ci starts bisection 2024-12-23 11:07:25.761302902 +0000 UTC m=+1616.756479984 bisecting cause commit starting from 30b981796b94b083da8fdded7cb74cb493608760 building syzkaller on b4fbdbd43bfd6a8d0392238f019dc602335346d0 ensuring issue is reproducible on original commit 30b981796b94b083da8fdded7cb74cb493608760 testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: a5547120b9829215e0fd8c1e2e5e150ed08f7053754ed365e9c8c9d1ef39bb8b all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] check whether we can drop unnecessary instrumentation disabling configs for [UBSAN BUG LOCKDEP ATOMIC_SLEEP HANG LEAK], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 40d97f6a7023da7042e3e8cbd3dd21832a71ee42cae159a7fe35a0554ca974d8 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] the bug reproduces without the instrumentation disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed kconfig minimization: base=4045 full=8243 leaves diff=2124 split chunks (needed=false): <2124> split chunk #0 of len 2124 into 5 parts testing without sub-chunk 1/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1e5bf8986a9e63d036ec7070713a38772efb2af1ccf2c0002884ed05a10c162b all runs: OK false negative chance: 0.000 testing without sub-chunk 2/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ad2682e04ea45e6c63e56de5de676d3a5f0900d87dd917e68ccc5bada1125b73 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] the chunk can be dropped testing without sub-chunk 3/5 disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8a3d38af85c323664f96a9ed6fc02f18fcfa3dfbb67eaeee2cffb8310fc70156 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] the chunk can be dropped testing without sub-chunk 4/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d901daf9580b45e27453bb57e3af73a806b1393d8a4d4bc46d66ce2c628d93d1 all runs: OK false negative chance: 0.000 testing without sub-chunk 5/5 disabling configs for [HANG LEAK UBSAN BUG LOCKDEP ATOMIC_SLEEP], they are not needed testing commit 30b981796b94b083da8fdded7cb74cb493608760 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3b9270ae3016c37adafe3c169a1adf4bf32fa58450b47f305dc2c6a4c5cb9124 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] the chunk can be dropped minimized to 850 configs; suspects: [6LOWPAN 6LOWPAN_GHC_EXT_HDR_DEST 6LOWPAN_GHC_EXT_HDR_FRAG 6LOWPAN_GHC_EXT_HDR_HOP 6LOWPAN_GHC_EXT_HDR_ROUTE 6LOWPAN_GHC_ICMPV6 6LOWPAN_GHC_UDP 6LOWPAN_NHC 6LOWPAN_NHC_DEST 6LOWPAN_NHC_FRAGMENT 6LOWPAN_NHC_HOP 6LOWPAN_NHC_IPV6 6LOWPAN_NHC_MOBILITY 6LOWPAN_NHC_ROUTING 6LOWPAN_NHC_UDP 6PACK 842_COMPRESS 842_DECOMPRESS 9P_FSCACHE 9P_FS_POSIX_ACL 9P_FS_SECURITY ACORN_PARTITION ACORN_PARTITION_ADFS ACORN_PARTITION_CUMANA ACORN_PARTITION_EESOX ACORN_PARTITION_ICS ACORN_PARTITION_POWERTEC ACORN_PARTITION_RISCIX ACPI_EC ACPI_NFIT ACPI_NHLT ACPI_PLATFORM_PROFILE ADFS_FS AFFS_FS AFS_FS AFS_FSCACHE AF_KCM AF_RXRPC AF_RXRPC_IPV6 AIX_PARTITION AMD_SFH_HID AMIGA_PARTITION ANDROID_BINDERFS ANDROID_BINDER_IPC ANON_VMA_NAME APERTURE_HELPERS APPLE_MFI_FASTCHARGE AR5523 ARCH_DEFAULT_CRASH_DUMP ARCH_ENABLE_MEMORY_HOTREMOVE ARCH_ENABLE_THP_MIGRATION ARCH_HAS_EXECMEM_ROX ARCH_HAS_PREEMPT_LAZY ARCH_HAS_USER_SHADOW_STACK ARCH_SUPPORTS_AUTOFDO_CLANG ARCH_SUPPORTS_HUGE_PFNMAP ARCH_SUPPORTS_PMD_PFNMAP ARCH_SUPPORTS_PROPELLER_CLANG ARCH_SUPPORTS_PUD_PFNMAP ARCH_SUPPORTS_RT ARCH_WANT_PMD_MKWRITE ASM_MODVERSIONS ASUS_TF103C_DOCK ASYNC_CORE ASYNC_MEMCPY ASYNC_PQ ASYNC_RAID6_RECOV ASYNC_TX_DMA ASYNC_XOR ATARI_PARTITION ATA_GENERIC