ci starts bisection 2022-10-09 02:28:30.886799132 +0000 UTC m=+60855.908210951 bisecting cause commit starting from e8bc52cb8df80c31c73c726ab58ea9746e9ff734 building syzkaller on aea5da898f473385f3b66c94f8aa49ca9a1c9744 ensuring issue is reproducible on original commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 testing commit e8bc52cb8df80c31c73c726ab58ea9746e9ff734 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7467f70e66e86dec967aedc593056b0861a4cad444db1a1e2730e056268bd83a all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a4c8fac30833cc4d0eae0de3be193be0654df48cb42ee30c5e99718e168d33e2 all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 700470c6484d2f400fd536c6d553f97073a92a822e7eacb14f5ae11fe4aeb0fd all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 700934737eac45a776f700ec3cf2fb562e846d3177023f552982be98fd3d41f4 all runs: OK # git bisect start 3d7cb6b04c3f3115719235cc6866b10326de34cd 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 8493 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ba7b60512511e384d895919623e4bcee1f9a69ed6e105f2c2bb8887fa1c39c83 run #0: failed: failed to run command in VM: broken console: Permission denied (publickey) run #1: failed: failed to run command in VM: broken console: Permission denied (publickey) run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 4244 revisions left to test after this (roughly 12 steps) [5d4af9c1f04ab0411ba5818baad9a68e87f33099] Merge branch 'mv88e6xxx-fixes-for-reading-serdes-state' testing commit 5d4af9c1f04ab0411ba5818baad9a68e87f33099 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 918168d02535b06dafd011e551318a1c80570d472eed0fb8a226285b0e035764 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #2: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #3: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #4: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #5: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #6: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #7: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #8: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work run #9: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work # git bisect bad 5d4af9c1f04ab0411ba5818baad9a68e87f33099 Bisecting: 2116 revisions left to test after this (roughly 11 steps) [7e284070abe53d448517b80493863595af4ab5f0] Merge tag 'for-5.19/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit 7e284070abe53d448517b80493863595af4ab5f0 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c4c21ef39ba26e0c1fefc7d4c8b307b5f1dc47dce62d064b82246e9748b3c0d8 all runs: OK # git bisect good 7e284070abe53d448517b80493863595af4ab5f0 Bisecting: 1073 revisions left to test after this (roughly 10 steps) [664a393a2663a0f62fc1b18157ccae33dcdbb8c8] Merge tag 'input-for-v5.19-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 664a393a2663a0f62fc1b18157ccae33dcdbb8c8 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7e935e6ca2d1ac653502f02a4b0022358d1d802665f327ad23675edef4e7c51f run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 664a393a2663a0f62fc1b18157ccae33dcdbb8c8 Bisecting: 523 revisions left to test after this (roughly 9 steps) [f8a52af9d00d59fd887d8ad1fa0c2c88a5d775b9] Merge tag 'i2c-for-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux testing commit f8a52af9d00d59fd887d8ad1fa0c2c88a5d775b9 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ef805f7b88ef02c26ff028fb80391dc1c0e888a0f55e2a9f7e331373826d31f1 all runs: OK # git bisect good f8a52af9d00d59fd887d8ad1fa0c2c88a5d775b9 Bisecting: 255 revisions left to test after this (roughly 8 steps) [96752be4d7b443e6f1e322428d61f777d7d8bd4d] Merge tag 'linux-watchdog-5.19-rc1' of git://www.linux-watchdog.org/linux-watchdog testing commit 96752be4d7b443e6f1e322428d61f777d7d8bd4d gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b30f9b710f10a3df0d86ddd1202c609cfc21102424d3dad1ac536c8fa9d02a78 all runs: OK # git bisect good 