./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4290241990 <...> [ 2.877193][ T24] audit: type=1400 audit(1704117147.240:9): avc: denied { append open } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 2.880194][ T24] audit: type=1400 audit(1704117147.240:10): avc: denied { getattr } for pid=75 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.130403][ T92] udevd[92]: starting version 3.2.11 [ 3.157016][ T93] udevd[93]: starting eudev-3.2.11 [ 12.120204][ T24] kauditd_printk_skb: 50 callbacks suppressed [ 12.120214][ T24] audit: type=1400 audit(1704117156.490:61): avc: denied { transition } for pid=218 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.128104][ T24] audit: type=1400 audit(1704117156.490:62): avc: denied { noatsecure } for pid=218 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.133130][ T24] audit: type=1400 audit(1704117156.490:63): avc: denied { write } for pid=218 comm="sh" path="pipe:[13703]" dev="pipefs" ino=13703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 12.139146][ T24] audit: type=1400 audit(1704117156.490:64): avc: denied { rlimitinh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.143897][ T24] audit: type=1400 audit(1704117156.490:65): avc: denied { siginh } for pid=218 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. execve("./syz-executor4290241990", ["./syz-executor4290241990"], 0x7ffc03648bf0 /* 10 vars */) = 0 brk(NULL) = 0x55555737c000 brk(0x55555737ce00) = 0x55555737ce00 arch_prctl(ARCH_SET_FS, 0x55555737c480) = 0 set_tid_address(0x55555737c750) = 287 set_robust_list(0x55555737c760, 24) = 0 rseq(0x55555737cda0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4290241990", 4096) = 28 getrandom("\x6e\x28\x25\xff\xb1\x82\x91\xad", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555737ce00 brk(0x55555739de00) = 0x55555739de00 brk(0x55555739e000) = 0x55555739e000 mprotect(0x7ff96c135000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7ff96c076dc0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff96c0803c0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7ff96c076dc0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7ff96c0803c0}, NULL, 8) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555737c750) = 289 ./strace-static-x86_64: Process 289 attached [pid 289] set_robust_list(0x55555737c760, 24) = 0 [pid 289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 289] setpgid(0, 0) = 0 [pid 289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 289] write(3, "1000", 4) = 4 [pid 289] close(3) = 0 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] rt_sigaction(SIGRT_1, {sa_handler=0x7ff96c0d68a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff96c0803c0}, NULL, 8) = 0 [pid 289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c04c000 [pid 289] mprotect(0x7ff96c04d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c06c990, parent_tid=0x7ff96c06c990, exit_signal=0, stack=0x7ff96c04c000, stack_size=0x20240, tls=0x7ff96c06c6c0} => {parent_tid=[290]}, 88) = 290 ./strace-static-x86_64: Process 290 attached [pid 289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] set_robust_list(0x7ff96c06c9a0, 24) = 0 [pid 290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 290] mkdir("./file0", 0777) = 0 [pid 290] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 290] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7ff96c13b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 0 [pid 290] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 290] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 290] futex(0x7ff96c13b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 0 [pid 290] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 290] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [pid 290] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 290] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 