================================================================== BUG: KASAN: slab-out-of-bounds in fib6_rule_lookup+0x524/0x5a0 net/ipv6/fib6_rules.c:117 Read of size 2 at addr ffff88809c0d37ac by task kworker/0:0/5 CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.2.0-rc1+ #8 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events rt6_probe_deferred Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:188 __kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 kasan_report+0x12/0x20 mm/kasan/common.c:614 __asan_report_load2_noabort+0x14/0x20 mm/kasan/generic_report.c:130 fib6_rule_lookup+0x524/0x5a0 net/ipv6/fib6_rules.c:117 ip6_route_input_lookup+0xb7/0xd0 net/ipv6/route.c:2059 ip6_route_input+0x5e2/0x9e0 net/ipv6/route.c:2194 ip6_rcv_finish_core.isra.0+0x174/0x590 net/ipv6/ip6_input.c:67 ip6_rcv_finish+0x17a/0x310 net/ipv6/ip6_input.c:78 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ipv6_rcv+0x10e/0x420 net/ipv6/ip6_input.c:276 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:4990 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5104 process_backlog+0x206/0x750 net/core/dev.c:5944 napi_poll net/core/dev.c:6367 [inline] net_rx_action+0x4f5/0x1070 net/core/dev.c:6433 __do_softirq+0x25c/0x94c kernel/softirq.c:293 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1040 do_softirq.part.0+0x11a/0x170 kernel/softirq.c:338 do_softirq kernel/softirq.c:330 [inline] __local_bh_enable_ip+0x211/0x270 kernel/softirq.c:190 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:684 [inline] ip6_finish_output2+0x10a0/0x2550 net/ipv6/ip6_output.c:121 ip6_finish_output+0x56d/0xc20 net/ipv6/ip6_output.c:154 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0x235/0x7f0 net/ipv6/ip6_output.c:171 dst_output include/net/dst.h:433 [inline] NF_HOOK include/linux/netfilter.h:305 [inline] ndisc_send_skb+0xf29/0x14a0 net/ipv6/ndisc.c:508 ndisc_send_ns+0x3a9/0x850 net/ipv6/ndisc.c:650 rt6_probe_deferred+0xe3/0x1a0 net/ipv6/route.c:543 process_one_work+0x989/0x1790 kernel/workqueue.c:2269 worker_thread+0x98/0xe40 kernel/workqueue.c:2415 kthread+0x354/0x420 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 1: save_stack+0x23/0x90 mm/kasan/common.c:71 set_track mm/kasan/common.c:79 [inline] __kasan_kmalloc mm/kasan/common.c:489 [inline] __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:462 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:497 slab_post_alloc_hook mm/slab.h:437 [inline] slab_alloc mm/slab.c:3326 [inline] kmem_cache_alloc+0x11a/0x6f0 mm/slab.c:3488 kmem_cache_zalloc include/linux/slab.h:732 [inline] __kernfs_new_node+0xf0/0x6c0 fs/kernfs/dir.c:632 kernfs_new_node+0x96/0x120 fs/kernfs/dir.c:698 __kernfs_create_file+0x51/0x340 fs/kernfs/file.c:1002 sysfs_add_file_mode_ns+0x222/0x560 fs/sysfs/file.c:305 create_files fs/sysfs/group.c:63 [inline] internal_create_group+0x359/0xc40 fs/sysfs/group.c:148 sysfs_create_group fs/sysfs/group.c:174 [inline] sysfs_create_groups fs/sysfs/group.c:201 [inline] sysfs_create_groups+0x9b/0x141 fs/sysfs/group.c:191 device_add_groups drivers/base/core.c:1288 [inline] device_add_attrs drivers/base/core.c:1436 [inline] device_add+0x80f/0x17a0 drivers/base/core.c:2080 device_register+0x1e/0x30 drivers/base/core.c:2184 __video_register_device+0x1b61/0x3ea0 drivers/media/v4l2-core/v4l2-dev.c:1001 video_register_device include/media/v4l2-dev.h:377 [inline] vivid_create_instance drivers/media/platform/vivid/vivid-core.c:1329 [inline] vivid_probe.cold+0x5eb9/0x7a2d drivers/media/platform/vivid/vivid-core.c:1521 platform_drv_probe+0x8d/0x140 drivers/base/platform.c:616 really_probe+0x291/0x690 drivers/base/dd.c:509 driver_probe_device+0x110/0x220 drivers/base/dd.c:670 device_driver_attach+0x116/0x150 drivers/base/dd.c:944 __driver_attach+0xdf/0x230 drivers/base/dd.c:1021 bus_for_each_dev+0x15b/0x1f0 drivers/base/bus.c:304 driver_attach+0x40/0x50 drivers/base/dd.c:1037 bus_add_driver+0x4ae/0x5c0 drivers/base/bus.c:645 driver_register+0x1c9/0x330 drivers/base/driver.c:170 __platform_driver_register+0xce/0x100 drivers/base/platform.c:671 vivid_init+0x3b/0x69 drivers/media/platform/vivid/vivid-core.c:1635 do_one_initcall+0x107/0x7ba init/main.c:915 do_initcall_level init/main.c:983 [inline] do_initcalls init/main.c:991 [inline] do_basic_setup init/main.c:1009 [inline] kernel_init_freeable+0x4d4/0x5c3 init/main.c:1169 kernel_init+0x12/0x1c5 init/main.c:1087 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff88809c0d3700 which belongs to the cache kernfs_node_cache of size 160 The buggy address is located 12 bytes to the right of 160-byte region [ffff88809c0d3700, ffff88809c0d37a0) The buggy address belongs to the page: page:ffffea00027034c0 refcount:1 mapcount:0 mapping:ffff88821bc48500 index:0xffff88809c0d3fee flags: 0x1fffc0000000200(slab) raw: 01fffc0000000200 ffffea000271a3c8 ffffea0002703548 ffff88821bc48500 raw: ffff88809c0d3fee ffff88809c0d3000 0000000100000012 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88809c0d3680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff88809c0d3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88809c0d3780: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 ^ ffff88809c0d3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88809c0d3880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ==================================================================