bisecting cause commit starting from d41217aac0a577a247c9c8cde688419fde25fba5 building syzkaller on 5f5f6d14e80b8bd6b42db961118e902387716bcb testing commit d41217aac0a577a247c9c8cde688419fde25fba5 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.19 testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.18 testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.17 testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.16 testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.15 testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.14 testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.13 testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.12 testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.1.0 all runs: crashed: WARNING in dma_buf_vunmap testing release v4.11 testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.3.0 all runs: OK # git bisect start v4.12 v4.11 Bisecting: 7831 revisions left to test after this (roughly 13 steps) [2bd80401743568ced7d303b008ae5298ce77e695] Merge tag 'gpio-v4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio testing commit 2bd80401743568ced7d303b008ae5298ce77e695 with gcc (GCC) 7.3.0 all runs: crashed: INFO: trying to register non-static key in can_notifier # git bisect bad 2bd80401743568ced7d303b008ae5298ce77e695 Bisecting: 3853 revisions left to test after this (roughly 12 steps) [8d65b08debc7e62b2c6032d7fe7389d895b92cbc] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next testing commit 8d65b08debc7e62b2c6032d7fe7389d895b92cbc with gcc (GCC) 7.3.0 all runs: crashed: INFO: trying to register non-static key in can_notifier # git bisect bad 8d65b08debc7e62b2c6032d7fe7389d895b92cbc Bisecting: 2022 revisions left to test after this (roughly 11 steps) [cec381919818a9a0cb85600b3c82404bdd38cf36] Merge tag 'mac80211-next-for-davem-2017-04-28' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next testing commit cec381919818a9a0cb85600b3c82404bdd38cf36 with gcc (GCC) 5.5.0 all runs: crashed: INFO: trying to register non-static key in can_notifier # git bisect bad cec381919818a9a0cb85600b3c82404bdd38cf36 Bisecting: 1013 revisions left to test after this (roughly 10 steps) [5cd8985a19090f2b0ce8700ae3ec19e06a4fc5e9] net-next: dsa: add Mediatek tag RX/TX handler testing commit 5cd8985a19090f2b0ce8700ae3ec19e06a4fc5e9 with gcc (GCC) 5.5.0 run #0: crashed: WARNING: ODEBUG bug in del_timer run #1: crashed: WARNING: ODEBUG bug in del_timer run #2: crashed: WARNING: ODEBUG bug in del_timer run #3: crashed: WARNING: ODEBUG bug in del_timer run #4: crashed: WARNING: ODEBUG bug in del_timer run #5: crashed: WARNING: ODEBUG bug in del_timer run #6: crashed: WARNING: ODEBUG bug in del_timer run #7: crashed: WARNING: ODEBUG bug in del_timer run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "23067" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor336839376" "root@localhost:/syz-executor336839376"] Warning: Permanently added '[localhost]:23067' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "47541" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor989530617" "root@localhost:/syz-executor989530617"] Warning: Permanently added '[localhost]:47541' (ECDSA) to the list of known hosts. # git bisect bad 5cd8985a19090f2b0ce8700ae3ec19e06a4fc5e9 Bisecting: 506 revisions left to test after this (roughly 9 steps) [b4f0a66155564aaf7e98492e027efad9f797c244] net: stmmac: fix dma operation mode config for older versions testing commit b4f0a66155564aaf7e98492e027efad9f797c244 with gcc (GCC) 5.5.0 run #0: OK run #1: OK run #2: OK run #3: crashed: WARNING: ODEBUG bug in del_timer run #4: crashed: WARNING: ODEBUG bug in