Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. 2023/04/07 10:21:27 ignoring optional flag "sandboxArg"="0" 2023/04/07 10:21:27 parsed 1 programs 2023/04/07 10:21:27 executed programs: 0 [ 39.135239][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 39.135250][ T28] audit: type=1400 audit(1680862887.749:136): avc: denied { mounton } for pid=452 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 39.179804][ T28] audit: type=1400 audit(1680862887.759:137): avc: denied { mount } for pid=452 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.290843][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.297800][ T457] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.305458][ T457] device bridge_slave_0 entered promiscuous mode [ 39.337293][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.344296][ T457] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.351595][ T457] device bridge_slave_1 entered promiscuous mode [ 39.369601][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.376850][ T460] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.384084][ T460] device bridge_slave_0 entered promiscuous mode [ 39.392551][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.399502][ T460] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.406762][ T460] device bridge_slave_1 entered promiscuous mode [ 39.449794][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.456655][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.464136][ T467] device bridge_slave_0 entered promiscuous mode [ 39.475741][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.482709][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.489978][ T469] device bridge_slave_0 entered promiscuous mode [ 39.496329][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.503247][ T466] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.510362][ T466] device bridge_slave_0 entered promiscuous mode [ 39.518938][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.526083][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.533217][ T467] device bridge_slave_1 entered promiscuous mode [ 39.545479][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.552450][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.559769][ T469] device bridge_slave_1 entered promiscuous mode [ 39.568174][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.575157][ T466] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.582253][ T466] device bridge_slave_1 entered promiscuous mode [ 39.593863][ T471] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.600957][ T471] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.607981][ T471] device bridge_slave_0 entered promiscuous mode [ 39.616544][ T471] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.623411][ T471] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.630623][ T471] device bridge_slave_1 entered promiscuous mode [ 39.777913][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.784786][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.791858][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.798644][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.843087][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.849954][ T467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.857012][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.863866][ T467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.881873][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.889159][ T460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.896502][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.903365][ T460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.911032][ T471] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.917884][ T471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.925011][ T471] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.931789][ T471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.958096][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.966830][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.974952][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.982473][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.990732][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.998110][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.005763][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.012990][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.021659][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.028852][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.043864][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.052095][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.059009][ T414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.089840][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.097435][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.105655][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.114386][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.121521][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.128860][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.136839][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.143683][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.172161][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.180616][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.188558][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.196794][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.204896][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.211906][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.219068][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.227686][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.234625][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.241836][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.249879][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.256807][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.278529][ T457] device veth0_vlan entered promiscuous mode [ 40.287348][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.295316][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.303661][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.311624][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.318845][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.329662][ T457] device veth1_macvtap entered promiscuous mode [ 40.370370][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.379242][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.387843][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.396371][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.404409][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.411718][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.419131][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.427076][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.434875][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.443168][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.451109][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.458606][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.466600][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.474872][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.482943][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.489799][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.497057][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.505529][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.513593][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.520453][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.527592][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.535991][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.544050][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.550902][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.558028][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.566270][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.574634][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.581501][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.589126][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.597254][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.605184][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.612038][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.619283][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.627109][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.634907][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.643006][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.650867][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.658810][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.666709][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.675012][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.683825][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.692271][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.700573][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.708658][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.717216][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.725147][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.733794][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.741709][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.751335][ T467] device veth0_vlan entered promiscuous mode [ 40.763505][ T28] audit: type=1400 audit(1680862889.379:138): avc: denied { mount } for pid=457 comm="syz-executor.2" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 40.776363][ T460] device veth0_vlan entered promiscuous mode [ 40.794907][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.803323][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.811324][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.819414][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.827965][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.835906][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.844148][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.851516][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.858756][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.866109][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.879902][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.889407][ T466] device veth0_vlan entered promiscuous mode [ 40.896114][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.904795][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.912241][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.924712][ T467] device veth1_macvtap entered promiscuous mode [ 40.940957][ T28] audit: type=1400 audit(1680862889.559:139): avc: denied { mounton } for pid=491 comm="syz-executor.2" path="/root/syzkaller-testdir664763101/syzkaller.IM2WLv/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.944404][ T460] device veth1_macvtap entered promiscuous mode [ 40.975371][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.984024][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.996401][ T469] device veth0_vlan entered promiscuous mode [ 41.014392][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.022651][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.030835][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.038122][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.045511][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.053743][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.061929][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.070033][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.078002][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.088217][ T471] device veth0_vlan entered promiscuous mode [ 41.096488][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.107257][ T466] device veth1_macvtap entered promiscuous mode [ 41.120808][ T469] device veth1_macvtap entered promiscuous mode [ 41.129649][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.138344][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.145985][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.153717][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.162194][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.170419][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.178386][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.186597][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.194603][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.202847][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.210845][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.233037][ T471] device veth1_macvtap entered promiscuous mode [ 41.239621][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.247667][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.255990][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.264798][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.273222][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.301757][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.311248][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.338969][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.347488][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.776334][ T28] audit: type=1400 audit(1680862890.389:140): avc: denied { unmount } for pid=457 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/04/07 10:21:32 executed programs: 24 [ 47.246807][ T725] ================================================================== [ 47.254866][ T725] BUG: KASAN: use-after-free in fuse_copy_args+0x248/0x630 [ 47.261894][ T725] Read of size 256 at addr ffff8881247b8410 by task syz-executor.0/725 [ 47.269966][ T725] [ 47.272224][ T725] CPU: 0 PID: 725 Comm: syz-executor.0 Not tainted 5.19.0-syzkaller #0 [ 47.280471][ T725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 47.290806][ T725] Call Trace: [ 47.294018][ T725] [ 47.296805][ T725] dump_stack_lvl+0x151/0x1b7 [ 47.301345][ T725] ? bfq_pos_tree_add_move+0x43b/0x43b [ 47.306684][ T725] ? _printk+0xd1/0x111 [ 47.310685][ T725] print_report+0x154/0x5d0 [ 47.315050][ T725] ? _raw_spin_unlock+0x4c/0x70 [ 47.319709][ T725] ? fuse_copy_args+0x248/0x630 [ 47.324394][ T725] kasan_report+0xe3/0x110 [ 47.328762][ T725] ? compat_start_thread+0x20/0x20 [ 47.333683][ T725] ? fuse_copy_args+0x248/0x630 [ 47.338373][ T725] kasan_check_range+0x294/0x2a0 [ 47.343356][ T725] ? fuse_copy_args+0x248/0x630 [ 47.348124][ T725] memcpy+0x2d/0x70 [ 47.351847][ T725] fuse_copy_args+0x248/0x630 [ 47.356495][ T725] fuse_dev_do_read+0xc87/0x11d0 [ 47.361458][ T725] ? queue_interrupt+0x390/0x390 [ 47.366486][ T725] ? memset+0x35/0x40 [ 47.370425][ T725] ? __fsnotify_parent+0x50b/0x730 [ 47.375387][ T725] fuse_dev_read+0x182/0x210 [ 47.379918][ T725] ? futex_wait_setup+0x330/0x330 [ 47.384792][ T725] ? fuse_dev_release+0x5c0/0x5c0 [ 47.389635][ T725] ? fsnotify_perm+0x4ba/0x5d0 [ 47.394238][ T725] ? iov_iter_init+0x53/0x190 [ 47.398756][ T725] vfs_read+0xa05/0xc70 [ 47.402943][ T725] ? kernel_read+0x1f0/0x1f0 [ 47.407360][ T725] ? do_futex+0x3b5/0x490 [ 47.411531][ T725] ? __fget_files+0x2cb/0x330 [ 47.416137][ T725] ? __fdget_pos+0x204/0x310 [ 47.420553][ T725] ? ksys_read+0x77/0x2c0 [ 47.424731][ T725] ksys_read+0x199/0x2c0 [ 47.428975][ T725] ? __x64_sys_futex+0x100/0x100 [ 47.433834][ T725] ? vfs_write+0xf40/0xf40 [ 47.438092][ T725] ? fpregs_restore_userregs+0x130/0x290 [ 47.443569][ T725] __x64_sys_read+0x7b/0x90 [ 47.447890][ T725] do_syscall_64+0x3d/0x80 [ 47.452150][ T725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.457886][ T725] RIP: 0033:0x7f708028b639 [ 47.462124][ T725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 47.481956][ T725] RSP: 002b:00007f707fdff168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 47.490502][ T725] RAX: ffffffffffffffda RBX: 00007f70803ac1f0 RCX: 00007f708028b639 [ 47.498302][ T725] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 47.506383][ T725] RBP: 00007f70802e6ae9 R08: 0000000000000000 R09: 0000000000000000 [ 47.514651][ T725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.522549][ T725] R13: 00007ffe074d517f R14: 00007f707fdff300 R15: 0000000000022000 [ 47.530448][ T725] [ 47.533414][ T725] [ 47.535583][ T725] Allocated by task 720: [ 47.539731][ T725] ____kasan_kmalloc+0xdb/0x110 [ 47.544368][ T725] __kasan_kmalloc+0x9/0x10 [ 47.548691][ T725] __kmalloc+0x146/0x270 [ 47.552890][ T725] __d_alloc+0xb4/0x6c0 [ 47.556882][ T725] d_alloc_parallel+0xe6/0x1360 [ 47.561563][ T725] __lookup_slow+0x154/0x400 [ 47.565996][ T725] lookup_slow+0x5a/0x80 [ 47.570067][ T725] walk_component+0x48c/0x610 [ 47.574582][ T725] path_lookupat+0x16d/0x450 [ 47.579190][ T725] filename_lookup+0x230/0x5c0 [ 47.583787][ T725] user_path_at_empty+0x43/0x1a0 [ 47.588555][ T725] __se_sys_mount+0x285/0x3b0 [ 47.593070][ T725] __x64_sys_mount+0xbf/0xd0 [ 47.597615][ T725] do_syscall_64+0x3d/0x80 [ 47.601889][ T725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.607600][ T725] [ 47.609760][ T725] Freed by task 413: [ 47.613599][ T725] kasan_set_track+0x4b/0x70 [ 47.618026][ T725] kasan_set_free_info+0x23/0x40 [ 47.622892][ T725] ____kasan_slab_free+0x133/0x170 [ 47.627948][ T725] __kasan_slab_free+0x11/0x20 [ 47.632634][ T725] slab_free_freelist_hook+0xbd/0x190 [ 47.637811][ T725] kmem_cache_free_bulk+0x52b/0x6e0 [ 47.642842][ T725] kfree_rcu_work+0x2b2/0x6a0 [ 47.647452][ T725] process_one_work+0x6ab/0xc00 [ 47.652132][ T725] worker_thread+0xa5d/0x1260 [ 47.656645][ T725] kthread+0x26d/0x300 [ 47.660549][ T725] ret_from_fork+0x1f/0x30 [ 47.664811][ T725] [ 47.666974][ T725] Last potentially related work creation: [ 47.672539][ T725] kasan_save_stack+0x3b/0x60 [ 47.677041][ T725] __kasan_record_aux_stack+0xb3/0xc0 [ 47.682250][ T725] kasan_record_aux_stack_noalloc+0xb/0x10 [ 47.687900][ T725] kvfree_call_rcu+0xa6/0x770 [ 47.692403][ T725] __d_move+0x86e/0x1370 [ 47.696484][ T725] __d_unalias+0x1cc/0x220 [ 47.700737][ T725] d_splice_alias+0x20a/0x390 [ 47.705252][ T725] fuse_lookup+0x2b9/0x5f0 [ 47.709501][ T725] __lookup_slow+0x2b9/0x400 [ 47.714055][ T725] lookup_slow+0x5a/0x80 [ 47.718596][ T725] walk_component+0x48c/0x610 [ 47.723453][ T725] link_path_walk+0x68c/0xde0 [ 47.728057][ T725] filename_parentat+0x23a/0x650 [ 47.732854][ T725] filename_create+0xf0/0x520 [ 47.737501][ T725] do_mkdirat+0xb8/0x3f0 [ 47.741573][ T725] __x64_sys_mkdir+0x6e/0x80 [ 47.746086][ T725] do_syscall_64+0x3d/0x80 [ 47.750333][ T725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 47.756246][ T725] [ 47.758407][ T725] The buggy address belongs to the object at ffff8881247b8400 [ 47.758407][ T725] which belongs to the cache kmalloc-rcl-512 of size 512 [ 47.772778][ T725] The buggy address is located 16 bytes inside of [ 47.772778][ T725] 512-byte region [ffff8881247b8400, ffff8881247b8600) [ 47.786039][ T725] [ 47.788202][ T725] The buggy address belongs to the physical page: [ 47.794551][ T725] page:ffffea000491ee00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1247b8 [ 47.804619][ T725] head:ffffea000491ee00 order:2 compound_mapcount:0 compound_pincount:0 [ 47.812772][ T725] flags: 0x4000000000010200(slab|head|zone=1) [ 47.818677][ T725] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042dc0 [ 47.827383][ T725] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 47.835782][ T725] page dumped because: kasan: bad access detected [ 47.842076][ T725] page_owner tracks the page as allocated [ 47.847582][ T725] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 684, tgid 683 (syz-executor.2), ts 46179432984, free_ts 22308513323 [ 47.872159][ T725] post_alloc_hook+0x1e2/0x1f0 [ 47.877006][ T725] get_page_from_freelist+0x30b5/0x3190 [ 47.882386][ T725] __alloc_pages+0x3e3/0x880 [ 47.886897][ T725] new_slab+0x96/0x470 [ 47.890806][ T725] ___slab_alloc+0x34d/0x7b0 [ 47.895258][ T725] __slab_alloc+0x4a/0x90 [ 47.899396][ T725] __kmalloc+0x179/0x270 [ 47.903491][ T725] __d_alloc+0xb4/0x6c0 [ 47.907467][ T725] d_alloc_parallel+0xe6/0x1360 [ 47.912155][ T725] __lookup_slow+0x154/0x400 [ 47.916581][ T725] lookup_slow+0x5a/0x80 [ 47.920749][ T725] walk_component+0x48c/0x610 [ 47.925260][ T725] path_lookupat+0x16d/0x450 [ 47.929692][ T725] filename_lookup+0x230/0x5c0 [ 47.934286][ T725] vfs_statx+0xfd/0x720 [ 47.938469][ T725] __se_sys_newfstatat+0xf6/0x7a0 [ 47.943330][ T725] page last free stack trace: [ 47.947845][ T725] free_unref_page_prepare+0x80f/0x820 [ 47.953139][ T725] free_unref_page_list+0x1c1/0x6c0 [ 47.958172][ T725] release_pages+0xd17/0xd70 [ 47.962684][ T725] free_pages_and_swap_cache+0x8a/0xa0 [ 47.967993][ T725] tlb_flush_mmu+0xfe/0x200 [ 47.972317][ T725] tlb_finish_mmu+0xd5/0x1f0 [ 47.976745][ T725] exit_mmap+0x1e3/0x4c0 [ 47.980825][ T725] __mmput+0x95/0x300 [ 47.984685][ T725] mmput+0x59/0x70 [ 47.988201][ T725] do_exit+0xa39/0x27b0 [ 47.992281][ T725] do_group_exit+0x255/0x320 [ 47.996793][ T725] __x64_sys_exit_group+0x3f/0x40 [ 48.001827][ T725] do_syscall_64+0x3d/0x80 [ 48.006080][ T725] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.011900][ T725] [ 48.014332][ T725] Memory state around the buggy address: [ 48.020077][ T725] ffff8881247b8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.027974][ T725] ffff8881247b8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.035880][ T725] >ffff8881247b8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.044124][ T725] ^ [ 48.048691][ T725] ffff8881247b8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.056552][ T725] ffff8881247b8500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.064437][ T725] ================================================================== [ 48.073175][ T725] Disabling lock debugging due to kernel taint 2023/04/07 10:21:38 executed programs: 60 2023/04/07 10:21:43 executed programs: 96