Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. 2025/04/27 14:12:17 ignoring optional flag "sandboxArg"="0" 2025/04/27 14:12:18 parsed 1 programs [ 23.694141][ T23] audit: type=1400 audit(1745763138.100:66): avc: denied { node_bind } for pid=351 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 24.482593][ T23] audit: type=1400 audit(1745763138.890:67): avc: denied { mounton } for pid=360 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.484358][ T360] cgroup1: Unknown subsys name 'net' [ 24.505104][ T23] audit: type=1400 audit(1745763138.890:68): avc: denied { mount } for pid=360 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.510392][ T360] cgroup1: Unknown subsys name 'net_prio' [ 24.537698][ T360] cgroup1: Unknown subsys name 'devices' [ 24.543884][ T23] audit: type=1400 audit(1745763138.950:69): avc: denied { unmount } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.744413][ T360] cgroup1: Unknown subsys name 'hugetlb' [ 24.750027][ T360] cgroup1: Unknown subsys name 'rlimit' [ 24.755860][ T23] audit: type=1400 audit(1745763139.160:70): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 24.970771][ T23] audit: type=1400 audit(1745763139.370:71): avc: denied { setattr } for pid=360 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9552 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.993844][ T23] audit: type=1400 audit(1745763139.370:72): avc: denied { create } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.014350][ T23] audit: type=1400 audit(1745763139.370:73): avc: denied { write } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.038510][ T23] audit: type=1400 audit(1745763139.370:74): avc: denied { read } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.058532][ T23] audit: type=1400 audit(1745763139.400:75): avc: denied { module_request } for pid=360 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 25.065182][ T365] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.162117][ T360] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 25.552769][ T371] request_module fs-gadgetfs succeeded, but still no fs? [ 25.782500][ T379] syz-executor (379) used greatest stack depth: 23200 bytes left [ 26.076363][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.083229][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.090576][ T405] device bridge_slave_0 entered promiscuous mode [ 26.097527][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.104398][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.111577][ T405] device bridge_slave_1 entered promiscuous mode [ 26.162687][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.169529][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.176687][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.183437][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.204041][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.211507][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.218747][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.227727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.236666][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.243526][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.253096][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.261085][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.267943][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.280655][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.290219][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.305537][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.316585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 26.328935][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 26.340813][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 26.350686][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.382963][ T405] syz-executor (405) used greatest stack depth: 22352 bytes left 2025/04/27 14:12:21 executed programs: 0 [ 26.759924][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.766908][ T433] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.774564][ T433] device bridge_slave_0 entered promiscuous mode [ 26.781761][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.788616][ T433] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.796342][ T433] device bridge_slave_1 entered promiscuous mode [ 26.839313][ T433] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.846170][ T433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.853290][ T433] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.860065][ T433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.880811][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.888400][ T387] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.895629][ T387] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.908372][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.916378][ T387] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.923505][ T387] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.932357][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.940385][ T387] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.947275][ T387] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.959628][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.968960][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.986898][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 