Warning: Permanently added '10.128.1.200' (ED25519) to the list of known hosts. 2024/09/30 01:00:05 ignoring optional flag "sandboxArg"="0" 2024/09/30 01:00:05 ignoring optional flag "type"="gce" 2024/09/30 01:00:05 parsed 1 programs 2024/09/30 01:00:06 executed programs: 0 [ 41.306368][ T27] audit: type=1400 audit(1727658006.003:95): avc: denied { unlink } for pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 41.340334][ T340] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.468436][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.475415][ T353] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.483806][ T353] device bridge_slave_0 entered promiscuous mode [ 41.492688][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.500339][ T353] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.508100][ T353] device bridge_slave_1 entered promiscuous mode [ 41.594834][ T358] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.601729][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.609424][ T358] device bridge_slave_0 entered promiscuous mode [ 41.616453][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.625730][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.634080][ T351] device bridge_slave_0 entered promiscuous mode [ 41.644125][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.651464][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.658770][ T351] device bridge_slave_1 entered promiscuous mode [ 41.670084][ T358] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.677739][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.685800][ T358] device bridge_slave_1 entered promiscuous mode [ 41.693195][ T357] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.700978][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.709174][ T357] device bridge_slave_0 entered promiscuous mode [ 41.728570][ T357] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.736849][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.744432][ T357] device bridge_slave_1 entered promiscuous mode [ 41.781778][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.790703][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.798787][ T356] device bridge_slave_0 entered promiscuous mode [ 41.824143][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.832397][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.840387][ T356] device bridge_slave_1 entered promiscuous mode [ 41.908822][ T353] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.916521][ T353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.923762][ T353] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.930979][ T353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.996053][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.002928][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.010145][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.017180][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.040228][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.047605][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.055031][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.063145][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.071955][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.080194][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.105214][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.115097][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.124608][ T292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.146553][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.155223][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.163060][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.191186][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.199786][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.219205][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.226911][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.235365][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.244191][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.251502][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.259958][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.268302][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.275554][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.283049][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.291462][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.298849][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.306840][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.314732][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.321612][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.330206][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.339137][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.354800][ T353] device veth0_vlan entered promiscuous mode [ 42.376421][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.384741][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.392669][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.401299][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.409007][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.417161][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.424093][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.432129][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.440298][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.447338][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.455017][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.463447][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.471308][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.479773][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.506308][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.514378][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.522893][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.532359][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.540880][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.549179][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.557318][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.564731][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.572344][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.580653][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.589049][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.596124][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.603819][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.612766][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.620743][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.627828][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.635317][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.643971][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.659845][ T357] device veth0_vlan entered promiscuous mode [ 42.670008][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.677667][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.687059][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.695724][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.704109][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.712096][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.720180][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.727926][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.736617][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.751386][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.758783][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.766007][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.773921][ T304] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.785803][ T357] device veth1_macvtap entered promiscuous mode [ 42.798372][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.806180][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.814333][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.822329][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 42.830397][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.841621][ T356] device veth0_vlan entered promiscuous mode [ 42.849000][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.857627][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.865804][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.873844][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.881705][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.890160][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.898853][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 42.906794][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.916970][ T353] device veth1_macvtap entered promiscuous mode [ 42.927936][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.935553][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.943029][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.950746][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.958162][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.965342][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 42.974376][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.983012][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.991256][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.003764][ T351] device veth0_vlan entered promiscuous mode [ 43.012852][ T358] device veth0_vlan entered promiscuous mode [ 43.019338][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 43.027766][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 43.035615][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 43.043223][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 43.055960][ T27] audit: type=1400 audit(1727658007.743:96): avc: denied { mounton } for pid=357 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 43.082271][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.090699][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.102518][ T351] device veth1_macvtap entered promiscuous mode [ 43.108933][ T27] audit: type=1400 audit(1727658007.793:97): avc: denied { create } for pid=376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 43.129762][ T27] audit: type=1400 audit(1727658007.793:98): avc: denied { bind } for pid=376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 43.129848][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.158265][ T27] audit: type=1400 audit(1727658007.793:99): avc: denied { listen } for pid=376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 43.158283][ T27] audit: type=1400 audit(1727658007.793:100): avc: denied { connect } for pid=376 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 43.200404][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.208674][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.216563][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.226296][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.235546][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.245220][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.257992][ T356] device veth1_macvtap entered promiscuous mode [ 43.272281][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.280534][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.288817][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.307660][ T358] device veth1_macvtap entered promiscuous mode [ 43.316049][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 43.325264][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 43.336655][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 43.353039][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.361511][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.372317][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.383142][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 43.391888][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 43.401124][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 43.409802][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 43.418824][ T292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/09/30 01:00:11 executed programs: 94 [ 49.300905][ T23] ================================================================== [ 49.308902][ T23] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x97/0x1b0 [ 49.316339][ T23] Write of size 4 at addr ffff88811de8d808 by task kworker/1:0/23 [ 49.324079][ T23] [ 49.326263][ T23] CPU: 1 PID: 23 Comm: kworker/1:0 Not tainted 6.1.99-syzkaller #0 [ 49.334162][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 49.344146][ T23] Workqueue: vsock-loopback vsock_loopback_work [ 49.350226][ T23] Call Trace: [ 49.353340][ T23] [ 49.356118][ T23] dump_stack_lvl+0x105/0x148 [ 49.360635][ T23] ? panic+0x3bb/0x3bb [ 49.364718][ T23] ? nf_tcp_handle_invalid+0x30b/0x30b [ 49.370014][ T23] ? _printk+0xca/0x10a [ 49.374369][ T23] print_report+0x158/0x4e0 [ 49.378780][ T23] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 49.384962][ T23] ? _raw_spin_lock_bh+0x97/0x1b0 [ 49.390437][ T23] kasan_report+0x13c/0x170 [ 49.394970][ T23] ? _raw_spin_lock_bh+0x97/0x1b0 [ 49.399901][ T23] ? __local_bh_enable_ip+0x4a/0x70 [ 49.405110][ T23] kasan_check_range+0x294/0x2a0 [ 49.409999][ T23] __kasan_check_write+0x14/0x20 [ 49.415086][ T23] _raw_spin_lock_bh+0x97/0x1b0 [ 49.419862][ T23] ? _raw_spin_lock_irq+0x1b0/0x1b0 [ 49.424986][ T23] ? __local_bh_enable_ip+0x4a/0x70 [ 49.430446][ T23] ? _raw_spin_unlock_bh+0x50/0x60 [ 49.435482][ T23] virtio_transport_recv_pkt+0x4fb/0x3ca0 [ 49.441317][ T23] ? virtio_transport_release+0xaa0/0xaa0 [ 49.447055][ T23] ? enqueue_task_fair+0xe87/0x21e0 [ 49.452445][ T23] ? check_preempt_wakeup+0x717/0xb20 [ 49.458180][ T23] ? yield_to_task_fair+0x190/0x190 [ 49.463318][ T23] ? ttwu_do_wakeup+0xe5/0x430 [ 49.468191][ T23] ? cpudl_cleanup+0x40/0x40 [ 49.472818][ T23] ? ttwu_do_activate+0x172/0x270 [ 49.477744][ T23] ? cpudl_cleanup+0x40/0x40 [ 49.482344][ T23] ? update_load_avg+0x513/0x1510 [ 49.487295][ T23] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 49.492944][ T23] ? __this_cpu_preempt_check+0x13/0x20 [ 49.498411][ T23] ? xfd_validate_state+0x16/0x50 [ 49.503268][ T23] ? __kasan_check_write+0x14/0x20 [ 49.508406][ T23] ? __switch_to+0x621/0x1170 [ 49.513175][ T23] ? __kasan_check_write+0x14/0x20 [ 49.518118][ T23] ? vsock_deliver_tap+0x2a/0x50 [ 49.523198][ T23] vsock_loopback_work+0x376/0x3d0 [ 49.528127][ T23] ? _raw_spin_unlock+0x4c/0x70 [ 49.532989][ T23] ? vsock_loopback_send_pkt+0x110/0x110 [ 49.538571][ T23] ? __kasan_check_read+0x11/0x20 [ 49.543426][ T23] ? read_word_at_a_time+0x12/0x20 [ 49.548554][ T23] ? strscpy+0x99/0x260 [ 49.552779][ T23] process_one_work+0x6de/0xd00 [ 49.557947][ T23] worker_thread+0x892/0xf20 [ 49.562365][ T23] ? process_one_work+0xd00/0xd00 [ 49.567414][ T23] kthread+0x215/0x270 [ 49.571398][ T23] ? process_one_work+0xd00/0xd00 [ 49.576314][ T23] ? kthread_blkcg+0xa0/0xa0 [ 49.581042][ T23] ret_from_fork+0x1f/0x30 [ 49.585478][ T23] [ 49.588522][ T23] [ 49.590848][ T23] Allocated by task 593: [ 49.595015][ T23] kasan_set_track+0x4b/0x70 [ 49.599701][ T23] kasan_save_alloc_info+0x1f/0x30 [ 49.604655][ T23] __kasan_kmalloc+0x9c/0xb0 [ 49.609310][ T23] kmalloc_trace+0x44/0xa0 [ 49.613938][ T23] virtio_transport_do_socket_init+0x51/0x290 [ 49.619940][ T23] vsock_assign_transport+0x376/0x4f0 [ 49.625351][ T23] vsock_connect+0x3c7/0xb90 [ 49.629995][ T23] __sys_connect+0x304/0x370 [ 49.634842][ T23] __x64_sys_connect+0x75/0x80 [ 49.639447][ T23] x64_sys_call+0x14e/0x9a0 [ 49.643788][ T23] do_syscall_64+0x3b/0xb0 [ 49.648222][ T23] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.654031][ T23] [ 49.656189][ T23] Freed by task 593: [ 49.660283][ T23] kasan_set_track+0x4b/0x70 [ 49.664704][ T23] kasan_save_free_info+0x2b/0x40 [ 49.669556][ T23] ____kasan_slab_free+0x131/0x180 [ 49.674650][ T23] __kasan_slab_free+0x11/0x20 [ 49.679900][ T23] __kmem_cache_free+0x1fa/0x370 [ 49.685035][ T23] kfree+0x7a/0xf0 [ 49.688574][ T23] virtio_transport_destruct+0x36/0x40 [ 49.694034][ T23] vsock_assign_transport+0x23f/0x4f0 [ 49.699243][ T23] vsock_connect+0x3c7/0xb90 [ 49.703931][ T23] __sys_connect+0x304/0x370 [ 49.708648][ T23] __x64_sys_connect+0x75/0x80 [ 49.713332][ T23] x64_sys_call+0x14e/0x9a0 [ 49.717751][ T23] do_syscall_64+0x3b/0xb0 [ 49.722039][ T23] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 49.727739][ T23] [ 49.730010][ T23] The buggy address belongs to the object at ffff88811de8d800 [ 49.730010][ T23] which belongs to the cache kmalloc-96 of size 96 [ 49.744424][ T23] The buggy address is located 8 bytes inside of [ 49.744424][ T23] 96-byte region [ffff88811de8d800, ffff88811de8d860) [ 49.757467][ T23] [ 49.759718][ T23] The buggy address belongs to the physical page: [ 49.765981][ T23] page:ffffea000477a340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11de8d [ 49.776339][ T23] flags: 0x4000000000000200(slab|zone=1) [ 49.781765][ T23] raw: 4000000000000200 0000000000000000 dead000000000122 ffff888100042900 [ 49.790594][ T23] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 [ 49.799085][ T23] page dumped because: kasan: bad access detected [ 49.806018][ T23] page_owner tracks the page as allocated [ 49.811726][ T23] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 445, tgid 445 (udevd), ts 49201377485, free_ts 46946586931 [ 49.829475][ T23] prep_new_page+0x512/0x5e0 [ 49.833987][ T23] get_page_from_freelist+0x288b/0x2910 [ 49.839456][ T23] __alloc_pages+0x39f/0x780 [ 49.843970][ T23] alloc_slab_page+0x6c/0xf0 [ 49.848405][ T23] new_slab+0x7b/0x370 [ 49.852332][ T23] ___slab_alloc+0x611/0x9a0 [ 49.856857][ T23] __slab_alloc+0x52/0x90 [ 49.861169][ T23] __kmem_cache_alloc_node+0x1af/0x250 [ 49.866725][ T23] kmalloc_trace+0x2a/0xa0 [ 49.871150][ T23] kernfs_fop_open+0x60b/0xa40 [ 49.876103][ T23] do_dentry_open+0x620/0xdc0 [ 49.880627][ T23] vfs_open+0x6e/0x80 [ 49.884633][ T23] path_openat+0x1eb0/0x2440 [ 49.889527][ T23] do_filp_open+0x226/0x430 [ 49.894055][ T23] do_sys_openat2+0x103/0x6e0 [ 49.898849][ T23] __x64_sys_openat+0x209/0x250 [ 49.904291][ T23] page last free stack trace: [ 49.909117][ T23] free_unref_page_prepare+0x794/0x7a0 [ 49.915166][ T23] free_unref_page+0xb2/0x5b0 [ 49.919763][ T23] __free_pages+0x67/0xd0 [ 49.924265][ T23] __vunmap+0x401/0x7b0 [ 49.928746][ T23] free_work+0x41/0x70 [ 49.932788][ T23] process_one_work+0x6de/0xd00 [ 49.937617][ T23] worker_thread+0x892/0xf20 [ 49.942948][ T23] kthread+0x215/0x270 [ 49.947421][ T23] ret_from_fork+0x1f/0x30 [ 49.951756][ T23] [ 49.954096][ T23] Memory state around the buggy address: [ 49.959772][ T23] ffff88811de8d700: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 49.968310][ T23] ffff88811de8d780: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.976560][ T23] >ffff88811de8d800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.984971][ T23] ^ [ 49.989313][ T23] ffff88811de8d880: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 49.997214][ T23] ffff88811de8d900: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 50.005218][ T23] ================================================================== [ 50.013330][ T23] Disabling lock debugging due to kernel taint