[ 20.929284][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.937583][ T410] device veth1_macvtap entered promiscuous mode [ 20.945490][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.960058][ T139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 21.413120][ T9] device bridge_slave_1 left promiscuous mode [ 21.419037][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.426415][ T9] device bridge_slave_0 left promiscuous mode [ 21.432337][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.440231][ T9] device veth1_macvtap left promiscuous mode [ 21.447060][ T9] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts. 2022/12/09 16:47:55 ignoring optional flag "sandboxArg"="0" 2022/12/09 16:47:55 parsed 1 programs 2022/12/09 16:47:55 executed programs: 0 [ 38.816396][ T29] kauditd_printk_skb: 65 callbacks suppressed [ 38.816408][ T29] audit: type=1400 audit(1670604475.470:137): avc: denied { mounton } for pid=456 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 38.846912][ T29] audit: type=1400 audit(1670604475.480:138): avc: denied { mount } for pid=456 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 38.947860][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.954836][ T460] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.961855][ T460] device bridge_slave_0 entered promiscuous mode [ 38.973735][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.980570][ T460] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.987725][ T460] device bridge_slave_1 entered promiscuous mode [ 39.011525][ T462] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.018380][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.025521][ T462] device bridge_slave_0 entered promiscuous mode [ 39.032716][ T462] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.039682][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.046829][ T462] device bridge_slave_1 entered promiscuous mode [ 39.115259][ T474] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.122098][ T474] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.129290][ T474] device bridge_slave_0 entered promiscuous mode [ 39.145195][ T474] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.152014][ T474] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.159214][ T474] device bridge_slave_1 entered promiscuous mode [ 39.169388][ T478] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.176247][ T478] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.183444][ T478] device bridge_slave_0 entered promiscuous mode [ 39.205187][ T478] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.212014][ T478] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.219149][ T478] device bridge_slave_1 entered promiscuous mode [ 39.227061][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.234005][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.240903][ T469] device bridge_slave_0 entered promiscuous mode [ 39.248741][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.255747][ T460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.262923][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.269891][ T460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.277490][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.284352][ T466] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.291345][ T466] device bridge_slave_0 entered promiscuous mode [ 39.305647][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.312468][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.319946][ T469] device bridge_slave_1 entered promiscuous mode [ 39.339467][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.346428][ T466] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.353505][ T466] device bridge_slave_1 entered promiscuous mode [ 39.382536][ T460] device veth0_vlan entered promiscuous mode [ 39.388470][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.396552][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.405495][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.413277][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.420915][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.428921][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.436572][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.443734][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.450810][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.457950][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.495905][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.504608][ T460] device veth1_macvtap entered promiscuous mode [ 39.522913][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.530293][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.538280][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.545103][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.562590][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.595896][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.603961][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.610772][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.631379][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.648119][ T139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.656174][ T139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.663905][ T139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.677208][ T29] audit: type=1400 audit(1670604476.330:139): avc: denied { mount } for pid=460 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 39.709922][ T29] audit: type=1400 audit(1670604476.360:140): avc: denied { mounton } for pid=493 comm="syz-executor.0" path="/root/syzkaller-testdir3847110120/syzkaller.c1Kl5P/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.743630][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.750934][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.760555][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.768563][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.775391][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.782492][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.790446][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.797270][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.804438][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.812064][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.823680][ T462] device veth0_vlan entered promiscuous mode [ 39.834196][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.841387][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.848805][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.856555][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.863746][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.870869][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.878709][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.885532][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.904779][ T478] device veth0_vlan entered promiscuous mode [ 39.912072][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.920086][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.928133][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.935814][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.942919][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.949939][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.957793][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.964616][ T414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.986958][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.994776][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.002398][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.010204][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.018107][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.025449][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.032542][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.040567][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.048441][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.055202][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.062297][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.070273][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.078153][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.084907][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.097998][ T462] device veth1_macvtap entered promiscuous mode [ 40.106166][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.113491][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.121433][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.129544][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 40.143297][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.150401][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.157513][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.165507][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.173682][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.180490][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.187665][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.195639][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.203605][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.210419][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.217582][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.225317][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.232903][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.240588][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.248962][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.258977][ T478] device veth1_macvtap entered promiscuous mode [ 40.267225][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.275396][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.290020][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.298096][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.306187][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.314419][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.322393][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.330123][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.337908][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.345829][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.365608][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.373640][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.381610][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.389718][ T415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.404800][ T474] device veth0_vlan entered promiscuous mode [ 