Warning: Permanently added '10.128.1.99' (ECDSA) to the list of known hosts. 2023/04/11 14:00:26 ignoring optional flag "sandboxArg"="0" 2023/04/11 14:00:26 parsed 1 programs 2023/04/11 14:00:26 executed programs: 0 [ 37.774656][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 37.774664][ T28] audit: type=1400 audit(1681221626.840:136): avc: denied { mounton } for pid=451 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.811395][ T28] audit: type=1400 audit(1681221626.850:137): avc: denied { mount } for pid=451 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.911637][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.918867][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.926009][ T456] device bridge_slave_0 entered promiscuous mode [ 37.933979][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.940955][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.948375][ T456] device bridge_slave_1 entered promiscuous mode [ 38.007509][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.014346][ T459] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.021666][ T459] device bridge_slave_0 entered promiscuous mode [ 38.030103][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.037205][ T459] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.044502][ T459] device bridge_slave_1 entered promiscuous mode [ 38.061957][ T462] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.069559][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.076476][ T462] device bridge_slave_0 entered promiscuous mode [ 38.093770][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.100785][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.108005][ T469] device bridge_slave_0 entered promiscuous mode [ 38.118808][ T462] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.125795][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.132990][ T462] device bridge_slave_1 entered promiscuous mode [ 38.144097][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.151221][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.158903][ T469] device bridge_slave_1 entered promiscuous mode [ 38.169573][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.176547][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.184014][ T468] device bridge_slave_0 entered promiscuous mode [ 38.195902][ T472] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.202937][ T472] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.210168][ T472] device bridge_slave_0 entered promiscuous mode [ 38.224536][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.231600][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.238843][ T468] device bridge_slave_1 entered promiscuous mode [ 38.249695][ T472] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.256659][ T472] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.264058][ T472] device bridge_slave_1 entered promiscuous mode [ 38.313318][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.320442][ T456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.327627][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.334671][ T456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.421730][ T459] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.428587][ T459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.435844][ T459] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.443200][ T459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.474743][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.481632][ T469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.488700][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.495479][ T469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.516918][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.524962][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.534145][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.541407][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.548752][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.556295][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.564998][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.572193][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.598642][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.606402][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.626509][ T456] device veth0_vlan entered promiscuous mode [ 38.639635][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.648447][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.656079][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.663620][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.677113][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.684495][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.692740][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.699692][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.722127][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.730305][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.738489][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.745522][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.752847][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.769004][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.777050][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.784156][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.791602][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.799664][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.806594][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.814046][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.828115][ T456] device veth1_macvtap entered promiscuous mode [ 38.834995][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.842722][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.850732][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.865019][ T462] device veth0_vlan entered promiscuous mode [ 38.876714][ T459] device veth0_vlan entered promiscuous mode [ 38.888339][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.896060][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.904024][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.911431][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.919631][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.927890][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.935639][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.943446][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.951489][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.959543][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.967116][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.974753][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.982257][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.989642][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.998002][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.006232][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.013108][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.020447][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.028538][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.036571][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.044788][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.053080][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.060058][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.067277][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.075410][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.083649][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.090858][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.098920][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.106127][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.115075][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.134118][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.142112][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.150665][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.158684][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.165718][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.173517][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.181975][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.190128][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.197172][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.204379][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.211672][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.218982][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.227383][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.235254][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.242051][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.249610][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.257985][ T462] device veth1_macvtap entered promiscuous mode [ 39.272258][ T28] audit: type=1400 audit(1681221628.340:138): avc: denied { mount } for pid=456 comm="syz-executor.2" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 39.277248][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.303448][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.311776][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.320078][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.328444][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.336825][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.344860][ T412] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.351778][ T412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.358925][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.366962][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.374739][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.382911][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.396870][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.404741][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.419133][ T459] device veth1_macvtap entered promiscuous mode [ 39.433306][ T28] audit: type=1400 audit(1681221628.500:139): avc: denied { mounton } for pid=490 comm="syz-executor.2" path="/root/syzkaller-testdir593283693/syzkaller.srjwcs/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.433611][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.467930][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.475772][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.483929][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.491737][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.499509][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.507215][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.527316][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.535447][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.543328][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.551277][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.559328][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.567729][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.575699][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.592374][ T469] device veth0_vlan entered promiscuous mode [ 39.598946][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.607173][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.615505][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.624466][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.644775][ T468] device veth0_vlan entered promiscuous mode [ 39.651222][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.659036][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.666245][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.674017][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.681708][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.694683][ T469] device veth1_macvtap entered promiscuous mode [ 39.704314][ T468] device veth1_macvtap entered promiscuous mode [ 39.711732][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.719940][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.728034][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.735273][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.742759][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.750925][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.759273][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.767739][ T472] device veth0_vlan entered promiscuous mode [ 39.778771][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.786822][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.794999][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.803045][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.828619][ T472] device veth1_macvtap entered promiscuous mode [ 39.838547][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.847100][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.855186][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.863465][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.872076][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.891746][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.899889][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.912177][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.920414][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.267424][ T28] audit: type=1400 audit(1681221629.340:140): avc: denied { unmount } for pid=456 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/04/11 14:00:31 executed programs: 24 2023/04/11 14:00:36 executed programs: 60 2023/04/11 14:00:41 executed programs: 96 2023/04/11 14:00:47 executed programs: 132 2023/04/11 14:00:52 executed programs: 168 2023/04/11 14:00:57 executed programs: 204 2023/04/11 14:01:02 executed programs: 240 2023/04/11 14:01:07 executed programs: 276 2023/04/11 14:01:12 executed programs: 312 2023/04/11 14:01:17 executed programs: 348 2023/04/11 14:01:22 executed programs: 384 2023/04/11 14:01:27 executed programs: 420 2023/04/11 14:01:32 executed programs: 456 2023/04/11 14:01:37 executed programs: 492 2023/04/11 14:01:42 executed programs: 528 2023/04/11 14:01:47 executed programs: 564 2023/04/11 14:01:52 executed programs: 600 2023/04/11 14:01:57 executed programs: 636 2023/04/11 14:02:02 executed programs: 672 2023/04/11 14:02:07 executed programs: 708 2023/04/11 14:02:12 executed programs: 744 2023/04/11 14:02:17 executed programs: 780 2023/04/11 14:02:22 executed programs: 816 2023/04/11 14:02:27 executed programs: 852 2023/04/11 14:02:32 executed programs: 888 2023/04/11 14:02:37 executed programs: 924 2023/04/11 14:02:43 executed programs: 960 2023/04/11 14:02:48 executed programs: 996 2023/04/11 14:02:53 executed programs: 1032 2023/04/11 14:02:58 executed programs: 1068 2023/04/11 14:03:03 executed programs: 1104 2023/04/11 14:03:08 executed programs: 1140 2023/04/11 14:03:13 executed programs: 1176 2023/04/11 14:03:18 executed programs: 1212 2023/04/11 14:03:23 executed programs: 1248 2023/04/11 14:03:28 executed programs: 1284 2023/04/11 14:03:33 executed programs: 1320 2023/04/11 14:03:38 executed programs: 1356 2023/04/11 14:03:43 executed programs: 1392 2023/04/11 14:03:48 executed programs: 1428 2023/04/11 14:03:53 executed programs: 1464 2023/04/11 14:03:58 executed programs: 1500 2023/04/11 14:04:03 executed programs: 1536 2023/04/11 14:04:08 executed programs: 1572 2023/04/11 14:04:13 executed programs: 1608 [ 267.519462][ T8868] ================================================================== [ 267.527548][ T8868] BUG: KASAN: use-after-free in fuse_copy_args+0x248/0x630 [ 267.534575][ T8868] Read of size 256 at addr ffff888127f36c10 by task syz-executor.2/8868 [ 267.543262][ T8868] [ 267.545517][ T8868] CPU: 1 PID: 8868 Comm: syz-executor.2 Not tainted 6.1.0-rc8-syzkaller-00148-g0d1409e4ff08 #0 [ 267.556066][ T8868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 267.566141][ T8868] Call Trace: [ 267.569336][ T8868] [ 267.572118][ T8868] dump_stack_lvl+0x151/0x1b7 [ 267.576625][ T8868] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 267.582155][ T8868] ? _printk+0xd1/0x111 [ 267.586301][ T8868] ? __virt_addr_valid+0x242/0x2f0 [ 267.591333][ T8868] print_report+0x158/0x4e0 [ 267.595815][ T8868] ? __virt_addr_valid+0x242/0x2f0 [ 267.601140][ T8868] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 267.607208][ T8868] ? fuse_copy_args+0x248/0x630 [ 267.611895][ T8868] kasan_report+0x13c/0x170 [ 267.616233][ T8868] ? fuse_copy_args+0x248/0x630 [ 267.621055][ T8868] kasan_check_range+0x294/0x2a0 [ 267.625789][ T8868] ? fuse_copy_args+0x248/0x630 [ 267.630469][ T8868] memcpy+0x2d/0x70 [ 267.634210][ T8868] fuse_copy_args+0x248/0x630 [ 267.638718][ T8868] fuse_dev_do_read+0xc87/0x11d0 [ 267.643491][ T8868] ? queue_interrupt+0x390/0x390 [ 267.648261][ T8868] ? memset+0x35/0x40 [ 267.652103][ T8868] ? __fsnotify_parent+0x50b/0x730 [ 267.657048][ T8868] fuse_dev_read+0x16d/0x210 [ 267.661482][ T8868] ? fuse_dev_release+0x5c0/0x5c0 [ 267.666701][ T8868] ? fsnotify_perm+0x4ba/0x5d0 [ 267.671446][ T8868] vfs_read+0x771/0xad0 [ 267.675559][ T8868] ? kernel_read+0x1f0/0x1f0 [ 267.680109][ T8868] ? __fget_files+0x2cb/0x330 [ 267.684618][ T8868] ? __fdget_pos+0x204/0x310 [ 267.689135][ T8868] ? ksys_read+0x77/0x2c0 [ 267.693729][ T8868] ksys_read+0x199/0x2c0 [ 267.697803][ T8868] ? __x64_sys_futex+0x100/0x100 [ 267.702580][ T8868] ? vfs_write+0xe30/0xe30 [ 267.706839][ T8868] ? fpregs_restore_userregs+0x130/0x290 [ 267.712390][ T8868] __x64_sys_read+0x7b/0x90 [ 267.716930][ T8868] do_syscall_64+0x3d/0x80 [ 267.721243][ T8868] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 267.727143][ T8868] RIP: 0033:0x7f380e68b639 [ 267.731513][ T8868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 267.751302][ T8868] RSP: 002b:00007f380f30b168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 267.759706][ T8868] RAX: ffffffffffffffda RBX: 00007f380e7ac1f0 RCX: 00007f380e68b639 [ 267.767763][ T8868] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 267.775661][ T8868] RBP: 00007f380e6e6ae9 R08: 0000000000000000 R09: 0000000000000000 [ 267.783857][ T8868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 267.792531][ T8868] R13: 00007ffc5939749f R14: 00007f380f30b300 R15: 0000000000022000 [ 267.800693][ T8868] [ 267.803550][ T8868] [ 267.805731][ T8868] Allocated by task 8855: [ 267.809893][ T8868] kasan_set_track+0x4b/0x70 [ 267.814320][ T8868] kasan_save_alloc_info+0x1f/0x30 [ 267.819260][ T8868] __kasan_kmalloc+0x9c/0xb0 [ 267.824119][ T8868] __kmalloc+0xb4/0x1e0 [ 267.828332][ T8868] __d_alloc+0xb4/0x6c0 [ 267.832375][ T8868] d_alloc_parallel+0xe1/0x1270 [ 267.837561][ T8868] __lookup_slow+0x154/0x3e0 [ 267.842184][ T8868] lookup_slow+0x5a/0x80 [ 267.846415][ T8868] walk_component+0x2e7/0x410 [ 267.850922][ T8868] path_lookupat+0x16d/0x450 [ 267.855346][ T8868] filename_lookup+0x251/0x600 [ 267.859953][ T8868] user_path_at_empty+0x43/0x1a0 [ 267.864988][ T8868] __se_sys_mount+0x285/0x3b0 [ 267.869496][ T8868] __x64_sys_mount+0xbf/0xd0 [ 267.873925][ T8868] do_syscall_64+0x3d/0x80 [ 267.878178][ T8868] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 267.883910][ T8868] [ 267.886077][ T8868] Freed by task 56: [ 267.889742][ T8868] kasan_set_track+0x4b/0x70 [ 267.894850][ T8868] kasan_save_free_info+0x2b/0x40 [ 267.899798][ T8868] ____kasan_slab_free+0x131/0x180 [ 267.904738][ T8868] __kasan_slab_free+0x11/0x20 [ 267.909433][ T8868] kmem_cache_free_bulk+0x636/0x7a0 [ 267.914460][ T8868] kfree_rcu_work+0x2b6/0x720 [ 267.918973][ T8868] process_one_work+0x6ab/0xc00 [ 267.923657][ T8868] worker_thread+0xa5d/0x1260 [ 267.928367][ T8868] kthread+0x26d/0x300 [ 267.932249][ T8868] ret_from_fork+0x1f/0x30 [ 267.936505][ T8868] [ 267.938680][ T8868] Last potentially related work creation: [ 267.944233][ T8868] kasan_save_stack+0x3b/0x60 [ 267.948761][ T8868] __kasan_record_aux_stack+0xb4/0xc0 [ 267.953954][ T8868] kasan_record_aux_stack_noalloc+0xb/0x10 [ 267.959593][ T8868] kvfree_call_rcu+0xaa/0x810 [ 267.964105][ T8868] __d_move+0x877/0x13a0 [ 267.968273][ T8868] __d_unalias+0x1cc/0x220 [ 267.972612][ T8868] d_splice_alias+0x20a/0x390 [ 267.977359][ T8868] fuse_lookup+0x2b9/0x5f0 [ 267.981579][ T8868] __lookup_slow+0x2b9/0x3e0 [ 267.986004][ T8868] lookup_slow+0x5a/0x80 [ 267.990085][ T8868] link_path_walk+0x9d3/0xee0 [ 267.994597][ T8868] filename_parentat+0x24c/0x670 [ 267.999463][ T8868] filename_create+0xf0/0x520 [ 268.003972][ T8868] do_mkdirat+0xbd/0x450 [ 268.008137][ T8868] __x64_sys_mkdir+0x6e/0x80 [ 268.012675][ T8868] do_syscall_64+0x3d/0x80 [ 268.016992][ T8868] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 268.022721][ T8868] [ 268.024896][ T8868] The buggy address belongs to the object at ffff888127f36c00 [ 268.024896][ T8868] which belongs to the cache kmalloc-rcl-512 of size 512 [ 268.039308][ T8868] The buggy address is located 16 bytes inside of [ 268.039308][ T8868] 512-byte region [ffff888127f36c00, ffff888127f36e00) [ 268.052673][ T8868] [ 268.054837][ T8868] The buggy address belongs to the physical page: [ 268.061088][ T8868] page:ffffea00049fcd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x127f34 [ 268.071197][ T8868] head:ffffea00049fcd00 order:2 compound_mapcount:0 compound_pincount:0 [ 268.079402][ T8868] flags: 0x4000000000010200(slab|head|zone=1) [ 268.085311][ T8868] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042dc0 [ 268.093986][ T8868] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 268.102491][ T8868] page dumped because: kasan: bad access detected [ 268.108742][ T8868] page_owner tracks the page as allocated [ 268.114295][ T8868] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 8797, tgid 8796 (syz-executor.0), ts 265803064734, free_ts 0 [ 268.138513][ T8868] post_alloc_hook+0x1e2/0x1f0 [ 268.143112][ T8868] get_page_from_freelist+0x2e7a/0x2f50 [ 268.148624][ T8868] __alloc_pages+0x3e3/0x880 [ 268.153217][ T8868] new_slab+0xce/0x4c0 [ 268.157907][ T8868] ___slab_alloc+0x6f9/0xb80 [ 268.162875][ T8868] __slab_alloc+0x5d/0xa0 [ 268.167235][ T8868] __kmem_cache_alloc_node+0x139/0x1c0 [ 268.172516][ T8868] __kmalloc+0xa3/0x1e0 [ 268.176765][ T8868] __d_alloc+0xb4/0x6c0 [ 268.180836][ T8868] d_alloc_parallel+0xe1/0x1270 [ 268.185538][ T8868] __lookup_slow+0x154/0x3e0 [ 268.189949][ T8868] lookup_slow+0x5a/0x80 [ 268.194026][ T8868] walk_component+0x2e7/0x410 [ 268.198800][ T8868] path_lookupat+0x16d/0x450 [ 268.203234][ T8868] filename_lookup+0x251/0x600 [ 268.207839][ T8868] vfs_statx+0x106/0x700 [ 268.211995][ T8868] page_owner free stack trace missing [ 268.217378][ T8868] [ 268.219546][ T8868] Memory state around the buggy address: [ 268.225024][ T8868] ffff888127f36b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 268.233006][ T8868] ffff888127f36b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 268.240904][ T8868] >ffff888127f36c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 268.249061][ T8868] ^ [ 268.253505][ T8868] ffff888127f36c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 268.261474][ T8868] ffff888127f36d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 268.269370][ T8868] ================================================================== [ 268.277964][ T8868] Disabling lock debugging due to kernel taint 2023/04/11 14:04:19 executed programs: 1643 2023/04/11 14:04:24 executed programs: 1679