ci starts bisection 2024-09-19 00:08:43.486643571 +0000 UTC m=+171494.124945902
bisecting cause commit starting from bdf56c7580d267a123cc71ca0f2459c797b76fde
building syzkaller on c673ca06b23cea94091ab496ef62c3513e434585
ensuring issue is reproducible on original commit bdf56c7580d267a123cc71ca0f2459c797b76fde

testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0e9559fbfe8602c58ec7aa785edc779b7ec6e706a6b7ce0e23aaaa6934fe1d89
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #10: crashed: KASAN: slab-use-after-free Read in smk_access
run #11: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #12: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #13: crashed: KASAN: slab-use-after-free Read in smk_access
run #14: crashed: general protection fault in smack_log_callback
run #15: crashed: KASAN: slab-use-after-free Read in smk_access
run #16: crashed: KASAN: slab-use-after-free Read in smk_access
run #17: crashed: KASAN: slab-use-after-free Read in smk_access
run #18: crashed: KASAN: slab-use-after-free Read in smk_access
run #19: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 83fd3e7dd586ff5ec978d452545e2fc23b2d118ccbf64a7cd8e671e1035e6611
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: general protection fault in smack_log_callback
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
kconfig minimization: base=4037 full=8152 leaves diff=2107
split chunks (needed=false): <2107>
split chunk #0 of len 2107 into 5 parts
testing without sub-chunk 1/5
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9a3d572698a87bfb90d435d6613e8fed2fb8b384d68adeb8d6889b41aaa71771
run #0: crashed: general protection fault in smack_log_callback
run #1: crashed: general protection fault in smack_log_callback
run #2: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #3: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #6: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6a81bc6497f14a664ac13f3d37d82006858b1bc49f538e83f9117f6ae9412e7c
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a4d43c0ff39c4369a3f7ffae2b134154329852aac193aec8a0c12b427c112255
all runs: OK
false negative chance: 0.000
testing without sub-chunk 4/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2b324910013ed16b4b873b8de7c33604f648770133a03f0f17adbf23b69b57ca
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #2: crashed: general protection fault in smack_log_callback
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit bdf56c7580d267a123cc71ca0f2459c797b76fde gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0a9745d068c45a56e8441f72139faae6ee6ec3c572c24402015e13c4487482d0
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #5: crashed: general protection fault in smack_log_callback
run #6: crashed: general protection fault in smack_log_callback
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
the chunk can be dropped
minimized to 422 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB_CORE HAMRADIO HID_NINTENDO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_IMON_RAW IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TOY IR_TTUSBIR ISDN ISDN_CAPI JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_PXRC JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KCOV_SELFTEST KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMMON KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_GENERIC_MEMORY_ATTRIBUTES KVM_GENERIC_MMU_NOTIFIER KVM_GENERIC_PRE_FAULT_MEMORY KVM_GENERIC_PRIVATE_MEM KVM_HYPERV KVM_MMIO KVM_PRIVATE_MEM KVM_PROVE_MMU KVM_SW_PROTECTED_VM KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MDIO_MVUSB MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MODULE_COMPRESS_NONE MODULE_SRCVERSION_ALL MODVERSIONS MOST MOST_USB_HDM MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DEVMEM NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_SNMP NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_NAT_OVS NF_NAT_PPTP NF_NAT_REDIRECT NF_NAT_SNMP_BASIC NF_NAT_TFTP NF_SOCKET_IPV4 NF_SOCKET_IPV6 NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV NF_TPROXY_IPV4 NF_TPROXY_IPV6 NILFS2_FS NINTENDO_FF NLMON NLS_CODEPAGE_1250 NLS_CODEPAGE_1251 NLS_CODEPAGE_737 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 PAGE_POOL PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
picked [v6.11 v6.10 v6.9 v6.7 v6.5 v6.3 v6.1 v5.19 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 34 release tags
testing release v6.11
testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d6de3fa4eec6048aaa0e93fad8e88561434ec829ef93cbbb8bba243ef9c46663
all runs: OK
false negative chance: 0.000
# git bisect start bdf56c7580d267a123cc71ca0f2459c797b76fde 98f7e32f20d28ec452afb208f9cffc08448a2652
Bisecting: 2359 revisions left to test after this (roughly 11 steps)
[3a4d319a8fb5a9bbdf5b31ef32841eb286b1dcc2] Merge tag 'for-6.12/io_uring-20240913' of git://git.kernel.dk/linux

