bisecting cause commit starting from 5694cecdb092656a822287a6691aa7ce668c8160 building syzkaller on 8a41a0ad8ed91a6c7a65663b1bacaf6d79cde558 testing commit 5694cecdb092656a822287a6691aa7ce668c8160 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: INFO: task hung in __flush_work run #4: crashed: INFO: task hung in __flush_work run #5: crashed: INFO: task hung in __flush_work run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor938704391" "root@10.128.15.204:./syz-executor938704391"]: exit status 1 ssh: connect to host 10.128.15.204 port 22: Connection timed out lost connection run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect start v4.20 v4.19 Bisecting: 7499 revisions left to test after this (roughly 13 steps) [ec9c166434595382be3babf266febf876327774d] Merge tag 'mips_fixes_4.20_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux testing commit ec9c166434595382be3babf266febf876327774d with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #5: crashed: INFO: task hung in __flush_work run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work # git bisect bad ec9c166434595382be3babf266febf876327774d Bisecting: 3252 revisions left to test after this (roughly 12 steps) [50b825d7e87f4cff7070df6eb26390152bb29537] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 50b825d7e87f4cff7070df6eb26390152bb29537 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #5: crashed: INFO: task hung in __flush_work run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work # git bisect bad 50b825d7e87f4cff7070df6eb26390152bb29537 Bisecting: 2120 revisions left to test after this (roughly 11 steps) [99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5] Merge tag 'mlx5-updates-2018-10-17' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5 with gcc (GCC) 8.1.0 run #0: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #5: crashed: INFO: task hung in __flush_work run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work # git bisect bad 99e9acd85ccbdc8f5785f9e961d4956e96bd6aa5 Bisecting: 989 revisions left to test after this (roughly 10 steps) [d793fb46822ff7408a1767313ef6b12e811baa55] Merge tag 'wireless-drivers-next-for-davem-2018-10-02' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next testing commit d793fb46822ff7408a1767313ef6b12e811baa55 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #2: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #3: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #4: basic kernel testing failed: timed out run #5: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt run #6: crashed: INFO: task hung in __flush_work run #7: crashed: INFO: task hung in __flush_work run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work # git bisect bad d793fb46822ff7408a1767313ef6b12e811baa55 Bisecting: 565 revisions left to test after this (roughly 9 steps) [72b0094f918294e6cb8cf5c3b4520d928fbb1a57] tcp: switch tcp_clock_ns() to CLOCK_TAI base testing commit 72b0094f918294e6cb8cf5c3b4520d928fbb1a57 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: crashed: KASAN: use-after-free Read in tls_write_space run #5: basic kernel testing failed: timed out run #6: crashed: KASAN: use-after-free Read in tls_write_space run #7: crashed: WARNING in sk_stream_kill_queues run #8: crashed: KASAN: use-after-free Read in tls_write_space run #9: crashed: INFO: task hung in __flush_work # git bisect bad 72b0094f918294e6cb8cf5c3b4520d928fbb1a57 Bisecting: 282 revisions left to test after this (roughly 8 steps) [250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8] staging: rtl8192e: Use __skb_peek(). testing commit 250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 250bb6f0f8240a6addbb3fe9c9dbd4abd79503c8 Bisecting: 141 revisions left to test after this (roughly 7 steps) [56184e01c00d6d23609f9f9e52cc731568e8088f] iavf: rename most of i40e strings testing commit 56184e01c00d6d23609f9f9e52cc731568e8088f with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor040401984" "root@10.128.10.26:./syz-executor040401984"]: exit status 1 ssh: connect to host 10.128.10.26 port 22: Connection timed out lost connection run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor197402271" "root@10.128.0.180:./syz-executor197402271"]: exit status 1 ssh: connect to host 10.128.0.180 port 22: Connection timed out lost connection run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 56184e01c00d6d23609f9f9e52cc731568e8088f Bisecting: 70 revisions left to test after this (roughly 6 steps) [c8c618afc2b22067d6f37e2e41d9bba209fe0036] net: ibm: remove redundant local variables 'act_nr_of_entries' and 'act_pages' testing commit c8c618afc2b22067d6f37e2e41d9bba209fe0036 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good c8c618afc2b22067d6f37e2e41d9bba209fe0036 Bisecting: 34 revisions left to test after this (roughly 5 steps) [1ba2a720da72b11435dbe278c6ab83aac75734e5] Merge branch 'kfree_skb-NULL' testing commit 1ba2a720da72b11435dbe278c6ab83aac75734e5 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 1ba2a720da72b11435dbe278c6ab83aac75734e5 Bisecting: 17 revisions left to test after this (roughly 4 steps) [30f8eb55873ef078f5f02f636061d9399debbeab] net: if_arp: Fix incorrect indents testing commit 