Warning: Permanently added '[localhost]:49464' (ECDSA) to the list of known hosts. 2022/07/14 12:24:39 fuzzer started 2022/07/14 12:24:39 dialing manager at localhost:45023 syzkaller login: [ 42.196919] cgroup: Unknown subsys name 'net' [ 42.299016] cgroup: Unknown subsys name 'rlimit' 2022/07/14 12:24:55 syscalls: 2217 2022/07/14 12:24:55 code coverage: enabled 2022/07/14 12:24:55 comparison tracing: enabled 2022/07/14 12:24:55 extra coverage: enabled 2022/07/14 12:24:55 setuid sandbox: enabled 2022/07/14 12:24:55 namespace sandbox: enabled 2022/07/14 12:24:55 Android sandbox: enabled 2022/07/14 12:24:55 fault injection: enabled 2022/07/14 12:24:55 leak checking: enabled 2022/07/14 12:24:55 net packet injection: enabled 2022/07/14 12:24:55 net device setup: enabled 2022/07/14 12:24:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2022/07/14 12:24:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2022/07/14 12:24:55 USB emulation: enabled 2022/07/14 12:24:55 hci packet injection: enabled 2022/07/14 12:24:55 wifi device emulation: enabled 2022/07/14 12:24:55 802.15.4 emulation: enabled 2022/07/14 12:24:55 fetching corpus: 0, signal 0/2000 (executing program) 2022/07/14 12:24:55 fetching corpus: 34, signal 20749/24369 (executing program) 2022/07/14 12:24:55 fetching corpus: 79, signal 43723/48423 (executing program) 2022/07/14 12:24:55 fetching corpus: 129, signal 51818/57742 (executing program) 2022/07/14 12:24:55 fetching corpus: 179, signal 59596/66639 (executing program) 2022/07/14 12:24:55 fetching corpus: 229, signal 65835/73913 (executing program) 2022/07/14 12:24:56 fetching corpus: 279, signal 73812/82732 (executing program) 2022/07/14 12:24:56 fetching corpus: 329, signal 77322/87225 (executing program) 2022/07/14 12:24:56 fetching corpus: 379, signal 83360/93979 (executing program) 2022/07/14 12:24:56 fetching corpus: 429, signal 88782/100038 (executing program) 2022/07/14 12:24:56 fetching corpus: 479, signal 96384/107995 (executing program) 2022/07/14 12:24:56 fetching corpus: 529, signal 99740/112001 (executing program) 2022/07/14 12:24:57 fetching corpus: 578, signal 103606/116499 (executing program) 2022/07/14 12:24:57 fetching corpus: 628, signal 107982/121344 (executing program) 2022/07/14 12:24:57 fetching corpus: 678, signal 111917/125655 (executing program) 2022/07/14 12:24:57 fetching corpus: 728, signal 114266/128527 (executing program) 2022/07/14 12:24:57 fetching corpus: 778, signal 119146/133446 (executing program) 2022/07/14 12:24:57 fetching corpus: 828, signal 121067/135865 (executing program) 2022/07/14 12:24:58 fetching corpus: 878, signal 123213/138469 (executing program) 2022/07/14 12:24:58 fetching corpus: 928, signal 124507/140308 (executing program) 2022/07/14 12:24:58 fetching corpus: 978, signal 129626/145083 (executing program) 2022/07/14 12:24:58 fetching corpus: 1027, signal 131493/147287 (executing program) 2022/07/14 12:24:58 fetching corpus: 1075, signal 133212/149413 (executing program) 2022/07/14 12:24:58 fetching corpus: 1125, signal 135063/151533 (executing program) 2022/07/14 12:24:58 fetching corpus: 1174, signal 136698/153489 (executing program) 2022/07/14 12:24:59 fetching corpus: 1223, signal 138639/155660 (executing program) 2022/07/14 12:24:59 fetching corpus: 1273, signal 140676/157833 (executing program) 2022/07/14 12:24:59 fetching corpus: 1322, signal 143719/160678 (executing program) 2022/07/14 12:24:59 fetching corpus: 1370, signal 145870/162878 (executing program) 2022/07/14 12:24:59 fetching corpus: 1420, signal 147495/164588 (executing program) 2022/07/14 12:24:59 fetching corpus: 1470, signal 149089/166300 (executing program) 2022/07/14 12:24:59 fetching corpus: 1519, signal 150796/167988 (executing program) 2022/07/14 12:25:00 fetching corpus: 1568, signal 151801/169242 (executing program) 2022/07/14 12:25:00 fetching corpus: 1616, signal 153634/171026 (executing program) 2022/07/14 12:25:00 fetching corpus: 1666, signal 155727/172879 (executing program) 2022/07/14 12:25:00 fetching corpus: 1716, signal 157153/174318 (executing program) 2022/07/14 12:25:00 fetching corpus: 1766, signal 159092/176025 (executing program) 2022/07/14 12:25:00 fetching corpus: 1816, signal 160462/177329 (executing program) 2022/07/14 12:25:01 fetching corpus: 1866, signal 162066/178812 (executing program) 2022/07/14 12:25:01 fetching corpus: 1916, signal 164066/180504 (executing program) 2022/07/14 12:25:01 fetching corpus: 1966, signal 165465/181744 (executing program) 2022/07/14 12:25:01 fetching