bisecting cause commit starting from 37ecb5b8b8cd3156e739fd1c56a8e3842b72ebad
building syzkaller on a4d01b8075bac9c99ca96de1be1975329af85157
testing commit 37ecb5b8b8cd3156e739fd1c56a8e3842b72ebad with gcc (GCC) 8.1.0
kernel signature: 45276cc39c60a7ce10d32917b70bfcc43091f171cab7559d9b74869c3d108e47
run #0: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #1: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #2: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #3: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #4: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #5: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #6: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #7: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #8: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #9: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0
kernel signature: da4df7a88e6b6bfd96bf6f9bf7a32e6966f11c2b0ffac619715f603e25bcfd37
all runs: OK
# git bisect start 37ecb5b8b8cd3156e739fd1c56a8e3842b72ebad 7111951b8d4973bda27ff663f2cf18b663d15b48
Bisecting: 6698 revisions left to test after this (roughly 13 steps)
[f365ab31efacb70bed1e821f7435626e0b2528a6] Merge tag 'drm-next-2020-04-01' of git://anongit.freedesktop.org/drm/drm
testing commit f365ab31efacb70bed1e821f7435626e0b2528a6 with gcc (GCC) 8.1.0
kernel signature: 3dab15c7d60a1e345b828dffe6000279072a0f080ba96a0d14c97efc36e639d6
all runs: OK
# git bisect good f365ab31efacb70bed1e821f7435626e0b2528a6
Bisecting: 3348 revisions left to test after this (roughly 12 steps)
[828907ef25e0133f50c346ef5a3c79a707a9b100] Merge tag 'gpio-v5.7-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
testing commit 828907ef25e0133f50c346ef5a3c79a707a9b100 with gcc (GCC) 8.1.0
kernel signature: 520cd24c6230cc1427058695953cda49c8fac637fd987e753cd3f164787ed06b
all runs: OK
# git bisect good 828907ef25e0133f50c346ef5a3c79a707a9b100
Bisecting: 1669 revisions left to test after this (roughly 11 steps)
[172edde9604941f61d75bb3b4f88068204f8c086] Merge tag 'io_uring-5.7-2020-04-09' of git://git.kernel.dk/linux-block
testing commit 172edde9604941f61d75bb3b4f88068204f8c086 with gcc (GCC) 8.1.0
kernel signature: f285c9164f6487e15c33ac1c04b1e1b73f5955b0bc4cee5f3a31182b683811cc
all runs: OK
# git bisect good 172edde9604941f61d75bb3b4f88068204f8c086
Bisecting: 835 revisions left to test after this (roughly 10 steps)
[7adc4b399952f439cfd43ee041ec9451ad9f567f] Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
testing commit 7adc4b399952f439cfd43ee041ec9451ad9f567f with gcc (GCC) 8.1.0
kernel signature: 4b5c0642c6d473fbf654de77a875629c8099b7dfa08c9c6d228e6b56a12c0d6d
all runs: OK
# git bisect good 7adc4b399952f439cfd43ee041ec9451ad9f567f
Bisecting: 345 revisions left to test after this (roughly 9 steps)
[d483389678f9e03d53f226641ea39679debcbc81] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
testing commit d483389678f9e03d53f226641ea39679debcbc81 with gcc (GCC) 8.1.0
kernel signature: dd1a08d7b0e87db49a82f4a2fb7c812f42c3a4daf7ce002cd9d815955d122800
all runs: OK
# git bisect good d483389678f9e03d53f226641ea39679debcbc81
Bisecting: 172 revisions left to test after this (roughly 8 steps)
[3bc67e098c3e215f6e09ba3c0e1f569e7ae020d0] net/smc: adapt SMC remote CONFIRM_RKEY processing to use the LLC flow
testing commit 3bc67e098c3e215f6e09ba3c0e1f569e7ae020d0 with gcc (GCC) 8.1.0
kernel signature: cf1aa2d39af20d884afb1253d7bdfd0006f773804f761ba2ffaece80ba1256a7
all runs: OK
# git bisect good 3bc67e098c3e215f6e09ba3c0e1f569e7ae020d0
Bisecting: 108 revisions left to test after this (roughly 7 steps)
[ec9cdca0663a543ede2072ff091beec1787e3374] net/mlx5e: Unify reserving space for WQEs
testing commit ec9cdca0663a543ede2072ff091beec1787e3374 with gcc (GCC) 8.1.0
kernel signature: 38aff8de48fccaa4eb38779ae006dd0507c4d198b2c49e372d04f94430924590
all runs: OK
# git bisect good ec9cdca0663a543ede2072ff091beec1787e3374
Bisecting: 54 revisions left to test after this (roughly 6 steps)
[466010342e89240c45746f65767c7290b96a4b36] mlxsw: spectrum_span: Add APIs to get / put a SPAN agent
testing commit 466010342e89240c45746f65767c7290b96a4b36 with gcc (GCC) 8.1.0
kernel signature: 66d515a73554ef17691a6ad3a4764e668f3abbcbdd0c5755436b1c74a82f29a4
run #0: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #1: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #2: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #3: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #4: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #5: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #6: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #7: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #8: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #9: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
# git bisect bad 466010342e89240c45746f65767c7290b96a4b36
Bisecting: 26 revisions left to test after this (roughly 5 steps)
[13df433f8c1333cd0f60e5e1878380a37576118a] docs: networking: convert nf_conntrack-sysctl.txt to ReST
testing commit 13df433f8c1333cd0f60e5e1878380a37576118a with gcc (GCC) 8.1.0
