bisecting cause commit starting from 8f1c0fd2c84c8bf738b7139d09d4ea53027f47c3
building syzkaller on 76f7fc952d5c6a94c61aa2628568ffddb533272a
testing commit 8f1c0fd2c84c8bf738b7139d09d4ea53027f47c3 with gcc (GCC) 10.2.1 20210217
kernel signature: af00bf587b2ca1c3e96b102a03e1c9ba99d40903e67a3e5ca94eabc009a354ac
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #6: crashed: KASAN: slab-out-of-bounds Read in ip_check_mc_rcu
run #7: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #8: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #9: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #10: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #11: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #12: OK
run #13: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #14: OK
run #15: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #16: OK
run #17: OK
run #18: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #19: OK
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b with gcc (GCC) 10.2.1 20210217
kernel signature: cac7c61a707d8a4a548eba05d19c3df8eb3d1ebca04215b962b8d0fa4397b1a1
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: OK
run #6: OK
run #7: OK
run #8: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #9: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 with gcc (GCC) 10.2.1 20210217
kernel signature: ad0020076c568fd04e3712999367961eadbdf96cf6f928f88e3fec927cee834c
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b with gcc (GCC) 10.2.1 20210217
kernel signature: 146ea8d61e7d778cc2e3add7c28d140006fdf1a37baf6454f73000c8aae324f8
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: slab-out-of-bounds Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.4.1 20210217
kernel signature: 3026bb0a2d3a4e46ba6ebc016471b2198916b1a4253f6f438d502ead43644cf9
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #6: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #7: OK
run #8: OK
run #9: OK
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.4.1 20210217
kernel signature: 30805e1918ab19740b728af479d23c466a1509b15d5066c42346b60bba1acc06
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
reproducer seems to be flaky
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.4.1 20210217
kernel signature: b552afeb3d9badde6b049d25a1896276c34501ddca9e79eecf22939451ca8622
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #6: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #7: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #8: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #9: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #10: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #11: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #12: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #13: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: OK
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.4.1 20210217
kernel signature: c678fb33d6b02ef5ae95e66af3cbdfb9c5dfd670a92997301396b81f5ef3bd36
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: slab-out-of-bounds Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #6: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #7: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #8: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #9: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #10: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #11: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #12: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #13: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #14: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #15: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #16: OK
run #17: OK
run #18: OK
run #19: OK
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.4.1 20210217
kernel signature: 52ee41a4adefe6c200ca1c1aab7fd66b4c0527ed54579d56d21c5bef1e0aef1f
run #0: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #1: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #2: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #3: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #4: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #5: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #6: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #7: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #8: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #9: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #10: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #11: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #12: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #13: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: crashed: KASAN: use-after-free Read in ip_check_mc_rcu
run #19: OK
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.4.1 20210217
