./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1590414746 <...> Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts. execve("./syz-executor1590414746", ["./syz-executor1590414746"], 0x7ffc409a5830 /* 10 vars */) = 0 brk(NULL) = 0x55555e958000 brk(0x55555e958d40) = 0x55555e958d40 arch_prctl(ARCH_SET_FS, 0x55555e9583c0) = 0 set_tid_address(0x55555e958690) = 5833 set_robust_list(0x55555e9586a0, 24) = 0 rseq(0x55555e958ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1590414746", 4096) = 28 getrandom("\xae\x11\x68\x64\xae\xa5\xeb\x18", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555e958d40 brk(0x55555e979d40) = 0x55555e979d40 brk(0x55555e97a000) = 0x55555e97a000 mprotect(0x7fa4c9e79000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 [ 53.281846][ T29] audit: type=1400 audit(1732720744.263:88): avc: denied { execmem } for pid=5833 comm="syz-executor159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555e958690) = 5834 ./strace-static-x86_64: Process 5834 attached [pid 5834] set_robust_list(0x55555e9586a0, 24) = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 executing program [pid 5834] write(1, "executing program\n", 18) = 18 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] rt_sigaction(SIGRT_1, {sa_handler=0x7fa4c9e1a420, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa4c9e0c230}, NULL, 8) = 0 [pid 5834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d87000 [pid 5834] mprotect(0x7fa4c9d88000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9da7990, parent_tid=0x7fa4c9da7990, exit_signal=0, stack=0x7fa4c9d87000, stack_size=0x20300, tls=0x7fa4c9da76c0}./strace-static-x86_64: Process 5835 attached [pid 5835] rseq(0x7fa4c9da7fe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5835]}, 88) = 5835 [pid 5835] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] set_robust_list(0x7fa4c9da79a0, 24 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... set_robust_list resumed>) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5835] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 3 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... openat resumed>) = 4 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] mount(NULL, "./file0", "fuse", MS_RDONLY, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"... [ 53.533646][ T29] audit: type=1400 audit(1732720744.523:89): avc: denied { read write } for pid=5834 comm="syz-executor159" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 53.557487][ T29] audit: type=1400 audit(1732720744.523:90): avc: denied { open } for pid=5834 comm="syz-executor159" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... mount resumed>) = 0 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] read(3, [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x01\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... write resumed>) = 80 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] read(3, [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d66000 [pid 5834] mprotect(0x7fa4c9d67000, 131072, PROT_READ|PROT_WRITE) = 0 [ 53.581170][ T29] audit: type=1400 audit(1732720744.563:91): avc: denied { mounton } for pid=5834 comm="syz-executor159" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 53.604636][ T29] audit: type=1400 audit(1732720744.573:92): avc: denied { mount } for pid=5834 comm="syz-executor159" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9d86990, parent_tid=0x7fa4c9d86990, exit_signal=0, stack=0x7fa4c9d66000, stack_size=0x20300, tls=0x7fa4c9d866c0}./strace-static-x86_64: Process 5837 attached [pid 5837] rseq(0x7fa4c9d86fe0, 0x20, 0, 0x53053053) = 0 [pid 5837] set_robust_list(0x7fa4c9d869a0, 24 [pid 5834] <... clone3 resumed> => {parent_tid=[5837]}, 88) = 5837 [pid 5837] <... set_robust_list resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5837] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5834] futex(0x7fa4c9e7f3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] read(3, [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fa4c9e7f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d45000 [pid 5834] mprotect(0x7fa4c9d46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9d65990, parent_tid=0x7fa4c9d65990, exit_signal=0, stack=0x7fa4c9d45000, stack_size=0x20300, tls=0x7fa4c9d656c0}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7fa4c9d65fe0, 0x20, 0, 0x53053053 [pid 5834] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] <... rseq resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] set_robust_list(0x7fa4c9d659a0, 24 [pid 5834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] <... set_robust_list resumed>) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] futex(0x7fa4c9e7f408, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5838] openat(AT_FDCWD, "./file0", O_RDONLY|O_EXCL|O_DIRECT [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7fa4c9e7f40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x16\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00", 8192) = 48 [pid 5835] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... read resumed>"\x3d\x00\x00\x00\x16\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x69\x6d\x61\x00", 8192) = 61 [pid 5835] <... futex resumed>) = 0 [pid 5837] write(3, "\x18\x00\x00\x00\xfe\xff\xff\xff\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5838] <... openat resumed>) = 5 [pid 5837] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 5838] futex(0x7fa4c9e7f40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5838] futex(0x7fa4c9e7f408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5837] futex(0x7fa4c9e7f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7fa4c9e7f3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] read(3, [ 53.783067][ T29] audit: type=1800 audit(1732720744.773:93): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor159" name="/" dev="fuse" ino=1 res=0 errno=0 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5837] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5834] futex(0x7fa4c9e7f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... openat resumed>) = 6 [pid 5837] write(6, "5", 1) = 1 [pid 5837] read(5, [pid 5835] <... read resumed>"\x38\x00\x00\x00\x03\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcd\x16\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 8192) = 56 [pid 5835] write(3, "\x78\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 5835] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.869160][ T5837] FAULT_INJECTION: forcing a failure. [ 53.869160][ T5837] name failslab, interval 1, probability 0, space 0, times 1 [ 53.881962][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor159 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 53.892760][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 53.902801][ T5837] Call Trace: [ 53.906063][ T5837] [ 53.908976][ T5837] dump_stack_lvl+0x16c/0x1f0 [ 53.913659][ T5837] should_fail_ex+0x497/0x5b0 [ 53.918330][ T5837] ? fs_reclaim_acquire+0xae/0x150 [ 53.923426][ T5837] should_failslab+0xc2/0x120 [ 53.928091][ T5837] __kmalloc_cache_noprof+0x68/0x410 [ 53.933360][ T5837] ? kasan_save_stack+0x42/0x60 [ 53.938197][ T5837] ? kasan_save_stack+0x33/0x60 [ 53.943029][ T5837] ? kasan_save_track+0x14/0x30 [ 53.947867][ T5837] ? __kasan_kmalloc+0xaa/0xb0 [ 53.952616][ T5837] ? fuse_file_read_iter+0x35f/0x470 [ 53.957889][ T5837] fuse_io_alloc+0x47/0x150 [ 53.962375][ T5837] fuse_direct_io+0x31f/0x2580 [ 53.967150][ T5837] ? __pfx_fuse_direct_io+0x10/0x10 [ 53.972333][ T5837] ? lockdep_init_map_type+0x16d/0x7d0 [ 53.977782][ T5837] fuse_direct_IO+0x9a4/0xf20 [ 53.982452][ T5837] ? __pfx_fuse_direct_IO+0x10/0x10 [ 53.987638][ T5837] ? filemap_check_errors+0xa9/0x160 [ 53.992915][ T5837] generic_file_read_iter+0x1d4/0x450 [ 53.998274][ T5837] fuse_file_read_iter+0x35f/0x470 [ 54.003386][ T5837] vfs_read+0x87f/0xbe0 [ 54.007534][ T5837] ? __pfx_vfs_read+0x10/0x10 [ 54.012206][ T5837] ksys_read+0x12b/0x250 [ 54.016431][ T5837] ? __pfx_ksys_read+0x10/0x10 [ 54.021177][ T5837] ? _raw_spin_unlock_irq+0x2e/0x50 [ 54.026358][ T5837] ? ptrace_notify+0xf1/0x130 [ 54.031024][ T5837] do_syscall_64+0xcd/0x250 [ 54.035516][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.041403][ T5837] RIP: 0033:0x7fa4c9df4999 [ 54.045800][ T5837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [pid 5835] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 0 [pid 5835] read(3, [pid 5837] <... read resumed>0x2000e400, 8224) = -1 ENOMEM (Cannot allocate memory) [pid 5837] futex(0x7fa4c9e7f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.065401][ T5837] RSP: 002b:00007fa4c9d86208 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 54.073797][ T5837] RAX: ffffffffffffffda RBX: 00007fa4c9e7f3f8 RCX: 00007fa4c9df4999 [ 54.081763][ T5837] RDX: 0000000000002020 RSI: 000000002000e400 RDI: 0000000000000005 [ 54.089717][ T5837] RBP: 00007fa4c9e7f3f0 R08: 00007fa4c9d85fa7 R09: 0000000000000035 [ 54.097667][ T5837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4c9e4c33c [ 54.105620][ T5837] R13: 00007fa4c9d86210 R14: 0000000000000001 R15: 00007fa4c9e4a338 [ 54.113583][ T5837] [pid 5837] futex(0x7fa4c9e7f3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] exit_group(0 [pid 5837] <... futex resumed>) = ? [pid 5835] <... read resumed> ) = ? [pid 5838] <... futex resumed>) = ? [pid 5837] +++ exited with 0 +++ [pid 5835] +++ exited with 0 +++ [pid 5834] <... exit_group resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5833] kill(-5834, SIGKILL) = 0 [pid 5833] kill(5834, SIGKILL) = 0 [pid 5833] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5833] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5833] getdents64(3, 0x55555e959730 /* 3 entries */, 32768) = 72 [pid 5833] openat(AT_FDCWD, "/sys/fs/fuse/connections/34/abort", O_WRONLY) = 4 [pid 5833] write(4, "/", 1) = 1 [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- close(4) = 0 getdents64(3, 0x55555e959730 /* 0 entries */, 32768) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached [pid 5839] set_robust_list(0x55555e9586a0, 24 [pid 5833] <... clone resumed>, child_tidptr=0x55555e958690) = 5839 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] rt_sigaction(SIGRT_1, {sa_handler=0x7fa4c9e1a420, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa4c9e0c230}, NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d87000 [pid 5839] mprotect(0x7fa4c9d88000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9da7990, parent_tid=0x7fa4c9da7990, exit_signal=0, stack=0x7fa4c9d87000, stack_size=0x20300, tls=0x7fa4c9da76c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7fa4c9da7fe0, 0x20, 0, 0x53053053) = 0 [pid 5839] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5840] set_robust_list(0x7fa4c9da79a0, 24 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... set_robust_list resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] <... openat resumed>) = 3 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] openat(AT_FDCWD, "./file0", O_RDONLY|O_CREAT, 000 [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] <... openat resumed>) = -1 ENOTCONN (Transport endpoint is not connected) [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] mount(NULL, "./file0", "fuse", MS_RDONLY, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5840] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x01\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5840] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] read(3, [pid 5839] <... futex resumed>) = 0 [ 58.776587][ T29] audit: type=1400 audit(1732720749.763:94): avc: denied { mounton } for pid=5839 comm="syz-executor159" path="/root/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fa4c9e7f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d66000 [pid 5839] mprotect(0x7fa4c9d67000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9d86990, parent_tid=0x7fa4c9d86990, exit_signal=0, stack=0x7fa4c9d66000, stack_size=0x20300, tls=0x7fa4c9d866c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7fa4c9d86fe0, 