Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp3721177rwj; Tue, 20 Dec 2022 00:35:59 -0800 (PST) X-Google-Smtp-Source: AMrXdXs6BpyRq7DWJ46qB+KE3uea2kr+OLDvQf9uEIFxUXUQHogMZYP/3RxZSsQEJvCcwj1ptAgv X-Received: by 2002:a05:6a21:398b:b0:a7:da67:2eb7 with SMTP id ad11-20020a056a21398b00b000a7da672eb7mr15088298pzc.39.1671525359523; Tue, 20 Dec 2022 00:35:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671525359; cv=none; d=google.com; s=arc-20160816; b=xUeN4ZSe2JQo0vS2us+B06wVZwGtvNTtbpeRmMzacsNzRT8BqQw5st2/FjVYYzpTlK J1pOsXKbljgFuLIB41sLv3lzCa6/JMIjtQPsdmTawVU9EGXl8fxFP+iIohCabr0H1P9q AS0TTgubf+VXLLlbZQV0xweC0visNJGP70v1fPhHw5YTn3g0jAA0t4WyHmtIDSJ/y50j iExyS+hmnuR6qOTzX4r4AtStu7gcLjgghXbM6SkTA4Hg1vKmSq1tL/Cb2MxryToD+RDw HeifMPHac9rJTgqQuEJ1+RbgsFMLiQ79X8VvotpSSaFbEWLfvaCYe/FrlxEtxbTkjlBf W6Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:from:subject:message-id:date:mime-version; bh=V1k554vHgoICValPYut1OriICr0+zH1mgeQuaTBjUmY=; b=uMtYQtHSe4oRohzK96njmYZGvmkNK1Ea6x9s+aQgOLW4K72xFdxsACIAKsXu1Cynp5 TXNf4F8FXQh8XXeRzJia3vZKsuH3QlYyfCUQpY/YNn5ZbrbKnJXs7vnYFsRgD5YQ0ZKa ORQhufh2C1vLdpF19HdAR7g2Yx1Ggb+smF/Xm4PL0Azn4rOVzZmCbZnc9vct5e/b83bP zUycUE6N9oAY6RX9KmRHOTw8S1MoWG20NHXdK0VYGtKWdGXA7Eni48w2AayMgXPa1QK0 2gJpYva9BlPGuqeZhrJ/pGBDevpUvi8E1GLGrYX7Q4uJ72A6sFtbf8zyCi/FYrsD/wiY dfQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f24-20020a637558000000b0046f51cbaf53si13281169pgn.529.2022.12.20.00.35.50; Tue, 20 Dec 2022 00:35:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=appspotmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229489AbiLTIWp (ORCPT + 71 others); Tue, 20 Dec 2022 03:22:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42086 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233119AbiLTIWj (ORCPT ); Tue, 20 Dec 2022 03:22:39 -0500 Received: from mail-il1-f197.google.com (mail-il1-f197.google.com [209.85.166.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0CC617884 for ; Tue, 20 Dec 2022 00:22:37 -0800 (PST) Received: by mail-il1-f197.google.com with SMTP id s1-20020a056e021a0100b003026adad6a9so8013966ild.18 for ; Tue, 20 Dec 2022 00:22:37 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=V1k554vHgoICValPYut1OriICr0+zH1mgeQuaTBjUmY=; b=AVFQaSSKUotZKdkDQzha8FuVe8ALf1mThsNPp8UGd47Djk/MW6nA/X8Ri0BiAbWsOv Lc46yhMDBruoGam9bTEDdYdOgYC3k02Xn5F5gQ3JueNy2nysJaBn/dahYSk4V4w+Scr6 M8OXng4v1peJ5DVlxwpZ2dPuFNyMl+L4DEqiNQV9gItGsZpD1KJE2aR3xACnfzPmO46F rYL9S0dG5DZrKWcxYgefUCNXHrihRDbAQ8PuSegmGlMEse4U/nrdRpTDVCfeTva6QwV7 h6cBBCaQrug3kHctoqnh4JKn5of52ZhmgU3Ykzqr3vqdSobzIhtJ+GLEzJWzJVGV7Z1k mnjA== X-Gm-Message-State: ANoB5pmboEqOqctjSMFw66X3R4hXkLwylJc3mANsrFMQVQSAOtYoIsPJ 1lI9IcipCgUqxKd11SQ0pZlWyWDXdV5IOTihN+xm3JDEbpGb MIME-Version: 1.0 X-Received: by 2002:a92:ce0c:0:b0:304:a711:85cd with SMTP id b12-20020a92ce0c000000b00304a71185cdmr4356316ilo.292.1671524557060; Tue, 20 Dec 2022 00:22:37 -0800 (PST) Date: Tue, 20 Dec 2022 00:22:37 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <00000000000075036e05f03e23df@google.com> Subject: [syzbot] KASAN: use-after-free Read in ovs_vport_locate From: syzbot To: davem@davemloft.net, dev@openvswitch.org, edumazet@google.com, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, pshelar@ovn.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00,FROM_LOCAL_HEX, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SORTED_RECIPS,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, syzbot found the following issue on: HEAD commit: 041fae9c105a Merge tag 'f2fs-for-6.2-rc1' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15c5d020480000 kernel config: https://syzkaller.appspot.com/x/.config?x=836aafbf33f4fa6c dashboard link: https://syzkaller.appspot.com/bug?extid=8f4e2dcfcb3209ac35f9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/30e749b24df4/disk-041fae9c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/dd6d972f5b02/vmlinux-041fae9c.xz kernel image: https://storage.googleapis.com/syzbot-assets/405163d7c7cc/bzImage-041fae9c.