./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2770023502 <...> Warning: Permanently added '10.128.1.28' (ED25519) to the list of known hosts. execve("./syz-executor2770023502", ["./syz-executor2770023502"], 0x7ffdc32d4b60 /* 10 vars */) = 0 brk(NULL) = 0x5555687ac000 brk(0x5555687acd40) = 0x5555687acd40 arch_prctl(ARCH_SET_FS, 0x5555687ac3c0) = 0 set_tid_address(0x5555687ac690) = 5844 set_robust_list(0x5555687ac6a0, 24) = 0 rseq(0x5555687acce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2770023502", 4096) = 28 getrandom("\x98\xd5\x2f\x6b\x62\xfb\xff\xcb", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555687acd40 brk(0x5555687cdd40) = 0x5555687cdd40 brk(0x5555687ce000) = 0x5555687ce000 mprotect(0x7f2e61870000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 write(1, "executing program\n", 18executing program ) = 18 futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2e61816c60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2e618089c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e61785000 mprotect(0x7f2e61786000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e617a5990, parent_tid=0x7f2e617a5990, exit_signal=0, stack=0x7f2e61785000, stack_size=0x20300, tls=0x7f2e617a56c0}./strace-static-x86_64: Process 5845 attached => {parent_tid=[5845]}, 88) = 5845 [pid 5845] rseq(0x7f2e617a5fe0, 0x20, 0, 0x53053053 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... rseq resumed>) = 0 [pid 5844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] set_robust_list(0x7f2e617a59a0, 24 [pid 5844] <... futex resumed>) = 0 [pid 5845] <... set_robust_list resumed>) = 0 [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5845] mknod("./file0", 000) = 0 [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] futex(0x7f2e618763e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] futex(0x7f2e618763e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] read(3, [pid 5844] <... futex resumed>) = 0 [pid 5845] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5845] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... write resumed>) = 80 [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] read(3, [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f2e618763fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2e61764000 [pid 5844] mprotect(0x7f2e61765000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2e61784990, parent_tid=0x7f2e61784990, exit_signal=0, stack=0x7f2e61764000, stack_size=0x20300, tls=0x7f2e617846c0}./strace-static-x86_64: Process 5847 attached [pid 5847] rseq(0x7f2e61784fe0, 0x20, 0, 0x53053053) = 0 [pid 5844] <... clone3 resumed> => {parent_tid=[5847]}, 88) = 5847 [pid 5847] set_robust_list(0x7f2e617849a0, 24 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5844] futex(0x7f2e618763f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] <... futex resumed>) = 0 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5844] futex(0x7f2e618763fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] openat(AT_FDCWD, "./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT|O_NOFOLLOW [pid 5845] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd7\x16\x00\x00\x00\x00\x00\x00\x01\xcc\x02\x00\x00\x00\x00\x00", 8192) = 48 [pid 5845] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5845] futex(0x7f2e618763ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... openat resumed>) = 4 [pid 5845] <... futex resumed>) = 0 [pid 5845] futex(0x7f2e618763e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5847] futex(0x7f2e618763fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 0 [pid 5847] <... futex resumed>) = 1 [pid 5844] futex(0x7f2e618763e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] futex(0x7f2e618763f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f2e618763ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5845] write(5, "3", 1) = 1 [pid 5845] writev(4, [{iov_base="\xa1", iov_len=1}, {iov_base=NULL, iov_len=0}], 2 [pid 