ci2 starts bisection 2024-04-05 05:35:40.719468078 +0000 UTC m=+60568.900003409
bisecting cause commit starting from fe46a7dd189e25604716c03576d05ac8a5209743
building syzkaller on 0ee3535ea8ff21d50e44372bb1cfd147e299ab5b
ensuring issue is reproducible on original commit fe46a7dd189e25604716c03576d05ac8a5209743

testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5a2b9779332b14d1f54b51fc184de61df02e37d6a8859e646e6b099c8f2650fe
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4ca79f9d405b552274945e59690d0afdb77d4ee8070998a41e4e2afcd834ff28
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
kconfig minimization: base=3932 full=7979 leaves diff=2024
split chunks (needed=false): <2024>
split chunk #0 of len 2024 into 5 parts
testing without sub-chunk 1/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 080ec8a95cd7497a15b8208ec73c1d24be319dbd1c645fa53a8d4ef5c413a966
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5eb2a7f15113517a45478b0de46104178b2080082565f4641952e83ba265020d
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 7068a0658ac928acb568dfe43bf5d72f758b6b8d1ca49da0ddc015f7bb4976aa
all runs: OK
false negative chance: 0.000
testing without sub-chunk 4/5
disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5bb9c64d30dda7c04ca5ba2b1ef34335179f0b3aecceb74b3d66a9303cb0d583
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
testing commit fe46a7dd189e25604716c03576d05ac8a5209743 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4257f797394bf5072ec8bd6875e27b1ac3a696c81e05b0b0b17e622ac1542363
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
the chunk can be dropped
minimized to 405 configs; suspects: [AX25 BRIDGE BRIDGE_NETFILTER CAN CFG80211 CHECKPOINT_RESTORE DVB_CORE FB_CORE HAMRADIO HSR INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_USER_ACCESS INPUT_JOYSTICK INPUT_MOUSE IP6_NF_RAW IPV6_MULTIPLE_TABLES IP_NF_RAW IP_SET IP_VS IP_VS_IPV6 IP_VS_LBLC IP_VS_LBLCR IP_VS_LC IP_VS_MH IP_VS_NFCT IP_VS_NQ IP_VS_OVF IP_VS_PE_SIP IP_VS_PROTO_AH IP_VS_PROTO_AH_ESP IP_VS_PROTO_ESP IP_VS_PROTO_SCTP IP_VS_PROTO_UDP IP_VS_RR IP_VS_SED IP_VS_SH IP_VS_TWOS IP_VS_WLC IP_VS_WRR IRQ_BYPASS_MANAGER IRQ_POLL IR_IGORPLUGUSB IR_IGUANA IR_IMON IR_MCEUSB IR_REDRAT3 IR_STREAMZAP IR_TTUSBIR ISDN ISDN_CAPI_MIDDLEWARE JFFS2_CMODE_PRIORITY JFFS2_COMPRESSION_OPTIONS JFFS2_FS JFFS2_FS_POSIX_ACL JFFS2_FS_SECURITY JFFS2_FS_WRITEBUFFER JFFS2_FS_XATTR JFFS2_LZO JFFS2_RTIME JFFS2_RUBIN JFFS2_SUMMARY JFFS2_ZLIB JFS_DEBUG JFS_FS JFS_POSIX_ACL JFS_SECURITY JOYSTICK_IFORCE JOYSTICK_IFORCE_USB JOYSTICK_XPAD JOYSTICK_XPAD_FF JOYSTICK_XPAD_LEDS KARMA_PARTITION KCOV KCOV_ENABLE_COMPARISONS KCOV_INSTRUMENT_ALL KEYS_REQUEST_CACHE KEY_DH_OPERATIONS KEY_NOTIFICATIONS KSM KVM KVM_AMD KVM_ASYNC_PF KVM_COMMON KVM_COMPAT KVM_GENERIC_DIRTYLOG_READ_PROTECT KVM_GENERIC_HARDWARE_ENABLING KVM_GENERIC_MEMORY_ATTRIBUTES KVM_GENERIC_MMU_NOTIFIER KVM_GENERIC_PRIVATE_MEM KVM_HYPERV KVM_MMIO KVM_PRIVATE_MEM KVM_PROVE_MMU KVM_SW_PROTECTED_VM KVM_VFIO KVM_XEN KVM_XFER_TO_GUEST_WORK L2TP L2TP_ETH L2TP_IP L2TP_V3 LAPB LAPBETHER LDM_PARTITION LEDS_TRIGGER_AUDIO LEGACY_PTYS LIBCRC32C