program: creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) pwritev2(r3, &(0x7f0000000080)=[{&(0x7f0000000340)="a1", 0x1}], 0x1, 0x8, 0x7, 0x4) (fail_nth: 16) [ 77.138263][ T5309] Bluetooth: hci0: command tx timeout [ 77.143259][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.146012][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.301408][ T5325] FAULT_INJECTION: forcing a failure. [ 77.301408][ T5325] name failslab, interval 1, probability 0, space 0, times 1 [ 77.307577][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0 [ 77.307592][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.307598][ T5325] Call Trace: [ 77.307601][ T5325] [ 77.307605][ T5325] dump_stack_lvl+0x241/0x360 [ 77.307707][ T5325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.307719][ T5325] ? __pfx__printk+0x10/0x10 [ 77.307739][ T5325] ? fs_reclaim_acquire+0x93/0x130 [ 77.307756][ T5325] ? __pfx___might_resched+0x10/0x10 [ 77.307777][ T5325] should_fail_ex+0x40a/0x550 [ 77.307823][ T5325] should_failslab+0xac/0x100 [ 77.307835][ T5325] __kmalloc_noprof+0xdd/0x4c0 [ 77.307847][ T5325] ? p9_client_prepare_req+0x583/0xf30 [ 77.307894][ T5325] p9_client_prepare_req+0x583/0xf30 [ 77.307916][ T5325] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 77.307933][ T5325] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.307952][ T5325] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.307972][ T5325] p9_client_rpc+0x19d/0xac0 [ 77.307988][ T5325] ? __pfx_p9_client_rpc+0x10/0x10 [ 77.307995][ T5325] ? __phys_addr+0xba/0x170 [ 77.308007][ T5325] ? kmem_cache_free+0x30e/0x410 [ 77.308014][ T5325] ? p9_req_put+0x19c/0x1f0 [ 77.308022][ T5325] ? iov_iter_revert+0x1d2/0x590 [ 77.308037][ T5325] p9_client_write+0x328/0x7a0 [ 77.308059][ T5325] ? __pfx_p9_client_write+0x10/0x10 [ 77.308073][ T5325] ? do_raw_spin_unlock+0x58/0x8b0 [ 77.308091][ T5325] v9fs_issue_write+0xf0/0x1d0 [ 77.308111][ T5325] ? __pfx_v9fs_issue_write+0x10/0x10 [ 77.308121][ T5325] ? netfs_advance_write+0x86e/0xbd0 [ 77.308133][ T5325] ? rcu_is_watching+0x15/0xb0 [ 77.308142][ T5325] netfs_write_folio+0x1451/0x1c30 [ 77.308158][ T5325] netfs_end_writethrough+0x5b/0x170 [ 77.308169][ T5325] netfs_perform_write+0x1e5e/0x2150 [ 77.308190][ T5325] ? __pfx_netfs_perform_write+0x10/0x10 [ 77.308211][ T5325] ? file_update_time+0x2ab/0x450 [ 77.308221][ T5325] ? netfs_buffered_write_iter_locked+0x12e/0x2b0 [ 77.308231][ T5325] netfs_file_write_iter+0x187/0x450 [ 77.308240][ T5325] do_iter_readv_writev+0x71a/0x9d0 [ 77.308252][ T5325] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 77.308260][ T5325] ? rcu_read_lock_any_held+0xb7/0x160 [ 77.308274][ T5325] vfs_writev+0x38b/0xbc0 [ 77.308295][ T5325] ? __pfx_vfs_writev+0x10/0x10 [ 77.308305][ T5325] ? vfs_write+0x7fa/0xd10 [ 77.308324][ T5325] ? __fget_files+0x2a/0x410 [ 77.308333][ T5325] ? __fget_files+0x395/0x410 [ 77.308340][ T5325] ? __fget_files+0x2a/0x410 [ 77.308357][ T5325] __se_sys_pwritev2+0x196/0x2b0 [ 77.308373][ T5325] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 77.308390][ T5325] ? do_syscall_64+0x100/0x230 [ 77.308407][ T5325] ? __x64_sys_pwritev2+0x21/0xf0 [ 77.308424][ T5325] do_syscall_64+0xf3/0x230 [ 77.308438][ T5325] ? clear_bhb_loop+0x35/0x90 [ 77.308456][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.308471][ T5325] RIP: 0033:0x7fe7efd8cde9 [ 77.308483][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.308489][ T5325] RSP: 002b:00007fe7f0bcb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 77.308502][ T5325] RAX: ffffffffffffffda RBX: 00007fe7effa5fa0 RCX: 00007fe7efd8cde9 [ 77.308509][ T5325] RDX: 0000000000000001 RSI: 0000400000000080 RDI: 0000000000000007 [ 77.308515][ T5325] RBP: 00007fe7f0bcb090 R08: 0000000000000007 R09: 0000000000000004 [ 77.308548][ T5325] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002 [ 77.308555][ T5325] R13: 0000000000000000 R14: 00007fe7effa5fa0 R15: 00007ffd198b1108 [ 77.308574][ T5325] [ 77.475352][ T12] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000023: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 77.480330][ T12] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] [ 77.483569][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:1 Not tainted 6.14.0-rc1-syzkaller-00187-g8f6629c004b1 #0 [ 77.487677][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 