[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 25.988313][ T24] kauditd_printk_skb: 18 callbacks suppressed [ 25.988318][ T24] audit: type=1400 audit(1566024767.710:35): avc: denied { map } for pid=6841 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. [ 151.707157][ T24] audit: type=1400 audit(1566024893.430:36): avc: denied { map } for pid=6857 comm="syz-executor217" path="/root/syz-executor217113110" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 executing program [ 158.528486][ T6862] IPVS: ftp: loaded support on port[0] = 21 [ 158.530708][ T6867] IPVS: ftp: loaded support on port[0] = 21 [ 158.537115][ T6868] IPVS: ftp: loaded support on port[0] = 21 [ 158.542858][ T6869] IPVS: ftp: loaded support on port[0] = 21 [ 158.553067][ T6871] IPVS: ftp: loaded support on port[0] = 21 [ 158.555176][ T6870] IPVS: ftp: loaded support on port[0] = 21 [ 158.561069][ T6873] IPVS: ftp: loaded support on port[0] = 21 [ 158.566927][ T6872] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 158.584972][ T6875] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.584972][ T6875] program syz-executor217 not setting count and/or reply_len properly [ 158.603563][ T6879] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.603563][ T6879] program syz-executor217 not setting count and/or reply_len properly [ 158.606880][ T6882] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; executing program executing program executing program [ 158.606880][ T6882] program syz-executor217 not setting count and/or reply_len properly [ 158.628673][ T6881] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.628673][ T6881] program syz-executor217 not setting count and/or reply_len properly [ 158.647611][ T6887] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.647611][ T6887] program syz-executor217 not setting count and/or reply_len properly [ 158.663908][ T6884] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; executing program [ 158.663908][ T6884] program syz-executor217 not setting count and/or reply_len properly [ 158.674446][ T6888] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.674446][ T6888] program syz-executor217 not setting count and/or reply_len properly [ 158.691762][ T6886] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.691762][ T6886] program syz-executor217 not setting count and/or reply_len properly [ 158.710507][ T6890] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.710507][ T6890] program syz-executor217 not setting count and/or reply_len properly [ 158.728248][ T6891] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 158.728248][ T6891] program syz-executor217 not setting count and/or reply_len properly executing program [ 175.077930][ T6899] sg_write: 5 callbacks suppressed [ 175.077935][ T6899] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.077935][ T6899] program syz-executor217 not setting count and/or reply_len properly [ 175.101332][ T6900] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.101332][ T6900] program syz-executor217 not setting count and/or reply_len properly executing program [ 175.242784][ T6902] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.242784][ T6902] program syz-executor217 not setting count and/or reply_len properly [ 175.260687][ T6903] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.260687][ T6903] program syz-executor217 not setting count and/or reply_len properly executing program executing program [ 175.353966][ T6905] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.353966][ T6905] program syz-executor217 not setting count and/or reply_len properly [ 175.371951][ T6906] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.371951][ T6906] program syz-executor217 not setting count and/or reply_len properly [ 175.432802][ T6908] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.432802][ T6908] program syz-executor217 not setting count and/or reply_len properly [ 175.450818][ T6909] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 175.450818][ T6909] program syz-executor217 not setting count and/or reply_len properly executing program executing program [ 176.504327][ T6911] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 176.504327][ T6911] program syz-executor217 not setting count and/or reply_len properly [ 176.522296][ T6912] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 176.522296][ T6912] program syz-executor217 not setting count and/or reply_len properly executing program executing program executing program [ 191.580013][ T6923] sg_write: 6 callbacks suppressed [ 191.580018][ T6923] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 191.580018][ T6923] program syz-executor217 not setting count and/or reply_len properly [ 191.603103][ T6924] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 191.603103][ T6924] program syz-executor217 not setting count and/or reply_len properly executing program [ 191.871475][ T6926] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 191.871475][ T6926] program syz-executor217 not setting count and/or reply_len properly [ 191.889566][ T6927] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 191.889566][ T6927] program syz-executor217 not setting count and/or reply_len properly executing program [ 191.994728][ T6929] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 191.994728][ T6929] program syz-executor217 not setting count and/or reply_len properly [ 192.012699][ T6930] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 192.012699][ T6930] program syz-executor217 not setting count and/or reply_len properly executing program executing program [ 192.989119][ T6932] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 192.989119][ T6932] program syz-executor217 not setting count and/or reply_len properly [ 193.007008][ T6933] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 193.007008][ T6933] program syz-executor217 not setting count and/or reply_len properly [ 193.020476][ T6935] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; executing program [ 193.020476][ T6935] program syz-executor217 not setting count and/or reply_len properly [ 193.042267][ T6936] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 193.042267][ T6936] program syz-executor217 not setting count and/or reply_len properly executing program executing program [ 195.092600][ T6873] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 196.170208][ T6862] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 210.097432][ T6868] kmemleak: 3 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff8881169ea800 (size 2048): comm "syz-executor217", pid 6881, jiffies 4294953147 (age 52.410s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116a28800 (size 2048): comm "syz-executor217", pid 6886, jiffies 4294953147 (age 52.410s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881173f6800 (size 2048): comm "syz-executor217", pid 6887, jiffies 4294953147 (age 52.410s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881169ea800 (size 2048): comm "syz-executor217", pid 6881, jiffies 4294953147 (age 54.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116a28800 (size 2048): comm "syz-executor217", pid 6886, jiffies 4294953147 (age 54.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881173f6800 (size 2048): comm "syz-executor217", pid 6887, jiffies 4294953147 (age 54.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881169ea800 (size 2048): comm "syz-executor217", pid 6881, jiffies 4294953147 (age 56.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116a28800 (size 2048): comm "syz-executor217", pid 6886, jiffies 4294953147 (age 56.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881173f6800 (size 2048): comm "syz-executor217", pid 6887, jiffies 4294953147 (age 56.420s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881169ea800 (size 2048): comm "syz-executor217", pid 6881, jiffies 4294953147 (age 58.340s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff888116a28800 (size 2048): comm "syz-executor217", pid 6886, jiffies 4294953147 (age 58.340s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881173f6800 (size 2048): comm "syz-executor217", pid 6887, jiffies 4294953147 (age 58.340s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ............... backtrace: [<0000000069f24537>] __kmalloc+0x169/0x300 [<00000000ac75ad37>] bio_alloc_bioset+0x1b8/0x2c0 [<00000000d1f2ae78>] bio_copy_user_iov+0x112/0x4b0 [<00000000553a1de0>] blk_rq_map_user_iov+0xc6/0x2b0 [<00000000cd88a595>] blk_rq_map_user+0x71/0xb0 [<000000000952f73a>] sg_common_write.isra.0+0x619/0xa10 [<00000000f4d35ee8>] sg_write.part.0+0x325/0x570 [<00000000633768e8>] sg_write+0x44/0x64 [<00000000316012f6>] __vfs_write+0x43/0xa0 [<00000000672f0ed9>] vfs_write+0xee/0x210 [<00000000d395926c>] ksys_write+0x7c/0x130 [<0000000031883fdc>] __x64_sys_write+0x1e/0x30 [<000000004d0d8450>] do_syscall_64+0x76/0x1a0 [<0000000045d1fbc3>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 executing program [ 217.180442][ T6947] sg_write: 6 callbacks suppressed [ 217.180446][ T6947] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 217.180446][ T6947] program syz-executor217 not setting count and/or reply_len properly [ 217.203438][ T6948] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 217.203438][ T6948] program syz-executor217 not setting count and/or reply_len properly executing program [ 217.297276][ T6953] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 217.297276][ T6953] program syz-executor217 not setting count and/or reply_len properly [ 217.315129][ T6954] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 217.315129][ T6954] program syz-executor217 not setting count and/or reply_len properly executing program [ 219.204951][ T6872] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) executing program [ 219.248434][ T6964] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 219.248434][ T6964] program syz-executor217 not setting count and/or reply_len properly [ 219.266324][ T6965] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 219.266324][ T6965] program syz-executor217 not setting count and/or reply_len properly [ 219.281926][ T6967] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 219.281926][ T6967] program syz-executor217 not setting count and/or reply_len properly [ 219.306070][ T6968] sg_write: data in/out 429306/24 bytes for SCSI command 0xff-- guessing data in; [ 219.306070][ T6968] program syz-executor217 not setting count and/or reply_len properly [ 220.982825][ T6870] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)