./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor499211566 <...> Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts. execve("./syz-executor499211566", ["./syz-executor499211566"], 0x7ffe527b5ff0 /* 10 vars */) = 0 brk(NULL) = 0x555589b26000 brk(0x555589b26d40) = 0x555589b26d40 arch_prctl(ARCH_SET_FS, 0x555589b263c0) = 0 set_tid_address(0x555589b26690) = 5835 set_robust_list(0x555589b266a0, 24) = 0 rseq(0x555589b26ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor499211566", 4096) = 27 getrandom("\xe3\x77\x1f\x45\x99\x81\xc5\xaa", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555589b26d40 brk(0x555589b47d40) = 0x555589b47d40 brk(0x555589b48000) = 0x555589b48000 mprotect(0x7f11de438000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 executing program write(1, "executing program\n", 18) = 18 futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f11de3dec60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f11de3d09c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f11de34d000 mprotect(0x7f11de34e000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f11de36d990, parent_tid=0x7f11de36d990, exit_signal=0, stack=0x7f11de34d000, stack_size=0x20300, tls=0x7f11de36d6c0}./strace-static-x86_64: Process 5836 attached [pid 5836] rseq(0x7f11de36dfe0, 0x20, 0, 0x53053053 [pid 5835] <... clone3 resumed> => {parent_tid=[5836]}, 88) = 5836 [pid 5836] <... rseq resumed>) = 0 [pid 5836] set_robust_list(0x7f11de36d9a0, 24) = 0 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5836] futex(0x7f11de43e3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] mknod("./file0", 000) = 0 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... openat resumed>) = 3 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] futex(0x7f11de43e3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] read(3, [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... write resumed>) = 80 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] read(3, [pid 5835] <... futex resumed>) = 0 [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5835] futex(0x7f11de43e3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f11de32c000 [pid 5835] mprotect(0x7f11de32d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5835] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f11de34c990, parent_tid=0x7f11de34c990, exit_signal=0, stack=0x7f11de32c000, stack_size=0x20300, tls=0x7f11de34c6c0}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7f11de34cfe0, 0x20, 0, 0x53053053) = 0 [pid 5835] <... clone3 resumed> => {parent_tid=[5838]}, 88) = 5838 [pid 5838] set_robust_list(0x7f11de34c9a0, 24 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], [pid 5838] <... set_robust_list resumed>) = 0 [pid 5835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7f11de43e3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], [pid 5835] <... futex resumed>) = 0 [pid 5838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5835] futex(0x7f11de43e3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] openat(AT_FDCWD, "./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT|O_NOFOLLOW [pid 5836] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x16\x00\x00\x00\x00\x00\x00\x01\xcc\x02\x00\x00\x00\x00\x00", 8192) = 48 [pid 5836] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5836] futex(0x7f11de43e3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... openat resumed>) = 4 [pid 5836] <... futex resumed>) = 0 [pid 5838] futex(0x7f11de43e3fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5838] <... futex resumed>) = 1 [pid 5835] futex(0x7f11de43e3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5838] futex(0x7f11de43e3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] futex(0x7f11de43e3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5 [pid 5836] write(5, "3", 1) = 1 [pid 5836] writev(4, [{iov_base="\xa1", iov_len=1}, {iov_base=NULL, iov_len=0}], 2 [pid 5835] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 