Warning: Permanently added '10.128.1.129' (ECDSA) to the list of known hosts. 2022/12/20 18:19:03 ignoring optional flag "sandboxArg"="0" 2022/12/20 18:19:03 parsed 1 programs 2022/12/20 18:19:03 executed programs: 0 [ 39.178662][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 39.178673][ T30] audit: type=1400 audit(1671560343.549:137): avc: denied { mounton } for pid=451 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 39.210046][ T30] audit: type=1400 audit(1671560343.559:138): avc: denied { mount } for pid=451 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 39.402738][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.409700][ T466] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.417179][ T466] device bridge_slave_0 entered promiscuous mode [ 39.445179][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.452478][ T457] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.460085][ T457] device bridge_slave_0 entered promiscuous mode [ 39.466718][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.473884][ T466] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.481116][ T466] device bridge_slave_1 entered promiscuous mode [ 39.493765][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.500783][ T467] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.508090][ T467] device bridge_slave_0 entered promiscuous mode [ 39.514744][ T463] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.521934][ T463] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.529351][ T463] device bridge_slave_0 entered promiscuous mode [ 39.538494][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.545472][ T457] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.552593][ T457] device bridge_slave_1 entered promiscuous mode [ 39.564565][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.571933][ T467] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.579991][ T467] device bridge_slave_1 entered promiscuous mode [ 39.586529][ T463] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.593700][ T463] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.601016][ T463] device bridge_slave_1 entered promiscuous mode [ 39.616956][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.624120][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.631243][ T468] device bridge_slave_0 entered promiscuous mode [ 39.638197][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.645068][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.652280][ T468] device bridge_slave_1 entered promiscuous mode [ 39.681689][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.688694][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.696223][ T469] device bridge_slave_0 entered promiscuous mode [ 39.722064][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.729097][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.737300][ T469] device bridge_slave_1 entered promiscuous mode [ 39.885155][ T467] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.892280][ T467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.899799][ T467] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.907697][ T467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.930421][ T457] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.937512][ T457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.944590][ T457] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.951715][ T457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.975063][ T463] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.981938][ T463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.989095][ T463] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.996190][ T463] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.019326][ T466] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.026557][ T466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.033670][ T466] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.040508][ T466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.060076][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.067380][ T469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.074707][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.081812][ T469] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.095282][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.102768][ T468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.110168][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.117371][ T468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.148114][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.156544][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.164279][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.171314][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.178673][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.186951][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.195299][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.202352][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.209701][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.216879][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.224029][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.231121][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.238268][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.246230][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.254123][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.275203][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.291694][ T467] device veth0_vlan entered promiscuous mode [ 