Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts. 2023/12/19 08:23:19 ignoring optional flag "sandboxArg"="0" 2023/12/19 08:23:19 parsed 1 programs 2023/12/19 08:23:19 executed programs: 0 [ 37.723504][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 37.723510][ T29] audit: type=1400 audit(1702974199.172:150): avc: denied { mounton } for pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.778642][ T29] audit: type=1400 audit(1702974199.172:151): avc: denied { mount } for pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.809855][ T29] audit: type=1400 audit(1702974199.172:152): avc: denied { setattr } for pid=338 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 37.832804][ T29] audit: type=1400 audit(1702974199.182:153): avc: denied { mounton } for pid=343 comm="syz-executor.2" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 37.878041][ T343] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.884914][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.892086][ T343] device bridge_slave_0 entered promiscuous mode [ 37.918214][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.925234][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.932370][ T343] device bridge_slave_1 entered promiscuous mode [ 37.956464][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.963351][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.970443][ T350] device bridge_slave_0 entered promiscuous mode [ 37.977718][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.984630][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.991652][ T350] device bridge_slave_1 entered promiscuous mode [ 38.034815][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.041720][ T346] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.048804][ T346] device bridge_slave_0 entered promiscuous mode [ 38.056457][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.063437][ T346] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.070529][ T346] device bridge_slave_1 entered promiscuous mode [ 38.084593][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.091585][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.098650][ T354] device bridge_slave_0 entered promiscuous mode [ 38.116348][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.123417][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.130562][ T354] device bridge_slave_1 entered promiscuous mode [ 38.162968][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.169839][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.177318][ T355] device bridge_slave_0 entered promiscuous mode [ 38.184040][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.190954][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.197941][ T355] device bridge_slave_1 entered promiscuous mode [ 38.212079][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.218922][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.225997][ T356] device bridge_slave_0 entered promiscuous mode [ 38.248348][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.255350][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.262459][ T356] device bridge_slave_1 entered promiscuous mode [ 38.292697][ T343] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.299532][ T343] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.306589][ T343] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.313554][ T343] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.377562][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.384553][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.391632][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.398967][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.422060][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.429030][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.435925][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.443065][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.450869][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.458132][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.495834][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.504263][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.512344][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.519178][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.526283][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.534159][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.540992][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.548110][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.556058][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.562984][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.570243][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.578139][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.584896][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.592020][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.599632][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.624733][ T354] device veth0_vlan entered promiscuous mode [ 38.638045][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.645860][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.654765][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.662536][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.670980][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.689447][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.696567][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.704546][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.711388][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.718613][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.726584][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.733624][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.741103][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.748868][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.756477][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.764404][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.781938][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.789193][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.797502][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.804415][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.811643][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.819810][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.826622][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.835448][ T354] device veth1_macvtap entered promiscuous mode [ 38.842849][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.850552][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.863189][ T343] device veth0_vlan entered promiscuous mode [ 