740] setpgid(0, 0) = 0 [pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3740] write(3, "1000", 4) = 4 [pid 3740] close(3) = 0 [pid 3740] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3740] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3740] write(4, "3", 1) = 1 [pid 3740] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3740] exit_group(0) = ? [pid 3740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3741 ./strace-static-x86_64: Process 3741 attached [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3741] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3741] write(4, "3", 1) = 1 [pid 3741] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3741] exit_group(0) = ? [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3742 ./strace-static-x86_64: Process 3742 attached [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3742] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3742] write(4, "3", 1) = 1 [pid 3742] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3742] exit_group(0) = ? [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3743 attached , child_tidptr=0x555555f2c5d0) = 3743 [pid 3743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3743] setpgid(0, 0) = 0 [pid 3743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3743] write(3, "1000", 4) = 4 [pid 3743] close(3) = 0 [pid 3743] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3743] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3743] write(4, "3", 1) = 1 [pid 3743] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3743] exit_group(0) = ? [pid 3743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3743, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3744 ./strace-static-x86_64: Process 3744 attached [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3744] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3744] write(4, "3", 1) = 1 [pid 3744] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3744] exit_group(0) = ? [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3745 attached , child_tidptr=0x555555f2c5d0) = 3745 [pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3745] setpgid(0, 0) = 0 [pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3745] write(3, "1000", 4) = 4 [pid 3745] close(3) = 0 [pid 3745] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3745] write(4, "3", 1) = 1 [pid 3745] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3745] exit_group(0) = ? [pid 3745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3746 attached , child_tidptr=0x555555f2c5d0) = 3746 [pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3746] setpgid(0, 0) = 0 [pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3746] write(3, "1000", 4) = 4 [pid 3746] close(3) = 0 [pid 3746] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3746] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3746] write(4, "3", 1) = 1 [pid 3746] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3746] exit_group(0) = ? [pid 3746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3746, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3747 attached , child_tidptr=0x555555f2c5d0) = 3747 [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3747] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3747] write(4, "3", 1) = 1 [pid 3747] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3747] exit_group(0) = ? [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3748 ./strace-static-x86_64: Process 3748 attached [pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3748] setpgid(0, 0) = 0 [pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3748] write(3, "1000", 4) = 4 [pid 3748] close(3) = 0 [pid 3748] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3748] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3748] write(4, "3", 1) = 1 [ 58.714122][ T3748] FAULT_INJECTION: forcing a failure. [ 58.714122][ T3748] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.727433][ T3748] CPU: 0 PID: 3748 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.738848][ T3748] syz-executor146[3748] cmdline: ./syz-executor1469468726 [ 58.745967][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.756106][ T3748] Call Trace: [ 58.759386][ T3748] [ 58.762311][ T3748] dump_stack_lvl+0xcd/0x134 [ 58.766922][ T3748] should_fail.cold+0x5/0xa [ 58.771460][ T3748] copyin+0x19/0x120 [ 58.775372][ T3748] _copy_from_iter+0x1ca/0x11c0 [ 58.780243][ T3748] ? _copy_mc_to_iter+0x1430/0x1430 [ 58.785474][ T3748] ? rcu_read_lock_sched_held+0x3a/0x70 [ 58.791019][ T3748] ? __virt_addr_valid+0x5d/0x2d0 [ 58.796050][ T3748] ? __phys_addr+0xc4/0x140 [ 58.800565][ T3748] ? __phys_addr_symbol+0x2c/0x70 [ 58.805599][ T3748] ? __check_object_size+0x2de/0x700 [ 58.810913][ T3748] file_tty_write.constprop.0+0x449/0x8f0 [ 58.816656][ T3748] ? n_tty_close+0x1e0/0x1e0 [ 58.821265][ T3748] vfs_write+0x9e9/0xdd0 [ 58.825526][ T3748] ? vfs_read+0x930/0x930 [ 58.829869][ T3748] ? find_held_lock+0x2d/0x110 [ 58.834644][ T3748] ? lock_downgrade+0x6e0/0x6e0 [ 58.839510][ T3748] ? __fget_light+0x20a/0x270 [ 58.844199][ T3748] ksys_write+0x127/0x250 [ 58.848540][ T3748] ? __ia32_sys_read+0xb0/0xb0 [ 58.853325][ T3748] ? lockdep_hardirqs_on+0x79/0x100 [ 58.858554][ T3748] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.863761][ T3748] ? ptrace_notify+0xfa/0x140 [ 58.868456][ T3748] do_syscall_64+0x35/0xb0 [ 58.872887][ T3748] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.878787][ T3748] RIP: 0033:0x7fa87e80b059 [ 58.883211][ T3748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.902822][ T3748] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3748] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3748] exit_group(0) = ? [pid 3748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3749 attached , child_tidptr=0x555555f2c5d0) = 3749 [pid 3749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3749] setpgid(0, 0) = 0 [pid 3749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3749] write(3, "1000", 4) = 4 [pid 3749] close(3) = 0 [pid 3749] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3749] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3749] write(4, "3", 1) = 1 [pid 3749] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3749] exit_group(0) = ? [pid 3749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3749, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3750 ./strace-static-x86_64: Process 3750 attached [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3750] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3750] write(4, "3", 1) = 1 [pid 3750] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3750] exit_group(0) = ? [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3751 ./strace-static-x86_64: Process 3751 attached [pid 3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3751] setpgid(0, 0) = 0 [ 58.911241][ T3748] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 58.919217][ T3748] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 58.927189][ T3748] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 58.935175][ T3748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.943159][ T3748] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 58.951147][ T3748] [pid 3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3751] write(3, "1000", 4) = 4 [pid 3751] close(3) = 0 [pid 3751] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3751] write(4, "3", 1) = 1 [pid 3751] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3751] exit_group(0) = ? [pid 3751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3752 attached , child_tidptr=0x555555f2c5d0) = 3752 [pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3752] setpgid(0, 0) = 0 [pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3752] write(3, "1000", 4) = 4 [pid 3752] close(3) = 0 [pid 3752] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3752] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3752] write(4, "3", 1) = 1 [pid 3752] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3752] exit_group(0) = ? [pid 3752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3753 ./strace-static-x86_64: Process 3753 attached [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3753] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3753] write(4, "3", 1) = 1 [pid 3753] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3753] exit_group(0) = ? [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3754 attached , child_tidptr=0x555555f2c5d0) = 3754 [pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3754] setpgid(0, 0) = 0 [pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3754] write(3, "1000", 4) = 4 [pid 3754] close(3) = 0 [pid 3754] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3754] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3754] write(4, "3", 1) = 1 [pid 3754] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3754] exit_group(0) = ? [pid 3754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3755 ./strace-static-x86_64: Process 3755 attached [pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3755] setpgid(0, 0) = 0 [pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3755] write(3, "1000", 4) = 4 [pid 3755] close(3) = 0 [pid 3755] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3755] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3755] write(4, "3", 1) = 1 [pid 3755] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3755] exit_group(0) = ? [pid 3755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3756 attached , child_tidptr=0x555555f2c5d0) = 3756 [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3756] write(4, "3", 1) = 1 [pid 3756] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3756] exit_group(0) = ? [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3757 attached , child_tidptr=0x555555f2c5d0) = 3757 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3757] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3757] write(4, "3", 1) = 1 [pid 3757] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3757] exit_group(0) = ? [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3758 ./strace-static-x86_64: Process 3758 attached [pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3758] setpgid(0, 0) = 0 [pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3758] write(3, "1000", 4) = 4 [pid 3758] close(3) = 0 [pid 3758] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3758] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3758] write(4, "3", 1) = 1 [pid 3758] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3758] exit_group(0) = ? [pid 3758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3759 ./strace-static-x86_64: Process 3759 attached [pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3759] setpgid(0, 0) = 0 [pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3759] write(3, "1000", 4) = 4 [pid 3759] close(3) = 0 [pid 3759] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3759] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3759] write(4, "3", 1) = 1 [pid 3759] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3759] exit_group(0) = ? [pid 3759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3760 ./strace-static-x86_64: Process 3760 attached [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3760] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3760] write(4, "3", 1) = 1 [pid 3760] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3760] exit_group(0) = ? [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3761 ./strace-static-x86_64: Process 3761 attached [pid 3761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3761] setpgid(0, 0) = 0 [pid 3761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3761] write(3, "1000", 4) = 4 [pid 3761] close(3) = 0 [pid 3761] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3761] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3761] write(4, "3", 1) = 1 [pid 3761] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3761] exit_group(0) = ? [pid 3761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3761, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3762 attached , child_tidptr=0x555555f2c5d0) = 3762 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3762] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3762] write(4, "3", 1) = 1 [pid 3762] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3762] exit_group(0) = ? [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3763 ./strace-static-x86_64: Process 3763 attached [pid 3763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3763] setpgid(0, 0) = 0 [pid 3763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3763] write(3, "1000", 4) = 4 [pid 3763] close(3) = 0 [pid 3763] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3763] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3763] write(4, "3", 1) = 1 [pid 3763] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3763] exit_group(0) = ? [pid 3763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3763, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3764 ./strace-static-x86_64: Process 3764 attached [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3764] write(4, "3", 1) = 1 [pid 3764] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3764] exit_group(0) = ? [pid 3764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3765 ./strace-static-x86_64: Process 3765 attached [pid 3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3765] setpgid(0, 0) = 0 [pid 3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3765] write(3, "1000", 4) = 4 [pid 3765] close(3) = 0 [pid 3765] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3765] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3765] write(4, "3", 1) = 1 [pid 3765] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3765] exit_group(0) = ? [pid 3765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3766 ./strace-static-x86_64: Process 3766 attached [pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3766] setpgid(0, 0) = 0 [pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3766] write(3, "1000", 4) = 4 [pid 3766] close(3) = 0 [pid 3766] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3766] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3766] write(4, "3", 1) = 1 [pid 3766] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3766] exit_group(0) = ? [pid 3766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3767 attached , child_tidptr=0x555555f2c5d0) = 3767 [pid 3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3767] setpgid(0, 0) = 0 [pid 3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3767] write(3, "1000", 4) = 4 [pid 3767] close(3) = 0 [pid 3767] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3767] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3767] write(4, "3", 1) = 1 [ 59.221729][ T3767] FAULT_INJECTION: forcing a failure. [ 59.221729][ T3767] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 59.235634][ T3767] CPU: 0 PID: 3767 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.247022][ T3767] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 59.256378][ T3767] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3767, name: syz-executor146 [ 59.265813][ T3767] preempt_count: 0, expected: 0 [ 59.270645][ T3767] RCU nest depth: 0, expected: 0 [ 59.275568][ T3767] 2 locks held by syz-executor146/3767: [ 59.281094][ T3767] #0: ffff8880266bd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 59.290838][ T3767] #1: ffff8880266bd130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 59.302136][ T3767] irq event stamp: 3406 [ 59.306274][ T3767] hardirqs last enabled at (3405): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 59.316586][ T3767] hardirqs last disabled at (3406): [] dump_stack_lvl+0x2e/0x134 [ 59.325862][ T3767] softirqs last enabled at (3398): [] __irq_exit_rcu+0x123/0x180 [ 59.335221][ T3767] softirqs last disabled at (3297): [] __irq_exit_rcu+0x123/0x180 [ 59.344617][ T3767] CPU: 0 PID: 3767 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.356020][ T3767] syz-executor146[3767] cmdline: ./syz-executor1469468726 [ 59.363132][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.373193][ T3767] Call Trace: [ 59.376477][ T3767] [ 59.379415][ T3767] dump_stack_lvl+0xcd/0x134 [ 59.384047][ T3767] __might_resched.cold+0x222/0x26b [ 59.389265][ T3767] down_read_killable+0x75/0x490 [ 59.394225][ T3767] ? down_read+0x450/0x450 [ 59.398669][ T3767] __access_remote_vm+0xac/0x6f0 [ 59.403640][ T3767] ? follow_phys+0x2c0/0x2c0 [ 59.408245][ T3767] ? do_raw_spin_lock+0x120/0x2a0 [ 59.413283][ T3767] ? rwlock_bug.part.0+0x90/0x90 [ 59.418237][ T3767] ? __up_console_sem+0x47/0xc0 [ 59.423106][ T3767] get_mm_cmdline.part.0+0x217/0x620 [ 59.428432][ T3767] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 59.434171][ T3767] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 59.439997][ T3767] get_task_cmdline_kernel+0x1d9/0x220 [ 59.445511][ T3767] dump_stack_print_cmdline.part.0+0x82/0x150 [ 59.451626][ T3767] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 59.457749][ T3767] ? dump_stack_print_info+0xc6/0x190 [ 59.463147][ T3767] dump_stack_print_info+0x185/0x190 [ 59.468460][ T3767] dump_stack_lvl+0xc1/0x134 [ 59.473072][ T3767] should_fail.cold+0x5/0xa [ 59.477601][ T3767] copyin+0x19/0x120 [ 59.481515][ T3767] _copy_from_iter+0x1ca/0x11c0 [ 59.486394][ T3767] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.491637][ T3767] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.497192][ T3767] ? __virt_addr_valid+0x5d/0x2d0 [ 59.502223][ T3767] ? __phys_addr+0xc4/0x140 [ 59.506731][ T3767] ? __phys_addr_symbol+0x2c/0x70 [ 59.511779][ T3767] ? __check_object_size+0x2de/0x700 [ 59.517556][ T3767] file_tty_write.constprop.0+0x449/0x8f0 [ 59.523378][ T3767] ? n_tty_close+0x1e0/0x1e0 [ 59.527989][ T3767] vfs_write+0x9e9/0xdd0 [ 59.532332][ T3767] ? vfs_read+0x930/0x930 [ 59.536674][ T3767] ? find_held_lock+0x2d/0x110 [ 59.541452][ T3767] ? lock_downgrade+0x6e0/0x6e0 [ 59.546317][ T3767] ? __fget_light+0x20a/0x270 [ 59.551007][ T3767] ksys_write+0x127/0x250 [ 59.555350][ T3767] ? __ia32_sys_read+0xb0/0xb0 [ 59.560130][ T3767] ? lockdep_hardirqs_on+0x79/0x100 [ 59.565350][ T3767] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.570556][ T3767] ? ptrace_notify+0xfa/0x140 [ 59.575253][ T3767] do_syscall_64+0x35/0xb0 [ 59.579685][ T3767] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.585588][ T3767] RIP: 0033:0x7fa87e80b059 [ 59.590010][ T3767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.609623][ T3767] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.618042][ T3767] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 59.626014][ T3767] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 59.633984][ T3767] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 59.641955][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 59.649925][ T3767] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 59.657915][ T3767] [ 59.660980][ T3767] syz-executor146[3767] cmdline: ./syz-executor1469468726 [ 59.668097][ T3767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.678162][ T3767] Call Trace: [ 59.681448][ T3767] [ 59.684387][ T3767] dump_stack_lvl+0xcd/0x134 [ 59.689006][ T3767] should_fail.cold+0x5/0xa [ 59.693539][ T3767] copyin+0x19/0x120 [ 59.697455][ T3767] _copy_from_iter+0x1ca/0x11c0 [ 59.702332][ T3767] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.707548][ T3767] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.713105][ T3767] ? __virt_addr_valid+0x5d/0x2d0 [ 59.718144][ T3767] ? __phys_addr+0xc4/0x140 [ 59.722672][ T3767] ? __phys_addr_symbol+0x2c/0x70 [ 59.727719][ T3767] ? __check_object_size+0x2de/0x700 [ 59.733032][ T3767] file_tty_write.constprop.0+0x449/0x8f0 [ 59.738776][ T3767] ? n_tty_close+0x1e0/0x1e0 [ 59.743397][ T3767] vfs_write+0x9e9/0xdd0 [ 59.747661][ T3767] ? vfs_read+0x930/0x930 [ 59.752008][ T3767] ? find_held_lock+0x2d/0x110 [ 59.756788][ T3767] ? lock_downgrade+0x6e0/0x6e0 [ 59.761648][ T3767] ? __fget_light+0x20a/0x270 [ 59.766345][ T3767] ksys_write+0x127/0x250 [ 59.770689][ T3767] ? __ia32_sys_read+0xb0/0xb0 [ 59.775461][ T3767] ? lockdep_hardirqs_on+0x79/0x100 [ 59.780680][ T3767] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.785887][ T3767] ? ptrace_notify+0xfa/0x140 [ 59.790582][ T3767] do_syscall_64+0x35/0xb0 [ 59.795012][ T3767] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.800930][ T3767] RIP: 0033:0x7fa87e80b059 [ 59.805352][ T3767] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.825239][ T3767] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.833664][ T3767] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 59.841639][ T3767] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 59.849619][ T3767] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 59.857594][ T3767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 59.865568][ T3767] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3767] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3767] exit_group(0) = ? [pid 3767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3768 ./strace-static-x86_64: Process 3768 attached [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3768] write(4, "3", 1) = 1 [ 59.873572][ T3767] [ 59.906766][ T3768] FAULT_INJECTION: forcing a failure. [ 59.906766][ T3768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 59.920039][ T3768] CPU: 1 PID: 3768 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.931424][ T3768] syz-executor146[3768] cmdline: ./syz-executor1469468726 [ 59.938522][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.948576][ T3768] Call Trace: [ 59.951859][ T3768] [ 59.954779][ T3768] dump_stack_lvl+0xcd/0x134 [ 59.959372][ T3768] should_fail.cold+0x5/0xa [ 59.963878][ T3768] copyin+0x19/0x120 [ 59.967834][ T3768] _copy_from_iter+0x1ca/0x11c0 [ 59.972688][ T3768] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.977884][ T3768] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.983421][ T3768] ? __virt_addr_valid+0x5d/0x2d0 [ 59.988439][ T3768] ? __phys_addr+0xc4/0x140 [ 59.992949][ T3768] ? __phys_addr_symbol+0x2c/0x70 [ 59.997988][ T3768] ? __check_object_size+0x2de/0x700 [ 60.003274][ T3768] file_tty_write.constprop.0+0x449/0x8f0 [ 60.008988][ T3768] ? n_tty_close+0x1e0/0x1e0 [ 60.013578][ T3768] vfs_write+0x9e9/0xdd0 [ 60.017818][ T3768] ? vfs_read+0x930/0x930 [ 60.022157][ T3768] ? find_held_lock+0x2d/0x110 [ 60.026928][ T3768] ? lock_downgrade+0x6e0/0x6e0 [ 60.031794][ T3768] ? __fget_light+0x20a/0x270 [ 60.036465][ T3768] ksys_write+0x127/0x250 [ 60.040803][ T3768] ? __ia32_sys_read+0xb0/0xb0 [ 60.045572][ T3768] ? lockdep_hardirqs_on+0x79/0x100 [ 60.050794][ T3768] ? _raw_spin_unlock_irq+0x2a/0x40 [ 60.055999][ T3768] ? ptrace_notify+0xfa/0x140 [ 60.060675][ T3768] do_syscall_64+0x35/0xb0 [ 60.065086][ T3768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.070989][ T3768] RIP: 0033:0x7fa87e80b059 [ 60.075426][ T3768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.095043][ T3768] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3768] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3768] exit_group(0) = ? [pid 3768] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3769 ./strace-static-x86_64: Process 3769 attached [pid 3769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3769] setpgid(0, 0) = 0 [pid 3769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3769] write(3, "1000", 4) = 4 [pid 3769] close(3) = 0 [pid 3769] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3769] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3769] write(4, "3", 1) = 1 [pid 3769] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3769] exit_group(0) = ? [pid 3769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3769, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3770 ./strace-static-x86_64: Process 3770 attached [pid 3770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3770] setpgid(0, 0) = 0 [pid 3770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3770] write(3, "1000", 4) = 4 [pid 3770] close(3) = 0 [pid 3770] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3770] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3770] write(4, "3", 1) = 1 [pid 3770] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3770] exit_group(0) = ? [pid 3770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3770, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3771 attached , child_tidptr=0x555555f2c5d0) = 3771 [pid 3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3771] setpgid(0, 0) = 0 [pid 3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3771] write(3, "1000", 4) = 4 [pid 3771] close(3) = 0 [pid 3771] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3771] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [ 60.103460][ T3768] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 60.111421][ T3768] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 60.119388][ T3768] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 60.127369][ T3768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 60.135337][ T3768] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 60.143343][ T3768] [pid 3771] write(4, "3", 