./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2418713577 <...> Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. execve("./syz-executor2418713577", ["./syz-executor2418713577"], 0x7fff7d645fd0 /* 10 vars */) = 0 brk(NULL) = 0x555555ef0000 brk(0x555555ef0c40) = 0x555555ef0c40 arch_prctl(ARCH_SET_FS, 0x555555ef0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2418713577", 4096) = 28 brk(0x555555f11c40) = 0x555555f11c40 brk(0x555555f12000) = 0x555555f12000 mprotect(0x7f04aabf2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3616 attached , child_tidptr=0x555555ef05d0) = 3616 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [pid 3616] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3616] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3616] write(4, "3", 1) = 1 [pid 3616] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3616] exit_group(0) = ? [pid 3616] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3616, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3617 attached , child_tidptr=0x555555ef05d0) = 3617 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3617] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3617] write(4, "3", 1) = 1 [pid 3617] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3617] exit_group(0) = ? [pid 3617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3617, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3618 attached , child_tidptr=0x555555ef05d0) = 3618 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3618] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3618] write(4, "3", 1) = 1 [pid 3618] write(3, NULL, 65326) = -1 EFAULT (Bad address) syzkaller login: [ 49.734532][ T3616] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 49.758682][ T3617] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3618] exit_group(0) = ? [pid 3618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3618, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3619 attached , child_tidptr=0x555555ef05d0) = 3619 [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3619] setpgid(0, 0) = 0 [pid 3619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1000", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3619] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3619] write(4, "3", 1) = 1 [pid 3619] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3619] exit_group(0) = ? [pid 3619] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3619, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3620 ./strace-static-x86_64: Process 3620 attached [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3620] setpgid(0, 0) = 0 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3620] write(3, "1000", 4) = 4 [pid 3620] close(3) = 0 [pid 3620] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3620] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3620] write(4, "3", 1) = 1 [pid 3620] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 49.779429][ T3618] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 49.802373][ T3619] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3620] exit_group(0) = ? [pid 3620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3620, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3621 ./strace-static-x86_64: Process 3621 attached [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3621] setpgid(0, 0) = 0 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3621] write(3, "1000", 4) = 4 [pid 3621] close(3) = 0 [pid 3621] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3621] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3621] write(4, "3", 1) = 1 [pid 3621] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3621] exit_group(0) = ? [pid 3621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3621, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3622 ./strace-static-x86_64: Process 3622 attached [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3622] setpgid(0, 0) = 0 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3622] write(3, "1000", 4) = 4 [pid 3622] close(3) = 0 [pid 3622] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3622] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3622] write(4, "3", 1) = 1 [pid 3622] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 49.825048][ T3620] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 49.847118][ T3621] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3622] exit_group(0) = ? [pid 3622] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3622, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3623 attached , child_tidptr=0x555555ef05d0) = 3623 [pid 3623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3623] setpgid(0, 0) = 0 [pid 3623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3623] write(3, "1000", 4) = 4 [pid 3623] close(3) = 0 [pid 3623] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3623] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3623] write(4, "3", 1) = 1 [pid 3623] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3623] exit_group(0) = ? [pid 3623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3623, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3624 attached , child_tidptr=0x555555ef05d0) = 3624 [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3624] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3624] write(4, "3", 1) = 1 [pid 3624] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3624] exit_group(0) = ? [pid 3624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3624, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3625 attached , child_tidptr=0x555555ef05d0) = 3625 [pid 3625] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3625] setpgid(0, 0) = 0 [pid 3625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3625] write(3, "1000", 4) = 4 [pid 3625] close(3) = 0 [pid 3625] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3625] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3625] write(4, "3", 1) = 1 [pid 3625] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 49.869744][ T3622] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 49.892712][ T3623] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 49.914550][ T3624] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3625] exit_group(0) = ? [pid 3625] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3625, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3626 attached , child_tidptr=0x555555ef05d0) = 3626 [pid 3626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3626] setpgid(0, 0) = 0 [pid 3626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3626] write(3, "1000", 4) = 4 [pid 3626] close(3) = 0 [pid 3626] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3626] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3626] write(4, "3", 1) = 1 [pid 3626] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3626] exit_group(0) = ? [pid 3626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3626, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3627 ./strace-static-x86_64: Process 3627 attached [pid 3627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3627] setpgid(0, 0) = 0 [pid 3627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3627] write(3, "1000", 4) = 4 [pid 3627] close(3) = 0 [pid 3627] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3627] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3627] write(4, "3", 1) = 1 [pid 3627] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3627] exit_group(0) = ? [pid 3627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3627, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3628 ./strace-static-x86_64: Process 3628 attached [pid 3628] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3628] setpgid(0, 0) = 0 [pid 3628] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3628] write(3, "1000", 4) = 4 [pid 3628] close(3) = 0 [pid 3628] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3628] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3628] write(4, "3", 1) = 1 [pid 3628] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3628] exit_group(0) = ? [pid 3628] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3628, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3629] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [ 49.936606][ T3625] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3629] write(4, "3", 1) = 1 [ 49.998409][ T3629] FAULT_INJECTION: forcing a failure. [ 49.998409][ T3629] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 50.011940][ T3629] CPU: 1 PID: 3629 Comm: syz-executor241 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.022021][ T3629] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 50.031401][ T3629] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3629, name: syz-executor241 [ 50.040861][ T3629] preempt_count: 0, expected: 0 [ 50.045891][ T3629] RCU nest depth: 0, expected: 0 [ 50.050826][ T3629] 2 locks held by syz-executor241/3629: [ 50.056549][ T3629] #0: ffff88801fe18098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 50.066428][ T3629] #1: ffff88801fe18130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 50.077920][ T3629] irq event stamp: 3494 [ 50.082110][ T3629] hardirqs last enabled at (3493): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 50.092458][ T3629] hardirqs last disabled at (3494): [] dump_stack_lvl+0x2e/0x134 [ 50.101774][ T3629] softirqs last enabled at (3482): [] __irq_exit_rcu+0x123/0x180 [ 50.111181][ T3629] softirqs last disabled at (3459): [] __irq_exit_rcu+0x123/0x180 [ 50.120583][ T3629] CPU: 1 PID: 3629 Comm: syz-executor241 Not tainted 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.130679][ T3629] syz-executor241[3629] cmdline: ./syz-executor2418713577 [ 50.137838][ T3629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.148180][ T3629] Call Trace: [ 50.151472][ T3629] [ 50.154405][ T3629] dump_stack_lvl+0xcd/0x134 [ 50.159015][ T3629] __might_resched.cold+0x222/0x26b [ 50.164243][ T3629] down_read_killable+0x75/0x490 [ 50.169330][ T3629] ? down_read+0x450/0x450 [ 50.173770][ T3629] __access_remote_vm+0xac/0x6f0 [ 50.178725][ T3629] ? follow_phys+0x2c0/0x2c0 [ 50.183330][ T3629] ? do_raw_spin_lock+0x120/0x2a0 [ 50.188382][ T3629] ? rwlock_bug.part.0+0x90/0x90 [ 50.193335][ T3629] ? __up_console_sem+0x47/0xc0 [ 50.198214][ T3629] get_mm_cmdline.part.0+0x217/0x620 [ 50.203614][ T3629] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 50.209360][ T3629] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 50.215172][ T3629] get_task_cmdline_kernel+0x1d9/0x220 [ 50.220654][ T3629] dump_stack_print_cmdline.part.0+0x82/0x150 [ 50.226764][ T3629] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 50.232893][ T3629] ? dump_stack_print_info+0xc6/0x190 [ 50.238300][ T3629] dump_stack_print_info+0x185/0x190 [ 50.243683][ T3629] dump_stack_lvl+0xc1/0x134 [ 50.248297][ T3629] should_fail.cold+0x5/0xa [ 50.252822][ T3629] copyin+0x19/0x120 [ 50.257020][ T3629] _copy_from_iter+0x1ca/0x11c0 [ 50.262118][ T3629] ? _copy_mc_to_iter+0x1430/0x1430 [ 50.267374][ T3629] ? rcu_read_lock_sched_held+0x3a/0x70 [ 50.274235][ T3629] ? __virt_addr_valid+0x5d/0x2d0 [ 50.279275][ T3629] ? __phys_addr+0xc4/0x140 [ 50.283785][ T3629] ? __phys_addr_symbol+0x2c/0x70 [ 50.288834][ T3629] ? __check_object_size+0x2de/0x700 [ 50.294158][ T3629] file_tty_write.constprop.0+0x449/0x8f0 [ 50.300189][ T3629] ? n_tty_close+0x1e0/0x1e0 [ 50.304815][ T3629] vfs_write+0x9e9/0xdd0 [ 50.309086][ T3629] ? vfs_read+0x930/0x930 [ 50.313445][ T3629] ? find_held_lock+0x2d/0x110 [ 50.318301][ T3629] ? lock_downgrade+0x6e0/0x6e0 [ 50.323168][ T3629] ? __fget_light+0x20a/0x270 [ 50.327869][ T3629] ksys_write+0x127/0x250 [ 50.332214][ T3629] ? __ia32_sys_read+0xb0/0xb0 [ 50.337339][ T3629] ? lockdep_hardirqs_on+0x79/0x100 [ 50.342913][ T3629] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.348129][ T3629] ? ptrace_notify+0xfa/0x140 [ 50.352933][ T3629] do_syscall_64+0x35/0xb0 [ 50.357389][ T3629] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.363297][ T3629] RIP: 0033:0x7f04aab85059 [ 50.367820][ T3629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.387440][ T3629] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.396052][ T3629] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 50.404024][ T3629] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 50.412005][ T3629] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 50.419995][ T3629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 50.427979][ T3629] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 50.435983][ T3629] [ 50.439015][ T3629] syz-executor241[3629] cmdline: ./syz-executor2418713577 [ 50.446149][ T3629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.456212][ T3629] Call Trace: [ 50.459508][ T3629] [ 50.462467][ T3629] dump_stack_lvl+0xcd/0x134 [ 50.467096][ T3629] should_fail.cold+0x5/0xa [ 50.471693][ T3629] copyin+0x19/0x120 [ 50.475600][ T3629] _copy_from_iter+0x1ca/0x11c0 [ 50.480458][ T3629] ? _copy_mc_to_iter+0x1430/0x1430 [ 50.485690][ T3629] ? rcu_read_lock_sched_held+0x3a/0x70 [ 50.491236][ T3629] ? __virt_addr_valid+0x5d/0x2d0 [ 50.496279][ T3629] ? __phys_addr+0xc4/0x140 [ 50.500827][ T3629] ? __phys_addr_symbol+0x2c/0x70 [ 50.505963][ T3629] ? __check_object_size+0x2de/0x700 [ 50.511256][ T3629] file_tty_write.constprop.0+0x449/0x8f0 [ 50.516983][ T3629] ? n_tty_close+0x1e0/0x1e0 [ 50.521693][ T3629] vfs_write+0x9e9/0xdd0 [ 50.525942][ T3629] ? vfs_read+0x930/0x930 [ 50.530273][ T3629] ? find_held_lock+0x2d/0x110 [ 50.535054][ T3629] ? lock_downgrade+0x6e0/0x6e0 [ 50.539928][ T3629] ? __fget_light+0x20a/0x270 [ 50.544605][ T3629] ksys_write+0x127/0x250 [ 50.549068][ T3629] ? __ia32_sys_read+0xb0/0xb0 [ 50.553876][ T3629] ? lockdep_hardirqs_on+0x79/0x100 [ 50.559090][ T3629] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.564400][ T3629] ? ptrace_notify+0xfa/0x140 [ 50.569105][ T3629] do_syscall_64+0x35/0xb0 [ 50.573560][ T3629] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.579565][ T3629] RIP: 0033:0x7f04aab85059 [ 50.583986][ T3629] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.603686][ T3629] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 50.612115][ T3629] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 50.620106][ T3629] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 50.628102][ T3629] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 50.636171][ T3629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3629] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3629] exit_group(0) = ? [pid 3629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3629, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3630 ./strace-static-x86_64: Process 3630 attached [pid 3630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3630] setpgid(0, 0) = 0 [pid 3630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3630] write(3, "1000", 4) = 4 [pid 3630] close(3) = 0 [pid 3630] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3630] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3630] write(4, "3", 1) = 1 [pid 3630] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3630] exit_group(0) = ? [pid 3630] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3630, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3631 attached , child_tidptr=0x555555ef05d0) = 3631 [pid 3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3631] setpgid(0, 0) = 0 [pid 3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3631] write(3, "1000", 4) = 4 [pid 3631] close(3) = 0 [pid 3631] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3631] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3631] write(4, "3", 1) = 1 [pid 3631] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3631] exit_group(0) = ? [pid 3631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3632 attached , child_tidptr=0x555555ef05d0) = 3632 [ 50.644256][ T3629] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 50.652855][ T3629] [pid 3632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3632] setpgid(0, 0) = 0 [pid 3632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3632] write(3, "1000", 4) = 4 [pid 3632] close(3) = 0 [pid 3632] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3632] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3632] write(4, "3", 1) = 1 [pid 3632] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3632] exit_group(0) = ? [pid 3632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3632, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3633 attached [pid 3633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3633] setpgid(0, 0) = 0 [pid 3633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3633 [pid 3633] write(3, "1000", 4) = 4 [pid 3633] close(3) = 0 [pid 3633] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3633] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3633] write(4, "3", 1) = 1 [pid 3633] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3633] exit_group(0) = ? [pid 3633] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3633, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3634 ./strace-static-x86_64: Process 3634 attached [pid 3634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3634] setpgid(0, 0) = 0 [pid 3634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3634] write(3, "1000", 4) = 4 [pid 3634] close(3) = 0 [pid 3634] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3634] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3634] write(4, "3", 1) = 1 [pid 3634] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3634] exit_group(0) = ? [pid 3634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3634, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3635] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3635] write(4, "3", 1) = 1 [pid 3635] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3635] exit_group(0) = ? [pid 3635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3636] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3636] write(4, "3", 1) = 1 [pid 3636] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3636] exit_group(0) = ? [pid 3636] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3636, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3637] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3637] write(4, "3", 1) = 1 [ 50.773965][ T3637] FAULT_INJECTION: forcing a failure. [ 50.773965][ T3637] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 50.787505][ T3637] CPU: 0 PID: 3637 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 50.799695][ T3637] syz-executor241[3637] cmdline: ./syz-executor2418713577 [ 50.806814][ T3637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 50.816983][ T3637] Call Trace: [ 50.820260][ T3637] [ 50.823185][ T3637] dump_stack_lvl+0xcd/0x134 [ 50.827805][ T3637] should_fail.cold+0x5/0xa [ 50.832311][ T3637] copyin+0x19/0x120 [ 50.836223][ T3637] _copy_from_iter+0x1ca/0x11c0 [ 50.841184][ T3637] ? _copy_mc_to_iter+0x1430/0x1430 [ 50.846462][ T3637] ? rcu_read_lock_sched_held+0x3a/0x70 [ 50.852050][ T3637] ? __virt_addr_valid+0x5d/0x2d0 [ 50.857083][ T3637] ? __phys_addr+0xc4/0x140 [ 50.861581][ T3637] ? __phys_addr_symbol+0x2c/0x70 [ 50.866598][ T3637] ? __check_object_size+0x2de/0x700 [ 50.871886][ T3637] file_tty_write.constprop.0+0x449/0x8f0 [ 50.877603][ T3637] ? n_tty_close+0x1e0/0x1e0 [ 50.882193][ T3637] vfs_write+0x9e9/0xdd0 [ 50.886449][ T3637] ? vfs_read+0x930/0x930 [ 50.890803][ T3637] ? find_held_lock+0x2d/0x110 [ 50.895583][ T3637] ? lock_downgrade+0x6e0/0x6e0 [ 50.900556][ T3637] ? __fget_light+0x20a/0x270 [ 50.905250][ T3637] ksys_write+0x127/0x250 [ 50.909594][ T3637] ? __ia32_sys_read+0xb0/0xb0 [ 50.914385][ T3637] ? lockdep_hardirqs_on+0x79/0x100 [ 50.919615][ T3637] ? _raw_spin_unlock_irq+0x2a/0x40 [ 50.935063][ T3637] ? ptrace_notify+0xfa/0x140 [ 50.939767][ T3637] do_syscall_64+0x35/0xb0 [ 50.944213][ T3637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 50.950165][ T3637] RIP: 0033:0x7f04aab85059 [ 50.954596][ T3637] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 50.974299][ T3637] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3637] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3637] exit_group(0) = ? [pid 