last executing test programs: 3.299551452s ago: executing program 0 (id=120): getrusage(0x0, &(0x7f0000000000)) 3.198242115s ago: executing program 1 (id=121): link(&(0x7f0000000000), &(0x7f0000000000)) 2.739700038s ago: executing program 1 (id=122): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/access', 0x2, 0x0) 2.582174463s ago: executing program 0 (id=123): personality(0x0) 2.050574549s ago: executing program 0 (id=124): sched_setscheduler(0x0, 0x0, &(0x7f0000000000)) 1.933670062s ago: executing program 1 (id=125): munmap(0x0, 0x0) 1.35987824s ago: executing program 1 (id=126): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36', 0x2, 0x0) 1.32043982s ago: executing program 0 (id=127): futex_waitv(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0) 679.980039ms ago: executing program 0 (id=128): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/context', 0x2, 0x0) 679.403409ms ago: executing program 1 (id=129): rename(&(0x7f0000000000), &(0x7f0000000000)) 71.561708ms ago: executing program 0 (id=130): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/netlabel', 0x2, 0x0) 0s ago: executing program 1 (id=131): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:54119' (ED25519) to the list of known hosts. [ 247.909473][ T29] audit: type=1400 audit(247.250:58): avc: denied { name_bind } for pid=3275 comm="sshd" src=30005 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 248.760195][ T29] audit: type=1400 audit(248.100:59): avc: denied { execute } for pid=3277 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 248.770648][ T29] audit: type=1400 audit(248.110:60): avc: denied { execute_no_trans } for pid=3277 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 255.672904][ T29] audit: type=1400 audit(255.010:61): avc: denied { mounton } for pid=3277 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 255.697732][ T29] audit: type=1400 audit(255.030:62): avc: denied { mount } for pid=3277 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 255.758428][ T3277] cgroup: Unknown subsys name 'net' [ 255.798868][ T29] audit: type=1400 audit(255.130:63): avc: denied { unmount } for pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 256.262596][ T3277] cgroup: Unknown subsys name 'cpuset' [ 256.328670][ T3277] cgroup: Unknown subsys name 'rlimit' [ 256.898840][ T29] audit: type=1400 audit(256.230:64): avc: denied { setattr } for pid=3277 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 256.912355][ T29] audit: type=1400 audit(256.240:65): avc: denied { create } for pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 256.920513][ T29] audit: type=1400 audit(256.250:66): avc: denied { write } for pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 256.922355][ T29] audit: type=1400 audit(256.260:67): avc: denied { module_request } for pid=3277 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 257.277265][ T29] audit: type=1400 audit(256.610:68): avc: denied { read } for pid=3277 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 257.321225][ T29] audit: type=1400 audit(256.660:69): avc: denied { mounton } for pid=3277 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 257.329904][ T29] audit: type=1400 audit(256.660:70): avc: denied { mount } for pid=3277 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 258.031205][ T3280] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 258.222436][ T3277] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 273.645986][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 273.646228][ T29] audit: type=1400 audit(272.980:75): avc: denied { execmem } for pid=3281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 273.823347][ T29] audit: type=1400 audit(273.160:76): avc: denied { read } for pid=3283 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 273.828887][ T29] audit: type=1400 audit(273.170:77): avc: denied { open } for pid=3283 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 273.856463][ T29] audit: type=1400 audit(273.190:78): avc: denied { mounton } for pid=3283 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 275.107219][ T29] audit: type=1400 audit(274.440:79): avc: denied { mount } for pid=3284 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 275.128987][ T29] audit: type=1400 audit(274.470:80): avc: denied { mounton } for pid=3284 comm="syz-executor" path="/syzkaller.aY7gg6/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 275.156736][ T29] audit: type=1400 