1) = 1 [pid 3771] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3771] exit_group(0) = ? [pid 3771] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3772 attached , child_tidptr=0x555555f2c5d0) = 3772 [pid 3772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3772] setpgid(0, 0) = 0 [pid 3772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3772] write(3, "1000", 4) = 4 [pid 3772] close(3) = 0 [pid 3772] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3772] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3772] write(4, "3", 1) = 1 [pid 3772] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3772] exit_group(0) = ? [pid 3772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3772, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3773 ./strace-static-x86_64: Process 3773 attached [pid 3773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3773] setpgid(0, 0) = 0 [pid 3773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3773] write(3, "1000", 4) = 4 [pid 3773] close(3) = 0 [pid 3773] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3773] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3773] write(4, "3", 1) = 1 [pid 3773] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3773] exit_group(0) = ? [pid 3773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3773, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3774 ./strace-static-x86_64: Process 3774 attached [pid 3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3774] setpgid(0, 0) = 0 [pid 3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3774] write(3, "1000", 4) = 4 [pid 3774] close(3) = 0 [pid 3774] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3774] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3774] write(4, "3", 1) = 1 [pid 3774] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3774] exit_group(0) = ? [pid 3774] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3775 attached , child_tidptr=0x555555f2c5d0) = 3775 [pid 3775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3775] setpgid(0, 0) = 0 [pid 3775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3775] write(3, "1000", 4) = 4 [pid 3775] close(3) = 0 [pid 3775] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3775] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3775] write(4, "3", 1) = 1 [pid 3775] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3775] exit_group(0) = ? [pid 3775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3775, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3776 attached , child_tidptr=0x555555f2c5d0) = 3776 [pid 3776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3776] setpgid(0, 0) = 0 [pid 3776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3776] write(3, "1000", 4) = 4 [pid 3776] close(3) = 0 [pid 3776] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3776] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3776] write(4, "3", 1) = 1 [pid 3776] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3776] exit_group(0) = ? [pid 3776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3776, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3777 ./strace-static-x86_64: Process 3777 attached [pid 3777] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3777] setpgid(0, 0) = 0 [pid 3777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3777] write(3, "1000", 4) = 4 [pid 3777] close(3) = 0 [pid 3777] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3777] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3777] write(4, "3", 1) = 1 [ 60.267729][ T3777] FAULT_INJECTION: forcing a failure. [ 60.267729][ T3777] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 60.281117][ T3777] CPU: 0 PID: 3777 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 60.292505][ T3777] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 60.301871][ T3777] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3777, name: syz-executor146 [ 60.311324][ T3777] preempt_count: 0, expected: 0 [ 60.316230][ T3777] RCU nest depth: 0, expected: 0 [ 60.321183][ T3777] 2 locks held by syz-executor146/3777: [ 60.326724][ T3777] #0: ffff888026490098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 60.336527][ T3777] #1: ffff888026490130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 60.347848][ T3777] irq event stamp: 3370 [ 60.352002][ T3777] hardirqs last enabled at (3369): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 60.362355][ T3777] hardirqs last disabled at (3370): [] dump_stack_lvl+0x2e/0x134 [ 60.371855][ T3777] softirqs last enabled at (3362): [] __irq_exit_rcu+0x123/0x180 [ 60.381220][ T3777] softirqs last disabled at (3263): [] __irq_exit_rcu+0x123/0x180 [ 60.390602][ T3777] CPU: 0 PID: 3777 Comm: syz-executor146 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 60.402001][ T3777] syz-executor146[3777] cmdline: ./syz-executor1469468726 [ 60.409109][ T3777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 60.419171][ T3777] Call Trace: [ 60.422455][ T3777] [ 60.425394][ T3777] dump_stack_lvl+0xcd/0x134 [ 