ATA_OVER_ETH ATH10K ATH10K_CE ATH10K_LEDS ATH10K_PCI ATH10K_USB ATH11K ATH6KL ATH6KL_USB ATH9K ATH9K_AHB ATH9K_BTCOEX_SUPPORT ATH9K_CHANNEL_CONTEXT ATH9K_COMMON ATH9K_COMMON_DEBUG ATH9K_COMMON_SPECTRAL ATH9K_DEBUGFS ATH9K_DYNACK ATH9K_HTC ATH9K_HTC_DEBUGFS ATH9K_HW ATH9K_PCI ATH9K_PCOEM ATH9K_RFKILL ATH_COMMON ATM ATM_BR2684 ATM_CLIP ATM_DRIVERS ATM_LANE ATM_MPOA ATM_TCP AUXILIARY_BUS AX25 AX25_DAMA_SLAVE AX88796B_PHY BAREUDP BATMAN_ADV BATMAN_ADV_BATMAN_V BATMAN_ADV_BLA BATMAN_ADV_DAT BATMAN_ADV_MCAST BATMAN_ADV_NC BCACHE BCACHEFS_DEBUG BCACHEFS_ERASURE_CODING BCACHEFS_FS BCACHEFS_POSIX_ACL BCACHEFS_QUOTA BCACHEFS_SIX_OPTIMISTIC_SPIN BCMA BCMA_HOST_PCI_POSSIBLE BEFS_FS BFQ_CGROUP_DEBUG BFQ_GROUP_IOSCHED BFS_FS BIG_KEYS BLK_CGROUP_PUNT_BIO BLK_CGROUP_RWSTAT BLK_DEV_BSGLIB BLK_DEV_INTEGRITY BLK_DEV_NBD BLK_DEV_NULL_BLK BLK_DEV_NULL_BLK_FAULT_INJECTION BLK_DEV_NVME BLK_DEV_PMEM BLK_DEV_RAM BLK_DEV_RNBD BLK_DEV_RNBD_CLIENT BLK_DEV_THROTTLING BLK_DEV_ZONED BLK_ICQ BLK_INLINE_ENCRYPTION BLK_INLINE_ENCRYPTION_FALLBACK BLK_WBT BLK_WBT_MQ BONDING BOOT_VESA_SUPPORT BPF_EVENTS BPF_JIT BPF_JIT_ALWAYS_ON BPF_JIT_DEFAULT_ON BPF_LSM BPF_PRELOAD BPF_PRELOAD_UMD BPF_STREAM_PARSER BPF_SYSCALL BPQETHER BRIDGE BRIDGE_CFM BRIDGE_EBT_802_3 BRIDGE_EBT_AMONG BRIDGE_EBT_ARP BRIDGE_EBT_ARPREPLY BRIDGE_EBT_BROUTE BRIDGE_EBT_DNAT BRIDGE_EBT_IP BRIDGE_EBT_IP6 BRIDGE_EBT_LIMIT BRIDGE_EBT_LOG BRIDGE_EBT_MARK BRIDGE_EBT_MARK_T BRIDGE_EBT_NFLOG BRIDGE_EBT_PKTTYPE BRIDGE_EBT_REDIRECT BRIDGE_EBT_SNAT BRIDGE_EBT_STP BRIDGE_EBT_T_FILTER BRIDGE_EBT_T_NAT BRIDGE_EBT_VLAN BRIDGE_IGMP_SNOOPING BRIDGE_MRP BRIDGE_NF_EBTABLES BRIDGE_NF_EBTABLES_LEGACY BRIDGE_VLAN_FILTERING BSD_DISKLABEL BSD_PROCESS_ACCT_V3 BT BTRFS_ASSERT BTRFS_FS BTRFS_FS_POSIX_ACL BTRFS_FS_REF_VERIFY BTT BT_6LOWPAN BT_ATH3K BT_BCM BT_BNEP BT_BNEP_MC_FILTER BT_BNEP_PROTO_FILTER BT_BREDR BT_HCIBCM203X BT_HCIBFUSB BT_HCIBPA10X BT_HCIBTUSB BT_HCIBTUSB_AUTOSUSPEND BT_HCIBTUSB_BCM BT_HCIBTUSB_MTK BT_HCIBTUSB_POLL_SYNC BT_HCIBTUSB_RTL BT_HCIUART BT_HCIUART_3WIRE BT_HCIUART_AG6XX BT_HCIUART_BCSP BT_HCIUART_H4 BT_HCIUART_LL BT_HCIUART_MRVL BT_HCIUART_QCA BT_HCIUART_SERDEV BT_HCIVHCI BT_HIDP BT_INTEL BT_LE BT_LEDS BT_LE_L2CAP_ECRED BT_MRVL BT_MRVL_SDIO BT_MSFTEXT BT_MTK BT_MTKSDIO BT_MTKUART BT_QCA BT_RFCOMM BT_RFCOMM_TTY BT_RTL BXT_WC_PMIC_OPREGION CACHEFILES CAIF CAIF_DEBUG CAIF_DRIVERS CAIF_NETDEV CAIF_TTY CAIF_USB CAIF_VIRTIO CAN CAN_8DEV_USB CAN_BCM CAN_CALC_BITTIMING CAN_DEV CAN_EMS_USB CAN_ESD_USB CAN_ETAS_ES58X CAN_F81604 CAN_GS_USB CAN_GW CAN_IFI_CANFD CAN_ISOTP CAN_J1939 CAN_KVASER_USB CAN_MCBA_USB CAN_NETLINK CAN_PEAK_USB CAN_RAW CAN_RX_OFFLOAD CAN_SLCAN CAN_UCAN CAN_VCAN CAN_VXCAN CARL9170 CARL9170_HWRNG CARL9170_LEDS CARL9170_WPC CEC_CORE CEPH_FS CEPH_FSCACHE CEPH_FS_POSIX_ACL CEPH_LIB CEPH_LIB_USE_DNS_RESOLVER CFG80211 CFG80211_CRDA_SUPPORT CFG80211_DEBUGFS CFG80211_DEFAULT_PS CFG80211_REQUIRE_SIGNED_REGDB CFG80211_USE_KERNEL_REGDB_KEYS CFG80211_WEXT CFS_BANDWIDTH CGROUP_BPF CHARGER_ISP1704 CHR_DEV_ST CIFS CIFS_ALLOW_INSECURE_LEGACY CIFS_DEBUG CIFS_DFS_UPCALL CIFS_FSCACHE CIFS_POSIX CIFS_SMB_DIRECT CIFS_SWN_UPCALL CIFS_UPCALL CIFS_XATTR CLOSURES CLS_U32_MARK CLS_U32_PERF CMA CMA_SIZE_SEL_MAX CMDLINE_PARTITION COMEDI COMEDI_DT9812 COMEDI_NI_USB6501 COMEDI_USBDUX COMEDI_USBDUXFAST COMEDI_USBDUXSIGMA COMEDI_USB_DRIVERS COMEDI_VMK80XX COMPAT_NETLINK_MESSAGES COUNTER CRAMFS CRAMFS_BLOCKDEV CRAMFS_MTD CRC4 CRC64 CRC64_ROCKSOFT CRC7 CRC8 CRC_ITU_T CRC_T10DIF CRYPTO_842 CRYPTO_ADIANTUM CRYPTO_AEGIS128 