./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor996743261 <...> Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. execve("./syz-executor996743261", ["./syz-executor996743261"], 0x7ffdf7e77600 /* 10 vars */) = 0 brk(NULL) = 0x55555642f000 brk(0x55555642fe00) = 0x55555642fe00 arch_prctl(ARCH_SET_FS, 0x55555642f480) = 0 set_tid_address(0x55555642f750) = 5013 set_robust_list(0x55555642f760, 24) = 0 rseq(0x55555642fda0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor996743261", 4096) = 27 getrandom("\x26\x28\x0d\x09\x06\x49\xcb\x8d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555642fe00 brk(0x555556450e00) = 0x555556450e00 brk(0x555556451000) = 0x555556451000 mprotect(0x7f00fd051000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f00fcf96d50, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f00fcf9f570}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f00fcf96d50, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f00fcf9f570}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.711118][ T26] audit: type=1400 audit(1690708581.283:83): avc: denied { write } for pid=5010 comm="strace-static-x" path="pipe:[29398]" dev="pipefs" ino=29398 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555642f750) = 5015 ./strace-static-x86_64: Process 5015 attached [pid 5015] set_robust_list(0x55555642f760, 24) = 0 [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5015] setpgid(0, 0) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5015] write(3, "1000", 4) = 4 [pid 5015] close(3) = 0 [pid 5015] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] rt_sigaction(SIGRT_1, {sa_handler=0x7f00fcff5810, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f00fcf9f570}, NULL, 8) = 0 [pid 5015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf6c000 [ 68.742530][ T26] audit: type=1400 audit(1690708581.313:84): avc: denied { execmem } for pid=5013 comm="syz-executor996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 68.762870][ T26] audit: type=1400 audit(1690708581.323:85): avc: denied { read write } for pid=5013 comm="syz-executor996" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5015] mprotect(0x7f00fcf6d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf8c990, parent_tid=0x7f00fcf8c990, exit_signal=0, stack=0x7f00fcf6c000, stack_size=0x20240, tls=0x7f00fcf8c6c0} => {parent_tid=[5016]}, 88) = 5016 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5016 attached [pid 5016] rseq(0x7f00fcf8cfe0, 0x20, 0, 0x53053053) = 0 [pid 5016] set_robust_list(0x7f00fcf8c9a0, 24) = 0 [pid 5016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5016] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5016] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [ 68.788448][ T26] audit: type=1400 audit(1690708581.323:86): avc: denied { open } for pid=5013 comm="syz-executor996" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5016] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5016] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf4b000 [pid 5015] mprotect(0x7f00fcf4c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf6b990, parent_tid=0x7f00fcf6b990, exit_signal=0, stack=0x7f00fcf4b000, stack_size=0x20240, tls=0x7f00fcf6b6c0} => {parent_tid=[5017]}, 88) = 5017 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 5017 attached [pid 5017] rseq(0x7f00fcf6bfe0, 0x20, 0, 0x53053053) = 0 [pid 5017] set_robust_list(0x7f00fcf6b9a0, 24) = 0 [pid 5017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5017] memfd_create("syzkaller", 0) = 4 [pid 5017] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f00f4b4b000 [pid 5017] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5017] munmap(0x7f00f4b4b000, 131072) = 0 [pid 5017] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [ 68.832806][ T26] audit: type=1400 audit(1690708581.323:87): avc: denied { ioctl } for pid=5013 comm="syz-executor996" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 68.864687][ T5017] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5017 'syz-executor996' [pid 5017] ioctl(5, LOOP_SET_FD, 4) = 0 [pid 5017] close(4) = 0 [pid 5017] mkdir("./file0", 0777) = 0 [pid 5017] mount("/dev/loop0", "./file0", "exfat", MS_DIRSYNC|MS_RELATIME|MS_STRICTATIME, "") = 0 [ 68.889694][ T5017] loop0: detected capacity change from 0 to 256 [ 68.907170][ T26] audit: type=1400 audit(1690708581.473:88): avc: denied { mounton } for pid=5015 comm="syz-executor996" path="/root/file0" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 5017] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 5017] chdir("./file0") = 0 [pid 5017] ioctl(5, LOOP_CLR_FD) = 0 [pid 5017] close(5) = 0 [pid 5017] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [pid 5017] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5017] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 5017] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [pid 5017] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5017] <... futex resumed>) = 1 [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5016] <... write resumed>) = 2744320 [pid 5016] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7f00fd057608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [ 68.941778][ T26] audit: type=1400 audit(1690708581.513:89): avc: denied { mount } for pid=5015 comm="syz-executor996" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5017] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5017] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5017] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] exit_group(0) = ? [pid 5017] <... futex resumed>) = ? [pid 5017] +++ exited with 0 +++ [pid 5016] <... futex resumed>) = ? [pid 5016] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555642f750) = 5018 ./strace-static-x86_64: Process 5018 attached [pid 5018] set_robust_list(0x55555642f760, 24) = 0 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5018] setpgid(0, 0) = 0 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5018] write(3, "1000", 4) = 4 [pid 5018] close(3) = 0 [pid 5018] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] rt_sigaction(SIGRT_1, {sa_handler=0x7f00fcff5810, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f00fcf9f570}, NULL, 8) = 0 [pid 5018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf6c000 [pid 5018] mprotect(0x7f00fcf6d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf8c990, parent_tid=0x7f00fcf8c990, exit_signal=0, stack=0x7f00fcf6c000, stack_size=0x20240, tls=0x7f00fcf8c6c0} => {parent_tid=[5019]}, 88) = 5019 [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 68.988167][ T26] audit: type=1400 audit(1690708581.553:90): avc: denied { read append } for pid=5015 comm="syz-executor996" name="sg0" dev="devtmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [pid 5018] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5019 attached [pid 5019] rseq(0x7f00fcf8cfe0, 0x20, 0, 0x53053053) = 0 [pid 5019] set_robust_list(0x7f00fcf8c9a0, 24) = 0 [pid 5019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5019] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5019] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] <... futex resumed>) = 1 [ 69.014558][ T26] audit: type=1400 audit(1690708581.553:91): avc: denied { open } for pid=5015 comm="syz-executor996" path="/dev/sg0" dev="devtmpfs" ino=694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [pid 5019] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5019] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7f00fd057608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf4b000 [pid 5018] mprotect(0x7f00fcf4c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf6b990, parent_tid=0x7f00fcf6b990, exit_signal=0, stack=0x7f00fcf4b000, stack_size=0x20240, tls=0x7f00fcf6b6c0} => {parent_tid=[5020]}, 88) = 5020 [pid 5018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5018] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5020 attached [pid 