[ 30.585952][ T194] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.593499][ T194] device bridge_slave_0 left promiscuous mode [ 30.599479][ T194] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.607081][ T194] device veth1_macvtap left promiscuous mode [ 30.613340][ T194] device veth0_vlan left promiscuous mode [ 40.578110][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 40.578118][ T30] audit: type=1400 audit(1685671130.160:147): avc: denied { transition } for pid=324 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.606635][ T30] audit: type=1400 audit(1685671130.170:148): avc: denied { noatsecure } for pid=324 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.626711][ T30] audit: type=1400 audit(1685671130.170:149): avc: denied { rlimitinh } for pid=324 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 40.646343][ T30] audit: type=1400 audit(1685671130.170:150): avc: denied { siginh } for pid=324 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. 2023/06/02 01:58:57 ignoring optional flag "sandboxArg"="0" 2023/06/02 01:58:57 parsed 1 programs 2023/06/02 01:58:57 executed programs: 0 [ 47.542163][ T30] audit: type=1400 audit(1685671137.130:151): avc: denied { mounton } for pid=345 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 47.576572][ T30] audit: type=1400 audit(1685671137.130:152): avc: denied { mount } for pid=345 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 47.670950][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.678191][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.686571][ T354] device bridge_slave_0 entered promiscuous mode [ 47.697833][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.705130][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.712308][ T354] device bridge_slave_1 entered promiscuous mode [ 47.752777][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.760070][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.767684][ T351] device bridge_slave_0 entered promiscuous mode [ 47.777347][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.784647][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.791764][ T360] device bridge_slave_0 entered promiscuous mode [ 47.800262][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.807235][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.814614][ T360] device bridge_slave_1 entered promiscuous mode [ 47.825197][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.832800][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.840479][ T352] device bridge_slave_0 entered promiscuous mode [ 47.847021][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.854067][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.861696][ T351] device bridge_slave_1 entered promiscuous mode [ 47.878516][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.885614][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.893365][ T352] device bridge_slave_1 entered promiscuous mode [ 47.902402][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.909670][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.916879][ T357] device bridge_slave_0 entered promiscuous mode [ 47.941226][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.948352][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.955882][ T357] device bridge_slave_1 entered promiscuous mode [ 47.962561][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.969784][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.976805][ T366] device bridge_slave_0 entered promiscuous mode [ 47.985325][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.992344][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.000139][ T366] device bridge_slave_1 entered promiscuous mode [ 48.035768][ T30] audit: type=1400 audit(1685671137.620:153): avc: denied { write } for pid=354 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.056922][ T30] audit: type=1400 audit(1685671137.620:154): avc: denied { read } for pid=354 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 48.106858][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.113707][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.120946][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.128016][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.178124][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.185335][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.192430][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.199293][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.268020][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.274975][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.282149][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.289013][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.298352][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.305735][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.312911][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.320393][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.328469][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.335889][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.344323][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.351581][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.366065][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.374169][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.381027][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.392150][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.400733][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.407865][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.415204][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.438449][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.446833][