kernel signature: 2129567d001f6bf628693539bc74663811aba0e449fce0f52db8bd19960b7d21
all runs: boot failed: BUG: spinlock bad magic in nf_connlabels_get
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.4.1 20210217
kernel signature: 2bd85848c8e605bab2e10a90f90e74378c1715b26b5be1e5dcf483b5a717ff21
all runs: boot failed: can't ssh into the instance
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.4.1 20210217
kernel signature: ce644b2db00fa15d7c22357e49973eb6406746b7dd6a92d876a43edb148d7304
all runs: boot failed: can't ssh into the instance
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.4.1 20210217
kernel signature: 501fdb7cb93a091558ce72cf71a78f666f358922c87ee9a4f9f54b15f153bcfb
all runs: boot failed: can't ssh into the instance
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.4.1 20210217
kernel signature: 08b923190fc0f5e3348475d8adf2e1bc1fd431466fe12e35b4a3c339445a9b72
all runs: boot failed: can't ssh into the instance
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.4.1 20210217
kernel signature: 63667bfe68d67c60f4dc482e38d2aba958cd0bf7e730b782c1ed24013511276e
run #0: boot failed: can't ssh into the instance
run #1: boot failed: can't ssh into the instance
run #2: boot failed: can't ssh into the instance
run #3: boot failed: can't ssh into the instance
run #4: boot failed: can't ssh into the instance
run #5: boot failed: can't ssh into the instance
run #6: boot failed: can't ssh into the instance
run #7: boot failed: can't ssh into the instance
run #8: boot failed: can't ssh into the instance
run #9: boot failed: can't ssh into the instance
run #10: boot failed: can't ssh into the instance
run #11: boot failed: can't ssh into the instance
run #12: boot failed: can't ssh into the instance
run #13: boot failed: can't ssh into the instance
run #14: boot failed: can't ssh into the instance
run #15: boot failed: can't ssh into the instance
run #16: boot failed: can't ssh into the instance
run #17: boot failed: can't ssh into the instance
run #18: boot failed: can't ssh into the instance
run #19: boot failed: KASAN: use-after-free Read in dd_has_work
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703 with gcc (GCC) 8.4.1 20210217
kernel signature: 10c6ead0c422ee1d40e3f023fadd44ecdc6b17c0d4bde24b3b0a83709efcc066
all runs: boot failed: can't ssh into the instance
testing release v4.17
testing commit 29dcea88779c856c7dc92040a0c01233263101d4 with gcc (GCC) 8.4.1 20210217
failed to run ["make" "-j" "64" "ARCH=x86_64" "CC=/syzkaller/shared/bisect_bin/gcc-8.1.0/bin/gcc" "bzImage"]: exit status 2
testing release v4.16
testing commit 0adb32858b0bddf4ada5f364a84ed60b196dbcda with gcc (GCC) 8.4.1 20210217
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.15
testing commit d8a5b80568a9cb66810e75b182018e9edb68e8ff with gcc (GCC) 8.4.1 20210217
orc_dump.c:106:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:111:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:135:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:140:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.14
testing commit bebc6082da0a9f5d47a1ea2edc099bf671058bd4 with gcc (GCC) 8.4.1 20210217
orc_dump.c:105:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
orc_dump.c:110:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:139:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:36:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.13
testing commit 569dbb88e80deb68974ef6fdd6a13edb9d686261 with gcc (GCC) 8.4.1 20210217
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:144:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:149:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.12
testing commit 6f7da290413ba713f0cdd9ff1a2a9bb129ef4f6c with gcc (GCC) 8.4.1 20210217
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
testing release v4.11
testing commit a351e9b9fc24e982ec2f0e76379a49826036da12 with gcc (GCC) 7.5.0
elf.c:141:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:146:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.10
testing commit c470abd4fde40ea6a0846a2beab642a578c0b8cd with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.9
testing commit 69973b830859bc6529a7a0468ba0d80ee5117826 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:35:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.8
testing commit c8d2bc9bc39ebea8437fd974fdbc21847bb897a3 with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:129:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:134:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.7
testing commit 523d939ef98fd712632d93a5a2b588e477a7565e with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
elf.c:122:2: error: 'elf_getshnum' is deprecated [-Werror=deprecated-declarations]
elf.c:127:2: error: 'elf_getshstrndx' is deprecated [-Werror=deprecated-declarations]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
