./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3563466138

<...>
Warning: Permanently added '10.128.10.30' (ED25519) to the list of known hosts.
execve("./syz-executor3563466138", ["./syz-executor3563466138"], 0x7ffef1b41490 /* 10 vars */) = 0
brk(NULL)                               = 0x555560fbe000
brk(0x555560fbed40)                     = 0x555560fbed40
arch_prctl(ARCH_SET_FS, 0x555560fbe3c0) = 0
set_tid_address(0x555560fbe690)         = 5819
set_robust_list(0x555560fbe6a0, 24)     = 0
rseq(0x555560fbece0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3563466138", 4096) = 28
getrandom("\xc1\xd3\x91\xd1\x16\xcf\x35\x3f", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555560fbed40
brk(0x555560fdfd40)                     = 0x555560fdfd40
brk(0x555560fe0000)                     = 0x555560fe0000
mprotect(0x7f3f93472000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1)                        = 1
close(3)                                = 0
executing program
write(1, "executing program\n", 18)     = 18
futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7f3f93418c60, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3f9340a9c0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f93387000
mprotect(0x7f3f93388000, 131072, PROT_READ|PROT_WRITE) = 0
rt_sigprocmask(SIG_BLOCK, ~[], [], 8)   = 0
clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3f933a7990, parent_tid=0x7f3f933a7990, exit_signal=0, stack=0x7f3f93387000, stack_size=0x20300, tls=0x7f3f933a76c0}./strace-static-x86_64: Process 5820 attached
 <unfinished ...>
[pid  5820] rseq(0x7f3f933a7fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5819] <... clone3 resumed> => {parent_tid=[5820]}, 88) = 5820
[pid  5820] <... rseq resumed>)         = 0
[pid  5820] set_robust_list(0x7f3f933a79a0, 24 <unfinished ...>
[pid  5819] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5820] <... set_robust_list resumed>) = 0
[pid  5819] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5820] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5820] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5819] <... futex resumed>)        = 0
[pid  5820] mknod("./file0", 000 <unfinished ...>
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] <... mknod resumed>)        = 0
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5819] <... futex resumed>)        = 0
[pid  5820] futex(0x7f3f934783e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5820] <... futex resumed>)        = 0
[pid  5819] <... futex resumed>)        = 1
[pid  5820] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 <unfinished ...>
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] <... openat resumed>)       = 3
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5819] <... futex resumed>)        = 0
[pid  5820] futex(0x7f3f934783e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5820] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5819] <... futex resumed>)        = 0
[pid  5820] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000100000,user_id=00000000000000000000,group_id=0000000"... <unfinished ...>
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] <... mount resumed>)        = 0
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5820] <... futex resumed>)        = 1
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5820] read(3,  <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\xdf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5820] <... futex resumed>)        = 1
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5820] futex(0x7f3f934783e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5820] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5820] <... futex resumed>)        = 1
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5820] read(3,  <unfinished ...>
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  5819] futex(0x7f3f934783fc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3f93366000
[pid  5819] mprotect(0x7f3f93367000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3f93386990, parent_tid=0x7f3f93386990, exit_signal=0, stack=0x7f3f93366000, stack_size=0x20300, tls=0x7f3f933866c0}./strace-static-x86_64: Process 5822 attached
 => {parent_tid=[5822]}, 88) = 5822
[pid  5822] rseq(0x7f3f93386fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5819] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5822] <... rseq resumed>)         = 0
[pid  5819] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5822] set_robust_list(0x7f3f933869a0, 24 <unfinished ...>
[pid  5819] futex(0x7f3f934783f8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5822] <... set_robust_list resumed>) = 0
[pid  5819] <... futex resumed>)        = 0
[pid  5822] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5819] futex(0x7f3f934783fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5822] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5822] openat(AT_FDCWD, "./file0", O_WRONLY|O_APPEND|O_NONBLOCK|O_DIRECT|O_NOFOLLOW <unfinished ...>
[pid  5820] <... read resumed>"\x30\x00\x00\x00\x0e\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbe\x16\x00\x00\x00\x00\x00\x00\x01\xcc\x02\x00\x00\x00\x00\x00", 8192) = 48
[pid  5820] write(3, "\x20\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x00\x00\x00\x00\x00", 32) = 32
[pid  5822] <... openat resumed>)       = 4
[pid  5820] futex(0x7f3f934783ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5820] futex(0x7f3f934783e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5822] futex(0x7f3f934783fc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5819] <... futex resumed>)        = 0
[pid  5822] <... futex resumed>)        = 1
[pid  5822] futex(0x7f3f934783f8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5819] futex(0x7f3f934783e8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5820] <... futex resumed>)        = 0
[pid  5819] futex(0x7f3f934783ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5820] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid  5820] write(5, "3", 1)            = 1
[   57.607988][ T5820] FAULT_INJECTION: forcing a failure.