3637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3637, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3638 ./strace-static-x86_64: Process 3638 attached [pid 3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3638] setpgid(0, 0) = 0 [pid 3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3638] write(3, "1000", 4) = 4 [pid 3638] close(3) = 0 [pid 3638] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3638] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3638] write(4, "3", 1) = 1 [pid 3638] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3638] exit_group(0) = ? [pid 3638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3639] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3639] write(4, "3", 1) = 1 [pid 3639] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3639] exit_group(0) = ? [pid 3639] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3639, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3640 ./strace-static-x86_64: Process 3640 attached [pid 3640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3640] setpgid(0, 0) = 0 [pid 3640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3640] write(3, "1000", 4) = 4 [ 50.982717][ T3637] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 50.990713][ T3637] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 50.999480][ T3637] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 51.007458][ T3637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 51.015454][ T3637] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 51.023464][ T3637] [pid 3640] close(3) = 0 [pid 3640] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3640] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3640] write(4, "3", 1) = 1 [pid 3640] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3640] exit_group(0) = ? [pid 3640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3640, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3641 ./strace-static-x86_64: Process 3641 attached [pid 3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3641] setpgid(0, 0) = 0 [pid 3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3641] write(3, "1000", 4) = 4 [pid 3641] close(3) = 0 [pid 3641] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3641] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3641] write(4, "3", 1) = 1 [ 51.082773][ T3641] FAULT_INJECTION: forcing a failure. [ 51.082773][ T3641] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.096314][ T3641] CPU: 0 PID: 3641 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.107802][ T3641] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 51.117865][ T3641] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3641, name: syz-executor241 [ 51.127304][ T3641] preempt_count: 0, expected: 0 [ 51.132147][ T3641] RCU nest depth: 0, expected: 0 [ 51.137085][ T3641] 2 locks held by syz-executor241/3641: [ 51.142637][ T3641] #0: ffff888021cbd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 51.152488][ T3641] #1: ffff888021cbd130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 51.163838][ T3641] irq event stamp: 3662 [ 51.167991][ T3641] hardirqs last enabled at (3661): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 51.178346][ T3641] hardirqs last disabled at (3662): [] dump_stack_lvl+0x2e/0x134 [ 51.187936][ T3641] softirqs last enabled at (3654): [] __irq_exit_rcu+0x123/0x180 [ 51.197435][ T3641] softirqs last disabled at (3531): [] __irq_exit_rcu+0x123/0x180 [ 51.206916][ T3641] CPU: 0 PID: 3641 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.218347][ T3641] syz-executor241[3641] cmdline: ./syz-executor2418713577 [ 51.225465][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.235528][ T3641] Call Trace: [ 51.238811][ T3641] [ 51.241745][ T3641] dump_stack_lvl+0xcd/0x134 [ 51.246374][ T3641] __might_resched.cold+0x222/0x26b [ 51.251594][ T3641] down_read_killable+0x75/0x490 [ 51.256571][ T3641] ? down_read+0x450/0x450 [ 51.261023][ T3641] __access_remote_vm+0xac/0x6f0 [ 51.265976][ T3641] ? follow_phys+0x2c0/0x2c0 [ 51.270587][ T3641] ? do_raw_spin_lock+0x120/0x2a0 [ 51.275629][ T3641] ? rwlock_bug.part.0+0x90/0x90 [ 51.280598][ T3641] ? __up_console_sem+0x47/0xc0 [ 51.285471][ T3641] get_mm_cmdline.part.0+0x217/0x620 [ 51.290773][ T3641] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 51.296634][ T3641] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 51.302458][ T3641] get_task_cmdline_kernel+0x1d9/0x220 [ 51.308022][ T3641] dump_stack_print_cmdline.part.0+0x82/0x150 [ 51.314109][ T3641] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 51.320225][ T3641] ? dump_stack_print_info+0xc6/0x190 [ 51.325615][ T3641] dump_stack_print_info+0x185/0x190 [ 51.330937][ T3641] dump_stack_lvl+0xc1/0x134 [ 51.335549][ T3641] should_fail.cold+0x5/0xa [ 51.340075][ T3641] copyin+0x19/0x120 [ 51.344057][ T3641] _copy_from_iter+0x1ca/0x11c0 [ 51.348941][ T3641] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.354251][ T3641] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.359808][ T3641] ? __virt_addr_valid+0x5d/0x2d0 [ 51.364844][ T3641] ? __phys_addr+0xc4/0x140 [ 51.369359][ T3641] ? __phys_addr_symbol+0x2c/0x70 [ 51.374479][ T3641] ? __check_object_size+0x2de/0x700 [ 51.379786][ T3641] file_tty_write.constprop.0+0x449/0x8f0 [ 51.385635][ T3641] ? n_tty_close+0x1e0/0x1e0 [ 51.390247][ T3641] vfs_write+0x9e9/0xdd0 [ 51.394514][ T3641] ? vfs_read+0x930/0x930 [ 51.398859][ T3641] ? find_held_lock+0x2d/0x110 [ 51.403658][ T3641] ? lock_downgrade+0x6e0/0x6e0 [ 51.408522][ T3641] ? __fget_light+0x20a/0x270 [ 51.413215][ T3641] ksys_write+0x127/0x250 [ 51.417575][ T3641] ? __ia32_sys_read+0xb0/0xb0 [ 51.422439][ T3641] ? lockdep_hardirqs_on+0x79/0x100 [ 51.427681][ T3641] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.432976][ T3641] ? ptrace_notify+0xfa/0x140 [ 51.437706][ T3641] do_syscall_64+0x35/0xb0 [ 51.442149][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.448055][ T3641] RIP: 0033:0x7f04aab85059 [ 51.452488][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.472887][ T3641] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.481322][ T3641] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 51.489309][ T3641] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 51.497299][ T3641] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 51.505318][ T3641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 51.513310][ T3641] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 51.521305][ T3641] [ 51.524350][ T3641] syz-executor241[3641] cmdline: ./syz-executor2418713577 [ 51.531474][ T3641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.541549][ T3641] Call Trace: [ 51.544872][ T3641] [ 51.547819][ T3641] dump_stack_lvl+0xcd/0x134 [ 51.552500][ T3641] should_fail.cold+0x5/0xa [ 51.557038][ T3641] copyin+0x19/0x120 [ 51.560956][ T3641] _copy_from_iter+0x1ca/0x11c0 [ 51.565919][ T3641] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.571144][ T3641] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.576879][ T3641] ? __virt_addr_valid+0x5d/0x2d0 [ 51.582000][ T3641] ? __phys_addr+0xc4/0x140 [ 51.586527][ T3641] ? __phys_addr_symbol+0x2c/0x70 [ 51.591556][ T3641] ? __check_object_size+0x2de/0x700 [ 51.596862][ T3641] file_tty_write.constprop.0+0x449/0x8f0 [ 51.602603][ T3641] ? n_tty_close+0x1e0/0x1e0 [ 51.607233][ T3641] vfs_write+0x9e9/0xdd0 [ 51.611494][ T3641] ? vfs_read+0x930/0x930 [ 51.615838][ T3641] ? find_held_lock+0x2d/0x110 [ 51.620638][ T3641] ? lock_downgrade+0x6e0/0x6e0 [ 51.625508][ T3641] ? __fget_light+0x20a/0x270 [ 51.630199][ T3641] ksys_write+0x127/0x250 [ 51.634539][ T3641] ? __ia32_sys_read+0xb0/0xb0 [ 51.639314][ T3641] ? lockdep_hardirqs_on+0x79/0x100 [ 51.644543][ T3641] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.650022][ T3641] ? ptrace_notify+0xfa/0x140 [ 51.654986][ T3641] do_syscall_64+0x35/0xb0 [ 51.659588][ T3641] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.665490][ T3641] RIP: 0033:0x7f04aab85059 [ 51.669911][ T3641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.689524][ T3641] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 51.698034][ T3641] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 51.706011][ T3641] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 51.713996][ T3641] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 51.721979][ T3641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3641] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3641] exit_group(0) = ? [pid 3641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=0, si_stime=67} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3642 ./strace-static-x86_64: Process 3642 attached [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3642] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3642] write(4, "3", 1) = 1 [pid 3642] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3642] exit_group(0) = ? [pid 3642] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3642, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3643] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3643] write(4, "3", 1) = 1 [pid 3643] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3643] exit_group(0) = ? [pid 3643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3643, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached , child_tidptr=0x555555ef05d0) = 3644 [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3644] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3644] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3644] write(4, "3", 1) = 1 [pid 3644] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3644] exit_group(0) = ? [pid 3644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3645 ./strace-static-x86_64: Process 3645 attached [pid 3645] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3645] setpgid(0, 0) = 0 [ 51.729948][ T3641] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 51.738049][ T3641] [pid 3645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3645] write(3, "1000", 4) = 4 [pid 3645] close(3) = 0 [pid 3645] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3645] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3645] write(4, "3", 1) = 1 [pid 3645] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3645] exit_group(0) = ? [pid 3645] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3645, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3646 ./strace-static-x86_64: Process 3646 attached [pid 3646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3646] setpgid(0, 0) = 0 [pid 3646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3646] write(3, "1000", 4) = 4 [pid 3646] close(3) = 0 [pid 3646] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3646] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3646] write(4, "3", 1) = 1 [pid 3646] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3646] exit_group(0) = ? [pid 3646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3646, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3647 ./strace-static-x86_64: Process 3647 attached [pid 3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3647] setpgid(0, 0) = 0 [pid 3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3647] write(3, "1000", 4) = 4 [pid 3647] close(3) = 0 [pid 3647] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3647] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3647] write(4, "3", 1) = 1 [pid 3647] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3647] exit_group(0) = ? [pid 3647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3648 ./strace-static-x86_64: Process 3648 attached [pid 3648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3648] setpgid(0, 0) = 0 [pid 3648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3648] write(3, "1000", 4) = 4 [pid 3648] close(3) = 0 [pid 3648] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3648] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3648] write(4, "3", 1) = 1 [pid 3648] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3648] exit_group(0) = ? [pid 3648] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3648, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3649 ./strace-static-x86_64: Process 3649 attached [pid 3649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3649] setpgid(0, 0) = 0 [pid 3649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3649] write(3, "1000", 4) = 4 [pid 3649] close(3) = 0 [pid 3649] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3649] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3649] write(4, "3", 1) = 1 [pid 3649] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3649] exit_group(0) = ? [pid 3649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3649, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3650 attached , child_tidptr=0x555555ef05d0) = 3650 [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3650] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3650] write(4, "3", 1) = 1 [pid 3650] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3650] exit_group(0) = ? [pid 3650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3651 ./strace-static-x86_64: Process 3651 attached [pid 3651] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3651] setpgid(0, 0) = 0 [pid 3651] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3651] write(3, "1000", 4) = 4 [pid 3651] close(3) = 0 [pid 3651] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3651] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3651] write(4, "3", 1) = 1 [pid 3651] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3651] exit_group(0) = ? [pid 3651] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3651, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3652 ./strace-static-x86_64: Process 3652 attached [pid 3652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3652] setpgid(0, 0) = 0 [pid 3652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3652] write(3, "1000", 4) = 4 [pid 3652] close(3) = 0 [pid 3652] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3652] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3652] write(4, "3", 1) = 1 [pid 3652] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3652] exit_group(0) = ? [pid 3652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3652, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3653 ./strace-static-x86_64: Process 3653 attached [pid 3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3653] setpgid(0, 0) = 0 [pid 3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3653] write(3, "1000", 4) = 4 [pid 3653] close(3) = 0 [pid 3653] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3653] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3653] write(4, "3", 1) = 1 [ 51.897385][ T3653] FAULT_INJECTION: forcing a failure. [ 51.897385][ T3653] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 51.910776][ T3653] CPU: 0 PID: 3653 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 51.922223][ T3653] syz-executor241[3653] cmdline: ./syz-executor2418713577 [ 51.929669][ T3653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 51.939724][ T3653] Call Trace: [ 51.943020][ T3653] [ 51.945971][ T3653] dump_stack_lvl+0xcd/0x134 [ 51.950583][ T3653] should_fail.cold+0x5/0xa [ 51.955116][ T3653] copyin+0x19/0x120 [ 51.959035][ T3653] _copy_from_iter+0x1ca/0x11c0 [ 51.963924][ T3653] ? _copy_mc_to_iter+0x1430/0x1430 [ 51.969261][ T3653] ? rcu_read_lock_sched_held+0x3a/0x70 [ 51.974853][ T3653] ? __virt_addr_valid+0x5d/0x2d0 [ 51.979907][ T3653] ? __phys_addr+0xc4/0x140 [ 51.984565][ T3653] ? __phys_addr_symbol+0x2c/0x70 [ 51.989604][ T3653] ? __check_object_size+0x2de/0x700 [ 51.994914][ T3653] file_tty_write.constprop.0+0x449/0x8f0 [ 52.000739][ T3653] ? n_tty_close+0x1e0/0x1e0 [ 52.005439][ T3653] vfs_write+0x9e9/0xdd0 [ 52.009799][ T3653] ? vfs_read+0x930/0x930 [ 52.014156][ T3653] ? find_held_lock+0x2d/0x110 [ 52.018950][ T3653] ? lock_downgrade+0x6e0/0x6e0 [ 52.023814][ T3653] ? __fget_light+0x20a/0x270 [ 52.028514][ T3653] ksys_write+0x127/0x250 [ 52.032862][ T3653] ? __ia32_sys_read+0xb0/0xb0 [ 52.037638][ T3653] ? lockdep_hardirqs_on+0x79/0x100 [ 52.043043][ T3653] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.048251][ T3653] ? ptrace_notify+0xfa/0x140 [ 52.052951][ T3653] do_syscall_64+0x35/0xb0 [ 52.057382][ T3653] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.063300][ T3653] RIP: 0033:0x7f04aab85059 [ 52.067722][ T3653] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.087361][ T3653] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3653] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3653] exit_group(0) = ? [pid 3653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3654 attached , child_tidptr=0x555555ef05d0) = 3654 [pid 3654] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3654] setpgid(0, 0) = 0 [pid 3654] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3654] write(3, "1000", 4) = 4 [pid 3654] close(3) = 0 [pid 3654] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3654] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3654] write(4, "3", 1) = 1 [pid 3654] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3654] exit_group(0) = ? [pid 3654] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3654, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3655 ./strace-static-x86_64: Process 3655 attached [pid 3655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3655] setpgid(0, 0) = 0 [pid 3655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3655] write(3, "1000", 4) = 4 [pid 3655] close(3) = 0 [pid 3655] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3655] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3655] write(4, "3", 1) = 1 [pid 3655] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3655] exit_group(0) = ? [pid 3655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3655, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3656 attached , child_tidptr=0x555555ef05d0) = 3656 [pid 3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3656] setpgid(0, 0) = 0 [pid 3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3656] write(3, "1000", 4) = 4 [ 52.095810][ T3653] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 52.103787][ T3653] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.111775][ T3653] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 52.119774][ T3653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.127835][ T3653] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 52.135829][ T3653] [pid 3656] close(3) = 0 [pid 3656] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3656] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3656] write(4, "3", 1) = 1 [pid 3656] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3656] exit_group(0) = ? [pid 3656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3657 attached , child_tidptr=0x555555ef05d0) = 3657 [pid 3657] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3657] setpgid(0, 0) = 0 [pid 3657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3657] write(3, "1000", 4) = 4 [pid 3657] close(3) = 0 [pid 3657] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3657] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3657] write(4, "3", 1) = 1 [ 52.205835][ T3657] FAULT_INJECTION: forcing a failure. [ 52.205835][ T3657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.219051][ T3657] CPU: 0 PID: 3657 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.230539][ T3657] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 52.239917][ T3657] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3657, name: syz-executor241 [ 52.249635][ T3657] preempt_count: 0, expected: 0 [ 52.254507][ T3657] RCU nest depth: 0, expected: 0 [ 52.259427][ T3657] 2 locks held by syz-executor241/3657: [ 52.264980][ T3657] #0: ffff888025749098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 52.274763][ T3657] #1: ffff888025749130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 52.286099][ T3657] irq event stamp: 3862 [ 52.290254][ T3657] hardirqs last enabled at (3861): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 52.300592][ T3657] hardirqs last disabled at (3862): [] dump_stack_lvl+0x2e/0x134 [ 52.309895][ T3657] softirqs last enabled at (3854): [] __irq_exit_rcu+0x123/0x180 [ 52.319364][ T3657] softirqs last disabled at (3835): [] __irq_exit_rcu+0x123/0x180 [ 52.328748][ T3657] CPU: 0 PID: 3657 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 52.340148][ T3657] syz-executor241[3657] cmdline: ./syz-executor2418713577 [ 52.347254][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.357313][ T3657] Call Trace: [ 52.360599][ T3657] [ 52.363534][ T3657] dump_stack_lvl+0xcd/0x134 [ 52.368149][ T3657] __might_resched.cold+0x222/0x26b [ 52.373456][ T3657] down_read_killable+0x75/0x490 [ 52.378435][ T3657] ? down_read+0x450/0x450 [ 52.382879][ T3657] __access_remote_vm+0xac/0x6f0 [ 52.387950][ T3657] ? follow_phys+0x2c0/0x2c0 [ 52.392747][ T3657] ? do_raw_spin_lock+0x120/0x2a0 [ 52.398506][ T3657] ? rwlock_bug.part.0+0x90/0x90 [ 52.404199][ T3657] ? __up_console_sem+0x47/0xc0 [ 52.409418][ T3657] get_mm_cmdline.part.0+0x217/0x620 [ 52.414831][ T3657] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 52.420770][ T3657] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 52.426708][ T3657] get_task_cmdline_kernel+0x1d9/0x220 [ 52.432327][ T3657] dump_stack_print_cmdline.part.0+0x82/0x150 [ 52.438650][ T3657] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 52.445332][ T3657] ? dump_stack_print_info+0xc6/0x190 [ 52.451015][ T3657] dump_stack_print_info+0x185/0x190 [ 52.456328][ T3657] dump_stack_lvl+0xc1/0x134 [ 52.461142][ T3657] should_fail.cold+0x5/0xa [ 52.465764][ T3657] copyin+0x19/0x120 [ 52.469773][ T3657] _copy_from_iter+0x1ca/0x11c0 [ 52.474652][ T3657] ? _copy_mc_to_iter+0x1430/0x1430 [ 52.479866][ T3657] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.485443][ T3657] ? __virt_addr_valid+0x5d/0x2d0 [ 52.490562][ T3657] ? __phys_addr+0xc4/0x140 [ 52.495163][ T3657] ? __phys_addr_symbol+0x2c/0x70 [ 52.500283][ T3657] ? __check_object_size+0x2de/0x700 [ 52.505609][ T3657] file_tty_write.constprop.0+0x449/0x8f0 [ 52.512781][ T3657] ? n_tty_close+0x1e0/0x1e0 [ 52.517427][ T3657] vfs_write+0x9e9/0xdd0 [ 52.521713][ T3657] ? vfs_read+0x930/0x930 [ 52.526251][ T3657] ? find_held_lock+0x2d/0x110 [ 52.531033][ T3657] ? lock_downgrade+0x6e0/0x6e0 [ 52.536179][ T3657] ? __fget_light+0x20a/0x270 [ 52.541248][ T3657] ksys_write+0x127/0x250 [ 52.545613][ T3657] ? __ia32_sys_read+0xb0/0xb0 [ 52.550588][ T3657] ? lockdep_hardirqs_on+0x79/0x100 [ 52.555809][ T3657] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.561366][ T3657] ? ptrace_notify+0xfa/0x140 [ 52.566071][ T3657] do_syscall_64+0x35/0xb0 [ 52.570506][ T3657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.576409][ T3657] RIP: 0033:0x7f04aab85059 [ 52.580831][ T3657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.600447][ T3657] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.608957][ T3657] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 52.616944][ T3657] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.625099][ T3657] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 52.633086][ T3657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.641157][ T3657] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 52.649550][ T3657] [ 52.652687][ T3657] syz-executor241[3657] cmdline: ./syz-executor2418713577 [ 52.660145][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 52.670473][ T3657] Call Trace: [ 52.673868][ T3657] [ 52.676829][ T3657] dump_stack_lvl+0xcd/0x134 [ 52.681477][ T3657] should_fail.cold+0x5/0xa [ 52.686033][ T3657] copyin+0x19/0x120 [ 52.690607][ T3657] _copy_from_iter+0x1ca/0x11c0 [ 52.695974][ T3657] ? _copy_mc_to_iter+0x1430/0x1430 [ 52.701223][ T3657] ? rcu_read_lock_sched_held+0x3a/0x70 [ 52.708366][ T3657] ? __virt_addr_valid+0x5d/0x2d0 [ 52.713688][ T3657] ? __phys_addr+0xc4/0x140 [ 52.718212][ T3657] ? __phys_addr_symbol+0x2c/0x70 [ 52.723243][ T3657] ? __check_object_size+0x2de/0x700 [ 52.728830][ T3657] file_tty_write.constprop.0+0x449/0x8f0 [ 52.734649][ T3657] ? n_tty_close+0x1e0/0x1e0 [ 52.739468][ T3657] vfs_write+0x9e9/0xdd0 [ 52.743831][ T3657] ? vfs_read+0x930/0x930 [ 52.748190][ T3657] ? find_held_lock+0x2d/0x110 [ 52.753334][ T3657] ? lock_downgrade+0x6e0/0x6e0 [ 52.758980][ T3657] ? __fget_light+0x20a/0x270 [ 52.763697][ T3657] ksys_write+0x127/0x250 [ 52.768068][ T3657] ? __ia32_sys_read+0xb0/0xb0 [ 52.773153][ T3657] ? lockdep_hardirqs_on+0x79/0x100 [ 52.778521][ T3657] ? _raw_spin_unlock_irq+0x2a/0x40 [ 52.784468][ T3657] ? ptrace_notify+0xfa/0x140 [ 52.792054][ T3657] do_syscall_64+0x35/0xb0 [ 52.798276][ T3657] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.804832][ T3657] RIP: 0033:0x7f04aab85059 [ 52.810257][ T3657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.838147][ T3657] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 52.847417][ T3657] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [pid 3657] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3657] exit_group(0) = ? [pid 3657] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3657, si_uid=0, si_status=0, si_utime=0, si_stime=69} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3658 ./strace-static-x86_64: Process 3658 attached [pid 3658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3658] setpgid(0, 0) = 0 [pid 3658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3658] write(3, "1000", 4) = 4 [pid 3658] close(3) = 0 [pid 3658] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3658] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3658] write(4, "3", 1) = 1 [pid 3658] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3658] exit_group(0) = ? [pid 3658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3658, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3659 attached , child_tidptr=0x555555ef05d0) = 3659 [pid 3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3659] setpgid(0, 0) = 0 [pid 3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3659] write(3, "1000", 4) = 4 [pid 3659] close(3) = 0 [pid 3659] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3659] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3659] write(4, "3", 1) = 1 [pid 3659] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3659] exit_group(0) = ? [pid 3659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 52.855775][ T3657] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 52.864485][ T3657] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 52.876247][ T3657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 52.885743][ T3657] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 52.895578][ T3657] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3660 ./strace-static-x86_64: Process 3660 attached [pid 3660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3660] setpgid(0, 0) = 0 [pid 3660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3660] write(3, "1000", 4) = 4 [pid 3660] close(3) = 0 [pid 3660] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3660] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3660] write(4, "3", 1) = 1 [pid 3660] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3660] exit_group(0) = ? [pid 3660] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3660, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3661 ./strace-static-x86_64: Process 3661 attached [pid 3661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3661] setpgid(0, 0) = 0 [pid 3661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3661] write(3, "1000", 4) = 4 [pid 3661] close(3) = 0 [pid 3661] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3661] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3661] write(4, "3", 1) = 1 [pid 3661] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3661] exit_group(0) = ? [pid 3661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3661, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3662 attached , child_tidptr=0x555555ef05d0) = 3662 [pid 3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3662] setpgid(0, 0) = 0 [pid 3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3662] write(3, "1000", 4) = 4 [pid 3662] close(3) = 0 [pid 3662] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3662] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3662] write(4, "3", 1) = 1 [pid 3662] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3662] exit_group(0) = ? [pid 3662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3663 ./strace-static-x86_64: Process 3663 attached [pid 3663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3663] setpgid(0, 0) = 0 [pid 3663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3663] write(3, "1000", 4) = 4 [pid 3663] close(3) = 0 [pid 3663] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3663] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3663] write(4, "3", 1) = 1 [pid 3663] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3663] exit_group(0) = ? [pid 3663] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3663, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3664 attached [pid 3664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3664] setpgid(0, 0) = 0 [pid 3664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3664 [pid 3664] write(3, "1000", 4) = 4 [pid 3664] close(3) = 0 [pid 3664] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3664] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3664] write(4, "3", 1) = 1 [pid 3664] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3664] exit_group(0) = ? [pid 3664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3664, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3665 ./strace-static-x86_64: Process 3665 attached [pid 3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3665] setpgid(0, 0) = 0 [pid 3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3665] write(3, "1000", 4) = 4 [pid 3665] close(3) = 0 [pid 3665] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3665] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3665] write(4, "3", 1) = 1 [pid 3665] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3665] exit_group(0) = ? [pid 3665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3666 attached , child_tidptr=0x555555ef05d0) = 3666 [pid 3666] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3666] setpgid(0, 0) = 0 [pid 3666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3666] write(3, "1000", 4) = 4 [pid 3666] close(3) = 0 [pid 3666] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3666] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3666] write(4, "3", 1) = 1 [pid 3666] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3666] exit_group(0) = ? [pid 3666] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3666, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3667 attached , child_tidptr=0x555555ef05d0) = 3667 [pid 3667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3667] setpgid(0, 0) = 0 [pid 3667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3667] write(3, "1000", 4) = 4 [pid 3667] close(3) = 0 [pid 3667] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3667] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3667] write(4, "3", 1) = 1 [pid 3667] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3667] exit_group(0) = ? [pid 3667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3667, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3668 attached , child_tidptr=0x555555ef05d0) = 3668 [pid 3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3668] setpgid(0, 0) = 0 [pid 3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3668] write(3, "1000", 4) = 4 [pid 3668] close(3) = 0 [pid 3668] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3668] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3668] write(4, "3", 1) = 1 [pid 3668] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3668] exit_group(0) = ? [pid 3668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3669 ./strace-static-x86_64: Process 3669 attached [pid 3669] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3669] setpgid(0, 0) = 0 [pid 3669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3669] write(3, "1000", 4) = 4 [pid 3669] close(3) = 0 [pid 3669] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3669] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3669] write(4, "3", 1) = 1 [pid 3669] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3669] exit_group(0) = ? [pid 3669] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3669, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3670 attached [pid 3670] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3670 [pid 3670] <... prctl resumed>) = 0 [pid 3670] setpgid(0, 0) = 0 [pid 3670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3670] write(3, "1000", 4) = 4 [pid 3670] close(3) = 0 [pid 3670] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3670] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3670] write(4, "3", 1) = 1 [pid 3670] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3670] exit_group(0) = ? [pid 3670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3670, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3671 attached , child_tidptr=0x555555ef05d0) = 3671 [pid 3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3671] setpgid(0, 0) = 0 [pid 3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3671] write(3, "1000", 4) = 4 [pid 3671] close(3) = 0 [pid 3671] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3671] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3671] write(4, "3", 1) = 1 [ 53.128296][ T3671] FAULT_INJECTION: forcing a failure. [ 53.128296][ T3671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.141670][ T3671] CPU: 1 PID: 3671 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.153113][ T3671] syz-executor241[3671] cmdline: ./syz-executor2418713577 [ 53.160226][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.170300][ T3671] Call Trace: [ 53.173606][ T3671] [ 53.176561][ T3671] dump_stack_lvl+0xcd/0x134 [ 53.181219][ T3671] should_fail.cold+0x5/0xa [ 53.185733][ T3671] copyin+0x19/0x120 [ 53.189653][ T3671] _copy_from_iter+0x1ca/0x11c0 [ 53.194575][ T3671] ? _copy_mc_to_iter+0x1430/0x1430 [ 53.199815][ T3671] ? rcu_read_lock_sched_held+0x3a/0x70 [ 53.205378][ T3671] ? __virt_addr_valid+0x5d/0x2d0 [ 53.210439][ T3671] ? __phys_addr+0xc4/0x140 [ 53.214979][ T3671] ? __phys_addr_symbol+0x2c/0x70 [ 53.220043][ T3671] ? __check_object_size+0x2de/0x700 [ 53.225473][ T3671] file_tty_write.constprop.0+0x449/0x8f0 [ 53.231196][ T3671] ? n_tty_close+0x1e0/0x1e0 [ 53.235813][ T3671] vfs_write+0x9e9/0xdd0 [ 53.240061][ T3671] ? vfs_read+0x930/0x930 [ 53.244411][ T3671] ? find_held_lock+0x2d/0x110 [ 53.249285][ T3671] ? lock_downgrade+0x6e0/0x6e0 [ 53.254157][ T3671] ? __fget_light+0x20a/0x270 [ 53.258835][ T3671] ksys_write+0x127/0x250 [ 53.263169][ T3671] ? __ia32_sys_read+0xb0/0xb0 [ 53.267963][ T3671] ? lockdep_hardirqs_on+0x79/0x100 [ 53.273169][ T3671] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.278379][ T3671] ? ptrace_notify+0xfa/0x140 [ 53.283073][ T3671] do_syscall_64+0x35/0xb0 [ 53.287502][ T3671] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.293422][ T3671] RIP: 0033:0x7f04aab85059 [ 53.297891][ T3671] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.317806][ T3671] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3671] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3671] exit_group(0) = ? [pid 3671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3672 attached , child_tidptr=0x555555ef05d0) = 3672 [pid 3672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3672] setpgid(0, 0) = 0 [pid 3672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3672] write(3, "1000", 4) = 4 [pid 3672] close(3) = 0 [pid 3672] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3672] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3672] write(4, "3", 1) = 1 [pid 3672] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3672] exit_group(0) = ? [pid 3672] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3672, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3673 ./strace-static-x86_64: Process 3673 attached [pid 3673] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3673] setpgid(0, 0) = 0 [pid 3673] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3673] write(3, "1000", 4) = 4 [pid 3673] close(3) = 0 [pid 3673] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3673] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3673] write(4, "3", 1) = 1 [ 53.326220][ T3671] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 53.334309][ T3671] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 53.342300][ T3671] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 53.350292][ T3671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 53.358299][ T3671] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 53.366308][ T3671] [ 53.400729][ T3673] FAULT_INJECTION: forcing a failure. [ 53.400729][ T3673] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.414341][ T3673] CPU: 1 PID: 3673 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.426524][ T3673] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 53.435904][ T3673] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3673, name: syz-executor241 [ 53.445357][ T3673] preempt_count: 0, expected: 0 [ 53.450230][ T3673] RCU nest depth: 0, expected: 0 [ 53.455947][ T3673] 2 locks held by syz-executor241/3673: [ 53.461483][ T3673] #0: ffff888073b37098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 53.471328][ T3673] #1: ffff888073b37130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 53.482673][ T3673] irq event stamp: 3596 [ 53.486818][ T3673] hardirqs last enabled at (3595): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 53.497155][ T3673] hardirqs last disabled at (3596): [] dump_stack_lvl+0x2e/0x134 [ 53.506460][ T3673] softirqs last enabled at (3588): [] __irq_exit_rcu+0x123/0x180 [ 53.515858][ T3673] softirqs last disabled at (3543): [] __irq_exit_rcu+0x123/0x180 [ 53.525237][ T3673] CPU: 1 PID: 3673 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 53.536623][ T3673] syz-executor241[3673] cmdline: ./syz-executor2418713577 [ 53.543724][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.553868][ T3673] Call Trace: [ 53.557147][ T3673] [ 53.560140][ T3673] dump_stack_lvl+0xcd/0x134 [ 53.564762][ T3673] __might_resched.cold+0x222/0x26b [ 53.570051][ T3673] down_read_killable+0x75/0x490 [ 53.575012][ T3673] ? down_read+0x450/0x450 [ 53.579476][ T3673] __access_remote_vm+0xac/0x6f0 [ 53.584434][ T3673] ? follow_phys+0x2c0/0x2c0 [ 53.589055][ T3673] ? do_raw_spin_lock+0x120/0x2a0 [ 53.594090][ T3673] ? rwlock_bug.part.0+0x90/0x90 [ 53.599141][ T3673] ? __up_console_sem+0x47/0xc0 [ 53.604000][ T3673] get_mm_cmdline.part.0+0x217/0x620 [ 53.609379][ T3673] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 53.615111][ T3673] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 53.621162][ T3673] get_task_cmdline_kernel+0x1d9/0x220 [ 53.626694][ T3673] dump_stack_print_cmdline.part.0+0x82/0x150 [ 53.633043][ T3673] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 53.639167][ T3673] ? dump_stack_print_info+0xc6/0x190 [ 53.644632][ T3673] dump_stack_print_info+0x185/0x190 [ 53.650532][ T3673] dump_stack_lvl+0xc1/0x134 [ 53.655133][ T3673] should_fail.cold+0x5/0xa [ 53.659642][ T3673] copyin+0x19/0x120 [ 53.663540][ T3673] _copy_from_iter+0x1ca/0x11c0 [ 53.668413][ T3673] ? _copy_mc_to_iter+0x1430/0x1430 [ 53.673624][ T3673] ? rcu_read_lock_sched_held+0x3a/0x70 [ 53.680326][ T3673] ? __virt_addr_valid+0x5d/0x2d0 [ 53.685387][ T3673] ? __phys_addr+0xc4/0x140 [ 53.689930][ T3673] ? __phys_addr_symbol+0x2c/0x70 [ 53.694983][ T3673] ? __check_object_size+0x2de/0x700 [ 53.700813][ T3673] file_tty_write.constprop.0+0x449/0x8f0 [ 53.706551][ T3673] ? n_tty_close+0x1e0/0x1e0 [ 53.711158][ T3673] vfs_write+0x9e9/0xdd0 [ 53.715438][ T3673] ? vfs_read+0x930/0x930 [ 53.719774][ T3673] ? find_held_lock+0x2d/0x110 [ 53.724601][ T3673] ? lock_downgrade+0x6e0/0x6e0 [ 53.729455][ T3673] ? __fget_light+0x20a/0x270 [ 53.734137][ T3673] ksys_write+0x127/0x250 [ 53.738526][ T3673] ? __ia32_sys_read+0xb0/0xb0 [ 53.743330][ T3673] ? lockdep_hardirqs_on+0x79/0x100 [ 53.748548][ T3673] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.753766][ T3673] ? ptrace_notify+0xfa/0x140 [ 53.758460][ T3673] do_syscall_64+0x35/0xb0 [ 53.763078][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.768988][ T3673] RIP: 0033:0x7f04aab85059 [ 53.773401][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 53.793011][ T3673] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.801438][ T3673] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 53.809695][ T3673] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 53.817685][ T3673] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 53.825665][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 53.833667][ T3673] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 53.841649][ T3673] [ 53.844698][ T3673] syz-executor241[3673] cmdline: ./syz-executor2418713577 [ 53.851817][ T3673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 53.861896][ T3673] Call Trace: [ 53.865188][ T3673] [ 53.868118][ T3673] dump_stack_lvl+0xcd/0x134 [ 53.872806][ T3673] should_fail.cold+0x5/0xa [ 53.877324][ T3673] copyin+0x19/0x120 [ 53.881235][ T3673] _copy_from_iter+0x1ca/0x11c0 [ 53.886112][ T3673] ? _copy_mc_to_iter+0x1430/0x1430 [ 53.891336][ T3673] ? rcu_read_lock_sched_held+0x3a/0x70 [ 53.897230][ T3673] ? __virt_addr_valid+0x5d/0x2d0 [ 53.902266][ T3673] ? __phys_addr+0xc4/0x140 [ 53.906802][ T3673] ? __phys_addr_symbol+0x2c/0x70 [ 53.911911][ T3673] ? __check_object_size+0x2de/0x700 [ 53.917205][ T3673] file_tty_write.constprop.0+0x449/0x8f0 [ 53.922930][ T3673] ? n_tty_close+0x1e0/0x1e0 [ 53.927706][ T3673] vfs_write+0x9e9/0xdd0 [ 53.931979][ T3673] ? vfs_read+0x930/0x930 [ 53.936347][ T3673] ? find_held_lock+0x2d/0x110 [ 53.941134][ T3673] ? lock_downgrade+0x6e0/0x6e0 [ 53.946000][ T3673] ? __fget_light+0x20a/0x270 [ 53.950797][ T3673] ksys_write+0x127/0x250 [ 53.955183][ T3673] ? __ia32_sys_read+0xb0/0xb0 [ 53.959989][ T3673] ? lockdep_hardirqs_on+0x79/0x100 [ 53.965209][ T3673] ? _raw_spin_unlock_irq+0x2a/0x40 [ 53.970429][ T3673] ? ptrace_notify+0xfa/0x140 [ 53.975116][ T3673] do_syscall_64+0x35/0xb0 [ 53.979541][ T3673] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.985445][ T3673] RIP: 0033:0x7f04aab85059 [ 53.989869][ T3673] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.009498][ T3673] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.018010][ T3673] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 54.026029][ T3673] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 54.034180][ T3673] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 54.042246][ T3673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3673] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3673] exit_group(0) = ? [pid 3673] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3673, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3674 ./strace-static-x86_64: Process 3674 attached [pid 3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3674] setpgid(0, 0) = 0 [pid 3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3674] write(3, "1000", 4) = 4 [pid 3674] close(3) = 0 [pid 3674] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3674] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3674] write(4, "3", 1) = 1 [pid 3674] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3674] exit_group(0) = ? [pid 3674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3675 attached , child_tidptr=0x555555ef05d0) = 3675 [pid 3675] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3675] setpgid(0, 0) = 0 [pid 3675] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3675] write(3, "1000", 4) = 4 [pid 3675] close(3) = 0 [pid 3675] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3675] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3675] write(4, "3", 1) = 1 [pid 3675] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3675] exit_group(0) = ? [pid 3675] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3675, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3676 ./strace-static-x86_64: Process 3676 attached [pid 3676] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3676] setpgid(0, 0) = 0 [pid 3676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3676] write(3, "1000", 4) = 4 [pid 3676] close(3) = 0 [pid 3676] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3676] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3676] write(4, "3", 1) = 1 [pid 3676] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3676] exit_group(0) = ? [ 54.050219][ T3673] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.058259][ T3673] [pid 3676] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3676, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3677 ./strace-static-x86_64: Process 3677 attached [pid 3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3677] setpgid(0, 0) = 0 [pid 3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3677] write(3, "1000", 4) = 4 [pid 3677] close(3) = 0 [pid 3677] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3677] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3677] write(4, "3", 1) = 1 [pid 3677] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3677] exit_group(0) = ? [pid 3677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3678 attached [pid 3678] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3678 [pid 3678] <... prctl resumed>) = 0 [pid 3678] setpgid(0, 0) = 0 [pid 3678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3678] write(3, "1000", 4) = 4 [pid 3678] close(3) = 0 [pid 3678] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3678] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3678] write(4, "3", 1) = 1 [pid 3678] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3678] exit_group(0) = ? [pid 3678] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3678, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3679 ./strace-static-x86_64: Process 3679 attached [pid 3679] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3679] setpgid(0, 0) = 0 [pid 3679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3679] write(3, "1000", 4) = 4 [pid 3679] close(3) = 0 [pid 3679] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3679] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3679] write(4, "3", 1) = 1 [pid 3679] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3679] exit_group(0) = ? [pid 3679] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3679, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3680 attached , child_tidptr=0x555555ef05d0) = 3680 [pid 3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3680] setpgid(0, 0) = 0 [pid 3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3680] write(3, "1000", 4) = 4 [pid 3680] close(3) = 0 [pid 3680] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3680] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3680] write(4, "3", 1) = 1 [pid 3680] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3680] exit_group(0) = ? [pid 3680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3681 ./strace-static-x86_64: Process 3681 attached [pid 3681] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3681] setpgid(0, 0) = 0 [pid 3681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3681] write(3, "1000", 4) = 4 [pid 3681] close(3) = 0 [pid 3681] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3681] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3681] write(4, "3", 1) = 1 [pid 3681] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3681] exit_group(0) = ? [pid 3681] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3681, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3682 attached , child_tidptr=0x555555ef05d0) = 3682 [pid 3682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3682] setpgid(0, 0) = 0 [pid 3682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3682] write(3, "1000", 4) = 4 [pid 3682] close(3) = 0 [pid 3682] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3682] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3682] write(4, "3", 1) = 1 [pid 3682] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3682] exit_group(0) = ? [pid 3682] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3682, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3683 attached , child_tidptr=0x555555ef05d0) = 3683 [pid 3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3683] setpgid(0, 0) = 0 [pid 3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3683] write(3, "1000", 4) = 4 [pid 3683] close(3) = 0 [pid 3683] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3683] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3683] write(4, "3", 1) = 1 [pid 3683] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3683] exit_group(0) = ? [pid 3683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3684 ./strace-static-x86_64: Process 3684 attached [pid 3684] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3684] setpgid(0, 0) = 0 [pid 3684] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3684] write(3, "1000", 4) = 4 [pid 3684] close(3) = 0 [pid 3684] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3684] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3684] write(4, "3", 1) = 1 [pid 3684] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3684] exit_group(0) = ? [pid 3684] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3684, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3685 ./strace-static-x86_64: Process 3685 attached [pid 3685] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3685] setpgid(0, 0) = 0 [pid 3685] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3685] write(3, "1000", 4) = 4 [pid 3685] close(3) = 0 [pid 3685] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3685] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3685] write(4, "3", 1) = 1 [pid 3685] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3685] exit_group(0) = ? [pid 3685] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3685, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3686 ./strace-static-x86_64: Process 3686 attached [pid 3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3686] setpgid(0, 0) = 0 [pid 3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3686] write(3, "1000", 4) = 4 [pid 3686] close(3) = 0 [pid 3686] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3686] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3686] write(4, "3", 1) = 1 [pid 3686] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3686] exit_group(0) = ? [pid 3686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3687 ./strace-static-x86_64: Process 3687 attached [pid 3687] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3687] setpgid(0, 0) = 0 [pid 3687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3687] write(3, "1000", 4) = 4 [pid 3687] close(3) = 0 [pid 3687] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3687] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3687] write(4, "3", 1) = 1 [ 54.258967][ T3687] FAULT_INJECTION: forcing a failure. [ 54.258967][ T3687] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.272466][ T3687] CPU: 0 PID: 3687 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.283898][ T3687] syz-executor241[3687] cmdline: ./syz-executor2418713577 [ 54.291015][ T3687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.301252][ T3687] Call Trace: [ 54.304546][ T3687] [ 54.307472][ T3687] dump_stack_lvl+0xcd/0x134 [ 54.312092][ T3687] should_fail.cold+0x5/0xa [ 54.316699][ T3687] copyin+0x19/0x120 [ 54.320611][ T3687] _copy_from_iter+0x1ca/0x11c0 [ 54.325485][ T3687] ? _copy_mc_to_iter+0x1430/0x1430 [ 54.330714][ T3687] ? rcu_read_lock_sched_held+0x3a/0x70 [ 54.336277][ T3687] ? __virt_addr_valid+0x5d/0x2d0 [ 54.341320][ T3687] ? __phys_addr+0xc4/0x140 [ 54.345833][ T3687] ? __phys_addr_symbol+0x2c/0x70 [ 54.351300][ T3687] ? __check_object_size+0x2de/0x700 [ 54.356611][ T3687] file_tty_write.constprop.0+0x449/0x8f0 [ 54.362343][ T3687] ? n_tty_close+0x1e0/0x1e0 [ 54.366967][ T3687] vfs_write+0x9e9/0xdd0 [ 54.371323][ T3687] ? vfs_read+0x930/0x930 [ 54.375678][ T3687] ? find_held_lock+0x2d/0x110 [ 54.380456][ T3687] ? lock_downgrade+0x6e0/0x6e0 [ 54.385330][ T3687] ? __fget_light+0x20a/0x270 [ 54.390025][ T3687] ksys_write+0x127/0x250 [ 54.394364][ T3687] ? __ia32_sys_read+0xb0/0xb0 [ 54.399145][ T3687] ? lockdep_hardirqs_on+0x79/0x100 [ 54.404369][ T3687] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.410289][ T3687] ? ptrace_notify+0xfa/0x140 [ 54.414999][ T3687] do_syscall_64+0x35/0xb0 [ 54.419431][ T3687] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.425335][ T3687] RIP: 0033:0x7f04aab85059 [ 54.429761][ T3687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.450004][ T3687] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3687] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3687] exit_group(0) = ? [pid 3687] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3687, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3688 attached , child_tidptr=0x555555ef05d0) = 3688 [pid 3688] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3688] setpgid(0, 0) = 0 [pid 3688] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3688] write(3, "1000", 4) = 4 [pid 3688] close(3) = 0 [pid 3688] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3688] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3688] write(4, "3", 1) = 1 [pid 3688] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3688] exit_group(0) = ? [pid 3688] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3688, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3689 attached , child_tidptr=0x555555ef05d0) = 3689 [pid 3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3689] setpgid(0, 0) = 0 [pid 3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3689] write(3, "1000", 4) = 4 [pid 3689] close(3) = 0 [pid 3689] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3689] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3689] write(4, "3", 1) = 1 [ 54.458536][ T3687] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 54.466514][ T3687] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 54.475880][ T3687] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 54.483962][ T3687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 54.491955][ T3687] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.500131][ T3687] [ 54.536489][ T3689] FAULT_INJECTION: forcing a failure. [ 54.536489][ T3689] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 54.549634][ T3689] CPU: 1 PID: 3689 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.561004][ T3689] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 54.570380][ T3689] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3689, name: syz-executor241 [ 54.580216][ T3689] preempt_count: 0, expected: 0 [ 54.585075][ T3689] RCU nest depth: 0, expected: 0 [ 54.590035][ T3689] 2 locks held by syz-executor241/3689: [ 54.595722][ T3689] #0: ffff888073bdb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 54.605491][ T3689] #1: ffff888073bdb130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 54.616940][ T3689] irq event stamp: 4386 [ 54.621096][ T3689] hardirqs last enabled at (4385): [] __schedule+0x353e/0x52b0 [ 54.630316][ T3689] hardirqs last disabled at (4386): [] dump_stack_lvl+0x2e/0x134 [ 54.639625][ T3689] softirqs last enabled at (4378): [] __irq_exit_rcu+0x123/0x180 [ 54.649016][ T3689] softirqs last disabled at (4369): [] __irq_exit_rcu+0x123/0x180 [ 54.658604][ T3689] CPU: 1 PID: 3689 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 54.670285][ T3689] syz-executor241[3689] cmdline: ./syz-executor2418713577 [ 54.677397][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.687542][ T3689] Call Trace: [ 54.690848][ T3689] [ 54.693778][ T3689] dump_stack_lvl+0xcd/0x134 [ 54.698394][ T3689] __might_resched.cold+0x222/0x26b [ 54.703608][ T3689] down_read_killable+0x75/0x490 [ 54.708572][ T3689] ? down_read+0x450/0x450 [ 54.713019][ T3689] __access_remote_vm+0xac/0x6f0 [ 54.718082][ T3689] ? follow_phys+0x2c0/0x2c0 [ 54.723046][ T3689] ? do_raw_spin_lock+0x120/0x2a0 [ 54.728121][ T3689] ? rwlock_bug.part.0+0x90/0x90 [ 54.733079][ T3689] ? __up_console_sem+0x47/0xc0 [ 54.738035][ T3689] get_mm_cmdline.part.0+0x217/0x620 [ 54.743349][ T3689] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 54.749097][ T3689] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 54.754923][ T3689] get_task_cmdline_kernel+0x1d9/0x220 [ 54.760412][ T3689] dump_stack_print_cmdline.part.0+0x82/0x150 [ 54.766541][ T3689] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 54.772678][ T3689] ? dump_stack_print_info+0xc6/0x190 [ 54.778071][ T3689] dump_stack_print_info+0x185/0x190 [ 54.783393][ T3689] dump_stack_lvl+0xc1/0x134 [ 54.788060][ T3689] should_fail.cold+0x5/0xa [ 54.792598][ T3689] copyin+0x19/0x120 [ 54.796530][ T3689] _copy_from_iter+0x1ca/0x11c0 [ 54.801424][ T3689] ? _copy_mc_to_iter+0x1430/0x1430 [ 54.806662][ T3689] ? rcu_read_lock_sched_held+0x3a/0x70 [ 54.812265][ T3689] ? __virt_addr_valid+0x5d/0x2d0 [ 54.817305][ T3689] ? __phys_addr+0xc4/0x140 [ 54.822169][ T3689] ? __phys_addr_symbol+0x2c/0x70 [ 54.827201][ T3689] ? __check_object_size+0x2de/0x700 [ 54.832508][ T3689] file_tty_write.constprop.0+0x449/0x8f0 [ 54.838693][ T3689] ? n_tty_close+0x1e0/0x1e0 [ 54.843325][ T3689] vfs_write+0x9e9/0xdd0 [ 54.847869][ T3689] ? vfs_read+0x930/0x930 [ 54.852227][ T3689] ? find_held_lock+0x2d/0x110 [ 54.857026][ T3689] ? lock_downgrade+0x6e0/0x6e0 [ 54.861892][ T3689] ? __fget_light+0x20a/0x270 [ 54.866585][ T3689] ksys_write+0x127/0x250 [ 54.870931][ T3689] ? __ia32_sys_read+0xb0/0xb0 [ 54.875718][ T3689] ? lockdep_hardirqs_on+0x79/0x100 [ 54.880951][ T3689] ? _raw_spin_unlock_irq+0x2a/0x40 [ 54.886707][ T3689] ? ptrace_notify+0xfa/0x140 [ 54.891413][ T3689] do_syscall_64+0x35/0xb0 [ 54.895854][ T3689] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.901761][ T3689] RIP: 0033:0x7f04aab85059 [ 54.906182][ T3689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 54.925810][ T3689] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.934248][ T3689] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 54.942241][ T3689] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 54.950260][ T3689] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 54.958329][ T3689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 54.966761][ T3689] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 54.974870][ T3689] [ 54.977934][ T3689] syz-executor241[3689] cmdline: ./syz-executor2418713577 [ 54.985056][ T3689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 54.995138][ T3689] Call Trace: [ 54.998431][ T3689] [ 55.001389][ T3689] dump_stack_lvl+0xcd/0x134 [ 55.006056][ T3689] should_fail.cold+0x5/0xa [ 55.010613][ T3689] copyin+0x19/0x120 [ 55.014554][ T3689] _copy_from_iter+0x1ca/0x11c0 [ 55.019462][ T3689] ? _copy_mc_to_iter+0x1430/0x1430 [ 55.024694][ T3689] ? rcu_read_lock_sched_held+0x3a/0x70 [ 55.030282][ T3689] ? __virt_addr_valid+0x5d/0x2d0 [ 55.035329][ T3689] ? __phys_addr+0xc4/0x140 [ 55.039861][ T3689] ? __phys_addr_symbol+0x2c/0x70 [ 55.044927][ T3689] ? __check_object_size+0x2de/0x700 [ 55.050265][ T3689] file_tty_write.constprop.0+0x449/0x8f0 [ 55.056015][ T3689] ? n_tty_close+0x1e0/0x1e0 [ 55.060632][ T3689] vfs_write+0x9e9/0xdd0 [ 55.064891][ T3689] ? vfs_read+0x930/0x930 [ 55.069238][ T3689] ? find_held_lock+0x2d/0x110 [ 55.074056][ T3689] ? lock_downgrade+0x6e0/0x6e0 [ 55.078939][ T3689] ? __fget_light+0x20a/0x270 [ 55.083647][ T3689] ksys_write+0x127/0x250 [ 55.088026][ T3689] ? __ia32_sys_read+0xb0/0xb0 [ 55.092893][ T3689] ? lockdep_hardirqs_on+0x79/0x100 [ 55.098116][ T3689] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.103323][ T3689] ? ptrace_notify+0xfa/0x140 [ 55.108033][ T3689] do_syscall_64+0x35/0xb0 [ 55.112469][ T3689] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.118370][ T3689] RIP: 0033:0x7f04aab85059 [ 55.122808][ T3689] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.142429][ T3689] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.150853][ T3689] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 55.158830][ T3689] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 55.166814][ T3689] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 