corpus: 2016, signal 167384/183225 (executing program) 2022/07/14 12:25:01 fetching corpus: 2066, signal 169231/184690 (executing program) 2022/07/14 12:25:01 fetching corpus: 2116, signal 170582/185802 (executing program) 2022/07/14 12:25:02 fetching corpus: 2166, signal 171835/186850 (executing program) 2022/07/14 12:25:02 fetching corpus: 2216, signal 172741/187674 (executing program) 2022/07/14 12:25:02 fetching corpus: 2266, signal 173844/188618 (executing program) 2022/07/14 12:25:02 fetching corpus: 2315, signal 175183/189648 (executing program) 2022/07/14 12:25:02 fetching corpus: 2365, signal 176225/190511 (executing program) 2022/07/14 12:25:02 fetching corpus: 2415, signal 177411/191378 (executing program) 2022/07/14 12:25:02 fetching corpus: 2465, signal 178737/192400 (executing program) 2022/07/14 12:25:02 fetching corpus: 2515, signal 179448/193017 (executing program) 2022/07/14 12:25:03 fetching corpus: 2565, signal 180767/193921 (executing program) 2022/07/14 12:25:03 fetching corpus: 2615, signal 181803/194713 (executing program) 2022/07/14 12:25:03 fetching corpus: 2665, signal 182863/195435 (executing program) 2022/07/14 12:25:03 fetching corpus: 2715, signal 183759/196069 (executing program) 2022/07/14 12:25:03 fetching corpus: 2765, signal 184683/196705 (executing program) 2022/07/14 12:25:03 fetching corpus: 2815, signal 185756/197382 (executing program) 2022/07/14 12:25:03 fetching corpus: 2865, signal 186823/198083 (executing program) 2022/07/14 12:25:04 fetching corpus: 2915, signal 187801/198681 (executing program) 2022/07/14 12:25:04 fetching corpus: 2965, signal 188958/199355 (executing program) 2022/07/14 12:25:04 fetching corpus: 3014, signal 190393/200137 (executing program) 2022/07/14 12:25:04 fetching corpus: 3063, signal 191472/200720 (executing program) 2022/07/14 12:25:04 fetching corpus: 3113, signal 192938/201478 (executing program) 2022/07/14 12:25:04 fetching corpus: 3163, signal 194016/202029 (executing program) 2022/07/14 12:25:05 fetching corpus: 3213, signal 194849/202458 (executing program) 2022/07/14 12:25:05 fetching corpus: 3263, signal 196202/203064 (executing program) 2022/07/14 12:25:05 fetching corpus: 3313, signal 197195/203501 (executing program) 2022/07/14 12:25:05 fetching corpus: 3361, signal 198200/203922 (executing program) 2022/07/14 12:25:05 fetching corpus: 3411, signal 199246/204326 (executing program) 2022/07/14 12:25:05 fetching corpus: 3461, signal 199874/204580 (executing program) 2022/07/14 12:25:05 fetching corpus: 3498, signal 200433/204816 (executing program) 2022/07/14 12:25:05 fetching corpus: 3499, signal 200434/204874 (executing program) 2022/07/14 12:25:05 fetching corpus: 3499, signal 200434/204939 (executing program) 2022/07/14 12:25:05 fetching corpus: 3499, signal 200434/205001 (executing program) 2022/07/14 12:25:05 fetching corpus: 3499, signal 200434/205058 (executing program) 2022/07/14 12:25:05 fetching corpus: 3499, signal 200434/205139 (executing program) 2022/07/14 12:25:06 fetching corpus: 3499, signal 200434/205208 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205287 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205346 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205412 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205474 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205536 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205609 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205673 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205742 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205797 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205852 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205909 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/205972 (executing program) 2022/07/14 12:25:06 fetching corpus: 3500, signal 200437/206039 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200448/206097 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200448/206160 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200448/206225 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200448/206285 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200448/206346 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206417 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206473 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206532 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206593 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206650 