bisecting cause commit starting from 9eaa88c7036eda3f6c215f87ca693594cf90559b
building syzkaller on 44068e196185e2f5a7c94629b6245cdde008b140
testing commit 9eaa88c7036eda3f6c215f87ca693594cf90559b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f71a74672a84da2839cb085045dbf1718ef712314473a6dbb4f110fab86a31e6
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
testing release v5.15
testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0bb7d7ced7b6e0d18e2743ecb85bf26839c3639241359921393534900576f97a
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
testing release v5.14
testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 6404d1cddce558a38d637e4c5fe2a88b6c537adb603b28608c52bddabbf3c18b
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 33b874920432d47a50dc3d01e7aeacedfafbfe51471ecc204f52c6f771e2cb3f
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 01b2b200d27d7c345207a454397b625e55e580c1e366040ff036934c7d66c532
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d67a9d18f4d2cf9c14dcd711f79bb72a51d2306c705186854d6fa8226acc00f4
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect start 9f4ad9e425a1d3b6a34617b8ea226d56a119a717 f40ddce88593482919761f74910f42f4b84c004b
Bisecting: 6798 revisions left to test after this (roughly 13 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[d99676af540c2dc829999928fb81c58c80a1dce4] Merge tag 'drm-next-2021-02-19' of git://anongit.freedesktop.org/drm/drm

testing commit d99676af540c2dc829999928fb81c58c80a1dce4
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 86d31336b6a57063956176d5112f4f1e5335a5e2d820386261119b22cd645633
run #0: basic kernel testing failed: WARNING in kvm_wait
run #1: basic kernel testing failed: WARNING in kvm_wait
run #2: crashed: WARNING in kvm_wait
run #3: crashed: WARNING in kvm_wait
run #4: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
run #5: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
run #6: boot failed: WARNING in kvm_wait
run #7: boot failed: WARNING in kvm_wait
run #8: boot failed: WARNING in kvm_wait
run #9: boot failed: WARNING in kvm_wait
# git bisect bad d99676af540c2dc829999928fb81c58c80a1dce4
Bisecting: 3717 revisions left to test after this (roughly 12 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[f9d58de23152f2c16f326d7e014cfa2933b00304] Merge tag 'affs-for-5.12-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

testing commit f9d58de23152f2c16f326d7e014cfa2933b00304
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: e0abf01e210fb7bb0f0ad91b7123663aaeb5e0c96357649f4b30a1669728c448
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad f9d58de23152f2c16f326d7e014cfa2933b00304
Bisecting: 1819 revisions left to test after this (roughly 11 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[b8af417e4d93caeefb89bbfbd56ec95dedd8dab5] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

testing commit b8af417e4d93caeefb89bbfbd56ec95dedd8dab5
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 4aa96ddc5d00bdf18c25efa1a2bb9af4573d47ce4fad79e76c77c56e0dd0d4d8
all runs: OK
# git bisect good b8af417e4d93caeefb89bbfbd56ec95dedd8dab5
Bisecting: 948 revisions left to test after this (roughly 10 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[82851fce6107d5a3e66d95aee2ae68860a732703] Merge tag 'arm-dt-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 82851fce6107d5a3e66d95aee2ae68860a732703
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7a9afa875842a14aac02293211f69e90547858331baa2a270aeca58352260209
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad 82851fce6107d5a3e66d95aee2ae68860a732703
Bisecting: 431 revisions left to test after this (roughly 9 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[b7976dcf363be984b8a33242f8e6b3b196f9c329] Merge tag 'qcom-dts-for-5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/dt

testing commit b7976dcf363be984b8a33242f8e6b3b196f9c329
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 012ac19cfb1db2e8bcb66c2e090f7e8de67cd3769d3b44cb8ac23951d4a30546
all runs: OK
# git bisect good b7976dcf363be984b8a33242f8e6b3b196f9c329
Bisecting: 189 revisions left to test after this (roughly 8 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b] Merge tag 'arm-defconfig-v5.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 7a9afa875842a14aac02293211f69e90547858331baa2a270aeca58352260209
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad 56bf6fc266ca14d2b9276c8a62e4ff6783bfe68b
Bisecting: 120 revisions left to test after this (roughly 7 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[797d3186544fcd5bfd7a03b9ef3e20c1db3802b8] ptp: ptp_clockmatrix: Add wait_for_sys_apll_dpll_lock.

