./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2060894354 <...> Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. execve("./syz-executor2060894354", ["./syz-executor2060894354"], 0x7ffcaf1fcbf0 /* 10 vars */) = 0 brk(NULL) = 0x55558e2b8000 brk(0x55558e2b8d40) = 0x55558e2b8d40 arch_prctl(ARCH_SET_FS, 0x55558e2b83c0) = 0 set_tid_address(0x55558e2b8690) = 5839 set_robust_list(0x55558e2b86a0, 24) = 0 rseq(0x55558e2b8ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2060894354", 4096) = 28 getrandom("\x05\x80\x44\xaf\xc8\xb8\x38\x13", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55558e2b8d40 brk(0x55558e2d9d40) = 0x55558e2d9d40 brk(0x55558e2da000) = 0x55558e2da000 mprotect(0x7fbc46140000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 executing program write(1, "executing program\n", 18) = 18 futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fbc460e6c60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbc460d89c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc46055000 mprotect(0x7fbc46056000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc46075990, parent_tid=0x7fbc46075990, exit_signal=0, stack=0x7fbc46055000, stack_size=0x20300, tls=0x7fbc460756c0}./strace-static-x86_64: Process 5840 attached [pid 5840] rseq(0x7fbc46075fe0, 0x20, 0, 0x53053053 [pid 5839] <... clone3 resumed> => {parent_tid=[5840]}, 88) = 5840 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] <... rseq resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] set_robust_list(0x7fbc460759a0, 24 [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] mknod("./file0", 000) = 0 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"... [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... mount resumed>) = 0 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7fbc461463e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... write resumed>) = 80 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = 1 [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] read(3, [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5839] futex(0x7fbc461463fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbc46034000 [pid 5839] mprotect(0x7fbc46035000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbc46054990, parent_tid=0x7fbc46054990, exit_signal=0, stack=0x7fbc46034000, stack_size=0x20300, tls=0x7fbc460546c0}./strace-static-x86_64: Process 5842 attached => {parent_tid=[5842]}, 88) = 5842 [pid 5842] rseq(0x7fbc46054fe0, 0x20, 0, 0x53053053 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] <... rseq resumed>) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] set_robust_list(0x7fbc460549a0, 24 [pid 5839] futex(0x7fbc461463f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] futex(0x7fbc461463fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] openat(AT_FDCWD, "./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT|O_NOFOLLOW [pid 5840] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2\x16\x00\x00\x00\x00\x00\x00\x01\xcc\x02\x00\x00\x00\x00\x00", 8192) = 48 [pid 5840] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5840] futex(0x7fbc461463ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... openat resumed>) = 4 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7fbc461463e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7fbc461463fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5842] futex(0x7fbc461463f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7fbc461463e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5839] futex(0x7fbc461463ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5840] write(5, "3", 1) = 1 [ 69.915256][ T5840] FAULT_INJECTION: forcing a failure. [ 69.915256][ T5840] name failslab, interval 1, probability 0, space 0, times 1 [ 69.928199][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor206 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 