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206706 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206756 (executing program) 2022/07/14 12:25:06 fetching corpus: 3501, signal 200449/206769 (executing program) 2022/07/14 12:25:06 fetching corpus: 3502, signal 200460/206769 (executing program) 2022/07/14 12:25:06 fetching corpus: 3502, signal 200460/206769 (executing program) 2022/07/14 12:25:09 starting 8 fuzzer processes 12:25:09 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000100)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "2ddc20", 0x10, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @multicast1}, @local, {[], @ndisc_ra={0x86, 0x2}}}}}}, 0x0) 12:25:09 executing program 1: r0 = syz_io_uring_setup(0xeaf, &(0x7f00000003c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000440)=0x0, &(0x7f0000000380)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd_index, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x5e9a, 0x0, 0x0, 0x0, 0x0) 12:25:09 executing program 2: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x24, 0x0, 0x0) [ 70.384513] audit: type=1400 audit(1657801509.285:6): avc: denied { execmem } for pid=284 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 12:25:09 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000006b80)={0x0, 0x0, &(0x7f0000006b40)={&(0x7f0000006dc0)=@updsa={0x188, 0x1a, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast1}, {@in6=@loopback, 0x0, 0x33}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'gcm(xeta-generic)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(sm4-ce)\x00'}}}]}, 0x188}}, 0x0) 12:25:09 executing program 4: r0 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r0, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) 12:25:09 executing program 5: r0 = syz_io_uring_setup(0x46ac, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, 0x4}, 0x0) io_uring_enter(r0, 0x7fd6, 0x0, 0x0, 0x0, 0x0) 12:25:09 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x42) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$inet(r0, &(0x7f00000069c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x2, 0x0) 12:25:09 executing program 7: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000)=0x9, 0x1) [ 71.678770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.680553] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.681875] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.684940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.687186] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 71.688604] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.798076] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.800100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.801720] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.805326] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.808054] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 71.809445] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.865730] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 71.867990] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 71.868669] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 71.870741] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 71.872046] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 71.874007] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 71.875141] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 71.879035] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 71.881029] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 71.882283] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 71.883402] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 71.885499] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.887674] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 71.889381] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 71.890410] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 71.891893] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 71.893121] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 71.894511] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 71.895695] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 71.903143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.904476] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.915000] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.918187] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.947478] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.948920] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.961449] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.963325] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 