[   57.607988][ T5820] name failslab, interval 1, probability 0, space 0, times 1
[   57.620818][ T5820] CPU: 1 UID: 0 PID: 5820 Comm: syz-executor356 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[   57.631591][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   57.641651][ T5820] Call Trace:
[   57.644930][ T5820]  <TASK>
[   57.647852][ T5820]  dump_stack_lvl+0x241/0x360
[   57.652546][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   57.657736][ T5820]  ? __pfx__printk+0x10/0x10
[   57.662319][ T5820]  ? __kmalloc_noprof+0xb5/0x4c0
[   57.667245][ T5820]  ? __pfx___might_resched+0x10/0x10
[   57.672594][ T5820]  should_fail_ex+0x3b0/0x4e0
[   57.677294][ T5820]  should_failslab+0xac/0x100
[   57.681960][ T5820]  __kmalloc_noprof+0xdd/0x4c0
[   57.686712][ T5820]  ? fuse_direct_io+0xb05/0x31f0
[   57.691645][ T5820]  fuse_direct_io+0xb05/0x31f0
[   57.696414][ T5820]  ? __pfx___might_resched+0x10/0x10
[   57.701710][ T5820]  ? generic_write_checks+0x160/0x1c0
[   57.707069][ T5820]  ? __pfx_fuse_direct_io+0x10/0x10
[   57.712251][ T5820]  ? __pfx_generic_write_checks+0x10/0x10
[   57.717959][ T5820]  fuse_file_write_iter+0xae2/0xf70
[   57.723145][ T5820]  ? __pfx_fuse_file_write_iter+0x10/0x10
[   57.728863][ T5820]  do_iter_readv_writev+0x600/0x880
[   57.734055][ T5820]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   57.739759][ T5820]  ? rcu_read_lock_any_held+0xb7/0x160
[   57.745213][ T5820]  vfs_writev+0x376/0xba0
[   57.749529][ T5820]  ? trace_contention_end+0x3c/0x120
[   57.754817][ T5820]  ? __mutex_lock+0x37f/0xee0
[   57.759513][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   57.764566][ T5820]  ? __pfx_vfs_writev+0x10/0x10
[   57.769420][ T5820]  ? __fget_files+0x2a/0x410
[   57.774003][ T5820]  ? __fget_files+0x395/0x410
[   57.778664][ T5820]  ? __fget_files+0x2a/0x410
[   57.783245][ T5820]  do_writev+0x1b6/0x360
[   57.787477][ T5820]  ? __pfx_do_writev+0x10/0x10
[   57.792241][ T5820]  ? do_syscall_64+0x100/0x230
[   57.796994][ T5820]  do_syscall_64+0xf3/0x230
[   57.801485][ T5820]  ? clear_bhb_loop+0x35/0x90
[   57.806151][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.812030][ T5820] RIP: 0033:0x7f3f933f31b9
[   57.816440][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   57.836028][ T5820] RSP: 002b:00007f3f933a7208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   57.844428][ T5820] RAX: ffffffffffffffda RBX: 00007f3f934783e8 RCX: 00007f3f933f31b9
[pid  5820] writev(4, [{iov_base="\xa1", iov_len=1}, {iov_base=NULL, iov_len=0}], 2 <unfinished ...>
[pid  5819] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   57.852388][ T5820] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004
[   57.860338][ T5820] RBP: 00007f3f934783e0 R08: 00007f3f933a6fa7 R09: 0000000000000033
[   57.868303][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f93445064
[   57.876256][ T5820] R13: 00007f3f933a7210 R14: 0000000000000001 R15: 0030656c69662f2e
[   57.884226][ T5820]  </TASK>
[pid  5819] exit_group(0)               = ?
