================================================================== BUG: KASAN: slab-out-of-bounds in class_equal+0x40/0x50 kernel/locking/lockdep.c:1527 Read of size 8 at addr ffff88809856e480 by task syz-executor.0/9847 CPU: 0 PID: 9847 Comm: syz-executor.0 Not tainted 5.2.0-rc3+ #33 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: Allocated by task 8889: save_stack+0x23/0x90 mm/kasan/common.c:71 set_track mm/kasan/common.c:79 [inline] __kasan_kmalloc mm/kasan/common.c:489 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:462 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:503 kmem_cache_alloc_trace+0x151/0x750 mm/slab.c:3555 kmalloc include/linux/slab.h:547 [inline] kzalloc include/linux/slab.h:742 [inline] can_notifier+0x227/0x330 net/can/af_can.c:828 notifier_call_chain+0xc2/0x230 kernel/notifier.c:95 __raw_notifier_call_chain kernel/notifier.c:396 [inline] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:403 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1749 call_netdevice_notifiers_extack net/core/dev.c:1761 [inline] call_netdevice_notifiers net/core/dev.c:1775 [inline] register_netdevice+0xa4d/0xff0 net/core/dev.c:8734 __rtnl_newlink+0x146b/0x16c0 net/core/rtnetlink.c:3199 rtnl_newlink+0x69/0xa0 net/core/rtnetlink.c:3245 rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:5214 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5232 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline] netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328 netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:665 __sys_sendto+0x262/0x380 net/socket.c:1958 __do_sys_sendto net/socket.c:1970 [inline] __se_sys_sendto net/socket.c:1966 [inline] __x64_sys_sendto+0xe1/0x1a0 net/socket.c:1966 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff888098560f80 which belongs to the cache kmalloc-32k of size 32768 The buggy address is located 21760 bytes to the right of 32768-byte region [ffff888098560f80, ffff888098568f80) The buggy address belongs to the page: page:ffffea0002615800 refcount:1 mapcount:0 mapping:ffff8880aa402380 index:0x0 compound_mapcount: 0 flags: 0x1fffc0000010200(slab|head) raw: 01fffc0000010200 ffffea0002475808 ffffea0002208408 ffff8880aa402380 raw: 0000000000000000 ffff888098560f80 0000000100000001 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809856e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88809856e400: fc fc f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 fc fc >ffff88809856e480: fc fc 00 00 00 f3 f3 f3 f3 f3 fc fc fc fc fc fc ^ ffff88809856e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88809856e580: fc 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc ==================================================================