Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts. 2023/11/19 02:59:04 ignoring optional flag "sandboxArg"="0" 2023/11/19 02:59:05 parsed 1 programs 2023/11/19 02:59:05 executed programs: 0 [ 41.382731][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 41.382741][ T29] audit: type=1400 audit(1700362745.047:150): avc: denied { mounton } for pid=337 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.424168][ T29] audit: type=1400 audit(1700362745.047:151): avc: denied { mount } for pid=337 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.456263][ T29] audit: type=1400 audit(1700362745.047:152): avc: denied { setattr } for pid=337 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.483181][ T29] audit: type=1400 audit(1700362745.067:153): avc: denied { mounton } for pid=342 comm="syz-executor.2" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 41.561683][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.568983][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.576557][ T344] device bridge_slave_0 entered promiscuous mode [ 41.584295][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.591481][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.598978][ T344] device bridge_slave_1 entered promiscuous mode [ 41.627323][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.634561][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.641856][ T342] device bridge_slave_0 entered promiscuous mode [ 41.672776][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.679620][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.687355][ T342] device bridge_slave_1 entered promiscuous mode [ 41.721682][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.728558][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.736603][ T353] device bridge_slave_0 entered promiscuous mode [ 41.746806][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.754288][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.761552][ T348] device bridge_slave_0 entered promiscuous mode [ 41.769814][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.777160][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.784662][ T348] device bridge_slave_1 entered promiscuous mode [ 41.799443][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.806680][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.814445][ T353] device bridge_slave_1 entered promiscuous mode [ 41.858186][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.865157][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.872468][ T354] device bridge_slave_0 entered promiscuous mode [ 41.893983][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.901025][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.908236][ T354] device bridge_slave_1 entered promiscuous mode [ 41.933049][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.939883][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.947138][ T351] device bridge_slave_0 entered promiscuous mode [ 41.966614][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.973557][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.981132][ T351] device bridge_slave_1 entered promiscuous mode [ 42.057096][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.063960][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.071005][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.077842][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.099667][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.106613][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.113772][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.120562][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.141484][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.148500][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.155687][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.162575][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.221127][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.228270][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.235476][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.242618][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.249912][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.257446][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.265607][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.273138][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.291669][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.299485][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.307665][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.314505][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.321968][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.330285][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.337325][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.345127][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.353004][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.392484][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.400506][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.408642][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.415878][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.424562][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.432730][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.439551][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.446865][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.454571][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.475525][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.484057][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.491486][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.498895][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.507672][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.514531][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.522011][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.530006][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.537011][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.556220][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.564226][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.572008][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.580239][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.588583][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.595547][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.602863][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.610871][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.619181][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.626027][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.633553][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.641035][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.649431][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.659160][ T348] device veth0_vlan entered promiscuous mode [ 