LIBNVDIMM LINEAR_RANGES LLC LLC2 LOGIG940_FF LOGIRUMBLEPAD2_FF LOGO LOGO_LINUX_MONO LOGO_LINUX_VGA16 LPC_ICH LWTUNNEL LWTUNNEL_BPF LZ4HC_COMPRESS LZ4_COMPRESS MAC80211 MAC80211_HAS_RC MAC80211_HWSIM MAC80211_MESH MAC80211_RC_DEFAULT_MINSTREL MAC80211_RC_MINSTREL MACSEC MACVLAN MACVTAP MAC_PARTITION MAPPING_DIRTY_HELPERS MD_RAID0 MD_RAID1 MD_RAID10 MD_RAID456 MEDIA_ANALOG_TV_SUPPORT MEDIA_ATTACH MEDIA_CONTROLLER MEDIA_CONTROLLER_DVB MEDIA_DIGITAL_TV_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_SUPPORT_FILTER MEDIA_TUNER MEDIA_TUNER_MSI001 MEMORY_BALLOON MEMORY_HOTPLUG MEMORY_HOTPLUG_DEFAULT_ONLINE MEMORY_ISOLATION MEMREGION MEMSTICK MEMSTICK_REALTEK_USB MEM_SOFT_DIRTY MFD_CORE MFD_SYSCON MHI_BUS MHI_WWAN_CTRL MHP_MEMMAP_ON_MEMORY MICROCHIP_PHY MINIX_FS MINIX_SUBPARTITION MISC_RTSX MISC_RTSX_USB MISDN MISDN_DSP MISDN_HFCUSB MISDN_L1OIP MITIGATION_RFDS MKISS MLX4_CORE MLX4_INFINIBAND MMC MMC_REALTEK_USB MMC_USHC MMC_VUB300 MMU_NOTIFIER MODULE_SRCVERSION_ALL MODVERSIONS MOST MOUSE_APPLETOUCH MOUSE_BCM5974 MOUSE_PS2 MOUSE_PS2_ALPS MOUSE_PS2_BYD MOUSE_PS2_CYPRESS MOUSE_PS2_FOCALTECH MOUSE_PS2_LIFEBOOK MOUSE_PS2_LOGIPS2PP MOUSE_PS2_SMBUS MOUSE_PS2_SYNAPTICS MOUSE_PS2_SYNAPTICS_SMBUS MOUSE_PS2_TRACKPOINT MOUSE_SYNAPTICS_USB MPLS MPLS_IPTUNNEL MPLS_ROUTING MPTCP MPTCP_IPV6 MRP MTD MTD_BLKDEVS MTD_BLOCK MTD_BLOCK2MTD MTD_CFI_I1 MTD_CFI_I2 MTD_MAP_BANK_WIDTH_1 MTD_MAP_BANK_WIDTH_2 MTD_MAP_BANK_WIDTH_4 MTD_MTDRAM MTD_PHRAM MTD_SLRAM MUSB_PIO_ONLY ND_BTT ND_CLAIM ND_PFN NETDEVSIM NETFILTER_ADVANCED NETFILTER_BPF_LINK NETFILTER_FAMILY_ARP NETFILTER_FAMILY_BRIDGE NETFILTER_NETLINK_ACCT NETFILTER_NETLINK_GLUE_CT NETFILTER_NETLINK_OSF NETFILTER_NETLINK_QUEUE NETFILTER_SYNPROXY NETFILTER_XTABLES_COMPAT NETFILTER_XT_CONNMARK NETFILTER_XT_MATCH_BPF NETFILTER_XT_MATCH_CGROUP NETFILTER_XT_MATCH_CLUSTER NETFILTER_XT_MATCH_COMMENT NETFILTER_XT_MATCH_CONNBYTES NETFILTER_XT_MATCH_CONNLABEL NETFILTER_XT_MATCH_CONNLIMIT NETFILTER_XT_MATCH_CONNMARK NETFILTER_XT_MATCH_CPU NETFILTER_XT_MATCH_DCCP NETFILTER_XT_MATCH_DEVGROUP NETFILTER_XT_MATCH_DSCP NETFILTER_XT_MATCH_ECN NETFILTER_XT_MATCH_ESP NETFILTER_XT_MATCH_HASHLIMIT NETFILTER_XT_MATCH_HELPER NETFILTER_XT_MATCH_HL NETFILTER_XT_MATCH_IPCOMP NETFILTER_XT_MATCH_IPRANGE NETFILTER_XT_MATCH_IPVS NETFILTER_XT_MATCH_L2TP NETFILTER_XT_MATCH_LENGTH NETFILTER_XT_MATCH_LIMIT NETFILTER_XT_MATCH_MAC NETFILTER_XT_MATCH_MARK NETFILTER_XT_MATCH_MULTIPORT NETFILTER_XT_MATCH_NFACCT NETFILTER_XT_MATCH_OSF NETFILTER_XT_MATCH_OWNER NETFILTER_XT_MATCH_PHYSDEV NETFILTER_XT_MATCH_PKTTYPE NETFILTER_XT_MATCH_QUOTA NETFILTER_XT_MATCH_RATEEST NETFILTER_XT_MATCH_REALM NETFILTER_XT_MATCH_RECENT NETFILTER_XT_MATCH_SCTP NETFILTER_XT_MATCH_SOCKET NETFILTER_XT_MATCH_STATISTIC NETFILTER_XT_MATCH_STRING NETFILTER_XT_MATCH_TCPMSS NETFILTER_XT_MATCH_TIME NETFILTER_XT_MATCH_U32 NETFILTER_XT_SET NETFILTER_XT_TARGET_AUDIT NETFILTER_XT_TARGET_CHECKSUM NETFILTER_XT_TARGET_CLASSIFY NETFILTER_XT_TARGET_CONNMARK NETFILTER_XT_TARGET_CT NETFILTER_XT_TARGET_DSCP NETFILTER_XT_TARGET_HL NETFILTER_XT_TARGET_HMARK NETFILTER_XT_TARGET_IDLETIMER NETFILTER_XT_TARGET_LED