Warning: Permanently added '10.128.0.223' (ED25519) to the list of known hosts. 2024/03/27 12:12:58 ignoring optional flag "sandboxArg"="0" 2024/03/27 12:12:59 parsed 1 programs 2024/03/27 12:12:59 executed programs: 0 [ 42.457181][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 42.457187][ T29] audit: type=1400 audit(1711541579.065:150): avc: denied { mounton } for pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 42.508617][ T29] audit: type=1400 audit(1711541579.075:151): avc: denied { mount } for pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 42.548731][ T29] audit: type=1400 audit(1711541579.075:152): avc: denied { setattr } for pid=338 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.572627][ T29] audit: type=1400 audit(1711541579.105:153): avc: denied { mounton } for pid=344 comm="syz-executor.3" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 42.668201][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.675274][ T350] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.682538][ T350] device bridge_slave_0 entered promiscuous mode [ 42.696095][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.703237][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.710483][ T344] device bridge_slave_0 entered promiscuous mode [ 42.720198][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.727228][ T350] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.734647][ T350] device bridge_slave_1 entered promiscuous mode [ 42.741436][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.748344][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.756050][ T347] device bridge_slave_0 entered promiscuous mode [ 42.768979][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.775933][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.783170][ T344] device bridge_slave_1 entered promiscuous mode [ 42.799115][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.806208][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.813599][ T347] device bridge_slave_1 entered promiscuous mode [ 42.820136][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.827140][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.834442][ T355] device bridge_slave_0 entered promiscuous mode [ 42.850469][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.857727][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.865427][ T349] device bridge_slave_0 entered promiscuous mode [ 42.877890][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.885004][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.892195][ T351] device bridge_slave_0 entered promiscuous mode [ 42.898998][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.906528][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.914056][ T355] device bridge_slave_1 entered promiscuous mode [ 42.924084][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.930953][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.938319][ T349] device bridge_slave_1 entered promiscuous mode [ 42.947266][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.954332][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.961803][ T351] device bridge_slave_1 entered promiscuous mode [ 43.162660][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.169709][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.176846][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.183664][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.204110][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.211388][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.218746][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.225982][ T355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.237153][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.244478][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.251721][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.258655][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.271926][ T349] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.279423][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.286814][ T349] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.294305][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.304449][ T350] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.311499][ T350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.318606][ T350] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.325440][ T350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.333768][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.340861][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.348332][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.355106][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.398713][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.406789][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.415285][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.422687][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.429952][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.437023][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.444450][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.451897][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.459385][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.466961][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.474910][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.483611][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.493067][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.500918][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.538247][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.545770][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.555254][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.564264][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.572391][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.579320][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.586807][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.596119][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.603278][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.611496][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.619655][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.626734][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.634289][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.642364][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.649600][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.657182][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.665323][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.673532][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.681065][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.689220][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.696057][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.703369][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.711510][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.718787][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.725914][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.733647][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.766020][ T349] device veth0_vlan entered promiscuous mode [ 43.774792][ T347] device veth0_vlan entered promiscuous mode [ 