65.153962][ T5836] FAULT_INJECTION: forcing a failure. [ 65.153962][ T5836] name failslab, interval 1, probability 0, space 0, times 1 [ 65.171227][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor499 Not tainted 6.12.0-next-20241128-syzkaller #0 [ 65.185062][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.200943][ T5836] Call Trace: [ 65.204852][ T5836] [ 65.209374][ T5836] dump_stack_lvl+0x241/0x360 [ 65.217158][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.224815][ T5836] ? __pfx__printk+0x10/0x10 [ 65.230987][ T5836] ? __kmalloc_noprof+0xb5/0x4c0 [ 65.237468][ T5836] ? __pfx___might_resched+0x10/0x10 [ 65.244766][ T5836] should_fail_ex+0x3b0/0x4e0 [ 65.255171][ T5836] should_failslab+0xac/0x100 [ 65.262394][ T5836] __kmalloc_noprof+0xdd/0x4c0 [ 65.267631][ T5836] ? fuse_direct_io+0xb05/0x31f0 [ 65.274682][ T5836] fuse_direct_io+0xb05/0x31f0 [ 65.282038][ T5836] ? __pfx___might_resched+0x10/0x10 [ 65.290327][ T5836] ? generic_write_checks+0x160/0x1c0 [ 65.298036][ T5836] ? __pfx_fuse_direct_io+0x10/0x10 [ 65.304995][ T5836] ? __pfx_generic_write_checks+0x10/0x10 [ 65.311374][ T5836] fuse_file_write_iter+0xae2/0xf70 [ 65.319053][ T5836] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 65.329592][ T5836] do_iter_readv_writev+0x600/0x880 [ 65.336829][ T5836] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 65.346767][ T5836] ? rcu_read_lock_any_held+0xb7/0x160 [ 65.353765][ T5836] vfs_writev+0x376/0xba0 [ 65.359093][ T5836] ? trace_contention_end+0x3c/0x120 [ 65.364948][ T5836] ? __mutex_lock+0x37f/0xee0 [ 65.372444][ T5836] ? __pfx_lock_acquire+0x10/0x10 [ 65.378820][ T5836] ? __pfx_vfs_writev+0x10/0x10 [ 65.387581][ T5836] ? __fget_files+0x2a/0x410 [ 65.393839][ T5836] ? __fget_files+0x395/0x410 [ 65.400041][ T5836] ? __fget_files+0x2a/0x410 [ 65.405403][ T5836] do_writev+0x1b6/0x360 [ 65.410902][ T5836] ? __pfx_do_writev+0x10/0x10 [ 65.418134][ T5836] ? do_syscall_64+0x100/0x230 [ 65.424926][ T5836] do_syscall_64+0xf3/0x230 [ 65.430234][ T5836] ? clear_bhb_loop+0x35/0x90 [ 65.437416][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.447541][ T5836] RIP: 0033:0x7f11de3b91b9 [ 65.453098][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.479783][ T5836] RSP: 002b:00007f11de36d208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 65.490150][ T5836] RAX: ffffffffffffffda RBX: 00007f11de43e3e8 RCX: 00007f11de3b91b9 [ 65.500672][ T5836] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 65.513425][ T5836] RBP: 00007f11de43e3e0 R08: 00007f11de36cfa7 R09: 0000000000000033 [ 65.525667][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11de40b064 [ 65.537939][ T5836] R13: 00007f11de36d210 R14: 0000000000000001 R15: 0030656c69662f2e [ 65.549309][ T5836] [ 65.661436][ T5836] ================================================================== [ 65.671952][ T5836] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x47f/0x590 [ 65.682992][ T5836] Read of size 8 at addr ffffc900037b7c98 by task syz-executor499/5836 [ 65.694565][ T5836] [ 65.697717][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor499 Not tainted 6.12.0-next-20241128-syzkaller #0 [ 65.710139][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 65.722892][ T5836] Call Trace: [ 65.726987][ T5836] [ 65.733856][ T5836] dump_stack_lvl+0x241/0x360 [ 65.740993][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.747262][ T5836] ? __pfx__printk+0x10/0x10 [ 65.753270][ T5836] ? _printk+0xd5/0x120 [ 65.759730][ T5836] print_report+0x169/0x550 [ 65.768441][ T5836] ? __virt_addr_valid+0xbd/0x530 [ 65.776526][ T5836] ? iov_iter_revert+0x47f/0x590 [ 65.781646][ T5836] kasan_report+0x143/0x180 [ 65.787501][ T5836] ? iov_iter_revert+0x47f/0x590 [ 65.794233][ T5836] iov_iter_revert+0x47f/0x590 [ 65.800826][ T5836] fuse_direct_io+0x30b3/0x31f0 [ 65.806728][ T5836] ? __pfx___might_resched+0x10/0x10 [ 65.813220][ T5836] ? generic_write_checks+0x160/0x1c0 [ 65.820194][ T5836] ? __pfx_fuse_direct_io+0x10/0x10 [ 65.825651][ T5836] ? __pfx_generic_write_checks+0x10/0x10 [ 65.833650][ T5836] fuse_file_write_iter+0xae2/0xf70 [ 65.841566][ T5836] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 65.847919][ T5836] do_iter_readv_writev+0x600/0x880 [ 65.854162][ T5836] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 65.861428][ T5836] ? rcu_read_lock_any_held+0xb7/0x160 [ 65.869243][ T5836] vfs_writev+0x376/0xba0 [ 65.874467][ T5836] ? trace_contention_end+0x3c/0x120 [ 65.879948][ T5836] ? __mutex_lock+0x37f/0xee0 [ 65.885270][ T5836] ? __pfx_lock_acquire+0x10/0x10 [ 65.891444][ T5836] ? __pfx_vfs_writev+0x10/0x10 [ 65.896743][ T5836] ? __fget_files+0x2a/0x410 [ 65.901683][ T5836] ? __fget_files+0x395/0x410 [ 65.910364][ T5836] ? __fget_files+0x2a/0x410 [ 65.916294][ T5836] do_writev+0x1b6/0x360 [ 65.921169][ T5836] ? __pfx_do_writev+0x10/0x10 [ 65.929123][ T5836] ? do_syscall_64+0x100/0x230 [ 65.934890][ T5836] do_syscall_64+0xf3/0x230 [ 65.942453][ T5836] ? clear_bhb_loop+0x35/0x90 [ 65.949120][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.956004][ T5836] RIP: 0033:0x7f11de3b91b9 [ 65.960616][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 65.986952][ T5836] RSP: 002b:00007f11de36d208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 65.997095][ T5836] RAX: ffffffffffffffda RBX: 00007f11de43e3e8 RCX: 00007f11de3b91b9 [ 66.005880][ T5836] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 66.014508][ T5836] RBP: 00007f11de43e3e0 R08: 00007f11de36cfa7 R09: 0000000000000033 [ 66.023776][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11de40b064 [ 66.032590][ T5836] R13: 00007f11de36d210 R14: 0000000000000001 R15: 0030656c69662f2e [ 66.041433][ T5836] [ 66.045795][ T5836] [ 66.048671][ T5836] The buggy address belongs to stack of task syz-executor499/5836 [ 66.057544][ T5836] and is located at offset 24 in frame: [ 66.065523][ T5836] vfs_writev+0x0/0xba0 [ 66.072916][ T5836] [ 66.077460][ T5836] This frame has 3 objects: [ 66.083198][ T5836] [32, 160) 'iovstack' [ 66.083211][ T5836] [192, 200) 'iov' [ 66.090107][ T5836] [224, 264) 'iter' [ 66.095389][ T5836] [ 66.102975][ T5836] The buggy address belongs to the virtual mapping at [ 66.102975][ T5836] [ffffc900037b0000, ffffc900037b9000) created by: [ 66.102975][ T5836] copy_process+0x5d1/0x3d50 [ 66.127648][ T5836] [ 66.130245][ T5836] The buggy address belongs to the physical page: [ 66.137353][ T5836] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x310f5 [ 66.148897][ T5836] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 66.157275][ T5836] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 66.168909][ T5836] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 66.180076][ T5836] page dumped because: kasan: bad access detected [ 66.187711][ T5836] page_owner tracks the page as allocated [ 66.193539][ T5836] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5835, tgid 5835 (syz-executor499), ts 64936867879, free_ts 57447065939 [ 66.217919][ T5836] post_alloc_hook+0x1f3/0x230 [ 66.222994][ T5836] get_page_from_freelist+0x3738/0x3880 [ 66.229514][ T5836] __alloc_pages_noprof+0x292/0x710 [ 66.237094][ T5836] alloc_pages_mpol_noprof+0x3e8/0x680 [ 66.243436][ T5836] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 66.249798][ T5836] dup_task_struct+0x444/0x8c0 [ 66.255306][ T5836] copy_process+0x5d1/0x3d50 [ 66.261784][ T5836] kernel_clone+0x226/0x8e0 [ 66.270126][ T5836] __se_sys_clone3+0x2d8/0x360 [ 66.278785][ T5836] do_syscall_64+0xf3/0x230 [ 66.284972][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.292811][ T5836] page last free pid 5826 tgid 5826 stack trace: [ 66.300801][ T5836] free_unref_page+0xdef/0x1130 [ 66.307678][ T5836] __folio_put+0x2c7/0x440 [ 66.316465][ T5836] pipe_read+0x6ed/0x13e0 [ 66.323811][ T5836] vfs_read+0x991/0xb70 [ 66.329297][ T5836] ksys_read+0x18f/0x2b0 [ 66.333820][ T5836] do_syscall_64+0xf3/0x230 [ 66.339823][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.348252][ T5836] [ 66.351533][ T5836] Memory state around the buggy address: [ 66.360067][ T5836] ffffc900037b7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.368919][ T5836] ffffc900037b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.377766][ T5836] >ffffc900037b7c80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 [ 66.386734][ T5836] ^ [ 66.392383][ T5836] ffffc900037b7d00: 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 [ 66.402718][ T5836] ffffc900037b7d80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [pid 5835] exit_group(0) = ? [pid 5838] <... futex resumed>) = ? [pid 5838] +++ exited with 0 +++ [ 66.414934][ T5836] ================================================================== [ 66.426167][ T5836] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 66.436296][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: syz-executor499 Not tainted 6.12.0-next-20241128-syzkaller #0 [ 66.452357][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 66.465162][ T5836] Call Trace: [ 66.470249][ T5836] [ 66.474123][ T5836] dump_stack_lvl+0x241/0x360 [ 66.481750][ T5836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.487971][ T5836] ? __pfx__printk+0x10/0x10 [ 66.496957][ T5836] ? preempt_schedule+0xe1/0xf0 [ 66.503216][ T5836] ? vscnprintf+0x5d/0x90 [ 66.511652][ T5836] panic+0x349/0x880 [ 66.519074][ T5836] ? check_panic_on_warn+0x21/0xb0 [ 66.525790][ T5836] ? __pfx_panic+0x10/0x10 [ 66.534636][ T5836] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 66.541661][ T5836] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.549414][ T5836] ? print_report+0x502/0x550 [ 66.556095][ T5836] check_panic_on_warn+0x86/0xb0 [ 66.563308][ T5836] ? iov_iter_revert+0x47f/0x590 [ 66.569500][ T5836] end_report+0x77/0x160 [ 66.578016][ T5836] kasan_report+0x154/0x180 [ 66.584077][ T5836] ? iov_iter_revert+0x47f/0x590 [ 66.591284][ T5836] iov_iter_revert+0x47f/0x590 [ 66.596652][ T5836] fuse_direct_io+0x30b3/0x31f0 [ 66.602161][ T5836] ? __pfx___might_resched+0x10/0x10 [ 66.608077][ T5836] ? generic_write_checks+0x160/0x1c0 [ 66.614692][ T5836] ? __pfx_fuse_direct_io+0x10/0x10 [ 66.620959][ T5836] ? __pfx_generic_write_checks+0x10/0x10 [ 66.628445][ T5836] fuse_file_write_iter+0xae2/0xf70 [ 66.633822][ T5836] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 66.641225][ T5836] do_iter_readv_writev+0x600/0x880 [ 66.647878][ T5836] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 66.654944][ T5836] ? rcu_read_lock_any_held+0xb7/0x160 [ 66.661986][ T5836] vfs_writev+0x376/0xba0 [ 66.669533][ T5836] ? trace_contention_end+0x3c/0x120 [ 66.675413][ T5836] ? __mutex_lock+0x37f/0xee0 [ 66.680371][ T5836] ? __pfx_lock_acquire+0x10/0x10 [ 66.686458][ T5836] ? __pfx_vfs_writev+0x10/0x10 [ 66.691676][ T5836] ? __fget_files+0x2a/0x410 [ 66.696792][ T5836] ? __fget_files+0x395/0x410 [ 66.701826][ T5836] ? __fget_files+0x2a/0x410 [ 66.707536][ T5836] do_writev+0x1b6/0x360 [ 66.712380][ T5836] ? __pfx_do_writev+0x10/0x10 [ 66.718609][ T5836] ? do_syscall_64+0x100/0x230 [ 66.725035][ T5836] do_syscall_64+0xf3/0x230 [ 66.733033][ T5836] ? clear_bhb_loop+0x35/0x90 [ 66.739345][ T5836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.745457][ T5836] RIP: 0033:0x7f11de3b91b9 [ 66.750186][ T5836] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 66.774196][ T5836] RSP: 002b:00007f11de36d208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 66.783260][ T5836] RAX: ffffffffffffffda RBX: 00007f11de43e3e8 RCX: 00007f11de3b91b9 [ 66.791868][ T5836] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 66.802086][ T5836] RBP: 00007f11de43e3e0 R08: 00007f11de36cfa7 R09: 0000000000000033 [ 66.811730][ T5836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11de40b064 [ 66.823455][ T5836] R13: 00007f11de36d210 R14: 0000000000000001 R15: 0030656c69662f2e [ 66.836590][ T5836] [ 66.842193][ T5836] Kernel Offset: disabled [ 66.847159][ T5836] Rebooting in 86400 seconds..