================================================================== BUG: KASAN: invalid-access in tcp_init_congestion_control+0x14/0xfc net/ipv4/tcp_cong.c:178 Write at addr f7ff0000285e880c by task syz-executor.0/8482 Pointer tag: [f7], memory tag: [fe] CPU: 1 PID: 8482 Comm: syz-executor.0 Not tainted 5.13.0-rc2-syzkaller-00191-g79a106fc6585 #0 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x0/0x1b0 arch/arm64/kernel/stacktrace.c:138 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:217 __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0xd0/0x12c lib/dump_stack.c:120 print_address_description+0x70/0x2ac mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report+0x134/0x380 mm/kasan/report.c:436 report_tag_fault arch/arm64/mm/fault.c:324 [inline] do_tag_recovery arch/arm64/mm/fault.c:336 [inline] __do_kernel_fault+0x1a8/0x1dc arch/arm64/mm/fault.c:378 do_bad_area arch/arm64/mm/fault.c:474 [inline] do_tag_check_fault+0x74/0x90 arch/arm64/mm/fault.c:745 do_mem_abort+0x44/0xb4 arch/arm64/mm/fault.c:821 el1_abort+0x40/0x60 arch/arm64/kernel/entry-common.c:171 el1_sync_handler+0xac/0xd0 arch/arm64/kernel/entry-common.c:255 el1_sync+0x78/0x100 arch/arm64/kernel/entry.S:710 tcp_init_congestion_control+0x14/0xfc net/ipv4/tcp_cong.c:178 tcp_reinit_congestion_control net/ipv4/tcp_cong.c:207 [inline] tcp_set_congestion_control+0x23c/0x270 net/ipv4/tcp_cong.c:381 mptcp_setsockopt_sol_tcp_congestion net/mptcp/sockopt.c:550 [inline] mptcp_setsockopt_sol_tcp net/mptcp/sockopt.c:563 [inline] mptcp_setsockopt+0x3ac/0x770 net/mptcp/sockopt.c:599 sock_common_setsockopt+0x1c/0x30 net/core/sock.c:3257 __sys_setsockopt+0xa0/0x1a0 net/socket.c:2117 __do_sys_setsockopt net/socket.c:2128 [inline] __se_sys_setsockopt net/socket.c:2125 [inline] __arm64_sys_setsockopt+0x2c/0x40 net/socket.c:2125 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52 el0_svc_common.constprop.0+0x44/0xcc arch/arm64/kernel/syscall.c:145 do_el0_svc+0x70/0x90 arch/arm64/kernel/syscall.c:184 el0_svc+0x2c/0x54 arch/arm64/kernel/entry-common.c:408 el0_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:424 el0_sync+0x1b4/0x1c0 arch/arm64/kernel/entry.S:734 Allocated by task 0: (stack is not available) Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff0000285e8800 which belongs to the cache MPTCPv6 of size 1992 The buggy address is located 12 bytes inside of 1992-byte region [ffff0000285e8800, ffff0000285e8fc8) The buggy address belongs to the page: page:00000000a47c1be4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x685e8 head:00000000a47c1be4 order:3 compound_mapcount:0 compound_pincount:0 memcg:fbff0000062dfb01 flags: 0x1ffc00000010200(slab|head|node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) raw: 01ffc00000010200 dead000000000100 dead000000000122 faff000005616a00 raw: 0000000000000000 0000000080100010 00000001ffffffff fbff0000062dfb01 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff0000285e8600: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 ffff0000285e8700: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe >ffff0000285e8800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ^ ffff0000285e8900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ffff0000285e8a00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe ==================================================================