Warning: Permanently added '10.128.10.31' (ECDSA) to the list of known hosts. 2023/04/07 10:51:34 ignoring optional flag "sandboxArg"="0" 2023/04/07 10:51:34 parsed 1 programs 2023/04/07 10:51:34 executed programs: 0 [ 37.547685][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 37.547694][ T29] audit: type=1400 audit(1680864694.640:136): avc: denied { mounton } for pid=452 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.578451][ T29] audit: type=1400 audit(1680864694.650:137): avc: denied { mount } for pid=452 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.711634][ T458] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.718863][ T458] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.726161][ T458] device bridge_slave_0 entered promiscuous mode [ 37.733879][ T458] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.740728][ T458] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.748278][ T458] device bridge_slave_1 entered promiscuous mode [ 37.780040][ T462] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.786961][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.794235][ T462] device bridge_slave_0 entered promiscuous mode [ 37.802657][ T462] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.809966][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.817522][ T462] device bridge_slave_1 entered promiscuous mode [ 37.842953][ T471] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.849802][ T471] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.857129][ T471] device bridge_slave_0 entered promiscuous mode [ 37.878505][ T471] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.885641][ T471] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.893415][ T471] device bridge_slave_1 entered promiscuous mode [ 37.905561][ T468] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.912496][ T468] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.919681][ T468] device bridge_slave_0 entered promiscuous mode [ 37.928474][ T468] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.935378][ T468] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.942693][ T468] device bridge_slave_1 entered promiscuous mode [ 37.951330][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.958937][ T460] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.966222][ T460] device bridge_slave_0 entered promiscuous mode [ 37.974779][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.982120][ T460] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.989347][ T460] device bridge_slave_1 entered promiscuous mode [ 38.015978][ T469] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.022949][ T469] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.030022][ T469] device bridge_slave_0 entered promiscuous mode [ 38.038781][ T469] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.045656][ T469] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.052839][ T469] device bridge_slave_1 entered promiscuous mode [ 38.153796][ T458] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.160650][ T458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.167927][ T458] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.174817][ T458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.244220][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.251197][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.259613][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.266883][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.298732][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.306732][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.313665][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.334870][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.343028][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.349849][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.357262][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.365124][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.383410][ T412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.424031][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.432372][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.440293][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.447853][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.455629][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.463810][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.471306][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.479003][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.487286][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.494265][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.514765][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.522435][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.529782][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.538527][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.546826][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.553765][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.561340][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.569279][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.576314][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.583538][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.591704][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.598720][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.605950][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.614044][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.621160][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.632208][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.639767][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.652470][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.660492][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.669341][ T458] device veth0_vlan entered promiscuous mode [ 38.686917][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.703373][ T462] device veth0_vlan entered promiscuous mode [ 38.722876][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.731047][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.739516][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.748342][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.756252][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.764486][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.772744][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 38.780464][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.788788][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.796312][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.803516][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.811452][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.819712][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.826724][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.833979][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.842391][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.850696][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.857583][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.864774][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 38.872853][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.880692][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 38.888966][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.897300][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 38.905817][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.928458][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.935761][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.943063][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.950808][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.958507][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.965875][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.974324][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.982289][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.989725][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.996969][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.005296][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.013640][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.020471][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.027669][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.035830][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.044198][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.052346][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.060465][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.071809][ T458] device veth1_macvtap entered promiscuous mode [ 39.086171][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.094519][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.103079][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.121583][ T469] device veth0_vlan entered promiscuous mode [ 39.127847][ T462] device veth1_macvtap entered promiscuous mode [ 39.138475][ T460] device veth0_vlan entered promiscuous mode [ 39.145249][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.154032][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.161784][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.169676][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.177416][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.185415][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.193147][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.201331][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.209386][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.217517][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.226097][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.234693][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.243304][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.251228][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.264514][ T471] device veth0_vlan entered promiscuous mode [ 39.278727][ T468] device veth0_vlan entered promiscuous mode [ 39.285203][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.292969][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.300684][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.309063][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.317410][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.325227][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.333333][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.342590][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.351915][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.360579][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.368736][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.376051][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.383654][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.391184][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.406381][ T29] audit: type=1400 audit(1680864696.490:138): avc: denied { mount } for pid=458 comm="syz-executor.2" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 39.412660][ T460] device veth1_macvtap entered promiscuous mode [ 39.438890][ T29] audit: type=1400 audit(1680864696.500:139): avc: denied { mounton } for pid=493 comm="syz-executor.2" path="/root/syzkaller-testdir1766433160/syzkaller.njxc9B/0/file0" dev="sda1" ino=1158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 39.470400][ T468] device veth1_macvtap entered promiscuous mode [ 39.480435][ T469] device veth1_macvtap entered promiscuous mode [ 39.487749][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.496171][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.504607][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.513793][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.522364][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.542107][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.550355][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.558684][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.566952][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.585826][ T471] device veth1_macvtap entered promiscuous mode [ 39.593915][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 39.602264][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 39.610445][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 39.618429][ T499] ================================================================== [ 39.619611][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 39.626416][ T499] BUG: KASAN: use-after-free in fuse_copy_args+0x248/0x630 [ 39.626441][ T499] Read of size 256 at addr ffff888124e62410 by task syz-executor.2/499 [ 39.626454][ T499] [ 39.626459][ T499] CPU: 0 PID: 499 Comm: syz-executor.2 Not tainted 6.0.0-syzkaller #0 [ 39.626476][ T499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023 [ 39.626489][ T499] Call Trace: [ 39.626494][ T499] [ 39.626501][ T499] dump_stack_lvl+0x151/0x1b7 [ 39.634838][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 39.641337][ T499] ? io_alloc_page_table+0x12a/0x12a [ 39.641362][ T499] ? _printk+0xd1/0x111 [ 39.697627][ T499] print_report+0x170/0x5f0 [ 39.701962][ T499] ? __switch_to+0x62a/0x1190 [ 39.706564][ T499] ? _raw_spin_unlock+0x4c/0x70 [ 39.711248][ T499] ? fuse_copy_args+0x248/0x630 [ 39.715938][ T499] kasan_report+0xe3/0x110 [ 39.720190][ T499] ? __sched_clock_gtod_offset+0x100/0x100 [ 39.725835][ T499] ? fuse_copy_args+0x248/0x630 [ 39.730522][ T499] kasan_check_range+0x294/0x2a0 [ 39.735301][ T499] ? fuse_copy_args+0x248/0x630 [ 39.739981][ T499] memcpy+0x2d/0x70 [ 39.743624][ T499] fuse_copy_args+0x248/0x630 [ 39.748334][ T499] fuse_dev_do_read+0xc87/0x11d0 [ 39.753266][ T499] ? __sched_text_start+0x8/0x8 [ 39.757881][ T499] ? queue_interrupt+0x390/0x390 [ 39.762673][ T499] ? memset+0x35/0x40 [ 39.766493][ T499] ? __fsnotify_parent+0x50b/0x730 [ 39.771511][ T499] fuse_dev_read+0x16d/0x210 [ 39.775953][ T499] ? fuse_dev_release+0x5c0/0x5c0 [ 39.781140][ T499] ? fsnotify_perm+0x4ba/0x5d0 [ 39.785741][ T499] vfs_read+0x771/0xad0 [ 39.789738][ T499] ? kernel_read+0x1f0/0x1f0 [ 39.794246][ T499] ? __fget_files+0x2cb/0x330 [ 39.798890][ T499] ? __fdget_pos+0x204/0x310 [ 39.803581][ T499] ? ksys_read+0x77/0x2c0 [ 39.807769][ T499] ksys_read+0x199/0x2c0 [ 39.811826][ T499] ? __x64_sys_futex+0x100/0x100 [ 39.816687][ T499] ? vfs_write+0xe30/0xe30 [ 39.820944][ T499] ? fpregs_restore_userregs+0x130/0x290 [ 39.826412][ T499] __x64_sys_read+0x7b/0x90 [ 39.830771][ T499] do_syscall_64+0x3d/0x80 [ 39.834994][ T499] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.840721][ T499] RIP: 0033:0x7f7b1a28b639 [ 39.845068][ T499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 39.864858][ T499] RSP: 002b:00007f7b19d9c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 39.873181][ T499] RAX: ffffffffffffffda RBX: 00007f7b1a3ac1f0 RCX: 00007f7b1a28b639 [ 39.881452][ T499] RDX: 0000000000002020 RSI: 0000000020002140 RDI: 0000000000000003 [ 39.889745][ T499] RBP: 00007f7b1a2e6ae9 R08: 0000000000000000 R09: 0000000000000000 [ 39.898173][ T499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 39.905976][ T499] R13: 00007fffea5791af R14: 00007f7b19d9c300 R15: 0000000000022000 [ 39.913806][ T499] [ 39.916649][ T499] [ 39.918836][ T499] Allocated by task 494: [ 39.922985][ T499] ____kasan_kmalloc+0xdb/0x110 [ 39.928843][ T499] __kasan_kmalloc+0x9/0x10 [ 39.933177][ T499] __kmalloc+0x146/0x280 [ 39.937328][ T499] __d_alloc+0xb4/0x6c0 [ 39.941258][ T499] d_alloc_parallel+0xe1/0x1270 [ 39.946113][ T499] __lookup_slow+0x154/0x3e0 [ 39.950705][ T499] lookup_slow+0x5a/0x80 [ 39.955153][ T499] walk_component+0x2e7/0x410 [ 39.959682][ T499] path_lookupat+0x16d/0x450 [ 39.964383][ T499] filename_lookup+0x251/0x600 [ 39.969040][ T499] user_path_at_empty+0x43/0x1a0 [ 39.973900][ T499] __se_sys_mount+0x285/0x3b0 [ 39.978414][ T499] __x64_sys_mount+0xbf/0xd0 [ 39.982846][ T499] do_syscall_64+0x3d/0x80 [ 39.987180][ T499] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.992934][ T499] [ 39.995257][ T499] Freed by task 6: [ 39.998815][ T499] kasan_set_track+0x4b/0x70 [ 40.003421][ T499] kasan_set_free_info+0x23/0x40 [ 40.008701][ T499] ____kasan_slab_free+0x137/0x180 [ 40.013738][ T499] __kasan_slab_free+0x11/0x20 [ 40.018455][ T499] slab_free_freelist_hook+0xbd/0x190 [ 40.023807][ T499] kmem_cache_free_bulk+0x375/0x400 [ 40.028841][ T499] kfree_rcu_work+0x2b6/0x720 [ 40.033552][ T499] process_one_work+0x6ab/0xc00 [ 40.038319][ T499] worker_thread+0xa5d/0x1260 [ 40.043004][ T499] kthread+0x26d/0x300 [ 40.046998][ T499] ret_from_fork+0x1f/0x30 [ 40.051250][ T499] [ 40.053441][ T499] Last potentially related work creation: [ 40.059172][ T499] kasan_save_stack+0x3b/0x60 [ 40.063675][ T499] __kasan_record_aux_stack+0xb3/0xc0 [ 40.068889][ T499] kasan_record_aux_stack_noalloc+0xb/0x10 [ 40.074521][ T499] kvfree_call_rcu+0xaa/0x6b0 [ 40.079035][ T499] __d_move+0x877/0x13a0 [ 40.083550][ T499] __d_unalias+0x1cc/0x220 [ 40.087801][ T499] d_splice_alias+0x20a/0x390 [ 40.092401][ T499] fuse_lookup+0x2b9/0x5f0 [ 40.097225][ T499] __lookup_slow+0x2b9/0x3e0 [ 40.101856][ T499] lookup_slow+0x5a/0x80 [ 40.105994][ T499] link_path_walk+0x9d3/0xee0 [ 40.110548][ T499] filename_parentat+0x24c/0x670 [ 40.115273][ T499] filename_create+0xf0/0x520 [ 40.119787][ T499] do_mkdirat+0xbd/0x450 [ 40.124061][ T499] __x64_sys_mkdir+0x6e/0x80 [ 40.130135][ T499] do_syscall_64+0x3d/0x80 [ 40.134368][ T499] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 40.140364][ T499] [ 40.142534][ T499] The buggy address belongs to the object at ffff888124e62400 [ 40.142534][ T499] which belongs to the cache kmalloc-rcl-512 of size 512 [ 40.156932][ T499] The buggy address is located 16 bytes inside of [ 40.156932][ T499] 512-byte region [ffff888124e62400, ffff888124e62600) [ 40.170147][ T499] [ 40.172316][ T499] The buggy address belongs to the physical page: [ 40.179102][ T499] page:ffffea0004939800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x124e60 [ 40.189252][ T499] head:ffffea0004939800 order:2 compound_mapcount:0 compound_pincount:0 [ 40.197574][ T499] flags: 0x4000000000010200(slab|head|zone=1) [ 40.203802][ T499] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100042dc0 [ 40.212245][ T499] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 40.220660][ T499] page dumped because: kasan: bad access detected [ 40.227434][ T499] page_owner tracks the page as allocated [ 40.233788][ T499] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 494, tgid 493 (syz-executor.2), ts 39412245778, free_ts 20431145334 [ 40.258867][ T499] post_alloc_hook+0x1e2/0x1f0 [ 40.263463][ T499] get_page_from_freelist+0x2ed1/0x2fb0 [ 40.269190][ T499] __alloc_pages+0x3e3/0x880 [ 40.273703][ T499] new_slab+0x96/0x470 [ 40.277785][ T499] ___slab_alloc+0x34d/0x7b0 [ 40.282295][ T499] __slab_alloc+0x4a/0x90 [ 40.287072][ T499] __kmalloc+0x179/0x280 [ 40.291177][ T499] __d_alloc+0xb4/0x6c0 [ 40.295575][ T499] d_alloc_parallel+0xe1/0x1270 [ 40.300524][ T499] __lookup_slow+0x154/0x3e0 [ 40.305127][ T499] lookup_slow+0x5a/0x80 [ 40.309236][ T499] walk_component+0x2e7/0x410 [ 40.313723][ T499] path_lookupat+0x16d/0x450 [ 40.318236][ T499] filename_lookup+0x251/0x600 [ 40.323009][ T499] user_path_at_empty+0x43/0x1a0 [ 40.327869][ T499] __se_sys_mount+0x285/0x3b0 [ 40.332491][ T499] page last free stack trace: [ 40.337175][ T499] __free_pages_ok+0x8bf/0x8d0 [ 40.341797][ T499] free_compound_page+0xb0/0xd0 [ 40.346627][ T499] free_transhuge_page+0x2c3/0x2f0 [ 40.351661][ T499] destroy_large_folio+0x56/0x90 [ 40.357737][ T499] release_pages+0x3cc/0xb00 [ 40.362273][ T499] free_pages_and_swap_cache+0x8a/0xa0 [ 40.367542][ T499] tlb_flush_mmu+0xfe/0x200 [ 40.371971][ T499] tlb_finish_mmu+0xd5/0x1f0 [ 40.376407][ T499] exit_mmap+0x1e3/0x4c0 [ 40.380562][ T499] __mmput+0x95/0x300 [ 40.384382][ T499] mmput+0x59/0x70 [ 40.387956][ T499] do_exit+0xa39/0x27b0 [ 40.391937][ T499] do_group_exit+0x255/0x320 [ 40.396360][ T499] get_signal+0x1711/0x1870 [ 40.400871][ T499] arch_do_signal_or_restart+0xb0/0x12e0 [ 40.406340][ T499] exit_to_user_mode_loop+0x6b/0xa0 [ 40.411374][ T499] [ 40.413630][ T499] Memory state around the buggy address: [ 40.419101][ T499] ffff888124e62300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.427174][ T499] ffff888124e62380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.435512][ T499] >ffff888124e62400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.443408][ T499] ^ [ 40.447830][ T499] ffff888124e62480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.455728][ T499] ffff888124e62500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.463623][ T499] ================================================================== [ 40.491901][ T499] Disabling lock debugging due to kernel taint [ 40.493433][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.506629][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.515031][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.523168][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.531875][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.540173][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.548450][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.556754][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.596051][ T29] audit: type=1400 audit(1680864697.690:140): avc: denied { unmount } for pid=458 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 2023/04/07 10:51:40 executed programs: 20 2023/04/07 10:51:45 executed programs: 56