60.430013][ T3777] __might_resched.cold+0x222/0x26b [ 60.435222][ T3777] down_read_killable+0x75/0x490 [ 60.440179][ T3777] ? down_read+0x450/0x450 [ 60.444620][ T3777] __access_remote_vm+0xac/0x6f0 [ 60.449577][ T3777] ? follow_phys+0x2c0/0x2c0 [ 60.454173][ T3777] ? do_raw_spin_lock+0x120/0x2a0 [ 60.459223][ T3777] ? rwlock_bug.part.0+0x90/0x90 [ 60.464172][ T3777] ? __up_console_sem+0x47/0xc0 [ 60.469060][ T3777] get_mm_cmdline.part.0+0x217/0x620 [ 60.474362][ T3777] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 60.480092][ T3777] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 60.485911][ T3777] get_task_cmdline_kernel+0x1d9/0x220 [ 60.491401][ T3777] dump_stack_print_cmdline.part.0+0x82/0x150 [ 60.497485][ T3777] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 60.503610][ T3777] ? dump_stack_print_info+0xc6/0x190 [ 60.508998][ T3777] dump_stack_print_info+0x185/0x190 [ 60.514306][ T3777] dump_stack_lvl+0xc1/0x134 [ 60.518914][ T3777] should_fail.cold+0x5/0xa [ 60.523437][ T3777] copyin+0x19/0x120 [ 60.527347][ T3777] _copy_from_iter+0x1ca/0x11c0 [ 60.532219][ T3777] ? _copy_mc_to_iter+0x1430/0x1430 [ 60.537429][ T3777] ? rcu_read_lock_sched_held+0x3a/0x70 [ 60.542992][ T3777] ? __virt_addr_valid+0x5d/0x2d0 [ 60.548021][ T3777] ? __phys_addr+0xc4/0x140 [ 60.552534][ T3777] ? __phys_addr_symbol+0x2c/0x70 [ 60.557565][ T3777] ? __check_object_size+0x2de/0x700 [ 60.562872][ T3777] file_tty_write.constprop.0+0x449/0x8f0 [ 60.568603][ T3777] ? n_tty_close+0x1e0/0x1e0 [ 60.573210][ T3777] vfs_write+0x9e9/0xdd0 [ 60.577468][ T3777] ? vfs_read+0x930/0x930 [ 60.581810][ T3777] ? find_held_lock+0x2d/0x110 [ 60.586586][ T3777] ? lock_downgrade+0x6e0/0x6e0 [ 60.591447][ T3777] ? __fget_light+0x20a/0x270 [ 60.596138][ T3777] ksys_write+0x127/0x250 [ 60.600481][ T3777] ? __ia32_sys_read+0xb0/0xb0 [ 60.605258][ T3777] ? lockdep_hardirqs_on+0x79/0x100 [ 60.610471][ T3777] ? _raw_spin_unlock_irq+0x2a/0x40 [ 60.615677][ T3777] ? ptrace_notify+0xfa/0x140 [ 60.620369][ T3777] do_syscall_64+0x35/0xb0 [ 60.624797][ T3777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.630699][ T3777] RIP: 0033:0x7fa87e80b059 [ 60.635117][ T3777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.654728][ T3777] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.663145][ T3777] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 60.671116][ T3777] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 60.679087][ T3777] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 60.687058][ T3777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 60.695030][ T3777] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 60.703032][ T3777] [ 60.706072][ T3777] syz-executor146[3777] cmdline: ./syz-executor1469468726 [ 60.713177][ T3777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 60.723229][ T3777] Call Trace: [ 60.726514][ T3777] [ 60.729444][ T3777] dump_stack_lvl+0xcd/0x134 [ 60.734059][ T3777] should_fail.cold+0x5/0xa [ 60.738580][ T3777] copyin+0x19/0x120 [ 60.742490][ T3777] _copy_from_iter+0x1ca/0x11c0 [ 60.747370][ T3777] ? _copy_mc_to_iter+0x1430/0x1430 [ 60.752582][ T3777] ? rcu_read_lock_sched_held+0x3a/0x70 [ 60.758134][ T3777] ? __virt_addr_valid+0x5d/0x2d0 [ 60.763163][ T3777] ? __phys_addr+0xc4/0x140 [ 60.767676][ T3777] ? __phys_addr_symbol+0x2c/0x70 [ 60.772707][ T3777] ? __check_object_size+0x2de/0x700 [ 60.778014][ T3777] file_tty_write.constprop.0+0x449/0x8f0 [ 60.783745][ T3777] ? n_tty_close+0x1e0/0x1e0 [ 60.788375][ T3777] vfs_write+0x9e9/0xdd0 [ 60.792647][ T3777] ? vfs_read+0x930/0x930 [ 60.796997][ T3777] ? find_held_lock+0x2d/0x110 [ 60.801791][ T3777] ? lock_downgrade+0x6e0/0x6e0 [ 60.806670][ T3777] ? __fget_light+0x20a/0x270 [ 60.811367][ T3777] ksys_write+0x127/0x250 [ 60.815712][ T3777] ? __ia32_sys_read+0xb0/0xb0 [ 60.820490][ T3777] ? lockdep_hardirqs_on+0x79/0x100 [ 60.825711][ T3777] ? _raw_spin_unlock_irq+0x2a/0x40 [ 60.830925][ T3777] ? ptrace_notify+0xfa/0x140 [ 60.835623][ T3777] do_syscall_64+0x35/0xb0 [ 60.840061][ T3777] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.845968][ T3777] RIP: 0033:0x7fa87e80b059 [ 60.850390][ T3777] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 60.869999][ T3777] RSP: 002b:00007fff5260dab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 60.878420][ T3777] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa87e80b059 [ 60.886398][ T3777] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 60.894457][ T3777] RBP: 00007fff5260dad0 R08: 0000000000000001 R09: 0000000000000001 [ 60.902430][ T3777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 60.910400][ T3777] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [pid 3777] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3777] exit_group(0) = ? [pid 3777] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3777, si_uid=0, si_status=0, si_utime=0, si_stime=65} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3778 ./strace-static-x86_64: Process 3778 attached [pid 3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3778] setpgid(0, 