====================================== | [ 4249.323525][ T39] ================================================================== | [ 4249.323849][ T39] BUG: KASAN: slab-use-after-free in tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) | [ 4249.324061][ T39] Read of size 8 at addr ffff8880110b57c8 by task kworker/u20:0/39 | [ 4249.324260][ T39] [ 4249.324539][ T39] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 4249.324821][ T39] Workqueue: events_unbound deferred_close [tls] [ 4249.324999][ T39] Call Trace: [ 4249.325099][ T39] [ 4249.325168][ T39] dump_stack_lvl (lib/dump_stack.c:117) [ 4249.325308][ T39] print_address_description.constprop.0 (mm/kasan/report.c:378) [ 4249.325466][ T39] ? tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [ 4249.325594][ T39] print_report (mm/kasan/report.c:489) [ 4249.325718][ T39] ? kasan_addr_to_slab (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/page-flags.h:507 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [ 4249.325851][ T39] kasan_report (mm/kasan/report.c:603) [ 4249.325959][ T39] ? tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [ 4249.326091][ T39] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) [ 4249.326227][ T39] tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [ 4249.326359][ T39] tcp_write_xmit (net/ipv4/tcp_output.c:1974 net/ipv4/tcp_output.c:2803) [ 4249.326495][ T39] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2704) [ 4249.326622][ T39] ? tcp_get_info (net/ipv4/tcp.c:3784) [ 4249.326757][ T39] ? find_held_lock (kernel/locking/lockdep.c:5244) [ 4249.326897][ T39] ? __lock_release (kernel/locking/lockdep.c:5430) [ 4249.327032][ T39] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [ 4249.327162][ T39] __tcp_push_pending_frames (net/ipv4/tcp_output.c:2979) [ 4249.327288][ T39] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [ 4249.327418][ T39] __tcp_close (net/ipv4/tcp.c:2851) [ 4249.327551][ T39] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 4249.327716][ T39] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [ 4249.327843][ T39] tcp_close (net/ipv4/tcp.c:2943) [ 4249.327939][ T39] deferred_close (net/tls/tls_main.c:403) tls [ 4249.328082][ T39] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [ 4249.328214][ T39] ? __pfx_deferred_close (net/tls/tls_main.c:375) tls [ 4249.328349][ T39] ? process_one_work (kernel/workqueue.c:3230) [ 4249.328478][ T39] ? lock_acquire (kernel/locking/lockdep.c:5727) [ 4249.328605][ T39] ? process_one_work (kernel/workqueue.c:3230) [ 4249.328737][ T39] process_one_work (kernel/workqueue.c:3254) [ 4249.328868][ T39] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) [ 4249.329002][ T39] ? __pfx_process_one_work (kernel/workqueue.c:3156) [ 4249.329131][ T39] ? assign_work (kernel/workqueue.c:1209) [ 4249.329260][ T39] worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416) [ 4249.329388][ T39] ? __pfx_worker_thread (kernel/workqueue.c:3362) [ 4249.329520][ T39] kthread (kernel/kthread.c:388) [ 4249.329624][ T39] ? __pfx_kthread (kernel/kthread.c:341) [ 4249.329751][ T39] ret_from_fork (arch/x86/kernel/process.c:147) [ 4249.329892][ T39] ? __pfx_kthread (kernel/kthread.c:341) Finger prints: dump_stack_lvl:print_report:kasan_report:kasan_check_range