290] <... futex resumed>) = 1 [ 20.355910][ T24] audit: type=1400 audit(1704117164.720:66): avc: denied { execmem } for pid=287 comm="syz-executor429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.360212][ T24] audit: type=1400 audit(1704117164.730:67): avc: denied { read write } for pid=287 comm="syz-executor429" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.363812][ T24] audit: type=1400 audit(1704117164.730:68): avc: denied { open } for pid=287 comm="syz-executor429" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.367144][ T24] audit: type=1400 audit(1704117164.730:69): avc: denied { ioctl } for pid=287 comm="syz-executor429" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.378091][ T24] audit: type=1400 audit(1704117164.750:70): avc: denied { read write } for pid=289 comm="syz-executor429" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 290] read(3, [pid 289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c02b000 [pid 289] mprotect(0x7ff96c02c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c04b990, parent_tid=0x7ff96c04b990, exit_signal=0, stack=0x7ff96c02b000, stack_size=0x20240, tls=0x7ff96c04b6c0} => {parent_tid=[291]}, 88) = 291 [pid 289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] futex(0x7ff96c13b3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 291 attached [pid 291] set_robust_list(0x7ff96c04b9a0, 24) = 0 [pid 291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 291] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 291] futex(0x7ff96c13b3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 289] <... futex resumed>) = 0 [pid 289] futex(0x7ff96c13b3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 291] <... futex resumed>) = 1 [ 20.401604][ T24] audit: type=1400 audit(1704117164.760:71): avc: denied { open } for pid=289 comm="syz-executor429" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 20.424966][ T24] audit: type=1400 audit(1704117164.760:72): avc: denied { mounton } for pid=289 comm="syz-executor429" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 291] read(3, [pid 289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 289] futex(0x7ff96c13b40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c00a000 [pid 289] mprotect(0x7ff96c00b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c02a990, parent_tid=0x7ff96c02a990, exit_signal=0, stack=0x7ff96c00a000, stack_size=0x20240, tls=0x7ff96c02a6c0} => {parent_tid=[292]}, 88) = 292 [pid 289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 289] futex(0x7ff96c13b408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 289] futex(0x7ff96c13b40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x7ff96c02a9a0, 24) = 0 [pid 292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 292] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 292] write(4, "13", 2) = 2 [ 20.447480][ T24] audit: type=1400 audit(1704117164.760:73): avc: denied { mount } for pid=289 comm="syz-executor429" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 292] openat(AT_FDCWD, "./file0/file0", O_WRONLY|O_CREAT|O_CLOEXEC, 000 [pid 289] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 20.498739][ T292] FAULT_INJECTION: forcing a failure. [ 20.498739][ T292] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 20.511817][ T292] CPU: 0 PID: 292 Comm: syz-executor429 Not tainted 5.10.204-syzkaller-01048-gf7977422e132 #0 [ 20.521803][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 20.531694][ T292] Call Trace: [ 20.534842][ T292] dump_stack_lvl+0x1e2/0x24b [ 20.539338][ T292] ? bfq_pos_tree_add_move+0x43b/0x43b [ 20.544642][ T292] dump_stack+0x15/0x17 [ 20.548637][ T292] should_fail+0x3c6/0x510 [ 20.552894][ T292] should_fail_alloc_page+0x52/0x60 [ 20.557928][ T292] __alloc_pages_nodemask+0x1b3/0xaf0 [ 20.563123][ T292] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 20.568503][ T292] new_slab+0x80/0x400 [ 20.572406][ T292] ___slab_alloc+0x302/0x4b0 [ 20.576841][ T292] ? unwind_get_return_address+0x4d/0x90 [ 20.582302][ T292] ? fuse_get_req+0x3b3/0xa80 [ 20.586814][ T292] __slab_alloc+0x63/0xa0 [ 20.590980][ T292] ? fuse_get_req+0x3b3/0xa80 [ 20.595493][ T292] ? fuse_get_req+0x3b3/0xa80 [ 20.600006][ T292] kmem_cache_alloc+0x1b9/0x2e0 [ 20.604699][ T292] ? fuse_get_req+0x3b3/0xa80 [ 20.609217][ T292] fuse_get_req+0x3b3/0xa80 [ 20.613606][ T292] ? fuse_simple_request+0x1a10/0x1a10 [ 20.618847][ T292] ? ____kasan_kmalloc+0xed/0x110 [ 20.623696][ T292] ? ____kasan_kmalloc+0xdb/0x110 [ 20.628559][ T292] ? __kasan_kmalloc+0x9/0x10 [ 20.633071][ T292] ? kmem_cache_alloc_trace+0x18a/0x2e0 [ 20.638469][ T292] ? fuse_alloc_forget+0x46/0x50 [ 20.643225][ T292] ? fuse_lookup_name+0x179/0xac0 [pid 289] exit_group(0) = ? [pid 290] <... read resumed> ) = ? [pid 290] +++ exited with 0 +++ [pid 291] <... read resumed> ) = ? [pid 291] +++ exited with 0 +++ [ 20.648175][ T292] ? fuse_lookup+0x2da/0x26a0 [ 20.652685][ T292] ? fuse_atomic_open+0x21f/0x34e0 [ 20.657633][ T292] ? path_openat+0xff0/0x3000 [ 20.662146][ T292] ? do_filp_open+0x21c/0x460 [ 20.666672][ T292] ? do_sys_openat2+0x13f/0x6f0 [ 20.671348][ T292] ? do_syscall_64+0x34/0x70 [ 20.675948][ T292] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 20.681862][ T292] fuse_simple_request+0x124/0x1a10 [ 20.686892][ T292] ? fuse_put_request+0x2d0/0x2d0 [ 20.691808][ T292] ? __kasan_kmalloc+0x9/0x10 [ 20.696313][ T292] ? kmem_cache_alloc_trace+0x18a/0x2e0 [ 20.701730][ T292] fuse_lookup_name+0x3ed/0xac0 [ 20.706414][ T292] ? fuse_invalid_attr+0x110/0x110 [ 20.711375][ T292] ? __kasan_check_write+0x14/0x20 [ 20.716415][ T292] ? mutex_lock+0xa5/0x110 [ 20.722557][ T292] ? mutex_trylock+0xa0/0xa0 [ 20.727885][ T292] fuse_lookup+0x2da/0x26a0 [ 20.732210][ T292] ? fuse_perm_getattr+0x60/0x60 [ 20.736982][ T292] ? arch_stack_walk+0xf3/0x140 [ 20.741670][ T292] ? __kasan_slab_alloc+0xc3/0xe0 [ 20.746525][ T292] ? __kasan_slab_alloc+0xb1/0xe0 [ 20.751392][ T292] ? slab_post_alloc_hook+0x61/0x2f0 [ 20.756508][ T292] ? kmem_cache_alloc+0x168/0x2e0 [ 20.761375][ T292] ? avc_alloc_node+0x7e/0x360 [ 20.765968][ T292] ? avc_compute_av+0x136/0x690 [ 20.770655][ T292] ? avc_has_perm+0x30e/0x400 [ 20.775172][ T292] ? may_create+0x65a/0x900 [ 20.779515][ T292] ? selinux_inode_create+0x22/0x30 [ 20.784548][ T292] ? security_inode_create+0xac/0x100 [ 20.789760][ T292] ? path_openat+0xe21/0x3000 [ 20.794263][ T292] ? do_filp_open+0x21c/0x460 [ 20.798778][ T292] ? do_sys_openat2+0x13f/0x6f0 [ 20.803548][ T292] ? __x64_sys_openat+0x243/0x290 [ 20.808411][ T292] ? do_syscall_64+0x34/0x70 [ 20.812836][ T292] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 20.818754][ T292] fuse_atomic_open+0x21f/0x34e0 [ 20.823511][ T292] ? fuse_rename2+0x4aa0/0x4aa0 [ 20.828291][ T292] ? avc_alloc_node+0x7e/0x360 [ 20.832900][ T292] ? __kasan_check_write+0x14/0x20 [ 20.837850][ T292] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 20.843136][ T292] ? _raw_spin_lock+0x1b0/0x1b0 [ 20.847819][ T292] ? avc_xperms_populate+0x4c7/0x590 [ 20.852937][ T292] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 20.858583][ T292] ? avc_compute_av+0x4cc/0x690 [ 20.863277][ T292] ? avc_has_perm+0x275/0x400 [ 20.867780][ T292] ? avc_has_perm_noaudit+0x240/0x240 [ 20.872987][ T292] ? avc_has_perm_noaudit+0x158/0x240 [ 20.878193][ T292] ? security_transition_sid+0x7d/0x90 [ 20.883485][ T292] ? may_create+0x65a/0x900 [ 20.887829][ T292] ? show_sid+0x250/0x250 [ 20.891990][ T292] ? d_hash_and_lookup+0x1e0/0x1e0 [ 20.896938][ T292] ? from_kgid+0x1a3/0x730 [ 20.901191][ T292] ? selinux_inode_create+0x22/0x30 [ 20.906229][ T292] ? security_inode_create+0xbc/0x100 [ 20.911433][ T292] ? fuse_rename2+0x4aa0/0x4aa0 [ 20.916128][ T292] path_openat+0xff0/0x3000 [ 20.920722][ T292] ? update_load_avg+0x541/0x1690 [ 20.925586][ T292] ? do_filp_open+0x460/0x460 [ 20.931090][ T292] do_filp_open+0x21c/0x460 [ 20.935420][ T292] ? vfs_tmpfile+0x2b0/0x2b0 [ 20.939852][ T292] ? get_unused_fd_flags+0x94/0xa0 [ 20.944797][ T292] do_sys_openat2+0x13f/0x6f0 [ 20.949332][ T292] ? cgroup_leave_frozen+0x164/0x2c0 [ 20.954427][ T292] ? ptrace_stop+0x6dc/0xa30 [ 20.958856][ T292] ? do_sys_open+0x220/0x220 [ 20.963291][ T292] ? _raw_spin_unlock_irq+0x4e/0x70 [ 20.968315][ T292] ? ptrace_notify+0x24c/0x350 [ 20.972910][ T292] __x64_sys_openat+0x243/0x290 [ 20.977621][ T292] ? __ia32_sys_open+0x270/0x270 [ 20.982421][ T292] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 20.988188][ T292] do_syscall_64+0x34/0x70 [ 20.992441][ T292] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 20.998169][ T292] RIP: 0033:0x7ff96c0b0bd9 [ 21.002423][ T292] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 21.021866][ T292] RSP: 002b:00007ff96c02a148 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 21.030111][ T292] RAX: ffffffffffffffda RBX: 00007ff96c02a150 RCX: 00007ff96c0b0bd9 [ 21.037916][ T292] RDX: 0000000000080041 RSI: 00000000200001c0 RDI: 00000000ffffff9c [pid 292] <... openat resumed>) = ? [pid 292] +++ exited with 0 +++ [pid 289] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=289, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555737c750) = 293 ./strace-static-x86_64: Process 293 attached [pid 293] set_robust_list(0x55555737c760, 24) = 0 [pid 293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 293] setpgid(0, 0) = 0 [pid 293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 293] write(3, "1000", 4) = 4 [pid 293] close(3) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] rt_sigaction(SIGRT_1, {sa_handler=0x7ff96c0d68a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff96c0803c0}, NULL, 8) = 0 [pid 293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c04c000 [pid 293] mprotect(0x7ff96c04d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c06c990, parent_tid=0x7ff96c06c990, exit_signal=0, stack=0x7ff96c04c000, stack_size=0x20240, tls=0x7ff96c06c6c0} => {parent_tid=[294]}, 88) = 294 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 294 attached [pid 294] set_robust_list(0x7ff96c06c9a0, 24) = 0 [pid 294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 294] mkdir("./file0", 0777) = -1 EEXIST (File exists) [pid 294] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 294] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 294] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 294] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 294] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7ff96c13b3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 294] <... futex resumed>) = 1 [pid 294] read(3, [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c02b000 [pid 293] mprotect(0x7ff96c02c000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c04b990, parent_tid=0x7ff96c04b990, exit_signal=0, stack=0x7ff96c02b000, stack_size=0x20240, tls=0x7ff96c04b6c0}./strace-static-x86_64: Process 295 attached => {parent_tid=[295]}, 88) = 295 [pid 295] set_robust_list(0x7ff96c04b9a0, 24 [pid 293] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... set_robust_list resumed>) = 0 [pid 295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 295] futex(0x7ff96c13b3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 293] futex(0x7ff96c13b3f8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = 0 [pid 295] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 295] futex(0x7ff96c13b3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 293] <... futex resumed>) = 0 [pid 293] futex(0x7ff96c13b3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... futex resumed>) = 1 [ 21.045814][ T292] RBP: 0000000000000002 R08: 00007ff96c029ee6 R09: 0000000000003331 [ 21.053631][ T292] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff96c13b40c [ 21.061436][ T292] R13: 000000000000006e R14: 00007ffedab1ced0 R15: 00007ffedab1cfb8 [ 21.077872][ T24] audit: type=1400 audit(1704117165.440:74): avc: denied { mounton } for pid=293 comm="syz-executor429" path="/root/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 295] read(3, [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b40c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff96c00a000 [pid 293] mprotect(0x7ff96c00b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff96c02a990, parent_tid=0x7ff96c02a990, exit_signal=0, stack=0x7ff96c00a000, stack_size=0x20240, tls=0x7ff96c02a6c0} => {parent_tid=[297]}, 88) = 297 [pid 293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 293] futex(0x7ff96c13b408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 293] futex(0x7ff96c13b40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x7ff96c02a9a0, 24) = 0 [pid 297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 297] write(4, "13", 2) = 2 [pid 297] openat(AT_FDCWD, "./file0/file0", O_WRONLY|O_CREAT|O_CLOEXEC, 000 [pid 294] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x29\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 294] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 294] futex(0x7ff96c13b3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 294] futex(0x7ff96c13b3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 295] <... read resumed>"\x3e\x00\x00\x00\x23\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x29\x01\x00\x00\x00\x00\x00\x00\x41\x80\x00\x00\x00\x80\x00\x00\x3f\x00\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 62 [pid 295] write(3, "\xa0\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 160) = 160 [pid 295] futex(0x7ff96c13b3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 295] futex(0x7ff96c13b3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 293] futex(0x7ff96c13b40c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 21.186624][ T297] FAULT_INJECTION: forcing a failure. [ 21.186624][ T297] name failslab, interval 1, probability 0, space 0, times 1 [ 21.199359][ T297] CPU: 1 PID: 297 Comm: syz-executor429 Not tainted 5.10.204-syzkaller-01048-gf7977422e132 #0 [ 21.209398][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.219289][ T297] Call Trace: [ 21.222421][ T297] dump_stack_lvl+0x1e2/0x24b [ 21.226926][ T297] ? panic+0x80b/0x80b [ 21.230831][ T297] ? bfq_pos_tree_add_move+0x43b/0x43b [ 21.236141][ T297] ? find_inode+0x37e/0x430 [ 21.240471][ T297] dump_stack+0x15/0x17 [ 21.244462][ T297] should_fail+0x3c6/0x510 [ 21.248722][ T297] ? fuse_alloc_inode+0x23/0x210 [ 21.253589][ T297] __should_failslab+0xa4/0xe0 [ 21.258191][ T297] should_failslab+0x9/0x20 [ 21.262531][ T297] kmem_cache_alloc+0x3d/0x2e0 [ 21.267137][ T297] ? sanitize_global_limit+0x140/0x140 [ 21.272433][ T297] ? fuse_iget+0x7b0/0x7b0 [ 21.276675][ T297] ? fuse_inode_eq+0x80/0x80 [ 21.281102][ T297] fuse_alloc_inode+0x23/0x210 [ 21.285701][ T297] ? sanitize_global_limit+0x140/0x140 [ 21.291010][ T297] ? fuse_iget+0x7b0/0x7b0 [ 21.295250][ T297] ? fuse_inode_eq+0x80/0x80 [ 21.299712][ T297] iget5_locked+0xba/0x280 [ 21.303930][ T297] ? fuse_inode_eq+0x80/0x80 [ 21.308363][ T297] fuse_iget+0x291/0x7b0 [ 21.312442][ T297] ? fuse_init_inode+0x310/0x310 [ 21.317206][ T297] ? fuse_passthrough_setup+0x93/0x190 [ 21.322504][ T297] fuse_atomic_open+0xf90/0x34e0 [ 21.327277][ T297] ? fuse_rename2+0x4aa0/0x4aa0 [ 21.332064][ T297] ? may_create+0x65a/0x900 [pid 293] exit_group(0 [pid 295] <... futex resumed>) = ? [pid 294] <... futex resumed>) = ? [pid 293] <... exit_group resumed>) = ? [pid 295] +++ exited with 0 +++ [pid 294] +++ exited with 0 +++ [ 21.336410][ T297] ? show_sid+0x250/0x250 [ 21.340557][ T297] ? d_hash_and_lookup+0x1e0/0x1e0 [ 21.345507][ T297] ? from_kgid+0x1a3/0x730 [ 21.349769][ T297] ? selinux_inode_create+0x22/0x30 [ 21.354791][ T297] ? security_inode_create+0xbc/0x100 [ 21.360003][ T297] ? fuse_rename2+0x4aa0/0x4aa0 [ 21.364687][ T297] path_openat+0xff0/0x3000 [ 21.369019][ T297] ? update_load_avg+0x541/0x1690 [ 21.375100][ T297] ? do_filp_open+0x460/0x460 [ 21.379610][ T297] do_filp_open+0x21c/0x460 [ 21.383946][ T297] ? vfs_tmpfile+0x2b0/0x2b0 [ 21.388377][ T297] ? get_unused_fd_flags+0x94/0xa0 [ 21.393320][ T297] do_sys_openat2+0x13f/0x6f0 [ 21.397836][ T297] ? cgroup_leave_frozen+0x164/0x2c0 [ 21.402955][ T297] ? ptrace_stop+0x6dc/0xa30 [ 21.407386][ T297] ? do_sys_open+0x220/0x220 [ 21.411809][ T297] ? _raw_spin_unlock_irq+0x4e/0x70 [ 21.416840][ T297] ? ptrace_notify+0x24c/0x350 [ 21.421440][ T297] __x64_sys_openat+0x243/0x290 [ 21.426126][ T297] ? __ia32_sys_open+0x270/0x270 [ 21.430989][ T297] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 21.436888][ T297] do_syscall_64+0x34/0x70 [ 21.441146][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 21.446870][ T297] RIP: 0033:0x7ff96c0b0bd9 [ 21.451121][ T297] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 21.470562][ T297] RSP: 002b:00007ff96c02a148 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 21.478808][ T297] RAX: ffffffffffffffda RBX: 00007ff96c02a150 RCX: 00007ff96c0b0bd9 [ 21.486627][ T297] RDX: 0000000000080041 RSI: 00000000200001c0 RDI: 00000000ffffff9c [ 21.494428][ T297] RBP: 0000000000000002 R08: 00007ff96c029ee6 R09: 0000000000003331 [ 21.502243][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff96c13b40c [ 21.510052][ T297] R13: 000000000000006e R14: 00007ffedab1ced0 R15: 00007ffedab1cfb8 [ 21.517980][ T297] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 21.529410][ T297] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 21.537693][ T297] CPU: 1 PID: 297 Comm: syz-executor429 Not tainted 5.10.204-syzkaller-01048-gf7977422e132 #0 [ 21.547721][ T297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 21.557632][ T297] RIP: 0010:fuse_file_put+0x11b/0x2420 [ 21.562912][ T297] Code: f0 41 0f c1 5e 28 bf 01 00 00 00 89 de e8 0d e9 6b ff 83 fb 01 0f 85 e4 00 00 00 4c 89 e9 4d 8d 6c 24 28 4c 89 e8 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 ef e8 f7 51 a9 ff 4c 8d bc 24 c0 00 00 00 [ 21.582359][ T297] RSP: 0018:ffffc90000b96f00 EFLAGS: 00010206 [ 21.588257][ T297] RAX: 0000000000000005 RBX: 0000000000000001 RCX: dffffc0000000000 [ 21.596150][ T297] RDX: ffff88811edacf00 RSI: 0000000000000001 RDI: 0000000000000001 [ 21.603964][ T297] RBP: ffffc90000b972a0 R08: ffffffff81fec0c3 R09: ffffed1023393bc6 [ 21.611861][ T297] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 21.619834][ T297] R13: 0000000000000028 R14: ffff888119c9de00 R15: ffff888119c9de28 [ 21.627572][ T297] FS: 00007ff96c02a6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.636339][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.642759][ T297] CR2: 00005626e31bb958 CR3: 000000011eb6d000 CR4: 00000000003506a0 [ 21.650573][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.658379][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.666189][ T297] Call Trace: [ 21.669326][ T297] ? __die_body+0x62/0xb0 [ 21.673484][ T297] ? die_addr+0x9f/0xd0 [ 21.677478][ T297] ? exc_general_protection+0x3ff/0x490 [ 21.682864][ T297] ? preempt_schedule_irq+0xe7/0x140 [ 21.688241][ T297] ? asm_exc_general_protection+0x1e/0x30 [ 21.693796][ T297] ? fuse_file_put+0x103/0x2420 [ 21.698485][ T297] ? fuse_file_put+0x11b/0x2420 [ 21.703179][ T297] ? dump_stack_lvl+0x1f3/0x24b [ 21.707856][ T297] ? dump_stack_lvl+0x211/0x24b [ 21.712542][ T297] ? fuse_lock_owner_id+0x160/0x160 [ 21.717696][ T297] ? bfq_pos_tree_add_move+0x43b/0x43b [ 21.722968][ T297] ? find_inode+0x37e/0x430 [ 21.727303][ T297] ? __kasan_check_write+0x14/0x20 [ 21.732250][ T297] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 21.737542][ T297] ? _raw_spin_lock+0x1b0/0x1b0 [ 21.742227][ T297] ? __should_failslab+0xa4/0xe0 [ 21.747029][ T297] ? should_failslab+0x9/0x20 [ 21.751604][ T297] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 21.757339][ T297] ? __wake_up+0x120/0x1c0 [ 21.761582][ T297] ? fuse_iget+0x7b0/0x7b0 [ 21.765835][ T297] ? remove_wait_queue+0x140/0x140 [ 21.770782][ T297] ? _raw_spin_trylock_bh+0x190/0x190 [ 21.775993][ T297] ? fuse_iget+0x47a/0x7b0 [ 21.780245][ T297] ? fuse_prepare_release+0x222/0x400 [ 21.785450][ T297] fuse_sync_release+0x81/0xb0 [ 21.790053][ T297] fuse_atomic_open+0x2914/0x34e0 [ 21.794996][ T297] ? fuse_rename2+0x4aa0/0x4aa0 [ 21.799694][ T297] ? may_create+0x65a/0x900 [ 21.804020][ T297] ? show_sid+0x250/0x250 [ 21.808447][ T297] ? d_hash_and_lookup+0x1e0/0x1e0 [ 21.813392][ T297] ? from_kgid+0x1a3/0x730 [ 21.817654][ T297] ? selinux_inode_create+0x22/0x30 [ 21.822680][ T297] ? security_inode_create+0xbc/0x100 [ 21.827915][ T297] ? fuse_rename2+0x4aa0/0x4aa0 [ 21.832575][ T297] path_openat+0xff0/0x3000 [ 21.836913][ T297] ? update_load_avg+0x541/0x1690 [ 21.841779][ T297] ? do_filp_open+0x460/0x460 [ 21.846289][ T297] do_filp_open+0x21c/0x460 [ 21.850628][ T297] ? vfs_tmpfile+0x2b0/0x2b0 [ 21.855055][ T297] ? get_unused_fd_flags+0x94/0xa0 [ 21.860005][ T297] do_sys_openat2+0x13f/0x6f0 [ 21.864513][ T297] ? cgroup_leave_frozen+0x164/0x2c0 [ 21.869649][ T297] ? ptrace_stop+0x6dc/0xa30 [ 21.874062][ T297] ? do_sys_open+0x220/0x220 [ 21.878488][ T297] ? _raw_spin_unlock_irq+0x4e/0x70 [ 21.883522][ T297] ? ptrace_notify+0x24c/0x350 [ 21.888126][ T297] __x64_sys_openat+0x243/0x290 [ 21.892806][ T297] ? __ia32_sys_open+0x270/0x270 [ 21.897601][ T297] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 21.903412][ T297] do_syscall_64+0x34/0x70 [ 21.907676][ T297] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 21.913382][ T297] RIP: 0033:0x7ff96c0b0bd9 [ 21.917642][ T297] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 21.937346][ T297] RSP: 002b:00007ff96c02a148 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 21.945580][ T297] RAX: ffffffffffffffda RBX: 00007ff96c02a150 RCX: 00007ff96c0b0bd9 [ 21.953388][ T297] RDX: 0000000000080041 RSI: 00000000200001c0 RDI: 00000000ffffff9c [ 21.961197][ T297] RBP: 0000000000000002 R08: 00007ff96c029ee6 R09: 0000000000003331 [ 21.969025][ T297] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff96c13b40c [ 21.976908][ T297] R13: 000000000000006e R14: 00007ffedab1ced0 R15: 00007ffedab1cfb8 [ 21.984728][ T297] Modules linked in: [ 21.988536][ T297] ---[ end trace 5cbadfa5405db03d ]--- [ 21.993763][ T297] RIP: 0010:fuse_file_put+0x11b/0x2420 [ 21.999081][ T297] Code: f0 41 0f c1 5e 28 bf 01 00 00 00 89 de e8 0d e9 6b ff 83 fb 01 0f 85 e4 00 00 00 4c 89 e9 4d 8d 6c 24 28 4c 89 e8 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 ef e8 f7 51 a9 ff 4c 8d bc 24 c0 00 00 00 [ 22.018612][ T297] RSP: 0018:ffffc90000b96f00 EFLAGS: 00010206 [ 22.024601][ T297] RAX: 0000000000000005 RBX: 0000000000000001 RCX: dffffc0000000000 [ 22.032470][ T297] RDX: ffff88811edacf00 RSI: 0000000000000001 RDI: 0000000000000001 [ 22.040240][ T297] RBP: ffffc90000b972a0 R08: ffffffff81fec0c3 R09: ffffed1023393bc6 [ 22.048059][ T297] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 22.055922][ T297] R13: 0000000000000028 R14: ffff888119c9de00 R15: ffff888119c9de28 [ 22.063758][ T297] FS: 00007ff96c02a6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 22.072507][ T297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.079040][ T297] CR2: 00005626e31bb958 CR3: 000000011eb6d000 CR4: 00000000003506a0 [ 22.086912][ T297] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 22.094748][ T297] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 22.102829][ T297] Kernel panic - not syncing: Fatal exception [ 22.108924][ T297] Kernel Offset: disabled [ 22.113047][ T297] Rebooting in 86400 seconds..