[pid  5822] <... futex resumed>)        = ?
[pid  5822] +++ exited with 0 +++
[   58.025398][ T5820] ==================================================================
[   58.033508][ T5820] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x47f/0x590
[   58.041244][ T5820] Read of size 8 at addr ffffc90003ad7c98 by task syz-executor356/5820
[   58.049465][ T5820] 
[   58.051771][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor356 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[   58.062516][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   58.072562][ T5820] Call Trace:
[   58.075822][ T5820]  <TASK>
[   58.078735][ T5820]  dump_stack_lvl+0x241/0x360
[   58.083404][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.088582][ T5820]  ? __pfx__printk+0x10/0x10
[   58.093152][ T5820]  ? _printk+0xd5/0x120
[   58.097290][ T5820]  print_report+0x169/0x550
[   58.101772][ T5820]  ? __virt_addr_valid+0xbd/0x530
[   58.106779][ T5820]  ? iov_iter_revert+0x47f/0x590
[   58.111697][ T5820]  kasan_report+0x143/0x180
[   58.116178][ T5820]  ? iov_iter_revert+0x47f/0x590
[   58.121097][ T5820]  iov_iter_revert+0x47f/0x590
[   58.125844][ T5820]  fuse_direct_io+0x30b3/0x31f0
[   58.130684][ T5820]  ? __pfx___might_resched+0x10/0x10
[   58.135955][ T5820]  ? generic_write_checks+0x160/0x1c0
[   58.141305][ T5820]  ? __pfx_fuse_direct_io+0x10/0x10
[   58.146502][ T5820]  ? __pfx_generic_write_checks+0x10/0x10
[   58.152201][ T5820]  fuse_file_write_iter+0xae2/0xf70
[   58.157403][ T5820]  ? __pfx_fuse_file_write_iter+0x10/0x10
[   58.163114][ T5820]  do_iter_readv_writev+0x600/0x880
[   58.168295][ T5820]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   58.173997][ T5820]  ? rcu_read_lock_any_held+0xb7/0x160
[   58.179443][ T5820]  vfs_writev+0x376/0xba0
[   58.183753][ T5820]  ? trace_contention_end+0x3c/0x120
[   58.189019][ T5820]  ? __mutex_lock+0x37f/0xee0
[   58.193676][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   58.198680][ T5820]  ? __pfx_vfs_writev+0x10/0x10
[   58.203516][ T5820]  ? __fget_files+0x2a/0x410
[   58.208087][ T5820]  ? __fget_files+0x395/0x410
[   58.212743][ T5820]  ? __fget_files+0x2a/0x410
[   58.217313][ T5820]  do_writev+0x1b6/0x360
[   58.221536][ T5820]  ? __pfx_do_writev+0x10/0x10
[   58.226280][ T5820]  ? do_syscall_64+0x100/0x230
[   58.231029][ T5820]  do_syscall_64+0xf3/0x230
[   58.235514][ T5820]  ? clear_bhb_loop+0x35/0x90
[   58.240174][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.246051][ T5820] RIP: 0033:0x7f3f933f31b9
[   58.250444][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   58.270056][ T5820] RSP: 002b:00007f3f933a7208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   58.278460][ T5820] RAX: ffffffffffffffda RBX: 00007f3f934783e8 RCX: 00007f3f933f31b9
[   58.286421][ T5820] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004
[   58.294378][ T5820] RBP: 00007f3f934783e0 R08: 00007f3f933a6fa7 R09: 0000000000000033
[   58.302337][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f93445064
[   58.310299][ T5820] R13: 00007f3f933a7210 R14: 0000000000000001 R15: 0030656c69662f2e
[   58.318268][ T5820]  </TASK>
[   58.321269][ T5820] 
[   58.323574][ T5820] The buggy address belongs to stack of task syz-executor356/5820
[   58.331354][ T5820]  and is located at offset 24 in frame:
[   58.336961][ T5820]  vfs_writev+0x0/0xba0
[   58.341103][ T5820] 
[   58.343409][ T5820] This frame has 3 objects:
[   58.347885][ T5820]  [32, 160) 'iovstack'
[   58.347894][ T5820]  [192, 200) 'iov'
[   58.352024][ T5820]  [224, 264) 'iter'
[   58.355807][ T5820] 
[   58.361977][ T5820] The buggy address belongs to the virtual mapping at
[   58.361977][ T5820]  [ffffc90003ad0000, ffffc90003ad9000) created by:
[   58.361977][ T5820]  copy_process+0x5d1/0x3d50
[   58.379595][ T5820] 
[   58.381903][ T5820] The buggy address belongs to the physical page:
[   58.388311][ T5820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880466bfe00 pfn:0x466be
[   58.398363][ T5820] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   58.405468][ T5820] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[   58.414032][ T5820] raw: ffff8880466bfe00 0000000000000000 00000001ffffffff 0000000000000000
[   58.422593][ T5820] page dumped because: kasan: bad access detected
[   58.428988][ T5820] page_owner tracks the page as allocated
[   58.434682][ T5820] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor356), ts 57381348013, free_ts 57295146116
[   58.454111][ T5820]  post_alloc_hook+0x1f3/0x230
[   58.458860][ T5820]  get_page_from_freelist+0x3651/0x37a0
[   58.464389][ T5820]  __alloc_pages_noprof+0x292/0x710
[   58.469568][ T5820]  alloc_pages_mpol_noprof+0x3e8/0x680
[   58.475005][ T5820]  __vmalloc_node_range_noprof+0x9c9/0x1380
[   58.480877][ T5820]  dup_task_struct+0x444/0x8c0
[   58.485626][ T5820]  copy_process+0x5d1/0x3d50
[   58.490202][ T5820]  kernel_clone+0x223/0x870
[   58.494682][ T5820]  __se_sys_clone3+0x2d8/0x360
[   58.499423][ T5820]  do_syscall_64+0xf3/0x230
[   58.503907][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.509786][ T5820] page last free pid 5816 tgid 5816 stack trace:
[   58.516087][ T5820]  free_unref_page+0xde3/0x1130
[   58.520913][ T5820]  __put_partials+0xeb/0x130
[   58.525485][ T5820]  put_cpu_partial+0x17c/0x250
[   58.530228][ T5820]  __slab_free+0x2ea/0x3d0
[   58.534625][ T5820]  qlist_free_all+0x9a/0x140
[   58.539204][ T5820]  kasan_quarantine_reduce+0x14f/0x170
[   58.544647][ T5820]  __kasan_slab_alloc+0x23/0x80
[   58.549487][ T5820]  kmem_cache_alloc_noprof+0x1d9/0x380
[   58.554922][ T5820]  getname_flags+0xb7/0x540
[   58.559403][ T5820]  do_sys_openat2+0xd2/0x1d0
[   58.563973][ T5820]  __x64_sys_openat+0x247/0x2a0
[   58.568801][ T5820]  do_syscall_64+0xf3/0x230
[   58.573286][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.579162][ T5820] 
[   58.581464][ T5820] Memory state around the buggy address:
[   58.587070][ T5820]  ffffc90003ad7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.595108][ T5820]  ffffc90003ad7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   58.603151][ T5820] >ffffc90003ad7c80: f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00 00
[   58.611185][ T5820]                             ^
[   58.616007][ T5820]  ffffc90003ad7d00: 00 00 00 00 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00
[   58.624049][ T5820]  ffffc90003ad7d80: 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[   58.632695][ T5820] ==================================================================