5020] rseq(0x7f00fcf6bfe0, 0x20, 0, 0x53053053) = 0 [pid 5020] set_robust_list(0x7f00fcf6b9a0, 24) = 0 [pid 5020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5020] memfd_create("syzkaller", 0) = 4 [pid 5020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f00f4b4b000 [pid 5020] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5020] munmap(0x7f00f4b4b000, 131072) = 0 [pid 5020] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5020] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5020] ioctl(5, LOOP_CLR_FD) = 0 [pid 5020] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5020] close(5) = 0 [pid 5020] close(4) = 0 [pid 5020] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5018] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5018] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5020] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0) = 0x20000000 [pid 5020] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5019] <... write resumed>) = 860160 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5018] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] <... futex resumed>) = 0 [pid 5018] <... futex resumed>) = 0 [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 5018] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5019] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5020] futex(0x7f00fd057618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5019] <... futex resumed>) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7f00fd057608, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5018] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5018] <... futex resumed>) = 0 [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5018] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5019] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [pid 5019] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48) = 48 [pid 5019] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5018] <... futex resumed>) = 0 [pid 5019] futex(0x7f00fd057608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5018] exit_group(0 [pid 5020] <... futex resumed>) = ? [pid 5019] <... futex resumed>) = ? [pid 5018] <... exit_group resumed>) = ? [pid 5019] +++ exited with 0 +++ [pid 5020] +++ exited with 0 +++ [pid 5018] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5018, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555642f750) = 5021 ./strace-static-x86_64: Process 5021 attached [pid 5021] set_robust_list(0x55555642f760, 24) = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5021] close(3) = 0 [pid 5021] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] rt_sigaction(SIGRT_1, {sa_handler=0x7f00fcff5810, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f00fcf9f570}, NULL, 8) = 0 [pid 5021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf6c000 [pid 5021] mprotect(0x7f00fcf6d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf8c990, parent_tid=0x7f00fcf8c990, exit_signal=0, stack=0x7f00fcf6c000, stack_size=0x20240, tls=0x7f00fcf8c6c0} => {parent_tid=[5022]}, 88) = 5022 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5022 attached [pid 5022] rseq(0x7f00fcf8cfe0, 0x20, 0, 0x53053053) = 0 [pid 5022] set_robust_list(0x7f00fcf8c9a0, 24) = 0 [pid 5022] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5022] mount("/dev/sg0", NULL, NULL, 0, NULL) = -1 EFAULT (Bad address) [pid 5022] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] <... futex resumed>) = 1 [pid 5022] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 3 [pid 5022] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f00fcf4b000 [pid 5021] mprotect(0x7f00fcf4c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5021] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f00fcf6b990, parent_tid=0x7f00fcf6b990, exit_signal=0, stack=0x7f00fcf4b000, stack_size=0x20240, tls=0x7f00fcf6b6c0}./strace-static-x86_64: Process 5023 attached [pid 5023] rseq(0x7f00fcf6bfe0, 0x20, 0, 0x53053053 [pid 5021] <... clone3 