Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. 2023/04/07 11:08:52 ignoring optional flag "sandboxArg"="0" 2023/04/07 11:08:52 parsed 1 programs 2023/04/07 11:08:52 executed programs: 0 [ 37.463949][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 37.463965][ T28] audit: type=1400 audit(1680865732.670:136): avc: denied { mounton } for pid=451 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.538049][ T28] audit: type=1400 audit(1680865732.670:137): avc: denied { mount } for pid=451 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.637201][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.644261][ T460] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.651682][ T460] device bridge_slave_0 entered promiscuous mode [ 37.659701][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.666542][ T460] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.673824][ T460] device bridge_slave_1 entered promiscuous mode [ 37.735343][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.742720][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.750161][ T467] device bridge_slave_0 entered promiscuous mode [ 37.759242][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.766542][ T456] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.774039][ T456] device bridge_slave_0 entered promiscuous mode [ 37.781873][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.788900][ T456] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.796090][ T456] device bridge_slave_1 entered promiscuous mode [ 37.802470][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.809356][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.817145][ T468] device bridge_slave_0 entered promiscuous mode [ 37.826513][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.833669][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.840921][ T467] device bridge_slave_1 entered promiscuous mode [ 37.859484][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.866415][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.873811][ T468] device bridge_slave_1 entered promiscuous mode [ 37.888376][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.895445][ T466] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.902841][ T466] device bridge_slave_0 entered promiscuous mode [ 37.920085][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.927077][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.934597][ T469] device bridge_slave_0 entered promiscuous mode [ 37.943232][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.950275][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.957364][ T469] device bridge_slave_1 entered promiscuous mode [ 37.963862][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.970927][ T466] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.978250][ T466] device bridge_slave_1 entered promiscuous mode [ 38.123533][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.130512][ T460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.137889][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.144902][ T460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.159715][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.166677][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.173783][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.180756][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.211024][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.217897][ T469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.224962][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.231793][ T469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.247483][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.254505][ T467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.262084][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.268837][ T467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.276929][ T456] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.283794][ T456] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.290933][ T456] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.297745][ T456] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.329518][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.336663][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.343802][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.351296][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.359574][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.366688][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.374108][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.381192][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.389430][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.397734][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.405414][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.443537][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.451531][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.459733][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.466901][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.492804][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.500032][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.508114][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.515142][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.522361][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.530670][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.537594][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.545090][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.552898][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.560731][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.568739][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.575472][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.620551][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.628961][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.637545][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.645352][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.653005][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.661320][