30f8eb55873ef078f5f02f636061d9399debbeab with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: crashed: KASAN: use-after-free Read in tls_write_space run #4: crashed: KASAN: use-after-free Read in tls_write_space run #5: basic kernel testing failed: timed out run #6: crashed: KASAN: use-after-free Read in tls_write_space run #7: crashed: KASAN: slab-out-of-bounds Read in tls_write_space run #8: crashed: INFO: task hung in __flush_work run #9: crashed: INFO: task hung in __flush_work # git bisect bad 30f8eb55873ef078f5f02f636061d9399debbeab Bisecting: 8 revisions left to test after this (roughly 3 steps) [075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce] net: phy: don't reschedule state machine when PHY is halted testing commit 075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 075ddebc3283e83ac56fcc8f4bb44c15cef0d7ce Bisecting: 4 revisions left to test after this (roughly 2 steps) [94e7c844990f0db92418586b107be135b4963b66] net: lan78xx: Avoid unnecessary self assignment testing commit 94e7c844990f0db92418586b107be135b4963b66 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: basic kernel testing failed: timed out run #7: basic kernel testing failed: timed out run #8: OK run #9: OK # git bisect skip 94e7c844990f0db92418586b107be135b4963b66 Bisecting: 4 revisions left to test after this (roughly 2 steps) [b78ac6ecd1b6b46f8767cbafa95a7b0b51b87ad8] net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider testing commit b78ac6ecd1b6b46f8767cbafa95a7b0b51b87ad8 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor008128786" "root@10.128.10.54:./syz-executor008128786"]: exit status 1 ssh: connect to host 10.128.10.54 port 22: Connection timed out lost connection run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "22" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/syzkaller/jobs/linux/workdir/image/key" "/tmp/syz-executor434438473" "root@10.128.10.15:./syz-executor434438473"]: exit status 1 ssh: connect to host 10.128.10.15 port 22: Connection timed out lost connection run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good b78ac6ecd1b6b46f8767cbafa95a7b0b51b87ad8 Bisecting: 1 revision left to test after this (roughly 1 step) [06983aa526c759ebdf43f202d8d0491d9494e2f4] net: freescale: fix return type of ndo_start_xmit function testing commit 06983aa526c759ebdf43f202d8d0491d9494e2f4 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 06983aa526c759ebdf43f202d8d0491d9494e2f4 Bisecting: 0 revisions left to test after this (roughly 0 steps) [a42055e8d2c30d4decfc13ce943d09c7b9dad221] net/tls: Add support for async encryption of records for performance testing commit a42055e8d2c30d4decfc13ce943d09c7b9dad221 with gcc (GCC) 8.1.0 run #0: basic kernel testing failed: timed out run #1: basic kernel testing failed: timed out run #2: basic kernel testing failed: timed out run #3: basic kernel testing failed: timed out run #4: basic kernel testing failed: timed out run #5: basic kernel testing failed: timed out run #6: crashed: KASAN: use-after-free Read in tls_write_space run #7: basic kernel testing failed: timed out run #8: basic kernel testing failed: timed out run #9: crashed: KASAN: use-after-free Read in generic_gcmaes_encrypt # git bisect bad a42055e8d2c30d4decfc13ce943d09c7b9dad221 a42055e8d2c30d4decfc13ce943d09c7b9dad221 is the first bad commit commit a42055e8d2c30d4decfc13ce943d09c7b9dad221 Author: Vakul Garg Date: Fri Sep 21 09:46:13 2018 +0530 net/tls: Add support for async encryption of records for performance In current implementation, tls records are encrypted & transmitted serially. Till the time the previously submitted user data is encrypted, the implementation waits and on finish starts transmitting the record. This approach of encrypt-one record at a time is inefficient when asynchronous crypto accelerators are used. For each record, there are overheads of interrupts, driver softIRQ scheduling etc. Also the crypto accelerator sits idle most of time while an encrypted record's pages are handed over to tcp stack for transmission. This patch enables encryption of multiple records in parallel when an async capable crypto accelerator is present in system. This is achieved by allowing the user space application to send more data using sendmsg() even while previously issued data is being processed by crypto accelerator. This requires returning the control back to user space application after submitting encryption request to accelerator. This also means that zero-copy mode of encryption cannot be used with async accelerator as we must be done with user space application buffer before returning from sendmsg(). There can be multiple records in flight to/from the accelerator. Each of the record is represented by 'struct tls_rec'. This is used to store the memory pages for the record. After the records are encrypted, they are added in a linked list called tx_ready_list which contains encrypted tls records sorted as per tls sequence number. The records from tx_ready_list are transmitted using a newly introduced function called tls_tx_records(). The tx_ready_list is polled for any record ready to be transmitted in sendmsg(), sendpage() after initiating encryption of new tls records. This achieves