testing commit 797d3186544fcd5bfd7a03b9ef3e20c1db3802b8
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 82589415f26d91383989592a28cf17611202514f3e7f335e2e52d876b7d621d3
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad 797d3186544fcd5bfd7a03b9ef3e20c1db3802b8
Bisecting: 61 revisions left to test after this (roughly 6 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[3af409ca278d4a8d50e91f9f7c4c33b175645cf3] net: enetc: fix destroyed phylink dereference during unbind

testing commit 3af409ca278d4a8d50e91f9f7c4c33b175645cf3
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 545bf2ee8bb66767a9a1f2d245ec91ed09bb5d3758bd250d81ba58c0f47907f4
all runs: OK
# git bisect good 3af409ca278d4a8d50e91f9f7c4c33b175645cf3
Bisecting: 33 revisions left to test after this (roughly 5 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[18af77c50fede5b3fc22aa9f0a9b255a5c5285c9] drivers: net: xilinx_emaclite: remove arch limitation

testing commit 18af77c50fede5b3fc22aa9f0a9b255a5c5285c9
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 88b6f850d53e76976b993064ec5131ac6ff64307aecabcae4a55d06fe94ac327
all runs: OK
# git bisect good 18af77c50fede5b3fc22aa9f0a9b255a5c5285c9
Bisecting: 16 revisions left to test after this (roughly 4 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[c544fcb4cbae77f7c6106c5e12c39c7c52f4de00] Merge branch 'broadcom-next'

testing commit c544fcb4cbae77f7c6106c5e12c39c7c52f4de00
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0ecec0ac678e5d5021f453459e2d39c998aa1e823a170311973cb67a280a3618
all runs: OK
# git bisect good c544fcb4cbae77f7c6106c5e12c39c7c52f4de00
Bisecting: 7 revisions left to test after this (roughly 3 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[32511f8e498045a82f603454b21b34ad892a79c6] Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

testing commit 32511f8e498045a82f603454b21b34ad892a79c6
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 82589415f26d91383989592a28cf17611202514f3e7f335e2e52d876b7d621d3
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad 32511f8e498045a82f603454b21b34ad892a79c6
Bisecting: 4 revisions left to test after this (roughly 2 steps)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[597565556581d59641c0be50acaae87f7391a91b] net: mscc: ocelot: select PACKING in the Kconfig

testing commit 597565556581d59641c0be50acaae87f7391a91b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: fbc7b74f293c2ce72a58f967c96eaee673bde1074f93ca393cf0520413671ccb
all runs: OK
# git bisect good 597565556581d59641c0be50acaae87f7391a91b
Bisecting: 2 revisions left to test after this (roughly 1 step)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[00dfe9bebdf09c37827fb71db89c66a396f1a38c] netfilter: nftables: add helper function to release hooks of one single table

testing commit 00dfe9bebdf09c37827fb71db89c66a396f1a38c
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 42364deb0390a57199e651c9ee5f47cd2412de5b365c922dd74e03d555a0ae2a
all runs: OK
# git bisect good 00dfe9bebdf09c37827fb71db89c66a396f1a38c
Bisecting: 1 revision left to test after this (roughly 1 step)
warning: unable to access '/syzkaller/.config/git/ignore': Permission denied
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
[6001a930ce0378b62210d4f83583fc88a903d89d] netfilter: nftables: introduce table ownership

testing commit 6001a930ce0378b62210d4f83583fc88a903d89d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: cbadd5571d270a48fad38fe1648b0989ff74e637d61016bee8222610332fdab1
all runs: crashed: KASAN: use-after-free Read in nf_hook_entries_grow
# git bisect bad 6001a930ce0378b62210d4f83583fc88a903d89d
warning: unable to access '/syzkaller/.config/git/attributes': Permission denied
6001a930ce0378b62210d4f83583fc88a903d89d is the first bad commit
commit 6001a930ce0378b62210d4f83583fc88a903d89d
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Mon Feb 15 12:28:07 2021 +0100

    netfilter: nftables: introduce table ownership
    
    A userspace daemon like firewalld might need to monitor for netlink
    updates to detect its ruleset removal by the (global) flush ruleset
    command to ensure ruleset persistency. This adds extra complexity from
    userspace and, for some little time, the firewall policy is not in
    place.
    
    This patch adds the NFT_TABLE_F_OWNER flag which allows a userspace
    program to own the table that creates in exclusivity.
    
    Tables that are owned...
    
    - can only be updated and removed by the owner, non-owners hit EPERM if
      they try to update it or remove it.
    - are destroyed when the owner closes the netlink socket or the process
      is gone (implicit netlink socket closure).
    - are skipped by the global flush ruleset command.
    - are listed in the global ruleset.
    
    The userspace process that sets on the NFT_TABLE_F_OWNER flag need to
    leave open the netlink socket.
    
    A new NFTA_TABLE_OWNER netlink attribute specifies the netlink port ID
    to identify the owner from userspace.
    
    This patch also updates error reporting when an unknown table flag is
    specified to change it from EINVAL to EOPNOTSUPP given that EINVAL is
    usually reserved to report for malformed netlink messages to userspace.
    