5844] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 69.452486][ T5845] FAULT_INJECTION: forcing a failure. [ 69.452486][ T5845] name failslab, interval 1, probability 0, space 0, times 1 [ 69.465519][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor277 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 69.476330][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.486401][ T5845] Call Trace: [ 69.489713][ T5845] [ 69.492696][ T5845] dump_stack_lvl+0x241/0x360 [ 69.497689][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.503012][ T5845] ? __pfx__printk+0x10/0x10 [ 69.507627][ T5845] ? __kmalloc_noprof+0xb5/0x4c0 [ 69.512561][ T5845] ? __pfx___might_resched+0x10/0x10 [ 69.518321][ T5845] should_fail_ex+0x3b0/0x4e0 [ 69.523052][ T5845] should_failslab+0xac/0x100 [ 69.527760][ T5845] __kmalloc_noprof+0xdd/0x4c0 [ 69.532662][ T5845] ? fuse_direct_io+0xb05/0x31f0 [ 69.537761][ T5845] fuse_direct_io+0xb05/0x31f0 [ 69.542560][ T5845] ? __pfx___might_resched+0x10/0x10 [ 69.548098][ T5845] ? generic_write_checks+0x160/0x1c0 [ 69.554463][ T5845] ? __pfx_fuse_direct_io+0x10/0x10 [ 69.559696][ T5845] ? __pfx_generic_write_checks+0x10/0x10 [ 69.565435][ T5845] fuse_file_write_iter+0xae2/0xf70 [ 69.570664][ T5845] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 69.576505][ T5845] do_iter_readv_writev+0x600/0x880 [ 69.581813][ T5845] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 69.587572][ T5845] ? rcu_read_lock_any_held+0xb7/0x160 [ 69.593065][ T5845] vfs_writev+0x376/0xba0 [ 69.597415][ T5845] ? trace_contention_end+0x3c/0x120 [ 69.602868][ T5845] ? __mutex_lock+0x37f/0xee0 [ 69.607634][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 69.612760][ T5845] ? __pfx_vfs_writev+0x10/0x10 [ 69.617685][ T5845] ? __fget_files+0x2a/0x410 [ 69.622677][ T5845] ? __fget_files+0x395/0x410 [ 69.627411][ T5845] ? __fget_files+0x2a/0x410 [ 69.632116][ T5845] do_writev+0x1b6/0x360 [ 69.636466][ T5845] ? __pfx_do_writev+0x10/0x10 [ 69.641269][ T5845] ? do_syscall_64+0x100/0x230 [ 69.646411][ T5845] do_syscall_64+0xf3/0x230 [ 69.651387][ T5845] ? clear_bhb_loop+0x35/0x90 [ 69.656891][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.663712][ T5845] RIP: 0033:0x7f2e617f11b9 [ 69.668283][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 69.688449][ T5845] RSP: 002b:00007f2e617a5208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 69.696910][ T5845] RAX: ffffffffffffffda RBX: 00007f2e618763e8 RCX: 00007f2e617f11b9 [ 69.705018][ T5845] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 69.713019][ T5845] RBP: 00007f2e618763e0 R08: 00007f2e617a4fa7 R09: 0000000000000033 [ 69.721024][ T5845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e61843064 [ 69.729042][ T5845] R13: 00007f2e617a5210 R14: 0000000000000001 R15: 0030656c69662f2e [ 69.737059][ T5845] [pid 5844] exit_group(0) = ? [pid 5847] <... futex resumed>) = ? [pid 5847] +++ exited with 0 +++ [ 69.860488][ T5845] ================================================================== [ 69.868857][ T5845] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x47f/0x590 [ 69.876922][ T5845] Read of size 8 at addr ffffc90003c87c98 by task syz-executor277/5845 [ 69.885495][ T5845] [ 69.887811][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor277 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 69.898566][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.908989][ T5845] Call Trace: [ 69.912293][ T5845] [ 69.915231][ T5845] dump_stack_lvl+0x241/0x360 [ 69.920520][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.926274][ T5845] ? __pfx__printk+0x10/0x10 [ 69.931114][ T5845] ? _printk+0xd5/0x120 [ 69.935477][ T5845] print_report+0x169/0x550 [ 69.940017][ T5845] ? __virt_addr_valid+0xbd/0x530 [ 69.945155][ T5845] ? iov_iter_revert+0x47f/0x590 [ 69.950126][ T5845] kasan_report+0x143/0x180 [ 69.954679][ T5845] ? iov_iter_revert+0x47f/0x590 [ 69.959622][ T5845] iov_iter_revert+0x47f/0x590 [ 69.964470][ T5845] fuse_direct_io+0x30b3/0x31f0 [ 69.969322][ T5845] ? __pfx___might_resched+0x10/0x10 [ 69.974606][ T5845] ? generic_write_checks+0x160/0x1c0 [ 69.980320][ T5845] ? __pfx_fuse_direct_io+0x10/0x10 [ 69.985621][ T5845] ? __pfx_generic_write_checks+0x10/0x10 [ 69.991336][ T5845] fuse_file_write_iter+0xae2/0xf70 [ 69.996529][ T5845] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 70.002248][ T5845] do_iter_readv_writev+0x600/0x880 [ 70.007491][ T5845] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 70.013330][ T5845] ? rcu_read_lock_any_held+0xb7/0x160 [ 70.018822][ T5845] vfs_writev+0x376/0xba0 [ 70.023150][ T5845] ? trace_contention_end+0x3c/0x120 [ 70.028432][ T5845] ? __mutex_lock+0x37f/0xee0 [ 70.033133][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 70.038194][ T5845] ? __pfx_vfs_writev+0x10/0x10 [ 70.043098][ T5845] ? __fget_files+0x2a/0x410 [ 70.047684][ T5845] ? __fget_files+0x395/0x410 [ 70.052392][ T5845] ? __fget_files+0x2a/0x410 [ 70.057024][ T5845] do_writev+0x1b6/0x360 [ 70.061309][ T5845] ? __pfx_do_writev+0x10/0x10 [ 70.066089][ T5845] ? do_syscall_64+0x100/0x230 [ 70.070844][ T5845] do_syscall_64+0xf3/0x230 [ 70.075337][ T5845] ? clear_bhb_loop+0x35/0x90 [ 70.080030][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.086202][ T5845] RIP: 0033:0x7f2e617f11b9 [ 70.090894][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.110938][ T5845] RSP: 002b:00007f2e617a5208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 70.119465][ T5845] RAX: ffffffffffffffda RBX: 00007f2e618763e8 RCX: 00007f2e617f11b9 [ 70.127625][ T5845] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 70.135587][ T5845] RBP: 00007f2e618763e0 R08: 00007f2e617a4fa7 R09: 0000000000000033 [ 70.143563][ T5845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e61843064 [ 70.151576][ T5845] R13: 00007f2e617a5210 R14: 0000000000000001 R15: 0030656c69662f2e [ 70.159709][ T5845] [ 70.162725][ T5845] [ 70.165043][ T5845] The buggy address belongs to stack of task syz-executor277/5845 [ 70.172940][ T5845] and is located at offset 24 in frame: [ 70.178586][ T5845] vfs_writev+0x0/0xba0 [ 70.182753][ T5845] [ 70.185110][ T5845] This frame has 3 objects: [ 70.189806][ T5845] [32, 160) 'iovstack' [ 70.189818][ T5845] [192, 200) 'iov' [ 70.193959][ T5845] [224, 264) 'iter' [ 70.197752][ T5845] [ 70.203949][ T5845] The buggy address belongs to the virtual mapping at [ 70.203949][ T5845] [ffffc90003c80000, ffffc90003c89000) created by: [ 70.203949][ T5845] copy_process+0x5d1/0x3d50 [ 70.221926][ T5845] [ 70.224243][ T5845] The buggy address belongs to the physical page: [ 70.230756][ T5845] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79f90 [ 70.239555][ T5845] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 70.246792][ T5845] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 70.255496][ T5845] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 70.264641][ T5845] page dumped because: kasan: bad access detected [ 70.271055][ T5845] page_owner tracks the page as allocated [ 70.277044][ T5845] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5844, tgid 5844 (syz-executor277), ts 69212140518, free_ts 58271120310 [ 70.296583][ T5845] post_alloc_hook+0x1f3/0x230 [ 70.301641][ T5845] get_page_from_freelist+0x363e/0x3790 [ 70.307385][ T5845] __alloc_pages_noprof+0x292/0x710 [ 70.312791][ T5845] alloc_pages_mpol_noprof+0x3e8/0x680 [ 70.318411][ T5845] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 70.324605][ T5845] dup_task_struct+0x444/0x8c0 [ 70.329721][ T5845] copy_process+0x5d1/0x3d50 [ 70.334511][ T5845] kernel_clone+0x223/0x880 [ 70.339215][ T5845] __se_sys_clone3+0x2d8/0x360 [ 70.344003][ T5845] do_syscall_64+0xf3/0x230 [ 70.348498][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.354435][ T5845] page last free pid 5789 tgid 5789 stack trace: [ 70.360792][ T5845] free_unref_page+0xded/0x1130 [ 70.365676][ T5845] __folio_put+0x2c7/0x440 [ 70.370209][ T5845] pipe_read+0x6ed/0x13e0 [ 70.374550][ T5845] vfs_read+0x991/0xb70 [ 70.378899][ T5845] ksys_read+0x18f/0x2b0 [ 70.383367][ T5845] do_syscall_64+0xf3/0x230 [ 70.388154][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.394099][ T5845] [ 70.396478][ T5845] Memory state around the buggy address: [ 70.403276][ T5845] ffffc90003c87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.411718][ T5845] ffffc90003c87c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.419896][ T5845] >ffffc90003c87c80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.428333][ T5845] ^ [ 70.433193][ T5845] ffffc90003c87d00: 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 [ 70.441377][ T5845] ffffc90003c87d80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 70.449474][ T5845] ================================================================== [ 70.459439][ T5845] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.466766][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor277 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 70.477893][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.488307][ T5845] Call Trace: [ 70.491883][ T5845] [ 70.494858][ T5845] dump_stack_lvl+0x241/0x360 [ 70.499861][ T5845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.505167][ T5845] ? __pfx__printk+0x10/0x10 [ 70.509869][ T5845] ? preempt_schedule+0xe1/0xf0 [ 70.515088][ T5845] ? vscnprintf+0x5d/0x90 [ 70.519510][ T5845] panic+0x349/0x880 [ 70.523400][ T5845] ? check_panic_on_warn+0x21/0xb0 [ 70.528603][ T5845] ? __pfx_panic+0x10/0x10 [ 70.533029][ T5845] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 70.540279][ T5845] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 70.547437][ T5845] ? print_report+0x502/0x550 [ 70.552660][ T5845] check_panic_on_warn+0x86/0xb0 [ 70.557708][ T5845] ? iov_iter_revert+0x47f/0x590 [ 70.562674][ T5845] end_report+0x77/0x160 [ 70.566998][ T5845] kasan_report+0x154/0x180 [ 70.572503][ T5845] ? iov_iter_revert+0x47f/0x590 [ 70.577459][ T5845] iov_iter_revert+0x47f/0x590 [ 70.582425][ T5845] fuse_direct_io+0x30b3/0x31f0 [ 70.587504][ T5845] ? __pfx___might_resched+0x10/0x10 [ 70.593142][ T5845] ? generic_write_checks+0x160/0x1c0 [ 70.598645][ T5845] ? __pfx_fuse_direct_io+0x10/0x10 [ 70.603963][ T5845] ? __pfx_generic_write_checks+0x10/0x10 [ 70.610254][ T5845] fuse_file_write_iter+0xae2/0xf70 [ 70.615460][ T5845] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 70.621367][ T5845] do_iter_readv_writev+0x600/0x880 [ 70.626578][ T5845] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 70.632309][ T5845] ? rcu_read_lock_any_held+0xb7/0x160 [ 70.637776][ T5845] vfs_writev+0x376/0xba0 [ 70.642121][ T5845] ? trace_contention_end+0x3c/0x120 [ 70.647422][ T5845] ? __mutex_lock+0x37f/0xee0 [ 70.652296][ T5845] ? __pfx_lock_acquire+0x10/0x10 [ 70.657424][ T5845] ? __pfx_vfs_writev+0x10/0x10 [ 70.662325][ T5845] ? __fget_files+0x2a/0x410 [ 70.666969][ T5845] ? __fget_files+0x395/0x410 [ 70.671837][ T5845] ? __fget_files+0x2a/0x410 [ 70.676473][ T5845] do_writev+0x1b6/0x360 [ 70.680845][ T5845] ? __pfx_do_writev+0x10/0x10 [ 70.685843][ T5845] ? do_syscall_64+0x100/0x230 [ 70.690686][ T5845] do_syscall_64+0xf3/0x230 [ 70.695359][ T5845] ? clear_bhb_loop+0x35/0x90 [ 70.700158][ T5845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.706088][ T5845] RIP: 0033:0x7f2e617f11b9 [ 70.710595][ T5845] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.730296][ T5845] RSP: 002b:00007f2e617a5208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 70.738714][ T5845] RAX: ffffffffffffffda RBX: 00007f2e618763e8 RCX: 00007f2e617f11b9 [ 70.746935][ T5845] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 70.754917][ T5845] RBP: 00007f2e618763e0 R08: 00007f2e617a4fa7 R09: 0000000000000033 [ 70.762920][ T5845] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2e61843064 [ 70.770925][ T5845] R13: 00007f2e617a5210 R14: 0000000000000001 R15: 0030656c69662f2e [ 70.779045][ T5845] [ 70.782492][ T5845] Kernel Offset: disabled [ 70.787351][ T5845] Rebooting in 86400 seconds..