kernel signature: 62c1ad052aaf48d70a9733621db8b799ad87789a747febd6f6deb6ab03d68e7b
run #0: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #1: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #2: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #3: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #4: crashed: general protection fault in inet_diag_bc_sk
run #5: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #6: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #7: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #8: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #9: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
# git bisect bad 13df433f8c1333cd0f60e5e1878380a37576118a
Bisecting: 13 revisions left to test after this (roughly 4 steps)
[6e3a401fc8af01828bcdc92d713195d318b36e7e] inet_diag: add cgroup id attribute
testing commit 6e3a401fc8af01828bcdc92d713195d318b36e7e with gcc (GCC) 8.1.0
kernel signature: ed9de79a176eec5a78522ab43f55c24f5045a07c9d9a70aced46fb011aabc4e2
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: boot failed: can't ssh into the instance
# git bisect good 6e3a401fc8af01828bcdc92d713195d318b36e7e
Bisecting: 6 revisions left to test after this (roughly 3 steps)
[e14fd64dcda5668c5dd5e59421fc5c61ce6d5951] docs: networking: convert mpls-sysctl.txt to ReST
testing commit e14fd64dcda5668c5dd5e59421fc5c61ce6d5951 with gcc (GCC) 8.1.0
kernel signature: 00af4d41f4a2f74aac9f2be35a959613cd770ea026d6382977ee2f4d6a424d76
run #0: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #1: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #2: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #3: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #4: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #5: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #6: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #7: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #8: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #9: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
# git bisect bad e14fd64dcda5668c5dd5e59421fc5c61ce6d5951
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[10ebb22137acd97083cb52d8664cdff269e8a629] docs: networking: convert l2tp.txt to ReST
testing commit 10ebb22137acd97083cb52d8664cdff269e8a629 with gcc (GCC) 8.1.0
kernel signature: f9e520a1631551e0cbf66cd3331ecaf87c2048d04b2d11ce4fd377e406a4ae26
run #0: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #1: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #2: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #3: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #4: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #5: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #6: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #7: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #8: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #9: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
# git bisect bad 10ebb22137acd97083cb52d8664cdff269e8a629
Bisecting: 0 revisions left to test after this (roughly 1 step)
[9f04960660bf5468caaf9da2752f6f35020e4679] Merge branch 'inet_diag-add-cgroup-attribute-and-filter'
testing commit 9f04960660bf5468caaf9da2752f6f35020e4679 with gcc (GCC) 8.1.0
kernel signature: 49aeeb0c14360ddbcfe1df39dad47f23127428ffe66dd1c24d1f8bff468ddfe1
run #0: crashed: general protection fault in inet_diag_bc_sk
run #1: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #2: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #3: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #4: crashed: general protection fault in inet_diag_bc_sk
run #5: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #6: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #7: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #8: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #9: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
# git bisect bad 9f04960660bf5468caaf9da2752f6f35020e4679
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b1f3e43dbfacfcd95296b0f80f84b186add9ef54] inet_diag: add support for cgroup filter
testing commit b1f3e43dbfacfcd95296b0f80f84b186add9ef54 with gcc (GCC) 8.1.0
kernel signature: 9b29d4dd8c028a82c6bc0e7bdcf50367c0f2a81a3b303c0e286bffbc5e893a7e
run #0: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #1: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #2: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #3: crashed: general protection fault in inet_diag_bc_sk
run #4: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #5: crashed: general protection fault in inet_diag_bc_sk
run #6: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #7: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
run #8: crashed: KASAN: slab-out-of-bounds Read in inet_diag_bc_sk
run #9: crashed: KASAN: use-after-free Read in inet_diag_bc_sk
# git bisect bad b1f3e43dbfacfcd95296b0f80f84b186add9ef54
b1f3e43dbfacfcd95296b0f80f84b186add9ef54 is the first bad commit
commit b1f3e43dbfacfcd95296b0f80f84b186add9ef54
Author: Dmitry Yakunin <zeil@yandex-team.ru>
Date:   Thu Apr 30 18:51:15 2020 +0300