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.453778][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.483559][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.492296][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.500725][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.508236][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.515630][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.523767][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.531862][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.539934][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.548353][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.556652][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.563652][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.570847][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.579194][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.586010][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.605441][ T360] device veth0_vlan entered promiscuous mode [ 48.620395][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.628796][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.637499][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.645518][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.653162][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.676249][ T354] device veth0_vlan entered promiscuous mode [ 48.685790][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.694334][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.702892][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.710483][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.718285][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.728468][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.735322][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.743436][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.751406][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.759486][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.767162][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.774673][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.782922][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.791287][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.798138][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.805763][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.814287][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.823391][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.830816][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.838067][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.845913][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.854065][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.862145][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.869984][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 48.878156][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.886736][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.894883][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.903029][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.909944][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.917882][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.926109][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.934142][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.941016][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.948215][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 48.956138][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.965754][ T352] device veth0_vlan entered promiscuous mode [ 48.979773][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.987471][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.994991][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.002484][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.010216][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.018881][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.027459][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.034946][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.042643][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.051010][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.064650][ T360] device veth1_macvtap entered promiscuous mode [ 49.075450][ T357] device veth0_vlan entered promiscuous mode [ 49.083808][ T352] device veth1_macvtap entered promiscuous mode [ 49.095725][ T351] device veth0_vlan entered promiscuous mode [ 49.105643][ T366] device veth0_vlan entered promiscuous mode [ 49.112080][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.120632][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.128545][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.137500][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.145796][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.153422][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.161682][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.168866][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.176891][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.184191][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.191872][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.199351][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.206679][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.214793][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.222918][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.236059][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.244299][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.252579][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.261308][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.273532][ T354] device