55.174788][ T3689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3689] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3689] exit_group(0) = ? [pid 3689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3690 ./strace-static-x86_64: Process 3690 attached [pid 3690] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3690] setpgid(0, 0) = 0 [pid 3690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3690] write(3, "1000", 4) = 4 [pid 3690] close(3) = 0 [pid 3690] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3690] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3690] write(4, "3", 1) = 1 [pid 3690] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.183118][ T3689] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 55.191111][ T3689] [pid 3690] exit_group(0) = ? [pid 3690] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3690, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3691 attached , child_tidptr=0x555555ef05d0) = 3691 [pid 3691] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3691] setpgid(0, 0) = 0 [pid 3691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3691] write(3, "1000", 4) = 4 [pid 3691] close(3) = 0 [pid 3691] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3691] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3691] write(4, "3", 1) = 1 [pid 3691] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3691] exit_group(0) = ? [pid 3691] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3691, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3692 attached , child_tidptr=0x555555ef05d0) = 3692 [pid 3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3692] setpgid(0, 0) = 0 [pid 3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3692] write(3, "1000", 4) = 4 [pid 3692] close(3) = 0 [pid 3692] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3692] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3692] write(4, "3", 1) = 1 [pid 3692] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.210597][ T3690] pagefault_out_of_memory: 55 callbacks suppressed [ 55.210614][ T3690] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.247672][ T3691] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3692] exit_group(0) = ? [pid 3692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3693 ./strace-static-x86_64: Process 3693 attached [pid 3693] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3693] setpgid(0, 0) = 0 [pid 3693] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3693] write(3, "1000", 4) = 4 [pid 3693] close(3) = 0 [pid 3693] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3693] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3693] write(4, "3", 1) = 1 [pid 3693] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3693] exit_group(0) = ? [pid 3693] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3693, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3694 attached , child_tidptr=0x555555ef05d0) = 3694 [pid 3694] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3694] setpgid(0, 0) = 0 [pid 3694] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3694] write(3, "1000", 4) = 4 [pid 3694] close(3) = 0 [pid 3694] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3694] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3694] write(4, "3", 1) = 1 [pid 3694] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.267920][ T3692] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.290108][ T3693] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3694] exit_group(0) = ? [pid 3694] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3694, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3695 ./strace-static-x86_64: Process 3695 attached [pid 3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3695] setpgid(0, 0) = 0 [pid 3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3695] write(3, "1000", 4) = 4 [pid 3695] close(3) = 0 [pid 3695] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3695] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3695] write(4, "3", 1) = 1 [pid 3695] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.312530][ T3694] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3695] exit_group(0) = ? [pid 3695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3696 attached , child_tidptr=0x555555ef05d0) = 3696 [pid 3696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3696] setpgid(0, 0) = 0 [pid 3696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3696] write(3, "1000", 4) = 4 [pid 3696] close(3) = 0 [pid 3696] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3696] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3696] write(4, "3", 1) = 1 [pid 3696] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3696] exit_group(0) = ? [pid 3696] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3696, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3697 attached , child_tidptr=0x555555ef05d0) = 3697 [pid 3697] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3697] setpgid(0, 0) = 0 [pid 3697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3697] write(3, "1000", 4) = 4 [pid 3697] close(3) = 0 [pid 3697] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3697] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3697] write(4, "3", 1) = 1 [pid 3697] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3697] exit_group(0) = ? [pid 3697] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3697, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3698 attached , child_tidptr=0x555555ef05d0) = 3698 [pid 3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3698] setpgid(0, 0) = 0 [pid 3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3698] write(3, "1000", 4) = 4 [pid 3698] close(3) = 0 [pid 3698] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3698] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3698] write(4, "3", 1) = 1 [pid 3698] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 55.343463][ T3695] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.363421][ T3696] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.382784][ T3697] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [pid 3698] exit_group(0) = ? [pid 3698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3699 attached , child_tidptr=0x555555ef05d0) = 3699 [pid 3699] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3699] setpgid(0, 0) = 0 [pid 3699] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3699] write(3, "1000", 4) = 4 [pid 3699] close(3) = 0 [pid 3699] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3699] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3699] write(4, "3", 1) = 1 [pid 3699] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3699] exit_group(0) = ? [pid 3699] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3699, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3700 ./strace-static-x86_64: Process 3700 attached [pid 3700] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3700] setpgid(0, 0) = 0 [pid 3700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3700] write(3, "1000", 4) = 4 [pid 3700] close(3) = 0 [pid 3700] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3700] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3700] write(4, "3", 1) = 1 [pid 3700] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3700] exit_group(0) = ? [pid 3700] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3700, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3701 ./strace-static-x86_64: Process 3701 attached [pid 3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3701] setpgid(0, 0) = 0 [pid 3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3701] write(3, "1000", 4) = 4 [pid 3701] close(3) = 0 [pid 3701] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3701] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3701] write(4, "3", 1) = 1 [ 55.403896][ T3698] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.426412][ T3699] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 55.460345][ T3701] FAULT_INJECTION: forcing a failure. [ 55.460345][ T3701] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 55.473933][ T3701] CPU: 1 PID: 3701 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.485359][ T3701] syz-executor241[3701] cmdline: ./syz-executor2418713577 [ 55.492495][ T3701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.502760][ T3701] Call Trace: [ 55.506065][ T3701] [ 55.509021][ T3701] dump_stack_lvl+0xcd/0x134 [ 55.513633][ T3701] should_fail.cold+0x5/0xa [ 55.518142][ T3701] copyin+0x19/0x120 [ 55.522129][ T3701] _copy_from_iter+0x1ca/0x11c0 [ 55.527793][ T3701] ? _copy_mc_to_iter+0x1430/0x1430 [ 55.533020][ T3701] ? rcu_read_lock_sched_held+0x3a/0x70 [ 55.538581][ T3701] ? __virt_addr_valid+0x5d/0x2d0 [ 55.543701][ T3701] ? __phys_addr+0xc4/0x140 [ 55.548217][ T3701] ? __phys_addr_symbol+0x2c/0x70 [ 55.553249][ T3701] ? __check_object_size+0x2de/0x700 [ 55.558561][ T3701] file_tty_write.constprop.0+0x449/0x8f0 [ 55.564381][ T3701] ? n_tty_close+0x1e0/0x1e0 [ 55.568992][ T3701] vfs_write+0x9e9/0xdd0 [ 55.573256][ T3701] ? vfs_read+0x930/0x930 [ 55.577608][ T3701] ? find_held_lock+0x2d/0x110 [ 55.582387][ T3701] ? lock_downgrade+0x6e0/0x6e0 [ 55.587253][ T3701] ? __fget_light+0x20a/0x270 [ 55.591953][ T3701] ksys_write+0x127/0x250 [ 55.596306][ T3701] ? __ia32_sys_read+0xb0/0xb0 [ 55.601168][ T3701] ? lockdep_hardirqs_on+0x79/0x100 [ 55.606383][ T3701] ? _raw_spin_unlock_irq+0x2a/0x40 [ 55.611597][ T3701] ? ptrace_notify+0xfa/0x140 [ 55.616295][ T3701] do_syscall_64+0x35/0xb0 [ 55.620727][ T3701] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.626629][ T3701] RIP: 0033:0x7f04aab85059 [ 55.631070][ T3701] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 55.651899][ T3701] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3701] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3701] exit_group(0) = ? [pid 3701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3702 ./strace-static-x86_64: Process 3702 attached [pid 3702] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3702] setpgid(0, 0) = 0 [pid 3702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3702] write(3, "1000", 4) = 4 [pid 3702] close(3) = 0 [pid 3702] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3702] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3702] write(4, "3", 1) = 1 [pid 3702] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3702] exit_group(0) = ? [pid 3702] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3702, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3703 attached , child_tidptr=0x555555ef05d0) = 3703 [pid 3703] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3703] setpgid(0, 0) = 0 [pid 3703] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3703] write(3, "1000", 4) = 4 [pid 3703] close(3) = 0 [pid 3703] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3703] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3703] write(4, "3", 1) = 1 [pid 3703] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3703] exit_group(0) = ? [pid 3703] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3703, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3704 ./strace-static-x86_64: Process 3704 attached [pid 3704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3704] setpgid(0, 0) = 0 [pid 3704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3704] write(3, "1000", 4) = 4 [pid 3704] close(3) = 0 [pid 3704] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [ 55.660365][ T3701] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 55.668353][ T3701] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 55.676328][ T3701] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 55.684320][ T3701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 55.692293][ T3701] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 55.700291][ T3701] [pid 3704] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3704] write(4, "3", 1) = 1 [pid 3704] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3704] exit_group(0) = ? [pid 3704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3704, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3705 attached , child_tidptr=0x555555ef05d0) = 3705 [pid 3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3705] setpgid(0, 0) = 0 [pid 3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3705] write(3, "1000", 4) = 4 [pid 3705] close(3) = 0 [pid 3705] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3705] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3705] write(4, "3", 1) = 1 [pid 3705] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3705] exit_group(0) = ? [pid 3705] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3706 ./strace-static-x86_64: Process 3706 attached [pid 3706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3706] setpgid(0, 0) = 0 [pid 3706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3706] write(3, "1000", 4) = 4 [pid 3706] close(3) = 0 [pid 3706] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3706] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3706] write(4, "3", 1) = 1 [pid 3706] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3706] exit_group(0) = ? [pid 3706] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3706, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3707 attached , child_tidptr=0x555555ef05d0) = 3707 [pid 3707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3707] setpgid(0, 0) = 0 [pid 3707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3707] write(3, "1000", 4) = 4 [pid 3707] close(3) = 0 [pid 3707] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3707] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3707] write(4, "3", 1) = 1 [pid 3707] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3707] exit_group(0) = ? [pid 3707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3707, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3708 attached , child_tidptr=0x555555ef05d0) = 3708 [pid 3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3708] setpgid(0, 0) = 0 [pid 3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3708] write(3, "1000", 4) = 4 [pid 3708] close(3) = 0 [pid 3708] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3708] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3708] write(4, "3", 1) = 1 [pid 3708] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3708] exit_group(0) = ? [pid 3708] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3709 ./strace-static-x86_64: Process 3709 attached [pid 3709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3709] setpgid(0, 0) = 0 [pid 3709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3709] write(3, "1000", 4) = 4 [pid 3709] close(3) = 0 [pid 3709] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3709] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3709] write(4, "3", 1) = 1 [pid 3709] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3709] exit_group(0) = ? [pid 3709] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3709, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3710 attached , child_tidptr=0x555555ef05d0) = 3710 [pid 3710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3710] setpgid(0, 0) = 0 [pid 3710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3710] write(3, "1000", 4) = 4 [pid 3710] close(3) = 0 [pid 3710] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3710] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3710] write(4, "3", 1) = 1 [pid 3710] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3710] exit_group(0) = ? [pid 3710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3710, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3711 attached , child_tidptr=0x555555ef05d0) = 3711 [pid 3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3711] setpgid(0, 0) = 0 [pid 3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3711] write(3, "1000", 4) = 4 [pid 3711] close(3) = 0 [pid 3711] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3711] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3711] write(4, "3", 1) = 1 [ 55.840974][ T3711] FAULT_INJECTION: forcing a failure. [ 55.840974][ T3711] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 55.854223][ T3711] CPU: 1 PID: 3711 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.865633][ T3711] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 55.875106][ T3711] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3711, name: syz-executor241 [ 55.884582][ T3711] preempt_count: 0, expected: 0 [ 55.889444][ T3711] RCU nest depth: 0, expected: 0 [ 55.894393][ T3711] 2 locks held by syz-executor241/3711: [ 55.899930][ T3711] #0: ffff888074226098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 55.909694][ T3711] #1: ffff888074226130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 55.921198][ T3711] irq event stamp: 3514 [ 55.925437][ T3711] hardirqs last enabled at (3513): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 55.935975][ T3711] hardirqs last disabled at (3514): [] dump_stack_lvl+0x2e/0x134 [ 55.945402][ T3711] softirqs last enabled at (3506): [] __irq_exit_rcu+0x123/0x180 [ 55.954803][ T3711] softirqs last disabled at (3495): [] __irq_exit_rcu+0x123/0x180 [ 55.964560][ T3711] CPU: 1 PID: 3711 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 55.976229][ T3711] syz-executor241[3711] cmdline: ./syz-executor2418713577 [ 55.983343][ T3711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 55.993407][ T3711] Call Trace: [ 55.996690][ T3711] [ 55.999664][ T3711] dump_stack_lvl+0xcd/0x134 [ 56.004279][ T3711] __might_resched.cold+0x222/0x26b [ 56.009495][ T3711] down_read_killable+0x75/0x490 [ 56.014540][ T3711] ? down_read+0x450/0x450 [ 56.018983][ T3711] __access_remote_vm+0xac/0x6f0 [ 56.023948][ T3711] ? follow_phys+0x2c0/0x2c0 [ 56.028545][ T3711] ? do_raw_spin_lock+0x120/0x2a0 [ 56.033580][ T3711] ? rwlock_bug.part.0+0x90/0x90 [ 56.038532][ T3711] ? __up_console_sem+0x47/0xc0 [ 56.043407][ T3711] get_mm_cmdline.part.0+0x217/0x620 [ 56.048710][ T3711] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 56.054465][ T3711] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 56.060334][ T3711] get_task_cmdline_kernel+0x1d9/0x220 [ 56.065849][ T3711] dump_stack_print_cmdline.part.0+0x82/0x150 [ 56.071942][ T3711] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 56.078099][ T3711] ? dump_stack_print_info+0xc6/0x190 [ 56.083497][ T3711] dump_stack_print_info+0x185/0x190 [ 56.089346][ T3711] dump_stack_lvl+0xc1/0x134 [ 56.093959][ T3711] should_fail.cold+0x5/0xa [ 56.098482][ T3711] copyin+0x19/0x120 [ 56.102389][ T3711] _copy_from_iter+0x1ca/0x11c0 [ 56.107270][ T3711] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.112490][ T3711] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.118044][ T3711] ? __virt_addr_valid+0x5d/0x2d0 [ 56.123073][ T3711] ? __phys_addr+0xc4/0x140 [ 56.127669][ T3711] ? __phys_addr_symbol+0x2c/0x70 [ 56.133494][ T3711] ? __check_object_size+0x2de/0x700 [ 56.138803][ T3711] file_tty_write.constprop.0+0x449/0x8f0 [ 56.144536][ T3711] ? n_tty_close+0x1e0/0x1e0 [ 56.149146][ T3711] vfs_write+0x9e9/0xdd0 [ 56.153405][ T3711] ? vfs_read+0x930/0x930 [ 56.157763][ T3711] ? find_held_lock+0x2d/0x110 [ 56.162540][ T3711] ? lock_downgrade+0x6e0/0x6e0 [ 56.167411][ T3711] ? __fget_light+0x20a/0x270 [ 56.172109][ T3711] ksys_write+0x127/0x250 [ 56.176451][ T3711] ? __ia32_sys_read+0xb0/0xb0 [ 56.181224][ T3711] ? lockdep_hardirqs_on+0x79/0x100 [ 56.186446][ T3711] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.191651][ T3711] ? ptrace_notify+0xfa/0x140 [ 56.196359][ T3711] do_syscall_64+0x35/0xb0 [ 56.200800][ T3711] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.206703][ T3711] RIP: 0033:0x7f04aab85059 [ 56.211123][ T3711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.230735][ T3711] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.239154][ T3711] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 56.247129][ T3711] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.255107][ T3711] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 56.263082][ T3711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 56.271066][ T3711] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.279085][ T3711] [ 56.282390][ T3711] syz-executor241[3711] cmdline: ./syz-executor2418713577 [ 56.289501][ T3711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.299560][ T3711] Call Trace: [ 56.302837][ T3711] [ 56.305780][ T3711] dump_stack_lvl+0xcd/0x134 [ 56.310393][ T3711] should_fail.cold+0x5/0xa [ 56.314922][ T3711] copyin+0x19/0x120 [ 56.319708][ T3711] _copy_from_iter+0x1ca/0x11c0 [ 56.324585][ T3711] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.329801][ T3711] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.335442][ T3711] ? __virt_addr_valid+0x5d/0x2d0 [ 56.340483][ T3711] ? __phys_addr+0xc4/0x140 [ 56.344996][ T3711] ? __phys_addr_symbol+0x2c/0x70 [ 56.350028][ T3711] ? __check_object_size+0x2de/0x700 [ 56.355337][ T3711] file_tty_write.constprop.0+0x449/0x8f0 [ 56.361085][ T3711] ? n_tty_close+0x1e0/0x1e0 [ 56.365694][ T3711] vfs_write+0x9e9/0xdd0 [ 56.369951][ T3711] ? vfs_read+0x930/0x930 [ 56.374297][ T3711] ? find_held_lock+0x2d/0x110 [ 56.379074][ T3711] ? lock_downgrade+0x6e0/0x6e0 [ 56.383962][ T3711] ? __fget_light+0x20a/0x270 [ 56.388655][ T3711] ksys_write+0x127/0x250 [ 56.393086][ T3711] ? __ia32_sys_read+0xb0/0xb0 [ 56.397990][ T3711] ? lockdep_hardirqs_on+0x79/0x100 [ 56.403210][ T3711] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.408420][ T3711] ? ptrace_notify+0xfa/0x140 [ 56.413116][ T3711] do_syscall_64+0x35/0xb0 [ 56.417565][ T3711] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.423467][ T3711] RIP: 0033:0x7f04aab85059 [ 56.427995][ T3711] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.447696][ T3711] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.456203][ T3711] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 56.464279][ T3711] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.472453][ T3711] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 56.480733][ T3711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3711] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3711] exit_group(0) = ? [pid 3711] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=0, si_stime=67} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3712 ./strace-static-x86_64: Process 3712 attached [pid 3712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3712] setpgid(0, 0) = 0 [pid 3712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3712] write(3, "1000", 4) = 4 [pid 3712] close(3) = 0 [pid 3712] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3712] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3712] write(4, "3", 1) = 1 [pid 3712] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3712] exit_group(0) = ? [pid 3712] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3712, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3713 attached , child_tidptr=0x555555ef05d0) = 3713 [pid 3713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3713] setpgid(0, 0) = 0 [pid 3713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3713] write(3, "1000", 4) = 4 [pid 3713] close(3) = 0 [pid 3713] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3713] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3713] write(4, "3", 1) = 1 [pid 3713] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3713] exit_group(0) = ? [pid 3713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3713, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3714 attached , child_tidptr=0x555555ef05d0) = 3714 [pid 3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3714] setpgid(0, 0) = 0 [pid 3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3714] write(3, "1000", 4) = 4 [pid 3714] close(3) = 0 [pid 3714] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3714] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3714] write(4, "3", 1) = 1 [pid 3714] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 56.488732][ T3711] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.497295][ T3711] [pid 3714] exit_group(0) = ? [pid 3714] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3715 attached , child_tidptr=0x555555ef05d0) = 3715 [pid 3715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3715] setpgid(0, 0) = 0 [pid 3715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3715] write(3, "1000", 4) = 4 [pid 3715] close(3) = 0 [pid 3715] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3715] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3715] write(4, "3", 1) = 1 [pid 3715] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3715] exit_group(0) = ? [pid 3715] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3715, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3716 attached , child_tidptr=0x555555ef05d0) = 3716 [pid 3716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3716] setpgid(0, 0) = 0 [pid 3716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3716] write(3, "1000", 4) = 4 [pid 3716] close(3) = 0 [pid 3716] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3716] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3716] write(4, "3", 1) = 1 [pid 3716] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3716] exit_group(0) = ? [pid 3716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3716, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3717 attached , child_tidptr=0x555555ef05d0) = 3717 [pid 3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3717] setpgid(0, 0) = 0 [pid 3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3717] write(3, "1000", 4) = 4 [pid 3717] close(3) = 0 [pid 3717] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3717] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3717] write(4, "3", 1) = 1 [ 56.610929][ T3717] FAULT_INJECTION: forcing a failure. [ 56.610929][ T3717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.624401][ T3717] CPU: 1 PID: 3717 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.635854][ T3717] syz-executor241[3717] cmdline: ./syz-executor2418713577 [ 56.642969][ T3717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 56.653034][ T3717] Call Trace: [ 56.656360][ T3717] [ 56.659296][ T3717] dump_stack_lvl+0xcd/0x134 [ 56.663920][ T3717] should_fail.cold+0x5/0xa [ 56.668452][ T3717] copyin+0x19/0x120 [ 56.672371][ T3717] _copy_from_iter+0x1ca/0x11c0 [ 56.677267][ T3717] ? _copy_mc_to_iter+0x1430/0x1430 [ 56.682572][ T3717] ? rcu_read_lock_sched_held+0x3a/0x70 [ 56.688156][ T3717] ? __virt_addr_valid+0x5d/0x2d0 [ 56.693207][ T3717] ? __phys_addr+0xc4/0x140 [ 56.697746][ T3717] ? __phys_addr_symbol+0x2c/0x70 [ 56.702798][ T3717] ? __check_object_size+0x2de/0x700 [ 56.708121][ T3717] file_tty_write.constprop.0+0x449/0x8f0 [ 56.713861][ T3717] ? n_tty_close+0x1e0/0x1e0 [ 56.718474][ T3717] vfs_write+0x9e9/0xdd0 [ 56.722750][ T3717] ? vfs_read+0x930/0x930 [ 56.727111][ T3717] ? find_held_lock+0x2d/0x110 [ 56.731984][ T3717] ? lock_downgrade+0x6e0/0x6e0 [ 56.736853][ T3717] ? __fget_light+0x20a/0x270 [ 56.741543][ T3717] ksys_write+0x127/0x250 [ 56.746061][ T3717] ? __ia32_sys_read+0xb0/0xb0 [ 56.750937][ T3717] ? lockdep_hardirqs_on+0x79/0x100 [ 56.756189][ T3717] ? _raw_spin_unlock_irq+0x2a/0x40 [ 56.761835][ T3717] ? ptrace_notify+0xfa/0x140 [ 56.766602][ T3717] do_syscall_64+0x35/0xb0 [ 56.771033][ T3717] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.776940][ T3717] RIP: 0033:0x7f04aab85059 [ 56.781483][ T3717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 56.801485][ T3717] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3717] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3717] exit_group(0) = ? [pid 3717] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3718 ./strace-static-x86_64: Process 3718 attached [pid 3718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3718] setpgid(0, 0) = 0 [pid 3718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3718] write(3, "1000", 4) = 4 [pid 3718] close(3) = 0 [pid 3718] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3718] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3718] write(4, "3", 1) = 1 [pid 3718] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3718] exit_group(0) = ? [pid 3718] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3718, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3719 ./strace-static-x86_64: Process 3719 attached [pid 3719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3719] setpgid(0, 0) = 0 [pid 3719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3719] write(3, "1000", 4) = 4 [pid 3719] close(3) = 0 [pid 3719] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3719] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3719] write(4, "3", 1) = 1 [pid 3719] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3719] exit_group(0) = ? [pid 3719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3719, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3720 attached , child_tidptr=0x555555ef05d0) = 3720 [pid 3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3720] setpgid(0, 0) = 0 [pid 3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3720] write(3, "1000", 4) = 4 [pid 3720] close(3) = 0 [pid 3720] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3720] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3720] write(4, "3", 1) = 1 [pid 3720] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3720] exit_group(0) = ? [pid 3720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- [ 56.809909][ T3717] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 56.817988][ T3717] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 56.825972][ T3717] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 56.833949][ T3717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 56.842013][ T3717] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 56.850011][ T3717] restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3721 ./strace-static-x86_64: Process 3721 attached [pid 3721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3721] setpgid(0, 0) = 0 [pid 3721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3721] write(3, "1000", 4) = 4 [pid 3721] close(3) = 0 [pid 3721] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3721] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3721] write(4, "3", 1) = 1 [pid 3721] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3721] exit_group(0) = ? [pid 3721] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3721, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3722 attached [pid 3722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3722] setpgid(0, 0) = 0 [pid 3722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3722] write(3, "1000", 4) = 4 [pid 3722] close(3) = 0 [pid 3722] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000 [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3722 [pid 3722] <... openat resumed>) = 3 [pid 3722] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3722] write(4, "3", 1) = 1 [ 56.911653][ T3722] FAULT_INJECTION: forcing a failure. [ 56.911653][ T3722] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.924928][ T3722] CPU: 0 PID: 3722 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 56.936349][ T3722] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 56.945792][ T3722] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3722, name: syz-executor241 [ 56.955236][ T3722] preempt_count: 0, expected: 0 [ 56.960105][ T3722] RCU nest depth: 0, expected: 0 [ 56.965064][ T3722] 2 locks held by syz-executor241/3722: [ 56.970720][ T3722] #0: ffff888076b03098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 56.980568][ T3722] #1: ffff888076b03130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 56.991900][ T3722] irq event stamp: 3350 [ 56.996272][ T3722] hardirqs last enabled at (3349): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 57.006725][ T3722] hardirqs last disabled at (3350): [] dump_stack_lvl+0x2e/0x134 [ 57.016024][ T3722] softirqs last enabled at (3342): [] __irq_exit_rcu+0x123/0x180 [ 57.025421][ T3722] softirqs last disabled at (3325): [] __irq_exit_rcu+0x123/0x180 [ 57.034799][ T3722] CPU: 0 PID: 3722 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.046648][ T3722] syz-executor241[3722] cmdline: ./syz-executor2418713577 [ 57.053761][ T3722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.063811][ T3722] Call Trace: [ 57.067085][ T3722] [ 57.070011][ T3722] dump_stack_lvl+0xcd/0x134 [ 57.074710][ T3722] __might_resched.cold+0x222/0x26b [ 57.079939][ T3722] down_read_killable+0x75/0x490 [ 57.085292][ T3722] ? down_read+0x450/0x450 [ 57.089759][ T3722] __access_remote_vm+0xac/0x6f0 [ 57.094797][ T3722] ? follow_phys+0x2c0/0x2c0 [ 57.099403][ T3722] ? do_raw_spin_lock+0x120/0x2a0 [ 57.104459][ T3722] ? rwlock_bug.part.0+0x90/0x90 [ 57.109398][ T3722] ? __up_console_sem+0x47/0xc0 [ 57.114267][ T3722] get_mm_cmdline.part.0+0x217/0x620 [ 57.119640][ T3722] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 57.125425][ T3722] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 57.131254][ T3722] get_task_cmdline_kernel+0x1d9/0x220 [ 57.136763][ T3722] dump_stack_print_cmdline.part.0+0x82/0x150 [ 57.142851][ T3722] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 57.148970][ T3722] ? dump_stack_print_info+0xc6/0x190 [ 57.154365][ T3722] dump_stack_print_info+0x185/0x190 [ 57.160126][ T3722] dump_stack_lvl+0xc1/0x134 [ 57.164729][ T3722] should_fail.cold+0x5/0xa [ 57.169255][ T3722] copyin+0x19/0x120 [ 57.173153][ T3722] _copy_from_iter+0x1ca/0x11c0 [ 57.178033][ T3722] ? _copy_mc_to_iter+0x1430/0x1430 [ 57.183501][ T3722] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.189050][ T3722] ? __virt_addr_valid+0x5d/0x2d0 [ 57.194175][ T3722] ? __phys_addr+0xc4/0x140 [ 57.198706][ T3722] ? __phys_addr_symbol+0x2c/0x70 [ 57.203746][ T3722] ? __check_object_size+0x2de/0x700 [ 57.209038][ T3722] file_tty_write.constprop.0+0x449/0x8f0 [ 57.214771][ T3722] ? n_tty_close+0x1e0/0x1e0 [ 57.219384][ T3722] vfs_write+0x9e9/0xdd0 [ 57.223628][ T3722] ? vfs_read+0x930/0x930 [ 57.227962][ T3722] ? find_held_lock+0x2d/0x110 [ 57.232763][ T3722] ? lock_downgrade+0x6e0/0x6e0 [ 57.237654][ T3722] ? __fget_light+0x20a/0x270 [ 57.243116][ T3722] ksys_write+0x127/0x250 [ 57.247886][ T3722] ? __ia32_sys_read+0xb0/0xb0 [ 57.252657][ T3722] ? lockdep_hardirqs_on+0x79/0x100 [ 57.257888][ T3722] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.263097][ T3722] ? ptrace_notify+0xfa/0x140 [ 57.267779][ T3722] do_syscall_64+0x35/0xb0 [ 57.272199][ T3722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.278095][ T3722] RIP: 0033:0x7f04aab85059 [ 57.282539][ T3722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.302170][ T3722] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.310676][ T3722] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 57.318650][ T3722] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.326623][ T3722] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 57.334591][ T3722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 57.342559][ T3722] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 57.350576][ T3722] [ 57.353647][ T3722] syz-executor241[3722] cmdline: ./syz-executor2418713577 [ 57.360776][ T3722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.370899][ T3722] Call Trace: [ 57.374497][ T3722] [ 57.377425][ T3722] dump_stack_lvl+0xcd/0x134 [ 57.382042][ T3722] should_fail.cold+0x5/0xa [ 57.386681][ T3722] copyin+0x19/0x120 [ 57.390601][ T3722] _copy_from_iter+0x1ca/0x11c0 [ 57.395480][ T3722] ? _copy_mc_to_iter+0x1430/0x1430 [ 57.400707][ T3722] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.406296][ T3722] ? __virt_addr_valid+0x5d/0x2d0 [ 57.412054][ T3722] ? __phys_addr+0xc4/0x140 [ 57.419791][ T3722] ? __phys_addr_symbol+0x2c/0x70 [ 57.425730][ T3722] ? __check_object_size+0x2de/0x700 [ 57.431023][ T3722] file_tty_write.constprop.0+0x449/0x8f0 [ 57.436813][ T3722] ? n_tty_close+0x1e0/0x1e0 [ 57.441423][ T3722] vfs_write+0x9e9/0xdd0 [ 57.445683][ T3722] ? vfs_read+0x930/0x930 [ 57.450022][ T3722] ? find_held_lock+0x2d/0x110 [ 57.454804][ T3722] ? lock_downgrade+0x6e0/0x6e0 [ 57.459687][ T3722] ? __fget_light+0x20a/0x270 [ 57.464398][ T3722] ksys_write+0x127/0x250 [ 57.468737][ T3722] ? __ia32_sys_read+0xb0/0xb0 [ 57.473519][ T3722] ? lockdep_hardirqs_on+0x79/0x100 [ 57.478742][ T3722] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.483985][ T3722] ? ptrace_notify+0xfa/0x140 [ 57.488685][ T3722] do_syscall_64+0x35/0xb0 [ 57.493226][ T3722] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.499126][ T3722] RIP: 0033:0x7f04aab85059 [ 57.503538][ T3722] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.523143][ T3722] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 57.531584][ T3722] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 57.539574][ T3722] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.547583][ T3722] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 57.555561][ T3722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [pid 3722] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3722] exit_group(0) = ? [pid 3722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3722, si_uid=0, si_status=0, si_utime=0, si_stime=66} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3723 ./strace-static-x86_64: Process 3723 attached [pid 3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3723] setpgid(0, 0) = 0 [pid 3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3723] write(3, "1000", 4) = 4 [pid 3723] close(3) = 0 [pid 3723] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3723] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3723] write(4, "3", 1) = 1 [pid 3723] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3723] exit_group(0) = ? [pid 3723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3724 attached , child_tidptr=0x555555ef05d0) = 3724 [pid 3724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3724] setpgid(0, 0) = 0 [pid 3724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3724] write(3, "1000", 4) = 4 [pid 3724] close(3) = 0 [pid 3724] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3724] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3724] write(4, "3", 1) = 1 [pid 3724] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3724] exit_group(0) = ? [pid 3724] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3724, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3725 ./strace-static-x86_64: Process 3725 attached [pid 3725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3725] setpgid(0, 0) = 0 [pid 3725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3725] write(3, "1000", 4) = 4 [pid 3725] close(3) = 0 [pid 3725] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3725] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3725] write(4, "3", 1) = 1 [pid 3725] write(3, NULL, 65326) = -1 EFAULT (Bad address) [ 57.563548][ T3722] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 57.571553][ T3722] [pid 3725] exit_group(0) = ? [pid 3725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3725, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3726 attached , child_tidptr=0x555555ef05d0) = 3726 [pid 3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3726] setpgid(0, 0) = 0 [pid 3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3726] write(3, "1000", 4) = 4 [pid 3726] close(3) = 0 [pid 3726] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3726] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3726] write(4, "3", 1) = 1 [pid 3726] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3726] exit_group(0) = ? [pid 3726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3727 attached , child_tidptr=0x555555ef05d0) = 3727 [pid 3727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3727] setpgid(0, 0) = 0 [pid 3727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3727] write(3, "1000", 4) = 4 [pid 3727] close(3) = 0 [pid 3727] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3727] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3727] write(4, "3", 1) = 1 [pid 3727] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3727] exit_group(0) = ? [pid 3727] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3727, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3728 attached , child_tidptr=0x555555ef05d0) = 3728 [pid 3728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3728] setpgid(0, 0) = 0 [pid 3728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3728] write(3, "1000", 4) = 4 [pid 3728] close(3) = 0 [pid 3728] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3728] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3728] write(4, "3", 1) = 1 [pid 3728] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3728] exit_group(0) = ? [pid 3728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3728, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3729 ./strace-static-x86_64: Process 3729 attached [pid 3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3729] setpgid(0, 0) = 0 [pid 3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3729] write(3, "1000", 4) = 4 [pid 3729] close(3) = 0 [pid 3729] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3729] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3729] write(4, "3", 1) = 1 [pid 3729] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3729] exit_group(0) = ? [pid 3729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3730 attached , child_tidptr=0x555555ef05d0) = 3730 [pid 3730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3730] setpgid(0, 0) = 0 [pid 3730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3730] write(3, "1000", 4) = 4 [pid 3730] close(3) = 0 [pid 3730] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3730] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3730] write(4, "3", 1) = 1 [pid 3730] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3730] exit_group(0) = ? [pid 3730] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3730, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3731 attached , child_tidptr=0x555555ef05d0) = 3731 [pid 3731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3731] setpgid(0, 0) = 0 [pid 3731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3731] write(3, "1000", 4) = 4 [pid 3731] close(3) = 0 [pid 3731] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3731] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3731] write(4, "3", 1) = 1 [pid 3731] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3731] exit_group(0) = ? [pid 3731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3731, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3732 ./strace-static-x86_64: Process 3732 attached [pid 3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3732] setpgid(0, 0) = 0 [pid 3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3732] write(3, "1000", 4) = 4 [pid 3732] close(3) = 0 [pid 3732] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3732] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3732] write(4, "3", 1) = 1 [pid 3732] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3732] exit_group(0) = ? [pid 3732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3733 ./strace-static-x86_64: Process 3733 attached [pid 3733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3733] setpgid(0, 0) = 0 [pid 3733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3733] write(3, "1000", 4) = 4 [pid 3733] close(3) = 0 [pid 3733] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3733] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3733] write(4, "3", 1) = 1 [pid 3733] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3733] exit_group(0) = ? [pid 3733] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3733, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3734 ./strace-static-x86_64: Process 3734 attached [pid 3734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3734] setpgid(0, 0) = 0 [pid 3734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3734] write(3, "1000", 4) = 4 [pid 3734] close(3) = 0 [pid 3734] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3734] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3734] write(4, "3", 1) = 1 [pid 3734] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3734] exit_group(0) = ? [pid 3734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3734, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3735 ./strace-static-x86_64: Process 3735 attached [pid 3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3735] setpgid(0, 0) = 0 [pid 3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3735] write(3, "1000", 4) = 4 [pid 3735] close(3) = 0 [pid 3735] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3735] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3735] write(4, "3", 1) = 1 [pid 3735] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3735] exit_group(0) = ? [pid 3735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3736 ./strace-static-x86_64: Process 3736 attached [pid 3736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3736] setpgid(0, 0) = 0 [pid 3736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3736] write(3, "1000", 4) = 4 [pid 3736] close(3) = 0 [pid 3736] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3736] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3736] write(4, "3", 1) = 1 [ 57.773955][ T3736] FAULT_INJECTION: forcing a failure. [ 57.773955][ T3736] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 57.787138][ T3736] CPU: 0 PID: 3736 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 57.798555][ T3736] syz-executor241[3736] cmdline: ./syz-executor2418713577 [ 57.805684][ T3736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 57.815750][ T3736] Call Trace: [ 57.819033][ T3736] [ 57.822012][ T3736] dump_stack_lvl+0xcd/0x134 [ 57.826682][ T3736] should_fail.cold+0x5/0xa [ 57.831219][ T3736] copyin+0x19/0x120 [ 57.835153][ T3736] _copy_from_iter+0x1ca/0x11c0 [ 57.840054][ T3736] ? _copy_mc_to_iter+0x1430/0x1430 [ 57.845285][ T3736] ? rcu_read_lock_sched_held+0x3a/0x70 [ 57.850859][ T3736] ? __virt_addr_valid+0x5d/0x2d0 [ 57.855903][ T3736] ? __phys_addr+0xc4/0x140 [ 57.860425][ T3736] ? __phys_addr_symbol+0x2c/0x70 [ 57.865462][ T3736] ? __check_object_size+0x2de/0x700 [ 57.870781][ T3736] file_tty_write.constprop.0+0x449/0x8f0 [ 57.876513][ T3736] ? n_tty_close+0x1e0/0x1e0 [ 57.881121][ T3736] vfs_write+0x9e9/0xdd0 [ 57.885398][ T3736] ? vfs_read+0x930/0x930 [ 57.889743][ T3736] ? find_held_lock+0x2d/0x110 [ 57.894523][ T3736] ? lock_downgrade+0x6e0/0x6e0 [ 57.899381][ T3736] ? __fget_light+0x20a/0x270 [ 57.904078][ T3736] ksys_write+0x127/0x250 [ 57.908450][ T3736] ? __ia32_sys_read+0xb0/0xb0 [ 57.913222][ T3736] ? lockdep_hardirqs_on+0x79/0x100 [ 57.918468][ T3736] ? _raw_spin_unlock_irq+0x2a/0x40 [ 57.923701][ T3736] ? ptrace_notify+0xfa/0x140 [ 57.928494][ T3736] do_syscall_64+0x35/0xb0 [ 57.932953][ T3736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.938871][ T3736] RIP: 0033:0x7f04aab85059 [ 57.943308][ T3736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 57.963375][ T3736] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [pid 3736] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3736] exit_group(0) = ? [pid 3736] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3736, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3737 attached , child_tidptr=0x555555ef05d0) = 3737 [pid 3737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3737] setpgid(0, 0) = 0 [pid 3737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3737] write(3, "1000", 4) = 4 [pid 3737] close(3) = 0 [pid 3737] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3737] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3737] write(4, "3", 1) = 1 [pid 3737] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3737] exit_group(0) = ? [pid 3737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3737, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3738 attached , child_tidptr=0x555555ef05d0) = 3738 [pid 3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3738] setpgid(0, 0) = 0 [pid 3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3738] write(3, "1000", 4) = 4 [pid 3738] close(3) = 0 [pid 3738] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3738] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3738] write(4, "3", 1) = 1 [pid 3738] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3738] exit_group(0) = ? [pid 3738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 57.971915][ T3736] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 57.979939][ T3736] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 57.988211][ T3736] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 57.996194][ T3736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.004179][ T3736] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 58.012258][ T3736] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3739 ./strace-static-x86_64: Process 3739 attached [pid 3739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3739] setpgid(0, 0) = 0 [pid 3739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3739] write(3, "1000", 4) = 4 [pid 3739] close(3) = 0 [pid 3739] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3739] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3739] write(4, "3", 1) = 1 [pid 3739] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3739] exit_group(0) = ? [pid 3739] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3739, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3740 ./strace-static-x86_64: Process 3740 attached [pid 3740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3740] setpgid(0, 0) = 0 [pid 3740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3740] write(3, "1000", 4) = 4 [pid 3740] close(3) = 0 [pid 3740] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3740] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3740] write(4, "3", 1) = 1 [pid 3740] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3740] exit_group(0) = ? [pid 3740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3740, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3741 attached , child_tidptr=0x555555ef05d0) = 3741 [pid 3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3741] setpgid(0, 0) = 0 [pid 3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3741] write(3, "1000", 4) = 4 [pid 3741] close(3) = 0 [pid 3741] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3741] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3741] write(4, "3", 1) = 1 [pid 3741] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3741] exit_group(0) = ? [pid 3741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3742 attached , child_tidptr=0x555555ef05d0) = 3742 [pid 3742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3742] setpgid(0, 0) = 0 [pid 3742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3742] write(3, "1000", 4) = 4 [pid 3742] close(3) = 0 [pid 3742] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3742] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3742] write(4, "3", 1) = 1 [pid 3742] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3742] exit_group(0) = ? [pid 3742] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3742, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3743 ./strace-static-x86_64: Process 3743 attached [pid 3743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3743] setpgid(0, 0) = 0 [pid 3743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3743] write(3, "1000", 4) = 4 [pid 3743] close(3) = 0 [pid 3743] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3743] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3743] write(4, "3", 1) = 1 [pid 3743] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3743] exit_group(0) = ? [pid 3743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3743, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3744 attached [pid 3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3744] setpgid(0, 0) = 0 [pid 3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3744] write(3, "1000", 4) = 4 [pid 3744] close(3) = 0 [pid 3744] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000 [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3744 [pid 3744] <... openat resumed>) = 3 [pid 3744] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3744] write(4, "3", 1) = 1 [pid 3744] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3744] exit_group(0) = ? [pid 3744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3745 ./strace-static-x86_64: Process 3745 attached [pid 3745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3745] setpgid(0, 0) = 0 [pid 3745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3745] write(3, "1000", 4) = 4 [pid 3745] close(3) = 0 [pid 3745] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3745] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3745] write(4, "3", 1) = 1 [pid 3745] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3745] exit_group(0) = ? [pid 3745] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3745, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3746 ./strace-static-x86_64: Process 3746 attached [pid 3746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3746] setpgid(0, 0) = 0 [pid 3746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3746] write(3, "1000", 4) = 4 [pid 3746] close(3) = 0 [pid 3746] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3746] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3746] write(4, "3", 1) = 1 [pid 3746] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3746] exit_group(0) = ? [pid 3746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3746, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3747 attached [pid 3747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3747 [pid 3747] <... prctl resumed>) = 0 [pid 3747] setpgid(0, 0) = 0 [pid 3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3747] write(3, "1000", 4) = 4 [pid 3747] close(3) = 0 [pid 3747] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3747] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3747] write(4, "3", 1) = 1 [pid 3747] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3747] exit_group(0) = ? [pid 3747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3748 attached , child_tidptr=0x555555ef05d0) = 3748 [pid 3748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3748] setpgid(0, 0) = 0 [pid 3748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3748] write(3, "1000", 4) = 4 [pid 3748] close(3) = 0 [pid 3748] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3748] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3748] write(4, "3", 1) = 1 [pid 3748] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3748] exit_group(0) = ? [pid 3748] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3748, si_uid=0, si_status=0, si_utime=1, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3749 attached , child_tidptr=0x555555ef05d0) = 3749 [pid 3749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3749] setpgid(0, 0) = 0 [pid 3749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3749] write(3, "1000", 4) = 4 [pid 3749] close(3) = 0 [pid 3749] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3749] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3749] write(4, "3", 1) = 1 [pid 3749] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3749] exit_group(0) = ? [pid 3749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3749, si_uid=0, si_status=0, si_utime=1, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3750 attached , child_tidptr=0x555555ef05d0) = 3750 [pid 3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3750] setpgid(0, 0) = 0 [pid 3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3750] write(3, "1000", 4) = 4 [pid 3750] close(3) = 0 [pid 3750] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3750] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3750] write(4, "3", 1) = 1 [pid 3750] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3750] exit_group(0) = ? [pid 3750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3751 attached , child_tidptr=0x555555ef05d0) = 3751 [pid 3751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3751] setpgid(0, 0) = 0 [pid 3751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3751] write(3, "1000", 4) = 4 [pid 3751] close(3) = 0 [pid 3751] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3751] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3751] write(4, "3", 1) = 1 [pid 3751] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3751] exit_group(0) = ? [pid 3751] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3751, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3752 attached , child_tidptr=0x555555ef05d0) = 3752 [pid 3752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3752] setpgid(0, 0) = 0 [pid 3752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3752] write(3, "1000", 4) = 4 [pid 3752] close(3) = 0 [pid 3752] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3752] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3752] write(4, "3", 1) = 1 [pid 3752] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3752] exit_group(0) = ? [pid 3752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3752, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3753 ./strace-static-x86_64: Process 3753 attached [pid 3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3753] setpgid(0, 0) = 0 [pid 3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3753] write(3, "1000", 4) = 4 [pid 3753] close(3) = 0 [pid 3753] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3753] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3753] write(4, "3", 1) = 1 [pid 3753] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3753] exit_group(0) = ? [pid 3753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3754 ./strace-static-x86_64: Process 3754 attached [pid 3754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3754] setpgid(0, 0) = 0 [pid 3754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3754] write(3, "1000", 4) = 4 [pid 3754] close(3) = 0 [pid 3754] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3754] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3754] write(4, "3", 1) = 1 [pid 3754] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3754] exit_group(0) = ? [pid 3754] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3754, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3755 ./strace-static-x86_64: Process 3755 attached [pid 3755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3755] setpgid(0, 0) = 0 [pid 3755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3755] write(3, "1000", 4) = 4 [pid 3755] close(3) = 0 [pid 3755] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3755] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3755] write(4, "3", 1) = 1 [ 58.307945][ T3755] FAULT_INJECTION: forcing a failure. [ 58.307945][ T3755] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 58.321405][ T3755] CPU: 0 PID: 3755 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.333193][ T3755] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 58.342690][ T3755] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3755, name: syz-executor241 [ 58.352160][ T3755] preempt_count: 0, expected: 0 [ 58.357023][ T3755] RCU nest depth: 0, expected: 0 [ 58.361974][ T3755] 2 locks held by syz-executor241/3755: [ 58.367546][ T3755] #0: ffff8880791c3098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 58.377471][ T3755] #1: ffff8880791c3130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 58.388922][ T3755] irq event stamp: 3620 [ 58.393098][ T3755] hardirqs last enabled at (3619): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 58.408327][ T3755] hardirqs last disabled at (3620): [] dump_stack_lvl+0x2e/0x134 [ 58.417669][ T3755] softirqs last enabled at (3612): [] __irq_exit_rcu+0x123/0x180 [ 58.427141][ T3755] softirqs last disabled at (3519): [] __irq_exit_rcu+0x123/0x180 [ 58.436629][ T3755] CPU: 0 PID: 3755 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 58.448065][ T3755] syz-executor241[3755] cmdline: ./syz-executor2418713577 [ 58.455258][ T3755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.465331][ T3755] Call Trace: [ 58.469270][ T3755] [ 58.472386][ T3755] dump_stack_lvl+0xcd/0x134 [ 58.477370][ T3755] __might_resched.cold+0x222/0x26b [ 58.482668][ T3755] down_read_killable+0x75/0x490 [ 58.488167][ T3755] ? down_read+0x450/0x450 [ 58.492618][ T3755] __access_remote_vm+0xac/0x6f0 [ 58.497578][ T3755] ? follow_phys+0x2c0/0x2c0 [ 58.502177][ T3755] ? do_raw_spin_lock+0x120/0x2a0 [ 58.507514][ T3755] ? rwlock_bug.part.0+0x90/0x90 [ 58.512476][ T3755] ? __up_console_sem+0x47/0xc0 [ 58.517783][ T3755] get_mm_cmdline.part.0+0x217/0x620 [ 58.524652][ T3755] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 58.530486][ T3755] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 58.536327][ T3755] get_task_cmdline_kernel+0x1d9/0x220 [ 58.541981][ T3755] dump_stack_print_cmdline.part.0+0x82/0x150 [ 58.548073][ T3755] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 58.554196][ T3755] ? dump_stack_print_info+0xc6/0x190 [ 58.559588][ T3755] dump_stack_print_info+0x185/0x190 [ 58.564984][ T3755] dump_stack_lvl+0xc1/0x134 [ 58.569606][ T3755] should_fail.cold+0x5/0xa [ 58.574133][ T3755] copyin+0x19/0x120 [ 58.578044][ T3755] _copy_from_iter+0x1ca/0x11c0 [ 58.582924][ T3755] ? _copy_mc_to_iter+0x1430/0x1430 [ 58.588138][ T3755] ? rcu_read_lock_sched_held+0x3a/0x70 [ 58.593764][ T3755] ? __virt_addr_valid+0x5d/0x2d0 [ 58.598882][ T3755] ? __phys_addr+0xc4/0x140 [ 58.603745][ T3755] ? __phys_addr_symbol+0x2c/0x70 [ 58.608778][ T3755] ? __check_object_size+0x2de/0x700 [ 58.614121][ T3755] file_tty_write.constprop.0+0x449/0x8f0 [ 58.619956][ T3755] ? n_tty_close+0x1e0/0x1e0 [ 58.624598][ T3755] vfs_write+0x9e9/0xdd0 [ 58.628855][ T3755] ? vfs_read+0x930/0x930 [ 58.633297][ T3755] ? find_held_lock+0x2d/0x110 [ 58.638074][ T3755] ? lock_downgrade+0x6e0/0x6e0 [ 58.642936][ T3755] ? __fget_light+0x20a/0x270 [ 58.647628][ T3755] ksys_write+0x127/0x250 [ 58.651971][ T3755] ? __ia32_sys_read+0xb0/0xb0 [ 58.656745][ T3755] ? lockdep_hardirqs_on+0x79/0x100 [ 58.661962][ T3755] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.667167][ T3755] ? ptrace_notify+0xfa/0x140 [ 58.671865][ T3755] do_syscall_64+0x35/0xb0 [ 58.676301][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.683508][ T3755] RIP: 0033:0x7f04aab85059 [ 58.687927][ T3755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.707549][ T3755] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.716071][ T3755] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 58.724058][ T3755] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 58.732035][ T3755] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 58.740014][ T3755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.748006][ T3755] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 58.756017][ T3755] [ 58.760201][ T3755] syz-executor241[3755] cmdline: ./syz-executor2418713577 [ 58.767312][ T3755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 58.777369][ T3755] Call Trace: [ 58.780658][ T3755] [ 58.783591][ T3755] dump_stack_lvl+0xcd/0x134 [ 58.788218][ T3755] should_fail.cold+0x5/0xa [ 58.792830][ T3755] copyin+0x19/0x120 [ 58.796748][ T3755] _copy_from_iter+0x1ca/0x11c0 [ 58.801678][ T3755] ? _copy_mc_to_iter+0x1430/0x1430 [ 58.806905][ T3755] ? rcu_read_lock_sched_held+0x3a/0x70 [ 58.812549][ T3755] ? __virt_addr_valid+0x5d/0x2d0 [ 58.817873][ T3755] ? __phys_addr+0xc4/0x140 [ 58.822401][ T3755] ? __phys_addr_symbol+0x2c/0x70 [ 58.827466][ T3755] ? __check_object_size+0x2de/0x700 [ 58.832804][ T3755] file_tty_write.constprop.0+0x449/0x8f0 [ 58.838593][ T3755] ? n_tty_close+0x1e0/0x1e0 [ 58.843219][ T3755] vfs_write+0x9e9/0xdd0 [ 58.847482][ T3755] ? vfs_read+0x930/0x930 [ 58.851828][ T3755] ? find_held_lock+0x2d/0x110 [ 58.856626][ T3755] ? lock_downgrade+0x6e0/0x6e0 [ 58.861501][ T3755] ? __fget_light+0x20a/0x270 [ 58.866220][ T3755] ksys_write+0x127/0x250 [ 58.870568][ T3755] ? __ia32_sys_read+0xb0/0xb0 [ 58.875349][ T3755] ? lockdep_hardirqs_on+0x79/0x100 [ 58.880590][ T3755] ? _raw_spin_unlock_irq+0x2a/0x40 [ 58.886498][ T3755] ? ptrace_notify+0xfa/0x140 [ 58.891300][ T3755] do_syscall_64+0x35/0xb0 [ 58.895745][ T3755] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.901646][ T3755] RIP: 0033:0x7f04aab85059 [ 58.906071][ T3755] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 58.925698][ T3755] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 58.934222][ T3755] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 58.942223][ T3755] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 58.950214][ T3755] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [pid 3755] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3755] exit_group(0) = ? [pid 3755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3755, si_uid=0, si_status=0, si_utime=0, si_stime=67} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3756 ./strace-static-x86_64: Process 3756 attached [pid 3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3756] setpgid(0, 0) = 0 [pid 3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3756] write(3, "1000", 4) = 4 [pid 3756] close(3) = 0 [pid 3756] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3756] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3756] write(4, "3", 1) = 1 [ 58.958238][ T3755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 58.966237][ T3755] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 58.974320][ T3755] [ 58.995856][ T3756] FAULT_INJECTION: forcing a failure. [ 58.995856][ T3756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 59.009239][ T3756] CPU: 0 PID: 3756 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.020815][ T3756] syz-executor241[3756] cmdline: ./syz-executor2418713577 [ 59.028034][ T3756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.038471][ T3756] Call Trace: [ 59.041760][ T3756] [ 59.044702][ T3756] dump_stack_lvl+0xcd/0x134 [ 59.049304][ T3756] should_fail.cold+0x5/0xa [ 59.053866][ T3756] copyin+0x19/0x120 [ 59.057769][ T3756] _copy_from_iter+0x1ca/0x11c0 [ 59.063163][ T3756] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.068398][ T3756] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.073949][ T3756] ? __virt_addr_valid+0x5d/0x2d0 [ 59.078984][ T3756] ? __phys_addr+0xc4/0x140 [ 59.083525][ T3756] ? __phys_addr_symbol+0x2c/0x70 [ 59.088664][ T3756] ? __check_object_size+0x2de/0x700 [ 59.094150][ T3756] file_tty_write.constprop.0+0x449/0x8f0 [ 59.099889][ T3756] ? n_tty_close+0x1e0/0x1e0 [ 59.104492][ T3756] vfs_write+0x9e9/0xdd0 [ 59.108751][ T3756] ? vfs_read+0x930/0x930 [ 59.113309][ T3756] ? find_held_lock+0x2d/0x110 [ 59.118114][ T3756] ? lock_downgrade+0x6e0/0x6e0 [ 59.123165][ T3756] ? __fget_light+0x20a/0x270 [ 59.128385][ T3756] ksys_write+0x127/0x250 [ 59.132751][ T3756] ? __ia32_sys_read+0xb0/0xb0 [ 59.137536][ T3756] ? lockdep_hardirqs_on+0x79/0x100 [ 59.142854][ T3756] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.148098][ T3756] ? ptrace_notify+0xfa/0x140 [ 59.152829][ T3756] do_syscall_64+0x35/0xb0 [ 59.157278][ T3756] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.163799][ T3756] RIP: 0033:0x7f04aab85059 [ 59.168230][ T3756] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.187928][ T3756] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.196358][ T3756] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [pid 3756] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3756] exit_group(0) = ? [pid 3756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3757 attached , child_tidptr=0x555555ef05d0) = 3757 [pid 3757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3757] setpgid(0, 0) = 0 [pid 3757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3757] write(3, "1000", 4) = 4 [pid 3757] close(3) = 0 [pid 3757] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3757] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3757] write(4, "3", 1) = 1 [pid 3757] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3757] exit_group(0) = ? [pid 3757] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3757, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3758 ./strace-static-x86_64: Process 3758 attached [pid 3758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3758] setpgid(0, 0) = 0 [pid 3758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3758] write(3, "1000", 4) = 4 [pid 3758] close(3) = 0 [pid 3758] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3758] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3758] write(4, "3", 1) = 1 [pid 3758] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3758] exit_group(0) = ? [pid 3758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3758, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3759 attached , child_tidptr=0x555555ef05d0) = 3759 [pid 3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3759] setpgid(0, 0) = 0 [pid 3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3759] write(3, "1000", 4) = 4 [pid 3759] close(3) = 0 [pid 3759] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3759] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3759] write(4, "3", 1) = 1 [pid 3759] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3759] exit_group(0) = ? [pid 3759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3760 [ 59.204529][ T3756] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 59.212611][ T3756] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 59.220598][ T3756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 59.228588][ T3756] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 59.236618][ T3756] ./strace-static-x86_64: Process 3760 attached [pid 3760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3760] setpgid(0, 0) = 0 [pid 3760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3760] write(3, "1000", 4) = 4 [pid 3760] close(3) = 0 [pid 3760] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3760] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3760] write(4, "3", 1) = 1 [pid 3760] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3760] exit_group(0) = ? [pid 3760] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3760, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3761 ./strace-static-x86_64: Process 3761 attached [pid 3761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3761] setpgid(0, 0) = 0 [pid 3761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3761] write(3, "1000", 4) = 4 [pid 3761] close(3) = 0 [pid 3761] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3761] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3761] write(4, "3", 1) = 1 [pid 3761] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3761] exit_group(0) = ? [pid 3761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3761, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3762 attached , child_tidptr=0x555555ef05d0) = 3762 [pid 3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3762] setpgid(0, 0) = 0 [pid 3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3762] write(3, "1000", 4) = 4 [pid 3762] close(3) = 0 [pid 3762] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3762] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3762] write(4, "3", 1) = 1 [pid 3762] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3762] exit_group(0) = ? [pid 3762] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3763 ./strace-static-x86_64: Process 3763 attached [pid 3763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3763] setpgid(0, 0) = 0 [pid 3763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3763] write(3, "1000", 4) = 4 [pid 3763] close(3) = 0 [pid 3763] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3763] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3763] write(4, "3", 1) = 1 [pid 3763] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3763] exit_group(0) = ? [pid 3763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3763, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3764 attached , child_tidptr=0x555555ef05d0) = 3764 [pid 3764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3764] setpgid(0, 0) = 0 [pid 3764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3764] write(3, "1000", 4) = 4 [pid 3764] close(3) = 0 [pid 3764] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3764] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3764] write(4, "3", 1) = 1 [pid 3764] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3764] exit_group(0) = ? [pid 3764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3764, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3765 attached , child_tidptr=0x555555ef05d0) = 3765 [pid 3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3765] setpgid(0, 0) = 0 [pid 3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3765] write(3, "1000", 4) = 4 [pid 3765] close(3) = 0 [pid 3765] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3765] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3765] write(4, "3", 1) = 1 [pid 3765] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3765] exit_group(0) = ? [pid 3765] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3766 ./strace-static-x86_64: Process 3766 attached [pid 3766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3766] setpgid(0, 0) = 0 [pid 3766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3766] write(3, "1000", 4) = 4 [pid 3766] close(3) = 0 [pid 3766] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3766] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3766] write(4, "3", 1) = 1 [pid 3766] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3766] exit_group(0) = ? [pid 3766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3766, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef05d0) = 3767 ./strace-static-x86_64: Process 3767 attached [pid 3767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3767] setpgid(0, 0) = 0 [pid 3767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3767] write(3, "1000", 4) = 4 [pid 3767] close(3) = 0 [pid 3767] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3767] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3767] write(4, "3", 1) = 1 [pid 3767] write(3, NULL, 65326) = -1 EFAULT (Bad address) [pid 3767] exit_group(0) = ? [pid 3767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3767, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3768 attached [pid 3768] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] <... clone resumed>, child_tidptr=0x555555ef05d0) = 3768 [pid 3768] <... prctl resumed>) = 0 [pid 3768] setpgid(0, 0) = 0 [pid 3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3768] write(3, "1000", 4) = 4 [pid 3768] close(3) = 0 [pid 3768] openat(AT_FDCWD, "/dev/ptmx", O_WRONLY|O_CREAT, 000) = 3 [pid 3768] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 3768] write(4, "3", 1) = 1 [ 59.429947][ T3768] FAULT_INJECTION: forcing a failure. [ 59.429947][ T3768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 59.443334][ T3768] CPU: 1 PID: 3768 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.455036][ T3768] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1521 [ 59.466928][ T3768] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 3768, name: syz-executor241 [ 59.476637][ T3768] preempt_count: 0, expected: 0 [ 59.481490][ T3768] RCU nest depth: 0, expected: 0 [ 59.486420][ T3768] 2 locks held by syz-executor241/3768: [ 59.492763][ T3768] #0: ffff888076b6c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 59.502545][ T3768] #1: ffff888076b6c130 (&tty->atomic_write_lock){+.+.}-{3:3}, at: file_tty_write.constprop.0+0x296/0x8f0 [ 59.514209][ T3768] irq event stamp: 4174 [ 59.518359][ T3768] hardirqs last enabled at (4173): [] finish_task_switch.isra.0+0x2b5/0xc70 [ 59.528686][ T3768] hardirqs last disabled at (4174): [] dump_stack_lvl+0x2e/0x134 [ 59.537982][ T3768] softirqs last enabled at (4164): [] __irq_exit_rcu+0x123/0x180 [ 59.547365][ T3768] softirqs last disabled at (4067): [] __irq_exit_rcu+0x123/0x180 [ 59.556745][ T3768] CPU: 1 PID: 3768 Comm: syz-executor241 Tainted: G W 6.0.0-rc1-next-20220819-syzkaller #0 [ 59.568164][ T3768] syz-executor241[3768] cmdline: ./syz-executor2418713577 [ 59.575331][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.585396][ T3768] Call Trace: [ 59.588711][ T3768] [ 59.591711][ T3768] dump_stack_lvl+0xcd/0x134 [ 59.596315][ T3768] __might_resched.cold+0x222/0x26b [ 59.601513][ T3768] down_read_killable+0x75/0x490 [ 59.606469][ T3768] ? down_read+0x450/0x450 [ 59.610889][ T3768] __access_remote_vm+0xac/0x6f0 [ 59.615826][ T3768] ? follow_phys+0x2c0/0x2c0 [ 59.620425][ T3768] ? do_raw_spin_lock+0x120/0x2a0 [ 59.625554][ T3768] ? rwlock_bug.part.0+0x90/0x90 [ 59.630511][ T3768] ? __up_console_sem+0x47/0xc0 [ 59.635374][ T3768] get_mm_cmdline.part.0+0x217/0x620 [ 59.640659][ T3768] ? dname_to_vma_addr.isra.0+0x360/0x360 [ 59.646372][ T3768] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 59.652212][ T3768] get_task_cmdline_kernel+0x1d9/0x220 [ 59.657804][ T3768] dump_stack_print_cmdline.part.0+0x82/0x150 [ 59.663903][ T3768] ? _atomic_dec_and_lock_irqsave+0x150/0x150 [ 59.669994][ T3768] ? dump_stack_print_info+0xc6/0x190 [ 59.675389][ T3768] dump_stack_print_info+0x185/0x190 [ 59.680690][ T3768] dump_stack_lvl+0xc1/0x134 [ 59.685395][ T3768] should_fail.cold+0x5/0xa [ 59.689901][ T3768] copyin+0x19/0x120 [ 59.693799][ T3768] _copy_from_iter+0x1ca/0x11c0 [ 59.698666][ T3768] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.703880][ T3768] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.709419][ T3768] ? __virt_addr_valid+0x5d/0x2d0 [ 59.714435][ T3768] ? __phys_addr+0xc4/0x140 [ 59.718956][ T3768] ? __phys_addr_symbol+0x2c/0x70 [ 59.724004][ T3768] ? __check_object_size+0x2de/0x700 [ 59.729301][ T3768] file_tty_write.constprop.0+0x449/0x8f0 [ 59.735053][ T3768] ? n_tty_close+0x1e0/0x1e0 [ 59.739923][ T3768] vfs_write+0x9e9/0xdd0 [ 59.744773][ T3768] ? vfs_read+0x930/0x930 [ 59.749135][ T3768] ? find_held_lock+0x2d/0x110 [ 59.753935][ T3768] ? lock_downgrade+0x6e0/0x6e0 [ 59.758813][ T3768] ? __fget_light+0x20a/0x270 [ 59.763595][ T3768] ksys_write+0x127/0x250 [ 59.767959][ T3768] ? __ia32_sys_read+0xb0/0xb0 [ 59.772825][ T3768] ? lockdep_hardirqs_on+0x79/0x100 [ 59.778153][ T3768] ? _raw_spin_unlock_irq+0x2a/0x40 [ 59.783454][ T3768] ? ptrace_notify+0xfa/0x140 [ 59.788143][ T3768] do_syscall_64+0x35/0xb0 [ 59.792657][ T3768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.798577][ T3768] RIP: 0033:0x7f04aab85059 [ 59.803906][ T3768] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 59.823702][ T3768] RSP: 002b:00007ffe7b521b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 59.832154][ T3768] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f04aab85059 [ 59.840167][ T3768] RDX: 000000000000ff2e RSI: 0000000000000000 RDI: 0000000000000003 [ 59.848167][ T3768] RBP: 00007ffe7b521b60 R08: 0000000000000001 R09: 0000000000000001 [ 59.856143][ T3768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 59.864143][ T3768] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 59.872131][ T3768] [ 59.875169][ T3768] syz-executor241[3768] cmdline: ./syz-executor2418713577 [ 59.882263][ T3768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 59.892519][ T3768] Call Trace: [ 59.895796][ T3768] [ 59.899600][ T3768] dump_stack_lvl+0xcd/0x134 [ 59.904421][ T3768] should_fail.cold+0x5/0xa [ 59.909047][ T3768] copyin+0x19/0x120 [ 59.913054][ T3768] _copy_from_iter+0x1ca/0x11c0 [ 59.917944][ T3768] ? _copy_mc_to_iter+0x1430/0x1430 [ 59.923171][ T3768] ? rcu_read_lock_sched_held+0x3a/0x70 [ 59.928762][ T3768] ? __virt_addr_valid+0x5d/0x2d0 [ 59.935099][ T3768] ? __phys_addr+0xc4/0x140 [ 59.940249][ T3768] ? __phys_addr_symbol+0x2c/0x70 [ 59.945575][ T3768] ? __check_object_size+0x2de/0x700 [ 59.951333][ T3768] file_tty_write.constprop.0+0x449/0x8f0 [ 59.957179][ T3768] ? n_tty_close+0x1e0/0x1e0 [ 59.962355][ T3768] vfs_write+0x9e9/0xdd0 [ 59.966714][ T3768] ? vfs_read+0x930/0x930 [ 59.971095][ T3768] ? find_held_lock+0x2d/0x110 [ 59.975870][ T3768] ? lock_downgrade+0x6e0/0x6e0 [ 59.980752][ T3768] ? __fget_light+0x20a/0x270 [ 59.985576][ T3768] ksys_write+0x127/0x250 [ 59.990109][ T3768] ? __ia32_sys_read+0xb0/0xb0 [ 59.995747][ T3768] ? lockdep_hardirqs_on+0x79/0x100 [ 60.001165][ T3768] ? _raw_spin_unlock_irq+0x2a/0x40 [ 60.006383][ T3768] ? ptrace_notify+0xfa/0x140 [ 60.011310][ T3768] do_syscall_64+0x35/0xb0 [ 60.015846][ T3768] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 60.022019][ T3768] RIP: 0033:0x7f04aab85059