CRYPTO_AEGIS128_AESNI_SSE2 CRYPTO_AES_NI_INTEL CRYPTO_AES_TI CRYPTO_ANSI_CPRNG CRYPTO_ANUBIS CRYPTO_ARC4 CRYPTO_ARCH_HAVE_LIB_BLAKE2S CRYPTO_ARCH_HAVE_LIB_CHACHA CRYPTO_ARCH_HAVE_LIB_CURVE25519 CRYPTO_ARCH_HAVE_LIB_POLY1305 CRYPTO_ARIA CRYPTO_ARIA_AESNI_AVX_X86_64 CRYPTO_BLAKE2B CRYPTO_BLAKE2S_X86 CRYPTO_BLOWFISH CRYPTO_BLOWFISH_COMMON CRYPTO_BLOWFISH_X86_64 CRYPTO_CAMELLIA CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 CRYPTO_CAMELLIA_AESNI_AVX_X86_64 CRYPTO_CAMELLIA_X86_64 CRYPTO_CAST5 CRYPTO_CAST5_AVX_X86_64 CRYPTO_CAST6 CRYPTO_CAST6_AVX_X86_64 CRYPTO_CAST_COMMON CRYPTO_CHACHA20POLY1305 CRYPTO_CHACHA20_X86_64 CRYPTO_CRC32 CRYPTO_CRC32C_INTEL CRYPTO_CRC32_PCLMUL CRYPTO_CRC64_ROCKSOFT CRYPTO_CRCT10DIF CRYPTO_CRCT10DIF_PCLMUL CRYPTO_CRYPTD CRYPTO_CURVE25519 CRYPTO_CURVE25519_X86 CRYPTO_DEFLATE CRYPTO_DES CRYPTO_DES3_EDE_X86_64 CRYPTO_DEV_CCP CRYPTO_DEV_CCP_DD CRYPTO_DEV_PADLOCK CRYPTO_DEV_PADLOCK_AES CRYPTO_DEV_PADLOCK_SHA CRYPTO_DEV_QAT CRYPTO_DEV_QAT_C3XXX CRYPTO_DEV_QAT_C3XXXVF CRYPTO_DEV_QAT_C62X CRYPTO_DEV_QAT_C62XVF CRYPTO_DEV_QAT_DH895xCC CRYPTO_DEV_QAT_DH895xCCVF CRYPTO_DEV_VIRTIO CRYPTO_DH CRYPTO_DRBG_CTR CRYPTO_DRBG_HASH CRYPTO_ECDH CRYPTO_ECRDSA CRYPTO_ENGINE CRYPTO_ESSIV CRYPTO_FCRYPT CRYPTO_GHASH_CLMUL_NI_INTEL CRYPTO_HCTR2 CRYPTO_KDF800108_CTR CRYPTO_KEYWRAP CRYPTO_KHAZAD CRYPTO_KPP CRYPTO_LIB_ARC4 CRYPTO_LIB_CHACHA CRYPTO_LIB_CHACHA20POLY1305 CRYPTO_LIB_CURVE25519 CRYPTO_LIB_CURVE25519_GENERIC CRYPTO_LIB_POLY1305 CRYPTO_LIB_POLY1305_GENERIC CRYPTO_LRW CRYPTO_LZ4 CRYPTO_LZ4HC CRYPTO_NHPOLY1305 CRYPTO_NHPOLY1305_AVX2 CRYPTO_NHPOLY1305_SSE2 CRYPTO_PCBC CRYPTO_PCRYPT CRYPTO_POLY1305 CRYPTO_POLY1305_X86_64 CRYPTO_POLYVAL CRYPTO_POLYVAL_CLMUL_NI CRYPTO_RMD160 CRYPTO_SEED CRYPTO_SERPENT CRYPTO_SERPENT_AVX2_X86_64 CRYPTO_SERPENT_AVX_X86_64 CRYPTO_SERPENT_SSE2_X86_64 CRYPTO_SHA1_SSSE3 CRYPTO_SHA256_SSSE3 CRYPTO_SHA512_SSSE3 CRYPTO_SIMD CRYPTO_SM3_AVX_X86_64 CRYPTO_SM4_AESNI_AVX2_X86_64 CRYPTO_SM4_AESNI_AVX_X86_64 CRYPTO_STREEBOG CRYPTO_TEA CRYPTO_TWOFISH CRYPTO_TWOFISH_AVX_X86_64 CRYPTO_TWOFISH_COMMON CRYPTO_TWOFISH_X86_64 CRYPTO_TWOFISH_X86_64_3WAY CRYPTO_USER CRYPTO_USER_API CRYPTO_USER_API_AEAD CRYPTO_USER_API_ENABLE_OBSOLETE CRYPTO_USER_API_HASH CRYPTO_USER_API_RNG CRYPTO_USER_API_SKCIPHER CRYPTO_VMAC CRYPTO_WP512 CRYPTO_XCTR CRYPTO_XXHASH CRYPTO_ZSTD CUSE CYPRESS_FIRMWARE DAMON DAMON_PADDR DAMON_RECLAIM DAMON_VADDR DAX DCA DCB DEFAULT_CODEL DEVICE_MIGRATION DEVICE_PRIVATE DEV_COREDUMP DEV_DAX DLM DLN2_ADC DMABUF_HEAPS DMABUF_HEAPS_CMA DMABUF_HEAPS_SYSTEM DMABUF_MOVE_NOTIFY DMA_CMA DMA_ENGINE_RAID DM_AUDIT DM_BIO_PRISON DM_BUFIO DM_CACHE DM_CACHE_SMQ DM_CLONE DM_CRYPT DM_FLAKEY DM_INTEGRITY DM_MULTIPATH DM_MULTIPATH_QL DM_MULTIPATH_ST DM_PERSISTENT_DATA DM_RAID DM_SNAPSHOT DM_THIN_PROVISIONING DM_UEVENT DM_VERITY DM_VERITY_FEC DM_WRITECACHE DM_ZONED DRAGONRISE_FF DRM DRM_AUX_BRIDGE DRM_BOCHS DRM_BRIDGE DRM_BUDDY DRM_CIRRUS_QEMU DRM_CLIENT DRM_CLIENT_LIB DRM_CLIENT_SELECTION DRM_CLIENT_SETUP DRM_DEBUG_MM DRM_DISPLAY_DP_AUX_BUS DRM_DISPLAY_DP_HELPER DRM_DISPLAY_DSC_HELPER DRM_DISPLAY_HDCP_HELPER DRM_DISPLAY_HDMI_HELPER DRM_DISPLAY_HELPER DRM_FBDEV_EMULATION DRM_GEM_SHMEM_HELPER DRM_GM12U320 DRM_GUD DRM_I915 DRM_I915_CAPTURE_ERROR DRM_I915_COMPRESS_ERROR DVB_CORE ENCRYPTED_KEYS EXTCON FSCACHE FUSE_FS GENEVE GPIOLIB HAMRADIO HAVE_CLK HID_DRAGONRISE HID_NVIDIA_SHIELD HID_PLAYSTATION HID_SENSOR_HUB HID_SMARTJOYPLUS HID_STEAM HID_THRUSTMASTER IIO INFINIBAND INFINIBAND_ADDR_TRANS INFINIBAND_IPOIB INFINIBAND_RTRS_CLIENT