[ 30.346622][ T336] device veth1_macvtap entered promiscuous mode [ 30.355904][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.366138][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.428056][ T336] syz-executor.0 (336) used greatest stack depth: 21856 bytes left [ 30.807923][ T114] device bridge_slave_1 left promiscuous mode [ 30.813955][ T114] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.822027][ T114] device bridge_slave_0 left promiscuous mode [ 30.828507][ T114] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.836314][ T114] device veth1_macvtap left promiscuous mode [ 30.842633][ T114] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts. 2023/01/31 17:25:17 ignoring optional flag "sandboxArg"="0" 2023/01/31 17:25:17 parsed 1 programs 2023/01/31 17:25:17 executed programs: 0 [ 47.850990][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 47.850996][ T30] audit: type=1400 audit(1675185917.650:137): avc: denied { mounton } for pid=380 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 47.882464][ T30] audit: type=1400 audit(1675185917.660:138): avc: denied { mount } for pid=380 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 47.965649][ T384] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.972730][ T384] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.980701][ T384] device bridge_slave_0 entered promiscuous mode [ 48.005725][ T384] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.013226][ T384] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.020504][ T384] device bridge_slave_1 entered promiscuous mode [ 48.067310][ T390] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.075485][ T390] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.083278][ T390] device bridge_slave_0 entered promiscuous mode [ 48.103541][ T390] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.111099][ T390] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.118982][ T390] device bridge_slave_1 entered promiscuous mode [ 48.135394][ T387] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.142775][ T387] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.149926][ T387] device bridge_slave_0 entered promiscuous mode [ 48.166547][ T401] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.173996][ T401] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.181827][ T401] device bridge_slave_0 entered promiscuous mode [ 48.189881][ T401] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.196956][ T401] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.204350][ T401] device bridge_slave_1 entered promiscuous mode [ 48.211208][ T387] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.218317][ T387] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.225955][ T387] device bridge_slave_1 entered promiscuous mode [ 48.239396][ T395] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.246624][ T395] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.254317][ T395] device bridge_slave_0 entered promiscuous mode [ 48.262112][ T395] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.269391][ T395] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.276829][ T395] device bridge_slave_1 entered promiscuous mode [ 48.310498][ T399] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.318099][ T399] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.325285][ T399] device bridge_slave_0 entered promiscuous mode [ 48.345710][ T399] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.352956][ T399] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.360817][ T399] device bridge_slave_1 entered promiscuous mode [ 48.420816][ T384] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.429857][ T384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.436980][ T384] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.443901][ T384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.507008][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.515290][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.524334][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.533366][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.541227][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.577080][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.585835][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.594003][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.602062][ T342] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.609047][ T342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.617669][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.625910][ T342] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.633126][ T342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.640393][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.662667][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.678324][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.686317][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.695003][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.703682][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.710625][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.717989][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.726195][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.733233][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.747768][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.755173][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.772466][ T387] device veth0_vlan entered promiscuous mode [ 48.783667][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.792560][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.800509][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.807938][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.815515][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.826618][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.849182][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.857290][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.864200][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.872174][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.880689][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.887960][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.895636][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.904970][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.921294][ T384] device veth0_vlan entered promiscuous mode [ 48.927940][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.935967][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.943874][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.951919][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.959861][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.979764][ T387] device veth1_macvtap entered promiscuous mode [ 48.991206][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.000348][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.008948][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.016519][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.024958][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.033340][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.040310][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.048026][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.056556][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.065168][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.072747][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.080307][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.088105][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.096283][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.105766][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.113802][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.122492][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.130576][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.140970][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.151227][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.160960][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.177014][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.185011][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.193004][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.202473][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.211109][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.218566][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.226347][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.234974][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.243226][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.250608][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.258583][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.275686][ T384] device veth1_macvtap entered promiscuous mode [ 49.289181][ T395] device veth0_vlan entered promiscuous mode [ 49.295457][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.303423][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.311109][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.318556][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.327243][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.335645][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.343996][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.351895][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.359492][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.367491][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.375370][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.384093][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.392620][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.401102][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.415025][ T401] device veth0_vlan entered promiscuous mode [ 49.426081][ T30] audit: type=1400 audit(1675185919.220:139): avc: denied { mount } for pid=387 comm="syz-executor.3" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 49.429835][ T401] device veth1_macvtap entered promiscuous mode [ 49.457792][ T390] device veth0_vlan entered promiscuous mode [ 49.466511][ T390] device veth1_macvtap entered promiscuous mode [ 49.473374][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.481798][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.490374][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.498697][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.506402][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.514883][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.523350][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.531770][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.539835][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.547410][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.555331][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.563761][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 