NETFILTER_XT_TARGET_MARK NETFILTER_XT_TARGET_NETMAP NETFILTER_XT_TARGET_NFQUEUE NETFILTER_XT_TARGET_NOTRACK NETFILTER_XT_TARGET_RATEEST NETFILTER_XT_TARGET_REDIRECT NETFILTER_XT_TARGET_TCPOPTSTRIP NETFILTER_XT_TARGET_TEE NETFILTER_XT_TARGET_TPROXY NETFILTER_XT_TARGET_TRACE NETLINK_DIAG NETROM NET_9P_RDMA NET_ACT_BPF NET_ACT_CONNMARK NET_ACT_CSUM NET_ACT_CT NET_ACT_CTINFO NET_ACT_GATE NET_ACT_IFE NET_ACT_MPLS NET_ACT_NAT NET_ACT_PEDIT NET_ACT_POLICE NET_ACT_SAMPLE NET_ACT_SIMP NET_ACT_SKBEDIT NET_ACT_SKBMOD NET_ACT_TUNNEL_KEY NET_ACT_VLAN NET_CLS_BASIC NET_CLS_BPF NET_CLS_FLOW NET_CLS_FLOWER NET_CLS_FW NET_CLS_MATCHALL NET_CLS_ROUTE4 NET_DEVLINK NET_DROP_MONITOR NET_DSA NET_DSA_TAG_BRCM NET_DSA_TAG_BRCM_COMMON NET_DSA_TAG_BRCM_PREPEND NET_DSA_TAG_MTK NET_DSA_TAG_QCA NET_DSA_TAG_RTL4_A NET_EMATCH_CANID NET_EMATCH_CMP NET_EMATCH_IPSET NET_EMATCH_IPT NET_EMATCH_META NET_EMATCH_NBYTE NET_EMATCH_TEXT NET_EMATCH_U32 NET_FC NET_FOU NET_FOU_IP_TUNNELS NET_IFE NET_IFE_SKBMARK NET_IFE_SKBPRIO NET_IFE_SKBTCINDEX NET_IPGRE NET_IPGRE_BROADCAST NET_IPGRE_DEMUX NET_IPIP NET_IPVTI NET_KEY NET_KEY_MIGRATE NET_L3_MASTER_DEV NET_MPLS_GSO NET_NCSI NET_NSH NET_REDIRECT NET_SCH_CAKE NET_SCH_CBS NET_SCH_CHOKE NET_SCH_CODEL NET_SCH_DRR NET_SCH_ETF NET_SCH_ETS NET_SCH_FQ NET_SCH_FQ_CODEL NET_SCH_FQ_PIE NET_SCH_GRED NET_SCH_HFSC NET_SCH_HHF NET_SCH_HTB NET_SCH_INGRESS NET_SCH_MQPRIO NET_SCH_MQPRIO_LIB NET_SCH_MULTIQ NET_SCH_NETEM NET_SCH_PIE NET_SCH_PLUG NET_SCH_PRIO NET_SCH_QFQ NET_SCH_RED NET_SCH_SFB NET_SCH_SFQ NET_SCH_SKBPRIO NET_SCH_TAPRIO NET_SCH_TBF NET_SCH_TEQL NET_SOCK_MSG NET_SWITCHDEV NET_TC_SKB_EXT NET_TEAM NET_TEAM_MODE_ACTIVEBACKUP NET_TEAM_MODE_BROADCAST NET_TEAM_MODE_LOADBALANCE NET_TEAM_MODE_RANDOM NET_TEAM_MODE_ROUNDROBIN NET_UDP_TUNNEL NET_VRF NFC NFC_DIGITAL NFC_FDP NFC_HCI NFC_MRVL NFC_MRVL_USB NFC_NCI NFC_NCI_UART NFC_PN533 NFC_PN533_USB NFC_PORT100 NFC_SHDLC NFC_SIM NFC_VIRTUAL_NCI NFSD NFSD_BLOCKLAYOUT NFSD_FLEXFILELAYOUT NFSD_PNFS NFSD_SCSILAYOUT NFSD_V3_ACL NFSD_V4 NFSD_V4_2_INTER_SSC NFSD_V4_SECURITY_LABEL NFS_FSCACHE NFS_V4_1 NFS_V4_2 NFS_V4_2_READ_PLUS NFS_V4_2_SSC_HELPER NFS_V4_SECURITY_LABEL NFT_BRIDGE_META NFT_BRIDGE_REJECT NFT_COMPAT NFT_CONNLIMIT NFT_CT NFT_DUP_IPV4 NFT_DUP_IPV6 NFT_DUP_NETDEV NFT_FIB NFT_FIB_INET NFT_FIB_IPV4 NFT_FIB_IPV6 NFT_FIB_NETDEV NFT_FLOW_OFFLOAD NFT_HASH NFT_LIMIT NFT_LOG NFT_MASQ NFT_NAT NFT_NUMGEN NFT_OSF NFT_QUEUE NFT_QUOTA NFT_REDIR NFT_REJECT NFT_REJECT_INET NFT_REJECT_IPV4 NFT_REJECT_IPV6 NFT_REJECT_NETDEV NFT_SOCKET NFT_SYNPROXY NFT_TPROXY NFT_TUNNEL NFT_XFRM NF_CONNTRACK_AMANDA NF_CONNTRACK_BRIDGE NF_CONNTRACK_BROADCAST NF_CONNTRACK_EVENTS NF_CONNTRACK_H323 NF_CONNTRACK_LABELS NF_CONNTRACK_MARK NF_CONNTRACK_NETBIOS_NS NF_CONNTRACK_OVS NF_CONNTRACK_PPTP NF_CONNTRACK_SANE NF_CONNTRACK_TFTP NF_CONNTRACK_TIMEOUT NF_CONNTRACK_TIMESTAMP NF_CONNTRACK_ZONES NF_CT_NETLINK_HELPER NF_CT_NETLINK_TIMEOUT NF_CT_PROTO_DCCP NF_CT_PROTO_GRE NF_CT_PROTO_SCTP NF_CT_PROTO_UDPLITE NF_DUP_IPV4 NF_DUP_IPV6 NF_DUP_NETDEV NF_FLOW_TABLE NF_FLOW_TABLE_INET NF_NAT_AMANDA NF_NAT_H323 NF_NAT_OVS NF_NAT_PPTP NF_NAT_REDIRECT NF_TABLES NF_TABLES_BRIDGE NF_TABLES_INET NF_TABLES_IPV4 NF_TABLES_IPV6 NF_TABLES_NETDEV PARTITION_ADVANCED PSAMPLE RC_CORE RC_DEVICES RFKILL SPI USB_GADGET USB_MUSB_HDRC VIDEO_DEV WAN WATCH_QUEUE WIRELESS WLAN WWAN X25 X86_X32_ABI]
