ci starts bisection 2022-12-30 14:12:10.54367959 +0000 UTC m=+250281.086385155 bisecting cause commit starting from a335366bad1364a07f49df9da1fdfa6d411a5f39 building syzkaller on dd9a85ff356d74a765888403f1b70faece9e642b ensuring issue is reproducible on original commit a335366bad1364a07f49df9da1fdfa6d411a5f39 testing commit a335366bad1364a07f49df9da1fdfa6d411a5f39 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e627c0ab970843808f70909a82a833dcee1b770320bbdd5f704253f87742b37a run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK reproducer seems to be flaky testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 57bf04e18dace5f12e756e6bdec88b1d288c7e5e0c030b0e920d32e4a227b8c8 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: crashed: KASAN: use-after-free Read in powermate_config_complete run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: dfc19314bff679795fb96560d6df64f29e0a79633af2cca4b7180ab10c39150c all runs: OK # git bisect start 3d7cb6b04c3f3115719235cc6866b10326de34cd 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 8493 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 33353e18b39d73b692eafae8f8422d4eb12b56c7d0741f9ab4d0c7b10f45d500 run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: crashed: KASAN: use-after-free Read in powermate_config_complete run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 2961 revisions left to test after this (roughly 12 steps) [7e062cda7d90543ac8c7700fc7c5527d0c0f22ad] Merge tag 'net-next-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 7e062cda7d90543ac8c7700fc7c5527d0c0f22ad gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 664a2098dfdda08a32df6919204a1445461f8e068390f53491eadc7b0a40c046 run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: crashed: KASAN: use-after-free Read in powermate_config_complete run #2: crashed: KASAN: use-after-free Read in powermate_config_complete run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 7e062cda7d90543ac8c7700fc7c5527d0c0f22ad Bisecting: 2538 revisions left to test after this (roughly 11 steps) [3842007b1a33589d57f67eac479b132b77767514] Merge tag 'zonefs-5.19-rc1-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs testing commit 3842007b1a33589d57f67eac479b132b77767514 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4ccb268b01f7b1bc3fb09873acc634e6816cbd2ab3510bd146b29c1db890287e all runs: OK # git bisect good 3842007b1a33589d57f67eac479b132b77767514 Bisecting: 1271 revisions left to test after this (roughly 10 steps) [53a332f222c015cb82349fd4f6b58cb14f574e8d] Merge branch 'net-phy-add-comments-for-lan8742-phy-support' testing commit 53a332f222c015cb82349fd4f6b58cb14f574e8d gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 521b4b6ef9fda9d60e97d81c1cf95dda2e1f252f214825e4136b0511bf7023b2 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: crashed: KASAN: use-after-free Read in powermate_config_complete run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 53a332f222c015cb82349fd4f6b58cb14f574e8d Bisecting: 591 revisions left to test after this (roughly 9 steps) [50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit 50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a229e5df0fbc71038af0ec6f71cdc4e47bce554c51e5df24107a30ee8a60a560 all runs: OK # git bisect good 50c6afabfd2ae91a4ff0e2feb14fe702b0688ec5 Bisecting: 360 revisions left to test after this (roughly 8 steps) [f39af96d352dd4f36a4a43601ea90561e17e5ca6] Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git testing commit f39af96d352dd4f36a4a43601ea90561e17e5ca6 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: adb62f627ee1c0a0afe964d2429d40c4e0713909eef819c64eaaebb42c728c8e all runs: OK # git bisect good f39af96d352dd4f36a4a43601ea90561e17e5ca6 Bisecting: 184 revisions left to test after this (roughly 8 steps) [656d33890732978919f79bdbc96921dfca6f28bb] net/mlx5: Allow future addition of IPsec object modifiers testing commit 656d33890732978919f79bdbc96921dfca6f28bb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 360a2f0ebc20676a24a1ebf0554a59d716e361ea286493dd0c1e1313d2f5fb65 all runs: OK # git bisect good 656d33890732978919f79bdbc96921dfca6f28bb Bisecting: 92 revisions left to test after this (roughly 7 steps) [d484735dcf923e7872d5e353aacfaa4f42dea1d4] net: virtio: switch to netif_napi_add_weight() testing commit d484735dcf923e7872d5e353aacfaa4f42dea1d4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3c068839010d019db44335210ab8e5d4edd1f77f304f567cd314bf509f072d6d