[    2.842387][  T166] acpid (166) used greatest stack depth: 24200 bytes left
[    3.055835][  T181] udevd[181]: starting version 3.2.10
[    3.098300][  T182] udevd[182]: starting eudev-3.2.10
[    3.100162][  T181] udevd (181) used greatest stack depth: 22976 bytes left
[    4.129391][  T268] ssh-keygen (268) used greatest stack depth: 22368 bytes left
[   11.526221][   T30] kauditd_printk_skb: 49 callbacks suppressed
[   11.526236][   T30] audit: type=1400 audit(1668520404.979:60): avc:  denied  { transition } for  pid=318 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   11.530315][   T30] audit: type=1400 audit(1668520404.979:61): avc:  denied  { write } for  pid=318 comm="sh" path="pipe:[357]" dev="pipefs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1
[  570.845774][   T30] audit: type=1400 audit(1668520964.299:62): avc:  denied  { remove_name } for  pid=164 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  570.848979][   T30] audit: type=1400 audit(1668520964.299:63): avc:  denied  { rename } for  pid=164 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
[ 1015.254347][   T30] audit: type=1400 audit(1668521408.709:64): avc:  denied  { execmem } for  pid=1398 comm="syz-executor302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 1015.278344][   T30] audit: type=1400 audit(1668521408.709:65): avc:  denied  { read write } for  pid=1406 comm="syz-executor302" name="fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1015.301980][   T30] audit: type=1400 audit(1668521408.709:66): avc:  denied  { open } for  pid=1406 comm="syz-executor302" path="/dev/fuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1015.325822][   T30] audit: type=1400 audit(1668521408.709:67): avc:  denied  { mounton } for  pid=1406 comm="syz-executor302" path="/root/syzkaller.RVwr53/0/file0" dev="sda1" ino=1144 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 1015.350593][   T30] audit: type=1400 audit(1668521408.709:68): avc:  denied  { mount } for  pid=1406 comm="syz-executor302" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1015.427284][   T30] audit: type=1400 audit(1668521408.879:69): avc:  denied  { mounton } for  pid=1405 comm="syz-executor302" path="/root/syzkaller.hEBk36/0/file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
[ 1020.369450][   T30] audit: type=1400 audit(1668521413.819:70): avc:  denied  { unmount } for  pid=1402 comm="syz-executor302" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 1470.816909][ T4941] ==================================================================
[ 1470.824803][ T4941] BUG: KASAN: use-after-free in fuse_copy_one+0x1e7/0x3f0
[ 1470.831747][ T4941] Read of size 256 at addr ffff88811f8ca010 by task syz-executor302/4941
[ 1470.839996][ T4941] 
[ 1470.842167][ T4941] CPU: 0 PID: 4941 Comm: syz-executor302 Not tainted 5.15.74-syzkaller #0
[ 1470.850493][ T4941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 1470.860401][ T4941] Call Trace:
[ 1470.863522][ T4941]  <TASK>
[ 1470.866288][ T4941]  dump_stack_lvl+0x151/0x1b7
[ 1470.870804][ T4941]  ? bfq_pos_tree_add_move+0x43e/0x43e
[ 1470.876098][ T4941]  ? panic+0x727/0x727
[ 1470.880000][ T4941]  ? __kasan_check_write+0x14/0x20
[ 1470.884949][ T4941]  print_address_description+0x87/0x3d0
[ 1470.890332][ T4941]  kasan_report+0x1a6/0x1f0
[ 1470.894671][ T4941]  ? fuse_copy_one+0x1e7/0x3f0
[ 1470.899267][ T4941]  ? fuse_copy_one+0x1e7/0x3f0
[ 1470.903867][ T4941]  kasan_check_range+0x2aa/0x2e0
[ 1470.908641][ T4941]  ? fuse_copy_one+0x1e7/0x3f0
[ 1470.913328][ T4941]  memcpy+0x2d/0x70
[ 1470.916972][ T4941]  fuse_copy_one+0x1e7/0x3f0
[ 1470.921402][ T4941]  fuse_copy_args+0x309/0x400
[ 1470.925913][ T4941]  ? fuse_copy_one+0x39f/0x3f0
[ 1470.930513][ T4941]  fuse_dev_do_read+0xc9b/0x1190
[ 1470.935294][ T4941]  ? queue_interrupt+0x390/0x390
[ 1470.940063][ T4941]  ? memset+0x35/0x40
[ 1470.943882][ T4941]  fuse_dev_read+0x180/0x210
