[ 25.869811][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.877749][ T8] device bridge_slave_0 left promiscuous mode [ 25.883871][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.892158][ T8] device veth1_macvtap left promiscuous mode [ 25.898234][ T8] device veth0_vlan left promiscuous mode [ 36.009424][ T27] kauditd_printk_skb: 76 callbacks suppressed [ 36.009433][ T27] audit: type=1400 audit(1716449562.428:152): avc: denied { transition } for pid=322 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 36.037432][ T27] audit: type=1400 audit(1716449562.428:153): avc: denied { noatsecure } for pid=322 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 36.056988][ T27] audit: type=1400 audit(1716449562.428:154): avc: denied { rlimitinh } for pid=322 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 36.076307][ T27] audit: type=1400 audit(1716449562.428:155): avc: denied { siginh } for pid=322 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts. 2024/05/23 07:32:49 ignoring optional flag "sandboxArg"="0" 2024/05/23 07:32:49 parsed 1 programs [ 43.325426][ T27] audit: type=1400 audit(1716449569.748:156): avc: denied { mounton } for pid=343 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 43.351388][ T27] audit: type=1400 audit(1716449569.748:157): avc: denied { mount } for pid=343 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 2024/05/23 07:32:49 executed programs: 0 [ 43.423042][ T27] audit: type=1400 audit(1716449569.848:158): avc: denied { unlink } for pid=343 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 43.463994][ T343] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 43.609495][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.616606][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.623820][ T360] device bridge_slave_0 entered promiscuous mode [ 43.639603][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.646592][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.654537][ T360] device bridge_slave_1 entered promiscuous mode [ 43.666718][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.674414][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.681619][ T353] device bridge_slave_0 entered promiscuous mode [ 43.699079][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.705976][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.713379][ T353] device bridge_slave_1 entered promiscuous mode [ 43.740601][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.747538][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.754810][ T359] device bridge_slave_0 entered promiscuous mode [ 43.761849][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.768766][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.775936][ T359] device bridge_slave_1 entered promiscuous mode [ 43.796323][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.803567][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.810810][ T354] device bridge_slave_0 entered promiscuous mode [ 43.825170][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.832867][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.840487][ T354] device bridge_slave_1 entered promiscuous mode [ 43.871711][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.878718][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.886056][ T358] device bridge_slave_0 entered promiscuous mode [ 43.904419][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.911441][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.919285][ T358] device bridge_slave_1 entered promiscuous mode [ 44.038069][ T27] audit: type=1400 audit(1716449570.458:159): avc: denied { write } for pid=360 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.059190][ T27] audit: type=1400 audit(1716449570.458:160): avc: denied { read } for pid=359 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 44.088499][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.095565][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.102873][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.109626][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.133652][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.140797][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.148186][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.155292][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.175535][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.182616][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.189743][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.196656][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.208280][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.215222][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.222292][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.229149][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.265914][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.272956][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.280088][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.287132][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.300871][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.308793][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.316290][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.323398][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.330604][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.338245][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.345603][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.353108][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.360759][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.368014][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.375977][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.383696][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.414375][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.421843][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.431428][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.440768][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.449159][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.456059][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.463343][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.472537][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.479556][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.487789][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.496386][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.504039][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.512705][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.520683][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.529557][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.537533][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.546403][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.554454][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.561904][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.586058][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.594538][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.614706][ T360] device veth0_vlan entered promiscuous mode [ 44.622845][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.630840][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.637721][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.646164][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.654862][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.663096][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.670102][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.678680][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.686774][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.693889][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.701597][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.709980][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.717033][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.724770][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.732905][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.741097][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.748452][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.755963][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.764566][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.772875][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.780686][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.788737][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.797279][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.806124][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.814063][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.827385][ T359] device veth0_vlan entered promiscuous mode [ 44.834528][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.841852][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.849727][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.857866][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.865799][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.874822][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.882235][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.891967][ T360] device veth1_macvtap entered promiscuous mode [ 44.905916][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.914246][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.922366][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.930213][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.938844][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.946950][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.955135][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.972597][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.981120][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.990043][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.998751][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.013588][ T359] device veth1_macvtap entered promiscuous mode [ 45.031111][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.039975][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.048631][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.057009][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.065377][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.073420][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.081849][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.094916][ T27] audit: type=1400 audit(1716449571.518:161): avc: denied { mounton } for pid=360 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 45.100801][ T354] device veth0_vlan entered promiscuous mode [ 45.127289][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.135509][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.144087][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.152240][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.161095][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.168986][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.176804][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.185276][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.193596][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.200958][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.211660][ T358] device veth0_vlan entered promiscuous mode [ 45.228520][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.236975][ T27] audit: type=1400 audit(1716449571.658:162): avc: denied { bind } for pid=378 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.258506][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.267271][ T27] audit: type=1400 audit(1716449571.658:163): avc: denied { listen } for pid=378 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.268958][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.288586][ T27] audit: type=1400 audit(1716449571.658:164): avc: denied { connect } for pid=378 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.297462][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.327776][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.336827][ T353] device veth0_vlan entered promiscuous mode [ 45.349055][ T358] device veth1_macvtap entered promiscuous mode [ 45.367953][ T354] device veth1_macvtap entered promiscuous mode [ 45.377930][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.387954][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.396025][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.404143][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.424329][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.434979][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.443121][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.451120][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.459521][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.468037][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.477624][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.494102][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.506667][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.515967][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.524607][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.535614][ T353] device veth1_macvtap entered promiscuous mode [ 45.559089][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.567920][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.598044][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.607081][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/05/23 07:32:55 executed programs: 15 [ 48.713236][ T298] ================================================================== [ 48.721143][ T298] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x97/0x1b0 [ 48.728519][ T298] Write of size 4 at addr ffff88811c436e08 by task kworker/1:2/298 [ 