Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. 2023/09/07 05:54:01 ignoring optional flag "sandboxArg"="0" 2023/09/07 05:54:01 parsed 1 programs 2023/09/07 05:54:01 executed programs: 0 [ 41.157617][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 41.157627][ T29] audit: type=1400 audit(1694066041.498:150): avc: denied { mounton } for pid=339 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.218606][ T29] audit: type=1400 audit(1694066041.498:151): avc: denied { mount } for pid=339 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.242740][ T29] audit: type=1400 audit(1694066041.498:152): avc: denied { setattr } for pid=339 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 41.274405][ T29] audit: type=1400 audit(1694066041.498:153): avc: denied { mounton } for pid=344 comm="syz-executor.1" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 41.320518][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.327442][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.334824][ T344] device bridge_slave_0 entered promiscuous mode [ 41.359464][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.366410][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.373626][ T344] device bridge_slave_1 entered promiscuous mode [ 41.422241][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.429220][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.436561][ T347] device bridge_slave_0 entered promiscuous mode [ 41.449141][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.456362][ T346] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.463853][ T346] device bridge_slave_0 entered promiscuous mode [ 41.474229][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.481338][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.488906][ T347] device bridge_slave_1 entered promiscuous mode [ 41.499143][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.506023][ T346] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.513141][ T346] device bridge_slave_1 entered promiscuous mode [ 41.535025][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.541856][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.549222][ T356] device bridge_slave_0 entered promiscuous mode [ 41.570826][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.577846][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.585121][ T356] device bridge_slave_1 entered promiscuous mode [ 41.622671][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.629776][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.637057][ T355] device bridge_slave_0 entered promiscuous mode [ 41.654877][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.661713][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.669219][ T357] device bridge_slave_0 entered promiscuous mode [ 41.679124][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.686151][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.693394][ T357] device bridge_slave_1 entered promiscuous mode [ 41.700114][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.706997][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.714260][ T355] device bridge_slave_1 entered promiscuous mode [ 41.818933][ T346] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.826300][ T346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.833380][ T346] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.840467][ T346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.855020][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.862035][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.869169][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.875941][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.916618][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.923460][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.930892][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.937742][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.979324][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.986475][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.993534][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.000536][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.017280][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.024245][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.031665][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.038580][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.057286][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.064598][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.071542][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.079377][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.087683][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.095262][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.104639][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.111885][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.120539][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.127843][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.136844][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.144629][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.163931][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.171453][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.195941][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.203841][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.210957][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.218280][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.226343][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.233291][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.240578][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.248517][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.271723][ T347] device veth0_vlan entered promiscuous mode [ 42.285718][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.294013][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.302636][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.310601][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.317443][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.324810][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.333009][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.341674][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.348520][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.355998][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.364191][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.371976][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.379940][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.387718][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.395906][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.404235][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.412017][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.435442][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.442608][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.450133][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.457787][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.465238][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.473289][