veth1_macvtap entered promiscuous mode [ 49.285445][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.293634][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.302602][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.310722][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.319732][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.327335][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.336070][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.344238][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.352611][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.363970][ T357] device veth1_macvtap entered promiscuous mode [ 49.377196][ T366] device veth1_macvtap entered promiscuous mode [ 49.385801][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.394834][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.403134][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.411455][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.419719][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.427896][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.436278][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.444739][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.455475][ T351] device veth1_macvtap entered promiscuous mode [ 49.469545][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.477667][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.485902][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.494767][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.503077][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.513520][ T30] audit: type=1400 audit(1685671139.100:155): avc: denied { mounton } for pid=352 comm="syz-executor.2" path="/dev/binderfs" dev="devtmpfs" ino=360 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 49.566190][ T30] audit: type=1400 audit(1685671139.150:156): avc: denied { mounton } for pid=387 comm="syz-executor.2" path="/root/syzkaller-testdir4182832060/syzkaller.wCpDhr/0/file0" dev="sda1" ino=1948 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 49.579761][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.602725][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.610658][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.618618][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.627254][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.635923][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.644161][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.394849][ T30] audit: type=1400 audit(1685671139.980:157): avc: denied { unmount } for pid=352 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/06/02 01:59:02 executed programs: 24 2023/06/02 01:59:07 executed programs: 60 2023/06/02 01:59:12 executed programs: 96 2023/06/02 01:59:17 executed programs: 132 2023/06/02 01:59:22 executed programs: 168 2023/06/02 01:59:27 executed programs: 204 2023/06/02 01:59:32 executed programs: 240 2023/06/02 01:59:37 executed programs: 276 2023/06/02 01:59:42 executed programs: 312 2023/06/02 01:59:47 executed programs: 348 [ 101.160173][ T2305] ================================================================== [ 101.168393][ T2305] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 101.175423][ T2305] Read of size 256 at addr ffff88811bd21010 by task syz-executor.4/2305 [ 101.183845][ T2305] [ 101.186071][ T2305] CPU: 0 PID: 2305 Comm: syz-executor.4 Not tainted 5.15.106-syzkaller #0 [ 101.194797][ T2305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 101.204938][ T2305] Call Trace: [ 101.208162][ T2305] [ 101.211102][ T2305] dump_stack_lvl+0x38/0x49 [ 101.215524][ T2305] print_address_description.constprop.0+0x24/0x160 [ 101.222124][ T2305] ? fuse_copy_one+0x84/0x310 [ 101.226639][ T2305] kasan_report.cold+0x82/0xdb [ 101.231239][ T2305] ? fuse_copy_one+0x84/0x310 [ 101.235932][ T2305] kasan_check_range+0x148/0x190 [ 101.241150][ T2305] memcpy+0x24/0x60 [ 101.244983][ T2305] fuse_copy_one+0x84/0x310 [ 101.249295][ T2305] ? fuse_copy_finish+0x240/0x240 [ 101.254325][ T2305] fuse_copy_args+0x84/0x360 [ 101.258877][ T2305] ? memcpy+0x4e/0x60 [ 101.262688][ T2305] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 101.268996][ T2305] ? futex_wait_queue_me+0x6d0/0x6d0 [ 101.274381][ T2305] ? fuse_copy_args+0x360/0x360 [ 101.279320][ T2305] fuse_dev_read+0x13d/0x1e0 [ 101.284153][ T2305] ? fuse_dev_splice_read+0x490/0x490 [ 101.289451][ T2305] new_sync_read+0x353/0x6d0 [ 101.293865][ T2305] ? ksys_lseek+0x140/0x140 [ 101.298378][ T2305] ? fsnotify_perm.part.0+0x1a9/0x4d0 [ 101.304578][ T2305] ? security_file_permission+0x6f/0x90 [ 101.312825][ T2305] vfs_read+0x20f/0x4a0 [ 101.317176][ T2305] ksys_read+0x111/0x210 [ 101.321433][ T2305] ? vfs_write+0x8e0/0x8e0 [ 101.325766][ T2305] ? __kasan_check_write+0x14/0x20 [ 101.330798][ T2305] ? switch_fpu_return+0xec/0x200 [ 101.335929][ T2305] __x64_sys_read+0x6e/0xb0 [ 101.340282][ T2305] ? syscall_exit_to_user_mode+0x21/0x40 [ 101.345815][ T2305] do_syscall_64+0x35/0xb0 [ 101.350149][ T2305] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.356056][ T2305] RIP: 0033:0x7f332fed9639 [ 101.360303][ T2305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 101.380361][ T2305] RSP: 002b:00007f332f9ea168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 101.388687][ T2305] RAX: ffffffffffffffda RBX: 00007f332fffa1f0 RCX: 00007f332fed9639 [ 101.396850][ T2305] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 101.404658][ T2305] RBP: 00007f332ff34ae9 R08: 0000000000000000 R09: 0000000000000000 [ 101.413186][ T2305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.421080][ T2305] R13: 00007fff946cb85f R14: 00007f332f9ea300 R15: 0000000000022000 [ 101.428888][ T2305] [ 101.431750][ T2305] [ 101.433923][ T2305] Allocated by task 