48.737301][ T298] [ 48.739605][ T298] CPU: 1 PID: 298 Comm: kworker/1:2 Not tainted 6.1.75-syzkaller #0 [ 48.747607][ T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 48.757574][ T298] Workqueue: vsock-loopback vsock_loopback_work [ 48.763860][ T298] Call Trace: [ 48.766956][ T298] [ 48.769730][ T298] dump_stack_lvl+0x105/0x148 [ 48.774255][ T298] ? panic+0x3b4/0x3b4 [ 48.778408][ T298] ? nf_tcp_handle_invalid+0x30b/0x30b [ 48.783705][ T298] ? _printk+0xca/0x10a [ 48.787959][ T298] print_report+0x158/0x4e0 [ 48.792656][ T298] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 48.799182][ T298] ? _raw_spin_lock_bh+0x97/0x1b0 [ 48.804106][ T298] kasan_report+0x13c/0x170 [ 48.808446][ T298] ? _raw_spin_lock_bh+0x97/0x1b0 [ 48.813746][ T298] ? __local_bh_enable_ip+0x4a/0x70 [ 48.818950][ T298] kasan_check_range+0x294/0x2a0 [ 48.823730][ T298] __kasan_check_write+0x14/0x20 [ 48.828766][ T298] _raw_spin_lock_bh+0x97/0x1b0 [ 48.833726][ T298] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 48.839111][ T298] ? __local_bh_enable_ip+0x4a/0x70 [ 48.844136][ T298] ? _raw_spin_unlock_bh+0x50/0x60 [ 48.849249][ T298] virtio_transport_recv_pkt+0x4fb/0x3ca0 [ 48.854771][ T298] ? virtio_transport_release+0xaa0/0xaa0 [ 48.860508][ T298] ? enqueue_task_fair+0xe92/0x23c0 [ 48.865703][ T298] ? check_preempt_wakeup+0x717/0xb20 [ 48.870902][ T298] ? yield_to_task_fair+0x190/0x190 [ 48.876119][ T298] ? ttwu_do_wakeup+0xe5/0x430 [ 48.880984][ T298] ? cpudl_cleanup+0x40/0x40 [ 48.885479][ T298] ? ttwu_do_activate+0x172/0x270 [ 48.890345][ T298] ? cpudl_cleanup+0x40/0x40 [ 48.894858][ T298] ? update_load_avg+0x513/0x1510 [ 48.900151][ T298] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 48.905881][ T298] ? __this_cpu_preempt_check+0x13/0x20 [ 48.911440][ T298] ? xfd_validate_state+0x16/0x50 [ 48.916301][ T298] ? __kasan_check_write+0x14/0x20 [ 48.921330][ T298] ? __switch_to+0x621/0x1170 [ 48.925937][ T298] ? __kasan_check_write+0x14/0x20 [ 48.931422][ T298] ? vsock_deliver_tap+0x2a/0x50 [ 48.936569][ T298] vsock_loopback_work+0x376/0x3d0 [ 48.941786][ T298] ? _raw_spin_unlock+0x4c/0x70 [ 48.946466][ T298] ? vsock_loopback_send_pkt+0x110/0x110 [ 48.952112][ T298] ? __kasan_check_read+0x11/0x20 [ 48.957055][ T298] ? read_word_at_a_time+0x12/0x20 [ 48.962192][ T298] ? strscpy+0x99/0x260 [ 48.966403][ T298] process_one_work+0x6de/0xd00 [ 48.971142][ T298] worker_thread+0x892/0xf20 [ 48.975755][ T298] ? _raw_spin_lock+0x1b0/0x1b0 [ 48.980462][ T298] ? process_one_work+0xd00/0xd00 [ 48.985655][ T298] kthread+0x215/0x270 [ 48.989913][ T298] ? process_one_work+0xd00/0xd00 [ 48.994955][ T298] ? kthread_blkcg+0xa0/0xa0 [ 48.999721][ T298] ret_from_fork+0x1f/0x30 [ 49.004059][ T298] [ 49.007008][ T298] [ 49.009178][ T298] Allocated by task 415: [ 49.013493][ T298] kasan_set_track+0x4b/0x70 [ 49.017857][ T298] kasan_save_alloc_info+0x1f/0x30 [ 49.023246][ T298] __kasan_kmalloc+0x9c/0xb0 [ 49.027667][ T298] kmalloc_trace+0x44/0xa0 [ 49.032013][ T298] virtio_transport_do_socket_init+0x51/0x290 [ 49.038120][ T298] vsock_assign_transport+0x376/0x4f0 [ 49.043552][ T298] vsock_connect+0x3c7/0xb90 [ 49.047999][ T298] __sys_connect+0x304/0x370 [ 49.052768][ T298] __x64_sys_connect+0x75/0x80 [ 49.057463][ T298] do_syscall_64+0x3d/0xb0 [ 49.062092][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.068539][ T298] [ 49.070780][ T298] Freed by task 437: [ 49.074539][ T298] kasan_set_track+0x4b/0x70 [ 49.078981][ T298] kasan_save_free_info+0x2b/0x40 [ 49.083898][ T298] ____kasan_slab_free+0x131/0x180 [ 49.089011][ T298] __kasan_slab_free+0x11/0x20 [ 49.093867][ T298] __kmem_cache_free+0x1fa/0x370 [ 49.098650][ T298] kfree+0x7a/0xf0 [ 49.102285][ T298] virtio_transport_destruct+0x36/0x40 [ 49.107577][ T298] vsock_assign_transport+0x23f/0x4f0 [ 49.112882][ T298] vsock_connect+0x3c7/0xb90 [ 49.117388][ T298] __sys_connect+0x304/0x370 [ 49.121908][ T298] __x64_sys_connect+0x75/0x80 [ 49.126745][ T298] do_syscall_64+0x3d/0xb0 [ 49.130935][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.136932][ T298] [ 49.139461][ T298] The buggy address belongs to the object at ffff88811c436e00 [ 49.139461][ T298] which belongs to the cache kmalloc-96 of size 96 [ 49.153515][ T298] The buggy address is located 8 bytes inside of [ 49.153515][ T298] 96-byte region [ffff88811c436e00, ffff88811c436e60) [ 49.166757][ T298] [ 49.169015][ T298] The buggy address belongs to the physical page: [ 49.175253][ T298] page:ffffea0004710d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c436 [ 49.185398][ T298] flags: 0x4000000000000200(slab|zone=1) [ 49.190881][ T298] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042900 [ 49.199289][ T298] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 49.207884][ T298] page dumped because: kasan: bad access detected [ 49.214307][ T298] page_owner tracks the page as allocated [ 49.219952][ T298] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 302, tgid 302 (kworker/0:2), ts 47542713240, free_ts 37023979078 [ 49.239869][ T298] prep_new_page+0x512/0x5e0 [ 49.244262][ T298] get_page_from_freelist+0x288b/0x2910 [ 49.249656][ T298] __alloc_pages+0x39f/0x780 [ 49.254074][ T298] alloc_slab_page+0x6c/0xf0 [ 49.259243][ T298] new_slab+0x7b/0x370 [ 49.263141][ T298] ___slab_alloc+0x611/0x9a0 [ 49.267742][ T298] __slab_alloc+0x52/0x90 [ 49.272088][ T298] __kmem_cache_alloc_node+0x1af/0x250 [ 49.277485][ T298] kmalloc_trace+0x2a/0xa0 [ 49.281917][ T298] dst_cow_metrics_generic+0x50/0x160 [ 49.287232][ T298] icmp6_dst_alloc+0x304/0x4c0 [ 49.291842][ T298] mld_sendpack+0x4d1/0xbb0 [ 49.296259][ T298] mld_dad_work+0x1cc/0x4b0 [ 49.300886][ T298] process_one_work+0x6de/0xd00 [ 49.305899][ T298] worker_thread+0x892/0xf20 [ 49.310318][ T298] kthread+0x215/0x270 [ 49.314225][ T298] page last free stack trace: [ 49.318829][ T298] free_unref_page_prepare+0x794/0x7a0 [ 49.324292][ T298] free_unref_page+0xb2/0x5b0 [ 49.328800][ T298] __folio_put+0x7c/0xa0 [ 49.332883][ T298] anon_pipe_buf_release+0x10c/0x160 [ 49.338263][ T298] pipe_read+0x4df/0xdb0 [ 49.342342][ T298] vfs_read+0x780/0x9a0 [ 49.346443][ T298] ksys_read+0x15c/0x240 [ 49.350622][ T298] __x64_sys_read+0x76/0x80 [ 49.355099][ T298] do_syscall_64+0x3d/0xb0 [ 49.359667][ T298] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 49.365502][ T298] [ 49.367871][ T298] Memory state around the buggy address: [ 49.373778][ T298] ffff88811c436d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.381907][ T298] ffff88811c436d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.390233][ T298] >ffff88811c436e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.398430][ T298] ^ [ 49.403008][ T298] ffff88811c436e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.411184][ T298] ffff88811c436f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.419069][ T298] ================================================================== [ 49.427295][ T298] Disabling lock debugging due to kernel taint