38.881565][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.888985][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.897054][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.905769][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.914110][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.921263][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.929547][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.937418][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.944200][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.951343][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.959361][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.966170][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.973336][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.980944][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.998138][ T356] device veth0_vlan entered promiscuous mode [ 39.007877][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.015956][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.023645][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.030856][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.038105][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.045616][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.052816][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.059954][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.068301][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.076301][ T300] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.083237][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.090512][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.098494][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.106322][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.113149][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.120330][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.128043][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.135679][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.143377][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.151491][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.159695][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.170294][ T350] device veth0_vlan entered promiscuous mode [ 39.184562][ T355] device veth0_vlan entered promiscuous mode [ 39.195106][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.203511][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.211478][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.219455][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.226889][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.234677][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.242400][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.250010][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.257847][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.265616][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.273729][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.282078][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.289983][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.297664][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.305619][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.313737][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.320951][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.328136][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.335353][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.343128][ T343] device veth1_macvtap entered promiscuous mode [ 39.351795][ T356] device veth1_macvtap entered promiscuous mode [ 39.363719][ T350] device veth1_macvtap entered promiscuous mode [ 39.371534][ T29] audit: type=1400 audit(1702974200.822:154): avc: denied { mounton } for pid=378 comm="syz-executor.1" path="/root/syzkaller-testdir3983410117/syzkaller.ZuanN2/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.374829][ T355] device veth1_macvtap entered promiscuous mode [ 39.412614][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.421181][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.428914][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.436766][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.444944][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.452506][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.460761][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.468964][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.476870][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.485045][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.493127][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.509754][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.517798][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.526137][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.534207][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.542548][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.550517][ T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.575933][ T346] device veth0_vlan entered promiscuous mode [ 39.584140][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.592020][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.599840][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.606965][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.615249][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.623539][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.631552][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.639596][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.647512][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.663930][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.672686][ T346] device veth1_macvtap entered promiscuous mode [ 39.682612][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.690630][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.699754][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.707703][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.797604][ T404] ================================================================== [ 39.805907][ T404] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 39.812762][ T404] Read of size 256 at addr ffff88811ef3b410 by task syz-executor.4/404 [ 39.820840][ T404] [ 39.823005][ T404] CPU: 1 PID: 404 Comm: syz-executor.4 Not tainted 5.15.139-syzkaller #0 [ 39.831245][ T404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 39.841230][ T404] Call Trace: [ 39.844352][ T404] [ 39.847134][ T404] dump_stack_lvl+0x38/0x49 [ 39.851471][ T404] print_address_description.constprop.0+0x24/0x160 [ 39.857953][ T404] ? fuse_copy_one+0x84/0x310 [ 39.863101][ T404] kasan_report.cold+0x82/0xdb [ 39.867730][ T404] ? fuse_copy_one+0x84/0x310 [ 39.872223][ T404] kasan_check_range+0x148/0x190 [ 39.876988][ T404] memcpy+0x24/0x60 [ 39.880635][ T404] fuse_copy_one+0x84/0x310 [ 39.885166][ T404] ? fuse_copy_finish+0x240/0x240 [ 39.890011][ T404] fuse_copy_args+0x84/0x360 [ 39.894441][ T404] ? memcpy+0x4e/0x60 [ 39.898255][ T404] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 39.904164][ T404] ? futex_wait_queue_me+0x6d0/0x6d0 [ 39.909276][ T404] ? fuse_copy_args+0x360/0x360 [ 39.914087][ T404] fuse_dev_read+0x13d/0x1e0 [ 39.918629][ T404] ? fuse_dev_splice_read+0x490/0x490 [ 39.923874][ T404] ? __pmd_alloc+0x330/0x330 [ 39.928265][ T404] new_sync_read+0x353/0x6d0 [ 39.932695][ T404] ? fsnotify+0xe30/0xe30 [ 39.936939][ T404] ? ksys_lseek+0x140/0x140 [ 39.941280][ T404] ? put_vma+0x1a/0x50 [ 39.945281][ T404] ? selinux_file_permission+0x2f1/0x3f0 [ 39.951605][ T404] ? fsnotify+0xe30/0xe30 [ 39.955777][ T404] vfs_read+0x347/0x4b0 [ 39.960049][ T404] ksys_read+0x111/0x210 [ 39.964130][ T404] ? vfs_write+0x8e0/0x8e0 [ 39.968381][ T404] ? __kasan_check_write+0x14/0x20 [ 39.973334][ T404] ? switch_fpu_return+0xec/0x1f0 [ 39.978371][ T404] __x64_sys_read+0x6e/0xb0 [ 39.982701][ T404] ? syscall_exit_to_user_mode+0x2f/0x40 [ 39.988167][ T404] do_syscall_64+0x35/0xb0 [ 39.992429][ T404] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 39.998335][ T404] RIP: 0033:0x7f16c9505db9 [ 40.002625][ T404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 40.022029][ T404] RSP: 002b:00007f16c90260c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 40.030270][ T404] RAX: ffffffffffffffda RBX: 00007f16c96261f0 RCX: 00007f16c9505db9 [ 40.038082][ T404] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 40.045991][ T404] RBP: 00007f16c9562ad0 R08: 0000000000000000 R09: 0000000000000000 [ 40.053795][ T404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 40.061617][ T404] R13: 000000000000006e R14: 00007f16c96261f0 R15: 00007ffe1f031938 [ 40.069527][ T404] [ 40.072381][ T404] [ 40.074641][ T404] Allocated by task 390: [ 40.078718][ T404] kasan_save_stack+0x26/0x50 [ 40.083226][ T404] __kasan_kmalloc+0xae/0xe0 [ 40.087654][ T404] __kmalloc+0x2d5/0x4e0 [ 40.091734][ T404] __d_alloc+0x593/0x8a0 [ 40.095854][ T404] d_alloc+0x3c/0x210 [ 40.099633][ T404] d_alloc_parallel+0xdc/0x1090 [ 40.104318][ T404] __lookup_slow+0x106/0x3d0 [ 40.108749][ T404] walk_component+0x3a1/0x690 [ 40.113346][ T404] path_lookupat+0x11f/0x6b0 [ 40.117913][ T404] filename_lookup+0x192/0x510 [ 40.122468][ T404] user_path_at_empty+0x3a/0x60 [ 40.127249][ T404] __x64_sys_mount+0x1a0/0x280 [ 40.131848][ T404] do_syscall_64+0x35/0xb0 [ 40.136100][ T404] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.141821][ T404] [ 40.143990][ T404] Freed by task 387: [ 40.147729][ T404] kasan_save_stack+0x26/0x50 [ 40.152238][ T404] kasan_set_track+0x25/0x30 [ 40.156683][ T404] kasan_set_free_info+0x24/0x40 [ 40.161437][ T404] __kasan_slab_free+0x111/0x150 [ 40.166208][ T404] slab_free_freelist_hook+0x94/0x1a0 [ 40.171617][ T404] kmem_cache_free_bulk+0x3be/0x7a0 [ 40.176713][ T404] kfree_rcu_work+0x418/0x8b0 [ 40.181224][ T404] process_one_work+0x62c/0xec0 [ 40.185911][ T404] worker_thread+0x48e/0xdb0 [ 40.190366][ T404] kthread+0x324/0x3e0 [ 40.194244][ T404] ret_from_fork+0x1f/0x30 [ 40.198496][ T404] [ 40.200669][ T404] Last potentially related work creation: [ 40.206222][ T404] kasan_save_stack+0x26/0x50 [ 40.210732][ T404] __kasan_record_aux_stack+0xd8/0xf0 [ 40.215942][ T404] kasan_record_aux_stack_noalloc+0xb/0x10 [ 40.221601][ T404] kvfree_call_rcu+0x98/0x8e0 [ 40.226098][ T404] __d_move+0x3f1/0x13a0 [ 40.230180][ T404] d_splice_alias+0x8a7/0xb40 [ 40.234692][ T404] fuse_lookup+0x5a6/0x15a0 [ 40.239031][ T404] __lookup_slow+0x19b/0x3d0 [ 40.243453][ T404] walk_component+0x3a1/0x690 [ 40.247981][ T404] link_path_walk.part.0+0x57b/0xb30 [ 40.253087][ T404] path_parentat+0x8f/0x160 [ 40.257429][ T404] filename_parentat+0x192/0x550 [ 40.262198][ T404] filename_create+0x93/0x3e0 [ 40.266715][ T404] do_mkdirat+0x9c/0x2c0 [ 40.270830][ T404] __x64_sys_mkdir+0xd5/0x120 [ 40.275305][ T404] do_syscall_64+0x35/0xb0 [ 40.279651][ T404] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.285548][ T404] [ 40.287716][ T404] The buggy address belongs to the object at ffff88811ef3b400 [ 40.287716][ T404] which belongs to the cache kmalloc-rcl-512 of size 512 [ 40.301960][ T404] The buggy address is located 16 bytes inside of [ 40.301960][ T404] 512-byte region [ffff88811ef3b400, ffff88811ef3b600) [ 40.315144][ T404] The buggy address belongs to the page: [ 40.320616][ T404] page:ffffea00047bce00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ef38 [ 40.330975][ T404] head:ffffea00047bce00 order:2 compound_mapcount:0 compound_pincount:0 [ 40.339542][ T404] flags: 0x4000000000010200(slab|head|zone=1) [ 40.345448][ T404] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 40.353892][ T404] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 40.362281][ T404] page dumped because: kasan: bad access detected [ 40.368529][ T404] page_owner tracks the page as allocated [ 40.374216][ T404] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 388, ts 39571622946, free_ts 0 [ 40.395455][ T404] prep_new_page+0x1a2/0x310 [ 40.400049][ T404] get_page_from_freelist+0x1ce2/0x30a0 [ 40.405429][ T404] __alloc_pages+0x23f/0x2400 [ 40.409945][ T404] allocate_slab+0x39d/0x530 [ 40.414459][ T404] ___slab_alloc.constprop.0+0x3ca/0x890 [ 40.420016][ T404] __slab_alloc.constprop.0+0x42/0x80 [ 40.425310][ T404] __kmalloc+0x49f/0x4e0 [ 40.429388][ T404] __d_alloc+0x593/0x8a0 [ 40.433463][ T404] d_alloc+0x3c/0x210 [ 40.437284][ T404] d_alloc_parallel+0xdc/0x1090 [ 40.442249][ T404] __lookup_slow+0x106/0x3d0 [ 40.446761][ T404] walk_component+0x3a1/0x690 [ 40.451357][ T404] path_lookupat+0x11f/0x6b0 [ 40.455790][ T404] filename_lookup+0x192/0x510 [ 40.460400][ T404] user_path_at_empty+0x3a/0x60 [ 40.465078][ T404] __x64_sys_mount+0x1a0/0x280 [ 40.469765][ T404] page_owner free stack trace missing [ 40.474968][ T404] [ 40.477137][ T404] Memory state around the buggy address: [ 40.482607][ T404] ffff88811ef3b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.490614][ T404] ffff88811ef3b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.498489][ T404] >ffff88811ef3b400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.506567][ T404] ^ [ 40.510991][ T404] ffff88811ef3b480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.519109][ T404] ffff88811ef3b500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.526955][ T404] ================================================================== [ 40.534971][ T404] Disabling lock debugging due to kernel taint [ 40.543335][ T29] audit: type=1400 audit(1702974201.992:155): avc: denied { unmount } for pid=350 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/12/19 08:23:24 executed programs: 24 2023/12/19 08:23:29 executed programs: 60