testing commit 3a4d319a8fb5a9bbdf5b31ef32841eb286b1dcc2 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6917b56454483cfa193601e896d6b63e4547049d3059338aac12c71b4611070e
all runs: OK
false negative chance: 0.000
# git bisect good 3a4d319a8fb5a9bbdf5b31ef32841eb286b1dcc2
Bisecting: 1108 revisions left to test after this (roughly 10 steps)
[7b17f5ebd5fc5e9275eaa5af3d0771f2a7b01bbf] Merge tag 'soc-dt-6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 7b17f5ebd5fc5e9275eaa5af3d0771f2a7b01bbf gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 042d4c4e3d4f603ce9f244b6c0b080c1a26ed166e8b65680bfeecbe79a0cbb1c
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
# git bisect bad 7b17f5ebd5fc5e9275eaa5af3d0771f2a7b01bbf
Bisecting: 624 revisions left to test after this (roughly 9 steps)
[05b24f63b49b756a01563c2b792e9b4004271b2e] Merge tag 'v6.12-rockchip-dts64-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into soc/dt

testing commit 05b24f63b49b756a01563c2b792e9b4004271b2e gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 457a8c504b9aa05b0095c5acc603832d99916ea9541707fa01dc5d99d932e0e1
all runs: OK
false negative chance: 0.000
# git bisect good 05b24f63b49b756a01563c2b792e9b4004271b2e
Bisecting: 302 revisions left to test after this (roughly 8 steps)
[9ea925c806dbb8fee6797f59148daaf7f648832e] Merge tag 'timers-core-2024-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit 9ea925c806dbb8fee6797f59148daaf7f648832e gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c1126b420d553e2a17894116627d4c5af8e15e1ab5c191218e76859ecb8a27ef
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #6: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
# git bisect bad 9ea925c806dbb8fee6797f59148daaf7f648832e
Bisecting: 172 revisions left to test after this (roughly 7 steps)
[ad060dbbcfcfcba624ef1a75e1d71365a98b86d8] Merge tag 'selinux-pr-20240911' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

testing commit ad060dbbcfcfcba624ef1a75e1d71365a98b86d8 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4498d57a497d44a79f751f58d96a6af3007e0f7d34fcdc6d6b7b0d7ed67f12d0
all runs: OK
false negative chance: 0.000
# git bisect good ad060dbbcfcfcba624ef1a75e1d71365a98b86d8
Bisecting: 98 revisions left to test after this (roughly 7 steps)
[a6fe30d1e3657991c832702cecb44576128d7fa3] genirq: Use cpumask_intersects()

testing commit a6fe30d1e3657991c832702cecb44576128d7fa3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 741f40d72cae5756d206fb573034510ac805f0ac8b8b8feb5c48eedf3d519c16
all runs: OK
false negative chance: 0.000
# git bisect good a6fe30d1e3657991c832702cecb44576128d7fa3
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[a64405b78be95d786e15b2fd0a12999240b28ea5] Merge tag 'timers-clocksource-2024-09-16' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit a64405b78be95d786e15b2fd0a12999240b28ea5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 71feb59e8bbbd7deba3733d3fdf5c174bf74a720615d47d0dff8b37096b35f26
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #3: crashed: general protection fault in smack_log_callback
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
# git bisect bad a64405b78be95d786e15b2fd0a12999240b28ea5
Bisecting: 25 revisions left to test after this (roughly 5 steps)
[fb55e177d5936fb80fb2586036d195c57e7f6892] lsm: add security_inode_setintegrity() hook

