Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. 2024/01/19 00:03:21 ignoring optional flag "sandboxArg"="0" 2024/01/19 00:03:21 parsed 1 programs 2024/01/19 00:03:21 executed programs: 0 [ 39.679808][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 39.679815][ T29] audit: type=1400 audit(1705622601.827:150): avc: denied { mounton } for pid=333 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 39.713494][ T29] audit: type=1400 audit(1705622601.837:151): avc: denied { mount } for pid=333 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.759559][ T29] audit: type=1400 audit(1705622601.837:152): avc: denied { setattr } for pid=333 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 39.783297][ T29] audit: type=1400 audit(1705622601.867:153): avc: denied { mounton } for pid=342 comm="syz-executor.4" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 39.879896][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.886995][ T342] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.894364][ T342] device bridge_slave_0 entered promiscuous mode [ 39.918491][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.925473][ T342] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.932756][ T342] device bridge_slave_1 entered promiscuous mode [ 39.983286][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.990654][ T339] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.998074][ T339] device bridge_slave_0 entered promiscuous mode [ 40.020209][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.027770][ T339] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.035490][ T339] device bridge_slave_1 entered promiscuous mode [ 40.057378][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.065188][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.072708][ T351] device bridge_slave_0 entered promiscuous mode [ 40.089587][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.097756][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.105199][ T348] device bridge_slave_0 entered promiscuous mode [ 40.113665][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.120930][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.130071][ T348] device bridge_slave_1 entered promiscuous mode [ 40.141707][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.149163][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.156900][ T351] device bridge_slave_1 entered promiscuous mode [ 40.200349][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.207564][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.215093][ T349] device bridge_slave_0 entered promiscuous mode [ 40.230554][ T345] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.237570][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.245145][ T345] device bridge_slave_0 entered promiscuous mode [ 40.255450][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.262808][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.270445][ T349] device bridge_slave_1 entered promiscuous mode [ 40.287797][ T345] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.294904][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.302368][ T345] device bridge_slave_1 entered promiscuous mode [ 40.471998][ T348] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.479021][ T348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.486242][ T348] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.493335][ T348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.501217][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.508121][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.515673][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.522858][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.542219][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.549564][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.557901][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.564649][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.575287][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.582470][ T339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.589649][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.596511][ T339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.616650][ T345] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.623561][ T345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.630776][ T345] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.637582][ T345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.656689][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.664238][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.671324][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.678556][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.709439][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.717137][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.724521][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.731795][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.739348][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.746598][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.753978][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.761283][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.768709][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.776011][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.783167][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.790449][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.798890][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.806133][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.836037][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.846169][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.863360][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.871219][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.879040][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.886453][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.894720][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.901932][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.909252][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.917552][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.924513][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.931878][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.939674][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.947430][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.955811][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.962666][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.970060][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.978301][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.985333][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.992460][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.000343][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.007584][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.015094][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.023212][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.031593][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.038415][ T296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.045652][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.053866][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.061940][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.068810][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.103800][ T342] device veth0_vlan entered promiscuous mode [ 41.115099][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.122281][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.131273][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.138646][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.145964][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.154326][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.162297][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.169059][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.176231][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.184417][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.192459][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.199433][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.206662][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.214583][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.222415][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.230403][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.238228][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.246224][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.254099][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.261316][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.268601][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.276314][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.291072][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.299296][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.307392][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.314318][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.321717][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.330968][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.339206][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.346154][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.353610][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.361740][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.370056][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.378015][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.384855][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.395574][ T351] device veth0_vlan entered promiscuous mode [ 41.405379][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.413280][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.420639][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.428173][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.436783][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.445105][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.453368][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.461518][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.468313][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.477454][ T348] device veth0_vlan entered promiscuous mode [ 41.489075][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.496733][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.503935][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.511107][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.519081][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.527085][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.535122][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.551761][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.560675][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.569055][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.584652][ T351] device veth1_macvtap entered promiscuous mode [ 41.593511][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.602570][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.610611][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.618742][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.628470][ T348] device veth1_macvtap entered promiscuous mode [ 41.635312][ T342] device veth1_macvtap entered promiscuous mode [ 41.650068][ T349] device veth0_vlan entered promiscuous mode [ 41.660546][ T345] device veth0_vlan entered promiscuous mode [ 41.667947][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.676275][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.684222][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.691781][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.699390][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.707212][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.715262][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.722918][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.730793][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.738869][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.747347][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.754791][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.762125][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.769779][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.777495][ T339] device veth0_vlan entered promiscuous mode [ 41.794594][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.802932][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.811211][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.819726][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.830991][ T345] device veth1_macvtap entered promiscuous mode [ 41.850905][ T29] audit: type=1400 audit(1705622603.997:154): avc: denied { mounton } for pid=375 comm="syz-executor.1" path="/root/syzkaller-testdir4218984362/syzkaller.JT2RxE/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 41.879369][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.888274][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.897237][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.907600][ T349] device veth1_macvtap entered promiscuous mode [ 41.920879][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.928916][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.936943][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.944594][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.952689][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.961815][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.970505][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.015932][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.024077][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.032384][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.041189][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.049658][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.058096][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.068128][ T339] device veth1_macvtap entered promiscuous mode [ 42.085327][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.093614][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.101891][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.113896][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.122505][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.683656][ T29] audit: type=1400 audit(1705622604.837:155): avc: denied { unmount } for pid=351 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2024/01/19 00:03:27 executed programs: 24 [ 45.439026][ T512] ================================================================== [ 