./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1281720751 <...> Warning: Permanently added '10.128.0.225' (ED25519) to the list of known hosts. execve("./syz-executor1281720751", ["./syz-executor1281720751"], 0x7ffd27f7bed0 /* 10 vars */) = 0 brk(NULL) = 0x55556dc9f000 brk(0x55556dc9fd40) = 0x55556dc9fd40 arch_prctl(ARCH_SET_FS, 0x55556dc9f3c0) = 0 set_tid_address(0x55556dc9f690) = 361 set_robust_list(0x55556dc9f6a0, 24) = 0 rseq(0x55556dc9fce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1281720751", 4096) = 28 getrandom("\x6f\x37\xb5\x23\xa8\x01\xdb\x91", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55556dc9fd40 brk(0x55556dcc0d40) = 0x55556dcc0d40 brk(0x55556dcc1000) = 0x55556dcc1000 mprotect(0x7fdbc3bdb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556dc9f690) = 362 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x55556dc9f6a0, 24) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] write(1, "executing program\n", 18executing program ) = 18 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] rt_sigaction(SIGRT_1, {sa_handler=0x7fdbc3b80320, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbc3b72130}, NULL, 8) = 0 [pid 362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3af3000 [pid 362] mprotect(0x7fdbc3af4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3b13990, parent_tid=0x7fdbc3b13990, exit_signal=0, stack=0x7fdbc3af3000, stack_size=0x20300, tls=0x7fdbc3b136c0}./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x7fdbc3b139a0, 24) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] <... clone3 resumed> => {parent_tid=[363]}, 88) = 363 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] <... futex resumed>) = 0 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] mkdir("./file0", 000) = 0 [pid 363] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 363] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 363] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 363] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 0 [pid 363] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 363] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 363] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 363] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [ 100.245280][ T24] audit: type=1400 audit(1734982521.730:66): avc: denied { execmem } for pid=361 comm="syz-executor128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 363] read(3, [pid 362] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 100.280047][ T24] audit: type=1400 audit(1734982521.770:67): avc: denied { read write } for pid=362 comm="syz-executor128" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 100.304496][ T24] audit: type=1400 audit(1734982521.770:68): avc: denied { open } for pid=362 comm="syz-executor128" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 362] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3ad2000 [pid 362] mprotect(0x7fdbc3ad3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3af2990, parent_tid=0x7fdbc3af2990, exit_signal=0, stack=0x7fdbc3ad2000, stack_size=0x20300, tls=0x7fdbc3af26c0} => {parent_tid=[365]}, 88) = 365 [pid 362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 362] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x7fdbc3af29a0, 24) = 0 [pid 365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 365] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 365] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... futex resumed>) = 1 [pid 365] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 365] write(4, "13", 2) = 2 [pid 365] creat("./file0/file0", 000 [pid 363] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x6d\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 363] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 363] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.328309][ T24] audit: type=1400 audit(1734982521.770:69): avc: denied { mounton } for pid=362 comm="syz-executor128" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 100.351521][ T24] audit: type=1400 audit(1734982521.770:70): avc: denied { mount } for pid=362 comm="syz-executor128" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 100.358690][ T365] FAULT_INJECTION: forcing a failure. [ 100.358690][ T365] name failslab, interval 1, probability 0, space 0, times 1 [ 100.390378][ T365] CPU: 1 PID: 365 Comm: syz-executor128 Not tainted 