testing commit fb55e177d5936fb80fb2586036d195c57e7f6892 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8f866ed2fa58c5d91c4830ddf27b54e610720b518627024e487f964ccbc7badd
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
# git bisect bad fb55e177d5936fb80fb2586036d195c57e7f6892
Bisecting: 12 revisions left to test after this (roughly 4 steps)
[0311507792b54069ac72e0a6c6b35c5d40aadad8] lsm: add IPE lsm

testing commit 0311507792b54069ac72e0a6c6b35c5d40aadad8 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9a7f9a7223f058b4d8dbfaac26116f7bad7fadc1b3b8d258ce2a4f026d645738
run #0: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #1: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-out-of-bounds Read in smk_access, types: [KASAN]
# git bisect bad 0311507792b54069ac72e0a6c6b35c5d40aadad8
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[61a1dcdceb44d79e5ab511295791b88ea178c045] lsm: infrastructure management of the perf_event security blob

testing commit 61a1dcdceb44d79e5ab511295791b88ea178c045 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 46201d1e0554564b8f5f0e1d2e8359a286d6136d43bb4e8678967e96fb1a8e26
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-use-after-free Read in smk_access
run #8: crashed: general protection fault in smack_log_callback
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
# git bisect bad 61a1dcdceb44d79e5ab511295791b88ea178c045
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[09001284eebfc1b684e81d1db0f006787d35f3e1] lsm: add helper for blob allocations

testing commit 09001284eebfc1b684e81d1db0f006787d35f3e1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 36f6f08d2ec3734ad073c77c80f5dd6d27675f9d6397e2516d1fdde6ebd01b93
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-use-after-free Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: general protection fault in smack_log_callback
run #4: crashed: KASAN: slab-use-after-free Read in smk_access
run #5: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #6: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #7: crashed: general protection fault in smack_log_callback
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-use-after-free Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
# git bisect bad 09001284eebfc1b684e81d1db0f006787d35f3e1
Bisecting: 0 revisions left to test after this (roughly 1 step)
[5f8d28f6d7d568dbbc8c5bce94894474c07afd4f] lsm: infrastructure management of the key security blob

testing commit 5f8d28f6d7d568dbbc8c5bce94894474c07afd4f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 31610c8944db1ab5afd341d5ebe9868cd3755d17f61984ea9de734574a1ed1d9
run #0: crashed: KASAN: slab-use-after-free Read in smk_access
run #1: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #2: crashed: KASAN: slab-use-after-free Read in smk_access
run #3: crashed: KASAN: slab-use-after-free Read in smk_access
run #4: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #5: crashed: KASAN: slab-use-after-free Read in smk_access
run #6: crashed: KASAN: slab-use-after-free Read in smk_access
run #7: crashed: KASAN: slab-out-of-bounds Read in smk_access
run #8: crashed: KASAN: slab-use-after-free Read in smk_access
run #9: crashed: KASAN: slab-out-of-bounds Read in smk_access
representative crash: KASAN: slab-use-after-free Read in smk_access, types: [KASAN]
# git bisect bad 5f8d28f6d7d568dbbc8c5bce94894474c07afd4f
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[2aff9d20d50ac45dd13a013ef5231f4fb8912356] lsm: infrastructure management of the sock security

testing commit 2aff9d20d50ac45dd13a013ef5231f4fb8912356 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 1bb02e2f6a06234164082316adcd87d01a0cb12c56685f0269cd172d7c706752
all runs: OK
false negative chance: 0.000
# git bisect good 2aff9d20d50ac45dd13a013ef5231f4fb8912356
5f8d28f6d7d568dbbc8c5bce94894474c07afd4f is the first bad commit
commit 5f8d28f6d7d568dbbc8c5bce94894474c07afd4f
Author: Casey Schaufler <casey@schaufler-ca.com>
Date:   Wed Jul 10 14:32:26 2024 -0700

    lsm: infrastructure management of the key security blob
    
    Move management of the key->security blob out of the individual security
    modules and into the security infrastructure. Instead of allocating the
    blobs from within the modules the modules tell the infrastructure how
    much space is required, and the space is allocated there.  There are
    no existing modules that require a key_free hook, so the call to it and
    the definition for it have been removed.
    
    Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
    Reviewed-by: John Johansen <john.johansen@canonical.com>
    [PM: subject tweak]
    Signed-off-by: Paul Moore <paul@paul-moore.com>

 include/linux/lsm_hook_defs.h     |  1 -
 include/linux/lsm_hooks.h         |  1 +
 security/security.c               | 39 +++++++++++++++++++++++++++++++++++++--
 security/selinux/hooks.c          | 21 ++++-----------------
 security/selinux/include/objsec.h |  7 +++++++
 security/smack/smack.h            |  7 +++++++
 security/smack/smack_lsm.c        | 31 +++++++++++++------------------
 7 files changed, 69 insertions(+), 38 deletions(-)

accumulated error probability: 0.00
culprit signature: 31610c8944db1ab5afd341d5ebe9868cd3755d17f61984ea9de734574a1ed1d9
parent  signature: 1bb02e2f6a06234164082316adcd87d01a0cb12c56685f0269cd172d7c706752
revisions tested: 21, total time: 4h38m6.257888434s (build: 2h10m21.230248878s, test: 2h15m11.722999091s)
first bad commit: 5f8d28f6d7d568dbbc8c5bce94894474c07afd4f lsm: infrastructure management of the key security blob
recipients (to): ["casey@schaufler-ca.com" "john.johansen@canonical.com" "paul@paul-moore.com"]
recipients (cc): []
crash: KASAN: slab-use-after-free Read in smk_access
==================================================================
BUG: KASAN: slab-use-after-free in smk_access+0xab/0x3f0 security/smack/smack_access.c:147
Read of size 8 at addr ffff8881046ab380 by task syz.0.16/4945

CPU: 1 UID: 3327 PID: 4945 Comm: syz.0.16 Not tainted 6.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x231/0x330 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 smk_access+0xab/0x3f0 security/smack/smack_access.c:147
 smack_watch_key+0x2ac/0x370 security/smack/smack_lsm.c:4656
 security_watch_key+0x65/0x90 security/security.c:4359
 keyctl_watch_key+0x2b7/0x480 security/keys/keyctl.c:1813
 __do_sys_keyctl security/keys/keyctl.c:2021 [inline]
 __se_sys_keyctl+0x409/0xc10 security/keys/keyctl.c:1874
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff9e68ddef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff9e6359038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
RAX: ffffffffffffffda RBX: 00007ff9e6a95f80 RCX: 00007ff9e68ddef9
RDX: 0000000000000004 RSI: 000000003f1cf8d0 RDI: 0000000000000020
RBP: 00007ff9e6950b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff9e6a95f80 R15: 00007ffcd6e8a018
 </TASK>

