./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2481932096 <...> Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts. execve("./syz-executor2481932096", ["./syz-executor2481932096"], 0x7ffdf60d32b0 /* 10 vars */) = 0 brk(NULL) = 0x555568084000 brk(0x555568084d00) = 0x555568084d00 arch_prctl(ARCH_SET_FS, 0x555568084380) = 0 set_tid_address(0x555568084650) = 5092 set_robust_list(0x555568084660, 24) = 0 rseq(0x555568084ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2481932096", 4096) = 28 getrandom("\x72\xd4\xac\x92\x7f\x07\x2b\x48", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555568084d00 brk(0x5555680a5d00) = 0x5555680a5d00 brk(0x5555680a6000) = 0x5555680a6000 mprotect(0x7f0d85dd5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555568084650) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x555568084660, 24) = 0 [pid 5093] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setsid() = 1 [pid 5093] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5093] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5093] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5093] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5093] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5093] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5093] unshare(CLONE_NEWNS) = 0 [pid 5093] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5093] unshare(CLONE_NEWIPC) = 0 [pid 5093] unshare(CLONE_NEWCGROUP) = 0 [pid 5093] unshare(CLONE_NEWUTS) = 0 [pid 5093] unshare(CLONE_SYSVSEM) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "16777216", 8) = 8 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "536870912", 9) = 9 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1024", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "8192", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1024", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1024", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5093] close(3) = 0 [pid 5093] getpid() = 1 [pid 5093] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<) = 0 [pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5098 attached , child_tidptr=0x555568084650) = 4 [pid 5098] set_robust_list(0x555568084660, 24) = 0 [pid 5098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5098] setpgid(0, 0) = 0 [pid 5098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5098] write(3, "1000", 4) = 4 [pid 5098] close(3) = 0 [pid 5098] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 5098] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 5098] close(3) = 0 [pid 5098] close(4) = -1 EBADF (Bad file descriptor) [pid 5098] close(5) = -1 EBADF (Bad file descriptor) [pid 5098] close(6) = -1 EBADF (Bad file descriptor) [pid 5098] close(7) = -1 EBADF (Bad file descriptor) [pid 5098] close(8) = -1 EBADF (Bad file descriptor) [pid 5098] close(9) = -1 EBADF (Bad file descriptor) [pid 5098] close(10) = -1 EBADF (Bad file descriptor) [pid 5098] close(11) = -1 EBADF (Bad file descriptor) [pid 5098] close(12) = -1 EBADF (Bad file descriptor) [pid 5098] close(13) = -1 EBADF (Bad file descriptor) [pid 5098] close(14) = -1 EBADF (Bad file descriptor) [pid 5098] close(15) = -1 EBADF (Bad file descriptor) [pid 5098] close(16) = -1 EBADF (Bad file descriptor) [pid 5098] close(17) = -1 EBADF (Bad file descriptor) [pid 5098] close(18) = -1 EBADF (Bad file descriptor) [pid 5098] close(19) = -1 EBADF (Bad file descriptor) [pid 5098] close(20) = -1 EBADF (Bad file descriptor) [pid 5098] close(21) = -1 EBADF (Bad file descriptor) [pid 5098] close(22) = -1 EBADF (Bad file descriptor) [pid 5098] close(23) = -1 EBADF (Bad file descriptor) [pid 5098] close(24) = -1 EBADF (Bad file descriptor) [pid 5098] close(25) = -1 EBADF (Bad file descriptor) [pid 5098] close(26) = -1 EBADF (Bad file descriptor) [pid 5098] close(27) = -1 EBADF (Bad file descriptor) [pid 5098] close(28) = -1 EBADF (Bad file descriptor) [pid 5098] close(29) = -1 EBADF (Bad file descriptor) [pid 5098] exit_group(0) = ? [pid 5098] +++ exited with 0 +++ [pid 5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555568084650) = 6 ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x555568084660, 24) = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 5100] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 5100] close(3) = 0 [pid 5100] close(4) = -1 EBADF (Bad file descriptor) [pid 