5.10.231-syzkaller-00700-g4055d754db6f #0 [ 100.400342][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 100.410243][ T365] Call Trace: [ 100.413388][ T365] dump_stack_lvl+0x1e2/0x24b [ 100.417892][ T365] ? bfq_pos_tree_add_move+0x43b/0x43b [ 100.423301][ T365] dump_stack+0x15/0x17 [ 100.427265][ T365] should_fail+0x3c6/0x510 [ 100.431538][ T365] ? fuse_file_alloc+0x54/0x250 [ 100.436205][ T365] __should_failslab+0xa4/0xe0 [ 100.440827][ T365] should_failslab+0x9/0x20 [ 100.445326][ T365] kmem_cache_alloc_trace+0x3a/0x2e0 [ 100.450624][ T365] fuse_file_alloc+0x54/0x250 [ 100.455136][ T365] fuse_atomic_open+0x5ca/0x34e0 [ 100.459911][ T365] ? fuse_rename2+0x4aa0/0x4aa0 [ 100.464988][ T365] ? __kasan_check_write+0x14/0x20 [ 100.469928][ T365] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 100.475230][ T365] ? avc_compute_av+0x4cc/0x690 [ 100.479919][ T365] ? may_create+0x65a/0x900 [ 100.484249][ T365] ? show_sid+0x250/0x250 [ 100.488429][ T365] ? d_hash_and_lookup+0x1e0/0x1e0 [ 100.493354][ T365] ? from_kgid+0x1a3/0x730 [ 100.497613][ T365] ? selinux_inode_create+0x22/0x30 [ 100.502647][ T365] ? security_inode_create+0xbc/0x100 [ 100.507850][ T365] ? fuse_rename2+0x4aa0/0x4aa0 [ 100.512540][ T365] path_openat+0xff0/0x3000 [ 100.516895][ T365] ? do_filp_open+0x460/0x460 [ 100.521402][ T365] do_filp_open+0x21c/0x460 [ 100.525735][ T365] ? vfs_tmpfile+0x2b0/0x2b0 [ 100.530171][ T365] ? get_unused_fd_flags+0x94/0xa0 [ 100.535108][ T365] do_sys_openat2+0x13f/0x710 [ 100.539626][ T365] ? do_sys_open+0x220/0x220 [ 100.544053][ T365] ? ptrace_notify+0x24c/0x350 [ 100.548650][ T365] ? do_notify_parent+0xa10/0xa10 [ 100.553508][ T365] __x64_sys_creat+0x11f/0x160 [ 100.558111][ T365] ? __x32_compat_sys_openat+0x290/0x290 [ 100.563585][ T365] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 100.569395][ T365] do_syscall_64+0x34/0x70 [ 100.573643][ T365] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 100.579365][ T365] RIP: 0033:0x7fdbc3b5a899 [ 100.583621][ T365] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 100.603067][ T365] RSP: 002b:00007fdbc3af2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 100.611311][ T365] RAX: ffffffffffffffda RBX: 00007fdbc3be1418 RCX: 00007fdbc3b5a899 [ 100.619138][ T365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 100.626934][ T365] RBP: 00007fdbc3be1410 R08: 00007fdbc3af1fa6 R09: 0000000000003331 [ 100.634755][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbc3bae344 [pid 363] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 365] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 362] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 362] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = 0 [pid 362] <... futex resumed>) = 1 [pid 363] read(3, [pid 362] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.642568][ T365] R13: 00007fdbc3af2210 R14: 0000000000000002 R15: 2f30656c69662f2e [pid 365] futex(0x7fdbc3be1418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 362] exit_group(0 [pid 365] <... futex resumed>) = ? [pid 363] <... read resumed> ) = ? [pid 362] <... exit_group resumed>) = ? [pid 365] +++ exited with 0 +++ [pid 363] +++ exited with 0 +++ [pid 362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 367 attached , child_tidptr=0x55556dc9f690) = 367 [pid 367] set_robust_list(0x55556dc9f6a0, 24) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3executing program ) = 0 [pid 367] write(1, "executing program\n", 18) = 18 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] rt_sigaction(SIGRT_1, {sa_handler=0x7fdbc3b80320, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbc3b72130}, NULL, 8) = 0 [pid 367] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3af3000 [pid 367] mprotect(0x7fdbc3af4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3b13990, parent_tid=0x7fdbc3b13990, exit_signal=0, stack=0x7fdbc3af3000, stack_size=0x20300, tls=0x7fdbc3b136c0} => {parent_tid=[368]}, 88) = 368 [pid 367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x7fdbc3b139a0, 24) = 0 [pid 368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 368] mkdir("./file0", 000) = -1 EEXIST (File exists) [pid 368] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 368] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 368] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] read(3, "\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 368] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 1 [pid 368] read(3, [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 367] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3ad2000 [pid 367] mprotect(0x7fdbc3ad3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 367] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3af2990, parent_tid=0x7fdbc3af2990, exit_signal=0, stack=0x7fdbc3ad2000, stack_size=0x20300, tls=0x7fdbc3af26c0}./strace-static-x86_64: Process 369 attached => {parent_tid=[369]}, 88) = 369 [pid 369] set_robust_list(0x7fdbc3af29a0, 24 [pid 367] rt_sigprocmask(SIG_SETMASK, [], [pid 369] <... set_robust_list resumed>) = 0 [pid 367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 369] rt_sigprocmask(SIG_SETMASK, [], [pid 367] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 367] <... futex resumed>) = 0 [pid 369] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80 [pid 367] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... write resumed>) = 80 [pid 369] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 367] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 369] <... openat resumed>) = 4 [pid 369] write(4, "13", 2) = 2 [ 100.856320][ T24] audit: type=1400 audit(1734982522.340:71): avc: denied { mounton } for pid=367 comm="syz-executor128" path="/root/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 369] creat("./file0/file0", 000 [pid 368] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x71\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 368] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 368] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.916768][ T369] FAULT_INJECTION: forcing a failure. [ 100.916768][ T369] name failslab, interval 1, probability 0, space 0, times 0 [ 100.929367][ T369] CPU: 1 PID: 369 Comm: syz-executor128 Not tainted 5.10.231-syzkaller-00700-g4055d754db6f #0 [ 100.939459][ T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 100.949350][ T369] Call Trace: [ 100.952495][ T369] dump_stack_lvl+0x1e2/0x24b [ 100.957034][ T369] ? bfq_pos_tree_add_move+0x43b/0x43b [ 100.962306][ T369] ? unwind_get_return_address+0x4d/0x90 [ 100.967774][ T369] dump_stack+0x15/0x17 [ 100.971845][ T369] should_fail+0x3c6/0x510 [ 100.976097][ T369] ? fuse_get_req+0x3b3/0xa80 [ 100.980613][ T369] __should_failslab+0xa4/0xe0 [ 100.985215][ T369] should_failslab+0x9/0x20 [ 100.989556][ T369] kmem_cache_alloc+0x3d/0x2e0 [ 100.994169][ T369] fuse_get_req+0x3b3/0xa80 [ 100.998515][ T369] ? ____kasan_kmalloc+0xed/0x110 [ 101.003367][ T369] ? fuse_simple_request+0x1a10/0x1a10 [ 101.008656][ T369] ? fuse_file_alloc+0xb1/0x250 [ 101.013338][ T369] ? fuse_atomic_open+0x5ca/0x34e0 [ 101.018432][ T369] ? path_openat+0xff0/0x3000 [ 101.022944][ T369] ? do_filp_open+0x21c/0x460 [ 101.027446][ T369] ? do_sys_openat2+0x13f/0x710 [ 101.032134][ T369] ? __x64_sys_creat+0x11f/0x160 [ 101.036904][ T369] ? do_syscall_64+0x34/0x70 [ 101.041334][ T369] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.047329][ T369] fuse_simple_request+0x124/0x1a10 [ 101.052358][ T369] ? fuse_put_request+0x2d0/0x2d0 [ 101.057233][ T369] fuse_atomic_open+0xd0e/0x34e0 [ 101.061996][ T369] ? fuse_rename2+0x4aa0/0x4aa0 [ 101.066716][ T369] ? may_create+0x65a/0x900 [ 101.071020][ T369] ? show_sid+0x250/0x250 [ 101.075190][ T369] ? d_hash_and_lookup+0x1e0/0x1e0 [ 101.080136][ T369] ? from_kgid+0x1a3/0x730 [ 101.084388][ T369] ? selinux_inode_create+0x22/0x30 [ 101.089440][ T369] ? security_inode_create+0xbc/0x100 [ 101.094625][ T369] ? fuse_rename2+0x4aa0/0x4aa0 [ 101.099314][ T369] path_openat+0xff0/0x3000 [ 101.103666][ T369] ? do_filp_open+0x460/0x460 [ 101.108177][ T369] do_filp_open+0x21c/0x460 [ 101.112508][ T369] ? vfs_tmpfile+0x2b0/0x2b0 [ 101.116948][ T369] ? get_unused_fd_flags+0x94/0xa0 [ 101.121879][ T369] do_sys_openat2+0x13f/0x710 [ 101.126407][ T369] ? do_sys_open+0x220/0x220 [ 101.130825][ T369] ? ptrace_notify+0x24c/0x350 [ 101.135430][ T369] ? do_notify_parent+0xa10/0xa10 [ 101.140287][ T369] __x64_sys_creat+0x11f/0x160 [ 101.144892][ T369] ? __x32_compat_sys_openat+0x290/0x290 [ 101.150360][ T369] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 101.156169][ T369] do_syscall_64+0x34/0x70 [ 101.160443][ T369] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.166150][ T369] RIP: 0033:0x7fdbc3b5a899 [ 101.170417][ T369] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 101.189928][ T369] RSP: 