INFINIBAND_USER_ACCESS INFINIBAND_VIRT_DMA INPUT_TABLET INPUT_TOUCHSCREEN INTEL_SCU_IPC INTEL_SOC_PMIC_BXTWC IOSCHED_BFQ IP_SCTP L2TP LEDS_CLASS_MULTICOLOR LIBNVDIMM MAC80211 MAC80211_DEBUGFS MAC80211_LEDS MEDIA_COMMON_OPTIONS MEDIA_DIGITAL_TV_SUPPORT MEDIA_PLATFORM_SUPPORT MEDIA_RADIO_SUPPORT MEDIA_SDR_SUPPORT MEDIA_SUPPORT MEDIA_USB_SUPPORT MEMORY_HOTPLUG MEMORY_HOTREMOVE MFD_DLN2 MFD_INTEL_PMC_BXT MFD_MT6360 MFD_MT6370 MFD_RETU MMC MTD MTD_UBI NETFILTER_CONNCOUNT NET_CLS_U32 NET_IPGRE NET_IPGRE_DEMUX NET_SCH_DEFAULT NFS_V4_1 NLS_CODEPAGE_775 NLS_CODEPAGE_850 NLS_CODEPAGE_852 NLS_CODEPAGE_855 NLS_CODEPAGE_857 NLS_CODEPAGE_860 NLS_CODEPAGE_861 NLS_CODEPAGE_862 NLS_CODEPAGE_863 NLS_CODEPAGE_864 NLS_CODEPAGE_865 NLS_CODEPAGE_866 NLS_CODEPAGE_869 NLS_CODEPAGE_874 NLS_CODEPAGE_932 NLS_CODEPAGE_936 NLS_CODEPAGE_949 NLS_CODEPAGE_950 NLS_ISO8859_13 NLS_ISO8859_14 NLS_ISO8859_15 NLS_ISO8859_2 NLS_ISO8859_3 NLS_ISO8859_4 NLS_ISO8859_5 NLS_ISO8859_6 NLS_ISO8859_7 NLS_ISO8859_8 NLS_ISO8859_9 NLS_KOI8_R NLS_KOI8_U NLS_MAC_CELTIC NLS_MAC_CENTEURO NLS_MAC_CROATIAN NLS_MAC_CYRILLIC NLS_MAC_GAELIC NLS_MAC_GREEK NLS_MAC_ICELAND NLS_MAC_INUIT NLS_MAC_ROMAN NLS_MAC_ROMANIAN NLS_MAC_TURKISH NLS_UCS2_UTILS NOZOMI NTFS3_FS NTFS3_FS_POSIX_ACL NTFS3_LZX_XPRESS NULL_TTY NUMA_BALANCING NUMA_BALANCING_DEFAULT_ENABLED NUMA_EMU NUMA_KEEP_MEMINFO NVDIMM_DAX NVDIMM_KEYS NVDIMM_PFN NVIDIA_SHIELD_FF NVME_CORE NVME_FABRICS NVME_FC NVME_MULTIPATH NVME_RDMA NVME_TARGET NVME_TARGET_FC NVME_TARGET_FCLOOP NVME_TARGET_LOOP NVME_TARGET_RDMA NVME_TARGET_TCP NVME_TCP N_GSM N_HDLC OCFS2_DEBUG_FS OCFS2_FS OCFS2_FS_O2CB OCFS2_FS_STATS OCFS2_FS_USERSPACE_CLUSTER OF_GPIO OF_PMEM OMFS_FS OPENVSWITCH OPENVSWITCH_GENEVE OPENVSWITCH_GRE OPENVSWITCH_VXLAN ORANGEFS_FS OSF_PARTITION OVERLAY_FS OVERLAY_FS_DEBUG OVERLAY_FS_INDEX OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW OVERLAY_FS_REDIRECT_DIR PACKET_DIAG PAGE_IDLE_FLAG PAGE_REPORTING PAHOLE_HAS_BTF_TAG PAHOLE_HAS_LANG_EXCLUDE PAHOLE_HAS_SPLIT_BTF PARPORT PARPORT_NOT_PC PARTITION_ADVANCED PCCARD PCCARD_NONSTATIC PCIEAER PCI_ENDPOINT PCI_IOV PCMCIA PCMCIA_LOAD_CIS PERCPU_STATS PERSISTENT_KEYRINGS PHONET PHYLINK PHY_CPCAP_USB PHY_QCOM_USB_HS PHY_QCOM_USB_HSIC PHY_SAMSUNG_USB2 PHY_TUSB1210 PKCS7_TEST_KEY PKCS8_PRIVATE_KEY_PARSER PLAYSTATION_FF PLFXLC PMIC_OPREGION PM_CLK PNFS_BLOCK PNFS_FILE_LAYOUT PNFS_FLEXFILE_LAYOUT PPP PPPOATM PPPOE PPPOE_HASH_BITS_1 PPPOL2TP PPP_ASYNC PPP_BSDCOMP PPP_DEFLATE PPP_FILTER PPP_MPPE PPP_MULTILINK PPP_SYNC_TTY PPTP PREEMPT PREEMPT_NOTIFIERS PROC_CHILDREN PROVE_RAW_LOCK_NESTING PSAMPLE PSI PSTORE PSTORE_COMPRESS PTP_1588_CLOCK_VMCLOCK QCOM_QMI_HELPERS QNX4FS_FS QNX6FS_FS QRTR QRTR_TUN RADIO_ADAPTERS RADIO_SHARK RADIO_SHARK2 RADIO_TEA575X RAID6_PQ RAID_ATTRS RC_ATI_REMOTE RC_CORE RC_DEVICES RC_XBOX_DVD RDMA_RXE RDMA_SIW RDS RDS_RDMA RDS_TCP READ_ONLY_THP_FOR_FS REALTEK_AUTOPM REED_SOLOMON REED_SOLOMON_DEC8 REGMAP REGMAP_I2C REGMAP_IRQ REGMAP_MMIO REGMAP_SPI REGULATOR REGULATOR_FIXED_VOLTAGE REGULATOR_TWL4030 RESET_CONTROLLER RFKILL RFKILL_INPUT RFKILL_LEDS RMI4_2D_SENSOR RMI4_CORE RMI4_F03 RMI4_F03_SERIO RMI4_F11 RMI4_F12 RMI4_F30 RMI4_F3A ROMFS_BACKED_BY_BOTH ROMFS_FS ROMFS_ON_BLOCK ROMFS_ON_MTD ROSE RTC_DRV_HID_SENSOR_TIME RXKAD SCHED_CORE SCREEN_INFO SCSI_FC_ATTRS SCSI_HPSA SCSI_ISCSI_ATTRS SCSI_LOGGING SCSI_NETLINK SCSI_SAS_ATA SCSI_SAS_ATTRS SCSI_SAS_LIBSAS SCSI_SCAN_ASYNC SCSI_SRP_ATTRS SCTP_COOKIE_HMAC_MD5 SCTP_COOKIE_HMAC_SHA1 SCTP_DEFAULT_COOKIE_HMAC_MD5 SECONDARY_TRUSTED_KEYRING