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
picked [v6.8 v6.7 v6.6 v6.4 v6.2 v6.0 v5.18 v5.16 v5.13 v5.10 v5.7 v5.4 v5.1 v4.19] out of 31 release tags
testing release v6.8
testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b9ef377f61f959ea8d93044ae7a1a962a101da4aec9f79e9e8f5d3b25b367480
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v6.7
testing commit 0dd3ee31125508cd67f7e7172247f05b7fd1753a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f14f7b4f7c3de59a9e3a4007f4d304b59f6b9003a57145a2d1542707150552e3
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 364bb65c12a771c034d1aadc22a17721c92f696e3e3824be5187f889ef8c8bfd
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v6.4
testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 2c2a4422f35297abfb890b87a6b502e8f55ff25ef8893ced3cf36522d1f2c185
all runs: crashed: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: slab-use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v6.2
testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8eacf8493622e74037cf2a2a2503dfb0c832ec55957834c06911cc04a3867b1a
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v6.0
testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6cd62c9dfbb8daee841264c96cdc6d665c10684133dbaf6cef2a0ab6d1519dfd
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v5.18
testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6849d581f351170b0f0c039e0f0c500b8f443a68c0e4413a8ce4cd28458be288
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v5.16
testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9e41961db8b94120e9ac7b56ac2e16165c22efb252840cf10058fe242d91a5da
all runs: boot failed: invalid opcode in public_key_verify_signature
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0f272516f7591e1b6ea3c949457ced3f87632c568c64cbfedf500309a6a3a52d
all runs: boot failed: invalid opcode in public_key_verify_signature
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442 gcc
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f822889b5f6e61500ac6538baae0c3a755069703fe4e2aa446a6ec9f2ede8c22
all runs: boot failed: invalid opcode in public_key_verify_signature
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 gcc
compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 86ea5ee446714fcf5952385e74f8fc9398e09efba3ee1cdd373c81d74eea51e2
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 0a6ff370a064507c97ba3e44dd72eb272d0ebb419266ac04e93a28a6b52798ac
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 85b16753b9ebf279effea13468476ce97e1b4933fd39a3b2d9a05258cd172309
all runs: OK
false negative chance: 0.000
# git bisect start 219d54332a09e8d8741c1e1982f5eae56099de85 e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd
Bisecting: 23272 revisions left to test after this (roughly 15 steps)
[192f0f8e9db7efe4ac98d47f5fa4334e43c1204d] Merge tag 'powerpc-5.3-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