    inet_diag: add support for cgroup filter
    
    This patch adds ability to filter sockets based on cgroup v2 ID.
    Such filter is helpful in ss utility for filtering sockets by
    cgroup pathname.
    
    Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
    Reviewed-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/uapi/linux/inet_diag.h |  1 +
 net/ipv4/inet_diag.c           | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
culprit signature: 9b29d4dd8c028a82c6bc0e7bdcf50367c0f2a81a3b303c0e286bffbc5e893a7e
parent  signature: ed9de79a176eec5a78522ab43f55c24f5045a07c9d9a70aced46fb011aabc4e2
revisions tested: 16, total time: 3h36m14.952988448s (build: 1h32m41.122500764s, test: 2h2m34.938761656s)
first bad commit: b1f3e43dbfacfcd95296b0f80f84b186add9ef54 inet_diag: add support for cgroup filter
cc: ["davem@davemloft.net" "khlebnikov@yandex-team.ru" "zeil@yandex-team.ru"]
crash: KASAN: use-after-free Read in inet_diag_bc_sk
==================================================================
BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:199 [inline]
BUG: KASAN: use-after-free in sock_cgroup_ptr include/linux/cgroup.h:836 [inline]
BUG: KASAN: use-after-free in inet_diag_bc_sk+0xa5a/0xfa0 net/ipv4/inet_diag.c:749
Read of size 8 at addr ffff88809f8c9200 by task syz-executor.5/8453

CPU: 1 PID: 8453 Comm: syz-executor.5 Not tainted 5.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x128/0x182 lib/dump_stack.c:118
 print_address_description.constprop.8.cold.10+0x9/0x317 mm/kasan/report.c:382
 __kasan_report.cold.11+0x35/0x4d mm/kasan/report.c:511
 kasan_report+0x32/0x50 mm/kasan/common.c:625
 __read_once_size include/linux/compiler.h:199 [inline]
 sock_cgroup_ptr include/linux/cgroup.h:836 [inline]
 inet_diag_bc_sk+0xa5a/0xfa0 net/ipv4/inet_diag.c:749
 inet_diag_dump_icsk+0x98c/0xf30 net/ipv4/inet_diag.c:1061
 __inet_diag_dump+0xf7/0x1b0 net/ipv4/inet_diag.c:1113
 netlink_dump+0x481/0xf50 net/netlink/af_netlink.c:2245
 __netlink_dump_start+0x567/0x820 net/netlink/af_netlink.c:2353
 netlink_dump_start include/linux/netlink.h:246 [inline]
 inet_diag_handler_cmd+0x1fe/0x280 net/ipv4/inet_diag.c:1278
 __sock_diag_cmd net/core/sock_diag.c:233 [inline]
 sock_diag_rcv_msg+0x282/0x370 net/core/sock_diag.c:264
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 sock_diag_rcv+0x21/0x30 net/core/sock_diag.c:275
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 sock_write_iter+0x218/0x380 net/socket.c:1004
 call_write_iter include/linux/fs.h:1907 [inline]
 do_iter_readv_writev+0x4f1/0x7c0 fs/read_write.c:694
 do_iter_write+0x129/0x540 fs/read_write.c:999
 vfs_writev+0x16d/0x2d0 fs/read_write.c:1072
 do_writev+0x214/0x280 fs/read_write.c:1115
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c829
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3278f3bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000050d140 RCX: 000000000045c829
RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000006
RBP: 000000000078c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000d18 R14: 00000000004cb1f4 R15: 00007f3278f3c6d4