2287: [ 101.438084][ T2305] kasan_save_stack+0x26/0x50 [ 101.442947][ T2305] __kasan_kmalloc+0xae/0xe0 [ 101.448102][ T2305] __kmalloc+0x1aa/0x380 [ 101.452386][ T2305] __d_alloc+0x5ae/0x8c0 [ 101.457674][ T2305] d_alloc+0x3c/0x210 [ 101.461494][ T2305] d_alloc_parallel+0xdc/0x1090 [ 101.466757][ T2305] __lookup_slow+0x106/0x3d0 [ 101.471361][ T2305] walk_component+0x3a1/0x690 [ 101.475954][ T2305] path_lookupat+0x11f/0x6b0 [ 101.480556][ T2305] filename_lookup+0x192/0x510 [ 101.485290][ T2305] user_path_at_empty+0x3a/0x60 [ 101.490063][ T2305] __x64_sys_mount+0x1a0/0x280 [ 101.494748][ T2305] do_syscall_64+0x35/0xb0 [ 101.499008][ T2305] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.504907][ T2305] [ 101.507071][ T2305] Freed by task 304: [ 101.510980][ T2305] kasan_save_stack+0x26/0x50 [ 101.515522][ T2305] kasan_set_track+0x25/0x30 [ 101.519916][ T2305] kasan_set_free_info+0x24/0x40 [ 101.524872][ T2305] __kasan_slab_free+0x111/0x150 [ 101.529645][ T2305] slab_free_freelist_hook+0x94/0x1a0 [ 101.535371][ T2305] kmem_cache_free_bulk+0x1ed/0x850 [ 101.540748][ T2305] kfree_rcu_work+0x4a7/0x9b0 [ 101.545357][ T2305] process_one_work+0x66c/0xff0 [ 101.550165][ T2305] worker_thread+0x55b/0xf30 [ 101.555268][ T2305] kthread+0x35d/0x430 [ 101.559151][ T2305] ret_from_fork+0x1f/0x30 [ 101.563492][ T2305] [ 101.566277][ T2305] Last potentially related work creation: [ 101.572022][ T2305] kasan_save_stack+0x26/0x50 [ 101.576885][ T2305] __kasan_record_aux_stack+0xd8/0xf0 [ 101.582089][ T2305] kasan_record_aux_stack_noalloc+0xb/0x10 [ 101.587913][ T2305] kvfree_call_rcu+0x98/0xa60 [ 101.592805][ T2305] __d_move+0x472/0x16a0 [ 101.596882][ T2305] d_splice_alias+0x8a7/0xb40 [ 101.601579][ T2305] fuse_lookup.part.0+0x174/0x320 [ 101.606468][ T2305] fuse_lookup+0x5a/0x70 [ 101.610691][ T2305] __lookup_slow+0x19b/0x3d0 [ 101.615900][ T2305] walk_component+0x3a1/0x690 [ 101.620586][ T2305] link_path_walk.part.0+0x57b/0xb30 [ 101.625708][ T2305] path_parentat+0x8f/0x160 [ 101.630485][ T2305] filename_parentat+0x192/0x550 [ 101.635601][ T2305] filename_create+0x93/0x3e0 [ 101.640116][ T2305] do_mkdirat+0x9c/0x2c0 [ 101.644295][ T2305] __x64_sys_mkdir+0xd5/0x120 [ 101.648896][ T2305] do_syscall_64+0x35/0xb0 [ 101.653145][ T2305] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 101.658881][ T2305] [ 101.661042][ T2305] The buggy address belongs to the object at ffff88811bd21000 [ 101.661042][ T2305] which belongs to the cache kmalloc-rcl-512 of size 512 [ 101.675641][ T2305] The buggy address is located 16 bytes inside of [ 101.675641][ T2305] 512-byte region [ffff88811bd21000, ffff88811bd21200) [ 101.690631][ T2305] The buggy address belongs to the page: [ 101.696735][ T2305] page:ffffea00046f4800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bd20 [ 101.707738][ T2305] head:ffffea00046f4800 order:2 compound_mapcount:0 compound_pincount:0 [ 101.715915][ T2305] flags: 0x4000000000010200(slab|head|zone=1) [ 101.721988][ T2305] raw: 4000000000010200 ffffea0004953200 0000000300000003 ffff88810004c300 [ 101.731655][ T2305] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 101.740243][ T2305] page dumped because: kasan: bad access detected [ 101.746772][ T2305] page_owner tracks the page as allocated [ 101.752415][ T2305] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 1104, ts 68940110458, free_ts 68103793617 [ 101.774814][ T2305] post_alloc_hook+0x13a/0x160 [ 101.779413][ T2305] get_page_from_freelist+0x1773/0x2890 [ 101.786104][ T2305] __alloc_pages+0x272/0x580 [ 101.790708][ T2305] allocate_slab+0x320/0x460 [ 101.795353][ T2305] ___slab_alloc.constprop.0+0x427/0xa80 [ 101.801002][ T2305] __slab_alloc.constprop.0+0x4a/0xa0 [ 101.807479][ T2305] __kmalloc+0x325/0x380 [ 101.811793][ T2305] __d_alloc+0x5ae/0x8c0 [ 101.816388][ T2305] d_alloc+0x3c/0x210 [ 101.820304][ T2305] d_alloc_parallel+0xdc/0x1090 [ 101.826278][ T2305] __lookup_slow+0x106/0x3d0 [ 101.830705][ T2305] walk_component+0x3a1/0x690 [ 101.835219][ T2305] path_lookupat+0x11f/0x6b0 [ 101.839829][ T2305] filename_lookup+0x192/0x510 [ 101.844964][ T2305] user_path_at_empty+0x3a/0x60 [ 101.849925][ T2305] __x64_sys_mount+0x1a0/0x280 [ 101.854490][ T2305] page last free stack trace: [ 101.859369][ T2305] free_pcp_prepare+0x1e3/0x4d0 [ 101.864055][ T2305] free_unref_page+0x70/0x4a0 [ 101.868875][ T2305] __free_pages+0xe7/0x100 [ 101.873081][ T2305] __free_slab+0xee/0x1e0 [ 101.877507][ T2305] discard_slab+0x2b/0x40 [ 101.881671][ T2305] __unfreeze_partials+0x1e2/0x230 [ 101.886706][ T2305] put_cpu_partial+0xa6/0xe0 [ 101.891132][ T2305] __slab_free+0x21e/0x4d0 [ 101.895385][ T2305] ___cache_free+0x209/0x260 [ 101.899915][ T2305] qlist_free_all+0x6e/0x150 [ 101.904522][ T2305] kasan_quarantine_reduce+0x15f/0x1d0 [ 101.910170][ T2305] __kasan_slab_alloc+0xaa/0xc0 [ 101.914932][ T2305] kmem_cache_alloc+0x197/0x4a0 [ 101.919789][ T2305] getname_flags.part.0+0x4d/0x480 [ 101.924915][ T2305] getname+0x75/0xa0 [ 101.928739][ T2305] do_sys_openat2+0xd4/0x4a0 [ 101.933242][ T2305] [ 101.935501][ T2305] Memory state around the buggy address: [ 101.941149][ T2305] ffff88811bd20f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.949066][ T2305] ffff88811bd20f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 101.957391][ T2305] >ffff88811bd21000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.965472][ T2305] ^ [ 101.969892][ T2305] ffff88811bd21080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.978495][ T2305] ffff88811bd21100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 101.986486][ T2305] ================================================================== [ 101.994643][ T2305] Disabling lock debugging due to kernel taint 2023/06/02 01:59:53 executed programs: 384 2023/06/02 01:59:58 executed programs: 420