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.669470][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.676379][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.683614][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.691960][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.700002][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.706912][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.714410][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.722359][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.730498][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.738247][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.745417][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.752695][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.761019][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.768970][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.775873][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.783171][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.791520][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.799775][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.806629][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.813906][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.821197][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.828522][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.836732][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.844665][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.851614][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.858961][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.867506][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.875812][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.882974][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.890629][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.898475][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.906233][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.914483][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.922278][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.930723][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.938772][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.945602][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.953017][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.960949][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.969483][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.978724][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.986905][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.996451][ T466] device veth0_vlan entered promiscuous mode [ 39.007217][ T460] device veth0_vlan entered promiscuous mode [ 39.027911][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.036951][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.046446][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.055273][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.063545][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.072017][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.080144][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.088326][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.096777][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.105084][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.113440][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.120915][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.128380][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.135722][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.143988][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.151609][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.162161][ T468] device veth0_vlan entered promiscuous mode [ 39.170543][ T469] device veth0_vlan entered promiscuous mode [ 39.184460][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.192590][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.200725][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.209166][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.217449][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.225626][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.233426][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.241410][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.250691][ T456] device veth0_vlan entered promiscuous mode [ 39.258771][ T466] device veth1_macvtap entered promiscuous mode [ 39.268298][ T460] device veth1_macvtap entered promiscuous mode [ 39.279117][ T469] device veth1_macvtap entered promiscuous mode [ 39.289325][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.298556][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.306436][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.314533][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.322698][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.339580][ T456] device veth1_macvtap entered promiscuous mode [ 39.346355][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.354515][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.362559][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.370180][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.378430][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.386721][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.395039][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.411383][ T28] audit: type=1400 audit(1680865734.620:138): avc: denied { mount } for pid=466 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 39.436509][ T468] device veth1_macvtap entered promiscuous mode [ 39.457343][ T28] audit: type=1400 audit(1680865734.660:139): avc: denied { mounton } for pid=491 