0) = 0 [pid 3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3778] write(3, "1000", 4) = 4 [pid 3778] close(3) = 0 [pid 3778] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3778] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3778] write(4, "3", 1) = 1 [pid 3778] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3778] exit_group(0) = ? [pid 3778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3779 ./strace-static-x86_64: Process 3779 attached [pid 3779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3779] setpgid(0, 0) = 0 [pid 3779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3779] write(3, "1000", 4) = 4 [pid 3779] close(3) = 0 [pid 3779] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3779] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3779] write(4, "3", 1) = 1 [pid 3779] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 60.918735][ T3777] [ 60.937671][ T3778] pagefault_out_of_memory: 53 callbacks suppressed [ 60.937689][ T3778] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 60.963568][ T3779] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3779] exit_group(0) = ? [pid 3779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3779, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3780 ./strace-static-x86_64: Process 3780 attached [pid 3780] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3780] setpgid(0, 0) = 0 [pid 3780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3780] write(3, "1000", 4) = 4 [pid 3780] close(3) = 0 [pid 3780] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3780] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3780] write(4, "3", 1) = 1 [pid 3780] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3780] exit_group(0) = ? [pid 3780] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3780, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3781 attached , child_tidptr=0x555555f2c5d0) = 3781 [pid 3781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3781] setpgid(0, 0) = 0 [pid 3781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3781] write(3, "1000", 4) = 4 [pid 3781] close(3) = 0 [pid 3781] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3781] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3781] write(4, "3", 1) = 1 [pid 3781] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3781] exit_group(0) = ? [pid 3781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3781, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3782 ./strace-static-x86_64: Process 3782 attached [pid 3782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3782] setpgid(0, 0) = 0 [pid 3782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3782] write(3, "1000", 4) = 4 [pid 3782] close(3) = 0 [pid 3782] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3782] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3782] write(4, "3", 1) = 1 [pid 3782] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 60.981483][ T3780] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 61.005648][ T3781] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3782] exit_group(0) = ? [pid 3782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3782, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f2c5d0) = 3783 ./strace-static-x86_64: Process 3783 attached [pid 3783] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3783] setpgid(0, 0) = 0 [pid 3783] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3783] write(3, "1000", 4) = 4 [pid 3783] close(3) = 0 [pid 3783] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3783] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3783] write(4, "3", 1) = 1 [pid 3783] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3783] exit_group(0) = ? [pid 3783] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3783, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3784 attached , child_tidptr=0x555555f2c5d0) = 3784 [pid 3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3784] setpgid(0, 0) = 0 [pid 3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3784] write(3, "1000", 4) = 4 [pid 3784] close(3) = 0 [pid 3784] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3784] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3784] write(4, "3", 1) = 1 [pid 3784] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 61.039028][ T3782] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 61.060882][ T3783] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3784] exit_group(0) = ? [pid 3784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3785 attached , child_tidptr=0x555555f2c5d0) = 3785 [pid 3785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3785] setpgid(0, 0) = 0 [pid 3785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3785] write(3, "1000", 4) = 4 [pid 3785] close(3) = 0 [pid 3785] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_NOCTTY|O_TRUNC|O_SYNC|O_NOFOLLOW) = 3 [pid 3785] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3785] write(4, "3", 1) = 1 [pid 3785] write(3, NULL, 65326) = -1 EFAULT (Bad address)