[ 7.248179][ T23] audit: type=1400 audit(1744834801.170:29): avc: denied { getattr } for pid=185 comm="dbus-daemon" path="/run/messagebus.pid" dev="tmpfs" ino=11234 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 7.376158][ T23] audit: type=1400 audit(1744834801.330:30): avc: denied { search } for pid=199 comm="dhcpcd" name="/" dev="tmpfs" ino=10814 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 7.380473][ T23] audit: type=1400 audit(1744834801.330:31): avc: denied { write } for pid=199 comm="dhcpcd" name="/" dev="tmpfs" ino=10814 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 15.487974][ T23] kauditd_printk_skb: 29 callbacks suppressed [ 15.487986][ T23] audit: type=1400 audit(1744834809.440:61): avc: denied { transition } for pid=288 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.497603][ T23] audit: type=1400 audit(1744834809.440:62): avc: denied { noatsecure } for pid=288 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.504055][ T23] audit: type=1400 audit(1744834809.440:63): avc: denied { write } for pid=288 comm="sh" path="pipe:[10186]" dev="pipefs" ino=10186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 15.518713][ T23] audit: type=1400 audit(1744834809.440:64): avc: denied { rlimitinh } for pid=288 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 15.537369][ T23] audit: type=1400 audit(1744834809.440:65): avc: denied { siginh } for pid=288 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 17.562138][ T289] sshd (289) used greatest stack depth: 21176 bytes left Warning: Permanently added '10.128.1.69' (ED25519) to the list of known hosts. 2025/04/16 20:20:18 ignoring optional flag "sandboxArg"="0" 2025/04/16 20:20:19 parsed 1 programs [ 25.492490][ T23] audit: type=1400 audit(1744834819.450:66): avc: denied { node_bind } for pid=351 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 26.307632][ T23] audit: type=1400 audit(1744834820.260:67): avc: denied { mounton } for pid=360 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.309844][ T360] cgroup1: Unknown subsys name 'net' [ 26.330214][ T23] audit: type=1400 audit(1744834820.260:68): avc: denied { mount } for pid=360 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.336667][ T360] cgroup1: Unknown subsys name 'net_prio' [ 26.358125][ T23] audit: type=1400 audit(1744834820.310:69): avc: denied { read } for pid=146 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 26.364098][ T360] cgroup1: Unknown subsys name 'devices' [ 26.390617][ T23] audit: type=1400 audit(1744834820.340:70): avc: denied { unmount } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.524898][ T360] cgroup1: Unknown subsys name 'hugetlb' [ 26.530633][ T360] cgroup1: Unknown subsys name 'rlimit' [ 26.708337][ T23] audit: type=1400 audit(1744834820.660:71): avc: denied { setattr } for pid=360 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=9565 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.731400][ T23] audit: type=1400 audit(1744834820.660:72): avc: denied { create } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.739055][ T365] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.752174][ T23] audit: type=1400 audit(1744834820.660:73): avc: denied { write } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.780026][ T23] audit: type=1400 audit(1744834820.660:74): avc: denied { read } for pid=360 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.799940][ T23] audit: type=1400 audit(1744834820.660:75): avc: denied { module_request } for pid=360 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 26.842924][ T360] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.370279][ T371] request_module fs-gadgetfs succeeded, but still no fs? [ 28.018111][ T406] syz-executor (406) used greatest stack depth: 19672 bytes left [ 28.066288][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.073228][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.080539][ T421] device bridge_slave_0 entered promiscuous mode [ 28.087476][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.094316][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.101684][ T421] device bridge_slave_1 entered promiscuous mode [ 28.159029][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.165973][ T421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.173133][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.180059][ T421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.205409][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.213378][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.220348][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.233616][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.241794][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.248654][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.257966][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.266431][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.273299][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.290563][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.299948][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.321511][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.333511][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.350280][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.363621][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.377278][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.415427][ T421] syz-executor (421) used greatest stack depth: 19640 bytes left 2025/04/16 20:20:22 executed programs: 0 [ 28.723096][ T438] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.729939][ T438] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.737707][ T438] device bridge_slave_0 entered promiscuous mode [ 28.744849][ T438] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.751846][ T438] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.759319][ T438] device bridge_slave_1 entered promiscuous mode [ 28.816839][ T438] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.823698][ T438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.830819][ T438] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.837588][ T438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.862821][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.870388][ T374] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.877668][ T374] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.888463][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.896555][ T374] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.903393][ T374] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.913828][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.921887][ T374] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.928705][ T374] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.944556][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.954173][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.972390][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.980619][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.993373][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.001098][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.019184][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.027418][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.040214][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.048780][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.061777][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.069878][ T374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.542058][ T9] device bridge_slave_1 left promiscuous mode [ 29.548006][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.555454][ T9] device bridge_slave_0 left promiscuous mode [ 29.561372][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.169368][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.176220][ T464] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.183693][ T464] device bridge_slave_0 entered promiscuous mode [ 44.190414][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.197263][ T464] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.204558][ T464] device bridge_slave_1 entered promiscuous mode [ 44.256929][ T464] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.263784][ T464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.270877][ T464] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.277676][ T464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.302381][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.309451][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.316714][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.323983][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.333809][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.341892][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.348706][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.358097][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.366140][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.372986][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.388622][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.398087][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.416495][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.428779][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.442855][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.456487][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 2025/04/16 20:20:38 executed programs: 3 [ 44.467171][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.492293][ T464] ================================================================== [ 44.500194][ T464] BUG: KASAN: use-after-free in __mutex_lock+0xcd7/0x1060 [ 44.507121][ T464] Read of size 4 at addr ffff8881e9a68038 by task syz-executor/464 [ 44.514834][ T464] [ 44.517011][ T464] CPU: 1 PID: 464 Comm: syz-executor Not tainted 5.4.290-syzkaller-00002-g41adfeb3d639 #0 [ 44.526728][ T464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 44.536624][ T464] Call Trace: [ 44.539761][ T464] dump_stack+0x1d8/0x241 [ 44.543921][ T464] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 44.549559][ T464] ? printk+0xd1/0x111 [ 44.553467][ T464] ? __mutex_lock+0xcd7/0x1060 [ 44.558063][ T464] print_address_description+0x8c/0x600 [ 44.563450][ T464] ? check_preemption_disabled+0x9f/0x320 [ 44.569005][ T464] ? __unwind_start+0x708/0x890 [ 44.573691][ T464] ? __mutex_lock+0xcd7/0x1060 [ 44.578284][ T464] __kasan_report+0xf3/0x120 [ 44.582715][ T464] ? __mutex_lock+0xcd7/0x1060 [ 44.587315][ T464] kasan_report+0x30/0x60 [ 44.591480][ T464] __mutex_lock+0xcd7/0x1060 [ 44.595916][ T464] ? kobject_get_unless_zero+0x229/0x320 [ 44.601378][ T464] ? __ww_mutex_lock_interruptible_slowpath+0x10/0x10 [ 44.607976][ T464] ? __module_put_and_exit+0x20/0x20 [ 44.613094][ T464] ? up_read+0x6f/0x1b0 [ 44.617086][ T464] mutex_lock_killable+0xd8/0x110 [ 44.621949][ T464] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 44.628280][ T464] ? mutex_lock+0xa5/0x110 [ 44.632538][ T464] ? mutex_trylock+0xa0/0xa0 [ 44.636961][ T464] lo_open+0x18/0xc0 [ 44.640694][ T464] __blkdev_get+0x3c8/0x1160 [ 44.645126][ T464] ? blkdev_get+0x3a0/0x3a0 [ 44.649460][ T464] ? _raw_spin_unlock+0x49/0x60 [ 44.654146][ T464] blkdev_get+0x2de/0x3a0 [ 44.658311][ T464] ? blkdev_open+0x173/0x290 [ 44.662744][ T464] ? block_ioctl+0xe0/0xe0 [ 44.666990][ T464] do_dentry_open+0x964/0x1130 [ 44.671598][ T464] ? finish_open+0xd0/0xd0 [ 44.675845][ T464] ? security_inode_permission+0xad/0xf0 [ 44.681311][ T464] ? memcpy+0x38/0x50 [ 44.685161][ T464] path_openat+0x29bf/0x34b0 [ 44.689559][ T464] ? stack_trace_save+0x118/0x1c0 [ 44.694427][ T464] ? do_filp_open+0x450/0x450 [ 44.698932][ T464] ? do_sys_open+0x357/0x810 [ 44.703357][ T464] ? do_syscall_64+0xca/0x1c0 [ 44.707868][ T464] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.713776][ T464] do_filp_open+0x20b/0x450 [ 44.718115][ T464] ? vfs_tmpfile+0x2c0/0x2c0 [ 44.722546][ T464] ? _raw_spin_unlock+0x49/0x60 [ 44.727225][ T464] ? __alloc_fd+0x4c5/0x570 [ 44.731573][ T464] do_sys_open+0x39c/0x810 [ 44.735822][ T464] ? check_preemption_disabled+0x153/0x320 [ 44.741459][ T464] ? file_open_root+0x490/0x490 [ 44.746151][ T464] do_syscall_64+0xca/0x1c0 [ 44.750491][ T464] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.756250][ T464] RIP: 0033:0x7ff222420a51 [ 44.760470][ T464] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d fa 7a 1f 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25 [ 44.779908][ T464] RSP: 002b:00007ffec2e9dc50 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 44.788155][ T464] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff222420a51 [ 44.795967][ T464] RDX: 0000000000000002 RSI: 00007ffec2e9dd60 RDI: 00000000ffffff9c [ 44.803777][ T464] RBP: 00007ffec2e9dd60 R08: 000000000000000a R09: 00007ffec2e9da17 [ 44.811593][ T464] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 44.819400][ T464] R13: 00007ff222611260 R14: 0000000000000003 R15: 00007ffec2e9dd60 [ 44.827212][ T464] [ 44.829377][ T464] Allocated by task 445: [ 44.833464][ T464] __kasan_kmalloc+0x171/0x210 [ 44.838061][ T464] kmem_cache_alloc+0xd9/0x250 [ 44.842664][ T464] dup_task_struct+0x4f/0x600 [ 44.847175][ T464] copy_process+0x56d/0x3230 [ 44.851605][ T464] _do_fork+0x197/0x900 [ 44.855594][ T464] __x64_sys_clone3+0x2da/0x300 [ 44.860281][ T464] do_syscall_64+0xca/0x1c0 [ 44.864621][ T464] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 44.870341][ T464] [ 44.872516][ T464] Freed by task 17: [ 44.876165][ T464] __kasan_slab_free+0x1b5/0x270 [ 44.880939][ T464] kmem_cache_free+0x10b/0x2c0 [ 44.885540][ T464] rcu_do_batch+0x492/0xa00 [ 44.889876][ T464] rcu_core+0x4c8/0xcb0 [ 44.893872][ T464] __do_softirq+0x23b/0x6b7 [ 44.898204][ T464] [ 44.900384][ T464] The buggy address belongs to the object at ffff8881e9a68000 [ 44.900384][ T464] which belongs to the cache task_struct of size 3904 [ 44.914354][ T464] The buggy address is located 56 bytes inside of [ 44.914354][ T464] 3904-byte region [ffff8881e9a68000, ffff8881e9a68f40) [ 44.927456][ T464] The buggy address belongs to the page: [ 44.932942][ T464] page:ffffea0007a69a00 refcount:1 mapcount:0 mapping:ffff8881f5cf1680 index:0x0 compound_mapcount: 0 [ 44.943688][ T464] flags: 0x8000000000010200(slab|head) [ 44.948988][ T464] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf1680 [ 44.957408][ T464] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 44.965816][ T464] page dumped because: kasan: bad access detected [ 44.972072][ T464] page_owner tracks the page as allocated [ 44.977626][ T464] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL) [ 44.993859][ T464] prep_new_page+0x18f/0x370 [ 44.998284][ T464] get_page_from_freelist+0x2d13/0x2d90 [ 45.003666][ T464] __alloc_pages_nodemask+0x393/0x840 [ 45.008872][ T464] alloc_slab_page+0x39/0x3c0 [ 45.013384][ T464] new_slab+0x97/0x440 [ 45.017292][ T464] ___slab_alloc+0x2fe/0x490 [ 45.021720][ T464] __slab_alloc+0x62/0xa0 [ 45.025881][ T464] kmem_cache_alloc+0x109/0x250 [ 45.030572][ T464] dup_task_struct+0x4f/0x600 [ 45.035085][ T464] copy_process+0x56d/0x3230 [ 45.039508][ T464] _do_fork+0x197/0x900 [ 45.043505][ T464] __x64_sys_clone+0x26b/0x2c0 [ 45.048108][ T464] do_syscall_64+0xca/0x1c0 [ 45.052445][ T464] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.058172][ T464] page last free stack trace: [ 45.062688][ T464] __free_pages_ok+0x847/0x950 [ 45.067285][ T464] __free_pages+0x91/0x140 [ 45.071536][ T464] __free_slab+0x221/0x2e0 [ 45.075789][ T464] unfreeze_partials+0x14e/0x180 [ 45.080562][ T464] put_cpu_partial+0x44/0x180 [ 45.085078][ T464] __slab_free+0x297/0x360 [ 45.089331][ T464] qlist_free_all+0x43/0xb0 [ 45.093670][ T464] quarantine_reduce+0x1d9/0x210 [ 45.098443][ T464] __kasan_kmalloc+0x41/0x210 [ 45.102960][ T464] kmem_cache_alloc+0xd9/0x250 [ 45.107557][ T464] getname_flags+0xb8/0x4e0 [ 45.111894][ T464] user_path_at_empty+0x28/0x50 [ 45.116583][ T464] vfs_statx+0x115/0x210 [ 45.120665][ T464] __se_sys_newfstatat+0xce/0x770 [ 45.125522][ T464] do_syscall_64+0xca/0x1c0 [ 45.129872][ T464] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 45.135589][ T464] [ 45.137755][ T464] Memory state around the buggy address: [ 45.143229][ T464] ffff8881e9a67f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.151125][ T464] ffff8881e9a67f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.159026][ T464] >ffff8881e9a68000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.166919][ T464] ^ [ 45.172652][ T464] ffff8881e9a68080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.180549][ T464] ffff8881e9a68100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.188444][ T464] ================================================================== [ 45.196353][ T464] Disabling lock debugging due to kernel taint