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8f4e2dcfcb3209ac35f9@syzkaller.appspotmail.com netlink: 208 bytes leftover after parsing attributes in process `syz-executor.4'. ================================================================== BUG: KASAN: use-after-free in read_pnet include/net/net_namespace.h:383 [inline] BUG: KASAN: use-after-free in ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] BUG: KASAN: use-after-free in ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 Read of size 8 at addr ffff88802055e360 by task syz-executor.4/5621 CPU: 0 PID: 5621 Comm: syz-executor.4 Not tainted 6.1.0-syzkaller-10971-g041fae9c105a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:306 [inline] print_report+0x15e/0x461 mm/kasan/report.c:417 kasan_report+0xbf/0x1f0 mm/kasan/report.c:517 read_pnet include/net/net_namespace.h:383 [inline] ovs_dp_get_net net/openvswitch/datapath.h:195 [inline] ovs_vport_locate+0x131/0x150 net/openvswitch/vport.c:103 lookup_datapath+0x54/0x3a0 net/openvswitch/datapath.c:1628 ovs_dp_reset_user_features net/openvswitch/datapath.c:1639 [inline] ovs_dp_cmd_new+0xd5b/0x11c0 net/openvswitch/datapath.c:1848 genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 ____sys_sendmsg+0x712/0x8c0 net/socket.c:2476 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f142348c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f14240ff168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f14235abf80 RCX: 00007f142348c0d9 RDX: 0000000000000800 RSI: 0000000020000100 RDI: 0000000000000003 RBP: 00007f14234e7ae9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdd965a34f R14: 00007f14240ff300 R15: 0000000000022000 Allocated by task 5564: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:371 [inline] ____kasan_kmalloc mm/kasan/common.c:330 [inline] __kasan_kmalloc+0xa3/0xb0 mm/kasan/common.c:380 kmalloc include/linux/slab.h:580 [inline] kzalloc include/linux/slab.h:720 [inline] ovs_dp_cmd_new+0x1a3/0x11c0 net/openvswitch/datapath.c:1796 genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 ____sys_sendmsg+0x712/0x8c0 net/socket.c:2476 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 5564: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:518 ____kasan_slab_free mm/kasan/common.c:236 [inline] ____kasan_slab_free+0x13b/0x1a0 mm/kasan/common.c:200 kasan_slab_free include/linux/kasan.h:177 [inline] __cache_free mm/slab.c:3394 [inline] __do_kmem_cache_free mm/slab.c:3580 [inline] __kmem_cache_free+0xcd/0x3b0 mm/slab.c:3587 ovs_dp_cmd_new+0x25e/0x11c0 net/openvswitch/datapath.c:1884 genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968 genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 ____sys_sendmsg+0x712/0x8c0 net/socket.c:2476 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2530 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2559 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Last potentially related work creation: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0x7b/0x90 mm/kasan/generic.c:488 insert_work+0x48/0x350 kernel/workqueue.c:1358 __queue_work+0x693/0x13b0 kernel/workqueue.c:1517 queue_work_on+0xf2/0x110 kernel/workqueue.c:1545 queue_work include/linux/workqueue.h:503 [inline] addr_event.part.0+0x33e/0x4f0 drivers/infiniband/core/roce_gid_mgmt.c:853 addr_event drivers/infiniband/core/roce_gid_mgmt.c:824 [inline] inet6addr_event+0x142/0x1c0 drivers/infiniband/core/roce_gid_mgmt.c:883 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 atomic_notifier_call_chain+0x74/0x180 kernel/notifier.c:225 ipv6_add_addr+0x1266/0x1de0 net/ipv6/addrconf.c:1165 addrconf_add_linklocal+0x1cc/0x590 net/ipv6/addrconf.c:3215 addrconf_addr_gen+0x326/0x370 net/ipv6/addrconf.c:3346 addrconf_dev_config+0x255/0x410 net/ipv6/addrconf.c:3391 addrconf_notify+0xfb6/0x1c80 net/ipv6/addrconf.c:3635 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1944 netdev_state_change net/core/dev.c:1319 [inline] netdev_state_change+0x104/0x130 net/core/dev.c:1312 linkwatch_do_dev+0x10e/0x150 net/core/link_watch.c:182 __linkwatch_run_queue+0x23f/0x6a0 net/core/link_watch.c:235 linkwatch_event+0x4e/0x70 net/core/link_watch.c:278 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x669/0x1090 kernel/workqueue.c:2436 