Allocated by task 2438:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slub.c:4158 [inline]
 __kmalloc_node_track_caller_noprof+0x1fb/0x460 mm/slub.c:4177
 memdup_user mm/util.c:226 [inline]
 strndup_user+0x75/0x150 mm/util.c:285
 copy_mount_string fs/namespace.c:3707 [inline]
 __do_sys_mount fs/namespace.c:4010 [inline]
 __se_sys_mount+0xe2/0x3b0 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 2438:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2252 [inline]
 slab_free mm/slub.c:4473 [inline]
 kfree+0x12f/0x310 mm/slub.c:4594
 __do_sys_mount fs/namespace.c:4024 [inline]
 __se_sys_mount+0x360/0x3b0 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x8d/0x190 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff8881046ab380
 which belongs to the cache kmalloc-8 of size 8
The buggy address is located 0 bytes inside of
 freed 8-byte region [ffff8881046ab380, ffff8881046ab388)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881046abb80 pfn:0x1046ab
flags: 0x200000000000000(node=0|zone=2)
page_type: 0xfdffffff(slab)
raw: 0200000000000000 ffff888100041500 ffffea00041daf80 dead000000000002
raw: ffff8881046abb80 000000008080006e 00000001fdffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3658111035, free_ts 3525992713
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x10f/0x130 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x37f4/0x3920 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x256/0x670 mm/page_alloc.c:4700
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x5f/0x120 mm/slub.c:2321
 allocate_slab+0x5d/0x290 mm/slub.c:2484
 new_slab mm/slub.c:2537 [inline]
 ___slab_alloc+0xa7f/0x11d0 mm/slub.c:3723
 __slab_alloc mm/slub.c:3813 [inline]
 __slab_alloc_node mm/slub.c:3866 [inline]
 slab_alloc_node mm/slub.c:4025 [inline]
 __do_kmalloc_node mm/slub.c:4157 [inline]
 __kmalloc_noprof+0x25a/0x440 mm/slub.c:4170
 kmalloc_noprof include/linux/slab.h:685 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 acpi_ns_internalize_name+0x419/0x610 drivers/acpi/acpica/nsutils.c:331
 acpi_ns_get_node_unlocked drivers/acpi/acpica/nsutils.c:666 [inline]
 acpi_ns_get_node+0x1b7/0x3c0 drivers/acpi/acpica/nsutils.c:726
 acpi_ns_evaluate+0x35f/0xa40 drivers/acpi/acpica/nseval.c:62
 acpi_ut_evaluate_object+0x154/0x4a0 drivers/acpi/acpica/uteval.c:60
 acpi_rs_get_method_data+0xb4/0x160 drivers/acpi/acpica/rsutils.c:650
 acpi_walk_resources+0x183/0x5a0 drivers/acpi/acpica/rsxface.c:616
 __acpi_dev_get_resources drivers/acpi/resource.c:935 [inline]
 acpi_dev_get_resources+0x257/0x380 drivers/acpi/resource.c:973
 acpi_device_enumeration_by_parent drivers/acpi/scan.c:1806 [inline]
 acpi_init_device_object+0x27d0/0x34b0 drivers/acpi/scan.c:1834
 acpi_add_single_object+0x106/0x1e00 drivers/acpi/scan.c:1879
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0xbae/0xcf0 mm/page_alloc.c:2612
 discard_slab mm/slub.c:2583 [inline]
 __put_partials+0x18e/0x1d0 mm/slub.c:3051
 put_cpu_partial+0x151/0x1b0 mm/slub.c:3126
 __slab_free+0x2b8/0x3a0 mm/slub.c:4343
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_remove_cache+0x14a/0x170 mm/kasan/quarantine.c:378
 kmem_cache_shrink+0xd/0x20 mm/slab_common.c:610
 acpi_os_purge_cache+0x15/0x20 drivers/acpi/osl.c:1573
 acpi_purge_cached_objects+0x8f/0xc0 drivers/acpi/acpica/utxface.c:239
 acpi_initialize_objects+0x2e/0xa0 drivers/acpi/acpica/utxfinit.c:250
 acpi_bus_init+0xda/0xbc0 drivers/acpi/bus.c:1364
 acpi_init+0xb4/0x240 drivers/acpi/bus.c:1449
 do_one_initcall+0x211/0x6e0 init/main.c:1267
 do_initcall_level+0x15a/0x280 init/main.c:1329
 do_initcalls+0x3f/0x80 init/main.c:1345
 kernel_init_freeable+0x3f2/0x580 init/main.c:1578

Memory state around the buggy address:
 ffff8881046ab280: 00 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
 ffff8881046ab300: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
>ffff8881046ab380: fa fc fc fc fa fc fc fc 00 fc fc fc 05 fc fc fc
                   ^
 ffff8881046ab400: fa fc fc fc 05 fc fc fc 00 fc fc fc fa fc fc fc
 ffff8881046ab480: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
==================================================================