[   58.641108][ T5820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   58.648311][ T5820] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor356 Not tainted 6.12.0-syzkaller-12113-gbcc8eda6d349 #0
[   58.659080][ T5820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   58.669128][ T5820] Call Trace:
[   58.672403][ T5820]  <TASK>
[   58.675332][ T5820]  dump_stack_lvl+0x241/0x360
[   58.680005][ T5820]  ? __pfx_dump_stack_lvl+0x10/0x10
[   58.685196][ T5820]  ? __pfx__printk+0x10/0x10
[   58.689778][ T5820]  ? preempt_schedule+0xe1/0xf0
[   58.694621][ T5820]  ? vscnprintf+0x5d/0x90
[   58.698946][ T5820]  panic+0x349/0x880
[   58.702835][ T5820]  ? check_panic_on_warn+0x21/0xb0
[   58.708391][ T5820]  ? __pfx_panic+0x10/0x10
[   58.712799][ T5820]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   58.718771][ T5820]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   58.725088][ T5820]  ? print_report+0x502/0x550
[   58.729756][ T5820]  check_panic_on_warn+0x86/0xb0
[   58.734681][ T5820]  ? iov_iter_revert+0x47f/0x590
[   58.739611][ T5820]  end_report+0x77/0x160
[   58.743845][ T5820]  kasan_report+0x154/0x180
[   58.748337][ T5820]  ? iov_iter_revert+0x47f/0x590
[   58.753266][ T5820]  iov_iter_revert+0x47f/0x590
[   58.758025][ T5820]  fuse_direct_io+0x30b3/0x31f0
[   58.762867][ T5820]  ? __pfx___might_resched+0x10/0x10
[   58.768148][ T5820]  ? generic_write_checks+0x160/0x1c0
[   58.773513][ T5820]  ? __pfx_fuse_direct_io+0x10/0x10
[   58.778701][ T5820]  ? __pfx_generic_write_checks+0x10/0x10
[   58.784427][ T5820]  fuse_file_write_iter+0xae2/0xf70
[   58.789616][ T5820]  ? __pfx_fuse_file_write_iter+0x10/0x10
[   58.795368][ T5820]  do_iter_readv_writev+0x600/0x880
[   58.800562][ T5820]  ? __pfx_do_iter_readv_writev+0x10/0x10
[   58.806271][ T5820]  ? rcu_read_lock_any_held+0xb7/0x160
[   58.811723][ T5820]  vfs_writev+0x376/0xba0
[   58.816043][ T5820]  ? trace_contention_end+0x3c/0x120
[   58.821329][ T5820]  ? __mutex_lock+0x37f/0xee0
[   58.825997][ T5820]  ? __pfx_lock_acquire+0x10/0x10
[   58.831010][ T5820]  ? __pfx_vfs_writev+0x10/0x10
[   58.835855][ T5820]  ? __fget_files+0x2a/0x410
[   58.840435][ T5820]  ? __fget_files+0x395/0x410
[   58.845100][ T5820]  ? __fget_files+0x2a/0x410
[   58.849683][ T5820]  do_writev+0x1b6/0x360
[   58.853918][ T5820]  ? __pfx_do_writev+0x10/0x10
[   58.858671][ T5820]  ? do_syscall_64+0x100/0x230
[   58.863437][ T5820]  do_syscall_64+0xf3/0x230
[   58.867931][ T5820]  ? clear_bhb_loop+0x35/0x90
[   58.872601][ T5820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.878490][ T5820] RIP: 0033:0x7f3f933f31b9
[   58.882894][ T5820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   58.902487][ T5820] RSP: 002b:00007f3f933a7208 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   58.910891][ T5820] RAX: ffffffffffffffda RBX: 00007f3f934783e8 RCX: 00007f3f933f31b9
[   58.918854][ T5820] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000004
[   58.926812][ T5820] RBP: 00007f3f934783e0 R08: 00007f3f933a6fa7 R09: 0000000000000033
[   58.934771][ T5820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3f93445064
[   58.942734][ T5820] R13: 00007f3f933a7210 R14: 0000000000000001 R15: 0030656c69662f2e
[   58.950870][ T5820]  </TASK>
[   58.954117][ T5820] Kernel Offset: disabled
[   58.958426][ T5820] Rebooting in 86400 seconds..