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

 include/net/netfilter/nf_tables.h        |   6 ++
 include/uapi/linux/netfilter/nf_tables.h |   5 +
 net/netfilter/nf_tables_api.c            | 163 ++++++++++++++++++++++---------
 3 files changed, 128 insertions(+), 46 deletions(-)

culprit signature: cbadd5571d270a48fad38fe1648b0989ff74e637d61016bee8222610332fdab1
parent  signature: 42364deb0390a57199e651c9ee5f47cd2412de5b365c922dd74e03d555a0ae2a
revisions tested: 20, total time: 3h31m37.082514209s (build: 2h1m33.640356003s, test: 1h27m50.65591816s)
first bad commit: 6001a930ce0378b62210d4f83583fc88a903d89d netfilter: nftables: introduce table ownership
recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "fw@strlen.de" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pablo@netfilter.org" "pablo@netfilter.org"]
recipients (cc): ["linux-kernel@vger.kernel.org"]
crash: KASAN: use-after-free Read in nf_hook_entries_grow
==================================================================
BUG: KASAN: use-after-free in nf_hook_entries_grow+0x63a/0x900 net/netfilter/core.c:142
Read of size 4 at addr ffff88801da79e38 by task syz-executor463/5956

CPU: 1 PID: 5956 Comm: syz-executor463 Not tainted 5.11.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x9a/0xcc lib/dump_stack.c:120
 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:230
 __kasan_report mm/kasan/report.c:396 [inline]
 kasan_report.cold+0x79/0xd5 mm/kasan/report.c:413
 nf_hook_entries_grow+0x63a/0x900 net/netfilter/core.c:142
 __nf_register_net_hook+0xe1/0x4c0 net/netfilter/core.c:407
 nf_register_net_hook+0xb1/0xf0 net/netfilter/core.c:541
 nft_register_flowtable_net_hooks+0x3bc/0x7a0 net/netfilter/nf_tables_api.c:6795
 nf_tables_newflowtable+0x1377/0x1f80 net/netfilter/nf_tables_api.c:6979
 nfnetlink_rcv_batch+0x68c/0x2050 net/netfilter/nfnetlink.c:456
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]
 nfnetlink_rcv+0x2bc/0x340 net/netfilter/nfnetlink.c:598
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1927
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xab/0xe0 net/socket.c:672
 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2345
 ___sys_sendmsg+0xd3/0x150 net/socket.c:2399
 __sys_sendmsg+0xb2/0x140 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f6244c997e9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe4afb03d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6244c997e9
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
R10: 000000000000000d R11: 0000000000000246 R12: 00007ffe4afb03f0
R13: 00000000000f4240 R14: 0000000000014ea8 R15: 00007ffe4afb03e4