resumed> => {parent_tid=[5023]}, 88) = 5023 [pid 5023] <... rseq resumed>) = 0 [pid 5023] set_robust_list(0x7f00fcf6b9a0, 24) = 0 [pid 5021] rt_sigprocmask(SIG_SETMASK, [], [pid 5023] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5023] memfd_create("syzkaller", 0 [pid 5021] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... memfd_create resumed>) = 4 [pid 5021] <... futex resumed>) = 0 [pid 5023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f00f4b4b000 [pid 5021] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5022] <... futex resumed>) = 1 [pid 5022] write(3, "\x65\x78\x66\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5023] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5023] munmap(0x7f00f4b4b000, 131072) = 0 [pid 5023] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 5023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5023] ioctl(5, LOOP_CLR_FD) = 0 [pid 5023] ioctl(5, LOOP_SET_FD, 4) = -1 EBUSY (Device or resource busy) [pid 5023] close(5) = 0 [pid 5023] close(4) = 0 [pid 5023] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5023] futex(0x7f00fd057618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5021] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5023] mmap(0x20000000, 11755520, PROT_READ|PROT_GROWSDOWN, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 3, 0 [pid 5022] <... write resumed>) = 360448 [pid 5023] <... mmap resumed>) = 0x20000000 [pid 5023] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5021] <... futex resumed>) = 0 [pid 5023] futex(0x7f00fd057618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f00fd057618, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5021] <... futex resumed>) = 0 [pid 5023] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000180} --- [pid 5021] futex(0x7f00fd05761c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5023] openat(AT_FDCWD, "/dev/sg0", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5023] futex(0x7f00fd05761c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] futex(0x7f00fd05760c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5023] <... futex resumed>) = 1 [pid 5022] <... futex resumed>) = 0 [pid 5021] <... futex resumed>) = 0 [pid 5023] futex(0x7f00fd057618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5021] futex(0x7f00fd057608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000000} --- [pid 5021] <... futex resumed>) = 0 [pid 5021] futex(0x7f00fd05760c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000004} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000008} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000010} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000018} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000020} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x20000028} --- [pid 5022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2000002c} --- [ 69.235392][ T5022] sg_write: data in/out 80/6 bytes for SCSI command 0x0-- guessing data in; [ 69.235392][ T5022] program syz-executor996 not setting count and/or reply_len properly [ 69.253110][ T5022] ------------[ cut here ]------------ [ 69.258581][ T5022] WARNING: CPU: 0 PID: 5022 at lib/iov_iter.c:385 _copy_from_iter+0x2c2/0x11f0 [ 69.267669][ T5022] Modules linked in: [ 69.271895][ T5022] CPU: 0 PID: 5022 Comm: syz-executor996 Not tainted 6.5.0-rc3-syzkaller-00283-g12214540ad87 #0 [pid 5022] write(4, "\x65\x78\x66\x61\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48 [pid 5021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 69.282884][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 69.293304][ T5022] RIP: 0010:_copy_from_iter+0x2c2/0x11f0 [ 69.299102][ T5022] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 79 c9 68 fd be 85 01 00 00 48 c7 c7 60 8e c7 8a e8 a8 7f a6 fd e9 48 fe ff ff e8 5e c9 68 fd <0f> 0b 45 31 ff eb 88 e8 52 c9 68 fd 31 ff 44 89 e6 e8 78 c4 68 fd [ 69.319029][ T5022] RSP: 0018:ffffc9000342f5f0 EFLAGS: 00010293 [ 69.325397][ T5022] RAX: 0000000000000000 RBX: ffffc9000342f838 RCX: 0000000000000000 [ 69.333826][ T5022] RDX: ffff88807b9ba0c0 RSI: ffffffff841cc012 RDI: 0000000000000001 [ 69.342129][ T5022] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 69.353131][ T5022] R10: 0000000000000000 R11: 0000000000094000 R12: 0000000000000050 [ 69.361236][ T5022] R13: 0000000000000050 R14: 0000000000000000 R15: 0000160000000000 [ 69.369383][ T5022] FS: 00007f00fcf8c6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 69.378523][ T5022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.385207][ T5022] CR2: 000000002000002c CR3: 000000007c749000 CR4: 00000000003506f0 [ 69.393259][ T5022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.401328][ T5022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.409391][ T5022] Call Trace: [ 69.412949][ T5022] [ 69.415888][ T5022] ? __warn+0xe6/0x380 [ 69.420039][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.425127][ T5022] ? report_bug+0x3bc/0x580 [ 69.429792][ T5022] ? handle_bug+0x3c/0x70 [pid 5021] exit_group(0 [pid 5023] <... futex resumed>) = ? [pid 5021] <... exit_group resumed>) = ? [pid 5023] +++ exited with 0 +++ [ 69.434262][ T5022] ? exc_invalid_op+0x17/0x40 [ 69.439115][ T5022] ? asm_exc_invalid_op+0x1a/0x20 [ 69.444194][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.448839][ T26] audit: type=1400 audit(1690708582.003:92): avc: denied { append } for pid=4450 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 69.449719][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.477205][ T5022] ? bio_add_hw_page+0x29e/0x720 [ 69.482336][ T5022] ? hash_and_copy_to_iter+0x230/0x230 [ 69.487835][ T5022] ? bio_add_pc_page+0xb5/0x100 [ 69.492770][ T5022] ? bio_add_hw_page+0x720/0x720 [ 69.497754][ T5022] copy_page_from_iter+0xa5/0x120 [ 69.503147][ T5022] blk_rq_map_user_iov+0x9d5/0x17e0 [ 69.508476][ T5022] ? bio_map_user_iov+0xaa0/0xaa0 [ 69.513577][ T5022] ? sg_common_write.constprop.0+0xc0e/0x1c90 [ 69.519702][ T5022] ? __mutex_lock+0x25b/0x1340 [ 69.524480][ T5022] ? find_held_lock+0x2d/0x110 [ 69.529410][ T5022] blk_rq_map_user_io+0x202/0x230 [ 69.534466][ T5022] ? blk_rq_map_user_io.part.0+0x2c0/0x2c0 [ 69.540352][ T5022] ? bit_wait_io_timeout+0x160/0x160 [ 69.545675][ T5022] ? _raw_spin_unlock_irqrestore+0x4e/0x70 [ 69.551635][ T5022] sg_common_write.constprop.0+0xd61/0x1c90 [ 69.557568][ T5022] ? sg_read+0x1590/0x1590 [ 69.562209][ T5022] ? idr_get_free+0xa30/0xa30 [ 69.567083][ T5022] sg_write+0x82f/0xe10 [ 69.571312][ T5022] ? sg_ioctl+0x2760/0x2760 [ 69.575946][ T5022] ? security_file_permission+0x94/0x100 [ 69.581637][ T5022] vfs_write+0x2a4/0xe40 [ 69.585899][ T5022] ? sg_ioctl+0x2760/0x2760 [ 69.590471][ T5022] ? kernel_write+0x6c0/0x6c0 [ 69.595359][ T5022] ? __fget_files+0x279/0x410 [ 69.600123][ T5022] ? __fget_light+0xe6/0x260 [ 69.604837][ T5022] ksys_write+0x12f/0x250 [ 69.609458][ T5022] ? __ia32_sys_read+0xb0/0xb0 [ 69.614482][ T5022] ? lockdep_hardirqs_on+0x7d/0x100 [ 69.619980][ T5022] ? _raw_spin_unlock_irq+0x2e/0x50 [ 69.625281][ T5022] ? ptrace_notify+0xf4/0x130 [ 69.630022][ T5022] do_syscall_64+0x38/0xb0 [ 69.634471][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.640465][ T5022] RIP: 0033:0x7f00fcfcfb49 [ 69.644909][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 69.664690][ T5022] RSP: 002b:00007f00fcf8c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.673449][ T5022] RAX: ffffffffffffffda RBX: 00007f00fd057608 RCX: 00007f00fcfcfb49 [ 69.681699][ T5022] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000004 [ 69.690610][ T5022] RBP: 00007f00fd057600 R08: 00007f00fd057600 R09: 0000000000000000 [ 69.698591][ T5022] R10: 00007f00fcf8c170 R11: 0000000000000246 R12: 00007f00fd05760c [ 69.706627][ T5022] R13: 0000000000000006 R14: 00007fffc5dbf280 R15: 00007fffc5dbf368 [ 69.714866][ T5022] [ 69.717904][ T5022] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.725792][ T5022] CPU: 0 PID: 5022 Comm: syz-executor996 Not