96752be4d7b443e6f1e322428d61f777d7d8bd4d Bisecting: 138 revisions left to test after this (roughly 7 steps) [73503963b715a64a44aa2b1c486114b917a17c73] module: Fix prefix for module.sig_enforce module param testing commit 73503963b715a64a44aa2b1c486114b917a17c73 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8556dd7e57d68a4c8988a17c570c4ce88757cb9153c7fe8c8a8911c3403eb3d4 failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR ErrorDetails:[] Location: Message:Required 'read' permission for 'disks/ci-upstream-kasan-gce-smack-root-bisect-job-bisect-job-image.tar.gz' ForceSendFields:[] NullFields:[]}. # git bisect skip 73503963b715a64a44aa2b1c486114b917a17c73 Bisecting: 138 revisions left to test after this (roughly 7 steps) [17d8e3d90b6989419806c1926b894d7d7483a25b] Merge tag 'ceph-for-5.19-rc1' of https://github.com/ceph/ceph-client testing commit 17d8e3d90b6989419806c1926b894d7d7483a25b gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c286c88ac50e743c1d6ace5fd67d695e05ef517233d5127566f02f4fb07126a5 all runs: OK # git bisect good 17d8e3d90b6989419806c1926b894d7d7483a25b Bisecting: 73 revisions left to test after this (roughly 6 steps) [11049c9e71f38416f5b5d31ac2c51ac08c394698] Merge branch 'sfc-siena-fix-some-efx_separate_tx_channels-errors' testing commit 11049c9e71f38416f5b5d31ac2c51ac08c394698 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f031c1dcaacb68a290eae13e29963b93637f2bc7424d1b01f91ee344dd2e6381 all runs: OK # git bisect good 11049c9e71f38416f5b5d31ac2c51ac08c394698 Bisecting: 36 revisions left to test after this (roughly 5 steps) [cf67838c4422eab826679b076dad99f96152b4de] selftests net: fix bpf build error testing commit cf67838c4422eab826679b076dad99f96152b4de gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4748190d3756c4e4ab096618519df229ed02bf5ced1baf0c3d3f0446b4d88fce all runs: OK # git bisect good cf67838c4422eab826679b076dad99f96152b4de Bisecting: 17 revisions left to test after this (roughly 4 steps) [8a4d480702b71184fabcf379b80bf7539716752e] nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred testing commit 8a4d480702b71184fabcf379b80bf7539716752e gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5510ca186b95068a16085c18027b3b91568a559976766f2bbba788fa1fdcb5bb all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work # git bisect bad 8a4d480702b71184fabcf379b80bf7539716752e Bisecting: 9 revisions left to test after this (roughly 3 steps) [0737e018a05e2aa352828c52bdeed3b02cff2930] net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list testing commit 0737e018a05e2aa352828c52bdeed3b02cff2930 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2cd39731c8ea7679dbc6bfc74e1affe285d11aacbbe592c3322cc6572fd5acbe all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work # git bisect bad 0737e018a05e2aa352828c52bdeed3b02cff2930 Bisecting: 4 revisions left to test after this (roughly 2 steps) [2c9e4559773c261900c674a86b8e455911675d71] netfilter: nf_tables: always initialize flowtable hook list in transaction testing commit 2c9e4559773c261900c674a86b8e455911675d71 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 46b2e096105ee935d211bb155ed5651bd9690cee9b09882c517ad622e77ac65b all runs: OK # git bisect good 2c9e4559773c261900c674a86b8e455911675d71 Bisecting: 1 revision left to test after this (roughly 1 step) [3a41c64d9c1185a2f3a184015e2a9b78bfc99c71] netfilter: nf_tables: bail out early if hardware offload is not supported testing commit 3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c731a9fb9e62e61ea7abf21d882d3c3e991fd84dd9c9430aee2da78ae9a15503 all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work # git bisect bad 3a41c64d9c1185a2f3a184015e2a9b78bfc99c71 Bisecting: 0 revisions left to test after this (roughly 1 step) [9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3] netfilter: nf_tables: memleak flow rule from commit path testing commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 15cf52397b722f775dc34d320f057fd6ed489d6fb86c5eac72e317f002ea5ee0 