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.481273][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.488123][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.495790][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.503910][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.511863][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.519394][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.527110][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.535410][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.543111][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.550327][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.557605][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.565723][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.573877][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.580839][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.589656][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.597943][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.606091][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.612991][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.627378][ T344] device veth0_vlan entered promiscuous mode [ 42.634354][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.642198][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.649966][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.658091][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.666108][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.674473][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.682810][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.690487][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.698316][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.705651][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.720157][ T346] device veth0_vlan entered promiscuous mode [ 42.727242][ T347] device veth1_macvtap entered promiscuous mode [ 42.740903][ T356] device veth0_vlan entered promiscuous mode [ 42.754521][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.762607][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.770603][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.778892][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.787718][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.795680][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.802806][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.810092][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.817966][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.827321][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.835523][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.843513][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.851349][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.858694][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.866316][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.875620][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.883582][ T299] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.890653][ T299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.898026][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.906448][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.914544][ T299] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.921355][ T299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.928871][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.941896][ T346] device veth1_macvtap entered promiscuous mode [ 42.951508][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.966871][ T344] device veth1_macvtap entered promiscuous mode [ 42.977717][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.986031][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.000595][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.009339][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.017904][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.026133][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.034914][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.048473][ T355] device veth0_vlan entered promiscuous mode [ 43.055543][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.064307][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.072144][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.083469][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.091504][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.100650][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.113866][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.121978][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.129912][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.152971][ T29] audit: type=1400 audit(1694066043.488:154): avc: denied { mounton } for pid=380 comm="syz-executor.3" path="/root/syzkaller-testdir3013767572/syzkaller.CmbHlV/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 43.165633][ T357] device veth0_vlan entered promiscuous mode [ 43.188600][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.197567][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.205878][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.213238][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.220907][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.229224][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.237811][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.245991][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.260943][ T355] device veth1_macvtap entered promiscuous mode [ 43.267606][ T356] device veth1_macvtap entered promiscuous mode [ 43.276531][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.284945][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.293362][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.301830][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.310058][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.333219][ T357] device veth1_macvtap entered promiscuous mode [ 43.343961][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.352435][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.361009][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.378997][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.387179][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.395561][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.403674][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.412097][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.421016][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.429362][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.437671][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.456007][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.465213][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.475453][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.483782][ T299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.555145][ T400] ================================================================== [ 43.563139][ T400] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 43.570953][ T400] Read of size 256 at addr ffff88811ff14c10 by task syz-executor.1/400 [ 43.579522][ T400] [ 43.581692][ T400] CPU: 1 PID: 400 Comm: syz-executor.1 Not