[ 1470.948305][ T4941]  ? __fsnotify_update_child_dentry_flags+0x300/0x300
[ 1470.954904][ T4941]  ? fuse_dev_release+0x5b0/0x5b0
[ 1470.959763][ T4941]  ? iov_iter_init+0x53/0x180
[ 1470.964282][ T4941]  vfs_read+0xabc/0xd80
[ 1470.968272][ T4941]  ? kernel_read+0x1f0/0x1f0
[ 1470.972785][ T4941]  ? __fget_files+0x310/0x370
[ 1470.977295][ T4941]  ? __fdget_pos+0x1fe/0x310
[ 1470.981862][ T4941]  ? ksys_read+0x77/0x2c0
[ 1470.986148][ T4941]  ksys_read+0x198/0x2c0
[ 1470.990236][ T4941]  ? __kasan_check_write+0x14/0x20
[ 1470.995170][ T4941]  ? vfs_write+0x1050/0x1050
[ 1470.999596][ T4941]  __x64_sys_read+0x7b/0x90
[ 1471.003937][ T4941]  do_syscall_64+0x44/0xd0
[ 1471.008189][ T4941]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1471.013919][ T4941] RIP: 0033:0x7f589d294bc9
[ 1471.018170][ T4941] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1471.037700][ T4941] RSP: 002b:00007f589d1e22f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1471.045946][ T4941] RAX: ffffffffffffffda RBX: 00007f589d3264f0 RCX: 00007f589d294bc9
[ 1471.053753][ T4941] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003
[ 1471.061566][ T4941] RBP: 00007f589d2f3284 R08: 0000000000000000 R09: 0000000000000000
[ 1471.069375][ T4941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f589d2ed160
[ 1471.077191][ T4941] R13: 00007f589d2ef278 R14: 00007f589d2f1280 R15: 00007f589d3264f8
[ 1471.085000][ T4941]  </TASK>
[ 1471.087861][ T4941] 
[ 1471.090043][ T4941] Allocated by task 4923:
[ 1471.094202][ T4941]  ____kasan_kmalloc+0xdc/0x110
[ 1471.098887][ T4941]  __kasan_kmalloc+0x9/0x10
[ 1471.103226][ T4941]  __kmalloc+0x203/0x350
[ 1471.107305][ T4941]  __d_alloc+0xab/0x6b0
[ 1471.111295][ T4941]  d_alloc_parallel+0xe0/0x12b0
[ 1471.115992][ T4941]  __lookup_slow+0x14e/0x400
[ 1471.120433][ T4941]  lookup_slow+0x5a/0x80
[ 1471.124487][ T4941]  walk_component+0x425/0x5a0
[ 1471.129004][ T4941]  path_lookupat+0x18d/0x460
[ 1471.133427][ T4941]  filename_lookup+0x277/0x640
[ 1471.138025][ T4941]  user_path_at_empty+0x44/0x1b0
[ 1471.142803][ T4941]  __se_sys_mount+0x293/0x3c0
[ 1471.147314][ T4941]  __x64_sys_mount+0xbf/0xd0
[ 1471.151742][ T4941]  do_syscall_64+0x44/0xd0
[ 1471.155993][ T4941]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1471.161728][ T4941] 
[ 1471.163892][ T4941] Freed by task 20:
[ 1471.167711][ T4941]  kasan_set_track+0x4c/0x70
[ 1471.172267][ T4941]  kasan_set_free_info+0x23/0x40
[ 1471.177034][ T4941]  ____kasan_slab_free+0x126/0x160
[ 1471.181984][ T4941]  __kasan_slab_free+0x11/0x20
[ 1471.186580][ T4941]  slab_free_freelist_hook+0xc9/0x1a0
[ 1471.191788][ T4941]  kmem_cache_free_bulk+0x3dc/0x720
[ 1471.196829][ T4941]  kfree_rcu_work+0x2cb/0x6c0
[ 1471.201336][ T4941]  process_one_work+0x6db/0xc00
[ 1471.206023][ T4941]  worker_thread+0xb3e/0x1340
[ 1471.210535][ T4941]  kthread+0x41c/0x500
[ 1471.214441][ T4941]  ret_from_fork+0x1f/0x30
[ 1471.218702][ T4941] 
[ 1471.220864][ T4941] Last potentially related work creation:
[ 1471.226504][ T4941]  kasan_save_stack+0x3b/0x60
[ 1471.231016][ T4941]  __kasan_record_aux_stack+0xd3/0xf0
[ 1471.236224][ T4941]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1471.241869][ T4941]  kvfree_call_rcu+0xb2/0x7f0
[ 1471.246379][ T4941]  __d_move+0xb3e/0x16d0
[ 1471.250460][ T4941]  __d_unalias+0x1cc/0x220
[ 1471.254798][ T4941]  d_splice_alias+0x22f/0x3b0
[ 1471.259313][ T4941]  fuse_lookup+0x2b4/0x5f0
[ 1471.263564][ T4941]  __lookup_slow+0x2b3/0x400
[ 1471.267989][ T4941]  lookup_slow+0x5a/0x80
[ 1471.272077][ T4941]  walk_component+0x425/0x5a0
[ 1471.276669][ T4941]  link_path_walk+0x682/0xde0
[ 1471.281183][ T4941]  filename_parentat+0x27e/0x6b0
[ 1471.285991][ T4941]  filename_create+0xef/0x4f0
[ 1471.290469][ T4941]  do_mkdirat+0xc2/0x420
[ 1471.294552][ T4941]  __x64_sys_mkdir+0x6e/0x80
[ 1471.298976][ T4941]  do_syscall_64+0x44/0xd0
[ 1471.303238][ T4941]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1471.308955][ T4941] 