run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #2: crashed: KASAN: use-after-free Read in powermate_config_complete run #3: crashed: KASAN: use-after-free Read in powermate_config_complete run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad d484735dcf923e7872d5e353aacfaa4f42dea1d4 Bisecting: 45 revisions left to test after this (roughly 6 steps) [4eaf1797bca19ed766dc3d7b607f0b0617214e7e] ice: remove period on argument description in ice_for_each_vf testing commit 4eaf1797bca19ed766dc3d7b607f0b0617214e7e gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7f5be708aab342ff60dcd478c65ddc71803359d46e6f5f20c28c5212f0491019 run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 4eaf1797bca19ed766dc3d7b607f0b0617214e7e Bisecting: 22 revisions left to test after this (roughly 5 steps) [0106668cd2f91bf913fb78972840dedfba80a3c3] mlxsw: Treat LLDP packets as control testing commit 0106668cd2f91bf913fb78972840dedfba80a3c3 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: edc879f21a935dd0d2915b390335026e26ca969acab55134a63a498a7cd692c5 run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 0106668cd2f91bf913fb78972840dedfba80a3c3 Bisecting: 11 revisions left to test after this (roughly 4 steps) [b3e5fd653d3959f2845018f60db497a056aa41b2] selftests: mptcp: capture netlink events testing commit b3e5fd653d3959f2845018f60db497a056aa41b2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1ec23e98c95f6fcefb386c2716d19ed9963ddaf54a5d2585b1631c015a97aca all runs: OK # git bisect good b3e5fd653d3959f2845018f60db497a056aa41b2 Bisecting: 5 revisions left to test after this (roughly 3 steps) [6b73f20ab6c401a1a7860f02734ab11bf748e69b] sfc: Copy a subset of mcdi_pcol.h to siena testing commit 6b73f20ab6c401a1a7860f02734ab11bf748e69b gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e1d4dcd2f393b91af01dcbf06fb3348cbc9cf3a22ce6a2594e84188a8b57888e run #0: OK run #1: crashed: KASAN: use-after-free Read in powermate_config_complete run #2: crashed: KASAN: use-after-free Read in powermate_config_complete run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 6b73f20ab6c401a1a7860f02734ab11bf748e69b Bisecting: 2 revisions left to test after this (roughly 2 steps) [6a9b3de82516551543d153aefa8fe3577cea7271] Merge branch 'mptcp-pathmanager-api' testing commit 6a9b3de82516551543d153aefa8fe3577cea7271 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4ec5401bdfd82815d942ed9b702d8dda70f1961c41e0869700a8c587ce0fcf9b run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: crashed: KASAN: use-after-free Read in powermate_config_complete run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 6a9b3de82516551543d153aefa8fe3577cea7271 Bisecting: 0 revisions left to test after this (roughly 1 step) [259a834fadda06db430bcd4ab95e1fcf5e63c4cb] selftests: mptcp: functional tests for the userspace PM type testing commit 259a834fadda06db430bcd4ab95e1fcf5e63c4cb gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fbb3b85bf2d6777db09cabbcb73cd5a7caef8222c61551e97658666329ebcf3a run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 259a834fadda06db430bcd4ab95e1fcf5e63c4cb Bisecting: 0 revisions left to test after this (roughly 0 steps) [bdde081d728ab86812947a62bf84a3b4dfeb2635] selftests: mptcp: create listeners to receive MPJs testing commit bdde081d728ab86812947a62bf84a3b4dfeb2635 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e1ab599c158aedc0143a8ce4fa26689831d3aac4ceda884acc1d51a3ea11f2cb run #0: crashed: KASAN: use-after-free Read in powermate_config_complete run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad bdde081d728ab86812947a62bf84a3b4dfeb2635 bdde081d728ab86812947a62bf84a3b4dfeb2635 is the first bad commit commit bdde081d728ab86812947a62bf84a3b4dfeb2635 Author: Kishen Maloor Date: Tue May 3 19:39:00 2022 -0700 selftests: mptcp: create listeners to receive MPJs This change updates the "pm_nl_ctl" testing sample with a "listen" option to bind a MPTCP listening socket to the provided addr+port. This option is exercised in testing subflow initiation scenarios in conjunction with userspace path managers where the MPTCP application does not hold an active listener to accept requests for new subflows. Acked-by: Paolo Abeni Signed-off-by: Kishen Maloor Signed-off-by: Mat Martineau Signed-off-by: David S. Miller tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 54 +++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) culprit signature: e1ab599c158aedc0143a8ce4fa26689831d3aac4ceda884acc1d51a3ea11f2cb parent signature: d1ec23e98c95f6fcefb386c2716d19ed9963ddaf54a5d2585b1631c015a97aca Reproducer flagged being flaky revisions tested: 18, total time: 4h49m12.172704914s (build: 2h3m34.676493073s, test: 2h42m55.776329761s) first bad commit: bdde081d728ab86812947a62bf84a3b4dfeb2635 selftests: mptcp: create listeners to receive MPJs recipients (to): ["davem@davemloft.net" "kishen.maloor@intel.com" "mathew.j.martineau@linux.intel.com" "pabeni@redhat.com"] recipients (cc): [] crash: KASAN: use-after-free Read in powermate_config_complete powermate 6-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 powermate: config urb returned -71 ================================================================== BUG: KASAN: use-after-free in __lock_acquire+0x3eb0/0x56c0 kernel/locking/lockdep.c:4899 Read of size 8 at addr ffff8880760c2258 by task ksoftirqd/1/21 CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.18.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 __lock_acquire+0x3eb0/0x56c0 kernel/locking/lockdep.c:4899 lock_acquire kernel/locking/lockdep.c:5641 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5606 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162 powermate_config_complete+0x66/0x90 drivers/input/misc/powermate.c:202 __usb_hcd_giveback_urb+0x238/0x3f0 drivers/usb/core/hcd.c:1670 dummy_timer+0xeb8/0x2e90 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x163/0x4a0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1466 [inline] __run_timers.part.0+0x52c/0x8e0 kernel/time/timer.c:1737 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x9c/0x190 kernel/time/timer.c:1750 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x548/0x8c0 kernel/smpboot.c:164 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Allocated by task 4099: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524 kmalloc include/linux/slab.h:581 [inline] kzalloc include/linux/slab.h:714 [inline] powermate_probe+0x1fc/0x1300 drivers/input/misc/powermate.c:323 usb_probe_interface+0x274/0x6a0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:542 [inline] really_probe+0x1c1/0x9d0 drivers/base/dd.c:621 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752 driver_probe_device+0x44/0x110 drivers/base/dd.c:782 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x1db/0x410 drivers/base/dd.c:970 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0x9ca/0x1b10 drivers/base/core.c:3405 usb_set_configuration+0xa66/0x18b0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x74/0xa0 drivers/usb/core/generic.c:238 usb_probe_device+0x95/0x240 drivers/usb/core/driver.c:293 call_driver_probe drivers/base/dd.c:542 [inline] really_probe+0x1c1/0x9d0 drivers/base/dd.c:621 __driver_probe_device+0x2a6/0x460 drivers/base/dd.c:752 driver_probe_device+0x44/0x110 drivers/base/dd.c:782 __device_attach_driver+0x185/0x250 drivers/base/dd.c:899 bus_for_each_drv+0x11e/0x1a0 drivers/base/bus.c:427 __device_attach+0x1db/0x410 drivers/base/dd.c:970 bus_probe_device+0x19d/0x250 drivers/base/bus.c:487 device_add+0x9ca/0x1b10 drivers/base/core.c:3405 usb_new_device.cold+0x5d1/0xeeb drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0x114d/0x39a0 drivers/usb/core/hub.c:5747 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Freed by task 2924: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1728 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1754 slab_free mm/slub.c:3510 [inline] kfree+0xd6/0x4d0 mm/slub.c:4552 usb_unbind_interface+0x183/0x7e0 drivers/usb/core/driver.c:458 __device_release_driver drivers/base/dd.c:1200 [inline] device_release_driver_internal+0x3be/0x590 drivers/base/dd.c:1223 bus_remove_device+0x295/0x550 drivers/base/bus.c:529 device_del+0x48d/0xb80 drivers/base/core.c:3592 usb_disable_device+0x29c/0x660 drivers/usb/core/message.c:1419 usb_disconnect.cold+0x20a/0x61d drivers/usb/core/hub.c:2228 hub_port_connect drivers/usb/core/hub.c:5207 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0xb46/0x39a0 drivers/usb/core/hub.c:5747 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 Last potentially related work creation: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 __kasan_record_aux_stack+0xbe/0xd0 mm/kasan/generic.c:348 kvfree_call_rcu+0x74/0x990 kernel/rcu/tree.c:3595 drop_sysctl_table+0x317/0x440 fs/proc/proc_sysctl.c:1705 unregister_sysctl_table fs/proc/proc_sysctl.c:1743 [inline] unregister_sysctl_table+0x97/0x170 fs/proc/proc_sysctl.c:1718 __devinet_sysctl_unregister net/ipv4/devinet.c:2611 [inline] devinet_sysctl_unregister net/ipv4/devinet.c:2639 [inline] inetdev_event+0xb03/0x11c0 net/ipv4/devinet.c:1612 notifier_call_chain+0x94/0x170 kernel/notifier.c:84 call_netdevice_notifiers_extack net/core/dev.c:1981 [inline] call_netdevice_notifiers net/core/dev.c:1995 [inline] dev_change_name+0x488/0x740 net/core/dev.c:1224 do_setlink+0x21b8/0x2d90 net/core/rtnetlink.c:2754 __rtnl_newlink+0x94d/0x14c0 net/core/rtnetlink.c:3540 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3587 rtnetlink_rcv_msg+0x32d/0x9a0 net/core/rtnetlink.c:6083 netlink_rcv_skb+0x118/0x370 net/netlink/af_netlink.c:2502 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x433/0x710 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x782/0xc30 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:725 __sys_sendto+0x1a5/0x270 net/socket.c:2049 __do_sys_sendto net/socket.c:2061 [inline] __se_sys_sendto net/socket.c:2057 [inline] __x64_sys_sendto+0xd8/0x1b0 net/socket.c:2057 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff8880760c2200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 88 bytes inside of 256-byte region [ffff8880760c2200, ffff8880760c2300) The buggy address belongs to the physical page: page:ffffea0001d83080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x760c2 head:ffffea0001d83080 order:1 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841b40 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4071, tgid 4071 (syz-executor.3), ts 73964217426, free_ts 73895024402 prep_new_page mm/page_alloc.c:2441 [inline] get_page_from_freelist+0xba2/0x3e00 mm/page_alloc.c:4182 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408 alloc_slab_page mm/slub.c:1799 [inline] allocate_slab+0x26c/0x3c0 mm/slub.c:1944 new_slab mm/slub.c:2004 [inline] ___slab_alloc+0x8df/0xf20 mm/slub.c:3005 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092 slab_alloc_node mm/slub.c:3183 [inline] slab_alloc mm/slub.c:3225 [inline] __kmalloc+0x318/0x350 mm/slub.c:4410 kmalloc include/linux/slab.h:586 [inline] kzalloc include/linux/slab.h:714 [inline] new_dir fs/proc/proc_sysctl.c:971 [inline] get_subdir fs/proc/proc_sysctl.c:1016 [inline] __register_sysctl_table+0x82c/0x11a0 fs/proc/proc_sysctl.c:1364 neigh_sysctl_register+0x275/0x5f0 net/core/neighbour.c:3793 devinet_sysctl_register+0x8a/0x1e0 net/ipv4/devinet.c:2625 inetdev_init+0x21c/0x480 net/ipv4/devinet.c:279 inetdev_event+0x792/0x11c0 net/ipv4/devinet.c:1536 notifier_call_chain+0x94/0x170 kernel/notifier.c:84 call_netdevice_notifiers_extack net/core/dev.c:1981 [inline] call_netdevice_notifiers net/core/dev.c:1995 [inline] register_netdevice+0xd6f/0x1400 net/core/dev.c:10037 nsim_init_netdevsim drivers/net/netdevsim/netdev.c:317 [inline] nsim_create+0x371/0x4b0 drivers/net/netdevsim/netdev.c:365 __nsim_dev_port_add+0x24f/0x780 drivers/net/netdevsim/dev.c:1390 nsim_dev_port_add_all+0x38/0x70 drivers/net/netdevsim/dev.c:1451 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1356 [inline] free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1406 free_unref_page_prepare mm/page_alloc.c:3328 [inline] free_unref_page+0x19/0x6a0 mm/page_alloc.c:3423 __unfreeze_partials+0x17c/0x1a0 mm/slub.c:2523 qlink_free mm/kasan/quarantine.c:157 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:749 [inline] slab_alloc_node mm/slub.c:3217 [inline] kmem_cache_alloc_node+0x255/0x3f0 mm/slub.c:3267 __alloc_skb+0x151/0x270 net/core/skbuff.c:413 alloc_skb include/linux/skbuff.h:1326 [inline] nlmsg_new include/net/netlink.h:953 [inline] inet_netconf_notify_devconf+0x7b/0x130 net/ipv4/devinet.c:2103 __devinet_sysctl_unregister net/ipv4/devinet.c:2615 [inline] devinet_sysctl_unregister net/ipv4/devinet.c:2639 [inline] inetdev_event+0xb20/0x11c0 net/ipv4/devinet.c:1612 notifier_call_chain+0x94/0x170 kernel/notifier.c:84 call_netdevice_notifiers_extack net/core/dev.c:1981 [inline] call_netdevice_notifiers net/core/dev.c:1995 [inline] dev_change_name+0x488/0x740 net/core/dev.c:1224 do_setlink+0x21b8/0x2d90 net/core/rtnetlink.c:2754 __rtnl_newlink+0x94d/0x14c0 net/core/rtnetlink.c:3540 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3587 rtnetlink_rcv_msg+0x32d/0x9a0 net/core/rtnetlink.c:6083 Memory state around the buggy address: ffff8880760c2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880760c2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8880760c2200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880760c2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880760c2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================