comm="syz-executor.0" path="/root/syzkaller-testdir3484847305/syzkaller.Ehdoof/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.485857][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.494938][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.503502][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.511715][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.519842][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.528146][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.536823][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.545452][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.553896][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.562194][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.570236][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.578594][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.586628][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.606679][ T467] device veth0_vlan entered promiscuous mode [ 39.614510][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.623038][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.632015][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.639819][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.647588][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.655844][ T411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.664642][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.672064][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.722034][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 39.731302][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.740482][ T467] device veth1_macvtap entered promiscuous mode [ 39.749599][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 39.757252][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.765588][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.777178][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.785463][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.283191][ T28] audit: type=1400 audit(1680865735.490:140): avc: denied { unmount } for pid=466 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/04/07 11:08:58 executed programs: 24 2023/04/07 11:09:03 executed programs: 60 2023/04/07 11:09:08 executed programs: 96 2023/04/07 11:09:13 executed programs: 132 2023/04/07 11:09:18 executed programs: 168 2023/04/07 11:09:23 executed programs: 204 2023/04/07 11:09:28 executed programs: 240 2023/04/07 11:09:33 executed programs: 276 2023/04/07 11:09:38 executed programs: 312 2023/04/07 11:09:43 executed programs: 348 2023/04/07 11:09:48 executed programs: 384 2023/04/07 11:09:53 executed programs: 420 2023/04/07 11:09:58 executed programs: 456 2023/04/07 11:10:03 executed programs: 492 2023/04/07 11:10:08 executed programs: 528 2023/04/07 11:10:13 executed programs: 564 2023/04/07 11:10:18 executed programs: 600 2023/04/07 11:10:23 executed programs: 636 2023/04/07 11:10:28 executed programs: 672 2023/04/07 11:10:33 executed programs: 708 2023/04/07 11:10:38 executed programs: 744 2023/04/07 11:10:43 executed programs: 780 2023/04/07 11:10:48 executed programs: 816 2023/04/07 11:10:54 executed programs: 852 2023/04/07 11:10:59 executed programs: 888 2023/04/07 11:11:04 executed programs: 924 2023/04/07 11:11:09 executed programs: 960 [ 174.360794][ T5456] ================================================================== [ 174.368863][ T5456] BUG: KASAN: use-after-free in fuse_copy_args+0x248/0x630 [ 174.376974][ T5456] Read of size 256 at addr ffff888124eaa010 by task syz-executor.5/5456 [ 174.385515][ T5456] [ 174.387669][ T5456] CPU: 1 PID: 5456 Comm: syz-executor.5 Not tainted 6.1.0-rc1-syzkaller #0 [ 174.396260][ T5456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 174.406764][ T5456] Call Trace: [ 174.409990][ T5456] [ 174.412770][ T5456] dump_stack_lvl+0x151/0x1b7 [ 174.417375][ T5456] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 174.422749][ T5456] ? _printk+0xd1/0x111 [ 174.426915][ T5456] ? __virt_addr_valid+0x242/0x2f0 [ 174.431948][ T5456] print_report+0x158/0x4e0 [ 174.436290][ T5456] ? __virt_addr_valid+0x242/0x2f0 [ 174.441249][ T5456] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 174.447602][ T5456] ? fuse_copy_args+0x248/0x630 [ 174.452266][ T5456] kasan_report+0x13c/0x170 [ 174.456604][ T5456] ? fuse_copy_args+0x248/0x630 [ 174.461289][ T5456] kasan_check_range+0x294/0x2a0 [ 174.466059][ T5456] ? fuse_copy_args+0x248/0x630 [ 174.470754][ T5456] memcpy+0x2d/0x70 [ 174.474518][ T5456] fuse_copy_args+0x248/0x630 [ 174.479052][ T5456] fuse_dev_do_read+0xc87/0x11d0 [ 174.483804][ T5456] ? queue_interrupt+0x390/0x390 [ 174.488574][ T5456] ? memset+0x35/0x40 [ 174.492479][ T5456] ? __fsnotify_parent+0x50b/0x730 [ 174.497425][ T5456] fuse_dev_read+0x16d/0x210 [ 174.501851][ T5456] ? fuse_dev_release+0x5c0/0x5c0 [ 174.506713][ T5456] ? fsnotify_perm+0x4ba/0x5d0 [ 174.511450][ T5456] vfs_read+0x771/0xad0 [ 174.515527][ T5456] ? kernel_read+0x1f0/0x1f0 [ 174.519951][ T5456] ? __fget_files+0x2cb/0x330 [ 174.524660][ T5456] ? __fdget_pos+0x204/0x310 [ 174.529050][ T5456] ? ksys_read+0x77/0x2c0 [ 174.533221][ T5456] ksys_read+0x199/0x2c0 [ 174.537565][ T5456] ? __x64_sys_futex+0x100/0x100 [ 174.542342][ T5456] ? vfs_write+0xe30/0xe30 [ 174.546650][ T5456] ? fpregs_restore_userregs+0x130/0x290 [ 174.552089][ T5456] __x64_sys_read+0x7b/0x90 [ 174.556392][ T5456] do_syscall_64+0x3d/0x80 [ 174.560643][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.566574][ T5456] RIP: 0033:0x7f688e08b639 [ 174.570828][ T5456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 174.590511][ T5456] RSP: 002b:00007f688ed27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.598755][ T5456] RAX: ffffffffffffffda RBX: 00007f688e1ac1f0 RCX: 00007f688e08b639 [ 174.606570][ T5456] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 174.614377][ T5456] RBP: 00007f688e0e6ae9 R08: 0000000000000000 R09: 0000000000000000 [ 174.622275][ T5456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 174.630086][ T5456] R13: 00007ffde3dfb58f R14: 00007f688ed27300 R15: 0000000000022000 [ 174.637901][ T5456] [ 174.640882][ T5456] [ 174.643129][ T5456] Allocated by task 5444: [ 174.647568][ T5456] kasan_set_track+0x4b/0x70 [ 174.651992][ T5456] kasan_save_alloc_info+0x1f/0x30 [ 174.656946][ T5456] __kasan_kmalloc+0x9c/0xb0 [ 174.661357][ T5456] __kmalloc+0xb4/0x1e0 [ 174.665357][ T5456] __d_alloc+0xb4/0x6c0 [ 174.669342][ T5456] d_alloc_parallel+0xe1/0x1270 [ 174.674229][ T5456] __lookup_slow+0x154/0x3e0 [ 174.678628][ T5456] lookup_slow+0x5a/0x80 [ 