del_timer run #5: crashed: WARNING: ODEBUG bug in del_timer run #6: crashed: WARNING: ODEBUG bug in del_timer run #7: crashed: WARNING: ODEBUG bug in del_timer run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "41265" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor075298971" "root@localhost:/syz-executor075298971"] Warning: Permanently added '[localhost]:41265' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "42624" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor489513861" "root@localhost:/syz-executor489513861"] Warning: Permanently added '[localhost]:42624' (ECDSA) to the list of known hosts. # git bisect bad b4f0a66155564aaf7e98492e027efad9f797c244 Bisecting: 252 revisions left to test after this (roughly 8 steps) [6689da155bdcd17abfe4d3a8b1e245d9ed4b5f2c] net: bcmgenet: manage dma interrupts in napi code testing commit 6689da155bdcd17abfe4d3a8b1e245d9ed4b5f2c with gcc (GCC) 5.5.0 run #0: crashed: WARNING: ODEBUG bug in del_timer run #1: crashed: WARNING: ODEBUG bug in del_timer run #2: crashed: WARNING: ODEBUG bug in del_timer run #3: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "24452" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor347640739" "root@localhost:/syz-executor347640739"]: exit status 1 ssh: connect to host localhost port 24452: Connection timed out lost connection run #4: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "28095" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor066165414" "root@localhost:/syz-executor066165414"]: exit status 1 ssh: connect to host localhost port 28095: Connection timed out lost connection run #5: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "50255" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor987771853" "root@localhost:/syz-executor987771853"]: exit status 1 ssh: connect to host localhost port 50255: Connection timed out lost connection run #6: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "62875" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor642035400" "root@localhost:/syz-executor642035400"]: exit status 1 ssh: connect to host localhost port 62875: Connection timed out lost connection run #7: basic kernel testing failed: failed to copy test binary to VM: failed to run ["scp" "-P" "1462" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor234209594" "root@localhost:/syz-executor234209594"]: exit status 1 ssh: connect to host localhost port 1462: Connection timed out lost connection run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "22556" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor933554772" "root@localhost:/syz-executor933554772"] Warning: Permanently added '[localhost]:22556' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "36330" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor009597831" "root@localhost:/syz-executor009597831"] Warning: Permanently added '[localhost]:36330' (ECDSA) to the list of known hosts. # git bisect bad 6689da155bdcd17abfe4d3a8b1e245d9ed4b5f2c Bisecting: 126 revisions left to test after this (roughly 7 steps) [c0243892cbb0e48873d6132f673c830602808245] ipv4: fib: Move FIB notification code to a separate file testing commit c0243892cbb0e48873d6132f673c830602808245 with gcc (GCC) 5.5.0 run #0: crashed: WARNING: ODEBUG bug in del_timer run #1: crashed: WARNING: ODEBUG bug in del_timer run #2: crashed: WARNING: ODEBUG bug in del_timer run #3: crashed: WARNING: ODEBUG bug in del_timer run #4: crashed: WARNING: ODEBUG bug in del_timer run #5: crashed: WARNING: ODEBUG bug in del_timer run #6: crashed: WARNING: ODEBUG bug in del_timer run #7: crashed: WARNING: ODEBUG bug in del_timer