testing commit 192f0f8e9db7efe4ac98d47f5fa4334e43c1204d gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c947a5c56b5288f913a9ae99d25c8c20d4c0b1fc8abdae15fed18734203769c3
all runs: boot failed: BUG: spinlock bad magic in nf_connlabels_get
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
# git bisect skip 192f0f8e9db7efe4ac98d47f5fa4334e43c1204d
Bisecting: 23272 revisions left to test after this (roughly 15 steps)
[1a371ea1b7b6666f66cac42c655f26ad89348354] ionic: Add netdev-event handling

testing commit 1a371ea1b7b6666f66cac42c655f26ad89348354 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 307587bd68870f77e2951a1d07042c620c47c588e0cd03062ddc571fa8b16220
all runs: boot failed: can't ssh into the instance
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
# git bisect skip 1a371ea1b7b6666f66cac42c655f26ad89348354
Bisecting: 23272 revisions left to test after this (roughly 15 steps)
[01c0aa794305ae08eb977d0719e43577e93f9ef5] docs: cma/debugfs.txt: convert docs to ReST and rename to *.rst

testing commit 01c0aa794305ae08eb977d0719e43577e93f9ef5 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: d1e36a98f887edfb849ffa767e14d3a541f5f2458ce1919c3440ee0baafe89f6
all runs: boot failed: BUG: spinlock bad magic in nf_connlabels_get
unable to determine the verdict: 0 good runs (wanted 5), for bad wanted 5 in total, got 0
# git bisect skip 01c0aa794305ae08eb977d0719e43577e93f9ef5
Bisecting: 23272 revisions left to test after this (roughly 15 steps)
[edf070a0fb45ac845f534baf172fbadbeb5048c6] hsr: fix a NULL pointer deref in hsr_dev_xmit()

testing commit edf070a0fb45ac845f534baf172fbadbeb5048c6 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 66aa9712b3a41c53ff6aff8954f25404348c530d5ee71f96aa6d9944f3ee2392
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad edf070a0fb45ac845f534baf172fbadbeb5048c6
Bisecting: 6884 revisions left to test after this (roughly 13 steps)
[a2d635decbfa9c1e4ae15cb05b68b2559f7f827c] Merge tag 'drm-next-2019-05-09' of git://anongit.freedesktop.org/drm/drm

testing commit a2d635decbfa9c1e4ae15cb05b68b2559f7f827c gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 28a0a7e7e74daef7c14ebcbeb393c0b9ca73dca015382fa3e01994c8eb569941
all runs: OK
false negative chance: 0.000
# git bisect good a2d635decbfa9c1e4ae15cb05b68b2559f7f827c
Bisecting: 3704 revisions left to test after this (roughly 12 steps)
[22c58fd70ca48a29505922b1563826593b08cc00] Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 22c58fd70ca48a29505922b1563826593b08cc00 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e8cdc3e9e6148cbefe79f333c15f170a34cbe2d3fa32df1b627e7d5416a818f7
all runs: OK
false negative chance: 0.000
# git bisect good 22c58fd70ca48a29505922b1563826593b08cc00
Bisecting: 1857 revisions left to test after this (roughly 11 steps)
[7fbc78e3155a0c464bd832efc07fb3c2355fe9bd] Merge tag 'for-linus-20190524' of git://git.kernel.dk/linux-block