parallel encryption and transmission of records when async accelerator is present. There could be situation when crypto accelerator completes encryption later than polling of tx_ready_list by sendmsg()/sendpage(). Therefore we need a deferred work context to be able to transmit records from tx_ready_list. The deferred work context gets scheduled if applications are not sending much data through the socket. If the applications issue sendmsg()/sendpage() in quick succession, then the scheduling of tx_work_handler gets cancelled as the tx_ready_list would be polled from application's context itself. This saves scheduling overhead of deferred work. The patch also brings some side benefit. We are able to get rid of the concept of CLOSED record. This is because the records once closed are either encrypted and then placed into tx_ready_list or if encryption fails, the socket error is set. This simplifies the kernel tls sendpath. However since tls_device.c is still using macros, accessory functions for CLOSED records have been retained. Signed-off-by: Vakul Garg Signed-off-by: David S. Miller :040000 040000 3d612ab648b98bcf8d858d9b038edc4e9610af17 e709cb2c5bf2154d7bc5e7f69873c1f9b1a82b9f M include :040000 040000 a414ef7f5a06dfe36221471957c7adcf8ee457c9 c7d7f747d7ce08f890acffc7f0476d28b650be5b M net revisions tested: 18, total time: 4h50m59.722011854s (build: 1h50m48.909323098s, test: 2h53m10.03460984s) first bad commit: a42055e8d2c30d4decfc13ce943d09c7b9dad221 net/tls: Add support for async encryption of records for performance cc: ["aviadye@mellanox.com" "borisp@mellanox.com" "davejwatson@fb.com" "davem@davemloft.net" "linux-kernel@vger.kernel.org" "netdev@vger.kernel.org" "vakul.garg@nxp.com"] crash: KASAN: use-after-free Read in generic_gcmaes_encrypt TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. ================================================================== TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. BUG: KASAN: use-after-free in memcpy include/linux/string.h:345 [inline] BUG: KASAN: use-after-free in generic_gcmaes_encrypt+0xc0/0x180 arch/x86/crypto/aesni-intel_glue.c:1291 Read of size 12 at addr ffff8801cd67e400 by task kworker/1:2/7240 CPU: 1 PID: 7240 Comm: kworker/1:2 Not tainted 4.19.0-rc4+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: pencrypt padata_parallel_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x16e/0x22a lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x23/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:345 [inline] generic_gcmaes_encrypt+0xc0/0x180 arch/x86/crypto/aesni-intel_glue.c:1291 crypto_aead_encrypt include/crypto/aead.h:335 [inline] gcmaes_wrapper_encrypt+0x113/0x190 arch/x86/crypto/aesni-intel_glue.c:1127 crypto_aead_encrypt include/crypto/aead.h:335 [inline] pcrypt_aead_enc+0xb5/0x160 crypto/pcrypt.c:143 padata_parallel_worker+0x45b/0x6e0 kernel/padata.c:86 process_one_work+0xadf/0x1a20 kernel/workqueue.c:2153 worker_thread+0x176/0x12a0 kernel/workqueue.c:2296 kthread+0x327/0x3f0 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 Allocated by task 8636: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x750 mm/slab.c:3620 kmalloc include/linux/slab.h:513 [inline] tls_set_sw_offload+0xc2f/0x14a0 net/tls/tls_sw.c:1741 do_tls_setsockopt_conf net/tls/tls_main.c:467 [inline] do_tls_setsockopt net/tls/tls_main.c:514 [inline] tls_setsockopt+0x4e5/0x630 net/tls/tls_main.c:533 sock_common_setsockopt+0x78/0xf0 net/core/sock.c:3038 __sys_setsockopt+0x176/0x360 net/socket.c:1902 __do_sys_setsockopt net/socket.c:1913 [inline] __se_sys_setsockopt net/socket.c:1910 [inline] __x64_sys_setsockopt+0xb9/0x150 net/socket.c:1910 do_syscall_64+0x183/0x700 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 8633: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xcf/0x230 mm/slab.c:3813 tls_sk_proto_close+0x4a4/0x6e0 net/tls/tls_main.c:277 inet_release+0xde/0x1c0 net/ipv4/af_inet.c:428 inet6_release+0x46/0x60 net/ipv6/af_inet6.c:458 __sock_release+0xc7/0x230 net/socket.c:579 sock_close+0x10/0x20 net/socket.c:1141 __fput+0x303/0xab0 fs/file_table.c:278 ____fput+0x9/0x10 fs/file_table.c:309 task_work_run+0x19f/0x240 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x26e/0x300 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x587/0x700 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8801cd67e400 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 0 bytes inside of 32-byte region [ffff8801cd67e400, ffff8801cd67e420) The buggy address belongs to the page: page:ffffea0007359f80 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801cd67efc1 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffffea00074a3a08 ffffea000749af08 ffff8801da8001c0 raw: ffff8801cd67efc1 ffff8801cd67e000 000000010000003e 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801cd67e300: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc ffff8801cd67e380: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc >ffff8801cd67e400: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc ^ ffff8801cd67e480: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc ffff8801cd67e500: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc ==================================================================