77.492475][ T12] Workqueue: events_unbound netfs_write_collection_worker [ 77.495762][ T12] RIP: 0010:iov_iter_revert+0x2da/0x590 [ 77.498027][ T12] Code: 20 00 74 08 4c 89 ef e8 34 c8 3e fd 4d 8b 6d 00 41 bf 1e 00 00 00 bd 1e 00 00 00 49 8d ac 2d 00 01 00 00 48 89 e8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 75 40 0f b6 6d 00 bf 40 00 00 00 89 ee e8 1d [ 77.504919][ T12] RSP: 0018:ffffc900001e7630 EFLAGS: 00010203 [ 77.507104][ T12] RAX: 0000000000000023 RBX: ffffc900001e77c0 RCX: ffff88801cae4880 [ 77.510078][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.513178][ T12] RBP: 000000000000011e R08: ffffffff84e72e85 R09: ffffffff84e72d14 [ 77.516299][ T12] R10: 0000000000000004 R11: ffff88801cae4880 R12: dffffc0000000000 [ 77.519272][ T12] R13: 0000000000000000 R14: 0000000000000001 R15: 000000000000001e [ 77.522192][ T12] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 77.525343][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.528166][ T12] CR2: 00007fe7eff7d538 CR3: 0000000051e9c000 CR4: 0000000000352ef0 [ 77.531634][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.534626][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.537144][ T12] Call Trace: [ 77.538298][ T12] [ 77.539453][ T12] ? __die_body+0x5f/0xb0 [ 77.541109][ T12] ? die_addr+0xb0/0xe0 [ 77.542662][ T12] ? exc_general_protection+0x3dd/0x5d0 [ 77.544967][ T12] ? asm_exc_general_protection+0x26/0x30 [ 77.547337][ T12] ? iov_iter_revert+0x104/0x590 [ 77.549280][ T12] ? iov_iter_revert+0x275/0x590 [ 77.551323][ T12] ? iov_iter_revert+0x2da/0x590 [ 77.553385][ T12] netfs_retry_writes+0x17db/0x19b0 [ 77.555581][ T12] ? __pfx_validate_chain+0x10/0x10 [ 77.557876][ T12] ? mark_lock+0x9a/0x360 [ 77.559615][ T12] ? __lock_acquire+0x1397/0x2100 [ 77.561875][ T12] ? __pfx_netfs_retry_writes+0x10/0x10 [ 77.564208][ T12] ? register_lock_class+0x102/0x980 [ 77.566480][ T12] ? __pfx_register_lock_class+0x10/0x10 [ 77.568792][ T12] netfs_write_collection_worker+0x2f90/0x3bb0 [ 77.571419][ T12] ? process_scheduled_works+0x976/0x1840 [ 77.573872][ T12] process_scheduled_works+0xa66/0x1840 [ 77.576224][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 77.578682][ T12] ? assign_work+0x364/0x3d0 [ 77.580428][ T12] worker_thread+0x870/0xd30 [ 77.582061][ T12] ? __kthread_parkme+0x169/0x1d0 [ 77.583845][ T12] ? __pfx_worker_thread+0x10/0x10 [ 77.585761][ T12] kthread+0x7a9/0x920 [ 77.587308][ T12] ? __pfx_kthread+0x10/0x10 [ 77.589285][ T12] ? __pfx_worker_thread+0x10/0x10 [ 77.591697][ T12] ? __pfx_kthread+0x10/0x10 [ 77.594000][ T12] ? __pfx_kthread+0x10/0x10 [ 77.596134][ T12] ? __pfx_kthread+0x10/0x10 [ 77.598011][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.600052][ T12] ? lockdep_hardirqs_on+0x99/0x150 [ 77.602013][ T12] ? __pfx_kthread+0x10/0x10 [ 77.603836][ T12] ret_from_fork+0x4b/0x80 [ 77.605665][ T12] ? __pfx_kthread+0x10/0x10 [ 77.607489][ T12] ret_from_fork_asm+0x1a/0x30 [ 77.609212][ T12] [ 77.610372][ T12] Modules linked in: [ 77.612371][ T12] ---[ end trace 0000000000000000 ]--- [ 77.619353][ T12] RIP: 0010:iov_iter_revert+0x2da/0x590 [ 77.621778][ T12] Code: 20 00 74 08 4c 89 ef e8 34 c8 3e fd 4d 8b 6d 00 41 bf 1e 00 00 00 bd 1e 00 00 00 49 8d ac 2d 00 01 00 00 48 89 e8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 75 40 0f b6 6d 00 bf 40 00 00 00 89 ee e8 1d [ 77.631082][ T12] RSP: 0018:ffffc900001e7630 EFLAGS: 00010203 [ 77.634674][ T12] RAX: 0000000000000023 RBX: ffffc900001e77c0 RCX: ffff88801cae4880 [ 77.637604][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 77.640358][ T12] RBP: 000000000000011e R08: ffffffff84e72e85 R09: ffffffff84e72d14 [ 77.644415][ T12] R10: 0000000000000004 R11: ffff88801cae4880 R12: dffffc0000000000 [ 77.647799][ T12] R13: 0000000000000000 R14: 0000000000000001 R15: 000000000000001e [ 77.650726][ T12] FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 77.655327][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 77.658155][ T12] CR2: 00007fe7eff7d538 CR3: 000000003f016000 CR4: 0000000000352ef0 [ 77.661273][ T12] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 77.671905][ T12] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 77.675500][ T12] Kernel panic - not syncing: Fatal exception [ 77.677965][ T12] Kernel Offset: disabled [ 77.679574][ T12] Rebooting in 86400 seconds..