174.682793][ T5456] walk_component+0x2e7/0x410 [ 174.687308][ T5456] path_lookupat+0x16d/0x450 [ 174.691742][ T5456] filename_lookup+0x251/0x600 [ 174.696425][ T5456] user_path_at_empty+0x43/0x1a0 [ 174.701193][ T5456] __se_sys_mount+0x285/0x3b0 [ 174.705709][ T5456] __x64_sys_mount+0xbf/0xd0 [ 174.710135][ T5456] do_syscall_64+0x3d/0x80 [ 174.714414][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.720213][ T5456] [ 174.722373][ T5456] Freed by task 6: [ 174.726017][ T5456] kasan_set_track+0x4b/0x70 [ 174.730443][ T5456] kasan_save_free_info+0x2b/0x40 [ 174.735305][ T5456] ____kasan_slab_free+0x131/0x180 [ 174.740255][ T5456] __kasan_slab_free+0x11/0x20 [ 174.744857][ T5456] kmem_cache_free_bulk+0x636/0x7a0 [ 174.749977][ T5456] kfree_rcu_work+0x2b6/0x720 [ 174.754541][ T5456] process_one_work+0x6ab/0xc00 [ 174.759175][ T5456] worker_thread+0xa5d/0x1260 [ 174.763697][ T5456] kthread+0x26d/0x300 [ 174.767682][ T5456] ret_from_fork+0x1f/0x30 [ 174.772190][ T5456] [ 174.774372][ T5456] Last potentially related work creation: [ 174.779917][ T5456] kasan_save_stack+0x3b/0x60 [ 174.784606][ T5456] __kasan_record_aux_stack+0xb4/0xc0 [ 174.789897][ T5456] kasan_record_aux_stack_noalloc+0xb/0x10 [ 174.795544][ T5456] kvfree_call_rcu+0xaa/0x810 [ 174.800057][ T5456] __d_move+0x877/0x13a0 [ 174.804149][ T5456] __d_unalias+0x1cc/0x220 [ 174.808559][ T5456] d_splice_alias+0x20a/0x390 [ 174.813290][ T5456] fuse_lookup+0x2b9/0x5f0 [ 174.817527][ T5456] __lookup_slow+0x2b9/0x3e0 [ 174.821956][ T5456] lookup_slow+0x5a/0x80 [ 174.826126][ T5456] link_path_walk+0x9d3/0xee0 [ 174.830886][ T5456] filename_parentat+0x24c/0x670 [ 174.835660][ T5456] filename_create+0xf0/0x520 [ 174.840176][ T5456] do_mkdirat+0xbd/0x450 [ 174.844266][ T5456] __x64_sys_mkdir+0x6e/0x80 [ 174.848854][ T5456] do_syscall_64+0x3d/0x80 [ 174.853194][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.858924][ T5456] [ 174.861096][ T5456] Second to last potentially related work creation: [ 174.867543][ T5456] kasan_save_stack+0x3b/0x60 [ 174.872213][ T5456] __kasan_record_aux_stack+0xb4/0xc0 [ 174.877417][ T5456] kasan_record_aux_stack_noalloc+0xb/0x10 [ 174.883061][ T5456] kvfree_call_rcu+0xaa/0x810 [ 174.887833][ T5456] __d_move+0x877/0x13a0 [ 174.892347][ T5456] __d_unalias+0x1cc/0x220 [ 174.896613][ T5456] d_splice_alias+0x20a/0x390 [ 174.901207][ T5456] fuse_lookup+0x2b9/0x5f0 [ 174.905453][ T5456] __lookup_slow+0x2b9/0x3e0 [ 174.910178][ T5456] lookup_slow+0x5a/0x80 [ 174.914484][ T5456] link_path_walk+0x9d3/0xee0 [ 174.918990][ T5456] filename_parentat+0x24c/0x670 [ 174.923763][ T5456] filename_create+0xf0/0x520 [ 174.928277][ T5456] do_mkdirat+0xbd/0x450 [ 174.932357][ T5456] __x64_sys_mkdir+0x6e/0x80 [ 174.936783][ T5456] do_syscall_64+0x3d/0x80 [ 174.941046][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 174.947094][ T5456] [ 174.949434][ T5456] The buggy address belongs to the object at ffff888124eaa000 [ 174.949434][ T5456] which belongs to the cache kmalloc-rcl-512 of size 512 [ 174.963872][ T5456] The buggy address is located 16 bytes inside of [ 174.963872][ T5456] 512-byte region [ffff888124eaa000, ffff888124eaa200) [ 174.976909][ T5456] [ 174.979066][ T5456] The buggy address belongs to the physical page: [ 174.985531][ T5456] page:ffffea000493aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124ea8 [ 174.995775][ T5456] head:ffffea000493aa00 order:2 compound_mapcount:0 compound_pincount:0 [ 175.003931][ T5456] flags: 0x4000000000010200(slab|head|zone=1) [ 175.009848][ T5456] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100042dc0 [ 175.018259][ T5456] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 175.026673][ T5456] page dumped because: kasan: bad access detected [ 175.033003][ T5456] page_owner tracks the page as allocated [ 175.038562][ T5456] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 506, tgid 502 (syz-executor.1), ts 39716490312, free_ts 20379027554 [ 175.063035][ T5456] post_alloc_hook+0x1e2/0x1f0 [ 175.067740][ T5456] get_page_from_freelist+0x2e7a/0x2f50 [ 175.073104][ T5456] __alloc_pages+0x3e3/0x880 [ 175.077534][ T5456] new_slab+0x9f/0x420 [ 175.081928][ T5456] ___slab_alloc+0x6f9/0xb80 [ 175.086638][ T5456] __slab_alloc+0x5d/0xa0 [ 175.090780][ T5456] __kmem_cache_alloc_node+0x139/0x1c0 [ 175.096236][ T5456] __kmalloc+0xa3/0x1e0 [ 175.100229][ T5456] __d_alloc+0xb4/0x6c0 [ 175.104232][ T5456] d_alloc_parallel+0xe1/0x1270 [ 175.108903][ T5456] __lookup_slow+0x154/0x3e0 [ 175.113334][ T5456] lookup_slow+0x5a/0x80 [ 175.117427][ T5456] walk_component+0x2e7/0x410 [ 175.121962][ T5456] path_lookupat+0x16d/0x450 [ 175.126354][ T5456] filename_lookup+0x251/0x600 [ 175.130953][ T5456] user_path_at_empty+0x43/0x1a0 [ 175.135757][ T5456] page last free stack trace: [ 175.140248][ T5456] __free_pages_ok+0x886/0x890 [ 175.145138][ T5456] free_compound_page+0xb0/0xd0 [ 175.149886][ T5456] free_transhuge_page+0x2c3/0x2f0 [ 175.154846][ T5456] destroy_large_folio+0x56/0x90 [ 175.159655][ T5456] release_pages+0x3e4/0xe90 [ 175.164219][ T5456] free_pages_and_swap_cache+0x8a/0xa0 [ 175.169510][ T5456] tlb_flush_mmu+0xfe/0x200 [ 175.173849][ T5456] tlb_finish_mmu+0xd5/0x1f0 [ 175.178288][ T5456] zap_page_range+0x7cb/0x8c0 [ 175.182792][ T5456] do_madvise+0x174d/0x3d70 [ 175.187227][ T5456] __x64_sys_madvise+0xa8/0xc0 [ 175.191920][ T5456] do_syscall_64+0x3d/0x80 [ 175.196201][ T5456] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 175.202448][ T5456] [ 175.204592][ T5456] Memory state around the buggy address: [ 175.210063][ T5456] ffff888124ea9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 175.217963][ T5456] ffff888124ea9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 175.225960][ T5456] >ffff888124eaa000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.233841][ T5456] ^ [ 175.238272][ T5456] ffff888124eaa080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.246167][ T5456] ffff888124eaa100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.254071][ T5456] ================================================================== [ 175.278499][ T5456] Disabling lock debugging due to kernel taint 2023/04/07 11:11:14 executed programs: 995