audit(274.490:81): avc: denied { mount } for pid=3283 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 275.206340][ T29] audit: type=1400 audit(274.550:82): avc: denied { mounton } for pid=3283 comm="syz-executor" path="/syzkaller.aOMK8s/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 275.228334][ T29] audit: type=1400 audit(274.560:83): avc: denied { mounton } for pid=3284 comm="syz-executor" path="/syzkaller.aY7gg6/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 275.273023][ T29] audit: type=1400 audit(274.610:84): avc: denied { unmount } for pid=3283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 279.023522][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 279.023732][ T29] audit: type=1400 audit(278.340:97): avc: denied { read } for pid=3303 comm="syz.1.16" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 279.028774][ T29] audit: type=1400 audit(278.360:98): avc: denied { open } for pid=3303 comm="syz.1.16" path="/dev/raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 279.078338][ T29] audit: type=1400 audit(278.380:99): avc: denied { write } for pid=3303 comm="syz.1.16" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 280.829905][ T29] audit: type=1400 audit(280.170:100): avc: denied { create } for pid=3314 comm="syz.0.26" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 281.173811][ T29] audit: type=1400 audit(280.510:101): avc: denied { create } for pid=3315 comm="syz.1.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 284.777107][ T29] audit: type=1400 audit(284.120:102): avc: denied { read } for pid=3333 comm="syz.1.46" name="mice" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 284.781173][ T29] audit: type=1400 audit(284.120:103): avc: denied { open } for pid=3333 comm="syz.1.46" path="/dev/input/mice" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 284.798716][ T29] audit: type=1400 audit(284.140:104): avc: denied { write } for pid=3333 comm="syz.1.46" name="mice" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 286.753212][ T29] audit: type=1400 audit(286.090:105): avc: denied { create } for pid=3340 comm="syz.1.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 288.799173][ T29] audit: type=1400 audit(288.110:106): avc: denied { read } for pid=3349 comm="syz.1.62" name="fb0" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 288.801992][ T29] audit: type=1400 audit(288.140:107): avc: denied { open } for pid=3349 comm="syz.1.62" path="/dev/fb0" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 288.830567][ T29] audit: type=1400 audit(288.170:108): avc: denied { write } for pid=3349 comm="syz.1.62" name="fb0" dev="devtmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 289.225957][ T29] audit: type=1400 audit(288.560:109): avc: denied { read } for pid=3350 comm="syz.0.63" name="loop-control" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 289.241375][ T29] audit: type=1400 audit(288.580:110): avc: denied { open } for pid=3350 comm="syz.0.63" path="/dev/loop-control" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 289.267500][ T29] audit: type=1400 audit(288.590:111): avc: denied { write } for pid=3350 comm="syz.0.63" name="loop-control" dev="devtmpfs" ino=636 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 290.935185][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 290.935283][ T29] audit: type=1400 audit(290.270:113): avc: denied { read } for pid=3358 comm="syz.0.70" name="card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 290.965619][ T29] audit: type=1400 audit(290.290:114): avc: denied { open } for pid=3358 comm="syz.0.70" path="/dev/dri/card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 291.007004][ T29] audit: type=1400 audit(290.340:115): avc: denied { write } for pid=3358 comm="syz.0.70" name="card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 297.347030][ T29] audit: type=1400 audit(296.680:116): avc: denied { sys_module } for pid=3376 comm="syz.0.88" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 297.627514][ T29] audit: type=1400 audit(296.970:117): avc: denied { create } for pid=3379 comm="syz.0.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 299.343328][ T29] audit: type=1400 audit(298.680:118): avc: denied { create } for pid=3385 comm="syz.0.96" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 300.259058][ T29] audit: type=1400 audit(299.600:119): avc: denied { create } for pid=3391 comm="syz.0.102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 301.065116][ T29] audit: type=1400 audit(300.400:120): avc: denied { create } for pid=3395 comm="syz.0.