0x20, 0, 0x53053053) = 0 [pid 5842] set_robust_list(0x7fa4c9d869a0, 24) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] futex(0x7fa4c9e7f3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] futex(0x7fa4c9e7f3f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] read(3, [pid 5839] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fa4c9e7f40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa4c9d45000 [pid 5839] mprotect(0x7fa4c9d46000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa4c9d65990, parent_tid=0x7fa4c9d65990, exit_signal=0, stack=0x7fa4c9d45000, stack_size=0x20300, tls=0x7fa4c9d656c0}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7fa4c9d65fe0, 0x20, 0, 0x53053053 [pid 5839] <... clone3 resumed> => {parent_tid=[5843]}, 88) = 5843 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5843] <... rseq resumed>) = 0 [pid 5843] set_robust_list(0x7fa4c9d659a0, 24 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] <... set_robust_list resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] futex(0x7fa4c9e7f40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_EXCL|O_DIRECT [pid 5840] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd3\x16\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00", 8192) = 48 [pid 5840] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5842] <... read resumed>"\x3d\x00\x00\x00\x16\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd3\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x73\x65\x63\x75\x72\x69\x74\x79\x2e\x69\x6d\x61\x00", 8192) = 61 [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] write(3, "\x18\x00\x00\x00\xfe\xff\xff\xff\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = -1 EINVAL (Invalid argument) [pid 5842] futex(0x7fa4c9e7f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] <... openat resumed>) = 4 [pid 5842] futex(0x7fa4c9e7f3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7fa4c9e7f40c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5843] futex(0x7fa4c9e7f408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5840] read(3, [ 59.002396][ T29] audit: type=1800 audit(1732720749.983:95): pid=5843 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz-executor159" name="/" dev="fuse" ino=1 res=0 errno=0 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fa4c9e7f3f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5839] futex(0x7fa4c9e7f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5842] write(5, "5", 1) = 1 [pid 5842] read(4, [pid 5840] <... read resumed>"\x38\x00\x00\x00\x03\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2\x16\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 8192) = 56 [pid 5840] write(3, "\x78\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00"..., 120) = 120 [pid 5840] futex(0x7fa4c9e7f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7fa4c9e7f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fa4c9e7f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5840] read(3, [ 59.107443][ T5842] FAULT_INJECTION: forcing a failure. [ 59.107443][ T5842] name failslab, interval 1, probability 0, space 0, times 0 [ 59.120169][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: syz-executor159 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 59.130941][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.140975][ T5842] Call Trace: [ 59.144232][ T5842] [ 59.147141][ T5842] dump_stack_lvl+0x16c/0x1f0 [ 59.151813][ T5842] should_fail_ex+0x497/0x5b0 [ 59.156496][ T5842] ? fs_reclaim_acquire+0xae/0x150 [ 59.161585][ T5842] should_failslab+0xc2/0x120 [ 59.166253][ T5842] __kmalloc_noprof+0xcb/0x510 [ 59.170998][ T5842] ? kasan_save_track+0x14/0x30 [ 59.175831][ T5842] fuse_direct_io+0x5b3/0x2580 [ 59.180593][ T5842] ? __pfx_fuse_direct_io+0x10/0x10 [ 59.185786][ T5842] ? lockdep_init_map_type+0x16d/0x7d0 [ 59.191252][ T5842] fuse_direct_IO+0x9a4/0xf20 [ 59.195930][ T5842] ? __pfx_fuse_direct_IO+0x10/0x10 [ 59.201111][ T5842] ? filemap_check_errors+0xa9/0x160 [pid 5839] futex(0x7fa4c9e7f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 59.206381][ T5842] generic_file_read_iter+0x1d4/0x450 [ 59.211743][ T5842] fuse_file_read_iter+0x35f/0x470 [ 59.216849][ T5842] vfs_read+0x87f/0xbe0 [ 59.220983][ T5842] ? __pfx_vfs_read+0x10/0x10 [ 59.225647][ T5842] ksys_read+0x12b/0x250 [ 59.229871][ T5842] ? __pfx_ksys_read+0x10/0x10 [ 59.234617][ T5842] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.239800][ T5842] ? ptrace_notify+0xf1/0x130 [ 59.244468][ T5842] do_syscall_64+0xcd/0x250 [ 59.248960][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.254838][ T5842] RIP: 0033:0x7fa4c9df4999 [ 59.259238][ T5842] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 59.278827][ T5842] RSP: 002b:00007fa4c9d86208 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 59.287224][ T5842] RAX: ffffffffffffffda RBX: 00007fa4c9e7f3f8 RCX: 00007fa4c9df4999 [ 59.295176][ T5842] RDX: 0000000000002020 RSI: 000000002000e400 RDI: 0000000000000004 [pid 5840] <... read resumed>"\x50\x00\x00\x00\x0f\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x20\x20\x00\x00\x02\x00\x00\x00\x40\x4a\xcc\x1f\xfd\x72\xa6\x5c\x00\xc0\x00\x00\x00\x00\x00\x00", 8192) = 80 [ 59.303150][ T5842] RBP: 00007fa4c9e7f3f0 R08: 00007fa4c9d85fa7 R09: 0000000000000035 [ 59.311121][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4c9e4c33c [ 59.319100][ T5842] R13: 00007fa4c9d86210 R14: 0000000000000001 R15: 00007fa4c9e4a338 [ 59.327068][ T5842] [ 59.341069][ T5840] ================================================================== [ 59.349134][ T5840] BUG: KASAN: null-ptr-deref in fuse_copy_do+0x183/0x320 [ 59.356132][ T5840] Write of size 5 at addr 0000000000000000 by task syz-executor159/5840 [ 59.364421][ T5840] [ 59.366720][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor159 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 59.377458][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.387493][ T5840] Call Trace: [ 59.390751][ T5840] [ 59.393663][ T5840] dump_stack_lvl+0x116/0x1f0 [ 59.398322][ T5840] kasan_report+0xd9/0x110 [ 59.402712][ T5840] ? fuse_copy_do+0x183/0x320 [ 59.407368][ T5840] ? fuse_copy_do+0x183/0x320 [ 59.412015][ T5840] kasan_check_range+0xef/0x1a0 [ 59.416896][ T5840] __asan_memcpy+0x3c/0x60 [ 59.421315][ T5840] fuse_copy_do+0x183/0x320 [ 59.425800][ T5840] fuse_copy_args+0x1e6/0x770 [ 59.430459][ T5840] ? fuse_dev_do_write+0x674/0x3720 [ 59.435628][ T5840] ? __pfx_fuse_copy_args+0x10/0x10 [ 59.440795][ T5840] ? do_raw_spin_lock+0x12d/0x2c0 [ 59.445791][ T5840] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.451136][ T5840] ? lock_acquire+0x2f/0xb0 [ 59.455607][ T5840] ? fuse_dev_do_write+0x306/0x3720 [ 59.460784][ T5840] fuse_dev_do_write+0x1cc1/0x3720 [ 59.465866][ T5840] ? hlock_class+0x4e/0x130 [ 59.470344][ T5840] ? __pfx_fuse_dev_do_write+0x10/0x10 [ 59.475802][ T5840] ? __pfx_mark_lock+0x10/0x10 [ 59.480552][ T5840] ? rcu_is_watching+0x12/0xc0 [ 59.485299][ T5840] ? hlock_class+0x4e/0x130 [ 59.489777][ T5840] ? __asan_memset+0x23/0x50 [ 59.494352][ T5840] fuse_dev_write+0x14f/0x1e0 [ 59.499014][ T5840] ? __pfx_fuse_dev_write+0x10/0x10 [ 59.504201][ T5840] ? inode_security+0x101/0x130 [ 59.509036][ T5840] ? bpf_lsm_file_permission+0x9/0x10 [ 59.514394][ T5840] ? security_file_permission+0x71/0x210 [ 59.519999][ T5840] vfs_write+0x5ae/0x1150 [ 59.524298][ T5840] ? __pfx_fuse_dev_write+0x10/0x10 [ 59.529465][ T5840] ? __pfx_vfs_write+0x10/0x10 [ 59.534195][ T5840] ? __fget_files+0x40/0x3a0 [ 59.538753][ T5840] ksys_write+0x12b/0x250 [ 59.543057][ T5840] ? __pfx_ksys_write+0x10/0x10 [ 59.547880][ T5840] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.553046][ T5840] ? ptrace_notify+0xf1/0x130 [ 59.557702][ T5840] do_syscall_64+0xcd/0x250 [ 59.562185][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.568050][ T5840] RIP: 0033:0x7fa4c9df3c0f [ 59.572432][ T5840] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 89 