testing release v4.6
testing commit 2dcd0af568b0cf583645c8a317dd12e344b1c72a with gcc (GCC) 5.5.0
tools/include/linux/log2.h:19:1: error: ignoring attribute 'noreturn' because it conflicts with attribute 'const' [-Werror=attributes]
pager.c:33:12: error: passing argument 2 to 'restrict'-qualified parameter aliases with argument 4 [-Werror=restrict]
Reproducer flagged being flaky
revisions tested: 16, total time: 4h52m14.554652496s (build: 1h44m14.706350142s, test: 3h3m34.314087584s)
the crash already happened on the oldest tested release
commit msg: Linux 5.4
crash: KASAN: use-after-free Read in ip_check_mc_rcu
==================================================================
BUG: KASAN: use-after-free in ip_check_mc_rcu+0x513/0x568 net/ipv4/igmp.c:2725
Read of size 8 at addr ffff8880a3b45c00 by task syz-executor101/26716

CPU: 0 PID: 26716 Comm: syz-executor101 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x96/0xe0 lib/dump_stack.c:118
 print_address_description.constprop.4.cold.6+0x9/0x373 mm/kasan/report.c:374
 __kasan_report.cold.7+0x7a/0x95 mm/kasan/report.c:506
 kasan_report+0xe/0x20 mm/kasan/common.c:634
 ip_check_mc_rcu+0x513/0x568 net/ipv4/igmp.c:2725
 __mkroute_output net/ipv4/route.c:2350 [inline]
 ip_route_output_key_hash_rcu+0x1834/0x2730 net/ipv4/route.c:2632
 ip_route_output_key_hash+0x19e/0x2b0 net/ipv4/route.c:2458
 __ip_route_output_key include/net/route.h:126 [inline]
 ip_route_output_flow+0x18/0x90 net/ipv4/route.c:2720
 udp_sendmsg+0x14a7/0x2190 net/ipv4/udp.c:1144
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:657
 ___sys_sendmsg+0x28e/0x950 net/socket.c:2311
 __sys_sendmmsg+0x142/0x330 net/socket.c:2413
 __do_sys_sendmmsg net/socket.c:2442 [inline]
 __se_sys_sendmmsg net/socket.c:2439 [inline]
 __x64_sys_sendmmsg+0x94/0x100 net/socket.c:2439
 do_syscall_64+0x8e/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448f49
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff4ecc3d318 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004ce4e8 RCX: 0000000000448f49
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 00000000004ce4e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049d474
R13: 00007ffd5aa1b07f R14: 00007ff4ecc3d400 R15: 0000000000022000

Allocated by task 26716:
 save_stack+0x19/0x80 mm/kasan/common.c:69
 set_track mm/kasan/common.c:77 [inline]
 __kasan_kmalloc mm/kasan/common.c:510 [inline]
 __kasan_kmalloc.constprop.11+0xc1/0xd0 mm/kasan/common.c:483
 kmalloc include/linux/slab.h:556 [inline]
 kzalloc include/linux/slab.h:690 [inline]
 ip_mc_add1_src net/ipv4/igmp.c:1973 [inline]
 ip_mc_add_src+0x7cb/0xc60 net/ipv4/igmp.c:2097
 ip_mc_source+0x716/0xdc0 net/ipv4/igmp.c:2418
 do_ip_setsockopt.isra.2+0x1d30/0x2a80 net/ipv4/ip_sockglue.c:998
 ip_setsockopt+0x22/0x70 net/ipv4/ip_sockglue.c:1248
 __sys_setsockopt+0x228/0x430 net/socket.c:2084
 __do_sys_setsockopt net/socket.c:2100 [inline]
 __se_sys_setsockopt net/socket.c:2097 [inline]
 __x64_sys_setsockopt+0xb5/0x150 net/socket.c:2097
 do_syscall_64+0x8e/0x4e0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 26715:
 save_stack+0x19/0x80 mm/kasan/common.c:69
 set_track mm/kasan/common.c:77 [inline]
 kasan_set_free_info mm/kasan/common.c:332 [inline]
 __kasan_slab_free+0x124/0x170 mm/kasan/common.c:471
 slab_free_hook mm/slub.c:1424 [inline]
 slab_free_freelist_hook+0x53/0x140 mm/slub.c:1457
 slab_free mm/slub.c:3004 [inline]
 kfree+0xd6/0x3b0 mm/slub.c:3956
 ip_mc_del1_src+0x53d/0x720 net/ipv4/igmp.c:1886
 ip_mc_del_src+0x363/0x7e0 net/ipv4/igmp.c:1927
 ip_mc_leave_src+0xd8/0x210 net/ipv4/igmp.c:2233
 ip_mc_drop_socket+0x105/0x220 net/ipv4/igmp.c:2687
 inet_release+0x45/0x1b0 net/ipv4/af_inet.c:414
 __sock_release+0xbb/0x270 net/socket.c:590
 sock_close+0xf/0x20 net/socket.c:1268
 __fput+0x256/0x790 fs/file_table.c:280
 task_work_run+0xd3/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x15d/0x200 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x42f/0x4e0 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff8880a3b45c00
 which belongs to the cache kmalloc-32 of size 32
The buggy address is located 0 bytes inside of
 32-byte region [ffff8880a3b45c00, ffff8880a3b45c20)
The buggy address belongs to the page:
page:ffffea00028ed140 refcount:1 mapcount:0 mapping:ffff8880b5803400 index:0x0
raw: 00fff00000000200 ffffea0002cac7c0 0000001400000014 ffff8880b5803400
raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8880a3b45b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
 ffff8880a3b45b80: 00 00 00 00 fc fc fc fc fb fb fb fb fc fc fc fc
>ffff8880a3b45c00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
                   ^
 ffff8880a3b45c80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
 ffff8880a3b45d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
==================================================================