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 303.966943][ T29] audit: type=1400 audit(303.300:121): avc: denied { create } for pid=3408 comm="syz.0.118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 309.480046][ T3423] ================================================================== [ 309.481714][ T3423] BUG: KASAN: slab-use-after-free in binder_add_device+0x98/0xb0 [ 309.483467][ T3423] Write of size 8 at addr ffff0000186a1008 by task syz-executor/3423 [ 309.484626][ T3423] [ 309.486733][ T3423] CPU: 1 UID: 0 PID: 3423 Comm: syz-executor Not tainted 6.13.0-syzkaller-09147-ge2ee2e9b1590 #0 [ 309.487743][ T3423] Hardware name: linux,dummy-virt (DT) [ 309.488250][ T3423] Call trace: [ 309.488519][ T3423] show_stack+0x18/0x24 (C) [ 309.488795][ T3423] dump_stack_lvl+0xa4/0xf4 [ 309.488919][ T3423] print_report+0xf4/0x5a0 [ 309.489003][ T3423] kasan_report+0xc8/0x108 [ 309.489211][ T3423] __asan_report_store8_noabort+0x20/0x2c [ 309.489304][ T3423] binder_add_device+0x98/0xb0 [ 309.489389][ T3423] binderfs_binder_device_create.isra.0+0x798/0x960 [ 309.489476][ T3423] binderfs_fill_super+0x668/0xe9c [ 309.489559][ T3423] get_tree_nodev+0xac/0x148 [ 309.489657][ T3423] binderfs_fs_context_get_tree+0x18/0x24 [ 309.489737][ T3423] vfs_get_tree+0x74/0x280 [ 309.489818][ T3423] path_mount+0x750/0x1684 [ 309.489900][ T3423] __arm64_sys_mount+0x26c/0x4d8 [ 309.489986][ T3423] invoke_syscall+0x6c/0x258 [ 309.490066][ T3423] el0_svc_common.constprop.0+0xac/0x230 [ 309.490143][ T3423] do_el0_svc_compat+0x40/0x68 [ 309.490214][ T3423] el0_svc_compat+0x4c/0x17c [ 309.490292][ T3423] el0t_32_sync_handler+0x98/0x13c [ 309.490365][ T3423] el0t_32_sync+0x19c/0x1a0 [ 309.490689][ T3423] [ 309.498567][ T3423] Allocated by task 3284: [ 309.499248][ T3423] kasan_save_stack+0x3c/0x64 [ 309.499755][ T3423] kasan_save_track+0x20/0x3c [ 309.500192][ T3423] kasan_save_alloc_info+0x40/0x54 [ 309.500624][ T3423] __kasan_kmalloc+0xb8/0xbc [ 309.501021][ T3423] __kmalloc_cache_noprof+0x1b4/0x3d0 [ 309.501449][ T3423] binderfs_binder_device_create.isra.0+0x140/0x960 [ 309.501948][ T3423] binderfs_fill_super+0x668/0xe9c [ 309.502389][ T3423] get_tree_nodev+0xac/0x148 [ 309.502818][ T3423] binderfs_fs_context_get_tree+0x18/0x24 [ 309.503288][ T3423] vfs_get_tree+0x74/0x280 [ 309.503710][ T3423] path_mount+0x750/0x1684 [ 309.504256][ T3423] __arm64_sys_mount+0x26c/0x4d8 [ 309.504710][ T3423] invoke_syscall+0x6c/0x258 [ 309.505157][ T3423] el0_svc_common.constprop.0+0xac/0x230 [ 309.505623][ T3423] do_el0_svc_compat+0x40/0x68 [ 309.506034][ T3423] el0_svc_compat+0x4c/0x17c [ 309.506451][ T3423] el0t_32_sync_handler+0x98/0x13c [ 309.506888][ T3423] el0t_32_sync+0x19c/0x1a0 [ 309.507379][ T3423] [ 309.507733][ T3423] Freed by task 3401: [ 309.508194][ T3423] kasan_save_stack+0x3c/0x64 [ 309.508636][ T3423] kasan_save_track+0x20/0x3c [ 309.509072][ T3423] kasan_save_free_info+0x4c/0x74 [ 309.509499][ T3423] __kasan_slab_free+0x50/0x6c [ 309.509933][ T3423] kfree+0x1bc/0x444 [ 309.510320][ T3423] binderfs_evict_inode+0x1c4/0x214 [ 309.510779][ T3423] evict+0x2d0/0x6b0 [ 309.511166][ T3423] iput+0x3b0/0x6b4 [ 309.511555][ T3423] dentry_unlink_inode+0x208/0x46c [ 309.512035][ T3423] __dentry_kill+0x150/0x52c [ 309.512462][ T3423] shrink_dentry_list+0x114/0x3a4 [ 309.512909][ T3423] shrink_dcache_parent+0x158/0x364 [ 309.513359][ T3423] shrink_dcache_for_umount+0x88/0x304 [ 309.513857][ T3423] generic_shutdown_super+0x60/0x2e8 [ 309.514660][ T3423] kill_litter_super+0x68/0xa4 [ 309.515085][ T3423] binderfs_kill_super+0x38/0x88 [ 309.515546][ T3423] deactivate_locked_super+0x98/0x17c [ 309.516027][ T3423] deactivate_super+0xb0/0xd4 [ 309.516451][ T3423] cleanup_mnt+0x174/0x324 [ 309.516892][ T3423] __cleanup_mnt+0x14/0x20 [ 309.517298][ T3423] task_work_run+0x128/0x210 [ 309.517746][ T3423] do_exit+0x7a0/0x2044 [ 309.518145][ T3423] do_group_exit+0xa4/0x208 [ 309.518549][ T3423] get_signal+0x1a60/0x1b08 [ 309.518980][ T3423] do_signal+0x230/0x620 [ 309.519388][ T3423] do_notify_resume+0x18c/0x258 [ 309.519851][ T3423] el0_ia+0x198/0x254 [ 309.520240][ T3423] el0t_32_sync_handler+0x120/0x13c [ 309.520674][ T3423] el0t_32_sync+0x19c/0x1a0 [ 309.521140][ T3423] [ 309.521567][ T3423] The buggy address belongs to the object at ffff0000186a1000 [ 309.521567][ T3423] which belongs to the cache