tainted 5.15.130-syzkaller #0 [ 43.589937][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 43.603736][ T400] Call Trace: [ 43.606867][ T400] [ 43.609735][ T400] dump_stack_lvl+0x38/0x49 [ 43.614065][ T400] print_address_description.constprop.0+0x24/0x160 [ 43.620609][ T400] ? fuse_copy_one+0x84/0x310 [ 43.625469][ T400] kasan_report.cold+0x82/0xdb [ 43.630241][ T400] ? fuse_copy_one+0x84/0x310 [ 43.634767][ T400] kasan_check_range+0x148/0x190 [ 43.639526][ T400] memcpy+0x24/0x60 [ 43.643172][ T400] fuse_copy_one+0x84/0x310 [ 43.647603][ T400] ? fuse_copy_finish+0x240/0x240 [ 43.652545][ T400] fuse_copy_args+0x84/0x360 [ 43.657067][ T400] ? memcpy+0x4e/0x60 [ 43.660887][ T400] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 43.667220][ T400] ? futex_wait_queue_me+0x6d0/0x6d0 [ 43.672343][ T400] ? fuse_copy_args+0x360/0x360 [ 43.677198][ T400] fuse_dev_read+0x13d/0x1e0 [ 43.681618][ T400] ? fuse_dev_splice_read+0x490/0x490 [ 43.687003][ T400] ? __pmd_alloc+0x330/0x330 [ 43.691435][ T400] new_sync_read+0x353/0x6d0 [ 43.695862][ T400] ? fsnotify+0xe30/0xe30 [ 43.700294][ T400] ? ksys_lseek+0x140/0x140 [ 43.704637][ T400] ? put_vma+0x1a/0x50 [ 43.708789][ T400] ? selinux_file_permission+0x2f1/0x3f0 [ 43.714344][ T400] ? fsnotify+0xe30/0xe30 [ 43.719035][ T400] vfs_read+0x347/0x4b0 [ 43.723468][ T400] ksys_read+0x111/0x210 [ 43.727642][ T400] ? vfs_write+0x8e0/0x8e0 [ 43.731870][ T400] ? __kasan_check_write+0x14/0x20 [ 43.736906][ T400] ? switch_fpu_return+0xec/0x1f0 [ 43.741784][ T400] __x64_sys_read+0x6e/0xb0 [ 43.746111][ T400] ? syscall_exit_to_user_mode+0x2f/0x40 [ 43.751669][ T400] do_syscall_64+0x35/0xb0 [ 43.755911][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.761648][ T400] RIP: 0033:0x7f4c2aa1cdb9 [ 43.765906][ T400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.785691][ T400] RSP: 002b:00007f4c2a53d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 43.794683][ T400] RAX: ffffffffffffffda RBX: 00007f4c2ab3d1f0 RCX: 00007f4c2aa1cdb9 [ 43.802770][ T400] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 43.810683][ T400] RBP: 00007f4c2aa79ad0 R08: 0000000000000000 R09: 0000000000000000 [ 43.818477][ T400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.826931][ T400] R13: 000000000000006e R14: 00007f4c2ab3d1f0 R15: 00007ffd4754e918 [ 43.835321][ T400] [ 43.838189][ T400] [ 43.840350][ T400] Allocated by task 388: [ 43.844433][ T400] kasan_save_stack+0x26/0x50 [ 43.848944][ T400] __kasan_kmalloc+0xae/0xe0 [ 43.853368][ T400] __kmalloc+0x2d5/0x4e0 [ 43.857624][ T400] __d_alloc+0x593/0x8a0 [ 43.861879][ T400] d_alloc+0x3c/0x210 [ 43.866146][ T400] d_alloc_parallel+0xdc/0x1090 [ 43.870921][ T400] __lookup_slow+0x106/0x3d0 [ 43.876559][ T400] walk_component+0x3a1/0x690 [ 43.881248][ T400] path_lookupat+0x11f/0x6b0 [ 43.885680][ T400] filename_lookup+0x192/0x510 [ 43.890290][ T400] user_path_at_empty+0x3a/0x60 [ 43.894977][ T400] __x64_sys_mount+0x1a0/0x280 [ 43.900411][ T400] do_syscall_64+0x35/0xb0 [ 43.904652][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.910559][ T400] [ 43.912825][ T400] Freed by task 299: [ 43.916724][ T400] kasan_save_stack+0x26/0x50 [ 43.921314][ T400] kasan_set_track+0x25/0x30 [ 43.925920][ T400] kasan_set_free_info+0x24/0x40 [ 43.930695][ T400] __kasan_slab_free+0x111/0x150 [ 43.935558][ T400] slab_free_freelist_hook+0x94/0x1a0 [ 43.940798][ T400] kmem_cache_free_bulk+0x3be/0x7a0 [ 43.945799][ T400] kfree_rcu_work+0x418/0x8b0 [ 43.950301][ T400] process_one_work+0x62c/0xec0 [ 43.955337][ T400] worker_thread+0x48e/0xdb0 [ 43.959765][ T400] kthread+0x324/0x3e0 [ 43.963671][ T400] ret_from_fork+0x1f/0x30 [ 43.968200][ T400] [ 43.970353][ T400] Last potentially related work creation: [ 43.976010][ T400] kasan_save_stack+0x26/0x50 [ 43.980815][ T400] __kasan_record_aux_stack+0xd8/0xf0 [ 43.986050][ T400] kasan_record_aux_stack_noalloc+0xb/0x10 [ 43.992079][ T400] kvfree_call_rcu+0x98/0x8e0 [ 43.996883][ T400] __d_move+0x3f1/0x13a0 [ 44.000952][ T400] d_splice_alias+0x8a7/0xb40 [ 44.005469][ T400] fuse_lookup+0x5a6/0x15a0 [ 44.009809][ T400] __lookup_slow+0x19b/0x3d0 [ 44.014249][ T400] walk_component+0x3a1/0x690 [ 44.018833][ T400] link_path_walk.part.0+0x57b/0xb30 [ 44.024564][ T400] path_parentat+0x8f/0x160 [ 44.028988][ T400] filename_parentat+0x192/0x550 [ 44.034297][ T400] filename_create+0x93/0x3e0 [ 44.038795][ T400] do_mkdirat+0x9c/0x2c0 [ 44.043046][ T400] __x64_sys_mkdir+0xd5/0x120 [ 44.047734][ T400] do_syscall_64+0x35/0xb0 [ 44.052083][ T400] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.057992][ T400] [ 44.060177][ T400] The buggy address belongs to the object at ffff88811ff14c00 [ 44.060177][ T400] which belongs to the cache kmalloc-rcl-512 of size 512 [ 44.074490][ T400] The buggy address is located 16 bytes inside of [ 44.074490][ T400] 512-byte region [ffff88811ff14c00, ffff88811ff14e00) [ 44.088036][ T400] The buggy address belongs to the page: [ 44.093493][ T400] page:ffffea00047fc500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11ff14 [ 44.104602][ T400] head:ffffea00047fc500 order:2 compound_mapcount:0 compound_pincount:0 [ 44.113122][ T400] flags: 0x4000000000010200(slab|head|zone=1) [ 44.119106][ T400] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 44.127715][ T400] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 44.138580][ T400] page dumped because: kasan: bad access detected [ 44.144813][ T400] page_owner tracks the page as allocated [ 44.150365][ T400] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 388, ts 43347254978, free_ts 0 [ 44.171625][ T400] prep_new_page+0x1a2/0x310 [ 44.176054][ T400] get_page_from_freelist+0x1ce2/0x30a0 [ 44.181455][ T400] __alloc_pages+0x217/0x2330 [ 44.185947][ T400] allocate_slab+0x39d/0x530 [ 44.190462][ T400] ___slab_alloc.constprop.0+0x3ca/0x890 [ 44.196032][ T400] __slab_alloc.constprop.0+0x42/0x80 [ 44.201228][ T400] __kmalloc+0x49f/0x4e0 [ 44.205642][ T400] __d_alloc+0x593/0x8a0 [ 44.209722][ T400] d_alloc+0x3c/0x210 [ 44.213541][ T400] d_alloc_parallel+0xdc/0x1090 [ 44.218685][ T400] __lookup_slow+0x106/0x3d0 [ 44.223970][ T400] walk_component+0x3a1/0x690 [ 44.228603][ T400] path_lookupat+0x11f/0x6b0 [ 44.233197][ T400] filename_lookup+0x192/0x510 [ 44.237914][ T400] user_path_at_empty+0x3a/0x60 [ 44.242655][ T400] __x64_sys_mount+0x1a0/0x280 [ 44.247339][ T400] page_owner free stack trace missing [ 44.252810][ T400] [ 44.254986][ T400] Memory state around the buggy address: [ 44.260473][ T400] ffff88811ff14b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.268351][ T400] ffff88811ff14b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.276243][ T400] >ffff88811ff14c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.284141][ T400] ^ [ 44.288565][ T400] ffff88811ff14c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.296466][ T400] ffff88811ff14d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.304363][ T400] ================================================================== [ 44.312263][ T400] Disabling lock debugging due to kernel taint [ 44.325137][ T29] audit: type=1400 audit(1694066044.668:155): avc: denied { unmount } for pid=346 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/09/07 05:54:06 executed programs: 22 2023/09/07 05:54:11 executed programs: 58