42.674861][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.683006][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.690860][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.698809][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.706661][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.715163][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.723043][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.730560][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.740841][ T344] device veth0_vlan entered promiscuous mode [ 42.751142][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.759387][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.767582][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.776271][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.784516][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.791540][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.798741][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.806481][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.814259][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.822369][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.829987][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.837912][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.845782][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.853465][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.860598][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.879423][ T344] device veth1_macvtap entered promiscuous mode [ 42.894969][ T353] device veth0_vlan entered promiscuous mode [ 42.901281][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.910031][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.917318][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.925240][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.933497][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.941364][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.949195][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.956708][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.964460][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.972127][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.980014][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.987927][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.995107][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.002376][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.010347][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.018194][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.025123][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.032431][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.040708][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.048830][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.055660][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.062933][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.070596][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.078769][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.086870][ T348] device veth1_macvtap entered promiscuous mode [ 43.094876][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.109361][ T353] device veth1_macvtap entered promiscuous mode [ 43.125038][ T354] device veth0_vlan entered promiscuous mode [ 43.133494][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.142143][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.149917][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.157358][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.164664][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 43.173227][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.181219][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 43.188956][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.196956][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.205096][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.213431][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.221943][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.229177][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.236379][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.244351][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.257055][ T342] device veth0_vlan entered promiscuous mode [ 43.269312][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.277697][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.286065][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.294659][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.302902][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.310890][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.321788][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.336564][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.345208][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.353532][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.360831][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.368853][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.378448][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.380607][ T29] audit: type=1400 audit(1700362747.037:154): avc: denied { mounton } for pid=378 comm="syz-executor.0" path="/root/syzkaller-testdir2595556200/syzkaller.6ODOoh/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 43.394373][ T354] device veth1_macvtap entered promiscuous mode [ 43.426225][ T351] device veth0_vlan entered promiscuous mode [ 43.440652][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.449522][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.458317][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.471988][ T342] device veth1_macvtap entered promiscuous mode [ 43.478642][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.486689][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.495076][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.520066][ T351] device veth1_macvtap entered promiscuous mode [ 43.527403][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.539687][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.548020][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.558510][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.571048][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.590589][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.598850][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.610386][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.618942][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.658734][ T398] ================================================================== [ 43.666968][ T398] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 43.674165][ T398] Read of size 256 at addr ffff88811f308c10 by task syz-executor.3/398 [ 43.682248][ T398] [ 43.684599][ T398] CPU: 1 PID: 398 Comm: syz-executor.3 Not tainted 5.15.137-syzkaller #0 [ 43.692857][ T398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 43.702843][ T398] Call Trace: [ 43.705962][ T398] [ 43.708833][ T398] dump_stack_lvl+0x38/0x49 [ 43.713442][ T398] print_address_description.constprop.0+0x24/0x160 [ 43.720068][ T398] ? fuse_copy_one+0x84/0x310 [ 43.724935][ T398] kasan_report.cold+0x82/0xdb [ 43.729761][ T398] ? fuse_copy_one+0x84/0x310 [ 43.734345][ T398] kasan_check_range+0x148/0x190 [ 43.739130][ T398] memcpy+0x24/0x60 [ 43.742763][ T398] fuse_copy_one+0x84/0x310 [ 43.747108][ T398] ? fuse_copy_finish+0x240/0x240 [ 43.751968][ T398] fuse_copy_args+0x84/0x360 [ 43.756612][ T398] ? memcpy+0x4e/0x60 [ 43.760431][ T398] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 43.766434][ T398] ? futex_wait_queue_me+0x6d0/0x6d0 [ 43.771545][ T398] ? fuse_copy_args+0x360/0x360 [ 43.776226][ T398] fuse_dev_read+0x13d/0x1e0 [ 43.780649][ T398] ? fuse_dev_splice_read+0x490/0x490 [ 43.785952][ T398] ? __pmd_alloc+0x330/0x330 [ 43.790371][ T398] new_sync_read+0x353/0x6d0 [ 43.794885][ T398] ? fsnotify+0xe30/0xe30 [ 43.799058][ T398] ? ksys_lseek+0x140/0x140 [ 43.803391][ T398] ? put_vma+0x1a/0x50 [ 43.807300][ T398] ? selinux_file_permission+0x2f1/0x3f0 [ 43.812761][ T398] ? fsnotify+0xe30/0xe30 [ 43.816929][ T398] vfs_read+0x347/0x4b0 [ 43.821008][ T398] ksys_read+0x111/0x210 [ 43.825347][ T398] ? vfs_write+0x8e0/0x8e0 [ 43.829696][ T398] ? __kasan_check_write+0x14/0x20 [ 43.834645][ T398] ? switch_fpu_return+0xec/0x1f0 [ 43.839505][ T398] __x64_sys_read+0x6e/0xb0 [ 43.843942][ T398] ? syscall_exit_to_user_mode+0x2f/0x40 [ 43.849671][ T398] do_syscall_64+0x35/0xb0 [ 43.854471][ T398] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.860604][ T398] RIP: 0033:0x7ff5d4f4bdb9 [ 43.865630][ T398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.885619][ T398] RSP: 002b:00007ff5d4a6c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 43.893949][ T398] RAX: ffffffffffffffda RBX: 00007ff5d506c1f0 RCX: 00007ff5d4f4bdb9 [ 43.902019][ T398] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 43.910003][ T398] RBP: 00007ff5d4fa8ad0 R08: 0000000000000000 R09: 0000000000000000 [ 43.917815][ T398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.928684][ T398] R13: 000000000000006e R14: 00007ff5d506c1f0 R15: 00007ffc02a5d418 [ 43.936938][ T398] [ 43.939792][ T398] [ 43.941954][ T398] Allocated by task 384: [ 43.946128][ T398] kasan_save_stack+0x26/0x50 [ 43.950890][ T398] __kasan_kmalloc+0xae/0xe0 [ 43.955466][ T398] __kmalloc+0x2d5/0x4e0 [ 43.959643][ T398] __d_alloc+0x593/0x8a0 [ 43.963861][ T398] d_alloc+0x3c/0x210 [ 43.967757][ T398] d_alloc_parallel+0xdc/0x1090 [ 43.972430][ T398] __lookup_slow+0x106/0x3d0 [ 43.977143][ T398] walk_component+0x3a1/0x690 [ 43.981686][ T398] path_lookupat+0x11f/0x6b0 [ 43.986223][ T398] filename_lookup+0x192/0x510 [ 43.990824][ T398] user_path_at_empty+0x3a/0x60 [ 43.995631][ T398] __x64_sys_mount+0x1a0/0x280 [ 44.000200][ T398] do_syscall_64+0x35/0xb0 [ 44.004547][ T398] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.010353][ T398] [ 44.012529][ T398] Freed by task 6: [ 44.016170][ T398] kasan_save_stack+0x26/0x50 [ 44.021153][ T398] kasan_set_track+0x25/0x30 [ 44.025588][ T398] kasan_set_free_info+0x24/0x40 [ 44.030456][ T398] __kasan_slab_free+0x111/0x150 [ 44.035389][ T398] slab_free_freelist_hook+0x94/0x1a0 [ 44.040858][ T398] kmem_cache_free_bulk+0x3be/0x7a0 [ 44.046063][ T398] kfree_rcu_work+0x418/0x8b0 [ 44.050576][ T398] process_one_work+0x62c/0xec0 [ 44.055350][ T398] worker_thread+0x48e/0xdb0 [ 44.059778][ T398] kthread+0x324/0x3e0 [ 44.063684][ T398] ret_from_fork+0x1f/0x30 [ 44.067939][ T398] [ 44.070102][ T398] Last potentially related work creation: [ 44.075660][ T398] kasan_save_stack+0x26/0x50 [ 44.080173][ T398] __kasan_record_aux_stack+0xd8/0xf0 [ 44.085392][ T398] kasan_record_aux_stack_noalloc+0xb/0x10 [ 44.091025][ T398] kvfree_call_rcu+0x98/0x8e0 [ 44.095540][ T398] __d_move+0x3f1/0x13a0 [ 44.099642][ T398] d_splice_alias+0x8a7/0xb40 [ 44.104312][ T398] fuse_lookup+0x5a6/0x15a0 [ 44.108646][ T398] __lookup_slow+0x19b/0x3d0 [ 44.113297][ T398] walk_component+0x3a1/0x690 [ 44.117889][ T398] link_path_walk.part.0+0x57b/0xb30 [ 44.123096][ T398] path_parentat+0x8f/0x160 [ 44.127733][ T398] filename_parentat+0x192/0x550 [ 44.132505][ T398] filename_create+0x93/0x3e0 [ 44.137110][ T398] do_mkdirat+0x9c/0x2c0 [ 44.141183][ T398] __x64_sys_mkdir+0xd5/0x120 [ 44.145700][ T398] do_syscall_64+0x35/0xb0 [ 44.150090][ T398] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.155807][ T398] [ 44.158047][ T398] The buggy address belongs to the object at ffff88811f308c00 [ 44.158047][ T398] which belongs to the cache kmalloc-rcl-512 of size 512 [ 44.172571][ T398] The buggy address is located 16 bytes inside of [ 44.172571][ T398] 512-byte region [ffff88811f308c00, ffff88811f308e00) [ 44.185754][ T398] The buggy address belongs to the page: [ 44.191218][ T398] page:ffffea00047cc200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f308 [ 44.202706][ T398] head:ffffea00047cc200 order:2 compound_mapcount:0 compound_pincount:0 [ 44.211296][ T398] flags: 0x4000000000010200(slab|head|zone=1) [ 44.215139][ T29] audit: type=1400 audit(1700362747.877:155): avc: denied { unmount } for pid=353 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 44.217204][ T398] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 44.246011][ T398] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.254521][ T398] page dumped because: kasan: bad access detected [ 44.261055][ T398] page_owner tracks the page as allocated [ 44.266986][ T398] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 384, ts 43446938150, free_ts 0 [ 44.288451][ T398] prep_new_page+0x1a2/0x310 [ 44.293126][ T398] get_page_from_freelist+0x1ce2/0x30a0 [ 44.298731][ T398] __alloc_pages+0x217/0x2330 [ 44.303670][ T398] allocate_slab+0x39d/0x530 [ 44.311284][ T398] ___slab_alloc.constprop.0+0x3ca/0x890 [ 44.316751][ T398] __slab_alloc.constprop.0+0x42/0x80 [ 44.322372][ T398] __kmalloc+0x49f/0x4e0 [ 44.327739][ T398] __d_alloc+0x593/0x8a0 [ 44.332895][ T398] d_alloc+0x3c/0x210 [ 44.336815][ T398] d_alloc_parallel+0xdc/0x1090 [ 44.341492][ T398] __lookup_slow+0x106/0x3d0 [ 44.346090][ T398] walk_component+0x3a1/0x690 [ 44.351335][ T398] path_lookupat+0x11f/0x6b0 [ 44.356200][ T398] filename_lookup+0x192/0x510 [ 44.360753][ T398] user_path_at_empty+0x3a/0x60 [ 44.365826][ T398] __x64_sys_mount+0x1a0/0x280 [ 44.371066][ T398] page_owner free stack trace missing [ 44.376762][ T398] [ 44.379221][ T398] Memory state around the buggy address: [ 44.385298][ T398] ffff88811f308b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.393338][ T398] ffff88811f308b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.401898][ T398] >ffff88811f308c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.410265][ T398] ^ [ 44.415656][ T398] ffff88811f308c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.423870][ T398] ffff88811f308d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.431963][ T398] ================================================================== [ 44.439951][ T398] Disabling lock debugging due to kernel taint 2023/11/19 02:59:10 executed programs: 24 2023/11/19 02:59:15 executed programs: 60