general protection fault, probably for non-canonical address 0xdffffc0004000008: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000020000040-0x0000000020000047]
CPU: 1 PID: 4791 Comm: syz-executor.7 Not tainted 6.3.0-rc3-next-20230327 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:do_iter_read+0x481/0x750
Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
RSP: 0018:ffff888040247c70 EFLAGS: 00010212
RAX: 0000000020000040 RBX: ffff888040247d58 RCX: ffffc900065fe000
RDX: 0000000004000008 RSI: ffffffff81855c98 RDI: 0000000000000007
RBP: 00000000000000f1 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000000f1 R11: 0000000000000001 R12: ffff88800e764500
R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84921ba0
FS: 00007f6834df0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c721000 CR3: 000000001cd68000 CR4: 0000000000350ee0
Call Trace:
vfs_readv+0xe5/0x160
do_readv+0x133/0x300
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f683787ab19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6834df0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
RAX: ffffffffffffffda RBX: 00007f683798df60 RCX: 00007f683787ab19
RDX: 0000000000000001 RSI: 0000000020000500 RDI: 0000000000000003
RBP: 00007f68378d4f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fffaa22f67f R14: 00007f6834df0300 R15: 0000000000022000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:do_iter_read+0x481/0x750
Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
RSP: 0018:ffff888040247c70 EFLAGS: 00010212
RAX: 0000000020000040 RBX: ffff888040247d58 RCX: ffffc900065fe000
RDX: 0000000004000008 RSI: ffffffff81855c98 RDI: 0000000000000007
RBP: 00000000000000f1 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000000f1 R11: 0000000000000001 R12: ffff88800e764500
R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84921ba0
FS: 00007f6834df0700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c721000 CR3: 000000001cd68000 CR4: 0000000000350ee0
general protection fault, probably for non-canonical address 0xdffffc0004000060: 0000 [#2] PREEMPT SMP KASAN NOPTI
KASAN: probably user-memory-access in range [0x0000000020000300-0x0000000020000307]
CPU: 0 PID: 4822 Comm: syz-executor.6 Tainted: G D 6.3.0-rc3-next-20230327 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:do_iter_read+0x481/0x750
Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
RSP: 0018:ffff88804120fc70 EFLAGS: 00010216
RAX: 0000000020000300 RBX: ffff88804120fd58 RCX: ffffc90007606000
RDX: 0000000004000060 RSI: ffffffff81855c98 RDI: 0000000000000007
RBP: 000000007ffff000 R08: 0000000000000007 R09: 0000000000000000
R10: 000000007ffff000 R11: 0000000000000001 R12: ffff88800ff86500
R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8491cbe0
FS: 00007ff44b854700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c621000 CR3: 000000000e2d4000 CR4: 0000000000350ef0
Call Trace:
vfs_readv+0xe5/0x160
do_readv+0x133/0x300
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7ff44e2deb19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff44b854188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
RAX: ffffffffffffffda RBX: 00007ff44e3f1f60 RCX: 00007ff44e2deb19
RDX: 0000000000000001 RSI: 0000000020000880 RDI: 0000000000000003
RBP: 00007ff44e338f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe77803fcf R14: 00007ff44b854300 R15: 0000000000022000
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:do_iter_read+0x481/0x750
Code: 00 0f 85 52 02 00 00 4d 8b 7c 24 28 e8 48 2c c6 ff 48 8b 44 24 18 80 38 00 0f 85 1c 02 00 00 48 8b 43 18 48 89 c2 48 c1 ea 03 <42> 80 3c 32 00 0f 85 ef 01 00 00 48 8b 4c 24 20 48 8b 30 80 39 00
RSP: 0018:ffff888040247c70 EFLAGS: 00010212
RAX: 0000000020000040 RBX: ffff888040247d58 RCX: ffffc900065fe000
RDX: 0000000004000008 RSI: ffffffff81855c98 RDI: 0000000000000007
RBP: 00000000000000f1 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000000f1 R11: 0000000000000001 R12: ffff88800e764500
R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff84921ba0
FS: 00007ff44b854700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c621000 CR3: 000000000e2d4000 CR4: 0000000000350ef0
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.7'.
loop0: detected capacity change from 0 to 40
syz-executor.0: attempt to access beyond end of device
loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop0, logical block 10, lost async page write
loop0: detected capacity change from 0 to 40
loop7: detected capacity change from 0 to 40
syz-executor.0: attempt to access beyond end of device
loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop0, logical block 10, lost async page write
syz-executor.7: attempt to access beyond end of device
loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop7, logical block 10, lost async page write
audit: type=1400 audit(1679916182.844:10): avc: denied { module_load } for pid=5068 comm="syz-executor.4" path=2F6D656D66643A42DB2F89036CDE62CBB534EDBE4C59B55AE11253F547CCF3E902680BCA2896E143DF1CEA8543FB1013FA0316CD17A280A17AB47295C3409DA6F192237D67D360F7CE7ACBB31ABBC438658EB126D18AE6217F8DEA2C7178A238BF22C765064CB036EB3C24D7BAE501039472ABD44A0373AFF641BF56FA1E778DBF994997D8D2E811C404202864656C6574656429 dev="tmpfs" ino=1047 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=system permissive=1
loop7: detected capacity change from 0 to 40
loop0: detected capacity change from 0 to 40
Process accounting resumed
loop7: detected capacity change from 0 to 40
loop0: detected capacity change from 0 to 40
Process accounting resumed
syz-executor.0: attempt to access beyond end of device
loop0: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop0, logical block 10, lost async page write
syz-executor.7: attempt to access beyond end of device
loop7: rw=2049, sector=40, nr_sectors = 4 limit=40
Buffer I/O error on dev loop7, logical block 10, lost async page write
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
Process accounting resumed
----------------
Code disassembly (best guess):
0: 00 0f add %cl,(%rdi)
2: 85 52 02 test %edx,0x2(%rdx)
5: 00 00 add %al,(%rax)
7: 4d 8b 7c 24 28 mov 0x28(%r12),%r15
c: e8 48 2c c6 ff callq 0xffc62c59
11: 48 8b 44 24 18 mov 0x18(%rsp),%rax
16: 80 38 00 cmpb $0x0,(%rax)
19: 0f 85 1c 02 00 00 jne 0x23b
1f: 48 8b 43 18 mov 0x18(%rbx),%rax
23: 48 89 c2 mov %rax,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 42 80 3c 32 00 cmpb $0x0,(%rdx,%r14,1) <-- trapping instruction
2f: 0f 85 ef 01 00 00 jne 0x224
35: 48 8b 4c 24 20 mov 0x20(%rsp),%rcx
3a: 48 8b 30 mov (%rax),%rsi
3d: 80 39 00 cmpb $0x0,(%rcx)