Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
[   17.579919][   T23] audit: type=1400 audit(1642759981.119:73): avc:  denied  { execmem } for  pid=365 comm="syz-executor811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   17.599339][   T23] audit: type=1400 audit(1642759981.119:74): avc:  denied  { mounton } for  pid=365 comm="syz-executor811" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   17.612742][  T366] bridge0: port 1(bridge_slave_0) entered blocking state
[   17.624490][   T23] audit: type=1400 audit(1642759981.119:75): avc:  denied  { mount } for  pid=365 comm="syz-executor811" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   17.631338][  T366] bridge0: port 1(bridge_slave_0) entered disabled state
[   17.654817][   T23] audit: type=1400 audit(1642759981.119:76): avc:  denied  { mounton } for  pid=366 comm="syz-executor811" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   17.654831][   T23] audit: type=1400 audit(1642759981.119:77): avc:  denied  { mount } for  pid=366 comm="syz-executor811" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   17.654845][   T23] audit: type=1400 audit(1642759981.119:78): avc:  denied  { mounton } for  pid=366 comm="syz-executor811" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   17.654858][   T23] audit: type=1400 audit(1642759981.119:79): avc:  denied  { module_request } for  pid=366 comm="syz-executor811" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   17.751639][  T366] device bridge_slave_0 entered promiscuous mode
[   17.758363][  T366] bridge0: port 2(bridge_slave_1) entered blocking state
[   17.765487][  T366] bridge0: port 2(bridge_slave_1) entered disabled state
[   17.772678][  T366] device bridge_slave_1 entered promiscuous mode
[   17.794390][   T23] audit: type=1400 audit(1642759981.339:80): avc:  denied  { create } for  pid=366 comm="syz-executor811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   17.799295][  T366] bridge0: port 2(bridge_slave_1) entered blocking state
[   17.814994][   T23] audit: type=1400 audit(1642759981.339:81): avc:  denied  { write } for  pid=366 comm="syz-executor811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   17.821960][  T366] bridge0: port 2(bridge_slave_1) entered forwarding state
[   17.842673][   T23] audit: type=1400 audit(1642759981.339:82): avc:  denied  { read } for  pid=366 comm="syz-executor811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   17.849690][  T366] bridge0: port 1(bridge_slave_0) entered blocking state
[   17.876970][  T366] bridge0: port 1(bridge_slave_0) entered forwarding state
[   17.891758][   T24] bridge0: port 1(bridge_slave_0) entered disabled state
[   17.898878][   T24] bridge0: port 2(bridge_slave_1) entered disabled state
[   17.906169][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   17.913446][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   17.922342][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   17.930402][  T367] bridge0: port 1(bridge_slave_0) entered blocking state
[   17.937418][  T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[   17.954381][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   17.962566][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   17.970399][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   17.978484][   T24] bridge0: port 2(bridge_slave_1) entered blocking state
[   17.985496][   T24] bridge0: port 2(bridge_slave_1) entered forwarding state
[   17.993164][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
executing program
[   18.001467][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   18.011339][  T367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   18.023540][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   18.031894][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   18.048803][  T374] ==================================================================
[   18.056869][  T374] BUG: KASAN: use-after-free in __fdget_raw+0x57/0x1e0