45.447261][ T512] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 45.455326][ T512] Read of size 256 at addr ffff888120bc0810 by task syz-executor.1/512 [ 45.463471][ T512] [ 45.465725][ T512] CPU: 0 PID: 512 Comm: syz-executor.1 Not tainted 5.15.147-syzkaller #0 [ 45.473974][ T512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 45.483872][ T512] Call Trace: [ 45.487958][ T512] [ 45.491032][ T512] dump_stack_lvl+0x38/0x49 [ 45.495772][ T512] print_address_description.constprop.0+0x24/0x160 [ 45.502136][ T512] ? fuse_copy_one+0x84/0x310 [ 45.507020][ T512] kasan_report.cold+0x82/0xdb [ 45.511746][ T512] ? fuse_copy_one+0x84/0x310 [ 45.516339][ T512] kasan_check_range+0x148/0x190 [ 45.521263][ T512] memcpy+0x24/0x60 [ 45.524925][ T512] fuse_copy_one+0x84/0x310 [ 45.529339][ T512] ? fuse_copy_finish+0x240/0x240 [ 45.534292][ T512] fuse_copy_args+0x84/0x360 [ 45.539163][ T512] ? memcpy+0x4e/0x60 [ 45.542998][ T512] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 45.548915][ T512] ? futex_wait_queue_me+0x6d0/0x6d0 [ 45.554123][ T512] ? fuse_copy_args+0x360/0x360 [ 45.558855][ T512] fuse_dev_read+0x13d/0x1e0 [ 45.563458][ T512] ? fuse_dev_splice_read+0x490/0x490 [ 45.568933][ T512] ? __pmd_alloc+0x330/0x330 [ 45.573562][ T512] new_sync_read+0x353/0x6d0 [ 45.577989][ T512] ? fsnotify+0xe30/0xe30 [ 45.582262][ T512] ? ksys_lseek+0x140/0x140 [ 45.586576][ T512] ? put_vma+0x1a/0x50 [ 45.590477][ T512] ? selinux_file_permission+0x2f1/0x3f0 [ 45.595947][ T512] ? fsnotify+0xe30/0xe30 [ 45.600279][ T512] vfs_read+0x347/0x4b0 [ 45.604477][ T512] ksys_read+0x111/0x210 [ 45.608553][ T512] ? vfs_write+0x8e0/0x8e0 [ 45.612824][ T512] ? __kasan_check_write+0x14/0x20 [ 45.617778][ T512] ? switch_fpu_return+0xec/0x1f0 [ 45.622613][ T512] __x64_sys_read+0x6e/0xb0 [ 45.627169][ T512] ? syscall_exit_to_user_mode+0x2f/0x40 [ 45.632723][ T512] do_syscall_64+0x35/0xb0 [ 45.637224][ T512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.643051][ T512] RIP: 0033:0x7f2330e8fdb9 [ 45.647726][ T512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.667541][ T512] RSP: 002b:00007f23309b00c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 45.675871][ T512] RAX: ffffffffffffffda RBX: 00007f2330fb01f0 RCX: 00007f2330e8fdb9 [ 45.683671][ T512] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 45.691528][ T512] RBP: 00007f2330eecad0 R08: 0000000000000000 R09: 0000000000000000 [ 45.699513][ T512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.707402][ T512] R13: 000000000000006e R14: 00007f2330fb01f0 R15: 00007ffd17e91d78 [ 45.715497][ T512] [ 45.718638][ T512] [ 45.720799][ T512] Allocated by task 504: [ 45.724883][ T512] kasan_save_stack+0x26/0x50 [ 45.729391][ T512] __kasan_kmalloc+0xae/0xe0 [ 45.733994][ T512] __kmalloc+0x2d5/0x4e0 [ 45.738054][ T512] __d_alloc+0x593/0x8a0 [ 45.742477][ T512] d_alloc+0x3c/0x210 [ 45.747331][ T512] d_alloc_parallel+0xdc/0x1090 [ 45.752111][ T512] __lookup_slow+0x106/0x3d0 [ 45.756747][ T512] walk_component+0x3a1/0x690 [ 45.761920][ T512] path_lookupat+0x11f/0x6b0 [ 45.766342][ T512] filename_lookup+0x192/0x510 [ 45.770943][ T512] user_path_at_empty+0x3a/0x60 [ 45.775638][ T512] __x64_sys_mount+0x1a0/0x280 [ 45.780233][ T512] do_syscall_64+0x35/0xb0 [ 45.784487][ T512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.790833][ T512] [ 45.793003][ T512] Freed by task 6: [ 45.797194][ T512] kasan_save_stack+0x26/0x50 [ 45.801683][ T512] kasan_set_track+0x25/0x30 [ 45.806244][ T512] kasan_set_free_info+0x24/0x40 [ 45.811116][ T512] __kasan_slab_free+0x111/0x150 [ 45.816135][ T512] slab_free_freelist_hook+0x94/0x1a0 [ 45.821354][ T512] kmem_cache_free_bulk+0x3be/0x7a0 [ 45.826539][ T512] kfree_rcu_work+0x418/0x8b0 [ 45.831219][ T512] process_one_work+0x62c/0xec0 [ 45.836180][ T512] worker_thread+0x48e/0xdb0 [ 45.840686][ T512] kthread+0x324/0x3e0 [ 45.844594][ T512] ret_from_fork+0x1f/0x30 [ 45.848842][ T512] [ 45.851079][ T512] Last potentially related work creation: [ 45.856774][ T512] kasan_save_stack+0x26/0x50 [ 45.861722][ T512] __kasan_record_aux_stack+0xd8/0xf0 [ 45.866922][ T512] kasan_record_aux_stack_noalloc+0xb/0x10 [ 45.872679][ T512] kvfree_call_rcu+0x98/0x8e0 [ 45.877191][ T512] __d_move+0x3f1/0x13a0 [ 45.881490][ T512] d_splice_alias+0x8a7/0xb40 [ 45.885999][ T512] fuse_lookup+0x5a6/0x15a0 [ 45.890329][ T512] __lookup_slow+0x19b/0x3d0 [ 45.895118][ T512] walk_component+0x3a1/0x690 [ 45.899626][ T512] link_path_walk.part.0+0x57b/0xb30 [ 45.904822][ T512] path_parentat+0x8f/0x160 [ 45.909421][ T512] __filename_parentat+0x19e/0x630 [ 45.914541][ T512] filename_create+0x95/0x3e0 [ 45.919321][ T512] do_mkdirat+0x9c/0x2c0 [ 45.923552][ T512] __x64_sys_mkdir+0xd5/0x120 [ 45.928402][ T512] do_syscall_64+0x35/0xb0 [ 45.932646][ T512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.938464][ T512] [ 45.940639][ T512] The buggy address belongs to the object at ffff888120bc0800 [ 45.940639][ T512] which belongs to the cache kmalloc-rcl-512 of size 512 [ 45.954911][ T512] The buggy address is located 16 bytes inside of [ 45.954911][ T512] 512-byte region [ffff888120bc0800, ffff888120bc0a00) [ 45.967885][ T512] The buggy address belongs to the page: [ 45.973359][ T512] page:ffffea000482f000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120bc0 [ 45.983511][ T512] head:ffffea000482f000 order:2 compound_mapcount:0 compound_pincount:0 [ 45.991663][ T512] flags: 0x4000000000010200(slab|head|zone=1) [ 45.997621][ T512] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 46.006243][ T512] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 46.014645][ T512] page dumped because: kasan: bad access detected [ 46.020896][ T512] page_owner tracks the page as allocated [ 46.026448][ T512] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 473, ts 44391522179, free_ts 0 [ 46.047715][ T512] prep_new_page+0x1a2/0x310 [ 46.052145][ T512] get_page_from_freelist+0x1ce2/0x30a0 [ 46.057646][ T512] __alloc_pages+0x2d1/0x2620 [ 46.062130][ T512] allocate_slab+0x39d/0x530 [ 46.066643][ T512] ___slab_alloc.constprop.0+0x3ca/0x890 [ 46.072111][ T512] __slab_alloc.constprop.0+0x42/0x80 [ 46.077332][ T512] __kmalloc+0x49f/0x4e0 [ 46.083836][ T512] __d_alloc+0x593/0x8a0 [ 46.087913][ T512] d_alloc+0x3c/0x210 [ 46.091729][ T512] d_alloc_parallel+0xdc/0x1090 [ 46.096430][ T512] __lookup_slow+0x106/0x3d0 [ 46.100957][ T512] walk_component+0x3a1/0x690 [ 46.105537][ T512] path_lookupat+0x11f/0x6b0 [ 46.110231][ T512] filename_lookup+0x192/0x510 [ 46.114835][ T512] user_path_at_empty+0x3a/0x60 [ 46.119524][ T512] __x64_sys_mount+0x1a0/0x280 [ 46.124123][ T512] page_owner free stack trace missing [ 46.129445][ T512] [ 46.131600][ T512] Memory state around the buggy address: [ 46.137085][ T512] ffff888120bc0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.145206][ T512] ffff888120bc0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.153524][ T512] >ffff888120bc0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.161430][ T512] ^ [ 46.165855][ T512] ffff888120bc0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.173985][ T512] ffff888120bc0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.182299][ T512] ================================================================== [ 46.190213][ T512] Disabling lock debugging due to kernel taint 2024/01/19 00:03:32 executed programs: 58 2024/01/19 00:03:37 executed programs: 94