run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "47346" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor355680380" "root@localhost:/syz-executor355680380"] Warning: Permanently added '[localhost]:47346' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "62171" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor494352804" "root@localhost:/syz-executor494352804"] Warning: Permanently added '[localhost]:62171' (ECDSA) to the list of known hosts. # git bisect bad c0243892cbb0e48873d6132f673c830602808245 Bisecting: 62 revisions left to test after this (roughly 6 steps) [4e4a105f1fde326a5d1b0fbcbba8254c54a673e4] net: mvpp2: store physical address of buffer in rx_desc->buf_cookie testing commit 4e4a105f1fde326a5d1b0fbcbba8254c54a673e4 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 4e4a105f1fde326a5d1b0fbcbba8254c54a673e4 Bisecting: 31 revisions left to test after this (roughly 5 steps) [abb521e36b9286c262971974ebaeda2d67dadd86] ethtool: add CRC32 as an RSS hash function testing commit abb521e36b9286c262971974ebaeda2d67dadd86 with gcc (GCC) 5.5.0 all runs: OK # git bisect good abb521e36b9286c262971974ebaeda2d67dadd86 Bisecting: 15 revisions left to test after this (roughly 4 steps) [9efd3831d5ae3babb45a37ae7d6b18642a0745de] net: ks8851: Added support for half-duplex SPI testing commit 9efd3831d5ae3babb45a37ae7d6b18642a0745de with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Write in ida_get_new_above run #1: crashed: WARNING: ODEBUG bug in del_timer run #2: crashed: WARNING: ODEBUG bug in del_timer run #3: crashed: WARNING: ODEBUG bug in del_timer run #4: crashed: WARNING: ODEBUG bug in del_timer run #5: crashed: WARNING: ODEBUG bug in del_timer run #6: crashed: WARNING: ODEBUG bug in del_timer run #7: crashed: WARNING: ODEBUG bug in del_timer run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "42105" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor395950133" "root@localhost:/syz-executor395950133"] Warning: Permanently added '[localhost]:42105' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "20624" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor287325122" "root@localhost:/syz-executor287325122"] Warning: Permanently added '[localhost]:20624' (ECDSA) to the list of known hosts. # git bisect bad 9efd3831d5ae3babb45a37ae7d6b18642a0745de Bisecting: 7 revisions left to test after this (roughly 3 steps) [5692dbb56e6012c0755614ee64fe4c221f357e7a] nfp: prevent theoretical buffer overrun in nfp_eth_read_ports testing commit 5692dbb56e6012c0755614ee64fe4c221f357e7a with gcc (GCC) 5.5.0 all runs: OK # git bisect good 5692dbb56e6012c0755614ee64fe4c221f357e7a Bisecting: 3 revisions left to test after this (roughly 2 steps) [8b426dc54cf4056984bab7dfa48c92ee79a46434] bonding: remove hardcoded value testing commit 8b426dc54cf4056984bab7dfa48c92ee79a46434 with gcc (GCC) 5.5.0 run #0: crashed: WARNING: ODEBUG bug in del_timer run #1: crashed: WARNING: ODEBUG bug in del_timer run #2: crashed: WARNING: ODEBUG bug in del_timer run #3: crashed: WARNING: ODEBUG bug in del_timer run #4: crashed: WARNING: ODEBUG bug in del_timer run #5: crashed: WARNING: ODEBUG bug in del_timer run #6: crashed: WARNING: ODEBUG bug in del_timer run #7: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "58774" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor442262217" "root@localhost:/syz-executor442262217"] Warning: Permanently added '[localhost]:58774' (ECDSA) to the list of known hosts. run #8: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "42391" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor805122964" "root@localhost:/syz-executor805122964"] Warning: Permanently added '[localhost]:42391' (ECDSA) to