testing commit 7fbc78e3155a0c464bd832efc07fb3c2355fe9bd gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c3bb1eef302baa5309e782c2ca592e615e7850a999306514ef7e50b44b868b5b
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad 7fbc78e3155a0c464bd832efc07fb3c2355fe9bd
Bisecting: 927 revisions left to test after this (roughly 10 steps)
[227747fb9eab37aaeb360aeba795362c01889427] Merge tag 'afs-fixes-20190516' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs

testing commit 227747fb9eab37aaeb360aeba795362c01889427 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e50939155a50c3872468d60b0f54073c7748668baba584310dbb8e06f4e79c45
all runs: OK
false negative chance: 0.000
# git bisect good 227747fb9eab37aaeb360aeba795362c01889427
Bisecting: 494 revisions left to test after this (roughly 9 steps)
[a13f950ef13ff1eaf2ce14f5462ca59c4b60fdd0] Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

testing commit a13f950ef13ff1eaf2ce14f5462ca59c4b60fdd0 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 122bf00576b53eb71528ce3d850f58bef9ba68252dce5f65212828c6cce5493a
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad a13f950ef13ff1eaf2ce14f5462ca59c4b60fdd0
Bisecting: 273 revisions left to test after this (roughly 8 steps)
[c011d23ba046826ccf8c4a4a6c1d01c9ccaa1403] kvm: fix compilation on aarch64

testing commit c011d23ba046826ccf8c4a4a6c1d01c9ccaa1403 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a79f24b440e3ec297d368501d12ae0461072b0b145e571b733ae31018efc01ff
all runs: OK
false negative chance: 0.000
# git bisect good c011d23ba046826ccf8c4a4a6c1d01c9ccaa1403
Bisecting: 143 revisions left to test after this (roughly 7 steps)
[72cf0b07418a9c8349aa9137194b1ccba6e54a9d] Merge tag 'sound-fix-5.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

testing commit 72cf0b07418a9c8349aa9137194b1ccba6e54a9d gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e5118f4d30865be3adb027cb23678226b429dfe0c6308458e569abf350f8ae8f
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad 72cf0b07418a9c8349aa9137194b1ccba6e54a9d
Bisecting: 84 revisions left to test after this (roughly 6 steps)
[815d469d8c9a3360ee0a8b7857dd95352a6c7bde] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

testing commit 815d469d8c9a3360ee0a8b7857dd95352a6c7bde gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 9ad46d879329261eb36a1d683b51d1a0af40923b68a1453be21d9ded8749055a
all runs: OK
false negative chance: 0.000
# git bisect good 815d469d8c9a3360ee0a8b7857dd95352a6c7bde
Bisecting: 41 revisions left to test after this (roughly 5 steps)
[1718de78e6235c04ecb7f87a6875fdf90aafe382] Merge tag 'for-5.2/block-post-20190516' of git://git.kernel.dk/linux-block

testing commit 1718de78e6235c04ecb7f87a6875fdf90aafe382 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 9ad46d879329261eb36a1d683b51d1a0af40923b68a1453be21d9ded8749055a
all runs: OK
false negative chance: 0.000
# git bisect good 1718de78e6235c04ecb7f87a6875fdf90aafe382
Bisecting: 21 revisions left to test after this (roughly 4 steps)
[80111bfb672d8c04d60c25559243554f732f2848] Merge tag 's390-5.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

testing commit 80111bfb672d8c04d60c25559243554f732f2848 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: b451d1af652de01348d0f659b9156f47974c07288fd7d3f3663e844b7c777d8e
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad 80111bfb672d8c04d60c25559243554f732f2848
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[bf8a9a4755737f6630756f0d87bea9b38f0ed369] Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

testing commit bf8a9a4755737f6630756f0d87bea9b38f0ed369 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: b451d1af652de01348d0f659b9156f47974c07288fd7d3f3663e844b7c777d8e
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad bf8a9a4755737f6630756f0d87bea9b38f0ed369
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[dc6ce4bc2b355a47f225a0205046b3ebf29a7f72] io_uring: adjust smp_rmb inside io_cqring_events

testing commit dc6ce4bc2b355a47f225a0205046b3ebf29a7f72 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c2c0bb78f5d7d4f2878136d182cbe3f59b163c51135766a25bcbcc7fd61d465c
all runs: OK
false negative chance: 0.000
# git bisect good dc6ce4bc2b355a47f225a0205046b3ebf29a7f72
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[d8076bdb56af5e5918376cd1573a6b0007fc1a89] uapi: Wire up the mount API syscalls on non-x86 arches [ver #2]

testing commit d8076bdb56af5e5918376cd1573a6b0007fc1a89 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: ee2cb1f2e49b6084f8d9d7b21ca15d0feb5b37b28574949e0cfc5c7d99b35ec9
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad d8076bdb56af5e5918376cd1573a6b0007fc1a89
Bisecting: 1 revision left to test after this (roughly 1 step)
[1cdc415f10831c18912943017d06b2be948c67b4] uapi, fsopen: use square brackets around "fscontext" [ver #2]