002b:00007fdbc3af2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 101.198183][ T369] RAX: ffffffffffffffda RBX: 00007fdbc3be1418 RCX: 00007fdbc3b5a899 [ 101.205985][ T369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [pid 368] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] <... creat resumed>) = -1 ENOMEM (Cannot allocate memory) [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 369] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 1 [pid 369] futex(0x7fdbc3be1418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... futex resumed>) = 0 [ 101.213903][ T369] RBP: 00007fdbc3be1410 R08: 00007fdbc3af1fa6 R09: 0000000000003331 [ 101.221714][ T369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbc3bae344 [ 101.229525][ T369] R13: 00007fdbc3af2210 R14: 0000000000000002 R15: 2f30656c69662f2e [pid 368] read(3, [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 367] exit_group(0 [pid 369] <... futex resumed>) = ? [pid 369] +++ exited with 0 +++ [pid 367] <... exit_group resumed>) = ? [pid 368] <... read resumed> ) = ? [pid 368] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x55556dc9f6a0, 24) = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 361] <... clone resumed>, child_tidptr=0x55556dc9f690) = 370 [pid 370] <... openat resumed>) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 executing program [pid 370] write(1, "executing program\n", 18) = 18 [pid 370] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] rt_sigaction(SIGRT_1, {sa_handler=0x7fdbc3b80320, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbc3b72130}, NULL, 8) = 0 [pid 370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3af3000 [pid 370] mprotect(0x7fdbc3af4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3b13990, parent_tid=0x7fdbc3b13990, exit_signal=0, stack=0x7fdbc3af3000, stack_size=0x20300, tls=0x7fdbc3b136c0}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7fdbc3b139a0, 24) = 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], [pid 370] <... clone3 resumed> => {parent_tid=[371]}, 88) = 371 [pid 371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 371] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] mkdir("./file0", 000) = -1 EEXIST (File exists) [pid 371] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] <... futex resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/fuse", O_RDWR) = 3 [pid 371] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 370] <... futex resumed>) = 1 [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 371] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] read(3, [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... read resumed>"\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 370] <... futex resumed>) = 0 [pid 371] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 370] <... futex resumed>) = 1 [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] read(3, [pid 370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 370] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3ad2000 [pid 370] mprotect(0x7fdbc3ad3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3af2990, parent_tid=0x7fdbc3af2990, exit_signal=0, stack=0x7fdbc3ad2000, stack_size=0x20300, tls=0x7fdbc3af26c0}./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7fdbc3af29a0, 24 [pid 370] <... clone3 resumed> => {parent_tid=[372]}, 88) = 372 [pid 372] <... set_robust_list resumed>) = 0 [pid 370] rt_sigprocmask(SIG_SETMASK, [], [pid 372] rt_sigprocmask(SIG_SETMASK, [], [pid 370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 370] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 372] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 372] futex(0x7fdbc3be1418, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 372] write(4, "13", 2) = 2 [pid 372] creat("./file0/file0", 000 [pid 371] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x74\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 371] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 371] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 371] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 370] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 370] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 370] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... futex resumed>) = 0 [pid 370] <... futex resumed>) = 1 [pid 371] read(3, [ 101.500140][ T372] FAULT_INJECTION: forcing a failure. [ 101.500140][ T372] name failslab, interval 1, probability 0, space 0, times 0 [ 101.512854][ T372] CPU: 0 PID: 372 Comm: syz-executor128 Not tainted 5.10.231-syzkaller-00700-g4055d754db6f #0 [ 101.522915][ T372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 101.532802][ T372] Call Trace: [ 101.535948][ T372] dump_stack_lvl+0x1e2/0x24b [ 101.540461][ T372] ? bfq_pos_tree_add_move+0x43b/0x43b [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 370] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 101.545760][ T372] ? unwind_get_return_address+0x4d/0x90 [ 101.551251][ T372] dump_stack+0x15/0x17 [ 101.555213][ T372] should_fail+0x3c6/0x510 [ 101.559468][ T372] ? fuse_get_req+0x3b3/0xa80 [ 101.563981][ T372] __should_failslab+0xa4/0xe0 [ 101.568583][ T372] should_failslab+0x9/0x20 [ 101.572925][ T372] kmem_cache_alloc+0x3d/0x2e0 [ 101.577522][ T372] ? stack_trace_snprint+0xf0/0xf0 [ 101.582470][ T372] fuse_get_req+0x3b3/0xa80 [ 101.586808][ T372] ? fuse_file_alloc+0xb1/0x250 [ 101.591496][ T372] ? ____kasan_kmalloc+0xed/0x110 [ 101.596355][ T372] ? fuse_simple_request+0x1a10/0x1a10 [ 101.601650][ T372] ? fuse_file_alloc+0xb1/0x250 [ 101.606350][ T372] ? fuse_atomic_open+0x5ca/0x34e0 [ 101.611297][ T372] ? path_openat+0xff0/0x3000 [ 101.615801][ T372] ? do_filp_open+0x21c/0x460 [ 101.620311][ T372] ? do_sys_openat2+0x13f/0x710 [ 101.624998][ T372] ? __x64_sys_creat+0x11f/0x160 [ 101.629787][ T372] ? do_syscall_64+0x34/0x70 [ 101.634204][ T372] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.640122][ T372] fuse_simple_request+0x124/0x1a10 [ 101.645183][ T372] ? fuse_put_request+0x2d0/0x2d0 [ 101.650013][ T372] fuse_atomic_open+0xd0e/0x34e0 [ 101.654781][ T372] ? fuse_rename2+0x4aa0/0x4aa0 [ 101.659531][ T372] ? may_create+0x65a/0x900 [ 101.663803][ T372] ? show_sid+0x250/0x250 [ 101.667979][ T372] ? d_hash_and_lookup+0x1e0/0x1e0 [ 101.672914][ T372] ? from_kgid+0x1a3/0x730 [ 101.677181][ T372] ? selinux_inode_create+0x22/0x30 [ 101.682207][ T372] ? security_inode_create+0xbc/0x100 [ 101.687411][ T372] ? fuse_rename2+0x4aa0/0x4aa0 [ 101.692101][ T372] path_openat+0xff0/0x3000 [ 101.696465][ T372] ? do_filp_open+0x460/0x460 [pid 370] exit_group(0 [pid 371] <... read resumed> ) = ? [pid 370] <... exit_group resumed>) = ? [pid 371] +++ exited with 0 +++ [ 101.700959][ T372] do_filp_open+0x21c/0x460 [ 101.705293][ T372] ? vfs_tmpfile+0x2b0/0x2b0 [ 101.709733][ T372] ? get_unused_fd_flags+0x94/0xa0 [ 101.714670][ T372] do_sys_openat2+0x13f/0x710 [ 101.719183][ T372] ? do_sys_open+0x220/0x220 [ 101.723625][ T372] ? ptrace_notify+0x24c/0x350 [ 101.728214][ T372] ? do_notify_parent+0xa10/0xa10 [ 101.733069][ T372] __x64_sys_creat+0x11f/0x160 [ 101.737666][ T372] ? __x32_compat_sys_openat+0x290/0x290 [ 101.743154][ T372] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 101.748968][ T372] do_syscall_64+0x34/0x70 [ 101.753211][ T372] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.758928][ T372] RIP: 0033:0x7fdbc3b5a899 [ 101.763183][ T372] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 101.782636][ T372] RSP: 002b:00007fdbc3af2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 101.790887][ T372] RAX: ffffffffffffffda RBX: 00007fdbc3be1418 RCX: 00007fdbc3b5a899 [pid 372] <... creat resumed>) = ? [pid 372] +++ exited with 0 +++ [pid 370] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=370, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x55556dc9f6a0, 24) = 0 [pid 374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 374] setpgid(0, 0 [pid 361] <... clone resumed>, child_tidptr=0x55556dc9f690) = 374 [pid 374] <... setpgid resumed>) = 0 [pid 374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 374] write(3, "1000", 4) = 4 [pid 374] close(3executing program ) = 0 [pid 374] write(1, "executing program\n", 18) = 18 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] rt_sigaction(SIGRT_1, {sa_handler=0x7fdbc3b80320, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdbc3b72130}, NULL, 8) = 0 [pid 374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3af3000 [pid 374] mprotect(0x7fdbc3af4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3b13990, parent_tid=0x7fdbc3b13990, exit_signal=0, stack=0x7fdbc3af3000, stack_size=0x20300, tls=0x7fdbc3b136c0}./strace-static-x86_64: Process 375 attached => {parent_tid=[375]}, 88) = 375 [pid 375] set_robust_list(0x7fdbc3b139a0, 24 [pid 