Warning: Permanently added '10.128.1.241' (ED25519) to the list of known hosts. 2024/09/07 15:56:04 ignoring optional flag "sandboxArg"="0" 2024/09/07 15:56:04 parsed 1 programs [ 44.222182][ T29] audit: type=1400 audit(1725724564.999:96): avc: denied { mounton } for pid=344 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 44.246994][ T29] audit: type=1400 audit(1725724564.999:97): avc: denied { read write } for pid=344 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.273005][ T29] audit: type=1400 audit(1725724564.999:98): avc: denied { open } for pid=344 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.329402][ T29] audit: type=1400 audit(1725724565.109:99): avc: denied { unlink } for pid=344 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/09/07 15:56:05 executed programs: 0 [ 44.355465][ T29] audit: type=1400 audit(1725724565.119:100): avc: denied { relabelto } for pid=345 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 44.362318][ T344] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.519195][ T355] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.526029][ T355] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.533273][ T355] device bridge_slave_0 entered promiscuous mode [ 44.541304][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.548308][ T355] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.555767][ T355] device bridge_slave_1 entered promiscuous mode [ 44.582535][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.589557][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.596783][ T359] device bridge_slave_0 entered promiscuous mode [ 44.603615][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.610548][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.617765][ T359] device bridge_slave_1 entered promiscuous mode [ 44.627742][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.634875][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.642400][ T357] device bridge_slave_0 entered promiscuous mode [ 44.657485][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.664542][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.672437][ T357] device bridge_slave_1 entered promiscuous mode [ 44.705257][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.712115][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.719323][ T358] device bridge_slave_0 entered promiscuous mode [ 44.726276][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.733436][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.740659][ T358] device bridge_slave_1 entered promiscuous mode [ 44.788492][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.795383][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.802847][ T360] device bridge_slave_0 entered promiscuous mode [ 44.815833][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.822751][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.829943][ T360] device bridge_slave_1 entered promiscuous mode [ 44.944103][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.950966][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.958030][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.964975][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.976389][ T355] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.983331][ T355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.009208][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.016231][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.023359][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.030210][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.038034][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.044885][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.052060][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.058940][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.107020][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.114252][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.121911][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.128931][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.136462][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.144018][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.151310][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.160135][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.167484][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.189063][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.196482][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.204324][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.212859][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.219699][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.226842][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.234702][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.241734][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.267977][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.275445][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.284327][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.292799][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.299639][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.306763][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.314886][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.321831][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.329159][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.337327][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.344089][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.351421][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.359643][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.366471][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.373837][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.381908][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.390020][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.396840][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.404182][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.412498][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.419238][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.426513][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.434616][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.441663][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.449192][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.457119][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.463855][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.471222][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.479329][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.487050][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.497206][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.505184][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.526143][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.542382][ T360] device veth0_vlan entered promiscuous mode [ 45.548616][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.556601][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.564372][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.572425][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.580697][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.588717][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.596715][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.604509][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.612658][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.620752][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.628484][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.644088][ T358] device veth0_vlan entered promiscuous mode [ 45.654258][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.661591][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.669221][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.677566][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.685811][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.694453][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.702289][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.709900][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.717849][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.725127][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.733810][ T357] device veth0_vlan entered promiscuous mode [ 45.742823][ T358] device veth1_macvtap entered promiscuous mode [ 45.751754][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.759719][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.767487][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.775487][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.783579][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.791254][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.799351][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.808041][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.815662][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.827416][ T360] device veth1_macvtap entered promiscuous mode [ 45.839975][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.848109][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.856683][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.864121][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.871837][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.879593][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.887596][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.895888][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.904610][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.913151][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.921302][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.929730][ T355] device veth0_vlan entered promiscuous mode [ 45.935892][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.943133][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.961125][ T357] device veth1_macvtap entered promiscuous mode [ 45.972165][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.980813][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.989597][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.997085][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.005348][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.013954][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.022095][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.030159][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.037730][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.051112][ T359] device veth0_vlan entered promiscuous mode [ 46.072041][ T29] audit: type=1400 audit(1725724566.839:101): avc: denied { create } for pid=380 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.078089][ T359] device veth1_macvtap entered promiscuous mode [ 46.104659][ T29] audit: type=1400 audit(1725724566.849:102): avc: denied { bind } for pid=380 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.128135][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.137569][ T29] audit: type=1400 audit(1725724566.849:103): avc: denied { listen } for pid=380 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.138399][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.163424][ T29] audit: type=1400 audit(1725724566.849:104): avc: denied { connect } for pid=380 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.169353][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.198360][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.206522][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.214585][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.222742][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.230650][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.238610][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.246765][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.255203][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.266291][ T355] device veth1_macvtap entered promiscuous mode [ 46.283198][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.291642][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.299987][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.312562][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.320635][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.328745][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.336798][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.345093][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.353576][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/09/07 15:56:10 executed programs: 219 [ 51.262541][ T38] ================================================================== [ 