5100] close(5) = -1 EBADF (Bad file descriptor) [pid 5100] close(6) = -1 EBADF (Bad file descriptor) [pid 5100] close(7) = -1 EBADF (Bad file descriptor) [pid 5100] close(8) = -1 EBADF (Bad file descriptor) [pid 5100] close(9) = -1 EBADF (Bad file descriptor) [pid 5100] close(10) = -1 EBADF (Bad file descriptor) [pid 5100] close(11) = -1 EBADF (Bad file descriptor) [pid 5100] close(12) = -1 EBADF (Bad file descriptor) [pid 5100] close(13) = -1 EBADF (Bad file descriptor) [pid 5100] close(14) = -1 EBADF (Bad file descriptor) [pid 5100] close(15) = -1 EBADF (Bad file descriptor) [pid 5100] close(16) = -1 EBADF (Bad file descriptor) [pid 5100] close(17) = -1 EBADF (Bad file descriptor) [pid 5100] close(18) = -1 EBADF (Bad file descriptor) [pid 5100] close(19) = -1 EBADF (Bad file descriptor) [pid 5100] close(20) = -1 EBADF (Bad file descriptor) [pid 5100] close(21) = -1 EBADF (Bad file descriptor) [pid 5100] close(22) = -1 EBADF (Bad file descriptor) [pid 5100] close(23) = -1 EBADF (Bad file descriptor) [pid 5100] close(24) = -1 EBADF (Bad file descriptor) [pid 5100] close(25) = -1 EBADF (Bad file descriptor) [pid 5100] close(26) = -1 EBADF (Bad file descriptor) [pid 5100] close(27) = -1 EBADF (Bad file descriptor) [pid 5100] close(28) = -1 EBADF (Bad file descriptor) [pid 5100] close(29) = -1 EBADF (Bad file descriptor) [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ [pid 5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5093] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x555568084660, 24 [pid 5093] <... clone resumed>, child_tidptr=0x555568084650) = 8 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 5102] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 5102] close(3) = 0 [pid 5102] close(4) = -1 EBADF (Bad file descriptor) [pid 5102] close(5) = -1 EBADF (Bad file descriptor) [pid 5102] close(6) = -1 EBADF (Bad file descriptor) [pid 5102] close(7) = -1 EBADF (Bad file descriptor) [pid 5102] close(8) = -1 EBADF (Bad file descriptor) [pid 5102] close(9) = -1 EBADF (Bad file descriptor) [pid 5102] close(10) = -1 EBADF (Bad file descriptor) [pid 5102] close(11) = -1 EBADF (Bad file descriptor) [pid 5102] close(12) = -1 EBADF (Bad file descriptor) [pid 5102] close(13) = -1 EBADF (Bad file descriptor) [pid 5102] close(14) = -1 EBADF (Bad file descriptor) [pid 5102] close(15) = -1 EBADF (Bad file descriptor) [pid 5102] close(16) = -1 EBADF (Bad file descriptor) [pid 5102] close(17) = -1 EBADF (Bad file descriptor) [pid 5102] close(18) = -1 EBADF (Bad file descriptor) [pid 5102] close(19) = -1 EBADF (Bad file descriptor) [pid 5102] close(20) = -1 EBADF (Bad file descriptor) [pid 5102] close(21) = -1 EBADF (Bad file descriptor) [pid 5102] close(22) = -1 EBADF (Bad file descriptor) [pid 5102] close(23) = -1 EBADF (Bad file descriptor) [pid 5102] close(24) = -1 EBADF (Bad file descriptor) [pid 5102] close(25) = -1 EBADF (Bad file descriptor) [pid 5102] close(26) = -1 EBADF (Bad file descriptor) [pid 5102] close(27) = -1 EBADF (Bad file descriptor) [pid 5102] close(28) = -1 EBADF (Bad file descriptor) [pid 5102] close(29) = -1 EBADF (Bad file descriptor) [pid 5102] exit_group(0) = ? [pid 5102] +++ exited with 0 +++ [pid 5093] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=8, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 5093] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5093] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555568084650) = 10 ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x555568084660, 24) = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5104] setpgid(0, 0) = 0 [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] openat(AT_FDCWD, "/dev/vhost-vsock", O_RDWR) = 3 [pid 5104] ioctl(3, VHOST_SET_OWNER, 0) = 0 [pid 5104] close(3) = 0 [pid 5104] close(4) = -1 EBADF (Bad file descriptor) [pid 5104] close(5) = -1 EBADF (Bad file descriptor) [pid 5104] close(6) = -1 EBADF (Bad file descriptor) [pid 5104] close(7) = -1 EBADF (Bad file descriptor) [ 58.942902][ T5105] ================================================================== [ 58.951040][ T5105] BUG: KASAN: slab-use-after-free in __mutex_unlock_slowpath+0xef/0x750 [ 58.959382][ T5105] Read of size 8 at addr ffff888023632880 by task vhost-5104/5105 [ 58.967179][ T5105] [ 58.969492][ T5105] CPU: 0 PID: 5105 Comm: vhost-5104 Not tainted 6.9.0-rc5-next-20240426-syzkaller #0 [ 