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Second to last potentially related work creation: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0x7b/0x90 mm/kasan/generic.c:488 insert_work+0x48/0x350 kernel/workqueue.c:1358 __queue_work+0x693/0x13b0 kernel/workqueue.c:1517 queue_work_on+0xf2/0x110 kernel/workqueue.c:1545 queue_work include/linux/workqueue.h:503 [inline] netdevice_queue_work drivers/infiniband/core/roce_gid_mgmt.c:659 [inline] netdevice_event+0x5e9/0x8f0 drivers/infiniband/core/roce_gid_mgmt.c:802 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1944 call_netdevice_notifiers_extack net/core/dev.c:1982 [inline] call_netdevice_notifiers net/core/dev.c:1996 [inline] register_netdevice+0xfb4/0x1640 net/core/dev.c:10078 bond_newlink drivers/net/bonding/bond_netlink.c:560 [inline] bond_newlink+0x4b/0xa0 drivers/net/bonding/bond_netlink.c:550 rtnl_newlink_create net/core/rtnetlink.c:3407 [inline] __rtnl_newlink+0x10c2/0x1840 net/core/rtnetlink.c:3624 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3637 rtnetlink_rcv_msg+0x43e/0xca0 net/core/rtnetlink.c:6141 netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 __sys_sendto+0x23a/0x340 net/socket.c:2117 __do_sys_sendto net/socket.c:2129 [inline] __se_sys_sendto net/socket.c:2125 [inline] __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The buggy address belongs to the object at ffff88802055e300 which belongs to the cache kmalloc-192 of size 192 The buggy address is located 96 bytes inside of 192-byte region [ffff88802055e300, ffff88802055e3c0) The buggy address belongs to the physical page: page:ffffea0000815780 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802055ef00 pfn:0x2055e flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 ffff888012040000 ffffea0000873fd0 ffffea000083f490 raw: ffff88802055ef00 ffff88802055e000 000000010000000e 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, tgid 1 (swapper/0), ts 8303233753, free_ts 8269599359 prep_new_page mm/page_alloc.c:2531 [inline] get_page_from_freelist+0x119c/0x2ce0 mm/page_alloc.c:4283 __alloc_pages+0x1cb/0x5b0 mm/page_alloc.c:5549 __alloc_pages_node include/linux/gfp.h:237 [inline] kmem_getpages mm/slab.c:1363 [inline] cache_grow_begin+0x94/0x390 mm/slab.c:2574 cache_alloc_refill+0x27f/0x380 mm/slab.c:2947 ____cache_alloc mm/slab.c:3023 [inline] ____cache_alloc mm/slab.c:3006 [inline] __do_cache_alloc mm/slab.c:3206 [inline] slab_alloc_node mm/slab.c:3254 [inline] __kmem_cache_alloc_node+0x44f/0x510 mm/slab.c:3544 kmalloc_trace+0x26/0x60 mm/slab_common.c:1062 kmalloc include/linux/slab.h:580 [inline] kzalloc include/linux/slab.h:720 [inline] call_usermodehelper_setup+0x9c/0x340 kernel/umh.c:366 kobject_uevent_env+0xed3/0x1620 lib/kobject_uevent.c:614 device_add+0xb76/0x1e90 drivers/base/core.c:3498 rfkill_register+0x1a9/0xb00 net/rfkill/core.c:1070 wiphy_register+0x24ae/0x2ae0 net/wireless/core.c:1007 virt_wifi_make_wiphy drivers/net/wireless/virt_wifi.c:383 [inline] virt_wifi_init_module+0x352/0x3da drivers/net/wireless/virt_wifi.c:665 do_one_initcall+0x141/0x790 init/main.c:1306 do_initcall_level init/main.c:1379 [inline] do_initcalls init/main.c:1395 [inline] do_basic_setup init/main.c:1414 [inline] kernel_init_freeable+0x6f9/0x782 init/main.c:1634 kernel_init+0x1e/0x1d0 init/main.c:1522 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1446 [inline] free_pcp_prepare+0x65c/0xc00 mm/page_alloc.c:1496 free_unref_page_prepare mm/page_alloc.c:3369 [inline] free_unref_page+0x1d/0x490 mm/page_alloc.c:3464 __vunmap+0x85d/0xd30 mm/vmalloc.c:2727 free_work+0x5c/0x80 mm/vmalloc.c:100 process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289 worker_thread+0x669/0x1090 kernel/workqueue.c:2436 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Memory state around the buggy address: ffff88802055e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88802055e280: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc >ffff88802055e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88802055e380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff88802055e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.