51.270964][ T38] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0x110 [ 51.278429][ T38] Write of size 4 at addr ffff888114cf6988 by task kworker/0:1/38 [ 51.286049][ T38] [ 51.288231][ T38] CPU: 0 PID: 38 Comm: kworker/0:1 Not tainted 5.15.157-syzkaller #0 [ 51.296124][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 51.306032][ T38] Workqueue: vsock-loopback vsock_loopback_work [ 51.312184][ T38] Call Trace: [ 51.315731][ T38] [ 51.318893][ T38] dump_stack_lvl+0x38/0x49 [ 51.323330][ T38] print_address_description.constprop.0+0x24/0x160 [ 51.329838][ T38] ? _raw_spin_lock_bh+0x78/0x110 [ 51.334793][ T38] kasan_report.cold+0x82/0xdb [ 51.339489][ T38] ? _raw_spin_lock_bh+0x78/0x110 [ 51.344418][ T38] kasan_check_range+0x148/0x190 [ 51.349198][ T38] __kasan_check_write+0x14/0x20 [ 51.354255][ T38] _raw_spin_lock_bh+0x78/0x110 [ 51.359115][ T38] ? _raw_write_lock_irq+0xd0/0xd0 [ 51.364070][ T38] ? __local_bh_enable_ip+0x28/0x60 [ 51.369185][ T38] ? _raw_spin_unlock_bh+0x45/0x60 [ 51.374156][ T38] virtio_transport_recv_pkt+0x391/0x2040 [ 51.379793][ T38] ? virtio_transport_reset_no_sock.isra.0+0x380/0x380 [ 51.386553][ T38] ? __kasan_check_write+0x14/0x20 [ 51.391513][ T38] ? virtio_transport_do_socket_init+0x320/0x320 [ 51.397650][ T38] ? vsock_deliver_tap+0x30/0x240 [ 51.402510][ T38] vsock_loopback_work+0x233/0x450 [ 51.407462][ T38] ? vsock_loopback_send_pkt+0x130/0x130 [ 51.413274][ T38] ? __kasan_check_read+0x11/0x20 [ 51.418417][ T38] ? strscpy+0x94/0x280 [ 51.422405][ T38] process_one_work+0x62c/0xec0 [ 51.427184][ T38] worker_thread+0x48e/0xdb0 [ 51.431599][ T38] ? rescuer_thread+0xc30/0xc30 [ 51.436548][ T38] kthread+0x324/0x3e0 [ 51.440450][ T38] ? set_kthread_struct+0x100/0x100 [ 51.445493][ T38] ret_from_fork+0x1f/0x30 [ 51.449922][ T38] [ 51.452889][ T38] [ 51.455046][ T38] Allocated by task 842: [ 51.459313][ T38] kasan_save_stack+0x26/0x50 [ 51.463807][ T38] __kasan_kmalloc+0xae/0xe0 [ 51.468246][ T38] kmem_cache_alloc_trace+0xbb/0x490 [ 51.473532][ T38] virtio_transport_do_socket_init+0x46/0x320 [ 51.479619][ T38] vsock_assign_transport+0x385/0x5b0 [ 51.484823][ T38] vsock_connect+0x285/0xba0 [ 51.489290][ T38] __sys_connect_file+0x136/0x190 [ 51.494111][ T38] __sys_connect+0x101/0x130 [ 51.498724][ T38] __x64_sys_connect+0x6e/0xb0 [ 51.503411][ T38] x64_sys_call+0x85c/0x990 [ 51.507921][ T38] do_syscall_64+0x33/0xb0 [ 51.512183][ T38] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.518075][ T38] [ 51.520243][ T38] Freed by task 842: [ 51.524063][ T38] kasan_save_stack+0x26/0x50 [ 51.528582][ T38] kasan_set_track+0x25/0x30 [ 51.533182][ T38] kasan_set_free_info+0x24/0x40 [ 51.538039][ T38] __kasan_slab_free+0x111/0x150 [ 51.542907][ T38] slab_free_freelist_hook+0x94/0x1a0 [ 51.548643][ T38] kfree+0xc2/0x260 [ 51.552270][ T38] virtio_transport_destruct+0x32/0x40 [ 51.557744][ T38] vsock_assign_transport+0x285/0x5b0 [ 51.562948][ T38] vsock_connect+0x285/0xba0 [ 51.567382][ T38] __sys_connect_file+0x136/0x190 [ 51.572668][ T38] __sys_connect+0x101/0x130 [ 51.577187][ T38] __x64_sys_connect+0x6e/0xb0 [ 51.581953][ T38] x64_sys_call+0x85c/0x990 [ 51.586296][ T38] do_syscall_64+0x33/0xb0 [ 51.590782][ T38] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.596507][ T38] [ 51.598664][ T38] The buggy address belongs to the object at ffff888114cf6980 [ 51.598664][ T38] which belongs to the cache kmalloc-96 of size 96 [ 51.612469][ T38] The buggy address is located 8 bytes inside of [ 51.612469][ T38] 96-byte region [ffff888114cf6980, ffff888114cf69e0) [ 51.625574][ T38] The buggy address belongs to the page: [ 51.631048][ T38] page:ffffea0004533d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114cf6 [ 51.641333][ T38] flags: 0x4000000000000200(slab|zone=1) [ 51.647461][ T38] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042900 [ 51.656075][ T38] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 51.664573][ T38] page dumped because: kasan: bad access detected [ 51.670958][ T38] page_owner tracks the page as allocated [ 51.676487][ T38] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 360, ts 51228746615, free_ts 51228021336 [ 51.692464][ T38] prep_new_page+0x1a2/0x310 [ 51.696975][ T38] get_page_from_freelist+0x1ce2/0x30a0 [ 51.702442][ T38] __alloc_pages+0x2d5/0x2620 [ 51.706959][ T38] allocate_slab+0x39d/0x530 [ 51.711470][ T38] ___slab_alloc.constprop.0+0x3ca/0x890 [ 51.716936][ T38] __slab_alloc.constprop.0+0x42/0x80 [ 51.722231][ T38] __kmalloc+0x49f/0x4e0 [ 51.726311][ T38] kvmalloc_node+0xee/0x240 [ 51.730649][ T38] alloc_fdtable+0x127/0x280 [ 51.735077][ T38] dup_fd+0x5dc/0xb30 [ 51.738896][ T38] copy_process+0x1c4a/0x7410 [ 51.743407][ T38] kernel_clone+0xc1/0x950 [ 51.747659][ T38] __do_sys_clone+0xc9/0x100 [ 51.752087][ T38] __x64_sys_clone+0xb9/0x140 [ 51.756688][ T38] x64_sys_call+0x7fa/0x990 [ 51.761036][ T38] do_syscall_64+0x33/0xb0 [ 51.765282][ T38] page last free stack trace: [ 51.769898][ T38] free_pcp_prepare+0x1b6/0x4c0 [ 51.774688][ T38] free_unref_page+0x84/0x760 [ 51.779204][ T38] __free_pages+0xd7/0xf0 [ 51.783354][ T38] free_pages+0x3f/0x80 [ 51.787433][ T38] pgd_free+0x14f/0x1f0 [ 51.791430][ T38] __mmdrop+0x4d/0x280 [ 51.795347][ T38] finish_task_switch.isra.0+0x46f/0x720 [ 51.800806][ T38] __schedule+0x75f/0x18b0 [ 51.805139][ T38] schedule+0x116/0x240 [ 51.809140][ T38] do_nanosleep+0x1fd/0x520 [ 51.813787][ T38] hrtimer_nanosleep+0x191/0x3d0 [ 51.818516][ T38] common_nsleep+0x78/0xb0 [ 51.822762][ T38] __x64_sys_clock_nanosleep+0x2a4/0x440 [ 51.828227][ T38] x64_sys_call+0x3a1/0x990 [ 51.832567][ T38] do_syscall_64+0x33/0xb0 [ 51.836909][ T38] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 51.842646][ T38] [ 51.844811][ T38] Memory state around the buggy address: [ 51.850451][ T38] ffff888114cf6880: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 51.858356][ T38] ffff888114cf6900: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.866257][ T38] >ffff888114cf6980: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.874335][ T38] ^ [ 51.878584][ T38] ffff888114cf6a00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 51.886670][ T38] ffff888114cf6a80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.894634][ T38] ================================================================== [ 51.902628][ T38] Disabling lock debugging due to kernel taint