Allocated by task 7182:
 save_stack+0x19/0x40 mm/kasan/common.c:49
 set_track mm/kasan/common.c:57 [inline]
 __kasan_kmalloc.constprop.17+0xc1/0xd0 mm/kasan/common.c:495
 __kmalloc_reserve.isra.46+0x29/0xa0 net/core/skbuff.c:142
 __alloc_skb+0xbd/0x510 net/core/skbuff.c:210
 alloc_skb include/linux/skbuff.h:1083 [inline]
 nlmsg_new include/net/netlink.h:888 [inline]
 rtmsg_fib+0x17f/0xcb0 net/ipv4/fib_semantics.c:512
 fib_table_insert+0x730/0x1980 net/ipv4/fib_trie.c:1352
 fib_magic.isra.23+0x34a/0x500 net/ipv4/fib_frontend.c:1084
 fib_add_ifaddr+0x2e1/0x460 net/ipv4/fib_frontend.c:1119
 fib_netdev_event+0x1c1/0x390 net/ipv4/fib_frontend.c:1465
 notifier_call_chain+0x86/0x150 kernel/notifier.c:83
 call_netdevice_notifiers_extack net/core/dev.c:1960 [inline]
 call_netdevice_notifiers net/core/dev.c:1974 [inline]
 __dev_notify_flags+0xda/0x240 net/core/dev.c:8189
 dev_change_flags+0xdf/0x160 net/core/dev.c:8227
 do_setlink+0x963/0x2ca0 net/core/rtnetlink.c:2605
 __rtnl_newlink+0x9cb/0x1250 net/core/rtnetlink.c:3273
 rtnl_newlink+0x5c/0x80 net/core/rtnetlink.c:3398
 rtnetlink_rcv_msg+0x346/0x8c0 net/core/rtnetlink.c:5461
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 __sys_sendto+0x1d9/0x2b0 net/socket.c:2000
 __do_sys_sendto net/socket.c:2012 [inline]
 __se_sys_sendto net/socket.c:2008 [inline]
 __x64_sys_sendto+0xd8/0x1b0 net/socket.c:2008
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3

Freed by task 7182:
 save_stack+0x19/0x40 mm/kasan/common.c:49
 set_track mm/kasan/common.c:57 [inline]
 kasan_set_free_info mm/kasan/common.c:317 [inline]
 __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:456
 __cache_free mm/slab.c:3426 [inline]
 kfree+0x107/0x2b0 mm/slab.c:3757
 pskb_expand_head+0x25f/0xaa0 net/core/skbuff.c:1660
 netlink_trim+0x191/0x1f0 net/netlink/af_netlink.c:1285
 netlink_broadcast_filtered+0x57/0xab0 net/netlink/af_netlink.c:1490
 netlink_broadcast net/netlink/af_netlink.c:1535 [inline]
 nlmsg_multicast include/net/netlink.h:968 [inline]
 nlmsg_notify+0x68/0x150 net/netlink/af_netlink.c:2512
 rtmsg_fib+0x353/0xcb0 net/ipv4/fib_semantics.c:531
 fib_table_insert+0x730/0x1980 net/ipv4/fib_trie.c:1352
 fib_magic.isra.23+0x34a/0x500 net/ipv4/fib_frontend.c:1084
 fib_add_ifaddr+0x2e1/0x460 net/ipv4/fib_frontend.c:1119
 fib_netdev_event+0x1c1/0x390 net/ipv4/fib_frontend.c:1465
 notifier_call_chain+0x86/0x150 kernel/notifier.c:83
 call_netdevice_notifiers_extack net/core/dev.c:1960 [inline]
 call_netdevice_notifiers net/core/dev.c:1974 [inline]
 __dev_notify_flags+0xda/0x240 net/core/dev.c:8189
 dev_change_flags+0xdf/0x160 net/core/dev.c:8227
 do_setlink+0x963/0x2ca0 net/core/rtnetlink.c:2605
 __rtnl_newlink+0x9cb/0x1250 net/core/rtnetlink.c:3273
 rtnl_newlink+0x5c/0x80 net/core/rtnetlink.c:3398
 rtnetlink_rcv_msg+0x346/0x8c0 net/core/rtnetlink.c:5461
 netlink_rcv_skb+0x119/0x340 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x434/0x630 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x714/0xc60 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xac/0xe0 net/socket.c:672
 __sys_sendto+0x1d9/0x2b0 net/socket.c:2000
 __do_sys_sendto net/socket.c:2012 [inline]
 __se_sys_sendto net/socket.c:2008 [inline]
 __x64_sys_sendto+0xd8/0x1b0 net/socket.c:2008
 do_syscall_64+0xc6/0x620 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3

The buggy address belongs to the object at ffff88809f8c9000
 which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 512 bytes inside of
 1024-byte region [ffff88809f8c9000, ffff88809f8c9400)
The buggy address belongs to the page:
page:ffffea00027e3240 refcount:1 mapcount:0 mapping:0000000037a253c0 index:0x0
flags: 0xfffe0000000200(slab)
raw: 00fffe0000000200 ffffea000230f7c8 ffffea0002696448 ffff8880aa400c40
raw: 0000000000000000 ffff88809f8c9000 0000000100000002 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88809f8c9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88809f8c9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88809f8c9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                   ^
 ffff88809f8c9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88809f8c9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================