./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1077026155 <...> Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. execve("./syz-executor1077026155", ["./syz-executor1077026155"], 0x7fff160e3a30 /* 10 vars */) = 0 brk(NULL) = 0x555573b46000 brk(0x555573b46d40) = 0x555573b46d40 arch_prctl(ARCH_SET_FS, 0x555573b463c0) = 0 set_tid_address(0x555573b46690) = 5860 set_robust_list(0x555573b466a0, 24) = 0 rseq(0x555573b46ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1077026155", 4096) = 28 getrandom("\x2c\xae\xb6\xd5\x92\x03\x68\xe8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555573b46d40 brk(0x555573b67d40) = 0x555573b67d40 brk(0x555573b68000) = 0x555573b68000 mprotect(0x7f19e8089000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 executing program write(1, "executing program\n", 18) = 18 futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f19e802fc60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f19e80219c0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f19e7f9e000 mprotect(0x7f19e7f9f000, 131072, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f19e7fbe990, parent_tid=0x7f19e7fbe990, exit_signal=0, stack=0x7f19e7f9e000, stack_size=0x20300, tls=0x7f19e7fbe6c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7f19e7fbefe0, 0x20, 0, 0x53053053 [pid 5860] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] <... rseq resumed>) = 0 [pid 5861] set_robust_list(0x7f19e7fbe9a0, 24) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5861] futex(0x7f19e808f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] mknod("./file0", 000) = 0 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... openat resumed>) = 3 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"... [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... mount resumed>) = 0 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f19e808f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... write resumed>) = 80 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] futex(0x7f19e808f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] read(3, [pid 5860] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5860] futex(0x7f19e808f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f19e7f7d000 [pid 5860] mprotect(0x7f19e7f7e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f19e7f9d990, parent_tid=0x7f19e7f9d990, exit_signal=0, stack=0x7f19e7f7d000, stack_size=0x20300, tls=0x7f19e7f9d6c0}./strace-static-x86_64: Process 5863 attached => {parent_tid=[5863]}, 88) = 5863 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] rseq(0x7f19e7f9dfe0, 0x20, 0, 0x53053053 [pid 5860] futex(0x7f19e808f3f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... rseq resumed>) = 0 [pid 5860] <... futex resumed>) = 0 [pid 5863] set_robust_list(0x7f19e7f9d9a0, 24 [pid 5860] futex(0x7f19e808f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] <... set_robust_list resumed>) = 0 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] openat(AT_FDCWD, "./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT|O_NOFOLLOW [pid 5861] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe7\x16\x00\x00\x00\x00\x00\x00\x01\xcc\x02\x00\x00\x00\x00\x00", 8192) = 48 [pid 5861] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00", 32) = 32 [pid 5863] <... openat resumed>) = 4 [pid 5861] futex(0x7f19e808f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] futex(0x7f19e808f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] futex(0x7f19e808f3f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5861] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f19e808f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... openat resumed>) = 5 [pid 5861] write(5, "3", 1) = 1 [ 135.503817][ T5861] FAULT_INJECTION: forcing a failure. [ 135.503817][ T5861] name failslab, interval 1, probability 0, space 0, times 1 [ 135.516804][ T5861] CPU: 0 UID: 0 PID: 5861 Comm: syz-executor107 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0 [ 135.527566][ T5861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 135.537619][ T5861] Call Trace: [ 135.540889][ T5861] [ 135.543813][ T5861] dump_stack_lvl+0x241/0x360 [ 135.548505][ T5861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.553701][ T5861] ? __pfx__printk+0x10/0x10 [ 135.558471][ T5861] ? __kmalloc_noprof+0xb5/0x4c0 [ 135.563408][ T5861] ? __pfx___might_resched+0x10/0x10 [ 135.568708][ T5861] should_fail_ex+0x3b0/0x4e0 [ 135.573508][ T5861] should_failslab+0xac/0x100 [ 135.578195][ T5861] __kmalloc_noprof+0xdd/0x4c0 [ 135.582962][ T5861] ? fuse_direct_io+0xb05/0x31f0 [ 135.587933][ T5861] fuse_direct_io+0xb05/0x31f0 [ 135.592699][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.598342][ T5861] ? __pfx___might_resched+0x10/0x10 [ 135.603647][ T5861] ? generic_write_checks+0x160/0x1c0 [ 135.609107][ T5861] ? __pfx_fuse_direct_io+0x10/0x10 [ 135.614310][ T5861] ? __pfx_generic_write_checks+0x10/0x10 [ 135.620040][ T5861] fuse_file_write_iter+0xae2/0xf70 [ 135.625241][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.630873][ T5861] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 135.636595][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.642228][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.647866][ T5861] do_iter_readv_writev+0x602/0x880 [ 135.653065][ T5861] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 135.658778][ T5861] ? rcu_read_lock_any_held+0xb7/0x160 [ 135.664251][ T5861] vfs_writev+0x376/0xba0 [ 135.668582][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.674213][ T5861] ? trace_contention_end+0x3c/0x120 [ 135.679496][ T5861] ? __mutex_lock+0x37f/0xee0 [ 135.684172][ T5861] ? __pfx_lock_acquire+0x10/0x10 [ 135.689203][ T5861] ? __pfx_vfs_writev+0x10/0x10 [ 135.694067][ T5861] ? __fget_files+0x2a/0x410 [ 135.698657][ T5861] ? __fget_files+0x395/0x410 [ 135.703332][ T5861] ? __fget_files+0x2a/0x410 [ 135.707928][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.713565][ T5861] do_writev+0x1b6/0x360 [ 135.717813][ T5861] ? __pfx_do_writev+0x10/0x10 [ 135.722579][ T5861] ? do_syscall_64+0x100/0x230 [ 135.727337][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.732968][ T5861] do_syscall_64+0xf3/0x230 [ 135.737469][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.743372][ T5861] RIP: 0033:0x7f19e800a1b9 [ 135.747778][ T5861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 135.767546][ T5861] RSP: 002b:00007f19e7fbe208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 135.775961][ T5861] RAX: ffffffffffffffda RBX: 00007f19e808f3e8 RCX: 00007f19e800a1b9 [ 135.783931][ T5861] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 135.791891][ T5861] RBP: 00007f19e808f3e0 R08: 00007f19e7fbdfa7 R09: 0000000000000033 [pid 5861] writev(4, [{iov_base="\xa1", iov_len=1}, {iov_base=NULL, iov_len=0}], 2 [pid 5860] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 135.799884][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19e805c064 [ 135.807874][ T5861] R13: 00007f19e7fbe210 R14: 0000000000000001 R15: 0030656c69662f2e [ 135.815861][ T5861] [ 135.962624][ T5861] ================================================================== [ 135.970729][ T5861] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x47f/0x590 [ 135.978540][ T5861] Read of size 8 at addr ffffc900034c7c98 by task syz-executor107/5861 [ 135.986762][ T5861] [ 135.989071][ T5861] CPU: 0 UID: 0 PID: 5861 Comm: syz-executor107 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0 [ 135.999814][ T5861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [pid 5860] exit_group(0 [pid 5863] <... futex resumed>) = ? [pid 5860] <... exit_group resumed>) = ? [pid 5863] +++ exited with 0 +++ [ 136.009856][ T5861] Call Trace: [ 136.013117][ T5861] [ 136.016036][ T5861] dump_stack_lvl+0x241/0x360 [ 136.020711][ T5861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.025904][ T5861] ? __pfx__printk+0x10/0x10 [ 136.030491][ T5861] ? _printk+0xd5/0x120 [ 136.034642][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.040269][ T5861] print_report+0x169/0x550 [ 136.044768][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.050394][ T5861] ? __virt_addr_valid+0x45f/0x530 [ 136.055498][ T5861] ? iov_iter_revert+0x47f/0x590 [ 136.060443][ T5861] kasan_report+0x143/0x180 [ 136.064952][ T5861] ? iov_iter_revert+0x47f/0x590 [ 136.069901][ T5861] iov_iter_revert+0x47f/0x590 [ 136.074674][ T5861] fuse_direct_io+0x30b3/0x31f0 [ 136.079534][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.085525][ T5861] ? __pfx___might_resched+0x10/0x10 [ 136.090824][ T5861] ? generic_write_checks+0x160/0x1c0 [ 136.096202][ T5861] ? __pfx_fuse_direct_io+0x10/0x10 [ 136.101411][ T5861] ? __pfx_generic_write_checks+0x10/0x10 [ 136.107144][ T5861] fuse_file_write_iter+0xae2/0xf70 [ 136.112336][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.117976][ T5861] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 136.123702][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.129342][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.134983][ T5861] do_iter_readv_writev+0x602/0x880 [ 136.140287][ T5861] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 136.146008][ T5861] ? rcu_read_lock_any_held+0xb7/0x160 [ 136.151481][ T5861] vfs_writev+0x376/0xba0 [ 136.155907][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.161807][ T5861] ? trace_contention_end+0x3c/0x120 [ 136.167099][ T5861] ? __mutex_lock+0x37f/0xee0 [ 136.171779][ T5861] ? __pfx_lock_acquire+0x10/0x10 [ 136.176821][ T5861] ? __pfx_vfs_writev+0x10/0x10 [ 136.181687][ T5861] ? __fget_files+0x2a/0x410 [ 136.186291][ T5861] ? __fget_files+0x395/0x410 [ 136.190972][ T5861] ? __fget_files+0x2a/0x410 [ 136.195572][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.201208][ T5861] do_writev+0x1b6/0x360 [ 136.205461][ T5861] ? __pfx_do_writev+0x10/0x10 [ 136.210234][ T5861] ? do_syscall_64+0x100/0x230 [ 136.214995][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.220632][ T5861] do_syscall_64+0xf3/0x230 [ 136.225131][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.231023][ T5861] RIP: 0033:0x7f19e800a1b9 [ 136.235433][ T5861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 136.255049][ T5861] RSP: 002b:00007f19e7fbe208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 136.263464][ T5861] RAX: ffffffffffffffda RBX: 00007f19e808f3e8 RCX: 00007f19e800a1b9 [ 136.271436][ T5861] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 136.279404][ T5861] RBP: 00007f19e808f3e0 R08: 00007f19e7fbdfa7 R09: 0000000000000033 [ 136.287375][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19e805c064 [ 136.295340][ T5861] R13: 00007f19e7fbe210 R14: 0000000000000001 R15: 0030656c69662f2e [ 136.303324][ T5861] [ 136.306337][ T5861] [ 136.308649][ T5861] The buggy address belongs to stack of task syz-executor107/5861 [ 136.316440][ T5861] and is located at offset 24 in frame: [ 136.322055][ T5861] vfs_writev+0x0/0xba0 [ 136.326220][ T5861] [ 136.328532][ T5861] This frame has 3 objects: [ 136.333022][ T5861] [32, 160) 'iovstack' [ 136.333039][ T5861] [192, 200) 'iov' [ 136.337181][ T5861] [224, 264) 'iter' [ 136.340976][ T5861] [ 136.347157][ T5861] The buggy address belongs to the virtual mapping at [ 136.347157][ T5861] [ffffc900034c0000, ffffc900034c9000) created by: [ 136.347157][ T5861] copy_process+0x5d1/0x3d50 [ 136.364789][ T5861] [ 136.367101][ T5861] The buggy address belongs to the physical page: [ 136.373499][ T5861] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802d4fc000 pfn:0x2d4fc [ 136.383559][ T5861] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 136.390670][ T5861] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 136.399252][ T5861] raw: ffff88802d4fc000 0000000000000000 00000001ffffffff 0000000000000000 [ 136.407822][ T5861] page dumped because: kasan: bad access detected [ 136.414230][ T5861] page_owner tracks the page as allocated [ 136.419930][ T5861] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5860, tgid 5860 (syz-executor107), ts 135285072707, free_ts 135247756551 [ 136.439842][ T5861] post_alloc_hook+0x1f3/0x230 [ 136.444634][ T5861] get_page_from_freelist+0x3649/0x3790 [ 136.450184][ T5861] __alloc_pages_noprof+0x292/0x710 [ 136.455383][ T5861] alloc_pages_mpol_noprof+0x3e8/0x680 [ 136.460851][ T5861] __vmalloc_node_range_noprof+0x9c9/0x1380 [ 136.466749][ T5861] dup_task_struct+0x444/0x8c0 [ 136.471522][ T5861] copy_process+0x5d1/0x3d50 [ 136.476121][ T5861] kernel_clone+0x226/0x8f0 [ 136.480623][ T5861] __se_sys_clone3+0x2d8/0x360 [ 136.485386][ T5861] do_syscall_64+0xf3/0x230 [ 136.489890][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.495788][ T5861] page last free pid 5860 tgid 5860 stack trace: [ 136.502129][ T5861] free_unref_page+0xdf9/0x1140 [ 136.507007][ T5861] __put_partials+0xeb/0x130 [ 136.511604][ T5861] put_cpu_partial+0x17c/0x250 [ 136.516366][ T5861] __slab_free+0x2ea/0x3d0 [ 136.520801][ T5861] qlist_free_all+0x9a/0x140 [ 136.525389][ T5861] kasan_quarantine_reduce+0x14f/0x170 [ 136.530844][ T5861] __kasan_slab_alloc+0x23/0x80 [ 136.535693][ T5861] __kmalloc_cache_noprof+0x1d9/0x390 [ 136.541071][ T5861] tomoyo_init_log+0x1ca/0x2050 [ 136.545919][ T5861] tomoyo_supervisor+0x38a/0x11f0 [ 136.550942][ T5861] tomoyo_env_perm+0x178/0x210 [ 136.555708][ T5861] tomoyo_find_next_domain+0x146e/0x1d40 [ 136.561350][ T5861] tomoyo_bprm_check_security+0x117/0x180 [ 136.567070][ T5861] security_bprm_check+0x86/0x250 [ 136.572089][ T5861] bprm_execve+0xa56/0x17c0 [ 136.576593][ T5861] do_execveat_common+0x55f/0x6f0 [ 136.581623][ T5861] [ 136.583939][ T5861] Memory state around the buggy address: [ 136.589556][ T5861] ffffc900034c7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.597610][ T5861] ffffc900034c7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.605662][ T5861] >ffffc900034c7c80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.613710][ T5861] ^ [ 136.618551][ T5861] ffffc900034c7d00: 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 [ 136.626607][ T5861] ffffc900034c7d80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 136.634655][ T5861] ================================================================== [ 136.643536][ T5861] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 136.650834][ T5861] CPU: 0 UID: 0 PID: 5861 Comm: syz-executor107 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0 [ 136.661592][ T5861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 136.671642][ T5861] Call Trace: [ 136.674914][ T5861] [ 136.677843][ T5861] dump_stack_lvl+0x241/0x360 [ 136.682521][ T5861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.687716][ T5861] ? __pfx__printk+0x10/0x10 [ 136.692320][ T5861] ? preempt_schedule+0xe1/0xf0 [ 136.697169][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.702810][ T5861] ? vscnprintf+0x5d/0x90 [ 136.707144][ T5861] panic+0x349/0x880 [ 136.711062][ T5861] ? check_panic_on_warn+0x21/0xb0 [ 136.716181][ T5861] ? __pfx_panic+0x10/0x10 [ 136.720605][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.726250][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.731885][ T5861] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 136.737878][ T5861] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 136.744220][ T5861] ? print_report+0x502/0x550 [ 136.748905][ T5861] check_panic_on_warn+0x86/0xb0 [ 136.753846][ T5861] ? iov_iter_revert+0x47f/0x590 [ 136.758791][ T5861] end_report+0x77/0x160 [ 136.763039][ T5861] kasan_report+0x154/0x180 [ 136.767547][ T5861] ? iov_iter_revert+0x47f/0x590 [ 136.772489][ T5861] iov_iter_revert+0x47f/0x590 [ 136.777290][ T5861] fuse_direct_io+0x30b3/0x31f0 [ 136.782175][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.787830][ T5861] ? __pfx___might_resched+0x10/0x10 [ 136.793137][ T5861] ? generic_write_checks+0x160/0x1c0 [ 136.798526][ T5861] ? __pfx_fuse_direct_io+0x10/0x10 [ 136.803744][ T5861] ? __pfx_generic_write_checks+0x10/0x10 [ 136.809480][ T5861] fuse_file_write_iter+0xae2/0xf70 [ 136.814679][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.820324][ T5861] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 136.826050][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.831694][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.837337][ T5861] do_iter_readv_writev+0x602/0x880 [ 136.842633][ T5861] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 136.848358][ T5861] ? rcu_read_lock_any_held+0xb7/0x160 [ 136.853835][ T5861] vfs_writev+0x376/0xba0 [ 136.858177][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.863848][ T5861] ? trace_contention_end+0x3c/0x120 [ 136.869145][ T5861] ? __mutex_lock+0x37f/0xee0 [ 136.873829][ T5861] ? __pfx_lock_acquire+0x10/0x10 [ 136.878856][ T5861] ? __pfx_vfs_writev+0x10/0x10 [ 136.883725][ T5861] ? __fget_files+0x2a/0x410 [ 136.888327][ T5861] ? __fget_files+0x395/0x410 [ 136.893013][ T5861] ? __fget_files+0x2a/0x410 [ 136.897619][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.903263][ T5861] do_writev+0x1b6/0x360 [ 136.907521][ T5861] ? __pfx_do_writev+0x10/0x10 [ 136.912294][ T5861] ? do_syscall_64+0x100/0x230 [ 136.917059][ T5861] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.922699][ T5861] do_syscall_64+0xf3/0x230 [ 136.927207][ T5861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.933102][ T5861] RIP: 0033:0x7f19e800a1b9 [ 136.937535][ T5861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 136.957234][ T5861] RSP: 002b:00007f19e7fbe208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 136.965661][ T5861] RAX: ffffffffffffffda RBX: 00007f19e808f3e8 RCX: 00007f19e800a1b9 [ 136.973632][ T5861] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004 [ 136.981600][ T5861] RBP: 00007f19e808f3e0 R08: 00007f19e7fbdfa7 R09: 0000000000000033 [ 136.989570][ T5861] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19e805c064 [ 136.997543][ T5861] R13: 00007f19e7fbe210 R14: 0000000000000001 R15: 0030656c69662f2e [ 137.005523][ T5861] [ 137.008907][ T5861] Kernel Offset: disabled [ 137.013223][ T5861] Rebooting in 86400 seconds..