49.571839][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.580262][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 49.594652][ T399] device veth0_vlan entered promiscuous mode [ 49.608893][ T30] audit: type=1400 audit(1675185919.410:140): avc: denied { mounton } for pid=418 comm="syz-executor.3" path="/root/syzkaller-testdir3081381933/syzkaller.cF4c48/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 49.618320][ T399] device veth1_macvtap entered promiscuous mode [ 49.645379][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.654653][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.662765][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.670264][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.678597][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.685994][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.694171][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.701837][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.709243][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.716769][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.724417][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.734593][ T395] device veth1_macvtap entered promiscuous mode [ 49.755011][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.763571][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.772462][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.780819][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.816055][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.824810][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.833994][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.842154][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.850598][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.858900][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.867462][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.875704][ T342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 49.888122][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 49.896556][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 49.908460][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 49.917506][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.443323][ T30] audit: type=1400 audit(1675185920.240:141): avc: denied { unmount } for pid=387 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/01/31 17:25:22 executed programs: 24 2023/01/31 17:25:27 executed programs: 60 2023/01/31 17:25:32 executed programs: 96 2023/01/31 17:25:37 executed programs: 132 [ 69.183258][ T1143] ================================================================== [ 69.191834][ T1143] BUG: KASAN: use-after-free in fuse_copy_one+0x182/0x370 [ 69.198759][ T1143] Read of size 256 at addr ffff8881261b5010 by task syz-executor.3/1143 [ 69.207235][ T1143] [ 69.209571][ T1143] CPU: 0 PID: 1143 Comm: syz-executor.3 Not tainted 5.15.85-syzkaller #0 [ 69.217817][ T1143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 69.227798][ T1143] Call Trace: [ 69.230949][ T1143] [ 69.233702][ T1143] dump_stack_lvl+0x105/0x148 [ 69.238214][ T1143] ? io_uring_drop_tctx_refs+0x14e/0x14e [ 69.243764][ T1143] ? panic+0x4e9/0x4e9 [ 69.247698][ T1143] ? __kasan_check_write+0x14/0x20 [ 69.252706][ T1143] print_address_description+0x87/0x3d0 [ 69.258261][ T1143] ? get_user_pages_fast+0x1f/0x30 [ 69.263295][ T1143] kasan_report+0x1a6/0x1f0 [ 69.267732][ T1143] ? fuse_copy_one+0x182/0x370 [ 69.272344][ T1143] ? fuse_copy_one+0x182/0x370 [ 69.277049][ T1143] kasan_check_range+0x2aa/0x2e0 [ 69.281885][ T1143] ? fuse_copy_one+0x182/0x370 [ 69.286675][ T1143] memcpy+0x2d/0x70 [ 69.290337][ T1143] fuse_copy_one+0x182/0x370 [ 69.294844][ T1143] fuse_copy_args+0x2d8/0x3b0 [ 69.299346][ T1143] ? fuse_copy_one+0x1a5/0x370 [ 69.304042][ T1143] fuse_dev_do_read+0xaa6/0xfa0 [ 69.308808][ T1143] ? futex_exit_release+0x1a0/0x1a0 [ 69.313930][ T1143] ? queue_interrupt+0x310/0x310 [ 69.318953][ T1143] ? memset+0x35/0x40 [ 69.322770][ T1143] ? __fsnotify_parent+0xfd/0x590 [ 69.327635][ T1143] fuse_dev_read+0x15b/0x1f0 [ 69.332057][ T1143] ? fuse_dev_release+0x520/0x520 [ 69.337062][ T1143] vfs_read+0x8c4/0xb80 [ 69.341255][ T1143] ? kernel_read+0x130/0x130 [ 69.345653][ T1143] ? __fget_files+0x25e/0x290 [ 69.350486][ T1143] ? __fdget_pos+0x148/0x250 [ 69.354947][ T1143] ksys_read+0x15b/0x240 [ 69.359560][ T1143] ? __kasan_check_write+0x14/0x20 [ 69.364881][ T1143] ? vfs_write+0xd20/0xd20 [ 69.369547][ T1143] ? fpregs_restore_userregs+0x1b5/0x310 [ 69.375032][ T1143] __x64_sys_read+0x76/0x80 [ 69.379544][ T1143] do_syscall_64+0x44/0xd0 [ 69.383797][ T1143] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 69.389625][ T1143] RIP: 0033:0x7fb3f9347639 [ 69.393879][ T1143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.413610][ T1143] RSP: 002b:00007fb3f8e58168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 69.421942][ T1143] RAX: ffffffffffffffda RBX: 