Warning: Permanently added '10.128.1.66' (ED25519) to the list of known hosts. 2024/04/18 00:37:06 ignoring optional flag "sandboxArg"="0" 2024/04/18 00:37:06 parsed 1 programs [ 48.233969][ T28] audit: type=1400 audit(1713400626.314:156): avc: denied { mounton } for pid=350 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 48.259295][ T28] audit: type=1400 audit(1713400626.314:157): avc: denied { mount } for pid=350 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 2024/04/18 00:37:06 executed programs: 0 [ 48.304003][ T28] audit: type=1400 audit(1713400626.384:158): avc: denied { unlink } for pid=350 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 48.329848][ T350] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.485403][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.492352][ T363] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.500175][ T363] device bridge_slave_0 entered promiscuous mode [ 48.508648][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.516533][ T363] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.524110][ T363] device bridge_slave_1 entered promiscuous mode [ 48.609719][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.616783][ T365] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.624088][ T365] device bridge_slave_0 entered promiscuous mode [ 48.642119][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.649040][ T365] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.656410][ T365] device bridge_slave_1 entered promiscuous mode [ 48.681906][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.688799][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.696105][ T364] device bridge_slave_0 entered promiscuous mode [ 48.714925][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.721878][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.729288][ T364] device bridge_slave_1 entered promiscuous mode [ 48.737483][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.744419][ T366] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.751671][ T366] device bridge_slave_0 entered promiscuous mode [ 48.772146][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.779094][ T366] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.786501][ T366] device bridge_slave_1 entered promiscuous mode [ 48.807178][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.814216][ T367] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.821355][ T367] device bridge_slave_0 entered promiscuous mode [ 48.839380][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.846326][ T367] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.853624][ T367] device bridge_slave_1 entered promiscuous mode [ 48.989267][ T28] audit: type=1400 audit(1713400627.064:159): avc: denied { write } for pid=363 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.010109][ T28] audit: type=1400 audit(1713400627.064:160): avc: denied { read } for pid=363 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.053580][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.060656][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.068619][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.075479][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.104557][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.111423][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.118569][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.125410][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.149184][ T365] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.156154][ T365] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.163237][ T365] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.170046][ T365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.180702][ T364] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.187579][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.195027][ T364] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.202028][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.224300][ T366] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.231451][ T366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.238825][ T366] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.245717][ T366] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.274839][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.282039][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.289238][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.296925][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.304098][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.311548][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.318957][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.326202][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.334264][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.342209][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.350627][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.376998][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.385449][ T310] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.392370][ T310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.400189][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.407576][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.438622][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.446457][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.454632][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.461555][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.468937][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.477109][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.485347][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.492191][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.524134][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.532421][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.540476][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.548049][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.555447][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.562754][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.571071][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.579206][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.586078][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.593260][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.601499][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.609673][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.616724][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.623866][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.632307][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.640660][ T308] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.647528][ T308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.654887][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.663033][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.671141][ T308] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.678016][ T308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.685250][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.693897][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.701984][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.710242][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.718340][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.726273][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.734165][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.761023][ T367] device veth0_vlan entered promiscuous mode [ 49.772530][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.780719][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.788281][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.795849][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.803931][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.811743][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.820350][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.828344][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.836993][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.845401][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.853195][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.862143][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.870214][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.878107][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.885500][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.894222][ T364] device veth0_vlan entered promiscuous mode [ 49.909909][ T367] device veth1_macvtap entered promiscuous mode [ 49.925670][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 49.934141][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 49.942837][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 49.952132][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 49.960219][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 49.969185][ T363] device veth0_vlan entered promiscuous mode [ 49.979815][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 49.987333][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 49.995317][ T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.007930][ T364] device veth1_macvtap entered promiscuous mode [ 50.018632][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.026248][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.043472][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.052041][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.060258][ T309] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.067120][ T309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.075024][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.083256][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.091497][ T309] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.098627][ T309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.106147][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.114127][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.122075][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.130179][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.148192][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.156448][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.164780][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.172992][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.181312][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 50.189833][ T309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.200712][ T363] device veth1_macvtap entered promiscuous mode [ 50.212710][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 50.221343][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.229481][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 50.237040][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.245882][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.266499][ T28] audit: type=1400 audit(1713400628.344:161): avc: denied { mounton } for pid=364 comm="syz-executor.3" path="/dev/binderfs" dev="devtmpfs" ino=370 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 50.269659][ T365] device veth0_vlan entered promiscuous mode [ 50.299239][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 50.308249][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.316672][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.325312][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 50.333156][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.341473][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.349063][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.375935][ T28] audit: type=1400 audit(1713400628.454:162): avc: denied { bind } for pid=385 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 50.396490][ T28] audit: type=1400 audit(1713400628.454:163): avc: denied { listen } for pid=385 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 50.419845][ T366] device veth0_vlan entered promiscuous mode [ 50.423715][ T28] audit: type=1400 audit(1713400628.464:164): avc: denied { connect } for pid=385 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 50.430943][ T365] device veth1_macvtap entered promiscuous mode [ 50.457653][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.469369][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.481209][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.495294][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.503990][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.512774][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 50.543929][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 50.552165][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 50.573787][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 50.586004][ T366] device veth1_macvtap entered promiscuous mode [ 50.625870][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.646439][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.665447][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.689536][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 50.714440][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 50.741671][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 50.769933][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 50.797350][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.220916][ T24] ================================================================== [ 51.228820][ T24] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x97/0x1b0 [ 51.236026][ T24] Write of size 4 at addr ffff88811db57e88 by task kworker/1:0/24 [ 51.243845][ T24] [ 51.246017][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.1.75-syzkaller-1150989-g692e3553d2e9 #0 [ 51.256421][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 51.266508][ T24] Workqueue: vsock-loopback vsock_loopback_work [ 51.272672][ T24] Call Trace: [ 51.275794][ T24] [ 51.278568][ T24] dump_stack_lvl+0x151/0x1b7 [ 51.283434][ T24] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 51.288804][ T24] ? _printk+0xd1/0x111 [ 51.292890][ T24] ? __virt_addr_valid+0x242/0x2f0 [ 51.298012][ T24] print_report+0x158/0x4e0 [ 51.302432][ T24] ? __virt_addr_valid+0x242/0x2f0 [ 51.307380][ T24] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 51.313458][ T24] ? _raw_spin_lock_bh+0x97/0x1b0 [ 51.318402][ T24] kasan_report+0x13c/0x170 [ 51.322755][ T24] ? _raw_spin_lock_bh+0x97/0x1b0 [ 51.327776][ T24] ? __local_bh_enable_ip+0x58/0x80 [ 51.332893][ T24] kasan_check_range+0x294/0x2a0 [ 51.337849][ T24] __kasan_check_write+0x14/0x20 [ 51.342626][ T24] _raw_spin_lock_bh+0x97/0x1b0 [ 51.347316][ T24] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 51.353033][ T24] ? vsock_find_bound_socket+0x2d0/0x330 [ 51.358576][ T24] virtio_transport_recv_pkt+0x6d3/0x4130 [ 51.364339][ T24] ? virtio_transport_release+0xc30/0xc30 [ 51.369880][ T24] ? memcpy+0x56/0x70 [ 51.373704][ T24] ? ip6_finish_output2+0x1053/0x1820 [ 51.379086][ T24] ? ip6_make_skb+0x7a0/0x7a0 [ 51.383592][ T24] ? ip6t_do_table+0x1643/0x1830 [ 51.388412][ T24] ? cpudl_cleanup+0x40/0x40 [ 51.392801][ T24] ? ip6_finish_output+0x53d/0xa60 [ 51.398018][ T24] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 51.403503][ T24] ? cpudl_cleanup+0x40/0x40 [ 51.407994][ T24] ? update_load_avg+0x513/0x1530 [ 51.413204][ T24] ? __this_cpu_preempt_check+0x13/0x20 [ 51.418685][ T24] ? xfd_validate_state+0x6f/0x170 [ 51.423880][ T24] ? save_fpregs_to_fpstate+0x18f/0x220 [ 51.429263][ T24] ? __kasan_check_write+0x14/0x20 [ 51.434212][ T24] ? __switch_to+0x62c/0x1190 [ 51.438832][ T24] ? __kasan_check_write+0x14/0x20 [ 51.443839][ T24] ? virtio_transport_deliver_tap_pkt+0x60/0xb0 [ 51.450100][ T24] vsock_loopback_work+0x37d/0x3f0 [ 51.455325][ T24] ? _raw_spin_unlock+0x4c/0x70 [ 51.460070][ T24] ? vsock_loopback_send_pkt+0x120/0x120 [ 51.465535][ T24] ? __kasan_check_read+0x11/0x20 [ 51.470404][ T24] ? read_word_at_a_time+0x12/0x20 [ 51.475444][ T24] ? strscpy+0x9c/0x260 [ 51.479511][ T24] process_one_work+0x73d/0xcb0 [ 51.484206][ T24] worker_thread+0xa60/0x1260 [ 51.488936][ T24] kthread+0x26d/0x300 [ 51.492812][ T24] ? worker_clr_flags+0x1a0/0x1a0 [ 51.497775][ T24] ? kthread_blkcg+0xd0/0xd0 [ 51.502198][ T24] ret_from_fork+0x1f/0x30 [ 51.506442][ T24] [ 51.509318][ T24] [ 51.511478][ T24] Allocated by task 395: [ 51.515553][ T24] kasan_set_track+0x4b/0x70 [ 51.520500][ T24] kasan_save_alloc_info+0x1f/0x30 [ 51.525559][ T24] __kasan_kmalloc+0x9c/0xb0 [ 51.529984][ T24] kmalloc_trace+0x44/0xa0 [ 51.534373][ T24] virtio_transport_do_socket_init+0x56/0x2d0 [ 51.540351][ T24] vsock_assign_transport+0x473/0x5b0 [ 51.545965][ T24] vsock_connect+0x5cf/0xd30 [ 51.550504][ T24] __sys_connect+0x2c9/0x300 [ 51.554900][ T24] __x64_sys_connect+0x7a/0x90 [ 51.559629][ T24] do_syscall_64+0x3d/0xb0 [ 51.563851][ T24] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.569943][ T24] [ 51.572196][ T24] Freed by task 395: [ 51.576048][ T24] kasan_set_track+0x4b/0x70 [ 51.580469][ T24] kasan_save_free_info+0x2b/0x40 [ 51.585336][ T24] ____kasan_slab_free+0x131/0x180 [ 51.590461][ T24] __kasan_slab_free+0x11/0x20 [ 51.595072][ T24] __kmem_cache_free+0x218/0x3b0 [ 51.599928][ T24] kfree+0x7a/0xf0 [ 51.603616][ T24] virtio_transport_destruct+0x3b/0x40 [ 51.608947][ T24] vsock_assign_transport+0x32b/0x5b0 [ 51.614253][ T24] vsock_connect+0x5cf/0xd30 [ 51.618682][ T24] __sys_connect+0x2c9/0x300 [ 51.623178][ T24] __x64_sys_connect+0x7a/0x90 [ 51.627784][ T24] do_syscall_64+0x3d/0xb0 [ 51.632035][ T24] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.637774][ T24] [ 51.639934][ T24] The buggy address belongs to the object at ffff88811db57e80 [ 51.639934][ T24] which belongs to the cache kmalloc-96 of size 96 [ 51.654084][ T24] The buggy address is located 8 bytes inside of [ 51.654084][ T24] 96-byte region [ffff88811db57e80, ffff88811db57ee0) [ 51.667054][ T24] [ 51.669231][ T24] The buggy address belongs to the physical page: [ 51.675685][ T24] page:ffffea000476d5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11db57 [ 51.685929][ T24] flags: 0x4000000000000200(slab|zone=1) [ 51.691400][ T24] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042900 [ 51.699828][ T24] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 51.708325][ T24] page dumped because: kasan: bad access detected [ 51.714579][ T24] page_owner tracks the page as allocated [ 51.720227][ T24] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 393, tgid 392 (syz-executor.2), ts 50479891427, free_ts 50465531010 [ 51.738538][ T24] post_alloc_hook+0x213/0x220 [ 51.743128][ T24] prep_new_page+0x1b/0x110 [ 51.747626][ T24] get_page_from_freelist+0x27ea/0x2870 [ 51.752944][ T24] __alloc_pages+0x3a1/0x780 [ 51.757538][ T24] alloc_slab_page+0x6c/0xf0 [ 51.761967][ T24] new_slab+0x90/0x3e0 [ 51.765873][ T24] ___slab_alloc+0x6f9/0xb80 [ 51.770386][ T24] __slab_alloc+0x5d/0xa0 [ 51.774560][ T24] __kmem_cache_alloc_node+0x1af/0x250 [ 51.779933][ T24] kmalloc_trace+0x2a/0xa0 [ 51.784189][ T24] virtio_transport_alloc_pkt+0x6a/0xa10 [ 51.789747][ T24] virtio_transport_send_pkt_info+0x2c8/0x630 [ 51.795741][ T24] virtio_transport_connect+0xd5/0x140 [ 51.801266][ T24] vsock_connect+0xae6/0xd30 [ 51.805727][ T24] __sys_connect+0x2c9/0x300 [ 51.810151][ T24] __x64_sys_connect+0x7a/0x90 [ 51.814754][ T24] page last free stack trace: [ 51.819265][ T24] free_unref_page_prepare+0x83d/0x850 [ 51.825079][ T24] free_unref_page+0xb2/0x5c0 [ 51.829587][ T24] __free_pages+0x61/0xf0 [ 51.833754][ T24] free_pages+0x7c/0x90 [ 51.837744][ T24] tlb_finish_mmu+0x311/0x3f0 [ 51.842378][ T24] exit_mmap+0x421/0x940 [ 51.846457][ T24] __mmput+0x95/0x310 [ 51.850268][ T24] mmput+0x56/0x170 [ 51.854072][ T24] do_exit+0xb29/0x2b80 [ 51.858162][ T24] do_group_exit+0x21a/0x2d0 [ 51.862588][ T24] get_signal+0x169d/0x1820 [ 51.867061][ T24] arch_do_signal_or_restart+0xb0/0x16f0 [ 51.872705][ T24] exit_to_user_mode_loop+0x74/0xa0 [ 51.877736][ T24] exit_to_user_mode_prepare+0x5a/0xa0 [ 51.883129][ T24] syscall_exit_to_user_mode+0x26/0x140 [ 51.888599][ T24] do_syscall_64+0x49/0xb0 [ 51.892857][ T24] [ 51.895015][ T24] Memory state around the buggy address: [ 51.900606][ T24] ffff88811db57d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.908612][ T24] ffff88811db57e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.916473][ T24] >ffff88811db57e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 51.924349][ T24] ^ [ 51.928523][ T24] ffff88811db57f00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 51.936519][ T24] ffff88811db57f80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 51.944408][ T24] ================================================================== [ 51.952361][ T24] Disabling lock debugging due to kernel taint