[ 1471.311125][ T4941] Second to last potentially related work creation:
[ 1471.317547][ T4941]  kasan_save_stack+0x3b/0x60
[ 1471.322062][ T4941]  __kasan_record_aux_stack+0xd3/0xf0
[ 1471.327275][ T4941]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1471.332914][ T4941]  kvfree_call_rcu+0xb2/0x7f0
[ 1471.337426][ T4941]  __d_move+0xb3e/0x16d0
[ 1471.341502][ T4941]  __d_unalias+0x1cc/0x220
[ 1471.345755][ T4941]  d_splice_alias+0x22f/0x3b0
[ 1471.350269][ T4941]  fuse_lookup+0x2b4/0x5f0
[ 1471.354533][ T4941]  __lookup_slow+0x2b3/0x400
[ 1471.358952][ T4941]  lookup_slow+0x5a/0x80
[ 1471.363027][ T4941]  walk_component+0x425/0x5a0
[ 1471.367539][ T4941]  link_path_walk+0x682/0xde0
[ 1471.372055][ T4941]  filename_parentat+0x27e/0x6b0
[ 1471.376826][ T4941]  filename_create+0xef/0x4f0
[ 1471.381339][ T4941]  do_mkdirat+0xc2/0x420
[ 1471.385420][ T4941]  __x64_sys_mkdir+0x6e/0x80
[ 1471.389846][ T4941]  do_syscall_64+0x44/0xd0
[ 1471.394098][ T4941]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1471.399826][ T4941] 
[ 1471.401995][ T4941] The buggy address belongs to the object at ffff88811f8ca000
[ 1471.401995][ T4941]  which belongs to the cache kmalloc-rcl-512 of size 512
[ 1471.416231][ T4941] The buggy address is located 16 bytes inside of
[ 1471.416231][ T4941]  512-byte region [ffff88811f8ca000, ffff88811f8ca200)
[ 1471.429250][ T4941] The buggy address belongs to the page:
[ 1471.434719][ T4941] page:ffffea00047e3200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811f8c9000 pfn:0x11f8c8
[ 1471.446087][ T4941] head:ffffea00047e3200 order:2 compound_mapcount:0 compound_pincount:0
[ 1471.454244][ T4941] flags: 0x4000000000010200(slab|head|zone=1)
[ 1471.460152][ T4941] raw: 4000000000010200 ffffea00047e8700 0000000400000004 ffff88810004c300
[ 1471.468571][ T4941] raw: ffff88811f8c9000 000000008010000b 00000001ffffffff 0000000000000000
[ 1471.476992][ T4941] page dumped because: kasan: bad access detected
[ 1471.483235][ T4941] page_owner tracks the page as allocated
[ 1471.488790][ T4941] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 1972, ts 1087064259248, free_ts 0
[ 1471.508755][ T4941]  post_alloc_hook+0x1ab/0x1b0
[ 1471.513446][ T4941]  get_page_from_freelist+0x38b/0x400
[ 1471.518649][ T4941]  __alloc_pages+0x3a8/0x7c0
[ 1471.523072][ T4941]  allocate_slab+0x62/0x580
[ 1471.527409][ T4941]  ___slab_alloc+0x2e2/0x6f0
[ 1471.531838][ T4941]  __slab_alloc+0x4a/0x90
[ 1471.536002][ T4941]  __kmalloc+0x25b/0x350
[ 1471.540082][ T4941]  __d_alloc+0xab/0x6b0
[ 1471.544074][ T4941]  d_alloc_parallel+0xe0/0x12b0
[ 1471.548759][ T4941]  __lookup_slow+0x14e/0x400
[ 1471.553185][ T4941]  lookup_slow+0x5a/0x80
[ 1471.557266][ T4941]  walk_component+0x425/0x5a0
[ 1471.561780][ T4941]  path_lookupat+0x18d/0x460
[ 1471.566208][ T4941]  filename_lookup+0x277/0x640
[ 1471.570806][ T4941]  user_path_at_empty+0x44/0x1b0
[ 1471.575579][ T4941]  vfs_statx+0x104/0x6a0
[ 1471.579660][ T4941] page_owner free stack trace missing
[ 1471.584866][ T4941] 
[ 1471.587040][ T4941] Memory state around the buggy address:
[ 1471.592507][ T4941]  ffff88811f8c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1471.600404][ T4941]  ffff88811f8c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1471.608318][ T4941] >ffff88811f8ca000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1471.616285][ T4941]                          ^
[ 1471.620714][ T4941]  ffff88811f8ca080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1471.628617][ T4941]  ffff88811f8ca100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1471.636630][ T4941] ==================================================================
[ 1471.644498][ T4941] Disabling lock debugging due to kernel taint
[ 1471.651986][   T30] audit: type=1400 audit(1668521865.109:71): avc:  denied  { unlink } for  pid=164 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program