00007fb3f94681f0 RCX: 00007fb3f9347639 [ 69.430135][ T1143] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 69.438056][ T1143] RBP: 00007fb3f93a2ae9 R08: 0000000000000000 R09: 0000000000000000 [ 69.446214][ T1143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.454331][ T1143] R13: 00007ffcdfcb2bff R14: 00007fb3f8e58300 R15: 0000000000022000 [ 69.462707][ T1143] [ 69.465737][ T1143] [ 69.467985][ T1143] Allocated by task 1135: [ 69.472266][ T1143] ____kasan_kmalloc+0xdc/0x110 [ 69.476923][ T1143] __kasan_kmalloc+0x9/0x10 [ 69.481787][ T1143] __kmalloc+0x203/0x350 [ 69.486363][ T1143] __d_alloc+0x93/0x640 [ 69.491137][ T1143] d_alloc_parallel+0xd0/0xf20 [ 69.495832][ T1143] __lookup_slow+0x143/0x360 [ 69.500345][ T1143] lookup_slow+0x54/0x70 [ 69.504423][ T1143] walk_component+0x3d1/0x540 [ 69.508953][ T1143] path_lookupat+0x94/0x340 [ 69.513267][ T1143] filename_lookup+0x27b/0x630 [ 69.517867][ T1143] user_path_at_empty+0x39/0x160 [ 69.522638][ T1143] __se_sys_mount+0x22b/0x2e0 [ 69.527150][ T1143] __x64_sys_mount+0xba/0xd0 [ 69.531865][ T1143] do_syscall_64+0x44/0xd0 [ 69.536204][ T1143] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 69.541932][ T1143] [ 69.544543][ T1143] Freed by task 26: [ 69.548193][ T1143] kasan_set_track+0x4c/0x70 [ 69.553219][ T1143] kasan_set_free_info+0x23/0x40 [ 69.557991][ T1143] ____kasan_slab_free+0x126/0x160 [ 69.563264][ T1143] __kasan_slab_free+0x11/0x20 [ 69.567947][ T1143] slab_free_freelist_hook+0xc9/0x1a0 [ 69.573253][ T1143] kmem_cache_free_bulk+0x3dc/0x720 [ 69.578722][ T1143] kfree_rcu_work+0x2cb/0x6c0 [ 69.583451][ T1143] process_one_work+0x6bc/0xb40 [ 69.588221][ T1143] worker_thread+0x90b/0xfe0 [ 69.592649][ T1143] kthread+0x39c/0x480 [ 69.596594][ T1143] ret_from_fork+0x1f/0x30 [ 69.600805][ T1143] [ 69.602972][ T1143] Last potentially related work creation: [ 69.608528][ T1143] kasan_save_stack+0x3b/0x60 [ 69.613239][ T1143] __kasan_record_aux_stack+0xd3/0xf0 [ 69.618446][ T1143] kasan_record_aux_stack_noalloc+0xb/0x10 [ 69.624408][ T1143] kvfree_call_rcu+0xb2/0x7f0 [ 69.628925][ T1143] __d_move+0xbaf/0x1470 [ 69.633002][ T1143] __d_unalias+0x194/0x1c0 [ 69.637342][ T1143] d_splice_alias+0x1ba/0x330 [ 69.643111][ T1143] fuse_lookup+0x23d/0x4f0 [ 69.647629][ T1143] __lookup_slow+0x264/0x360 [ 69.652406][ T1143] lookup_slow+0x54/0x70 [ 69.656775][ T1143] walk_component+0x3d1/0x540 [ 69.661307][ T1143] link_path_walk+0x5aa/0xc30 [ 69.665813][ T1143] filename_parentat+0x262/0x600 [ 69.671024][ T1143] filename_create+0xe2/0x480 [ 69.675798][ T1143] do_mkdirat+0xc1/0x400 [ 69.680573][ T1143] __x64_sys_mkdir+0x69/0x80 [ 69.685453][ T1143] do_syscall_64+0x44/0xd0 [ 69.689781][ T1143] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 69.695698][ T1143] [ 69.697983][ T1143] The buggy address belongs to the object at ffff8881261b5000 [ 69.697983][ T1143] which belongs to the cache kmalloc-rcl-512 of size 512 [ 69.712667][ T1143] The buggy address is located 16 bytes inside of [ 69.712667][ T1143] 512-byte region [ffff8881261b5000, ffff8881261b5200) [ 69.725846][ T1143] The buggy address belongs to the page: [ 69.731661][ T1143] page:ffffea0004986d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1261b4 [ 69.741768][ T1143] head:ffffea0004986d00 order:2 compound_mapcount:0 compound_pincount:0 [ 69.750305][ T1143] flags: 0x4000000000010200(slab|head|zone=1) [ 69.756298][ T1143] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 69.765409][ T1143] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 69.774112][ T1143] page dumped because: kasan: bad access detected [ 69.781419][ T1143] page_owner tracks the page as allocated [ 69.787831][ T1143] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 1073, ts 67291218223, free_ts 0 [ 69.809900][ T1143] post_alloc_hook+0x1ab/0x1b0 [ 69.814557][ T1143] get_page_from_freelist+0x3e5/0x460 [ 69.820294][ T1143] __alloc_pages+0x3a8/0x7c0 [ 69.824795][ T1143] allocate_slab+0x62/0x580 [ 69.829146][ T1143] ___slab_alloc+0x2e2/0x6f0 [ 69.833828][ T1143] __slab_alloc+0x4a/0x90 [ 69.838021][ T1143] __kmalloc+0x25b/0x350 [ 69.842539][ T1143] __d_alloc+0x93/0x640 [ 69.846594][ T1143] d_alloc_parallel+0xd0/0xf20 [ 69.851245][ T1143] __lookup_slow+0x143/0x360 [ 69.855974][ T1143] lookup_slow+0x54/0x70 [ 69.860609][ T1143] walk_component+0x3d1/0x540 [ 69.865383][ T1143] path_lookupat+0x94/0x340 [ 69.869899][ T1143] filename_lookup+0x27b/0x630 [ 69.874821][ T1143] user_path_at_empty+0x39/0x160 [ 69.879794][ T1143] __se_sys_mount+0x22b/0x2e0 [ 69.884655][ T1143] page_owner free stack trace missing [ 69.890265][ T1143] [ 69.892404][ T1143] Memory state around the buggy address: [ 69.897972][ T1143] ffff8881261b4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.906207][ T1143] ffff8881261b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.914548][ T1143] >ffff8881261b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.923478][ T1143] ^ [ 69.928126][ T1143] ffff8881261b5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.937107][ T1143] ffff8881261b5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.945816][ T1143] ================================================================== [ 69.955315][ T1143] Disabling lock debugging due to kernel taint 2023/01/31 17:25:43 executed programs: 166 2023/01/31 17:25:48 executed programs: 202