Allocated by task 5955:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429
 kmalloc include/linux/slab.h:552 [inline]
 nft_netdev_hook_alloc+0x8a/0x190 net/netfilter/nf_tables_api.c:1735
 nf_tables_parse_netdev_hooks+0x107/0x730 net/netfilter/nf_tables_api.c:1789
 nft_flowtable_parse_hook+0x235/0x990 net/netfilter/nf_tables_api.c:6702
 nf_tables_newflowtable+0x123d/0x1f80 net/netfilter/nf_tables_api.c:6970
 nfnetlink_rcv_batch+0x68c/0x2050 net/netfilter/nfnetlink.c:456
 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]
 nfnetlink_rcv+0x2bc/0x340 net/netfilter/nfnetlink.c:598
 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
 netlink_unicast+0x42e/0x700 net/netlink/af_netlink.c:1338
 netlink_sendmsg+0x70e/0xbe0 net/netlink/af_netlink.c:1927
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xab/0xe0 net/socket.c:672
 ____sys_sendmsg+0x5bf/0x7a0 net/socket.c:2345
 ___sys_sendmsg+0xd3/0x150 net/socket.c:2399
 __sys_sendmsg+0xb2/0x140 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 5955:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46
 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:356
 ____kasan_slab_free+0xe1/0x110 mm/kasan/common.c:362
 kasan_slab_free include/linux/kasan.h:192 [inline]
 slab_free_hook mm/slub.c:1547 [inline]
 slab_free_freelist_hook+0x5d/0x150 mm/slub.c:1580
 slab_free mm/slub.c:3143 [inline]
 kfree+0xdb/0x3b0 mm/slub.c:4139
 nf_tables_flowtable_destroy+0x1c8/0x380 net/netfilter/nf_tables_api.c:7380
 __nft_release_table+0x579/0xe60 net/netfilter/nf_tables_api.c:9054
 nft_rcv_nl_event+0x3ac/0x510 net/netfilter/nf_tables_api.c:9113
 notifier_call_chain+0x94/0x170 kernel/notifier.c:83
 blocking_notifier_call_chain kernel/notifier.c:337 [inline]
 blocking_notifier_call_chain+0x5d/0x80 kernel/notifier.c:325
 netlink_release+0xa1f/0x17d0 net/netlink/af_netlink.c:783
 __sock_release+0xbb/0x270 net/socket.c:597
 sock_close+0xf/0x20 net/socket.c:1256
 __fput+0x204/0x870 fs/file_table.c:280
 task_work_run+0xc0/0x160 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x249/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff88801da79e00
 which belongs to the cache kmalloc-96 of size 96
The buggy address is located 56 bytes inside of
 96-byte region [ffff88801da79e00, ffff88801da79e60)
The buggy address belongs to the page:
page:000000000f99545d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1da79
flags: 0xfff00000000200(slab)
raw: 00fff00000000200 dead000000000100 dead000000000122 ffff88800f441780
raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 4769, ts 85692928283
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x144/0x1c0 mm/page_alloc.c:2297
 prep_new_page mm/page_alloc.c:2306 [inline]
 get_page_from_freelist+0x1c6e/0x3f80 mm/page_alloc.c:3945
 __alloc_pages_nodemask+0x2d6/0x730 mm/page_alloc.c:4995
 alloc_pages include/linux/gfp.h:547 [inline]
 alloc_slab_page mm/slub.c:1618 [inline]
 allocate_slab+0x2b6/0x4a0 mm/slub.c:1758
 new_slab mm/slub.c:1821 [inline]
 new_slab_objects mm/slub.c:2578 [inline]
 ___slab_alloc+0x476/0x790 mm/slub.c:2741
 __slab_alloc.constprop.0+0x95/0xe0 mm/slub.c:2781
 slab_alloc_node mm/slub.c:2857 [inline]
 slab_alloc mm/slub.c:2900 [inline]
 kmem_cache_alloc_trace+0x2cc/0x360 mm/slub.c:2917
 kmalloc include/linux/slab.h:552 [inline]
 __hw_addr_create_ex+0x56/0x2e0 net/core/dev_addr_lists.c:30
 __dev_mc_add net/core/dev_addr_lists.c:775 [inline]
 dev_mc_add+0xb1/0xf0 net/core/dev_addr_lists.c:792
 igmp6_group_added+0x3c9/0x4c0 net/ipv6/mcast.c:669
 __ipv6_dev_mc_inc+0x67d/0xa60 net/ipv6/mcast.c:928
 addrconf_join_solict net/ipv6/addrconf.c:2170 [inline]
 addrconf_join_solict net/ipv6/addrconf.c:2162 [inline]
 addrconf_dad_begin net/ipv6/addrconf.c:3937 [inline]
 addrconf_dad_work+0xaa4/0x10f0 net/ipv6/addrconf.c:4064
 process_one_work+0x828/0x1390 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1271 [inline]
 free_pcp_prepare+0x2cb/0x410 mm/page_alloc.c:1306
 free_unref_page_prepare mm/page_alloc.c:3200 [inline]
 free_unref_page+0x12/0x1b0 mm/page_alloc.c:3248
 unfreeze_partials+0x16c/0x1b0 mm/slub.c:2359
 put_cpu_partial+0x129/0x200 mm/slub.c:2395
 qlink_free mm/kasan/quarantine.c:146 [inline]
 qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165
 quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272
 ____kasan_kmalloc.constprop.0+0x98/0xa0 mm/kasan/common.c:412
 kasan_slab_alloc include/linux/kasan.h:209 [inline]
 slab_post_alloc_hook mm/slab.h:512 [inline]
 slab_alloc_node mm/slub.c:2892 [inline]
 slab_alloc mm/slub.c:2900 [inline]
 kmem_cache_alloc_trace+0x1be/0x360 mm/slub.c:2917
 kmalloc include/linux/slab.h:552 [inline]
 kzalloc include/linux/slab.h:682 [inline]
 keypair_create drivers/net/wireguard/noise.c:100 [inline]
 wg_noise_handshake_begin_session+0xc8/0xcc0 drivers/net/wireguard/noise.c:794
 wg_packet_send_handshake_response+0x1b9/0x2a0 drivers/net/wireguard/send.c:96
 wg_receive_handshake_packet+0x199/0x9b0 drivers/net/wireguard/receive.c:161
 wg_packet_handshake_receive_worker+0x3b/0x80 drivers/net/wireguard/receive.c:220
 process_one_work+0x828/0x1390 kernel/workqueue.c:2275
 worker_thread+0x598/0xf80 kernel/workqueue.c:2421
 kthread+0x36f/0x450 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Memory state around the buggy address:
 ffff88801da79d00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
 ffff88801da79d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff88801da79e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
                                        ^
 ffff88801da79e80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
 ffff88801da79f00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
==================================================================