58.978949][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 58.989009][ T5105] Call Trace: [ 58.992311][ T5105] [ 58.995246][ T5105] dump_stack_lvl+0x241/0x360 [ 58.999932][ T5105] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.005127][ T5105] ? __pfx__printk+0x10/0x10 [ 59.009713][ T5105] ? _printk+0xd5/0x120 [ 59.013863][ T5105] ? __virt_addr_valid+0x183/0x520 [ 59.018974][ T5105] ? __virt_addr_valid+0x183/0x520 [ 59.024085][ T5105] print_report+0x169/0x550 [ 59.028683][ T5105] ? __virt_addr_valid+0x183/0x520 [ 59.033820][ T5105] ? __virt_addr_valid+0x183/0x520 [ 59.038928][ T5105] ? __virt_addr_valid+0x44e/0x520 [ 59.044035][ T5105] ? __phys_addr+0xba/0x170 [ 59.048536][ T5105] ? __mutex_unlock_slowpath+0xef/0x750 [ 59.054074][ T5105] kasan_report+0x143/0x180 [ 59.058671][ T5105] ? __mutex_unlock_slowpath+0xef/0x750 [ 59.064213][ T5105] kasan_check_range+0x282/0x290 [ 59.069150][ T5105] ? vhost_task_fn+0x3bc/0x3f0 [ 59.073909][ T5105] __mutex_unlock_slowpath+0xef/0x750 [ 59.079292][ T5105] ? preempt_schedule_thunk+0x1a/0x30 [ 59.084690][ T5105] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 59.090709][ T5105] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 59.096697][ T5105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 59.103054][ T5105] ? complete+0xb4/0x1c0 [ 59.107308][ T5105] vhost_task_fn+0x3bc/0x3f0 [ 59.111900][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.117007][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.122115][ T5105] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.128091][ T5105] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.134448][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.139813][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.145010][ T5105] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.150205][ T5105] ? lockdep_hardirqs_on+0x99/0x150 [ 59.155396][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.160502][ T5105] ret_from_fork+0x4b/0x80 [ 59.164920][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.170030][ T5105] ret_from_fork_asm+0x1a/0x30 [ 59.174797][ T5105] [ 59.177805][ T5105] [ 59.180119][ T5105] Allocated by task 5104: [ 59.184433][ T5105] kasan_save_track+0x3f/0x80 [ 59.189102][ T5105] __kasan_kmalloc+0x98/0xb0 [ 59.193685][ T5105] kmalloc_trace_noprof+0x19c/0x2b0 [ 59.198885][ T5105] vhost_task_create+0x149/0x300 [ 59.203818][ T5105] vhost_worker_create+0x17b/0x3f0 [ 59.208948][ T5105] vhost_dev_set_owner+0x563/0x940 [ 59.214091][ T5105] vhost_dev_ioctl+0xda/0xda0 [ 59.218761][ T5105] vhost_vsock_dev_ioctl+0x2bb/0xfa0 [ 59.224041][ T5105] __se_sys_ioctl+0xfc/0x170 [ 59.228626][ T5105] do_syscall_64+0xf5/0x240 [ 59.233123][ T5105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.239013][ T5105] [ 59.241330][ T5105] Freed by task 5104: [ 59.245305][ T5105] kasan_save_track+0x3f/0x80 [ 59.249982][ T5105] kasan_save_free_info+0x40/0x50 [ 59.255187][ T5105] poison_slab_object+0xe0/0x150 [ 59.260141][ T5105] __kasan_slab_free+0x37/0x60 [ 59.264898][ T5105] kfree+0x149/0x350 [ 59.268805][ T5105] vhost_dev_cleanup+0x9b0/0xba0 [ 59.273739][ T5105] vhost_vsock_dev_release+0x3aa/0x410 [ 59.279200][ T5105] __fput+0x406/0x8b0 [ 59.283188][ T5105] __x64_sys_close+0x7f/0x110 [ 59.287953][ T5105] do_syscall_64+0xf5/0x240 [ 59.292452][ T5105] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.298336][ T5105] [ 59.300689][ T5105] The buggy address belongs to the object at ffff888023632800 [ 59.300689][ T5105] which belongs to the cache kmalloc-512 of size 512 [ 59.314746][ T5105] The buggy address is located 128 bytes inside of [ 59.314746][ T5105] freed 512-byte region [ffff888023632800, ffff888023632a00) [ 59.329065][ T5105] [ 59.331432][ T5105] The buggy address belongs to the physical page: [ 59.338120][ T5105] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23630 [ 59.346875][ T5105] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 59.355363][ T5105] anon flags: 0xfff80000000040(head|node=0|zone=1|lastcpupid=0xfff) [ 59.363439][ T5105] page_type: 0xffffefff(slab) [ 59.368106][ T5105] raw: 00fff80000000040 ffff888015041c80 0000000000000000 dead000000000001 [ 59.376697][ T5105] raw: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000 [ 59.385397][ T5105] head: 00fff80000000040 ffff888015041c80 0000000000000000 dead000000000001 [ 59.394066][ T5105] head: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000 [ 59.402726][ T5105] head: 00fff80000000002 ffffea00008d8c01 ffffffffffffffff 0000000000000000 [ 59.411390][ T5105] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 59.420041][ T5105] page dumped because: kasan: bad access detected [ 59.426444][ T5105] page_owner tracks the page as allocated [ 59.432160][ T5105] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 8362142669, free_ts 0 [ 59.451855][ T5105] post_alloc_hook+0x1f3/0x230 [ 59.456623][ T5105] get_page_from_freelist+0x2ce2/0x2d90 [ 59.462163][ T5105] __alloc_pages_noprof+0x256/0x6c0 [ 59.467373][ T5105] alloc_slab_page+0x5f/0x120 [ 59.472040][ T5105] allocate_slab+0x5a/0x2e0 [ 59.476619][ T5105] ___slab_alloc+0xcd1/0x14b0 [ 59.481301][ T5105] __slab_alloc+0x58/0xa0 [ 59.485618][ T5105] kmalloc_trace_noprof+0x1d5/0x2b0 [ 59.490810][ T5105] usb_serial_register_drivers+0x5e/0xe70 [ 59.496519][ T5105] do_one_initcall+0x248/0x880 [ 59.501295][ T5105] do_initcall_level+0x157/0x210 [ 59.506327][ T5105] do_initcalls+0x3f/0x80 [ 59.510822][ T5105] kernel_init_freeable+0x435/0x5d0 [ 59.516031][ T5105] kernel_init+0x1d/0x2b0 [ 59.520355][ T5105] ret_from_fork+0x4b/0x80 [ 59.524767][ T5105] ret_from_fork_asm+0x1a/0x30 [ 59.529521][ T5105] page_owner free stack trace missing [ 59.534895][ T5105] [ 59.537219][ T5105] Memory state around the buggy address: [ 59.542835][ T5105] ffff888023632780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 59.551065][ T5105] ffff888023632800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.559118][ T5105] >ffff888023632880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.567163][ T5105] ^ [ 59.571212][ T5105] ffff888023632900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.579278][ T5105] ffff888023632980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.587590][ T5105] ================================================================== [ 59.597350][ T5105] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.604582][ T5105] CPU: 0 PID: 5105 Comm: vhost-5104 Not tainted 6.9.0-rc5-next-20240426-syzkaller #0 [ 59.614039][ T5105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 59.624095][ T5105] Call Trace: [ 59.627455][ T5105] [ 59.630396][ T5105] dump_stack_lvl+0x241/0x360 [ 59.635096][ T5105] ? __pfx_dump_stack_lvl+0x10/0x10 [ 59.640298][ T5105] ? __pfx__printk+0x10/0x10 [ 59.644886][ T5105] ? preempt_schedule+0xe1/0xf0 [ 59.649756][ T5105] ? vscnprintf+0x5d/0x90 [ 59.654164][ T5105] panic+0x349/0x860 [ 59.658058][ T5105] ? check_panic_on_warn+0x21/0xb0 [ 59.663189][ T5105] ? __pfx_panic+0x10/0x10 [ 59.667606][ T5105] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 59.673581][ T5105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 59.679902][ T5105] ? print_report+0x502/0x550 [ 59.684658][ T5105] check_panic_on_warn+0x86/0xb0 [ 59.689587][ T5105] ? __mutex_unlock_slowpath+0xef/0x750 [ 59.695267][ T5105] end_report+0x77/0x160 [ 59.699504][ T5105] kasan_report+0x154/0x180 [ 59.704006][ T5105] ? __mutex_unlock_slowpath+0xef/0x750 [ 59.709548][ T5105] kasan_check_range+0x282/0x290 [ 59.714477][ T5105] ? vhost_task_fn+0x3bc/0x3f0 [ 59.719235][ T5105] __mutex_unlock_slowpath+0xef/0x750 [ 59.724598][ T5105] ? preempt_schedule_thunk+0x1a/0x30 [ 59.729962][ T5105] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 59.735931][ T5105] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 59.741903][ T5105] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 59.748229][ T5105] ? complete+0xb4/0x1c0 [ 59.752474][ T5105] vhost_task_fn+0x3bc/0x3f0 [ 59.757059][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.762160][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.767285][ T5105] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 59.773253][ T5105] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 59.779568][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.784676][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.789778][ T5105] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.795023][ T5105] ? lockdep_hardirqs_on+0x99/0x150 [ 59.800301][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.805405][ T5105] ret_from_fork+0x4b/0x80 [ 59.809821][ T5105] ? __pfx_vhost_task_fn+0x10/0x10 [ 59.814921][ T5105] ret_from_fork_asm+0x1a/0x30 [ 59.819681][ T5105] [ 59.822991][ T5105] Kernel Offset: disabled [ 59.828085][ T5105] Rebooting in 86400 seconds..