SECURITY_INFINIBAND SECURITY_NETWORK_XFRM SENSORS_AQUACOMPUTER_D5NEXT SENSORS_CORSAIR_CPRO SENSORS_CORSAIR_PSU SENSORS_GIGABYTE_WATERFORCE SENSORS_NZXT_KRAKEN2 SENSORS_NZXT_SMART2 SENSORS_POWERZ SERIAL_DEV_BUS SERIAL_DEV_CTRL_TTYPORT SERIAL_MCTRL_GPIO SGI_PARTITION SIGNATURE SIGNED_PE_FILE_VERIFICATION SKB_DECRYPTED SLHC SLIP SLIP_COMPRESSED SLIP_MODE_SLIP6 SLIP_SMART SMARTJOYPLUS_FF SMBFS SMB_SERVER SMC SMC_DIAG SMSC_PHY SMS_SDIO_DRV SMS_SIANO_DEBUGFS SMS_SIANO_MDTV SMS_SIANO_RC SMS_USB_DRV SND SND_ALOOP SND_BCD2000 SND_CTL_FAST_LOOKUP SND_CTL_LED SND_DEBUG SND_DMA_SGBUF SND_DRIVERS SND_DUMMY SND_DYNAMIC_MINORS SND_HDA SND_HDA_CODEC_ANALOG SND_HDA_CODEC_CA0110 SND_HDA_CODEC_CA0132 SND_HDA_CODEC_CIRRUS SND_HDA_CODEC_CMEDIA SND_HDA_CODEC_CONEXANT SND_HDA_CODEC_HDMI SND_HDA_CODEC_REALTEK SND_HDA_CODEC_SI3054 SND_HDA_CODEC_SIGMATEL SND_HDA_CODEC_VIA SND_HDA_COMPONENT SND_HDA_CORE SND_HDA_GENERIC SND_HDA_GENERIC_LEDS SND_HDA_HWDEP SND_HDA_I915 SND_HDA_INPUT_BEEP SND_HDA_INTEL SND_HDA_PATCH_LOADER SND_HDA_RECONFIG SND_HDA_SCODEC_COMPONENT SND_HRTIMER SND_HWDEP SND_INTEL_DSP_CONFIG SND_INTEL_NHLT SND_INTEL_SOUNDWIRE_ACPI SND_JACK SND_JACK_INPUT_DEV SND_MIXER_OSS SND_OSSEMUL SND_PCI SND_PCM SND_PCMCIA SND_PCM_OSS SND_PCM_OSS_PLUGINS SND_PCM_TIMER SND_PCM_XRUN_DEBUG SND_PROC_FS SND_RAWMIDI SND_SEQUENCER SND_SEQUENCER_OSS SND_SEQ_DEVICE SND_SEQ_DUMMY SND_SEQ_HRTIMER_DEFAULT SND_SEQ_MIDI SND_SEQ_MIDI_EVENT SND_SEQ_UMP_CLIENT SND_SEQ_VIRMIDI SND_SOC SND_SOC_I2C_AND_SPI SND_SOC_SDCA_OPTIONAL SND_SUPPORT_OLD_API SND_TIMER SND_UMP SND_UMP_LEGACY_RAWMIDI SND_USB SND_USB_6FIRE SND_USB_AUDIO SND_USB_AUDIO_MIDI_V2 SND_USB_AUDIO_USE_MEDIA_CONTROLLER SND_USB_CAIAQ SND_USB_CAIAQ_INPUT SND_USB_HIFACE SND_USB_LINE6 SND_USB_POD SND_USB_PODHD SND_USB_TONEPORT SND_USB_UA101 SND_USB_US122L SND_USB_USX2Y SND_USB_VARIAX SND_VERBOSE_PROCFS SND_VIRMIDI SND_VIRTIO SND_VMASTER SND_X86 SOCK_VALIDATE_XMIT SOLARIS_X86_PARTITION SONY_FF SOUND SOUNDWIRE SOUND_OSS_CORE SOUND_OSS_CORE_PRECLAIM SPI SPI_DLN2 SPI_DYNAMIC SPI_LJCA SPI_MASTER SQUASHFS SQUASHFS_4K_DEVBLK_SIZE SQUASHFS_COMPILE_DECOMP_MULTI SQUASHFS_DECOMP_MULTI SQUASHFS_FILE_DIRECT SQUASHFS_LZ4 SQUASHFS_LZO SQUASHFS_XATTR SQUASHFS_XZ SQUASHFS_ZLIB SQUASHFS_ZSTD SSB SSB_PCIHOST_POSSIBLE SSB_PCMCIAHOST_POSSIBLE SSB_SDIOHOST_POSSIBLE STEAM_FF STP STREAM_PARSER SUNRPC_BACKCHANNEL SUN_PARTITION SW_SYNC SYSFB SYSV68_PARTITION SYSV_FS TABLET_USB_ACECAD TABLET_USB_AIPTEK TABLET_USB_HANWANG TABLET_USB_KBTAB TABLET_USB_PEGASUS TAHVO_USB TAHVO_USB_HOST_BY_DEFAULT TASKS_TRACE_RCU TCG_CRB TCG_TIS TCG_TIS_CORE TCG_TPM TCP_CONG_BBR TCP_CONG_BIC TCP_CONG_CDG TCP_CONG_DCTCP TCP_CONG_HSTCP TCP_CONG_HTCP TCP_CONG_HYBLA TCP_CONG_ILLINOIS TCP_CONG_LP TCP_CONG_NV TCP_CONG_SCALABLE TCP_CONG_VEGAS TCP_CONG_VENO TCP_CONG_WESTWOOD TCP_CONG_YEAH TEE TEXTSEARCH TEXTSEARCH_BM TEXTSEARCH_FSM TEXTSEARCH_KMP THERMAL_NETLINK THP_SWAP THRUSTMASTER_FF TIPC TIPC_CRYPTO TIPC_DIAG TIPC_MEDIA_IB TIPC_MEDIA_UDP TLS TLS_DEVICE TLS_TOE TMPFS_QUOTA TOUCHSCREEN_SUR40 TOUCHSCREEN_USB_3M TOUCHSCREEN_USB_COMPOSITE TOUCHSCREEN_USB_DMC_TSC10 TOUCHSCREEN_USB_E2I TOUCHSCREEN_USB_EASYTOUCH TOUCHSCREEN_USB_EGALAX TOUCHSCREEN_USB_ELO TOUCHSCREEN_USB_ETT_TC45USB TOUCHSCREEN_USB_ETURBO TOUCHSCREEN_USB_GENERAL_TOUCH TOUCHSCREEN_USB_GOTOP TOUCHSCREEN_USB_GUNZE TOUCHSCREEN_USB_IDEALTEK TOUCHSCREEN_USB_IRTOUCH TOUCHSCREEN_USB_ITM TOUCHSCREEN_USB_JASTEC TOUCHSCREEN_USB_NEXIO TOUCHSCREEN_USB_PANJIT TOUCHSCREEN_USB_ZYTRONIC TRANSPARENT_HUGEPAGE TRANSPARENT_HUGEPAGE_MADVISE