the list of known hosts. run #9: basic kernel testing failed: failed to copy test binary to VM: timedout ["scp" "-P" "49594" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "BatchMode=yes" "-o" "IdentitiesOnly=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-i" "/usr/local/google/home/dvyukov/syzkaller/ci-bisect3/jobs/linux/workdir/image/key" "/tmp/syz-executor320923149" "root@localhost:/syz-executor320923149"] Warning: Permanently added '[localhost]:49594' (ECDSA) to the list of known hosts. # git bisect bad 8b426dc54cf4056984bab7dfa48c92ee79a46434 Bisecting: 1 revision left to test after this (roughly 1 step) [d5e73f7be850323ae3adbbe84ed37a38b0c31476] bonding: restructure arp-monitor testing commit d5e73f7be850323ae3adbbe84ed37a38b0c31476 with gcc (GCC) 5.5.0 run #0: crashed: KASAN: use-after-free Write in ida_get_new_above run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect bad d5e73f7be850323ae3adbbe84ed37a38b0c31476 Bisecting: 0 revisions left to test after this (roughly 0 steps) [96d7552e99393fdffddfc589e697c62a5fd98640] Merge branch 'nfp-crc32-rss-hash-port-name-reporting-and-misc-fastpath-cleanups' testing commit 96d7552e99393fdffddfc589e697c62a5fd98640 with gcc (GCC) 5.5.0 all runs: OK # git bisect good 96d7552e99393fdffddfc589e697c62a5fd98640 d5e73f7be850323ae3adbbe84ed37a38b0c31476 is the first bad commit commit d5e73f7be850323ae3adbbe84ed37a38b0c31476 Author: Mahesh Bandewar Date: Wed Mar 8 10:55:51 2017 -0800 bonding: restructure arp-monitor In preparation to move the work-queue initialization to port creation from current port_open phase. Work-queue initialization does not make sense every time we do 'ifup/ifdown'. So moving to port creation phase. Arp monitoring work depends on the bonding mode and that is not tied to the port creation and can change anytime during the life after port creation. So this restructuring allows us to move the initialization at creation without losing the ability to arm the correct work for the mode user has selected. Signed-off-by: Mahesh Bandewar Signed-off-by: David S. Miller drivers/net/bonding/bond_main.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) revisions tested: 24, total time: 4h45m52.614379943s (build: 1h33m54.546265577s, test: 3h7m32.207563032s) first bad commit: d5e73f7be850323ae3adbbe84ed37a38b0c31476 bonding: restructure arp-monitor cc: ["andy@greyhouse.net" "davem@davemloft.net" "j.vosburgh@gmail.com" "linux-kernel@vger.kernel.org" "maheshb@google.com" "netdev@vger.kernel.org" "vfalico@gmail.com"] crash: KASAN: use-after-free Write in ida_get_new_above IPVS: Creating netns size=2720 id=2 IPVS: ftp: loaded support on port[0] = 21 IPVS: Creating netns size=2720 id=3 IPVS: ftp: loaded support on port[0] = 21 ================================================================== BUG: KASAN: use-after-free in ida_get_new_above+0x2eb/0x5d0 lib/idr.c:295 at addr ffff88006baffc00 Write of size 128 by task syz-executor0/5627 CPU: 1 PID: 5627 Comm: syz-executor0 Not tainted 4.10.0+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:16 [inline] dump_stack+0xe6/0x120 lib/dump_stack.c:52 kasan_object_err+0x1c/0x70 mm/kasan/report.c:162 print_address_description mm/kasan/report.c:200 [inline] kasan_report_error mm/kasan/report.c:289 [inline] kasan_report.part.2+0x1e1/0x4a0 mm/kasan/report.c:311 kasan_report+0x20/0x30 mm/kasan/report.c:298 check_memory_region_inline mm/kasan/kasan.c:319 [inline] check_memory_region+0x13d/0x1a0 mm/kasan/kasan.c:333 memset+0x23/0x40 mm/kasan/kasan.c:351 ida_get_new_above+0x2eb/0x5d0 lib/idr.c:295 ida_simple_get+0xd1/0x170 lib/idr.c:447 __kernfs_new_node+0x84/0x290 fs/kernfs/dir.c:633 