69.938961][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 69.949265][ T5840] Call Trace: [ 69.952578][ T5840] [ 69.955626][ T5840] dump_stack_lvl+0x241/0x360 [ 69.960484][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.965724][ T5840] ? __pfx__printk+0x10/0x10 [ 69.970338][ T5840] ? __kmalloc_noprof+0xb5/0x4c0 [ 69.975316][ T5840] ? __pfx___might_resched+0x10/0x10 [ 69.980638][ T5840] should_fail_ex+0x3b0/0x4e0 [ 69.985368][ T5840] should_failslab+0xac/0x100 [ 69.990087][ T5840] __kmalloc_noprof+0xdd/0x4c0 [ 69.994875][ T5840] ? fuse_direct_io+0xb05/0x31f0 [ 69.999823][ T5840] fuse_direct_io+0xb05/0x31f0 [ 70.004749][ T5840] ? __pfx___might_resched+0x10/0x10 [ 70.010089][ T5840] ? generic_write_checks+0x160/0x1c0 [ 70.015500][ T5840] ? __pfx_fuse_direct_io+0x10/0x10 [ 70.020779][ T5840] ? __pfx_generic_write_checks+0x10/0x10 [ 70.026539][ T5840] fuse_file_write_iter+0xae2/0xf70 [ 70.031769][ T5840] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 70.037554][ T5840] do_iter_readv_writev+0x600/0x880 [ 70.042784][ T5840] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 70.048530][ T5840] ? rcu_read_lock_any_held+0xb7/0x160 [ 70.054019][ T5840] vfs_writev+0x376/0xba0 [ 70.058363][ T5840] ? trace_contention_end+0x3c/0x120 [ 70.063653][ T5840] ? __mutex_lock+0x37f/0xee0 [ 70.068333][ T5840] ? __pfx_lock_acquire+0x10/0x10 [ 70.073459][ T5840] ? __pfx_vfs_writev+0x10/0x10 [ 70.078357][ T5840] ? __fget_files+0x2a/0x410 [ 70.082965][ T5840] ? __fget_files+0x395/0x410 [ 70.087647][ T5840] ? __fget_files+0x2a/0x410 [ 70.092288][ T5840] do_writev+0x1b6/0x360 [ 70.096574][ T5840] ? __pfx_do_writev+0x10/0x10 [ 70.101368][ T5840] ? do_syscall_64+0x100/0x230 [ 70.106258][ T5840] do_syscall_64+0xf3/0x230 [ 70.110806][ T5840] ? clear_bhb_loop+0x35/0x90 [ 70.115504][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.121429][ T5840] RIP: 0033:0x7fbc460c11b9 [ 70.125874][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.145507][ T5840] RSP: 002b:00007fbc46075208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 70.153934][ T5840] RAX: ffffffffffffffda RBX: 00007fbc461463e8 RCX: 00007fbc460c11b9 [pid 5840] writev(4, [{iov_base="\xa1", iov_len=1}, {iov_base=NULL, iov_len=0}], 2 [pid 5839] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 70.161908][ T5840] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 70.169882][ T5840] RBP: 00007fbc461463e0 R08: 00007fbc46074fa7 R09: 0000000000000033 [ 70.177858][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc46113064 [ 70.185835][ T5840] R13: 00007fbc46075210 R14: 0000000000000001 R15: 0030656c69662f2e [ 70.193821][ T5840] [pid 5839] exit_group(0) = ? [pid 5842] <... futex resumed>) = ? [pid 5842] +++ exited with 0 +++ [ 70.367202][ T5840] ================================================================== [ 70.375328][ T5840] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x47f/0x590 [ 70.383063][ T5840] Read of size 8 at addr ffffc900040afc98 by task syz-executor206/5840 [ 70.391387][ T5840] [ 70.394056][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor206 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 70.404848][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.414902][ T5840] Call Trace: [ 70.418203][ T5840] [ 70.421132][ T5840] dump_stack_lvl+0x241/0x360 [ 70.425817][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.431013][ T5840] ? __pfx__printk+0x10/0x10 [ 70.435603][ T5840] ? _printk+0xd5/0x120 [ 70.439767][ T5840] print_report+0x169/0x550 [ 70.444275][ T5840] ? __virt_addr_valid+0xbd/0x530 [ 70.449349][ T5840] ? iov_iter_revert+0x47f/0x590 [ 70.454836][ T5840] kasan_report+0x143/0x180 [ 70.459458][ T5840] ? iov_iter_revert+0x47f/0x590 [ 70.464405][ T5840] iov_iter_revert+0x47f/0x590 [ 70.469309][ T5840] fuse_direct_io+0x30b3/0x31f0 [ 70.475139][ T5840] ? __pfx___might_resched+0x10/0x10 [ 70.481189][ T5840] ? generic_write_checks+0x160/0x1c0 [ 