testing commit 1cdc415f10831c18912943017d06b2be948c67b4 gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c21266c9725bf4b06b84b8dff41663f87d3d0eec6d1daa46258dddabeebeafe6
all runs: OK
false negative chance: 0.000
# git bisect good 1cdc415f10831c18912943017d06b2be948c67b4
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d] uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]

testing commit 9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d gcc
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: ee2cb1f2e49b6084f8d9d7b21ca15d0feb5b37b28574949e0cfc5c7d99b35ec9
all runs: crashed: KASAN: use-after-free Read in jffs2_garbage_collect_pass
representative crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass, types: [KASAN]
# git bisect bad 9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d
9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d is the first bad commit
commit 9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d
Author: David Howells <dhowells@redhat.com>
Date:   Thu May 16 12:52:27 2019 +0100

    uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]
    
    Fix the syscall numbering of the mount API syscalls so that the numbers
    match between i386 and x86_64 and that they're in the common numbering
    scheme space.
    
    Fixes: a07b20004793 ("vfs: syscall: Add open_tree(2) to reference or clone a mount")
    Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
    Fixes: 24dcb3d90a1f ("vfs: syscall: Add fsopen() to prepare for superblock creation")
    Fixes: ecdab150fddb ("vfs: syscall: Add fsconfig() for configuring and managing a context")
    Fixes: 93766fbd2696 ("vfs: syscall: Add fsmount() to create a mount for a superblock")
    Fixes: cf3cba4a429b ("vfs: syscall: Add fspick() to select a superblock for reconfiguration")
    Reported-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: David Howells <dhowells@redhat.com>
    Reviewed-by: Arnd Bergmann <arnd@arndb.de>
    Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

 arch/x86/entry/syscalls/syscall_32.tbl | 12 ++++++------
 arch/x86/entry/syscalls/syscall_64.tbl | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

accumulated error probability: 0.00
culprit signature: ee2cb1f2e49b6084f8d9d7b21ca15d0feb5b37b28574949e0cfc5c7d99b35ec9
parent  signature: c21266c9725bf4b06b84b8dff41663f87d3d0eec6d1daa46258dddabeebeafe6
revisions tested: 39, total time: 6h25m4.464918317s (build: 2h37m34.836970694s, test: 3h39m11.825757201s)
first bad commit: 9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]
recipients (to): ["arnd@arndb.de" "dhowells@redhat.com" "viro@zeniv.linux.org.uk"]
recipients (cc): []
crash: KASAN: use-after-free Read in jffs2_garbage_collect_pass
==================================================================
BUG: KASAN: use-after-free in __lock_acquire.isra.16+0x13ae/0x1820 kernel/locking/lockdep.c:3668
Read of size 8 at addr ffff8881e495d628 by task jffs2_gcd_mtd0/3848

CPU: 0 PID: 3848 Comm: jffs2_gcd_mtd0 Not tainted 5.1.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x62/0x9a lib/dump_stack.c:113
 print_address_description.cold.3+0x9/0x244 mm/kasan/report.c:188
 __kasan_report.cold.4+0x1b/0x35 mm/kasan/report.c:317
 kasan_report+0x12/0x20 mm/kasan/common.c:614
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132
 __lock_acquire.isra.16+0x13ae/0x1820 kernel/locking/lockdep.c:3668
 lock_acquire+0x101/0x250 kernel/locking/lockdep.c:4302
 __mutex_lock_common kernel/locking/mutex.c:925 [inline]
 __mutex_lock+0xd0/0xd80 kernel/locking/mutex.c:1072
 mutex_lock_interruptible_nested+0x16/0x20 kernel/locking/mutex.c:1109
 jffs2_garbage_collect_pass+0xa7/0x1858 fs/jffs2/gc.c:134
 jffs2_garbage_collect_thread+0x429/0x600 fs/jffs2/background.c:155
 kthread+0x2f2/0x3b0 kernel/kthread.c:253
 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:352