40.299187][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.308855][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.316636][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.323911][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.331079][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.338912][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.346881][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.354933][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.361851][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.397690][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.405021][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.412378][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.420862][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.429155][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.436111][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.443302][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.451611][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.459728][ T88] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.466580][ T88] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.473799][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.482221][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.490395][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.497243][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.504469][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.512706][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.520778][ T88] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.527630][ T88] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.534943][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.543933][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.551758][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.560262][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.568459][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.576564][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.585450][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.593861][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.601800][ T88] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.608725][ T88] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.615866][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.623087][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.630411][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.638004][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.655025][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.662894][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.670972][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.679231][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.687500][ T88] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.694973][ T88] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.707567][ T127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.716502][ T127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.725127][ T127] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.732300][ T127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.749844][ T469] device veth0_vlan entered promiscuous mode [ 40.758513][ T463] device veth0_vlan entered promiscuous mode [ 40.766354][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.774882][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.782693][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.790518][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.797942][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.805957][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.815526][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.823875][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.832128][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.840425][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.848371][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.857125][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.865160][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.872416][ T413] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.879926][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.887470][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.906321][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.914530][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.922451][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.931148][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.939669][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.947890][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.954842][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.962195][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.971641][ T467] device veth1_macvtap entered promiscuous mode [ 40.990350][ T466] device veth0_vlan entered promiscuous mode [ 41.005665][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.014352][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.022153][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.029678][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.037353][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.045765][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.054030][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.061814][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.070165][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.077939][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.086397][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.094752][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.102856][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.122701][ T463] device veth1_macvtap entered promiscuous mode [ 41.129755][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.138395][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.147006][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 