374] rt_sigprocmask(SIG_SETMASK, [], [pid 375] <... set_robust_list resumed>) = 0 [pid 374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 375] rt_sigprocmask(SIG_SETMASK, [], [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] mkdir("./file0", 000) = -1 EEXIST (File exists) [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = 1 [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] openat(AT_FDCWD, "/dev/fuse", O_RDWR [pid 374] <... futex resumed>) = 0 [pid 375] <... openat resumed>) = 3 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"... [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... mount resumed>) = 0 [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 375] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] <... futex resumed>) = 0 [pid 375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] read(3, [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... read resumed>"\x38\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x20\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x83", 8224) = 56 [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 375] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] <... futex resumed>) = 0 [ 101.798699][ T372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 101.806504][ T372] RBP: 00007fdbc3be1410 R08: 00007fdbc3af1fa6 R09: 0000000000003331 [ 101.814322][ T372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbc3bae344 [ 101.822221][ T372] R13: 00007fdbc3af2210 R14: 0000000000000002 R15: 2f30656c69662f2e [pid 375] read(3, [pid 374] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 374] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdbc3ad2000 [pid 374] mprotect(0x7fdbc3ad3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fdbc3af2990, parent_tid=0x7fdbc3af2990, exit_signal=0, stack=0x7fdbc3ad2000, stack_size=0x20300, tls=0x7fdbc3af26c0} => {parent_tid=[376]}, 88) = 376 [pid 374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 374] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 376 attached [pid 376] set_robust_list(0x7fdbc3af29a0, 24) = 0 [pid 376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 376] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 376] futex(0x7fdbc3be141c, FUTEX_WAKE_PRIVATE, 1000000 [pid 374] <... futex resumed>) = 0 [pid 374] futex(0x7fdbc3be1418, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... futex resumed>) = 1 [pid 376] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4 [pid 376] write(4, "13", 2) = 2 [pid 376] creat("./file0/file0", 000 [pid 375] <... read resumed>"\x2e\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x01\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 46 [pid 375] write(3, "\x90\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 144) = 144 [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 375] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 374] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 374] futex(0x7fdbc3be141c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 374] futex(0x7fdbc3be1408, FUTEX_WAKE_PRIVATE, 1000000 [pid 375] <... futex resumed>) = 0 [pid 374] <... futex resumed>) = 1 [pid 374] futex(0x7fdbc3be140c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 375] read(3, "\x3e\x00\x00\x00\x23\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x01\x00\x00\x00\x00\x00\x00\x41\x82\x00\x00\x00\x80\x00\x00\x3f\x00\x00\x00\x00\x00\x00\x00\x66\x69\x6c\x65\x30\x00", 8192) = 62 [pid 375] write(3, "\xa0\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x04\x00\x00\x00\xfc\xff\xff\xff\xff\xff\xff\xff\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xfc\xff\xff\xff"..., 160) = 160 [pid 375] futex(0x7fdbc3be140c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [ 101.955205][ T376] FAULT_INJECTION: forcing a failure. [ 101.955205][ T376] name failslab, interval 1, probability 0, space 0, times 0 [ 101.967792][ T376] CPU: 1 PID: 376 Comm: syz-executor128 Not tainted 5.10.231-syzkaller-00700-g4055d754db6f #0 [ 101.977883][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 101.987746][ T376] Call Trace: [ 101.990894][ T376] dump_stack_lvl+0x1e2/0x24b [ 101.995399][ T376] ? panic+0x812/0x812 [ 101.999303][ T376] ? bfq_pos_tree_add_move+0x43b/0x43b [ 102.004616][ T376] ? find_inode+0x37e/0x430 [ 102.008943][ T376] dump_stack+0x15/0x17 [ 102.012934][ T376] should_fail+0x3c6/0x510 [ 102.017187][ T376] ? fuse_alloc_inode+0x23/0x210 [ 102.021981][ T376] __should_failslab+0xa4/0xe0 [ 102.026656][ T376] should_failslab+0x9/0x20 [ 102.031002][ T376] kmem_cache_alloc+0x3d/0x2e0 [ 102.035605][ T376] ? sanitize_global_limit+0x140/0x140 [ 102.040893][ T376] ? fuse_iget+0x820/0x820 [ 102.045146][ T376] ? fuse_inode_eq+0x80/0x80 [ 102.049571][ T376] fuse_alloc_inode+0x23/0x210 [pid 375] futex(0x7fdbc3be1408, FUTEX_WAIT_PRIVATE, 0, NULL [pid 374] exit_group(0 [pid 375] <... futex resumed>) = ? [pid 374] <... exit_group resumed>) = ? [pid 375] +++ exited with 0 +++ [ 102.054265][ T376] ? sanitize_global_limit+0x140/0x140 [ 102.059547][ T376] ? fuse_iget+0x820/0x820 [ 102.064271][ T376] ? fuse_inode_eq+0x80/0x80 [ 102.069199][ T376] iget5_locked+0xba/0x280 [ 102.073452][ T376] ? fuse_inode_eq+0x80/0x80 [ 102.077880][ T376] fuse_iget+0x28c/0x820 [ 102.081982][ T376] ? fuse_init_inode+0x310/0x310 [ 102.086840][ T376] ? fuse_passthrough_setup+0x93/0x190 [ 102.092121][ T376] fuse_atomic_open+0xf90/0x34e0 [ 102.097330][ T376] ? fuse_rename2+0x4aa0/0x4aa0 [ 102.102045][ T376] ? may_create+0x65a/0x900 [ 102.106352][ T376] ? show_sid+0x250/0x250 [ 102.110770][ T376] ? d_hash_and_lookup+0x1e0/0x1e0 [ 102.115712][ T376] ? from_kgid+0x1a3/0x730 [ 102.119976][ T376] ? selinux_inode_create+0x22/0x30 [ 102.125125][ T376] ? security_inode_create+0xbc/0x100 [ 102.130847][ T376] ? fuse_rename2+0x4aa0/0x4aa0 [ 102.135534][ T376] path_openat+0xff0/0x3000 [ 102.139888][ T376] ? do_filp_open+0x460/0x460 [ 102.144401][ T376] do_filp_open+0x21c/0x460 [ 102.148847][ T376] ? vfs_tmpfile+0x2b0/0x2b0 [ 102.153275][ T376] ? get_unused_fd_flags+0x94/0xa0 [ 102.158212][ T376] do_sys_openat2+0x13f/0x710 [ 102.162729][ T376] ? do_sys_open+0x220/0x220 [ 102.167179][ T376] ? ptrace_notify+0x24c/0x350 [ 102.171925][ T376] ? do_notify_parent+0xa10/0xa10 [ 102.176780][ T376] __x64_sys_creat+0x11f/0x160 [ 102.181384][ T376] ? __x32_compat_sys_openat+0x290/0x290 [ 102.186861][ T376] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 102.192668][ T376] do_syscall_64+0x34/0x70 [ 102.196929][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 102.202638][ T376] RIP: 0033:0x7fdbc3b5a899 [ 102.206911][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 102.226706][ T376] RSP: 002b:00007fdbc3af2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 102.235098][ T376] RAX: ffffffffffffffda RBX: 00007fdbc3be1418 RCX: 00007fdbc3b5a899 [ 102.242990][ T376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 102.250801][ T376] RBP: 00007fdbc3be1410 R08: 00007fdbc3af1fa6 R09: 0000000000003331 [ 102.258620][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbc3bae344 [ 102.266444][ T376] R13: 00007fdbc3af2210 R14: 0000000000000002 R15: 2f30656c69662f2e [ 102.274454][ T376] general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN [ 102.286287][ T376] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 102.294546][ T376] CPU: 1 PID: 376 Comm: syz-executor128 Not tainted 5.10.231-syzkaller-00700-g4055d754db6f #0 [ 102.304594][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 102.314507][ T376] RIP: 0010:fuse_file_put+0x11b/0x2420 [ 102.319795][ T376] Code: f0 41 0f c1 5e 28 bf 01 00 00 00 89 de e8 2d 78 6b ff 83 fb 01 0f 85 e4 00 00 00 4c 89 e9 4d 8d 6c 24 28 4c 89 e8 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 ef e8 d7 0f a9 ff 4c 8d bc 24 c0 00 00 00 [ 102.339277][ T376] RSP: 0018:ffffc90000b56f40 EFLAGS: 00010206 [ 102.345155][ T376] RAX: 0000000000000005 RBX: 0000000000000001 RCX: dffffc0000000000 [ 102.352948][ T376] RDX: ffff88811d10cf00 RSI: 0000000000000001 RDI: 0000000000000001 [ 102.360760][ T376] RBP: ffffc90000b572e0 R08: ffffffff81ff4a03 R09: ffffed1021bdae86 [ 102.368608][ T376] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 102.376383][ T376] R13: 0000000000000028 R14: ffff88810ded7400 R15: ffff88810ded7428 [ 102.384215][ T376] FS: 00007fdbc3af26c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 102.392979][ T376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.399401][ T376] CR2: 0000000020009000 CR3: 000000010adb2000 CR4: 00000000003506a0 [ 102.407212][ T376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 102.415032][ T376] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 102.422823][ T376] Call Trace: [ 102.425973][ T376] ? __die_body+0x62/0xb0 [ 102.430136][ T376] ? die_addr+0x9f/0xd0 [ 102.434134][ T376] ? exc_general_protection+0x3ff/0x490 [ 102.439523][ T376] ? preempt_schedule_irq+0xe7/0x140 [ 102.444635][ T376] ? asm_exc_general_protection+0x1e/0x30 [ 102.450192][ T376] ? fuse_file_put+0x103/0x2420 [ 102.454885][ T376] ? fuse_file_put+0x11b/0x2420 [ 102.459567][ T376] ? dump_stack_lvl+0x1f3/0x24b [ 102.464250][ T376] ? dump_stack_lvl+0x211/0x24b [ 102.468935][ T376] ? fuse_lock_owner_id+0x160/0x160 [ 102.473983][ T376] ? bfq_pos_tree_add_move+0x43b/0x43b [ 102.479274][ T376] ? find_inode+0x37e/0x430 [ 102.483612][ T376] ? __kasan_check_write+0x14/0x20 [ 102.488561][ T376] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 102.493857][ T376] ? _raw_spin_lock+0x1b0/0x1b0 [ 102.498539][ T376] ? __should_failslab+0xa4/0xe0 [ 102.503313][ T376] ? should_failslab+0x9/0x20 [ 102.507826][ T376] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 102.513457][ T376] ? __wake_up+0x120/0x1c0 [ 102.517725][ T376] ? fuse_iget+0x820/0x820 [ 102.521973][ T376] ? remove_wait_queue+0x140/0x140 [ 102.526930][ T376] ? _raw_spin_trylock_bh+0x190/0x190 [ 102.532135][ T376] ? fuse_iget+0x4cc/0x820 [ 102.536384][ T376] ? fuse_prepare_release+0x222/0x400 [ 102.541595][ T376] fuse_sync_release+0x81/0xb0 [ 102.546193][ T376] fuse_atomic_open+0x2914/0x34e0 [ 102.551054][ T376] ? fuse_rename2+0x4aa0/0x4aa0 [ 102.555782][ T376] ? may_create+0x65a/0x900 [ 102.560079][ T376] ? show_sid+0x250/0x250 [ 102.564256][ T376] ? d_hash_and_lookup+0x1e0/0x1e0 [ 102.569190][ T376] ? from_kgid+0x1a3/0x730 [ 102.573450][ T376] ? selinux_inode_create+0x22/0x30 [ 102.578481][ T376] ? security_inode_create+0xbc/0x100 [ 102.583681][ T376] ? fuse_rename2+0x4aa0/0x4aa0 [ 102.588371][ T376] path_openat+0xff0/0x3000 [ 102.592730][ T376] ? do_filp_open+0x460/0x460 [ 102.597322][ T376] do_filp_open+0x21c/0x460 [ 102.601657][ T376] ? vfs_tmpfile+0x2b0/0x2b0 [ 102.606105][ T376] ? get_unused_fd_flags+0x94/0xa0 [ 102.611026][ T376] do_sys_openat2+0x13f/0x710 [ 102.615541][ T376] ? do_sys_open+0x220/0x220 [ 102.619969][ T376] ? ptrace_notify+0x24c/0x350 [ 102.624574][ T376] ? do_notify_parent+0xa10/0xa10 [ 102.629512][ T376] __x64_sys_creat+0x11f/0x160 [ 102.634113][ T376] ? __x32_compat_sys_openat+0x290/0x290 [ 102.639590][ T376] ? syscall_enter_from_user_mode+0x57/0x1a0 [ 102.645402][ T376] do_syscall_64+0x34/0x70 [ 102.649654][ T376] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 102.655374][ T376] RIP: 0033:0x7fdbc3b5a899 [ 102.659636][ T376] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 102.679070][ T376] RSP: 002b:00007fdbc3af2208 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 102.687314][ T376] RAX: ffffffffffffffda RBX: 00007fdbc3be1418 RCX: 00007fdbc3b5a899 [ 102.695138][ T376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000180 [ 102.702943][ T376] RBP: 00007fdbc3be1410 R08: 00007fdbc3af1fa6 R09: 0000000000003331 [ 102.710751][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdbc3bae344 [ 102.718561][ T376] R13: 00007fdbc3af2210 R14: 0000000000000002 R15: 2f30656c69662f2e [ 102.726373][ T376] Modules linked in: [ 102.730473][ T376] ---[ end trace 4863381ce0ac8e40 ]--- [ 102.735860][ T376] RIP: 0010:fuse_file_put+0x11b/0x2420 [ 102.741783][ T376] Code: f0 41 0f c1 5e 28 bf 01 00 00 00 89 de e8 2d 78 6b ff 83 fb 01 0f 85 e4 00 00 00 4c 89 e9 4d 8d 6c 24 28 4c 89 e8 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 ef e8 d7 0f a9 ff 4c 8d bc 24 c0 00 00 00 [ 102.761340][ T376] RSP: 0018:ffffc90000b56f40 EFLAGS: 00010206 [ 102.767249][ T376] RAX: 0000000000000005 RBX: 0000000000000001 RCX: dffffc0000000000 [ 102.775121][ T376] RDX: ffff88811d10cf00 RSI: 0000000000000001 RDI: 0000000000000001 [ 102.782925][ T376] RBP: ffffc90000b572e0 R08: ffffffff81ff4a03 R09: ffffed1021bdae86 [ 102.790721][ T376] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 102.798516][ T376] R13: 0000000000000028 R14: ffff88810ded7400 R15: ffff88810ded7428 [ 102.806409][ T376] FS: 00007fdbc3af26c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 102.815200][ T376] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.821614][ T376] CR2: 000055c3882f7088 CR3: 000000010adb2000 CR4: 00000000003506a0 [ 102.829483][ T376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 102.837318][ T376] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 102.845203][ T376] Kernel panic - not syncing: Fatal exception [ 102.851244][ T376] Kernel Offset: disabled [ 102.855398][ T376] Rebooting in 86400 seconds..