tainted 6.5.0-rc3-syzkaller-00283-g12214540ad87 #0 [ 69.736323][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 69.746442][ T5022] Call Trace: [ 69.749736][ T5022] [ 69.752667][ T5022] dump_stack_lvl+0xd9/0x1b0 [ 69.757899][ T5022] panic+0x6a4/0x750 [ 69.761813][ T5022] ? panic_smp_self_stop+0xa0/0xa0 [ 69.766932][ T5022] ? show_trace_log_lvl+0x29d/0x3c0 [ 69.772227][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.777266][ T5022] check_panic_on_warn+0xab/0xb0 [ 69.782915][ T5022] __warn+0xf2/0x380 [ 69.786817][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.791938][ T5022] report_bug+0x3bc/0x580 [ 69.796279][ T5022] handle_bug+0x3c/0x70 [ 69.800439][ T5022] exc_invalid_op+0x17/0x40 [ 69.805030][ T5022] asm_exc_invalid_op+0x1a/0x20 [ 69.809974][ T5022] RIP: 0010:_copy_from_iter+0x2c2/0x11f0 [ 69.815619][ T5022] Code: 5d 41 5c 41 5d 41 5e 41 5f c3 e8 79 c9 68 fd be 85 01 00 00 48 c7 c7 60 8e c7 8a e8 a8 7f a6 fd e9 48 fe ff ff e8 5e c9 68 fd <0f> 0b 45 31 ff eb 88 e8 52 c9 68 fd 31 ff 44 89 e6 e8 78 c4 68 fd [ 69.835783][ T5022] RSP: 0018:ffffc9000342f5f0 EFLAGS: 00010293 [ 69.841862][ T5022] RAX: 0000000000000000 RBX: ffffc9000342f838 RCX: 0000000000000000 [ 69.849833][ T5022] RDX: ffff88807b9ba0c0 RSI: ffffffff841cc012 RDI: 0000000000000001 [ 69.857978][ T5022] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 69.866209][ T5022] R10: 0000000000000000 R11: 0000000000094000 R12: 0000000000000050 [ 69.874462][ T5022] R13: 0000000000000050 R14: 0000000000000000 R15: 0000160000000000 [ 69.882532][ T5022] ? _copy_from_iter+0x2c2/0x11f0 [ 69.887577][ T5022] ? bio_add_hw_page+0x29e/0x720 [ 69.892791][ T5022] ? hash_and_copy_to_iter+0x230/0x230 [ 69.898522][ T5022] ? bio_add_pc_page+0xb5/0x100 [ 69.903466][ T5022] ? bio_add_hw_page+0x720/0x720 [ 69.908437][ T5022] copy_page_from_iter+0xa5/0x120 [ 69.913598][ T5022] blk_rq_map_user_iov+0x9d5/0x17e0 [ 69.918908][ T5022] ? bio_map_user_iov+0xaa0/0xaa0 [ 69.924079][ T5022] ? sg_common_write.constprop.0+0xc0e/0x1c90 [ 69.930285][ T5022] ? __mutex_lock+0x25b/0x1340 [ 69.935143][ T5022] ? find_held_lock+0x2d/0x110 [ 69.940057][ T5022] blk_rq_map_user_io+0x202/0x230 [ 69.945281][ T5022] ? blk_rq_map_user_io.part.0+0x2c0/0x2c0 [ 69.951107][ T5022] ? bit_wait_io_timeout+0x160/0x160 [ 69.956485][ T5022] ? _raw_spin_unlock_irqrestore+0x4e/0x70 [ 69.962367][ T5022] sg_common_write.constprop.0+0xd61/0x1c90 [ 69.968363][ T5022] ? sg_read+0x1590/0x1590 [ 69.972792][ T5022] ? idr_get_free+0xa30/0xa30 [ 69.977573][ T5022] sg_write+0x82f/0xe10 [ 69.981826][ T5022] ? sg_ioctl+0x2760/0x2760 [ 69.986409][ T5022] ? security_file_permission+0x94/0x100 [ 69.992134][ T5022] vfs_write+0x2a4/0xe40 [ 69.996724][ T5022] ? sg_ioctl+0x2760/0x2760 [ 70.001256][ T5022] ? kernel_write+0x6c0/0x6c0 [ 70.006020][ T5022] ? __fget_files+0x279/0x410 [ 70.010803][ T5022] ? __fget_light+0xe6/0x260 [ 70.015926][ T5022] ksys_write+0x12f/0x250 [ 70.020257][ T5022] ? __ia32_sys_read+0xb0/0xb0 [ 70.025222][ T5022] ? lockdep_hardirqs_on+0x7d/0x100 [ 70.031044][ T5022] ? _raw_spin_unlock_irq+0x2e/0x50 [ 70.036353][ T5022] ? ptrace_notify+0xf4/0x130 [ 70.041298][ T5022] do_syscall_64+0x38/0xb0 [ 70.045975][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.052354][ T5022] RIP: 0033:0x7f00fcfcfb49 [ 70.056967][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.077039][ T5022] RSP: 002b:00007f00fcf8c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 70.085665][ T5022] RAX: ffffffffffffffda RBX: 00007f00fd057608 RCX: 00007f00fcfcfb49 [ 70.093752][ T5022] RDX: 0000000000000030 RSI: 0000000020000000 RDI: 0000000000000004 [ 70.101765][ T5022] RBP: 00007f00fd057600 R08: 00007f00fd057600 R09: 0000000000000000 [ 70.109860][ T5022] R10: 00007f00fcf8c170 R11: 0000000000000246 R12: 00007f00fd05760c [ 70.117930][ T5022] R13: 0000000000000006 R14: 00007fffc5dbf280 R15: 00007fffc5dbf368 [ 70.125996][ T5022] [ 70.129290][ T5022] Kernel Offset: disabled [ 70.133689][ T5022] Rebooting in 86400 seconds..