TRUSTED_KEYS TTPCI_EEPROM TTY_PRINTK TUN_VNET_CROSS_LE TWL4030_CORE TYPEC TYPEC_ANX7411 TYPEC_DP_ALTMODE TYPEC_FUSB302 TYPEC_HD3SS3220 TYPEC_MT6360 TYPEC_MUX_FSA4480 TYPEC_MUX_GPIO_SBU TYPEC_MUX_INTEL_PMC TYPEC_MUX_NB7VPQ904M TYPEC_MUX_PTN36502 TYPEC_MUX_WCD939X_USBSS TYPEC_NVIDIA_ALTMODE TYPEC_RT1711H TYPEC_RT1719 TYPEC_STUSB160X TYPEC_TCPCI TYPEC_TCPCI_MAXIM TYPEC_TCPCI_MT6370 TYPEC_TCPM TYPEC_TPS6598X TYPEC_UCSI TYPEC_WCOVE TYPEC_WUSB3801 UBIFS_ATIME_SUPPORT UBIFS_FS UBIFS_FS_ADVANCED_COMPR UBIFS_FS_LZO UBIFS_FS_SECURITY UBIFS_FS_XATTR UBIFS_FS_ZLIB UBIFS_FS_ZSTD UCSI_ACPI UCSI_CCG UCSI_STM32G0 UDF_FS UDMABUF UFS_FS UFS_FS_WRITE UHID ULTRIX_PARTITION UNICODE UNION_FIND UNIXWARE_DISKLABEL UNIX_DIAG USB4 USB4_NET USBIP_CORE USBIP_HOST USBIP_VHCI_HCD USBIP_VUDC USBPCWATCHDOG USB_ACM USB_ADUTUX USB_AIRSPY USB_ALI_M5632 USB_AN2720 USB_APPLEDISPLAY USB_ARMLINUX USB_BDC_UDC USB_BELKIN USB_C67X00_HCD USB_CATC USB_CDC_PHONET USB_CDNS2_UDC USB_CDNS3 USB_CDNS3_GADGET USB_CDNS_SUPPORT USB_DWC2 USB_GADGET USB_LJCA USB_MUSB_HDRC USB_NET_CDC_SUBSET USB_PHY USB_ROLE_SWITCH USB_STORAGE_REALTEK USB_ULPI_BUS USB_USBNET VIDEO_DEV VLAN_8021Q VXLAN WANT_COMPAT_NETLINK_MESSAGES WEXT_CORE WIRELESS WLAN WLAN_VENDOR_ATH WLAN_VENDOR_PURELIFI X86_X32_ABI ZONE_DEVICE] disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed picked [v6.12 v6.11 v6.10 v6.8 v6.6 v6.4 v6.2 v6.0 v5.17 v5.14 v5.11 v5.8 v5.5 v5.2 v4.20 v4.19] out of 35 release tags testing release v6.12 testing commit adc218676eef25575469234709c2d87185ca223a gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 53aa311728ed0c88126d556f5349745b7109d8b5df86df7c7c9d12e27b71ec58 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.11 testing commit 98f7e32f20d28ec452afb208f9cffc08448a2652 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 1aaabd306f2d51b652da10c915a721c81d91ed9212b4d1efa6ba0951a59ab53d all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.10 testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3f32d046e4305e974e24dde9de127eb08142253c41dba450ece3670b7b7c8cb4 all runs: crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user representative crash: KASAN: slab-use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.8 testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 5c188fb3a2600e9f092bb88a6f2a48b051295fadfec569af9d77f5602ee0709f all runs: crashed: KASAN: use-after-free Read in l2cap_unregister_user representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.6 testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 47621e4f8281296232cfb3a16608de764672704a80fc111949d9a2915c256c33 all runs: crashed: KASAN: use-after-free Read in l2cap_unregister_user representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.4 testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: e6567d82e65d36ab05156f5a21b8e647b893944693de0db668860095b2421a22 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.2 testing commit c9c3395d5e3dcc6daee66c6908354d47bf98cb0c gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 8ec27e67591ba6a037a26dbe4b373bbb9e5b45edca001fe28a1bee5f6b8ed66e run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 77b460c048e7e68ef2936e97680dfdf0c2245e2c4f38ef50f2f1104daba899e5 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v5.17 testing commit f443e374ae131c168a065ea1748feac6b2e76613 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 871e6b793c6b1aff51b444d398cde305c019ae9fe7cc5829196afd28d3f3a54f run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: OK run #9: OK run #10: OK run #11: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 0cb7c28616e7a09136838d92909693c2e1a5b2e2c1295cd944ff5a1040108bc5 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] unable to determine the verdict: 19 good runs (wanted 15), for bad wanted 10 in total, got 20 testing release v5.11 testing commit f40ddce88593482919761f74910f42f4b84c004b gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: d08e9cc911c0209247c7ce03eb1fcf376ab47cc95a8575c9577598b388977087 all runs: OK false negative chance: 0.000 # git bisect start f443e374ae131c168a065ea1748feac6b2e76613 f40ddce88593482919761f74910f42f4b84c004b Bisecting: 45178 revisions left to test after this (roughly 16 steps) [301c8b1d7c2373f85ed5d944a8e9264dad36064c] Merge tag 'locking-urgent-2021-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 301c8b1d7c2373f85ed5d944a8e9264dad36064c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4dd5e460e1c9f00133e4a2bb639d1b15674866eb20c150666326e34987b6b40d all runs: OK false negative chance: 0.000 # git bisect good 301c8b1d7c2373f85ed5d944a8e9264dad36064c Bisecting: 22318 revisions left to test after this (roughly 15 steps) [ff0700f03609b9f0defacd4ce96d9519d721e0a2] Merge tag 'sound-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit ff0700f03609b9f0defacd4ce96d9519d721e0a2 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: dda5016e186d1092913dbfd25d2ee58951832f18cb71b5fd94e04331c1836990 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: crashed: KASAN: use-after-free Read in l2cap_unregister_user representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] unable to determine the verdict: 18 good runs (wanted 15), for bad wanted 10 in total, got 20 # git bisect skip ff0700f03609b9f0defacd4ce96d9519d721e0a2 Bisecting: 22318 revisions left to test after this (roughly 15 steps) [82bb02445de57bb3072052705f6f5dea9465592e] KVM: arm64: Implement kvm_pgtable_hyp_unmap() at EL2 testing commit 82bb02445de57bb3072052705f6f5dea9465592e gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 850374134c153be8eab64d920c7e3149cdb8373a6629a18f215b8847a1dead23 all runs: OK false negative chance: 0.000 # git bisect good 82bb02445de57bb3072052705f6f5dea9465592e Bisecting: 7819 revisions left to test after this (roughly 13 steps) [8481c323e4ea0a65f0578107a3e668c1c69cf474] Merge tag 'gfs2-v5.16-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2 testing commit 8481c323e4ea0a65f0578107a3e668c1c69cf474 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 4a222cc95942fd264051904363279d636fbf87a9f5f3595a6c8e6ad1285f689b run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad 8481c323e4ea0a65f0578107a3e668c1c69cf474 Bisecting: 3943 revisions left to test after this (roughly 12 steps) [75b950ef6166e4ef52e43e7ec80985c5705f7e81] Revert "drm/amd/display: Fix for otg synchronization logic" testing commit 75b950ef6166e4ef52e43e7ec80985c5705f7e81 gcc compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9323c6d7223077b7457f81f79493c397d2b1a589047e63ae6b74561fab9ba3b7 all runs: OK false negative chance: 0.000 # git bisect good 75b950ef6166e4ef52e43e7ec80985c5705f7e81 Bisecting: 1971 revisions left to test after this (roughly 11 steps) [ccd21ec5b8dd9b8a528a70315cee95fc1dd79d20] ethtool: use phydev variable testing commit ccd21ec5b8dd9b8a528a70315cee95fc1dd79d20 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 23dfbdcf7ac9690bcd97383aff39b8016f8cbba5fa0c21ff95f12b457d441232 