71.971471] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.986665] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.989029] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.763852] Bluetooth: hci1: Opcode 0x c03 failed: -110 [ 73.765448] Bluetooth: hci0: command 0x0409 tx timeout [ 73.827316] Bluetooth: hci4: command 0x0409 tx timeout [ 73.955345] Bluetooth: hci7: command 0x0409 tx timeout [ 73.955571] Bluetooth: hci6: command 0x0409 tx timeout [ 73.956649] Bluetooth: hci5: command 0x0409 tx timeout [ 74.019292] Bluetooth: hci3: command 0x0409 tx timeout [ 74.020135] Bluetooth: hci2: command 0x0409 tx timeout [ 75.812280] Bluetooth: hci0: command 0x041b tx timeout [ 75.876315] Bluetooth: hci4: command 0x041b tx timeout [ 76.004298] Bluetooth: hci5: command 0x041b tx timeout [ 76.004807] Bluetooth: hci6: command 0x041b tx timeout [ 76.005886] Bluetooth: hci7: command 0x041b tx timeout [ 76.068302] Bluetooth: hci2: command 0x041b tx timeout [ 76.069189] Bluetooth: hci3: command 0x041b tx timeout [ 76.905653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.906955] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.908776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.910216] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.911654] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.912298] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.860317] Bluetooth: hci0: command 0x040f tx timeout [ 77.923270] Bluetooth: hci4: command 0x040f tx timeout [ 78.052565] Bluetooth: hci7: command 0x040f tx timeout [ 78.054443] Bluetooth: hci6: command 0x040f tx timeout [ 78.054855] Bluetooth: hci5: command 0x040f tx timeout [ 78.116315] Bluetooth: hci3: command 0x040f tx timeout [ 78.117069] Bluetooth: hci2: command 0x040f tx timeout [ 78.947381] Bluetooth: hci1: command 0x0409 tx timeout [ 79.907375] Bluetooth: hci0: command 0x0419 tx timeout [ 79.971568] Bluetooth: hci4: command 0x0419 tx timeout [ 80.099487] Bluetooth: hci5: command 0x0419 tx timeout [ 80.100168] Bluetooth: hci6: command 0x0419 tx timeout [ 80.100835] Bluetooth: hci7: command 0x0419 tx timeout [ 80.163298] Bluetooth: hci2: command 0x0419 tx timeout [ 80.163908] Bluetooth: hci3: command 0x0419 tx timeout [ 80.996283] Bluetooth: hci1: command 0x041b tx timeout [ 82.271377] ================================================================== [ 82.271995] BUG: KASAN: use-after-free in __lock_acquire+0x42c9/0x5e70 [ 82.272509] Read of size 8 at addr ffff88800d344a38 by task kmemleak/54 [ 82.273007] [ 82.273140] CPU: 0 PID: 54 Comm: kmemleak Not tainted 5.19.0-rc6-next-20220714 #1 [ 82.273817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 82.274962] Call Trace: [ 82.275147] [ 82.275316] dump_stack_lvl+0x8b/0xb3 [ 82.275620] print_report.cold+0x5e/0x5e5 [ 82.276199] ? __lock_acquire+0x42c9/0x5e70 [ 82.276530] kasan_report+0xb1/0x1c0 [ 82.276826] ? __lock_acquire+0x42c9/0x5e70 [ 82.277154] __lock_acquire+0x42c9/0x5e70 [ 82.277483] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.277872] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 82.278267] ? finish_task_switch.isra.0+0x230/0x8a0 [ 82.278653] lock_acquire+0x1a2/0x530 [ 82.278948] ? kmemleak_scan+0x21d/0x16a0 [ 82.279269] ? lock_release+0x750/0x750 [ 82.279570] ? lock_release+0x750/0x750 [ 82.279879] ? io_schedule_timeout+0x150/0x150 [ 82.280238] ? _raw_spin_lock_irq+0x41/0x50 [ 82.280568] _raw_spin_lock_irq+0x32/0x50 [ 82.280889] ? kmemleak_scan+0x21d/0x16a0 [ 82.281216] kmemleak_scan+0x21d/0x16a0 [ 82.281535] ? paint_ptr+0xc0/0xc0 [ 82.281822] ? __kthread_parkme+0x15a/0x220 [ 82.282156] ? kmemleak_write.cold+0x29/0x29 [ 82.282504] kmemleak_scan_thread+0x8f/0xb1 [ 82.282834] kthread+0x2ed/0x3a0 [ 82.283102] ? kthread_complete_and_exit+0x40/0x40 [ 82.283487] ret_from_fork+0x22/0x30 [ 82.283791] [ 82.283967] [ 82.284095] Allocated by task 185: [ 82.284350] kasan_save_stack+0x1e/0x40 [ 82.284649] __kasan_slab_alloc+0x66/0x80 [ 82.284953] kmem_cache_alloc+0x1b1/0x4a0 [ 82.285258] __create_object.isra.0+0x3d/0xc10 [ 82.285597] kmemleak_alloc_percpu+0xa3/0x100 [ 82.285931] pcpu_alloc+0x7be/0x10a0 [ 82.286210] __percpu_counter_init+0x10d/0x2e0 [ 82.286557] wb_init+0x607/0x810 [ 82.286810] wb_get_create+0x23a/0x1180 [ 82.287101] __inode_attach_wb+0x2e6/0x880 [ 82.287422] __mark_inode_dirty+0x9b2/0xf00 [ 82.287761] touch_atime+0x644/0x700 [ 82.288047] filemap_read+0xb16/0xd10 [ 