26.998679][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.014656][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.028207][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.042208][ T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.083391][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.094127][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.104216][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.114928][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.122691][ T446] loop2: unable to read partition table [ 27.129449][ T446] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 27.138871][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.149567][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.158841][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.169576][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.177652][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.188361][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.196322][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.207001][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 27.214916][ C1] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 27.225589][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 28.062200][ T103] device bridge_slave_1 left promiscuous mode [ 28.068193][ T103] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.075463][ T103] device bridge_slave_0 left promiscuous mode [ 28.081373][ T103] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.122353][ T473] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.129197][ T473] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.136516][ T473] device bridge_slave_0 entered promiscuous mode [ 42.143159][ T473] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.149974][ T473] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.157306][ T473] device bridge_slave_1 entered promiscuous mode [ 42.195824][ T473] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.202704][ T473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.209748][ T473] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.216584][ T473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.236337][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.243435][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.250532][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.258262][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.268184][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.276330][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.283176][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.292031][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.300110][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.306963][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.319622][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.328682][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.343481][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.354626][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.367416][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.379427][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 2025/04/27 14:12:36 executed programs: 3 [ 42.389145][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.410826][ T473] ================================================================== [ 42.418732][ T473] BUG: KASAN: use-after-free in __mutex_lock+0xace/0xe30 [ 42.425568][ T473] Read of size 4 at addr ffff8881e9801fb8 by task syz-executor/473 [ 42.433309][ T473] [ 42.435473][ T473] CPU: 0 PID: 473 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0 [ 42.445179][ T473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 42.455081][ T473] Call Trace: [ 42.458208][ T473] __dump_stack+0x1e/0x20 [ 42.462379][ T473] dump_stack+0x15b/0x1b8 [ 42.466619][ T473] ? vprintk_default+0x28/0x30 [ 42.471234][ T473] ? show_regs_print_info+0x18/0x18 [ 42.476267][ T473] ? printk+0xcc/0x110 [ 42.480161][ T473] ? __mutex_lock+0xace/0xe30 [ 42.484680][ T473] print_address_description+0x8d/0x4c0 [ 42.490058][ T473] ? __mutex_lock+0xace/0xe30 [ 42.494571][ T473] __kasan_report+0xef/0x120 [ 42.498995][ T473] ? __mutex_lock+0xace/0xe30 [ 42.503520][ T473] kasan_report+0x30/0x60 [ 42.507678][ T473] __asan_report_load4_noabort+0x14/0x20 [ 42.513143][ T473] __mutex_lock+0xace/0xe30 [ 42.517486][ T473] ? __kasan_check_write+0x14/0x20 [ 42.522433][ T473] ? kobject_get_unless_zero+0x15e/0x1e0 [ 42.527900][ T473] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 42.534492][ T473] ? mutex_lock+0x8c/0xe0 [ 42.538667][ T473] ? disk_check_events+0x5c0/0x5c0 [ 42.543611][ T473] __mutex_lock_killable_slowpath+0xe/0x10 [ 42.549248][ T473] mutex_lock_killable+0xd3/0xe0 [ 42.554026][ T473] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 42.560362][ T473] ? __kasan_check_write+0x14/0x20 [ 42.565329][ T473] ? kobject_get+0xd3/0x120 [ 42.569647][ T473] lo_open+0x1d/0xc0 [ 42.573379][ T473] __blkdev_get+0x610/0x1560 [ 42.577808][ T473] ? blkdev_get+0x380/0x380 [ 42.582149][ T473] ? _raw_spin_lock+0x8e/0xe0 [ 42.586657][ T473] ? _raw_spin_trylock_bh+0x130/0x130 [ 42.591874][ T473] ? __fsnotify_parent+0x310/0x310 [ 42.596812][ T473] blkdev_get+0x68/0x380 [ 42.600893][ T473] ? bd_acquire+0x30a/0x340 [ 42.605233][ T473] blkdev_open+0x1cb/0x2b0 [ 42.609483][ T473] ? block_ioctl+0x100/0x100 [ 42.613908][ T473] do_dentry_open+0x8b5/0x1030 [ 42.618510][ T473] ? finish_open+0xd0/0xd0 [ 42.622765][ T473] ? inode_permission+0xed/0x540 [ 42.627536][ T473] vfs_open+0x73/0x80 [ 42.631355][ T473] path_openat+0x2a5e/0x35c0 [ 42.635797][ T473] ? kmem_cache_alloc+0xe2/0x270 [ 42.640558][ T473] ? getname_flags+0xb9/0x500 [ 42.645069][ T473] ? getname+0x19/0x20 [ 42.648977][ T473] ? do_filp_open+0x3f0/0x3f0 [ 42.653494][ T473] do_filp_open+0x1ae/0x3f0 [ 42.657832][ T473] ? vfs_tmpfile+0x2c0/0x2c0 [ 42.662259][ T473] ? get_unused_fd_flags+0x93/0xa0 [ 42.667201][ T473] do_sys_open+0x2bb/0x5d0 [ 42.671458][ T473] ? file_open_root+0x2b0/0x2b0 [ 42.676147][ T473] ? debug_smp_processor_id+0x1c/0x20 [ 42.681349][ T473] __x64_sys_openat+0xa2/0xb0 [ 42.685863][ T473] do_syscall_64+0xcf/0x170 [ 42.690210][ T473] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 42.695941][ T473] RIP: 0033:0x7f44f9de7251 [ 42.700191][ T473] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 72 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 42.719621][ T473] RSP: 002b:00007ffd1f9a7bd0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 42.727875][ T473] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f44f9de7251 [ 42.735677][ T473] RDX: 0000000000000002 RSI: 00007ffd1f9a7ce0 RDI: 00000000ffffff9c [ 42.743489][ T473] RBP: 00007ffd1f9a7ce0 R08: 000000000000000a R09: 00007ffd1f9a7997 [ 42.751299][ T473] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 42.759114][ T473] R13: 00007f44f9fd7260 R14: 0000000000000003 R15: 00007ffd1f9a7ce0 [ 42.766925][ T473] [ 42.769090][ T473] Allocated by task 445: [ 42.773178][ T473] __kasan_kmalloc+0x162/0x200 [ 42.777772][ T473] kasan_slab_alloc+0x12/0x20 [ 42.782299][ T473] kmem_cache_alloc+0xe2/0x270 [ 42.786889][ T473] dup_task_struct+0x57/0x640 [ 42.791398][ T473] copy_process+0x503/0x2cf0 [ 42.795827][ T473] _do_fork+0x190/0x860 [ 42.799818][ T473] __x64_sys_clone3+0x1de/0x1f0 [ 42.804504][ T473] do_syscall_64+0xcf/0x170 [ 42.808847][ T473] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 42.814565][ T473] [ 42.816738][ T473] Freed by task 10: [ 42.820388][ T473] __kasan_slab_free+0x1c3/0x280 [ 42.825163][ T473] kasan_slab_free+0xe/0x10 [ 42.829504][ T473] slab_free_freelist_hook+0xb7/0x180 [ 42.834714][ T473] kmem_cache_free+0x10c/0x2c0 [ 42.839328][ T473] free_task+0xe9/0x150 [ 42.843301][ T473] __put_task_struct+0x2b7/0x420 [ 42.848075][ T473] delayed_put_task_struct+0x71/0x210 [ 42.853282][ T473] rcu_do_batch+0x446/0x980 [ 42.857619][ T473] rcu_core+0x4bd/0xbd0 [ 42.861615][ T473] rcu_core_si+0x9/0x10 [ 42.865608][ T473] __do_softirq+0x236/0x660 [ 42.869938][ T473] [ 42.872119][ T473] The buggy address belongs to the object at ffff8881e9801f80 [ 42.872119][ T473] which belongs to the cache task_struct of size 3904 [ 42.886093][ T473] The buggy address is located 56 bytes inside of [ 42.886093][ T473] 3904-byte region [ffff8881e9801f80, ffff8881e9802ec0) [ 42.899191][ T473] The buggy address belongs to the page: [ 42.904680][ T473] page:ffffea0007a60000 refcount:1 mapcount:0 mapping:ffff8881f5cf5b80 index:0x0 compound_mapcount: 0 [ 42.915431][ T473] flags: 0x8000000000010200(slab|head) [ 42.920726][ T473] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf5b80 [ 42.929143][ T473] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 42.937554][ T473] page dumped because: kasan: bad access detected [ 42.943806][ T473] page_owner tracks the page as allocated [ 42.949365][ T473] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 42.965611][ T473] prep_new_page+0x35e/0x370 [ 42.970020][ T473] get_page_from_freelist+0x1296/0x1310 [ 42.975401][ T473] __alloc_pages_nodemask+0x202/0x4b0 [ 42.980609][ T473] alloc_slab_page+0x3c/0x3b0 [ 42.985120][ T473] new_slab+0x93/0x420 [ 42.989063][ T473] ___slab_alloc+0x29e/0x420 [ 42.993457][ T473] __slab_alloc+0x63/0xa0 [ 42.997620][ T473] kmem_cache_alloc+0x12c/0x270 [ 43.002315][ T473] dup_task_struct+0x57/0x640 [ 43.006819][ T473] copy_process+0x503/0x2cf0 [ 43.011249][ T473] _do_fork+0x190/0x860 [ 43.015238][ T473] kernel_thread+0x6f/0x90 [ 43.019493][ T473] kthreadd+0x354/0x480 [ 43.023484][ T473] ret_from_fork+0x1f/0x30 [ 43.027730][ T473] page last free stack trace: [ 43.032249][ T473] __free_pages_ok+0x7e4/0x910 [ 43.036847][ T473] __free_pages+0x8c/0x110 [ 43.041101][ T473] __free_slab+0x218/0x2d0 [ 43.045354][ T473] unfreeze_partials+0x165/0x1a0 [ 43.050129][ T473] put_cpu_partial+0xc1/0x180 [ 43.054648][ T473] __slab_free+0x2be/0x380 [ 43.058902][ T473] ___cache_free+0xbb/0xd0 [ 43.063150][ T473] qlink_free+0x23/0x30 [ 43.067139][ T473] qlist_free_all+0x5f/0xb0 [ 43.071479][ T473] quarantine_reduce+0x1a8/0x200 [ 43.076255][ T473] __kasan_kmalloc+0x42/0x200 [ 43.080765][ T473] kasan_slab_alloc+0x12/0x20 [ 43.085283][ T473] __kmalloc+0x106/0x2f0 [ 43.089361][ T473] fib6_info_alloc+0x34/0xe0 [ 43.093804][ T473] ip6_route_info_create+0x4d2/0x1510 [ 43.098994][ T473] ip6_route_add+0x27/0x130 [ 43.103328][ T473] [ 43.105496][ T473] Memory state around the buggy address: [ 43.110970][ T473] ffff8881e9801e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.118865][ T473] ffff8881e9801f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.126766][ T473] >ffff8881e9801f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.134661][ T473] ^ [ 43.140391][ T473] ffff8881e9802000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.148292][ T473] ffff8881e9802080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.156182][ T473] ================================================================== [ 43.164080][ T473] Disabling lock debugging due to kernel taint