====================================== | [ 3027.417389][T16372] ================================================================== | [3027.417610][T16372] BUG: KASAN: slab-use-after-free in tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) | [ 3027.417809][T16372] Read of size 8 at addr ffff888001748048 by task kworker/u18:2/16372 | [ 3027.418005][T16372] [ 3027.418285][T16372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 3027.418569][T16372] Workqueue: events_unbound deferred_close [tls] [ 3027.418751][T16372] Call Trace: [ 3027.418855][T16372] [3027.418922][T16372] dump_stack_lvl (lib/dump_stack.c:117) [3027.419070][T16372] print_address_description.constprop.0 (mm/kasan/report.c:378) [3027.419236][T16372] ? tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [3027.419365][T16372] print_report (mm/kasan/report.c:489) [3027.419497][T16372] ? kasan_addr_to_slab (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 ./include/linux/page-flags.h:507 mm/kasan/../slab.h:206 mm/kasan/common.c:38) [3027.419628][T16372] kasan_report (mm/kasan/report.c:603) [3027.419727][T16372] ? tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [3027.419852][T16372] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189) [3027.419989][T16372] tcp_check_space (./arch/x86/include/asm/bitops.h:206 (discriminator 1) ./arch/x86/include/asm/bitops.h:238 (discriminator 1) ./include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) net/ipv4/tcp_input.c:5640 (discriminator 1)) [3027.420116][T16372] tcp_write_xmit (net/ipv4/tcp_output.c:1974 net/ipv4/tcp_output.c:2803) [3027.420251][T16372] ? __pfx_tcp_write_xmit (net/ipv4/tcp_output.c:2704) [3027.420386][T16372] ? tcp_get_info (net/ipv4/tcp.c:3784) [3027.420516][T16372] ? find_held_lock (kernel/locking/lockdep.c:5244) [3027.420653][T16372] ? __lock_release (kernel/locking/lockdep.c:5430) [3027.420789][T16372] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [3027.420924][T16372] __tcp_push_pending_frames (net/ipv4/tcp_output.c:2979) [3027.421062][T16372] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [3027.421194][T16372] __tcp_close (net/ipv4/tcp.c:2851) [3027.421326][T16372] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [3027.421500][T16372] ? __pfx_tcp_close (net/ipv4/tcp.c:2940) [3027.421636][T16372] tcp_close (net/ipv4/tcp.c:2943) [3027.421744][T16372] deferred_close (net/tls/tls_main.c:403) tls [3027.421886][T16372] ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 52)) [3027.422021][T16372] ? __pfx_deferred_close (net/tls/tls_main.c:375) tls [3027.422167][T16372] ? process_one_work (kernel/workqueue.c:3230) [3027.422306][T16372] ? lock_acquire (kernel/locking/lockdep.c:5727) [3027.422440][T16372] ? process_one_work (kernel/workqueue.c:3230) [3027.422569][T16372] process_one_work (kernel/workqueue.c:3254) [3027.422699][T16372] ? __pfx___lock_release (kernel/locking/lockdep.c:5406) [3027.422836][T16372] ? __pfx_process_one_work (kernel/workqueue.c:3156) [3027.422970][T16372] ? assign_work (kernel/workqueue.c:1209) [3027.423102][T16372] worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416) [3027.423230][T16372] ? lockdep_hardirqs_on_prepare.part.0 (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [3027.423385][T16372] ? __pfx_worker_thread (kernel/workqueue.c:3362) [3027.423513][T16372] ? __pfx_worker_thread (kernel/workqueue.c:3362) [3027.423635][T16372] kthread (kernel/kthread.c:388) [3027.423731][T16372] ? __pfx_kthread (kernel/kthread.c:341) [3027.423855][T16372] ret_from_fork (arch/x86/kernel/process.c:147) [3027.423988][T16372] ? __pfx_kthread (kernel/kthread.c:341) Finger prints: dump_stack_lvl:print_report:kasan_report:kasan_check_range