all runs: crashed: KASAN: use-after-free Read in nf_tables_trans_destroy_work # git bisect bad 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 Bisecting: 0 revisions left to test after this (roughly 0 steps) [c271cc9febaaa1bcbc0842d1ee30466aa6148ea8] netfilter: nf_tables: release new hooks on unsupported flowtable flags testing commit c271cc9febaaa1bcbc0842d1ee30466aa6148ea8 gcc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e8a726df1a4b43e7d142dfb6aedceda27e2b501a619612778b3f246636a31172 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good c271cc9febaaa1bcbc0842d1ee30466aa6148ea8 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 is the first bad commit commit 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 Author: Pablo Neira Ayuso Date: Mon Jun 6 17:15:57 2022 +0200 netfilter: nf_tables: memleak flow rule from commit path Abort path release flow rule object, however, commit path does not. Update code to destroy these objects before releasing the transaction. Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support") Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 6 ++++++ 1 file changed, 6 insertions(+) culprit signature: 15cf52397b722f775dc34d320f057fd6ed489d6fb86c5eac72e317f002ea5ee0 parent signature: e8a726df1a4b43e7d142dfb6aedceda27e2b501a619612778b3f246636a31172 revisions tested: 20, total time: 4h57m27.809766019s (build: 2h21m34.967761842s, test: 2h33m6.371173479s) first bad commit: 9dd732e0bdf538b1b76dc7c157e2b5e560ff30d3 netfilter: nf_tables: memleak flow rule from commit path recipients (to): ["coreteam@netfilter.org" "davem@davemloft.net" "edumazet@google.com" "fw@strlen.de" "kadlec@netfilter.org" "kuba@kernel.org" "netdev@vger.kernel.org" "netfilter-devel@vger.kernel.org" "pabeni@redhat.com" "pablo@netfilter.org" "pablo@netfilter.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in nf_tables_trans_destroy_work ================================================================== BUG: KASAN: use-after-free in nft_commit_release net/netfilter/nf_tables_api.c:8332 [inline] BUG: KASAN: use-after-free in nf_tables_trans_destroy_work+0xd32/0xdb0 net/netfilter/nf_tables_api.c:8378 Read of size 1 at addr ffff88806acae054 by task kworker/1:2/1519 CPU: 1 PID: 1519 Comm: kworker/1:2 Not tainted 5.18.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: events nf_tables_trans_destroy_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x163/0x213 lib/dump_stack.c:106 print_address_description+0x65/0x4b0 mm/kasan/report.c:313 print_report+0xf4/0x210 mm/kasan/report.c:429 kasan_report+0xfb/0x130 mm/kasan/report.c:491 nft_commit_release net/netfilter/nf_tables_api.c:8332 [inline] nf_tables_trans_destroy_work+0xd32/0xdb0 net/netfilter/nf_tables_api.c:8378 process_one_work+0x794/0xc10 kernel/workqueue.c:2289 worker_thread+0x8ff/0xfe0 kernel/workqueue.c:2436 kthread+0x228/0x2a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 Allocated by task 4360: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc+0xdc/0x110 mm/kasan/common.c:515 kasan_kmalloc include/linux/kasan.h:234 [inline] kmem_cache_alloc_trace+0x94/0x310 mm/slub.c:3255 kmalloc include/linux/slab.h:588 [inline] kzalloc include/linux/slab.h:721 [inline] nf_tables_addchain net/netfilter/nf_tables_api.c:2253 [inline] nf_tables_newchain+0x1098/0x2920 net/netfilter/nf_tables_api.c:2586 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv+0xc5a/0x1fa0 net/netfilter/nfnetlink.c:652 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x5d8/0x850 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x752/0xb00 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0x487/0x780 net/socket.c:2492 ___sys_sendmsg net/socket.c:2546 [inline] __sys_sendmsg+0x1f5/0x2b0 net/socket.c:2575 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Freed by task 4359: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x70 mm/kasan/common.c:45 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:370 ____kasan_slab_free+0xd8/0x110 mm/kasan/common.c:366 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1727 [inline] slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1753 slab_free mm/slub.c:3507 [inline] kfree+0xc6/0x210 mm/slub.c:4555 __nft_release_table+0xbb4/0xd90 net/netfilter/nf_tables_api.c:9837 nft_rcv_nl_event+0x3cd/0x480 net/netfilter/nf_tables_api.c:9888 notifier_call_chain kernel/notifier.c:84 [inline] blocking_notifier_call_chain+0xff/0x140 kernel/notifier.c:319 netlink_release+0xce2/0x13c0 net/netlink/af_netlink.c:790 __sock_release net/socket.c:650 [inline] sock_close+0xcc/0x230 net/socket.c:1365 __fput+0x2de/0x650 fs/file_table.c:317 task_work_run+0xd6/0x160 kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0x134/0x160 kernel/entry/common.c:169 exit_to_user_mode_prepare+0xad/0x110 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x2e/0x60 kernel/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff88806acae000 which belongs to the cache kmalloc-cg-128 of size 128 The buggy address is located 84 bytes inside of 128-byte region [ffff88806acae000, ffff88806acae080) The buggy address belongs to the physical page: page:ffffea0001ab2b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6acae memcg:ffff888074a84a01 flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888010c42a00 raw: 0000000000000000 0000000080100010 00000001ffffffff ffff888074a84a01 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 4360, tgid 4359 (syz-executor.0), ts 96984445763, free_ts 96958463163 prep_new_page mm/page_alloc.c:2441 [inline] get_page_from_freelist+0x72e/0x7a0 mm/page_alloc.c:4182 __alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5408 alloc_slab_page+0x70/0xf0 mm/slub.c:1797 allocate_slab+0x5e/0x520 mm/slub.c:1942 new_slab mm/slub.c:2002 [inline] ___slab_alloc+0x41e/0xcd0 mm/slub.c:3002 __slab_alloc mm/slub.c:3089 [inline] slab_alloc_node mm/slub.c:3180 [inline] slab_alloc mm/slub.c:3222 [inline] kmem_cache_alloc_trace+0x25c/0x310 mm/slub.c:3253 kmalloc include/linux/slab.h:588 [inline] kzalloc include/linux/slab.h:721 [inline] nf_tables_addchain net/netfilter/nf_tables_api.c:2253 [inline] nf_tables_newchain+0x1098/0x2920 net/netfilter/nf_tables_api.c:2586 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv+0xc5a/0x1fa0 net/netfilter/nfnetlink.c:652 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x5d8/0x850 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x752/0xb00 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0x487/0x780 net/socket.c:2492 ___sys_sendmsg net/socket.c:2546 [inline] __sys_sendmsg+0x1f5/0x2b0 net/socket.c:2575 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1356 [inline] free_pcp_prepare+0x812/0x900 mm/page_alloc.c:1406 free_unref_page_prepare mm/page_alloc.c:3328 [inline] free_unref_page_list+0x12c/0x890 mm/page_alloc.c:3460 release_pages+0x1cfc/0x1ed0 mm/swap.c:980 tlb_batch_pages_flush mm/mmu_gather.c:50 [inline] tlb_flush_mmu_free mm/mmu_gather.c:243 [inline] tlb_flush_mmu+0x58e/0x700 mm/mmu_gather.c:250 tlb_finish_mmu+0xad/0x1c0 mm/mmu_gather.c:341 exit_mmap+0x1b0/0x480 mm/mmap.c:3142 __mmput+0xc7/0x2f0 kernel/fork.c:1189 exit_mm+0x1e5/0x290 kernel/exit.c:510 do_exit+0x427/0x1ae0 kernel/exit.c:782 do_group_exit+0x104/0x2b0 kernel/exit.c:925 get_signal+0x11f4/0x1240 kernel/signal.c:2875 arch_do_signal_or_restart+0x8d/0x750 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop+0x74/0x160 kernel/entry/common.c:166 exit_to_user_mode_prepare+0xad/0x110 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x2e/0x60 kernel/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Memory state around the buggy address: ffff88806acadf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88806acadf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88806acae000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88806acae080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88806acae100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================