43.789346][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.797906][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.805941][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.813213][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.821243][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.829183][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.836327][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.843656][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.852274][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.860815][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.868208][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.876041][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.884249][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.892287][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.899324][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.906624][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.914698][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.922984][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.930060][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.937459][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.945968][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.954092][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.961144][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.968833][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.976747][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.985027][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.993992][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.002552][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.010677][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.018986][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.026840][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.034976][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.043531][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.052390][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.060684][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.069670][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.078489][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.087683][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.096899][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.105243][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.113815][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.122001][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.129133][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.136708][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.145297][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.153797][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.161920][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.169422][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.178452][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.187443][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.195596][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.211737][ T355] device veth0_vlan entered promiscuous mode [ 44.223351][ T349] device veth1_macvtap entered promiscuous mode [ 44.230542][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.239194][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.247010][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.254526][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.262530][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.270761][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.278214][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.285936][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.293865][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.305022][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.313071][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.321953][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.331743][ T355] device veth1_macvtap entered promiscuous mode [ 44.343737][ T351] device veth0_vlan entered promiscuous mode [ 44.352030][ T350] device veth0_vlan entered promiscuous mode [ 44.360810][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.368437][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.376672][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.384260][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.392300][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.405469][ T344] device veth0_vlan entered promiscuous mode [ 44.417808][ T347] device veth1_macvtap entered promiscuous mode [ 44.424812][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.432583][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.440376][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.449275][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.457274][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.464941][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.472760][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.481238][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.489740][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.497806][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.506204][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.514376][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.521614][ T54] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.542603][ T351] device veth1_macvtap entered promiscuous mode [ 44.550651][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.559053][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.566992][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.576059][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.584565][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.592917][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.601496][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.626718][ T350] device veth1_macvtap entered promiscuous mode [ 44.633208][ T29] audit: type=1400 audit(1711541581.235:154): avc: denied { mounton } for pid=380 comm="syz-executor.2" path="/root/syzkaller-testdir849986852/syzkaller.FUD5OP/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 44.660143][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.668367][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.676566][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.684621][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.694299][ T344] device veth1_macvtap entered promiscuous mode [ 44.711308][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.719450][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.727866][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.736162][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.750798][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.759290][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.767901][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.776453][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.801775][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.810668][ T293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.825018][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.833446][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.911611][ T402] ================================================================== [ 44.919689][ T402] BUG: KASAN: use-after-free in fuse_copy_one+0x84/0x310 [ 44.927455][ T402] Read of