5e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 dc 5e 02 00 48 [ 59.592105][ T5840] RSP: 002b:00007fa4c9da71e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 59.600485][ T5840] RAX: ffffffffffffffda RBX: 00007fa4c9e7f3e8 RCX: 00007fa4c9df3c0f [ 59.608423][ T5840] RDX: 0000000000000015 RSI: 0000000020000540 RDI: 0000000000000003 [ 59.616361][ T5840] RBP: 00007fa4c9e7f3e0 R08: 0000000000000000 R09: 0000000000000000 [ 59.624312][ T5840] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa4c9e4c33c [ 59.632250][ T5840] R13: 00007fa4c9e44027 R14: 00007fff3bcf2380 R15: 00007fa4c9e4a338 [ 59.640191][ T5840] [ 59.643181][ T5840] ================================================================== [ 59.651977][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.659167][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor159 Not tainted 6.12.0-syzkaller-09734-g445d9f05fa14 #0 [ 59.669893][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.679920][ T5840] Call Trace: [ 59.683172][ T5840] [ 59.686086][ T5840] dump_stack_lvl+0x3d/0x1f0 [ 59.690661][ T5840] panic+0x71d/0x800 [ 59.694534][ T5840] ? __pfx_panic+0x10/0x10 [ 59.698923][ T5840] ? preempt_schedule_thunk+0x1a/0x30 [ 59.704274][ T5840] ? preempt_schedule_common+0x44/0xc0 [ 59.709712][ T5840] ? check_panic_on_warn+0x1f/0xb0 [ 59.714793][ T5840] check_panic_on_warn+0xab/0xb0 [ 59.719699][ T5840] end_report+0x117/0x180 [ 59.724000][ T5840] kasan_report+0xe9/0x110 [ 59.728385][ T5840] ? fuse_copy_do+0x183/0x320 [ 59.733030][ T5840] ? fuse_copy_do+0x183/0x320 [ 59.737677][ T5840] kasan_check_range+0xef/0x1a0 [ 59.742501][ T5840] __asan_memcpy+0x3c/0x60 [ 59.746886][ T5840] fuse_copy_do+0x183/0x320 [ 59.751365][ T5840] fuse_copy_args+0x1e6/0x770 [ 59.756013][ T5840] ? fuse_dev_do_write+0x674/0x3720 [ 59.761183][ T5840] ? __pfx_fuse_copy_args+0x10/0x10 [ 59.766350][ T5840] ? do_raw_spin_lock+0x12d/0x2c0 [ 59.771347][ T5840] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 59.776702][ T5840] ? lock_acquire+0x2f/0xb0 [ 59.781173][ T5840] ? fuse_dev_do_write+0x306/0x3720 [ 59.786349][ T5840] fuse_dev_do_write+0x1cc1/0x3720 [ 59.791442][ T5840] ? hlock_class+0x4e/0x130 [ 59.795921][ T5840] ? __pfx_fuse_dev_do_write+0x10/0x10 [ 59.801362][ T5840] ? __pfx_mark_lock+0x10/0x10 [ 59.806096][ T5840] ? rcu_is_watching+0x12/0xc0 [ 59.810835][ T5840] ? hlock_class+0x4e/0x130 [ 59.815315][ T5840] ? __asan_memset+0x23/0x50 [ 59.819873][ T5840] fuse_dev_write+0x14f/0x1e0 [ 59.824520][ T5840] ? __pfx_fuse_dev_write+0x10/0x10 [ 59.829686][ T5840] ? inode_security+0x101/0x130 [ 59.834524][ T5840] ? bpf_lsm_file_permission+0x9/0x10 [ 59.839869][ T5840] ? security_file_permission+0x71/0x210 [ 59.845473][ T5840] vfs_write+0x5ae/0x1150 [ 59.849785][ T5840] ? __pfx_fuse_dev_write+0x10/0x10 [ 59.854953][ T5840] ? __pfx_vfs_write+0x10/0x10 [ 59.859695][ T5840] ? __fget_files+0x40/0x3a0 [ 59.864257][ T5840] ksys_write+0x12b/0x250 [ 59.868556][ T5840] ? __pfx_ksys_write+0x10/0x10 [ 59.873374][ T5840] ? _raw_spin_unlock_irq+0x2e/0x50 [ 59.878552][ T5840] ? ptrace_notify+0xf1/0x130 [ 59.883204][ T5840] do_syscall_64+0xcd/0x250 [ 59.887683][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.893549][ T5840] RIP: 0033:0x7fa4c9df3c0f [ 59.897930][ T5840] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 89 5e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 dc 5e 02 00 48 [ 59.917518][ T5840] RSP: 002b:00007fa4c9da71e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 59.925912][ T5840] RAX: ffffffffffffffda RBX: 00007fa4c9e7f3e8 RCX: 00007fa4c9df3c0f [ 59.933851][ T5840] RDX: 0000000000000015 RSI: 0000000020000540 RDI: 0000000000000003 [ 59.941795][ T5840] RBP: 00007fa4c9e7f3e0 R08: 0000000000000000 R09: 0000000000000000 [ 59.949737][ T5840] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa4c9e4c33c [ 59.957686][ T5840] R13: 00007fa4c9e44027 R14: 00007fff3bcf2380 R15: 00007fa4c9e4a338 [ 59.965653][ T5840] [ 59.968848][ T5840] Kernel Offset: disabled [ 59.973143][ T5840] Rebooting in 86400 seconds..