[   18.063686][  T374] Read of size 4 at addr ffff88811d4d0000 by task io_wqe_worker-0/374
[   18.071803][  T374] 
[   18.074104][  T374] CPU: 1 PID: 374 Comm: io_wqe_worker-0 Not tainted 5.10.93-syzkaller-01028-g0347b1658399 #0
[   18.084214][  T374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.094253][  T374] Call Trace:
[   18.097514][  T374]  dump_stack_lvl+0x1e2/0x24b
[   18.102162][  T374]  ? show_regs_print_info+0x18/0x18
[   18.107340][  T374]  ? devkmsg_release+0x127/0x127
[   18.112244][  T374]  ? stack_trace_save+0x1e0/0x1e0
[   18.117238][  T374]  ? arch_stack_walk+0x112/0x140
[   18.122144][  T374]  print_address_description+0x8d/0x3d0
[   18.127657][  T374]  __kasan_report+0x142/0x220
[   18.132300][  T374]  ? __fdget_raw+0x57/0x1e0
[   18.136781][  T374]  kasan_report+0x51/0x70
[   18.141078][  T374]  kasan_check_range+0x2b6/0x2f0
[   18.145982][  T374]  __kasan_check_read+0x11/0x20
[   18.150799][  T374]  __fdget_raw+0x57/0x1e0
[   18.155098][  T374]  path_init+0x6aa/0x1130
[   18.159391][  T374]  ? __kasan_slab_alloc+0xb2/0xe0
[   18.164385][  T374]  ? kmem_cache_alloc+0x1a2/0x380
[   18.169377][  T374]  ? getname_flags+0xba/0x650
[   18.174018][  T374]  ? io_issue_sqe+0x2541/0xfc10
[   18.178837][  T374]  ? io_wq_submit_work+0x34c/0xf40
[   18.183926][  T374]  ? io_wqe_worker+0x39f/0xf20
[   18.188655][  T374]  ? kthread+0x371/0x390
[   18.192865][  T374]  path_lookupat+0x2b/0x6c0
[   18.197335][  T374]  filename_lookup+0x23f/0x6c0
[   18.202063][  T374]  ? hashlen_string+0x120/0x120
[   18.206882][  T374]  ? getname_flags+0x207/0x650
[   18.211613][  T374]  user_path_at_empty+0x40/0x50
[   18.216433][  T374]  vfs_statx+0x10a/0x3f0
[   18.220640][  T374]  ? vfs_fstatat+0x40/0x40
[   18.225024][  T374]  do_statx+0xec/0x170
[   18.229065][  T374]  ? __ia32_sys_readlink+0x90/0x90
[   18.234144][  T374]  ? _raw_spin_lock_irqsave+0xf8/0x210
[   18.239574][  T374]  ? __kasan_check_write+0x14/0x20
[   18.244651][  T374]  io_issue_sqe+0x2541/0xfc10
[   18.249295][  T374]  ? __io_req_task_cancel+0x720/0x720
[   18.254635][  T374]  ? unwind_next_frame+0x3d4/0x740
[   18.259712][  T374]  ? stack_trace_save+0x1e0/0x1e0
[   18.264705][  T374]  ? arch_stack_walk+0x112/0x140
[   18.269612][  T374]  ? ret_from_fork+0x1f/0x30
[   18.274169][  T374]  ? stack_trace_save+0x11b/0x1e0
[   18.279244][  T374]  ? stack_trace_snprint+0xe0/0xe0
[   18.284323][  T374]  ? stack_depot_save+0x41e/0x480
[   18.289312][  T374]  ? kmem_cache_free+0xb5/0x1f0
[   18.294129][  T374]  ? kmem_cache_free+0xb5/0x1f0
[   18.298956][  T374]  ? kasan_set_track+0x63/0x80
[   18.303687][  T374]  ? kasan_set_track+0x4c/0x80
[   18.308417][  T374]  ? kasan_set_free_info+0x23/0x40
[   18.313492][  T374]  ? ____kasan_slab_free+0x133/0x170
[   18.318743][  T374]  ? __kasan_slab_free+0x11/0x20
[   18.323650][  T374]  ? slab_free_freelist_hook+0xcc/0x1a0
[   18.329168][  T374]  ? kmem_cache_free+0xb5/0x1f0
[   18.333987][  T374]  ? __io_free_req+0x20e/0x380
[   18.338718][  T374]  ? io_free_work+0x92/0x5e0
[   18.343274][  T374]  ? io_worker_handle_work+0x16bc/0x1d90
[   18.348869][  T374]  ? io_wqe_worker+0x39f/0xf20
[   18.353600][  T374]  ? kthread+0x371/0x390
[   18.357816][  T374]  ? ret_from_fork+0x1f/0x30
[   18.362378][  T374]  ? kmem_cache_free+0xb5/0x1f0
[   18.367196][  T374]  ? debug_smp_processor_id+0x1c/0x20
[   18.372535][  T374]  ? kmem_cache_free+0xb5/0x1f0
[   18.377353][  T374]  ? ____kasan_slab_free+0x13e/0x170
[   18.382617][  T374]  ? __kasan_slab_free+0x11/0x20
[   18.387520][  T374]  ? slab_free_freelist_hook+0xcc/0x1a0
[   18.393033][  T374]  ? __rcu_read_lock+0x50/0x50
[   18.397777][  T374]  ? __io_free_req+0x20e/0x380
[   18.402519][  T374]  ? __kasan_check_write+0x14/0x20
[   18.407609][  T374]  io_wq_submit_work+0x34c/0xf40
[   18.412522][  T374]  ? io_free_work+0x92/0x5e0
[   18.417085][  T374]  ? __kasan_check_write+0x14/0x20
[   18.422169][  T374]  io_worker_handle_work+0x1558/0x1d90
[   18.427606][  T374]  io_wqe_worker+0x39f/0xf20