kernfs_new_node+0x5e/0xe0 fs/kernfs/dir.c:661 kernfs_create_dir_ns+0x24/0x120 fs/kernfs/dir.c:933 sysfs_create_dir_ns+0xa2/0x1b0 fs/sysfs/dir.c:55 create_dir lib/kobject.c:71 [inline] kobject_add_internal+0x343/0x980 lib/kobject.c:229 kset_register+0x20/0x50 lib/kobject.c:817 kset_create_and_add+0x10d/0x170 lib/kobject.c:947 register_queue_kobjects net/core/net-sysfs.c:1393 [inline] netdev_register_kobject+0x195/0x3a0 net/core/net-sysfs.c:1608 register_netdevice+0x7c6/0xd60 net/core/dev.c:7296 register_netdev+0x15/0x30 net/core/dev.c:7408 ip6_tnl_init_net+0x3ea/0x670 net/ipv6/ip6_tunnel.c:2194 ops_init+0x95/0x390 net/core/net_namespace.c:117 setup_net+0x21b/0x520 net/core/net_namespace.c:293 copy_net_ns+0x134/0x3b0 net/core/net_namespace.c:398 create_new_namespaces+0x354/0x660 kernel/nsproxy.c:106 unshare_nsproxy_namespaces+0x8a/0x190 kernel/nsproxy.c:205 SYSC_unshare kernel/fork.c:2306 [inline] SyS_unshare+0x308/0x6b0 kernel/fork.c:2256 entry_SYSCALL_64_fastpath+0x23/0xc6 RIP: 0033:0x458187 RSP: 002b:00007ffc4ab977c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 00007ffc4ab977d0 RCX: 0000000000458187 RDX: 0000000000000000 RSI: 00007ffc4ab977b0 RDI: 0000000040000000 RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000018 R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Object at ffff88006baffc00, in cache kmalloc-128 size: 128 Allocated: PID = 5619 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x46/0xd0 mm/kasan/kasan.c:513 set_track mm/kasan/kasan.c:525 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:616 kmem_cache_alloc_trace+0x142/0x800 mm/slab.c:3635 kmalloc include/linux/slab.h:490 [inline] ida_pre_get+0xa8/0xc0 lib/radix-tree.c:2129 get_anon_bdev+0x68/0x1a0 fs/super.c:941 set_anon_super fs/super.c:980 [inline] ns_set_super+0x3a/0x50 fs/super.c:1011 sget_userns+0x758/0xb20 fs/super.c:508 mount_ns+0x5d/0x170 fs/super.c:1026 proc_mount+0x6d/0xa0 fs/proc/root.c:100 mount_fs+0x7c/0x2c0 fs/super.c:1223 vfs_kern_mount+0x66/0x3c0 fs/namespace.c:979 kern_mount_data+0x36/0x90 fs/namespace.c:3293 pid_ns_prepare_proc+0x1b/0x60 fs/proc/root.c:221 alloc_pid+0x8e7/0xb80 kernel/pid.c:324 copy_process.part.36+0x3352/0x5ce0 kernel/fork.c:1711 copy_process kernel/fork.c:1522 [inline] _do_fork+0x160/0xbb0 kernel/fork.c:1985 SYSC_clone kernel/fork.c:2095 [inline] SyS_clone+0x14/0x20 kernel/fork.c:2089 do_syscall_64+0x1ba/0x5b0 arch/x86/entry/common.c:281 return_from_SYSCALL_64+0x0/0x7a Freed: PID = 5620 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59 save_stack+0x46/0xd0 mm/kasan/kasan.c:513 set_track mm/kasan/kasan.c:525 [inline] kasan_slab_free+0x70/0xb0 mm/kasan/kasan.c:589 __cache_free mm/slab.c:3511 [inline] kfree+0xcf/0x2c0 mm/slab.c:3828 ida_pre_get+0x6f/0xc0 lib/radix-tree.c:2133 mnt_alloc_id fs/namespace.c:107 [inline] alloc_vfsmnt+0x49/0x720 fs/namespace.c:209 clone_mnt+0x6c/0xf00 fs/namespace.c:1019 copy_tree+0x322/0x8e0 fs/namespace.c:1803 copy_mnt_ns+0xdc/0xcb0 fs/namespace.c:2935 create_new_namespaces+0xc5/0x660 kernel/nsproxy.c:74 unshare_nsproxy_namespaces+0x8a/0x190 kernel/nsproxy.c:205 SYSC_unshare kernel/fork.c:2306 [inline] SyS_unshare+0x308/0x6b0 kernel/fork.c:2256 entry_SYSCALL_64_fastpath+0x23/0xc6 Memory state around the buggy address: ffff88006baffb00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff88006baffb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc >ffff88006baffc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88006baffc80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 ffff88006baffd00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ==================================================================