40.413715][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.421706][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.428922][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.436387][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.444441][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.452400][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.460593][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.468740][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.476970][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.489686][ T466] device veth0_vlan entered promiscuous mode [ 40.497867][ T469] device veth0_vlan entered promiscuous mode [ 40.510079][ T469] device veth1_macvtap entered promiscuous mode [ 40.517088][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.525342][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.533351][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.540986][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.544890][ T29] audit: type=1400 audit(1670604477.190:141): avc: denied { unmount } for pid=460 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 40.548420][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.575479][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.589284][ T466] device veth1_macvtap entered promiscuous mode [ 40.598908][ T474] device veth1_macvtap entered promiscuous mode [ 40.605691][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.613824][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.621083][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.628390][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.636414][ T416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.652399][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.660406][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.668522][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.676710][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.684881][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.693135][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.701130][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.709066][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.730522][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.738388][ T514] ================================================================== [ 40.746212][ T514] BUG: KASAN: use-after-free in fuse_copy_one+0x1e7/0x3f0 [ 40.753159][ T514] Read of size 256 at addr ffff888120e59410 by task syz-executor.4/514 [ 40.761240][ T514] [ 40.763399][ T514] CPU: 1 PID: 514 Comm: syz-executor.4 Not tainted 5.15.82-syzkaller #0 [ 40.771555][ T514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 40.781453][ T514] Call Trace: [ 40.784577][ T514] [ 40.787352][ T514] dump_stack_lvl+0x151/0x1b7 [ 40.791866][ T514] ? bfq_pos_tree_add_move+0x43e/0x43e [ 40.797161][ T514] ? panic+0x727/0x727 [ 40.801066][ T514] ? switch_mm_irqs_off+0x57f/0x860 [ 40.806103][ T514] print_address_description+0x87/0x3c0 [ 40.811491][ T514] kasan_report+0x1a2/0x1f0 [ 40.815828][ T514] ? fuse_copy_one+0x1e7/0x3f0 [ 40.820423][ T514] ? fuse_copy_one+0x1e7/0x3f0 [ 40.825026][ T514] kasan_check_range+0x2aa/0x2e0 [ 40.829797][ T514] ? fuse_copy_one+0x1e7/0x3f0 [ 40.834421][ T514] memcpy+0x2d/0x70 [ 40.838044][ T514] fuse_copy_one+0x1e7/0x3f0 [ 40.842473][ T514] fuse_copy_args+0x309/0x400 [ 40.846983][ T514] ? fuse_copy_one+0x39f/0x3f0 [ 40.851585][ T514] fuse_dev_do_read+0xc9b/0x1190 [ 40.856363][ T514] ? queue_interrupt+0x390/0x390 [ 40.861133][ T514] ? memset+0x35/0x40 [ 40.864956][ T514] fuse_dev_read+0x180/0x210 [ 40.869378][ T514] ? __fsnotify_update_child_dentry_flags+0x300/0x300 [ 40.875975][ T514] ? fuse_dev_release+0x5b0/0x5b0 [ 40.880840][ T514] ? iov_iter_init+0x53/0x180 [ 40.885359][ T514] vfs_read+0xabc/0xd80 [ 40.889352][ T514] ? kernel_read+0x1f0/0x1f0 [ 40.893773][ T514] ? __fget_files+0x310/0x370 [ 40.898283][ T514] ? __fdget_pos+0x1fe/0x310 [ 40.902710][ T514] ? ksys_read+0x77/0x2c0 [ 40.906877][ T514] ksys_read+0x198/0x2c0 [ 40.910956][ T514] ? __kasan_check_write+0x14/0x20 [ 40.915911][ T514] ? vfs_write+0x1050/0x1050 [ 40.920332][ T514] ? fpregs_restore_userregs+0x1f0/0x3a0 [ 40.925800][ T514] __x64_sys_read+0x7b/0x90 [ 40.930139][ T514] do_syscall_64+0x44/0xd0 [ 40.934393][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 40.940121][ T514] RIP: 0033:0x7f35df2be639 [ 40.944377][ T514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 40.963816][ T514] RSP: 002b:00007f35dedcf168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 40.972062][ T514] RAX: ffffffffffffffda RBX: 00007f35df3df1f0 RCX: 00007f35df2be639 [ 40.979875][ T514] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 40.987686][ T514] RBP: 00007f35df319ae9 R08: 0000000000000000 R09: 0000000000000000 [ 40.995501][ T514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 41.003309][ T514] R13: 00007ffcf629447f R14: 00007f35dedcf300 R15: 0000000000022000 [ 41.011131][ T514] [ 41.013997][ T514] [ 41.016162][ T514] Allocated by task 508: [ 41.020235][ T514] ____kasan_kmalloc+0xdc/0x110 [ 41.024923][ T514] __kasan_kmalloc+0x9/0x10 [ 41.029263][ T514] __kmalloc+0x203/0x350 [ 41.033343][ T514] __d_alloc+0xab/0x6b0 [ 41.037335][ T514] d_alloc_parallel+0xe0/0x12b0 [ 41.042024][ T514] __lookup_slow+0x14e/0x400 [ 41.046451][ T514] lookup_slow+0x5a/0x80 [ 41.050528][ T514] walk_component+0x425/0x5a0 [ 41.055042][ T514] path_lookupat+0x18d/0x460 [ 41.059468][ T514] filename_lookup+0x277/0x640 [ 41.064071][ T514] user_path_at_empty+0x44/0x1b0 [ 41.068842][ T514] __se_sys_mount+0x293/0x3c0 [ 41.073358][ T514] __x64_sys_mount+0xbf/0xd0 [ 41.077786][ T514] do_syscall_64+0x44/0xd0 [ 41.082035][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.087765][ T514] [ 41.089936][ T514] Freed by task 416: [ 41.093667][ T514] kasan_set_track+0x4c/0x80 [ 41.098097][ T514] kasan_set_free_info+0x23/0x40 [ 41.102869][ T514] ____kasan_slab_free+0x126/0x160 [ 41.107820][ T514] __kasan_slab_free+0x11/0x20 [ 41.112425][ T514] slab_free_freelist_hook+0xc9/0x1a0 [ 41.117625][ T514] kmem_cache_free_bulk+0x3dc/0x720 [ 41.122657][ T514] kfree_rcu_work+0x2cb/0x6c0 [ 41.127175][ T514] process_one_work+0x6db/0xc00 [ 41.131861][ T514] worker_thread+0xb3e/0x1340 [ 41.136374][ T514] kthread+0x41c/0x500 [ 41.140279][ T514] ret_from_fork+0x1f/0x30 [ 41.144532][ T514] [ 41.146701][ T514] Last potentially related work creation: [ 41.152349][ T514] kasan_save_stack+0x36/0x60 [ 41.156858][ T514] kasan_record_aux_stack+0xca/0xf0 [ 41.161897][ T514] kvfree_call_rcu+0xb2/0x7f0 [ 41.166667][ T514] __d_move+0xb3e/0x16d0 [ 41.170744][ T514] __d_unalias+0x1cc/0x220 [ 41.174999][ T514] d_splice_alias+0x22f/0x3b0 [ 41.179515][ T514] fuse_lookup+0x2b4/0x5f0 [ 41.183764][ T514] __lookup_slow+0x2b3/0x400 [ 41.188201][ T514] lookup_slow+0x5a/0x80 [ 41.192274][ T514] walk_component+0x425/0x5a0 [ 41.196785][ T514] link_path_walk+0x682/0xde0 [ 41.201301][ T514] filename_parentat+0x27e/0x6b0 [ 41.206075][ T514] filename_create+0xef/0x4f0 [ 41.210587][ T514] do_mkdirat+0xc2/0x420 [ 41.214668][ T514] __x64_sys_mkdir+0x6e/0x80 [ 41.219096][ T514] do_syscall_64+0x44/0xd0 [ 41.223348][ T514] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 41.229076][ T514] [ 41.231244][ T514] The buggy address belongs to the object at ffff888120e59400 [ 41.231244][ T514] which belongs to the cache kmalloc-rcl-512 of size 512 [ 41.245488][ T514] The buggy address is located 16 bytes inside of [ 41.245488][ T514] 512-byte region [ffff888120e59400, ffff888120e59600) [ 41.258510][ T514] The buggy address belongs to the page: [ 41.263973][ T514] page:ffffea0004839600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120e58 [ 41.274132][ T514] head:ffffea0004839600 order:2 compound_mapcount:0 compound_pincount:0 [ 41.282290][ T514] flags: 0x4000000000010200(slab|head|zone=1) [ 41.288209][ T514] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042dc0 [ 41.296622][ T514] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 41.305036][ T514] page dumped because: kasan: bad access detected [ 41.311283][ T514] page_owner tracks the page as allocated [ 41.316837][ T514] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 501, ts 40365075541, free_ts 21652662315 [ 41.338799][ T514] post_alloc_hook+0x15a/0x160 [ 41.343395][ T514] get_page_from_freelist+0x38b/0x400 [ 41.348613][ T514] __alloc_pages+0x3bd/0x850 [ 41.353032][ T514] allocate_slab+0x62/0x580 [ 41.357374][ T514] ___slab_alloc+0x2e2/0x6f0 [ 41.361799][ T514] __slab_alloc+0x4a/0x90 [ 41.365970][ T514] __kmalloc+0x25b/0x350 [ 41.370044][ T514] __d_alloc+0xab/0x6b0 [ 41.374041][ T514] d_alloc_parallel+0xe0/0x12b0 [ 41.378725][ T514] __lookup_slow+0x14e/0x400 [ 41.383161][ T514] lookup_slow+0x5a/0x80 [ 41.387232][ T514] walk_component+0x425/0x5a0 [ 41.391742][ T514] path_lookupat+0x18d/0x460 [ 41.396169][ T514] filename_lookup+0x277/0x640 [ 41.400774][ T514] user_path_at_empty+0x44/0x1b0 [ 41.405547][ T514] __se_sys_mount+0x293/0x3c0 [ 41.410233][ T514] page last free stack trace: [ 41.414746][ T514] __free_pages_ok+0x7d1/0x860 [ 41.419347][ T514] free_compound_page+0x89/0xa0 [ 41.424031][ T514] free_transhuge_page+0x245/0x270 [ 41.428981][ T514] release_pages+0x4a6/0xde0 [ 41.433494][ T514] free_pages_and_swap_cache+0x97/0xb0 [ 41.438791][ T514] tlb_flush_mmu+0x860/0xa00 [ 41.443215][ T514] zap_pte_range+0x1664/0x1b20 [ 41.447822][ T514] unmap_page_range+0x71d/0x950 [ 41.452505][ T514] unmap_vmas+0x3b4/0x590 [ 41.456671][ T514] exit_mmap+0x3b6/0x650 [ 41.460748][ T514] __mmput+0x95/0x2f0 [ 41.464570][ T514] mmput+0x50/0x60 [ 41.468127][ T514] exit_mm+0x4fe/0x660 [ 41.472034][ T514] do_exit+0x63c/0x24d0 [ 41.476027][ T514] do_group_exit+0x13a/0x300 [ 41.480454][ T514] get_signal+0x77e/0x1600 [ 41.484707][ T514] [ 41.486875][ T514] Memory state around the buggy address: [ 41.492346][ T514] ffff888120e59300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.500245][ T514] ffff888120e59380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.508144][ T514] >ffff888120e59400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.516039][ T514] ^ [ 41.520471][ T514] ffff888120e59480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.528369][ T514] ffff888120e59500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.536264][ T514] ================================================================== [ 41.544168][ T514] Disabling lock debugging due to kernel taint [ 41.553562][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.563821][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.574128][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2022/12/09 16:48:00 executed programs: 23 2022/12/09 16:48:05 executed programs: 59