kmalloc-512 of size 512 [ 309.522400][ T3423] The buggy address is located 8 bytes inside of [ 309.522400][ T3423] freed 512-byte region [ffff0000186a1000, ffff0000186a1200) [ 309.523303][ T3423] [ 309.523724][ T3423] The buggy address belongs to the physical page: [ 309.524979][ T3423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x586a0 [ 309.526326][ T3423] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 309.527019][ T3423] flags: 0x1ffc00000000040(head|node=0|zone=0|lastcpupid=0x7ff) [ 309.528261][ T3423] page_type: f5(slab) [ 309.529184][ T3423] raw: 01ffc00000000040 ffff00000d401c80 dead000000000100 dead000000000122 [ 309.529800][ T3423] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 309.530478][ T3423] head: 01ffc00000000040 ffff00000d401c80 dead000000000100 dead000000000122 [ 309.531053][ T3423] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 309.531627][ T3423] head: 01ffc00000000002 fffffdffc061a801 ffffffffffffffff 0000000000000000 [ 309.532199][ T3423] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 309.532838][ T3423] page dumped because: kasan: bad access detected [ 309.533335][ T3423] [ 309.533675][ T3423] Memory state around the buggy address: [ 309.534570][ T3423] ffff0000186a0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 309.535313][ T3423] ffff0000186a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 309.536008][ T3423] >ffff0000186a1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.536576][ T3423] ^ [ 309.537088][ T3423] ffff0000186a1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.537631][ T3423] ffff0000186a1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 309.538265][ T3423] ================================================================== SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 309.616638][ T3423] Disabling lock debugging due to kernel taint [ 309.665995][ T29] audit: type=1400 audit(309.000:122): avc: denied { mount } for pid=3423 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 VM DIAGNOSIS: 17:29:52 Registers: info registers vcpu 0 CPU#0 PC=ffff80008168cca0 X00=ffff80008d001000 X01=0000000000000000 X02=1ffff00010dbff92 X03=1fffe0000d42731d X04=1fffe0000d4289ae X05=ffff80008ccc3000 X06=ffff700011998600 X07=0000000000000001 X08=ffff80008ccc3003 X09=dfff800000000000 X10=ffff00006a12efcc X11=1ffff00011998600 X12=ffff700011998601 X13=ffff00000f3ca8d0 X14=1ffff000110f5d04 X15=1fffe00001e79516 X16=0000000000000000 X17=ffff7fffe3393000 X18=00000000ffffffff X19=ffff800086dffc88 X20=000000000000001e X21=ffff00000d895b00 X22=ffff8000856ec280 X23=000000000000000b X24=ffff8000853f0480 X25=ffff7fffe3393000 X26=ffff00000f3c9e48 X27=ffff00000f3c9e40 X28=ffff600001e793c9 X29=ffff800080007ee0 X30=ffff80008035a7dc SP=ffff800080007ee0 PSTATE=200000c5 --C- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008531a210 X00=ffff80008634d8f1 X01=0000000000000403 X02=ffff80008634d8f1 X03=0000000000000403 X04=0000000000000000 X05=1ffff000141eae2e X06=0000000000000000 X07=ffff7000141eae0c X08=0000000041b58ab3 X09=ffff8000a0f56fc4 X10=0000000000000000 X11=0000000000000000 X12=0000000000000000 X13=00000000ffffffff X14=0000000000000000 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=000000008ba33943 X19=ffff80008634d8f1 X20=ffff8000a0f573a8 X21=ffff80008634d8ee X22=ffff8000a0f57638 X23=0000000000000000 X24=0000000000000403 X25=ffff8000a0f57170 X26=0000000000000004 X27=ffff8000a0f573fe X28=0000000000000003 X29=ffff8000a0f570c0 X30=ffff80008531a1e0 SP=ffff8000a0f570c0 PSTATE=600000c5 -ZC- EL1h FPCR=00000000 FPSR=00000000 Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000 Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000 Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000 Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000 Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000 Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000 Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000 Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000 Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000 Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000 Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000 Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000 Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000 Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000 Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000 Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000