Warning: Permanently added '10.128.0.243' (ED25519) to the list of known hosts. 2023/08/23 13:22:42 ignoring optional flag "sandboxArg"="0" 2023/08/23 13:22:42 parsed 1 programs 2023/08/23 13:22:44 executed programs: 0 [ 54.420653][ T2131] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2023/08/23 13:23:06 executed programs: 6 [ 77.150882][ T4745] ================================================================== [ 77.159319][ T4745] BUG: KASAN: slab-use-after-free in fuse_test_super+0x94/0xa0 [ 77.168187][ T4745] Read of size 8 at addr ffff8881072e1800 by task syz-executor.2/4745 [ 77.177795][ T4745] [ 77.180461][ T4745] CPU: 0 PID: 4745 Comm: syz-executor.2 Not tainted 6.5.0-rc1-syzkaller #0 [ 77.190018][ T4745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 77.200236][ T4745] Call Trace: [ 77.204023][ T4745] [ 77.206929][ T4745] dump_stack_lvl+0x3d/0x60 [ 77.211990][ T4745] print_report+0xc4/0x620 [ 77.216502][ T4745] kasan_report+0xda/0x110 [ 77.221362][ T4745] ? fuse_test_super+0x94/0xa0 [ 77.226266][ T4745] ? fuse_test_super+0x94/0xa0 [ 77.232061][ T4745] ? fuse_set_no_super+0x10/0x10 [ 77.237264][ T4745] fuse_test_super+0x94/0xa0 [ 77.241851][ T4745] ? fuse_set_no_super+0x10/0x10 [ 77.247566][ T4745] sget_fc+0x4ee/0x760 [ 77.251627][ T4745] ? fuse_init_fs_context_submount+0x40/0x40 [ 77.257878][ T4745] fuse_get_tree+0x3bc/0x5a0 [ 77.262930][ T4745] vfs_get_tree+0x82/0x220 [ 77.267511][ T4745] ? ns_capable+0x50/0xd0 [ 77.271910][ T4745] path_mount+0x878/0x1a00 [ 77.276558][ T4745] ? finish_automount+0x720/0x720 [ 77.281732][ T4745] ? kmem_cache_free+0xe9/0x460 [ 77.286640][ T4745] ? getname_flags.part.0+0x88/0x430 [ 77.291940][ T4745] __x64_sys_mount+0x208/0x280 [ 77.296676][ T4745] ? copy_mnt_ns+0xa70/0xa70 [ 77.301237][ T4745] ? fpregs_restore_userregs+0x121/0x220 [ 77.307033][ T4745] do_syscall_64+0x38/0x80 [ 77.311511][ T4745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.317650][ T4745] RIP: 0033:0x7f6542a7e1ea [ 77.322053][ T4745] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.342176][ T4745] RSP: 002b:00007f654378eee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.350849][ T4745] RAX: ffffffffffffffda RBX: 00007f654378ef80 RCX: 00007f6542a7e1ea [ 77.359471][ T4745] RDX: 0000000020000280 RSI: 0000000020000300 RDI: 0000000000000000 [ 77.367790][ T4745] RBP: 0000000020000280 R08: 00007f654378ef80 R09: 0000000000000000 [ 77.375842][ T4745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000300 [ 77.384241][ T4745] R13: 00007f654378ef40 R14: 0000000000000000 R15: 00000000200028c0 [ 77.392548][ T4745] [ 77.395730][ T4745] [ 77.398287][ T4745] Allocated by task 4751: [ 77.402854][ T4745] kasan_save_stack+0x33/0x50 [ 77.407524][ T4745] kasan_set_track+0x25/0x30 [ 77.412353][ T4745] __kasan_kmalloc+0xa2/0xb0 [ 77.417079][ T4745] fuse_get_tree+0xb4/0x5a0 [ 77.422084][ T4745] vfs_get_tree+0x82/0x220 [ 77.426573][ T4745] path_mount+0x878/0x1a00 [ 77.430990][ T4745] __x64_sys_mount+0x208/0x280 [ 77.435745][ T4745] do_syscall_64+0x38/0x80 [ 77.440588][ T4745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.447168][ T4745] [ 77.449904][ T4745] Freed by task 4751: [ 77.454301][ T4745] kasan_save_stack+0x33/0x50 [ 77.459666][ T4745] kasan_set_track+0x25/0x30 [ 77.466474][ T4745] kasan_save_free_info+0x2b/0x40 [ 77.472842][ T4745] ____kasan_slab_free+0x15e/0x1b0 [ 77.478115][ T4745] slab_free_freelist_hook+0x10b/0x1e0 [ 77.483907][ T4745] __kmem_cache_free+0xba/0x340 [ 77.488910][ T4745] deactivate_locked_super+0x83/0x270 [ 77.494361][ T4745] cleanup_mnt+0x1d8/0x360 [ 77.499108][ T4745] task_work_run+0x114/0x1f0 [ 77.504650][ T4745] exit_to_user_mode_prepare+0x13f/0x150 [ 77.510831][ T4745] syscall_exit_to_user_mode+0x16/0x30 [ 77.519075][ T4745] do_syscall_64+0x44/0x80 [ 77.523930][ T4745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.531285][ T4745] [ 77.533765][ T4745] The buggy address belongs to the object at ffff8881072e1800 [ 77.533765][ T4745] which belongs to the cache kmalloc-32 of size 32 [ 77.548677][ T4745] The buggy address is located 0 bytes inside of [ 77.548677][ T4745] freed 32-byte region [ffff8881072e1800, ffff8881072e1820) [ 77.563146][ T4745] [ 77.565504][ T4745] The buggy address belongs to the physical page: [ 77.572617][ T4745] page:ffffea00041cb840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1072e1 [ 77.584222][ T4745] flags: 0x100000000000200(slab|node=0|zone=2) [ 77.590790][ T4745] page_type: 0xffffffff() [ 77.595632][ T4745] raw: 0100000000000200 ffff888100041500 dead000000000122 0000000000000000 [ 77.607576][ T4745] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 77.617221][ T4745] page dumped because: kasan: bad access detected [ 77.623799][ T4745] page_owner tracks the page as allocated [ 77.629656][ T4745] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 4747, tgid 4743 (syz-executor.1), ts 77126041167, free_ts 76998620858 [ 77.650118][ T4745] post_alloc_hook+0x281/0x2f0 [ 77.655489][ T4745] get_page_from_freelist+0x1131/0x3d90 [ 77.661641][ T4745] __alloc_pages+0x1d0/0x470 [ 77.666350][ T4745] allocate_slab+0x24e/0x360 [ 77.671366][ T4745] ___slab_alloc+0x7a7/0x1000 [ 77.676114][ T4745] __slab_alloc.constprop.0+0x4d/0x90 [ 77.681460][ T4745] __kmem_cache_alloc_node+0x143/0x390 [ 77.687871][ T4745] __kmalloc+0x4c/0x160 [ 77.692515][ T4745] tomoyo_encode2+0x9e/0x320 [ 77.697441][ T4745] tomoyo_mount_acl+0x21e/0x7d0 [ 77.702433][ T4745] tomoyo_mount_permission+0x114/0x280 [ 77.707946][ T4745] security_sb_mount+0x74/0xb0 [ 77.712953][ T4745] path_mount+0xe9/0x1a00 [ 77.717271][ T4745] __x64_sys_mount+0x208/0x280 [ 77.722112][ T4745] do_syscall_64+0x38/0x80 [ 77.726603][ T4745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.732652][ T4745] page last free stack trace: [ 77.737394][ T4745] free_unref_page_prepare+0x5ac/0xcf0 [ 77.742948][ T4745] free_unref_page_list+0xe6/0xaa0 [ 77.749123][ T4745] release_pages+0x25c/0x10c0 [ 77.753902][ T4745] tlb_batch_pages_flush+0x79/0x140 [ 77.760849][ T4745] tlb_finish_mmu+0x114/0x6c0 [ 77.766644][ T4745] exit_mmap+0x26a/0x730 [ 77.771646][ T4745] __mmput+0xb7/0x3e0 [ 77.776153][ T4745] do_exit+0x776/0x2650 [ 77.780564][ T4745] do_group_exit+0xb4/0x250 [ 77.785134][ T4745] get_signal+0x1ed5/0x1f00 [ 77.789957][ T4745] arch_do_signal_or_restart+0x89/0x5d0 [ 77.796175][ T4745] exit_to_user_mode_prepare+0xc3/0x150 [ 77.801704][ T4745] syscall_exit_to_user_mode+0x16/0x30 [ 77.807688][ T4745] do_syscall_64+0x44/0x80 [ 77.812159][ T4745] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.818114][ T4745] [ 77.820431][ T4745] Memory state around the buggy address: [ 77.826160][ T4745] ffff8881072e1700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.834404][ T4745] ffff8881072e1780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.842622][ T4745] >ffff8881072e1800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.851037][ T4745] ^ [ 77.855076][ T4745] ffff8881072e1880: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.863120][ T4745] ffff8881072e1900: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 77.871147][ T4745] ================================================================== [ 77.879550][ T4745] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.887310][ T4745] Kernel Offset: disabled [ 77.891870][ T4745] Rebooting in 86400 seconds..