[   18.432172][  T374]  ? create_io_worker+0x670/0x670
[   18.437174][  T374]  ? __kasan_check_read+0x11/0x20
[   18.442176][  T374]  ? __kthread_parkme+0xba/0x1d0
[   18.447091][  T374]  kthread+0x371/0x390
[   18.451137][  T374]  ? create_io_worker+0x670/0x670
[   18.456153][  T374]  ? kthread_blkcg+0xd0/0xd0
[   18.460722][  T374]  ret_from_fork+0x1f/0x30
[   18.465115][  T374] 
[   18.467423][  T374] Allocated by task 365:
[   18.471651][  T374]  __kasan_slab_alloc+0xb2/0xe0
[   18.476481][  T374]  kmem_cache_alloc+0x1a2/0x380
[   18.481310][  T374]  dup_fd+0x71/0xc60
[   18.485182][  T374]  copy_process+0x12a6/0x5340
[   18.489842][  T374]  kernel_clone+0x21f/0x9a0
[   18.494322][  T374]  __x64_sys_clone+0x258/0x2d0
[   18.499063][  T374]  do_syscall_64+0x31/0x70
[   18.503451][  T374]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   18.509310][  T374] 
[   18.511620][  T374] Freed by task 366:
[   18.515501][  T374]  kasan_set_track+0x4c/0x80
[   18.520067][  T374]  kasan_set_free_info+0x23/0x40
[   18.524978][  T374]  ____kasan_slab_free+0x133/0x170
[   18.530060][  T374]  __kasan_slab_free+0x11/0x20
[   18.534803][  T374]  slab_free_freelist_hook+0xcc/0x1a0
[   18.540144][  T374]  kmem_cache_free+0xb5/0x1f0
[   18.544792][  T374]  put_files_struct+0x318/0x350
[   18.549615][  T374]  exit_files+0x80/0xa0
[   18.553746][  T374]  do_exit+0x6d9/0x23a0
[   18.557873][  T374]  do_group_exit+0x16a/0x2d0
[   18.562433][  T374]  __do_sys_exit_group+0x17/0x20
[   18.567341][  T374]  __se_sys_exit_group+0x14/0x20
[   18.572266][  T374]  __x64_sys_exit_group+0x3b/0x40
[   18.577268][  T374]  do_syscall_64+0x31/0x70
[   18.581660][  T374]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   18.587518][  T374] 
[   18.589827][  T374] The buggy address belongs to the object at ffff88811d4d0000
[   18.589827][  T374]  which belongs to the cache files_cache of size 704
[   18.603849][  T374] The buggy address is located 0 bytes inside of
[   18.603849][  T374]  704-byte region [ffff88811d4d0000, ffff88811d4d02c0)
[   18.616913][  T374] The buggy address belongs to the page:
[   18.622522][  T374] page:ffffea0004753400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d4d0
[   18.632732][  T374] head:ffffea0004753400 order:2 compound_mapcount:0 compound_pincount:0
[   18.641037][  T374] flags: 0x8000000000010200(slab|head)
[   18.646473][  T374] raw: 8000000000010200 dead000000000100 dead000000000122 ffff888100066f00
[   18.655033][  T374] raw: 0000000000000000 0000000080130013 00000001ffffffff 0000000000000000
[   18.663586][  T374] page dumped because: kasan: bad access detected
[   18.669971][  T374] page_owner tracks the page as allocated
[   18.675667][  T374] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 357, ts 15953240908, free_ts 0
[   18.693774][  T374]  get_page_from_freelist+0xa74/0xa90
[   18.699120][  T374]  __alloc_pages_nodemask+0x3c8/0x820
[   18.704463][  T374]  allocate_slab+0x6b/0x350
[   18.708941][  T374]  ___slab_alloc+0x143/0x2f0
[   18.713504][  T374]  kmem_cache_alloc+0x26f/0x380
[   18.718328][  T374]  dup_fd+0x71/0xc60
[   18.722195][  T374]  copy_process+0x12a6/0x5340
[   18.726842][  T374]  kernel_clone+0x21f/0x9a0
[   18.731317][  T374]  __x64_sys_clone+0x258/0x2d0
[   18.736055][  T374]  do_syscall_64+0x31/0x70
[   18.740443][  T374]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   18.746304][  T374] page_owner free stack trace missing
[   18.751644][  T374] 
[   18.753946][  T374] Memory state around the buggy address:
[   18.759550][  T374]  ffff88811d4cff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.767585][  T374]  ffff88811d4cff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.775620][  T374] >ffff88811d4d0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.783650][  T374]                    ^
[   18.787690][  T374]  ffff88811d4d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.795722][  T374]  ffff88811d4d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.803753][  T374] ============================