size 256 at addr ffff88812070bc10 by task syz-executor.4/402 [ 44.935518][ T402] [ 44.937754][ T402] CPU: 0 PID: 402 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller #0 [ 44.946088][ T402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 44.956078][ T402] Call Trace: [ 44.959456][ T402] [ 44.962236][ T402] dump_stack_lvl+0x38/0x49 [ 44.966660][ T402] print_address_description.constprop.0+0x24/0x160 [ 44.973209][ T402] ? fuse_copy_one+0x84/0x310 [ 44.977904][ T402] kasan_report.cold+0x82/0xdb [ 44.982588][ T402] ? fuse_copy_one+0x84/0x310 [ 44.987264][ T402] kasan_check_range+0x148/0x190 [ 44.992139][ T402] memcpy+0x24/0x60 [ 44.996383][ T402] fuse_copy_one+0x84/0x310 [ 45.001004][ T402] ? fuse_copy_finish+0x240/0x240 [ 45.005851][ T402] fuse_copy_args+0x84/0x360 [ 45.010364][ T402] ? memcpy+0x4e/0x60 [ 45.014360][ T402] fuse_dev_do_read.constprop.0+0x144b/0x1c30 [ 45.020372][ T402] ? futex_wait_queue_me+0x6d0/0x6d0 [ 45.025574][ T402] ? fuse_copy_args+0x360/0x360 [ 45.030263][ T402] fuse_dev_read+0x13d/0x1e0 [ 45.035004][ T402] ? fuse_dev_splice_read+0x490/0x490 [ 45.040321][ T402] ? __pmd_alloc+0x330/0x330 [ 45.044894][ T402] new_sync_read+0x353/0x6d0 [ 45.049501][ T402] ? fsnotify+0xe30/0xe30 [ 45.053658][ T402] ? ksys_lseek+0x140/0x140 [ 45.058183][ T402] ? put_vma+0x1a/0x50 [ 45.062160][ T402] ? selinux_file_permission+0x2f1/0x3f0 [ 45.067919][ T402] ? fsnotify+0xe30/0xe30 [ 45.072077][ T402] vfs_read+0x347/0x4b0 [ 45.076131][ T402] ksys_read+0x111/0x210 [ 45.080311][ T402] ? vfs_write+0x8e0/0x8e0 [ 45.084563][ T402] ? __kasan_check_write+0x14/0x20 [ 45.089517][ T402] ? switch_fpu_return+0xec/0x1f0 [ 45.094516][ T402] __x64_sys_read+0x6e/0xb0 [ 45.099188][ T402] ? syscall_exit_to_user_mode+0x2f/0x40 [ 45.104621][ T402] do_syscall_64+0x35/0xb0 [ 45.109134][ T402] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.115028][ T402] RIP: 0033:0x7fea12dfbdb9 [ 45.119284][ T402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.138818][ T402] RSP: 002b:00007fea1291c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 45.147073][ T402] RAX: ffffffffffffffda RBX: 00007fea12f1c1f0 RCX: 00007fea12dfbdb9 [ 45.154947][ T402] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 45.162811][ T402] RBP: 00007fea12e58ad0 R08: 0000000000000000 R09: 0000000000000000 [ 45.170834][ T402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 45.178905][ T402] R13: 000000000000006e R14: 00007fea12f1c1f0 R15: 00007ffc46153418 [ 45.187040][ T402] [ 45.189848][ T402] [ 45.192042][ T402] Allocated by task 384: [ 45.196086][ T402] kasan_save_stack+0x26/0x50 [ 45.200609][ T402] __kasan_kmalloc+0xae/0xe0 [ 45.205031][ T402] __kmalloc+0x2d5/0x4e0 [ 45.209215][ T402] __d_alloc+0x593/0x8a0 [ 45.213283][ T402] d_alloc+0x3c/0x210 [ 45.217095][ T402] d_alloc_parallel+0xdc/0x1090 [ 45.221971][ T402] __lookup_slow+0x106/0x3d0 [ 45.226388][ T402] walk_component+0x3a1/0x690 [ 45.231056][ T402] path_lookupat+0x11f/0x6b0 [ 45.236399][ T402] filename_lookup+0x192/0x510 [ 45.241085][ T402] user_path_at_empty+0x3a/0x60 [ 45.245771][ T402] __x64_sys_mount+0x1a0/0x280 [ 45.250555][ T402] do_syscall_64+0x35/0xb0 [ 45.254806][ T402] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.260557][ T402] [ 45.262704][ T402] Freed by task 6: [ 45.266656][ T402] kasan_save_stack+0x26/0x50 [ 45.271322][ T402] kasan_set_track+0x25/0x30 [ 45.275738][ T402] kasan_set_free_info+0x24/0x40 [ 45.280768][ T402] __kasan_slab_free+0x111/0x150 [ 45.285632][ T402] slab_free_freelist_hook+0x94/0x1a0 [ 45.291073][ T402] kmem_cache_free_bulk+0x3be/0x7a0 [ 45.296063][ T402] kfree_rcu_work+0x418/0x8b0 [ 45.300818][ T402] process_one_work+0x62c/0xec0 [ 45.305514][ T402] worker_thread+0x48e/0xdb0 [ 45.309954][ T402] kthread+0x324/0x3e0 [ 45.314065][ T402] ret_from_fork+0x1f/0x30 [ 45.318288][ T402] [ 45.320531][ T402] Last potentially related work creation: [ 45.326258][ T402] kasan_save_stack+0x26/0x50 [ 45.330775][ T402] __kasan_record_aux_stack+0xd8/0xf0 [ 45.336071][ T402] kasan_record_aux_stack_noalloc+0xb/0x10 [ 45.341899][ T402] kvfree_call_rcu+0x98/0x8e0 [ 45.346504][ T402] __d_move+0x3f1/0x13a0 [ 45.350662][ T402] d_splice_alias+0x8a7/0xb40 [ 45.355292][ T402] fuse_lookup+0x5a6/0x15a0 [ 45.359749][ T402] __lookup_slow+0x19b/0x3d0 [ 45.364256][ T402] walk_component+0x3a1/0x690 [ 45.368949][ T402] link_path_walk.part.0+0x57b/0xb30 [ 45.374164][ T402] path_parentat+0x8f/0x160 [ 45.378769][ T402] __filename_parentat+0x19e/0x630 [ 45.383773][ T402] filename_create+0x95/0x3e0 [ 45.388827][ T402] do_mkdirat+0x9c/0x2c0 [ 45.393072][ T402] __x64_sys_mkdir+0xd5/0x120 [ 45.398114][ T402] do_syscall_64+0x35/0xb0 [ 45.402798][ T402] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.408626][ T402] [ 45.410794][ T402] The buggy address belongs to the object at ffff88812070bc00 [ 45.410794][ T402] which belongs to the cache kmalloc-rcl-512 of size 512 [ 45.425545][ T402] The buggy address is located 16 bytes inside of [ 45.425545][ T402] 512-byte region [ffff88812070bc00, ffff88812070be00) [ 45.438834][ T402] The buggy address belongs to the page: [ 45.444305][ T402] page:ffffea000481c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120708 [ 45.454632][ T402] head:ffffea000481c200 order:2 compound_mapcount:0 compound_pincount:0 [ 45.462961][ T402] flags: 0x4000000000010200(slab|head|zone=1) [ 45.469060][ T402] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 45.477477][ T402] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 45.486442][ T402] page dumped because: kasan: bad access detected [ 45.493199][ T402] page_owner tracks the page as allocated [ 45.498810][ T402] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 384, ts 44704974731, free_ts 0 [ 45.520558][ T402] prep_new_page+0x1a2/0x310 [ 45.525027][ T402] get_page_from_freelist+0x1ce2/0x30a0 [ 45.530457][ T402] __alloc_pages+0x2d1/0x2620 [ 45.535075][ T402] allocate_slab+0x39d/0x530 [ 45.539517][ T402] ___slab_alloc.constprop.0+0x3ca/0x890 [ 45.544984][ T402] __slab_alloc.constprop.0+0x42/0x80 [ 45.550453][ T402] __kmalloc+0x49f/0x4e0 [ 45.554648][ T402] __d_alloc+0x593/0x8a0 [ 45.558791][ T402] d_alloc+0x3c/0x210 [ 45.562959][ T402] d_alloc_parallel+0xdc/0x1090 [ 45.567649][ T402] __lookup_slow+0x106/0x3d0 [ 45.572071][ T402] walk_component+0x3a1/0x690 [ 45.576774][ T402] path_lookupat+0x11f/0x6b0 [ 45.581308][ T402] filename_lookup+0x192/0x510 [ 45.585973][ T402] user_path_at_empty+0x3a/0x60 [ 45.591110][ T402] __x64_sys_mount+0x1a0/0x280 [ 45.596053][ T402] page_owner free stack trace missing [ 45.601754][ T402] [ 45.603899][ T402] Memory state around the buggy address: [ 45.609419][ T402] ffff88812070bb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.617761][ T402] ffff88812070bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.626085][ T402] >ffff88812070bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.634322][ T402] ^ [ 45.638748][ T402] ffff88812070bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.646654][ T402] ffff88812070bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.654898][ T402] ================================================================== [ 45.662966][ T402] Disabling lock debugging due to kernel taint [ 45.680779][ T29] audit: type=1400 audit(1711541582.295:155): avc: denied { unmount } for pid=351 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2024/03/27 12:13:04 executed programs: 23 2024/03/27 12:13:09 executed programs: 59