70.487479][ T5840] ? __pfx_fuse_direct_io+0x10/0x10 [ 70.493309][ T5840] ? __pfx_generic_write_checks+0x10/0x10 [ 70.499388][ T5840] fuse_file_write_iter+0xae2/0xf70 [ 70.505117][ T5840] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 70.510838][ T5840] do_iter_readv_writev+0x600/0x880 [ 70.516293][ T5840] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 70.522013][ T5840] ? rcu_read_lock_any_held+0xb7/0x160 [ 70.527733][ T5840] vfs_writev+0x376/0xba0 [ 70.532165][ T5840] ? trace_contention_end+0x3c/0x120 [ 70.538038][ T5840] ? __mutex_lock+0x37f/0xee0 [ 70.542719][ T5840] ? __pfx_lock_acquire+0x10/0x10 [ 70.547848][ T5840] ? __pfx_vfs_writev+0x10/0x10 [ 70.553255][ T5840] ? __fget_files+0x2a/0x410 [ 70.557956][ T5840] ? __fget_files+0x395/0x410 [ 70.562663][ T5840] ? __fget_files+0x2a/0x410 [ 70.567313][ T5840] do_writev+0x1b6/0x360 [ 70.571583][ T5840] ? __pfx_do_writev+0x10/0x10 [ 70.576393][ T5840] ? do_syscall_64+0x100/0x230 [ 70.581248][ T5840] do_syscall_64+0xf3/0x230 [ 70.585778][ T5840] ? clear_bhb_loop+0x35/0x90 [ 70.590469][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.596639][ T5840] RIP: 0033:0x7fbc460c11b9 [ 70.601228][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.621558][ T5840] RSP: 002b:00007fbc46075208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 70.630084][ T5840] RAX: ffffffffffffffda RBX: 00007fbc461463e8 RCX: 00007fbc460c11b9 [ 70.639653][ T5840] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 70.647729][ T5840] RBP: 00007fbc461463e0 R08: 00007fbc46074fa7 R09: 0000000000000033 [ 70.655896][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc46113064 [ 70.663959][ T5840] R13: 00007fbc46075210 R14: 0000000000000001 R15: 0030656c69662f2e [ 70.671965][ T5840] [ 70.674985][ T5840] [ 70.677395][ T5840] The buggy address belongs to stack of task syz-executor206/5840 [ 70.685304][ T5840] and is located at offset 24 in frame: [ 70.690935][ T5840] vfs_writev+0x0/0xba0 [ 70.695095][ T5840] [ 70.697446][ T5840] This frame has 3 objects: [ 70.701971][ T5840] [32, 160) 'iovstack' [ 70.701984][ T5840] [192, 200) 'iov' [ 70.706139][ T5840] [224, 264) 'iter' [ 70.709976][ T5840] [ 70.716250][ T5840] The buggy address belongs to the virtual mapping at [ 70.716250][ T5840] [ffffc900040a8000, ffffc900040b1000) created by: [ 70.716250][ T5840] copy_process+0x5d1/0x3d50 [ 70.733976][ T5840] [ 70.736299][ T5840] The buggy address belongs to the physical page: [ 70.742738][ T5840] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7998f [ 70.751580][ T5840] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 70.759003][ T5840] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 70.768196][ T5840] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 70.776962][ T5840] page dumped because: kasan: bad access detected [ 70.783394][ T5840] page_owner tracks the page as allocated [ 70.789102][ T5840] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5839, tgid 5839 (syz-executor206), ts 69723550789, free_ts 62168445021 [ 70.808566][ T5840] post_alloc_hook+0x1f3/0x230 [ 70.813345][ T5840] get_page_from_freelist+0x363e/0x3790 [ 70.819025][ T5840] __alloc_pages_noprof+0x292/0x710 [ 70.824879][ T5840] alloc_pages_mpol_noprof+0x3e8/0x680 [ 70.830383][ T5840] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 70.836395][ T5840] dup_task_struct+0x444/0x8c0 [ 70.841264][ T5840] copy_process+0x5d1/0x3d50 [ 70.845873][ T5840] kernel_clone+0x223/0x880 [ 70.850412][ T5840] __se_sys_clone3+0x2d8/0x360 [ 70.855205][ T5840] do_syscall_64+0xf3/0x230 [ 70.859755][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.865670][ T5840] page last free pid 5830 tgid 5830 stack trace: [ 70.872078][ T5840] free_unref_page+0xded/0x1130 [ 70.876943][ T5840] __folio_put+0x2c7/0x440 [ 70.881379][ T5840] pipe_read+0x6ed/0x13e0 [ 70.885711][ T5840] vfs_read+0x991/0xb70 [ 70.889870][ T5840] ksys_read+0x18f/0x2b0 [ 70.894120][ T5840] do_syscall_64+0xf3/0x230 [ 70.898617][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.904505][ T5840] [ 70.906839][ T5840] Memory state around the buggy address: [ 70.912460][ T5840] ffffc900040afb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.920636][ T5840] ffffc900040afc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.928769][ T5840] >ffffc900040afc80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 [ 70.936839][ T5840] ^ [ 70.941719][ T5840] ffffc900040afd00: 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 [ 70.949968][ T5840] ffffc900040afd80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 70.958118][ T5840] ================================================================== [ 70.967029][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.974439][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor206 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 70.985256][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 70.996283][ T5840] Call Trace: [ 70.999589][ T5840] [ 71.002518][ T5840] dump_stack_lvl+0x241/0x360 [ 71.007239][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.012442][ T5840] ? __pfx__printk+0x10/0x10 [ 71.017035][ T5840] ? preempt_schedule+0xe1/0xf0 [ 71.022299][ T5840] ? vscnprintf+0x5d/0x90 [ 71.027002][ T5840] panic+0x349/0x880 [ 71.031607][ T5840] ? check_panic_on_warn+0x21/0xb0 [ 71.036720][ T5840] ? __pfx_panic+0x10/0x10 [ 71.041358][ T5840] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 71.047400][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 71.054426][ T5840] ? print_report+0x502/0x550 [ 71.059183][ T5840] check_panic_on_warn+0x86/0xb0 [ 71.064139][ T5840] ? iov_iter_revert+0x47f/0x590 [ 71.069102][ T5840] end_report+0x77/0x160 [ 71.073882][ T5840] kasan_report+0x154/0x180 [ 71.078491][ T5840] ? iov_iter_revert+0x47f/0x590 [ 71.083440][ T5840] iov_iter_revert+0x47f/0x590 [ 71.088476][ T5840] fuse_direct_io+0x30b3/0x31f0 [ 71.093533][ T5840] ? __pfx___might_resched+0x10/0x10 [ 71.099166][ T5840] ? generic_write_checks+0x160/0x1c0 [ 71.104552][ T5840] ? __pfx_fuse_direct_io+0x10/0x10 [ 71.109788][ T5840] ? __pfx_generic_write_checks+0x10/0x10 [ 71.115523][ T5840] fuse_file_write_iter+0xae2/0xf70 [ 71.120947][ T5840] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 71.126763][ T5840] do_iter_readv_writev+0x600/0x880 [ 71.132083][ T5840] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 71.138053][ T5840] ? rcu_read_lock_any_held+0xb7/0x160 [ 71.143531][ T5840] vfs_writev+0x376/0xba0 [ 71.147982][ T5840] ? trace_contention_end+0x3c/0x120 [ 71.153290][ T5840] ? __mutex_lock+0x37f/0xee0 [ 71.158509][ T5840] ? __pfx_lock_acquire+0x10/0x10 [ 71.163638][ T5840] ? __pfx_vfs_writev+0x10/0x10 [ 71.168499][ T5840] ? __fget_files+0x2a/0x410 [ 71.173120][ T5840] ? __fget_files+0x395/0x410 [ 71.177804][ T5840] ? __fget_files+0x2a/0x410 [ 71.182417][ T5840] do_writev+0x1b6/0x360 [ 71.186665][ T5840] ? __pfx_do_writev+0x10/0x10 [ 71.191441][ T5840] ? do_syscall_64+0x100/0x230 [ 71.196226][ T5840] do_syscall_64+0xf3/0x230 [ 71.200719][ T5840] ? clear_bhb_loop+0x35/0x90 [ 71.205407][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.211309][ T5840] RIP: 0033:0x7fbc460c11b9 [ 71.215741][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 71.235460][ T5840] RSP: 002b:00007fbc46075208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 71.243900][ T5840] RAX: ffffffffffffffda RBX: 00007fbc461463e8 RCX: 00007fbc460c11b9 [ 71.252124][ T5840] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 71.260308][ T5840] RBP: 00007fbc461463e0 R08: 00007fbc46074fa7 R09: 0000000000000033 [ 71.268279][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbc46113064 [ 71.276239][ T5840] R13: 00007fbc46075210 R14: 0000000000000001 R15: 0030656c69662f2e [ 71.284211][ T5840] [ 71.287575][ T5840] Kernel Offset: disabled [ 71.291993][ T5840] Rebooting in 86400 seconds..