41.155408][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.163701][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.176928][ T30] audit: type=1400 audit(1671560345.549:139): avc: denied { mount } for pid=467 comm="syz-executor.5" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 41.186121][ T468] device veth0_vlan entered promiscuous mode [ 41.208553][ T469] device veth1_macvtap entered promiscuous mode [ 41.216479][ T466] device veth1_macvtap entered promiscuous mode [ 41.232229][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 41.240499][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.248687][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.256152][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.264220][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.272333][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.280557][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.288823][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.300644][ T457] device veth0_vlan entered promiscuous mode [ 41.313433][ T468] device veth1_macvtap entered promiscuous mode [ 41.320365][ T30] audit: type=1400 audit(1671560345.689:140): avc: denied { mounton } for pid=493 comm="syz-executor.5" path="/root/syzkaller-testdir821936508/syzkaller.zrwCI0/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 41.353265][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.361719][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.370144][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.378393][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.387924][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.396095][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.404494][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.411839][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.439436][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.447970][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.457069][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.465407][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.473778][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.482043][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.490945][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.499186][ T88] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.523282][ T457] device veth1_macvtap entered promiscuous mode [ 41.542159][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.550477][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.558769][ T413] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.570082][ T127] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.578440][ T127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.588435][ T505] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.596825][ T505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.153319][ T30] audit: type=1400 audit(1671560346.519:141): avc: denied { unmount } for pid=467 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2022/12/20 18:19:09 executed programs: 24 2022/12/20 18:19:14 executed programs: 60 2022/12/20 18:19:19 executed programs: 96 2022/12/20 18:19:24 executed programs: 132 [ 64.475650][ T1358] ================================================================== [ 64.483933][ T1358] BUG: KASAN: use-after-free in fuse_copy_one+0x1e7/0x3f0 [ 64.490962][ T1358] Read of size 256 at addr ffff88810fffe010 by task syz-executor.4/1358 [ 64.499207][ T1358] [ 64.501382][ T1358] CPU: 0 PID: 1358 Comm: syz-executor.4 Not tainted 5.15.78-syzkaller-04941-gc73b4619ad86 #0 [ 64.511637][ T1358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 64.522229][ T1358] Call Trace: [ 64.525321][ T1358] [ 64.528100][ T1358] dump_stack_lvl+0x151/0x1b7 [ 64.532790][ T1358] ? bfq_pos_tree_add_move+0x43e/0x43e [ 64.538171][ T1358] ? panic+0x727/0x727 [ 64.542171][ T1358] ? __kasan_check_write+0x14/0x20 [ 64.547121][ T1358] print_address_description+0x87/0x3d0 [ 64.552510][ T1358] kasan_report+0x1a6/0x1f0 [ 64.556842][ T1358] ? fuse_copy_one+0x1e7/0x3f0 [ 64.561530][ T1358] ? fuse_copy_one+0x1e7/0x3f0 [ 64.566524][ T1358] kasan_check_range+0x2aa/0x2e0 [ 64.571264][ T1358] ? fuse_copy_one+0x1e7/0x3f0 [ 64.575873][ T1358] memcpy+0x2d/0x70 [ 64.579507][ T1358] fuse_copy_one+0x1e7/0x3f0 [ 64.583962][ T1358] fuse_copy_args+0x309/0x400 [ 64.588443][ T1358] ? fuse_copy_one+0x39f/0x3f0 [ 64.593045][ T1358] fuse_dev_do_read+0xc9b/0x1190 [ 64.597921][ T1358] ? queue_interrupt+0x390/0x390 [ 64.602767][ T1358] ? memset+0x35/0x40 [ 64.606588][ T1358] fuse_dev_read+0x180/0x210 [ 64.611009][ T1358] ? __fsnotify_update_child_dentry_flags+0x300/0x300 [ 64.617703][ T1358] ? fuse_dev_release+0x5b0/0x5b0 [ 64.622553][ T1358] ? iov_iter_init+0x53/0x180 [ 64.627066][ T1358] vfs_read+0xabc/0xd80 [ 64.631071][ T1358] ? kernel_read+0x1f0/0x1f0 [ 64.635503][ T1358] ? __fget_files+0x310/0x370 [ 64.640007][ T1358] ? __fdget_pos+0x1fe/0x310 [ 64.644422][ T1358] ? ksys_read+0x77/0x2c0 [ 64.648689][ T1358] ksys_read+0x198/0x2c0 [ 64.652850][ T1358] ? __kasan_check_write+0x14/0x20 [ 64.658018][ T1358] ? vfs_write+0x1050/0x1050 [ 64.662442][ T1358] ? fpregs_restore_userregs+0x1f0/0x3a0 [ 64.667954][ T1358] __x64_sys_read+0x7b/0x90 [ 64.672348][ T1358] do_syscall_64+0x44/0xd0 [ 64.676887][ T1358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.682932][ T1358] RIP: 0033:0x7efe2bf3d639 [ 64.687186][ T1358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 64.706966][ T1358] RSP: 002b:00007efe2ba4e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 64.715200][ T1358] RAX: ffffffffffffffda RBX: 00007efe2c05e1f0 RCX: 00007efe2bf3d639 [ 64.723712][ T1358] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 64.731622][ T1358] RBP: 00007efe2bf98ae9 R08: 0000000000000000 R09: 0000000000000000 [ 64.740292][ T1358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 64.748102][ T1358] R13: 00007fff8caa965f R14: 00007efe2ba4e300 R15: 0000000000022000 [ 64.757325][ T1358] [ 64.760263][ T1358] [ 64.762431][ T1358] Allocated by task 1344: [ 64.766686][ T1358] ____kasan_kmalloc+0xdc/0x110 [ 64.772763][ T1358] __kasan_kmalloc+0x9/0x10 [ 64.777103][ T1358] __kmalloc+0x203/0x350 [ 64.781186][ T1358] __d_alloc+0xab/0x6b0 [ 64.785256][ T1358] d_alloc_parallel+0xe0/0x12b0 [ 64.790221][ T1358] __lookup_slow+0x14e/0x400 [ 64.794876][ T1358] lookup_slow+0x5a/0x80 [ 64.799055][ T1358] walk_component+0x425/0x5a0 [ 64.803591][ T1358] path_lookupat+0x18d/0x460 [ 64.808089][ T1358] filename_lookup+0x277/0x640 [ 64.812683][ T1358] user_path_at_empty+0x44/0x1b0 [ 64.817457][ T1358] __se_sys_mount+0x293/0x3c0 [ 64.822267][ T1358] __x64_sys_mount+0xbf/0xd0 [ 64.827007][ T1358] do_syscall_64+0x44/0xd0 [ 64.831719][ T1358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.838258][ T1358] [ 64.840421][ T1358] Freed by task 26: [ 64.844132][ T1358] kasan_set_track+0x4c/0x70 [ 64.848668][ T1358] kasan_set_free_info+0x23/0x40 [ 64.853803][ T1358] ____kasan_slab_free+0x126/0x160 [ 64.859355][ T1358] __kasan_slab_free+0x11/0x20 [ 64.864074][ T1358] slab_free_freelist_hook+0xc9/0x1a0 [ 64.869648][ T1358] kmem_cache_free_bulk+0x3dc/0x720 2022/12/20 18:19:29 executed programs: 168 [ 64.874754][ T1358] kfree_rcu_work+0x2cb/0x6c0 [ 64.879353][ T1358] process_one_work+0x6db/0xc00 [ 64.884045][ T1358] worker_thread+0xb3e/0x1340 [ 64.888551][ T1358] kthread+0x41c/0x500 [ 64.892467][ T1358] ret_from_fork+0x1f/0x30 [ 64.896882][ T1358] [ 64.899057][ T1358] Last potentially related work creation: [ 64.904625][ T1358] kasan_save_stack+0x3b/0x60 [ 64.909121][ T1358] __kasan_record_aux_stack+0xd3/0xf0 [ 64.914345][ T1358] kasan_record_aux_stack_noalloc+0xb/0x10 [ 64.920163][ T1358] kvfree_call_rcu+0xb2/0x7f0 [ 64.924771][ T1358] __d_move+0xb3e/0x16d0 [ 64.928853][ T1358] __d_unalias+0x1cc/0x220 [ 64.933184][ T1358] d_splice_alias+0x22f/0x3b0 [ 64.937700][ T1358] fuse_lookup+0x2b4/0x5f0 [ 64.941951][ T1358] __lookup_slow+0x2b3/0x400 [ 64.946380][ T1358] lookup_slow+0x5a/0x80 [ 64.950461][ T1358] walk_component+0x425/0x5a0 [ 64.954972][ T1358] link_path_walk+0x682/0xde0 [ 64.959573][ T1358] filename_parentat+0x27e/0x6b0 [ 64.964346][ T1358] filename_create+0xef/0x4f0 [ 64.968859][ T1358] do_mkdirat+0xc2/0x420 [ 64.972936][ T1358] __x64_sys_mkdir+0x6e/0x80 [ 64.977447][ T1358] do_syscall_64+0x44/0xd0 [ 64.981735][ T1358] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 64.987790][ T1358] [ 64.990034][ T1358] The buggy address belongs to the object at ffff88810fffe000 [ 64.990034][ T1358] which belongs to the cache kmalloc-rcl-512 of size 512 [ 65.005051][ T1358] The buggy address is located 16 bytes inside of [ 65.005051][ T1358] 512-byte region [ffff88810fffe000, ffff88810fffe200) [ 65.018026][ T1358] The buggy address belongs to the page: [ 65.023491][ T1358] page:ffffea00043fff00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fffc [ 65.033564][ T1358] head:ffffea00043fff00 order:2 compound_mapcount:0 compound_pincount:0 [ 65.042006][ T1358] flags: 0x4000000000010200(slab|head|zone=1) [ 65.047991][ T1358] raw: 4000000000010200 0000000000000000 dead000000000122 ffff88810004c300 [ 65.056386][ T1358] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 65.065063][ T1358] page dumped because: kasan: bad access detected [ 65.071321][ T1358] page_owner tracks the page as allocated [ 65.076959][ T1358] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 1288, ts 62800320464, free_ts 62581246371 [ 65.099728][ T1358] post_alloc_hook+0x1ab/0x1b0 [ 65.104294][ T1358] get_page_from_freelist+0x38b/0x400 [ 65.109796][ T1358] __alloc_pages+0x3a8/0x7c0 [ 65.114369][ T1358] allocate_slab+0x62/0x580 [ 65.118693][ T1358] ___slab_alloc+0x2e2/0x6f0 [ 65.123122][ T1358] __slab_alloc+0x4a/0x90 [ 65.128024][ T1358] __kmalloc+0x25b/0x350 [ 65.132345][ T1358] __d_alloc+0xab/0x6b0 [ 65.136596][ T1358] d_alloc_parallel+0xe0/0x12b0 [ 65.141368][ T1358] __lookup_slow+0x14e/0x400 [ 65.145792][ T1358] lookup_slow+0x5a/0x80 [ 65.150051][ T1358] walk_component+0x425/0x5a0 [ 65.154653][ T1358] path_lookupat+0x18d/0x460 [ 65.159436][ T1358] filename_lookup+0x277/0x640 [ 65.164135][ T1358] user_path_at_empty+0x44/0x1b0 [ 65.168916][ T1358] vfs_statx+0x104/0x6a0 [ 65.173424][ T1358] page last free stack trace: [ 65.179503][ T1358] free_pcp_prepare+0x448/0x450 [ 65.184564][ T1358] free_unref_page+0x9c/0x370 [ 65.189244][ T1358] __free_pages+0xd8/0x100 [ 65.193594][ T1358] __free_slab+0xf0/0x1d0 [ 65.197873][ T1358] __unfreeze_partials+0x17d/0x1b0 [ 65.203080][ T1358] put_cpu_partial+0xc4/0x120 [ 65.207838][ T1358] __slab_free+0x1c0/0x2f0 [ 65.212150][ T1358] ___cache_free+0x112/0x130 [ 65.216740][ T1358] qlink_free+0x4d/0x90 [ 65.220731][ T1358] qlist_free_all+0x4c/0xc0 [ 65.225524][ T1358] kasan_quarantine_reduce+0x15a/0x180 [ 65.230884][ T1358] __kasan_slab_alloc+0x2f/0xe0 [ 65.235664][ T1358] kmem_cache_alloc+0x189/0x2f0 [ 65.240436][ T1358] getname_flags+0xba/0x510 [ 65.244958][ T1358] user_path_at_empty+0x2e/0x1b0 [ 65.249729][ T1358] vfs_statx+0x104/0x6a0 [ 65.253808][ T1358] [ 65.256025][ T1358] Memory state around the buggy address: [ 65.261539][ T1358] ffff88810fffdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.269438][ T1358] ffff88810fffdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.277428][ T1358] >ffff88810fffe000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.285673][ T1358] ^ [ 65.290106][ T1358] ffff88810fffe080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.298138][ T1358] ffff88810fffe100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.306021][ T1358] ================================================================== [ 65.314332][ T1358] Disabling lock debugging due to kernel taint 2022/12/20 18:19:34 executed programs: 204