82.288343] generic_file_read_iter+0x3cd/0x530 [ 82.288697] ext4_file_read_iter+0x182/0x400 [ 82.289034] __kernel_read+0x2cb/0x7d0 [ 82.289326] kernel_read+0xbf/0x1c0 [ 82.289601] bprm_execve+0x70e/0x1920 [ 82.289888] do_execveat_common+0x72c/0x890 [ 82.290206] __x64_sys_execve+0x8f/0xc0 [ 82.290507] do_syscall_64+0x3b/0x90 [ 82.290790] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.291172] [ 82.291302] Freed by task 19: [ 82.291536] kasan_save_stack+0x1e/0x40 [ 82.291843] kasan_set_track+0x21/0x30 [ 82.292134] kasan_set_free_info+0x20/0x40 [ 82.292452] __kasan_slab_free+0x108/0x190 [ 82.292768] kmem_cache_free+0xfb/0x610 [ 82.293064] rcu_core+0x7e2/0x2080 [ 82.293334] __do_softirq+0x1c8/0x8d0 [ 82.293622] [ 82.293754] Last potentially related work creation: [ 82.294108] kasan_save_stack+0x1e/0x40 [ 82.294404] __kasan_record_aux_stack+0x97/0xb0 [ 82.294759] call_rcu+0x6a/0xa30 [ 82.295016] kmemleak_free_percpu+0xb5/0xe0 [ 82.295336] free_percpu+0x2c/0xec0 [ 82.295613] percpu_counter_destroy+0x11a/0x1c0 [ 82.295968] wb_exit+0x76/0xb0 [ 82.296212] cgwb_release_workfn+0x25d/0x3f0 [ 82.296540] process_one_work+0xa0f/0x1690 [ 82.296865] worker_thread+0x637/0x1260 [ 82.297169] kthread+0x2ed/0x3a0 [ 82.297429] ret_from_fork+0x22/0x30 [ 82.297707] [ 82.297837] The buggy address belongs to the object at ffff88800d344a20 [ 82.297837] which belongs to the cache kmemleak_object of size 368 [ 82.298751] The buggy address is located 24 bytes inside of [ 82.298751] 368-byte region [ffff88800d344a20, ffff88800d344b90) [ 82.299584] [ 82.299731] The buggy address belongs to the physical page: [ 82.300138] page:0000000029035c3b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xd344 [ 82.300835] head:0000000029035c3b order:1 compound_mapcount:0 compound_pincount:0 [ 82.301393] flags: 0x100000000010200(slab|head|node=0|zone=1) [ 82.301841] raw: 0100000000010200 ffffea0000338b00 dead000000000002 ffff88800784f780 [ 82.302410] raw: 0000000000000000 0000000000120012 00000001ffffffff 0000000000000000 [ 82.302969] page dumped because: kasan: bad access detected [ 82.303378] [ 82.303506] Memory state around the buggy address: [ 82.303867] ffff88800d344900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.304387] ffff88800d344980: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 82.304912] >ffff88800d344a00: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 82.305440] ^ [ 82.305812] ffff88800d344a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.306335] ffff88800d344b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.306860] ================================================================== [ 82.307377] Disabling lock debugging due to kernel taint VM DIAGNOSIS: 12:25:21 Registers: info registers vcpu 0 RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff82422851 RDI=ffffffff87419720 RBP=ffffffff874196e0 RSP=ffff88800f947628 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=000000000000000a R13=ffffffff874196e0 R14=0000000000000010 R15=ffffffff82422840 RIP=ffffffff824228a9 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fe99de63368 CR3=0000000035224000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 756e696c2d34365f 3638782f62696c2f YMM01=0000000000000000 0000000000000000 322e6f732e6c6462 696c2f756e672d78 YMM02=0000000000000000 0000000000000000 00322e6f732e6c64 62696c2f756e672d YMM03=0000000000000000 0000000000000000 78756e696c2d3436 5f3638782f62696c YMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 RAX=dffffc0000000000 RBX=8ec437d1630d5e9c RCX=ffffffff8129276b RDX=0000000000000000 RSI=00000000ec437d18 RDI=ffff88801d2289c1 RBP=0000000000000000 RSP=ffff88800d5ef6c8 R8 =0000000000000000 R9 =ffffffff86a937d7 R10=fffffbfff0d526fa R11=0000000000000001 R12=ffff88801d228000 R13=ffff88801d2289a0 R14=ffff88801d228978 R15=0000000000000000 RIP=ffffffff812923bb RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f20f13586f4 CR3=000000003e7be000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 YMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM01=0000000000000000 0000000000000000 00007f20f1367470 00007f20f1366f20 YMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM03=0000000000000000 0000000000000000 756e20796d6d7564 20736e6f6974706f YMM04=0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f YMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM08=0000000000000000 0000000000000000 73253d656d616e6c 6165722073253d73 YMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 YMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000