Warning: Permanently added '10.128.1.25' (ED25519) to the list of known hosts. 2024/07/11 19:37:01 ignoring optional flag "sandboxArg"="0" 2024/07/11 19:37:01 parsed 1 programs 2024/07/11 19:37:01 executed programs: 0 [ 45.352486][ T27] audit: type=1400 audit(1720726621.603:95): avc: denied { unlink } for pid=347 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 45.375067][ T347] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.534705][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.541651][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.549040][ T364] device bridge_slave_0 entered promiscuous mode [ 45.558841][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.565871][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.573283][ T364] device bridge_slave_1 entered promiscuous mode [ 45.601462][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.608463][ T359] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.615857][ T359] device bridge_slave_0 entered promiscuous mode [ 45.631562][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.638678][ T359] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.645906][ T359] device bridge_slave_1 entered promiscuous mode [ 45.655049][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.663182][ T362] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.670677][ T362] device bridge_slave_0 entered promiscuous mode [ 45.688243][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.695148][ T362] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.702847][ T362] device bridge_slave_1 entered promiscuous mode [ 45.728739][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.735625][ T363] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.743257][ T363] device bridge_slave_0 entered promiscuous mode [ 45.753661][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.760762][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.768577][ T357] device bridge_slave_0 entered promiscuous mode [ 45.781716][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.788706][ T363] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.796092][ T363] device bridge_slave_1 entered promiscuous mode [ 45.802587][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.809436][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.816705][ T357] device bridge_slave_1 entered promiscuous mode [ 45.979298][ T359] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.986517][ T359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.993723][ T359] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.000492][ T359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.008879][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.015747][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.023099][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.029864][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.064822][ T362] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.071774][ T362] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.078993][ T362] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.086043][ T362] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.096284][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.103430][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.110540][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.117528][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.145602][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.153057][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.162044][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.169861][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.178685][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.186019][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.195607][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.204032][ T310] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.212232][ T310] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.238673][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.246502][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.254677][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.261497][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.268870][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.276941][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.283959][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.291234][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.314123][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.333095][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.341315][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.365949][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.373949][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.382922][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.390952][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.397821][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.406083][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.415533][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.422689][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.429814][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.438226][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.445181][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.452360][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.460436][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.467300][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.474720][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.503367][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.512692][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.520553][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.528737][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.536372][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.543903][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.551130][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.559137][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.566163][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.573510][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.581746][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.588827][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.596821][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.604642][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.612490][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.620214][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.628169][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.640081][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.648364][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.656586][ T362] device veth0_vlan entered promiscuous mode [ 46.681304][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.691202][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.699993][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.709195][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.717660][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.726520][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.734859][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 46.743464][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 46.752294][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.761122][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.772340][ T364] device veth0_vlan entered promiscuous mode [ 46.783904][ T362] device veth1_macvtap entered promiscuous mode [ 46.793537][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 46.801084][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.809138][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.817109][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.825234][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.833664][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.841553][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.850006][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.857711][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.865372][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.873457][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.881055][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 46.888959][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 46.900939][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 46.909611][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 46.918111][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 46.926381][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 46.935126][ T359] device veth0_vlan entered promiscuous mode [ 46.945132][ T357] device veth0_vlan entered promiscuous mode [ 46.954567][ T363] device veth0_vlan entered promiscuous mode [ 46.962371][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 46.970358][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 46.978843][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 46.987928][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 46.996345][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.003738][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.020087][ T357] device veth1_macvtap entered promiscuous mode [ 47.028243][ T27] audit: type=1400 audit(1720726623.273:96): avc: denied { mounton } for pid=362 comm="syz-executor.1" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 47.055827][ T359] device veth1_macvtap entered promiscuous mode [ 47.064763][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.073003][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.081076][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.090899][ T27] audit: type=1400 audit(1720726623.333:97): avc: denied { create } for pid=383 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.091439][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.113214][ T27] audit: type=1400 audit(1720726623.333:98): avc: denied { bind } for pid=383 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.139408][ T27] audit: type=1400 audit(1720726623.333:99): avc: denied { listen } for pid=383 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.142674][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.160766][ T27] audit: type=1400 audit(1720726623.333:100): avc: denied { connect } for pid=383 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 47.192074][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.202093][ T364] device veth1_macvtap entered promiscuous mode [ 47.220301][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.229862][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 47.239151][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.247536][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.256044][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.264604][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.272936][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.281223][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.289512][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.297920][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.306545][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.316516][ T363] device veth1_macvtap entered promiscuous mode [ 47.330555][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 47.338404][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.346801][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.360620][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.373258][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.389417][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 47.398080][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.407520][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 47.416177][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.833312][ T399] ================================================================== [ 47.841964][ T399] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x97/0x1b0 [ 47.849341][ T399] Write of size 4 at addr ffff8881277f9d08 by task kworker/1:4/399 [ 47.857580][ T399] [ 47.859753][ T399] CPU: 1 PID: 399 Comm: kworker/1:4 Not tainted 6.1.84-syzkaller #0 [ 47.867652][ T399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 47.877839][ T399] Workqueue: vsock-loopback vsock_loopback_work [ 47.883917][ T399] Call Trace: [ 47.887109][ T399] [ 47.890129][ T399] dump_stack_lvl+0x105/0x148 [ 47.895909][ T399] ? panic+0x3b4/0x3b4 [ 47.899888][ T399] ? nf_tcp_handle_invalid+0x30b/0x30b [ 47.905191][ T399] ? _printk+0xca/0x10a [ 47.909200][ T399] print_report+0x158/0x4e0 [ 47.913518][ T399] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 47.919948][ T399] ? _raw_spin_lock_bh+0x97/0x1b0 [ 47.924892][ T399] kasan_report+0x13c/0x170 [ 47.929324][ T399] ? _raw_spin_lock_bh+0x97/0x1b0 [ 47.934177][ T399] ? __local_bh_enable_ip+0x4a/0x70 [ 47.939376][ T399] kasan_check_range+0x294/0x2a0 [ 47.944202][ T399] __kasan_check_write+0x14/0x20 [ 47.948938][ T399] _raw_spin_lock_bh+0x97/0x1b0 [ 47.953624][ T399] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 47.958668][ T399] ? __local_bh_enable_ip+0x4a/0x70 [ 47.963790][ T399] ? _raw_spin_unlock_bh+0x50/0x60 [ 47.968730][ T399] virtio_transport_recv_pkt+0x4fb/0x3ca0 [ 47.974382][ T399] ? virtio_transport_release+0xaa0/0xaa0 [ 47.980107][ T399] ? memcpy+0x56/0x70 [ 47.984063][ T399] ? ip6_finish_output2+0xe13/0x15b0 [ 47.989305][ T399] ? ip6table_mangle_table_init+0x60/0x60 [ 47.994917][ T399] ? cpudl_cleanup+0x40/0x40 [ 47.999628][ T399] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 48.005164][ T399] ? cpudl_cleanup+0x40/0x40 [ 48.009770][ T399] ? update_load_avg+0x513/0x1510 [ 48.014626][ T399] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 48.020444][ T399] ? __this_cpu_preempt_check+0x13/0x20 [ 48.025817][ T399] ? xfd_validate_state+0x16/0x50 [ 48.030676][ T399] ? __kasan_check_write+0x14/0x20 [ 48.035634][ T399] ? __switch_to+0x621/0x1170 [ 48.040145][ T399] ? __kasan_check_write+0x14/0x20 [ 48.045087][ T399] ? vsock_deliver_tap+0x2a/0x50 [ 48.049864][ T399] vsock_loopback_work+0x376/0x3d0 [ 48.055191][ T399] ? _raw_spin_unlock+0x4c/0x70 [ 48.059936][ T399] ? vsock_loopback_send_pkt+0x110/0x110 [ 48.065393][ T399] ? __kasan_check_read+0x11/0x20 [ 48.070429][ T399] ? read_word_at_a_time+0x12/0x20 [ 48.075760][ T399] ? strscpy+0x99/0x260 [ 48.079837][ T399] process_one_work+0x6de/0xd00 [ 48.084616][ T399] worker_thread+0x892/0xf20 [ 48.089037][ T399] ? _raw_spin_lock+0x1b0/0x1b0 [ 48.093737][ T399] ? __kasan_check_read+0x11/0x20 [ 48.098667][ T399] ? process_one_work+0xd00/0xd00 [ 48.103633][ T399] kthread+0x215/0x270 [ 48.107612][ T399] ? process_one_work+0xd00/0xd00 [ 48.112474][ T399] ? kthread_blkcg+0xa0/0xa0 [ 48.116987][ T399] ret_from_fork+0x1f/0x30 [ 48.121351][ T399] [ 48.124230][ T399] [ 48.126434][ T399] Allocated by task 455: [ 48.130476][ T399] kasan_set_track+0x4b/0x70 [ 48.134911][ T399] kasan_save_alloc_info+0x1f/0x30 [ 48.139845][ T399] __kasan_kmalloc+0x9c/0xb0 [ 48.144376][ T399] kmalloc_trace+0x44/0xa0 [ 48.148623][ T399] virtio_transport_do_socket_init+0x51/0x290 [ 48.154627][ T399] vsock_assign_transport+0x376/0x4f0 [ 48.159823][ T399] vsock_connect+0x3c7/0xb90 [ 48.164284][ T399] __sys_connect+0x304/0x370 [ 48.168770][ T399] __x64_sys_connect+0x75/0x80 [ 48.173551][ T399] do_syscall_64+0x3d/0xb0 [ 48.177794][ T399] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.183610][ T399] [ 48.185780][ T399] Freed by task 455: [ 48.189506][ T399] kasan_set_track+0x4b/0x70 [ 48.193931][ T399] kasan_save_free_info+0x2b/0x40 [ 48.198792][ T399] ____kasan_slab_free+0x131/0x180 [ 48.203742][ T399] __kasan_slab_free+0x11/0x20 [ 48.208336][ T399] __kmem_cache_free+0x1fa/0x370 [ 48.213119][ T399] kfree+0x7a/0xf0 [ 48.216767][ T399] virtio_transport_destruct+0x36/0x40 [ 48.222051][ T399] vsock_assign_transport+0x23f/0x4f0 [ 48.227260][ T399] vsock_connect+0x3c7/0xb90 [ 48.231686][ T399] __sys_connect+0x304/0x370 [ 48.236111][ T399] __x64_sys_connect+0x75/0x80 [ 48.240798][ T399] do_syscall_64+0x3d/0xb0 [ 48.245232][ T399] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.250962][ T399] [ 48.253132][ T399] The buggy address belongs to the object at ffff8881277f9d00 [ 48.253132][ T399] which belongs to the cache kmalloc-96 of size 96 [ 48.267189][ T399] The buggy address is located 8 bytes inside of [ 48.267189][ T399] 96-byte region [ffff8881277f9d00, ffff8881277f9d60) [ 48.280225][ T399] [ 48.282378][ T399] The buggy address belongs to the physical page: [ 48.288719][ T399] page:ffffea00049dfe40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1277f9 [ 48.299172][ T399] flags: 0x4000000000000200(slab|zone=1) [ 48.304895][ T399] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042900 [ 48.313391][ T399] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 48.321977][ T399] page dumped because: kasan: bad access detected [ 48.328275][ T399] page_owner tracks the page as allocated [ 48.334099][ T399] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 36, tgid 36 (kworker/0:1), ts 47662239088, free_ts 47657458849 [ 48.353289][ T399] prep_new_page+0x512/0x5e0 [ 48.357757][ T399] get_page_from_freelist+0x288b/0x2910 [ 48.363094][ T399] __alloc_pages+0x39f/0x780 [ 48.367516][ T399] alloc_slab_page+0x6c/0xf0 [ 48.371950][ T399] new_slab+0x7b/0x370 [ 48.376049][ T399] ___slab_alloc+0x611/0x9a0 [ 48.380460][ T399] __slab_alloc+0x52/0x90 [ 48.384616][ T399] __kmem_cache_alloc_node+0x1af/0x250 [ 48.389909][ T399] kmalloc_trace+0x2a/0xa0 [ 48.394249][ T399] dst_cow_metrics_generic+0x50/0x160 [ 48.399465][ T399] icmp6_dst_alloc+0x304/0x4c0 [ 48.404054][ T399] ndisc_send_skb+0x231/0xb80 [ 48.408742][ T399] ndisc_send_ns+0xaf/0x110 [ 48.413082][ T399] addrconf_dad_work+0xaf8/0x1360 [ 48.417945][ T399] process_one_work+0x6de/0xd00 [ 48.422803][ T399] worker_thread+0x892/0xf20 [ 48.427321][ T399] page last free stack trace: [ 48.432016][ T399] free_unref_page_prepare+0x794/0x7a0 [ 48.437393][ T399] free_unref_page+0xb2/0x5b0 [ 48.442071][ T399] __free_pages+0x67/0xd0 [ 48.446234][ T399] __vunmap+0x401/0x7b0 [ 48.450316][ T399] vfree+0x28/0x40 [ 48.453887][ T399] __do_replace+0x6fa/0x8d0 [ 48.458506][ T399] do_ip6t_set_ctl+0x281f/0x3720 [ 48.463369][ T399] nf_setsockopt+0x23b/0x270 [ 48.468315][ T399] ipv6_setsockopt+0xea/0x120 [ 48.473092][ T399] tcp_setsockopt+0x99/0xb0 [ 48.477377][ T399] sock_common_setsockopt+0x9d/0xb0 [ 48.482673][ T399] __sys_setsockopt+0x3f1/0x7d0 [ 48.487550][ T399] __x64_sys_setsockopt+0xba/0xd0 [ 48.492572][ T399] do_syscall_64+0x3d/0xb0 [ 48.496822][ T399] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 48.502552][ T399] [ 48.504718][ T399] Memory state around the buggy address: [ 48.510372][ T399] ffff8881277f9c00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 48.518390][ T399] ffff8881277f9c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 48.526297][ T399] >ffff8881277f9d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 48.534181][ T399] ^ [ 48.538695][ T399] ffff8881277f9d80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 48.547020][ T399] ffff8881277f9e00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 48.555351][ T399] ================================================================== [ 48.563391][ T399] Disabling lock debugging due to kernel taint