[ 26.201810][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 26.264201][ T301] syz-executor.2 (301) used greatest stack depth: 21264 bytes left [ 26.772883][ T8] device bridge_slave_1 left promiscuous mode [ 26.779076][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.786787][ T8] device bridge_slave_0 left promiscuous mode [ 26.793263][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.800830][ T8] device veth1_macvtap left promiscuous mode [ 26.806814][ T8] device veth0_vlan left promiscuous mode [ 37.352909][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 37.352917][ T27] audit: type=1400 audit(1724302982.193:94): avc: denied { read } for pid=79 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.0.184' (ED25519) to the list of known hosts. 2024/08/22 05:03:08 ignoring optional flag "sandboxArg"="0" 2024/08/22 05:03:08 parsed 1 programs 2024/08/22 05:03:08 executed programs: 0 [ 43.632808][ T27] audit: type=1400 audit(1724302988.473:95): avc: denied { unlink } for pid=344 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 43.665822][ T344] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 43.823702][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.831364][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.839465][ T358] device bridge_slave_0 entered promiscuous mode [ 43.848168][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.855573][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.862979][ T358] device bridge_slave_1 entered promiscuous mode [ 43.888078][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.894953][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.902929][ T353] device bridge_slave_0 entered promiscuous mode [ 43.917427][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.924448][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.931634][ T353] device bridge_slave_1 entered promiscuous mode [ 43.940818][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.948181][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.955924][ T359] device bridge_slave_0 entered promiscuous mode [ 43.971592][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.978660][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.986067][ T359] device bridge_slave_1 entered promiscuous mode [ 44.015908][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.022976][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.030296][ T360] device bridge_slave_0 entered promiscuous mode [ 44.047858][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.054983][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.063027][ T357] device bridge_slave_0 entered promiscuous mode [ 44.070080][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.077108][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.084320][ T360] device bridge_slave_1 entered promiscuous mode [ 44.100480][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.108692][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.116750][ T357] device bridge_slave_1 entered promiscuous mode [ 44.275741][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.282878][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.290383][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.297323][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.315298][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.322506][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.330114][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.337674][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.350692][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.357901][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.365103][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.372207][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.399081][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.406638][ T357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.413950][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.421779][ T357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.455127][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.462742][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.470239][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.477762][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.516876][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.525861][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.533788][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.544305][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.552713][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.560659][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.570075][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.578907][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.588378][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.597180][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.605612][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.614852][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.623329][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.648857][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.658943][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.667483][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.676934][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.684963][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.692752][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.701385][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.709789][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.718450][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.726281][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.733630][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.741889][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.749104][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.768853][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.779825][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.791775][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.801791][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.820656][ T359] device veth0_vlan entered promiscuous mode [ 44.829495][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.839352][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.848554][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.857201][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.865191][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.872406][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.879556][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.888214][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.896518][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.905446][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.913726][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.921622][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.934707][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.943591][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.952109][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.959477][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.967972][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.977929][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.001053][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.009433][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.017425][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.027264][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.037033][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.060215][ T353] device veth0_vlan entered promiscuous mode [ 45.067775][ T359] device veth1_macvtap entered promiscuous mode [ 45.074707][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.082094][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.090776][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.099011][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.107149][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.115853][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.124302][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.131146][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.139012][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.147917][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.156982][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.166670][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.175466][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.182712][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.190530][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.199744][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.208943][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.218749][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.239952][ T360] device veth0_vlan entered promiscuous mode [ 45.248911][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.258149][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.267041][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.274971][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.282718][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.290443][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.298868][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.307446][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.316101][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.324498][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.332857][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.342573][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.356212][ T353] device veth1_macvtap entered promiscuous mode [ 45.372903][ T358] device veth0_vlan entered promiscuous mode [ 45.381544][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.390313][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.398561][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.406223][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.414686][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.423513][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.432711][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.441650][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.449822][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.458263][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.466579][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.484916][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.494347][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.503839][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.513544][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.521964][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.531151][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.542566][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.554685][ T358] device veth1_macvtap entered promiscuous mode [ 45.564560][ T360] device veth1_macvtap entered promiscuous mode [ 45.574902][ T27] audit: type=1400 audit(1724302990.413:96): avc: denied { mounton } for pid=359 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 45.611824][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.620749][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.630236][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.643372][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.653959][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.677509][ T27] audit: type=1400 audit(1724302990.513:97): avc: denied { create } for pid=382 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.716309][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.725691][ T27] audit: type=1400 audit(1724302990.513:98): avc: denied { bind } for pid=382 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.730890][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.746477][ T27] audit: type=1400 audit(1724302990.513:99): avc: denied { listen } for pid=382 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.758225][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.776717][ T27] audit: type=1400 audit(1724302990.513:100): avc: denied { connect } for pid=382 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 45.804498][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.821403][ T357] device veth0_vlan entered promiscuous mode [ 45.834079][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.843233][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.851573][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.860188][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.875339][ T357] device veth1_macvtap entered promiscuous mode [ 45.896512][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.910557][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.945067][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.967529][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.976805][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.985768][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.994973][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.004591][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.012880][ T305] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/08/22 05:03:14 executed programs: 85 [ 49.423446][ T23] ================================================================== [ 49.431364][ T23] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x97/0x1b0 [ 49.438750][ T23] Write of size 4 at addr ffff8881127f0488 by task kworker/1:0/23 [ 49.446467][ T23] [ 49.448825][ T23] CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted 6.1.90-syzkaller #0 [ 49.456643][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 49.466900][ T23] Workqueue: vsock-loopback vsock_loopback_work [ 49.472979][ T23] Call Trace: [ 49.476096][ T23] [ 49.479207][ T23] dump_stack_lvl+0x105/0x148 [ 49.483893][ T23] ? panic+0x3bb/0x3bb [ 49.487891][ T23] ? nf_tcp_handle_invalid+0x30b/0x30b [ 49.493544][ T23] ? _printk+0xca/0x10a [ 49.497621][ T23] print_report+0x158/0x4e0 [ 49.502393][ T23] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 49.508912][ T23] ? _raw_spin_lock_bh+0x97/0x1b0 [ 49.513943][ T23] kasan_report+0x13c/0x170 [ 49.518364][ T23] ? _raw_spin_lock_bh+0x97/0x1b0 [ 49.524039][ T23] ? __local_bh_enable_ip+0x4a/0x70 [ 49.529122][ T23] kasan_check_range+0x294/0x2a0 [ 49.533990][ T23] __kasan_check_write+0x14/0x20 [ 49.538985][ T23] _raw_spin_lock_bh+0x97/0x1b0 [ 49.543667][ T23] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 49.548695][ T23] ? __local_bh_enable_ip+0x4a/0x70 [ 49.554118][ T23] ? _raw_spin_unlock_bh+0x50/0x60 [ 49.559375][ T23] virtio_transport_recv_pkt+0x4fb/0x3ca0 [ 49.565015][ T23] ? virtio_transport_release+0xaa0/0xaa0 [ 49.570822][ T23] ? do_softirq+0x103/0x150 [ 49.575816][ T23] ? __local_bh_enable_ip+0x70/0x70 [ 49.580930][ T23] ? _raw_spin_lock_bh+0xa4/0x1b0 [ 49.585789][ T23] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 49.590822][ T23] ? __local_bh_enable_ip+0x4a/0x70 [ 49.595942][ T23] ? _raw_spin_unlock_bh+0x50/0x60 [ 49.600993][ T23] ? wg_packet_decrypt_worker+0xb1c/0xba0 [ 49.606536][ T23] ? cpudl_cleanup+0x40/0x40 [ 49.611137][ T23] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 49.617133][ T23] ? cpudl_cleanup+0x40/0x40 [ 49.621562][ T23] ? update_load_avg+0x513/0x1510 [ 49.626422][ T23] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 49.632325][ T23] ? __this_cpu_preempt_check+0x13/0x20 [ 49.638241][ T23] ? xfd_validate_state+0x16/0x50 [ 49.643091][ T23] ? __kasan_check_write+0x14/0x20 [ 49.648138][ T23] ? __switch_to+0x621/0x1170 [ 49.652788][ T23] ? __kasan_check_write+0x14/0x20 [ 49.658074][ T23] ? vsock_deliver_tap+0x2a/0x50 [ 49.662843][ T23] vsock_loopback_work+0x376/0x3d0 [ 49.668223][ T23] ? _raw_spin_unlock+0x4c/0x70 [ 49.672942][ T23] ? vsock_loopback_send_pkt+0x110/0x110 [ 49.678381][ T23] ? __kasan_check_read+0x11/0x20 [ 49.683416][ T23] ? read_word_at_a_time+0x12/0x20 [ 49.688528][ T23] ? strscpy+0x99/0x260 [ 49.692624][ T23] process_one_work+0x6de/0xd00 [ 49.697319][ T23] worker_thread+0x892/0xf20 [ 49.701819][ T23] ? process_one_work+0xd00/0xd00 [ 49.706681][ T23] kthread+0x215/0x270 [ 49.710578][ T23] ? process_one_work+0xd00/0xd00 [ 49.715443][ T23] ? kthread_blkcg+0xa0/0xa0 [ 49.719930][ T23] ret_from_fork+0x1f/0x30 [ 49.724469][ T23] [ 49.727421][ T23] [ 49.729710][ T23] Allocated by task 548: [ 49.734209][ T23] kasan_set_track+0x4b/0x70 [ 49.738744][ T23] kasan_save_alloc_info+0x1f/0x30 [ 49.743663][ T23] __kasan_kmalloc+0x9c/0xb0 [ 49.748260][ T23] kmalloc_trace+0x44/0xa0 [ 49.752514][ T23] virtio_transport_do_socket_init+0x51/0x290 [ 49.758592][ T23] vsock_assign_transport+0x376/0x4f0 [ 49.763894][ T23] vsock_connect+0x3c7/0xb90 [ 49.768397][ T23] __sys_connect+0x304/0x370 [ 49.772827][ T23] __x64_sys_connect+0x75/0x80 [ 49.777450][ T23] x64_sys_call+0x14e/0x9a0 [ 49.781851][ T23] do_syscall_64+0x3b/0xb0 [ 49.786276][ T23] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.792021][ T23] [ 49.794178][ T23] Freed by task 548: [ 49.797916][ T23] kasan_set_track+0x4b/0x70 [ 49.802683][ T23] kasan_save_free_info+0x2b/0x40 [ 49.807539][ T23] ____kasan_slab_free+0x131/0x180 [ 49.812493][ T23] __kasan_slab_free+0x11/0x20 [ 49.817544][ T23] __kmem_cache_free+0x1fa/0x370 [ 49.822505][ T23] kfree+0x7a/0xf0 [ 49.826062][ T23] virtio_transport_destruct+0x36/0x40 [ 49.831362][ T23] vsock_assign_transport+0x23f/0x4f0 [ 49.836653][ T23] vsock_connect+0x3c7/0xb90 [ 49.841541][ T23] __sys_connect+0x304/0x370 [ 49.845968][ T23] __x64_sys_connect+0x75/0x80 [ 49.850844][ T23] x64_sys_call+0x14e/0x9a0 [ 49.855162][ T23] do_syscall_64+0x3b/0xb0 [ 49.859415][ T23] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.865229][ T23] [ 49.867494][ T23] Last potentially related work creation: [ 49.873054][ T23] kasan_save_stack+0x3b/0x60 [ 49.877555][ T23] __kasan_record_aux_stack+0xb4/0xc0 [ 49.882942][ T23] kasan_record_aux_stack_noalloc+0xb/0x10 [ 49.888682][ T23] kvfree_call_rcu+0x9f/0x7b0 [ 49.893273][ T23] kernfs_unlink_open_file+0x2c2/0x360 [ 49.898914][ T23] kernfs_fop_release+0x21f/0x2e0 [ 49.903780][ T23] __fput+0x2d8/0x6a0 [ 49.907774][ T23] ____fput+0x9/0x10 [ 49.911501][ T23] task_work_run+0x208/0x260 [ 49.915936][ T23] exit_to_user_mode_loop+0x94/0xa0 [ 49.920967][ T23] exit_to_user_mode_prepare+0x5a/0xa0 [ 49.926256][ T23] syscall_exit_to_user_mode+0x26/0x130 [ 49.931641][ T23] do_syscall_64+0x47/0xb0 [ 49.936075][ T23] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.941793][ T23] [ 49.943976][ T23] The buggy address belongs to the object at ffff8881127f0480 [ 49.943976][ T23] which belongs to the cache kmalloc-96 of size 96 [ 49.958584][ T23] The buggy address is located 8 bytes inside of [ 49.958584][ T23] 96-byte region [ffff8881127f0480, ffff8881127f04e0) [ 49.971511][ T23] [ 49.973813][ T23] The buggy address belongs to the physical page: [ 49.980056][ T23] page:ffffea000449fc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1127f0 [ 49.990803][ T23] flags: 0x4000000000000200(slab|zone=1) [ 49.996359][ T23] raw: 4000000000000200 ffffea0004485f80 dead000000000005 ffff888100042900 [ 50.004972][ T23] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 50.013456][ T23] page dumped because: kasan: bad access detected [ 50.019805][ T23] page_owner tracks the page as allocated [ 50.025872][ T23] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 104, tgid 104 (udevd), ts 4288275343, free_ts 0 [ 50.042875][ T23] prep_new_page+0x512/0x5e0 [ 50.047294][ T23] get_page_from_freelist+0x288b/0x2910 [ 50.052771][ T23] __alloc_pages+0x39f/0x780 [ 50.057527][ T23] alloc_slab_page+0x6c/0xf0 [ 50.062051][ T23] new_slab+0x7b/0x370 [ 50.066569][ T23] ___slab_alloc+0x611/0x9a0 [ 50.071104][ T23] __slab_alloc+0x52/0x90 [ 50.075399][ T23] __kmem_cache_alloc_node+0x1af/0x250 [ 50.080812][ T23] kmalloc_trace+0x2a/0xa0 [ 50.085069][ T23] kernfs_fop_open+0x60b/0xa40 [ 50.089869][ T23] do_dentry_open+0x620/0xdc0 [ 50.094366][ T23] vfs_open+0x6e/0x80 [ 50.098267][ T23] path_openat+0x1eb0/0x2440 [ 50.102695][ T23] do_filp_open+0x226/0x430 [ 50.107253][ T23] do_sys_openat2+0x102/0x6e0 [ 50.111949][ T23] __x64_sys_openat+0x209/0x250 [ 50.116630][ T23] page_owner free stack trace missing [ 50.121870][ T23] [ 50.124096][ T23] Memory state around the buggy address: [ 50.129738][ T23] ffff8881127f0380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 50.138246][ T23] ffff8881127f0400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 50.146164][ T23] >ffff8881127f0480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 50.154233][ T23] ^ [ 50.158486][ T23] ffff8881127f0500: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 50.167861][ T23] ffff8881127f0580: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 50.176105][ T23] ================================================================== [ 50.184541][ T23] Disabling lock debugging due to kernel taint