Allocated by task 3830:
 save_stack mm/kasan/common.c:71 [inline]
 set_track mm/kasan/common.c:79 [inline]
 __kasan_kmalloc.part.0+0x44/0xc0 mm/kasan/common.c:489
 __kasan_kmalloc.constprop.1+0xb1/0xc0 mm/kasan/common.c:470
 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:503
 kmem_cache_alloc_trace+0x10c/0x200 mm/slub.c:2774
 kmalloc include/linux/slab.h:547 [inline]
 kzalloc include/linux/slab.h:742 [inline]
 jffs2_fill_super+0x4e/0x2e0 fs/jffs2/super.c:277
 mount_mtd_aux.isra.1+0xd4/0x270 drivers/mtd/mtdsuper.c:82
 mount_mtd_nr.isra.2+0x84/0xa0 drivers/mtd/mtdsuper.c:119
 mount_mtd+0x2fc/0x42b drivers/mtd/mtdsuper.c:172
 jffs2_mount+0x10/0x20 fs/jffs2/super.c:313
 legacy_get_tree+0x103/0x1f0 fs/fs_context.c:665
 vfs_get_tree+0x8b/0x250 fs/super.c:1476
 do_new_mount fs/namespace.c:2790 [inline]
 do_mount+0x10b5/0x1b30 fs/namespace.c:3110
 ksys_mount+0xb1/0xd0 fs/namespace.c:3319
 __do_sys_mount fs/namespace.c:3333 [inline]
 __se_sys_mount fs/namespace.c:3330 [inline]
 __x64_sys_mount+0xb9/0x150 fs/namespace.c:3330
 do_syscall_64+0x9a/0x310 arch/x86/entry/common.c:298
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 3054:
 save_stack mm/kasan/common.c:71 [inline]
 set_track mm/kasan/common.c:79 [inline]
 __kasan_slab_free+0x145/0x210 mm/kasan/common.c:451
 kasan_slab_free+0xe/0x10 mm/kasan/common.c:459
 slab_free_hook mm/slub.c:1420 [inline]
 slab_free_freelist_hook mm/slub.c:1447 [inline]
 slab_free mm/slub.c:2994 [inline]
 kfree+0xce/0x240 mm/slub.c:3949
 jffs2_kill_sb+0x65/0x90 fs/jffs2/super.c:344
 deactivate_locked_super+0x7c/0xd0 fs/super.c:331
 deactivate_super fs/super.c:362 [inline]
 deactivate_super+0x13f/0x160 fs/super.c:358
 cleanup_mnt+0x97/0x120 fs/namespace.c:1120
 __cleanup_mnt+0xd/0x10 fs/namespace.c:1127
 task_work_run+0x10e/0x180 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x11f/0x150 arch/x86/entry/common.c:167
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:276 [inline]
 do_syscall_64+0x294/0x310 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff8881e495d500
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 296 bytes inside of
 4096-byte region [ffff8881e495d500, ffff8881e495e500)
The buggy address belongs to the page:
page:ffffea0007925600 count:1 mapcount:0 mapping:ffff8881f6c02600 index:0x0 compound_mapcount: 0
flags: 0x200000000010200(slab|head)
raw: 0200000000010200 ffffea0007917c00 0000000200000002 ffff8881f6c02600
raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:2023 [inline]
 prep_new_page+0x235/0x300 mm/page_alloc.c:2031
 get_page_from_freelist+0xf3f/0x33d0 mm/page_alloc.c:3578
 __alloc_pages_nodemask+0x2eb/0x22e0 mm/page_alloc.c:4616
 alloc_pages_current+0xfd/0x290 mm/mempolicy.c:2132
 alloc_pages include/linux/gfp.h:509 [inline]
 alloc_slab_page mm/slub.c:1488 [inline]
 allocate_slab mm/slub.c:1633 [inline]
 new_slab+0x3df/0x660 mm/slub.c:1705
 new_slab_objects mm/slub.c:2459 [inline]
 ___slab_alloc+0x5cf/0x7e0 mm/slub.c:2610
 __slab_alloc+0xd/0x20 mm/slub.c:2650
 slab_alloc_node mm/slub.c:2713 [inline]
 slab_alloc mm/slub.c:2755 [inline]
 kmem_cache_alloc_trace+0x1bf/0x200 mm/slub.c:2772
 kmalloc include/linux/slab.h:547 [inline]
 kzalloc include/linux/slab.h:742 [inline]
 uevent_show+0x134/0x300 drivers/base/core.c:1222
 dev_attr_show+0x42/0x80 drivers/base/core.c:931
 sysfs_kf_seq_show+0x200/0x3d0 fs/sysfs/file.c:60
 kernfs_seq_show+0x150/0x1b0 fs/kernfs/file.c:168
 seq_read+0x3f4/0x1000 fs/seq_file.c:229
 kernfs_fop_read+0xcc/0x5d0 fs/kernfs/file.c:252
 __vfs_read+0x61/0x110 fs/read_write.c:425
 vfs_read fs/read_write.c:461 [inline]
 vfs_read+0xf1/0x2f0 fs/read_write.c:446

Memory state around the buggy address:
 ffff8881e495d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881e495d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8881e495d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
 ffff8881e495d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8881e495d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================