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #9: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad ccd21ec5b8dd9b8a528a70315cee95fc1dd79d20 Bisecting: 974 revisions left to test after this (roughly 10 steps) [be3158290db8376f49a92d30791dd8899f748aed] Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit be3158290db8376f49a92d30791dd8899f748aed gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6e2084dba7ba22c11f16aca19a7fc06b0b43d88eb4ca553dbe238217cd4c9ae all runs: OK false negative chance: 0.000 # git bisect good be3158290db8376f49a92d30791dd8899f748aed Bisecting: 507 revisions left to test after this (roughly 9 steps) [d430dffbe9dd30759f3c64b65bf85b0245c8d8ab] mt76: mt7921: fix a possible race enabling/disabling runtime-pm testing commit d430dffbe9dd30759f3c64b65bf85b0245c8d8ab gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: db312a515dee26b834280b8f07299a02db24eca86846a52ae1b70b94fff1eab2 all runs: OK false negative chance: 0.000 # git bisect good d430dffbe9dd30759f3c64b65bf85b0245c8d8ab Bisecting: 253 revisions left to test after this (roughly 8 steps) [b1cb12a27134bc996bea70b5f3e66d7e7edf297c] net: lantiq_etop: avoid precedence issues testing commit b1cb12a27134bc996bea70b5f3e66d7e7edf297c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9cc9a4553f7f72ba93b38a64c8a614bee7b6241402bd13f4c78ea9ab016f2c2d run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad b1cb12a27134bc996bea70b5f3e66d7e7edf297c Bisecting: 126 revisions left to test after this (roughly 7 steps) [696285305b32f4fc1ddfb2d158ef4bbb6085ab92] selftests: mlxsw: vxlan_fdb_veto: Make the test more flexible for future use testing commit 696285305b32f4fc1ddfb2d158ef4bbb6085ab92 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 9992a0f7fd42353bac3d98d4f5c3ec6657b78a9d9ee0cdc834d0fe24a8c455de all runs: OK false negative chance: 0.000 # git bisect good 696285305b32f4fc1ddfb2d158ef4bbb6085ab92 Bisecting: 64 revisions left to test after this (roughly 6 steps) [5d1dd2e5a681b126a04192e37abb2011c2fb719c] Bluetooth: MGMT: Fix spelling mistake "simultanous" -> "simultaneous" testing commit 5d1dd2e5a681b126a04192e37abb2011c2fb719c gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: b6d379a3aa5c613faf5f68f9bd1c875ab44c1939127529370f017ae2a4cc3ee9 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad 5d1dd2e5a681b126a04192e37abb2011c2fb719c Bisecting: 30 revisions left to test after this (roughly 5 steps) [147306ccbbba23e89481980141d11637948e345d] Bluetooth: hci_event: Use of a function table to handle Command Status testing commit 147306ccbbba23e89481980141d11637948e345d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 3195c9b9d8a136e7b00715bb0c945d15b100db98074b7967c57db3b9b59f5038 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #9: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #10: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #11: OK run #12: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad 147306ccbbba23e89481980141d11637948e345d Bisecting: 15 revisions left to test after this (roughly 4 steps) [4b4b2228f521c338030b1f310a5dee73fd7d8f26] Bluetooth: btmtksdio: handle runtime pm only when sdio_func is available testing commit 4b4b2228f521c338030b1f310a5dee73fd7d8f26 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ac58a9785d1a2b5d79ef6245cf72ebb6c2fadf02dd759d7246185fd0e53f519a run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] unable to determine the verdict: 19 good runs (wanted 15), for bad wanted 10 in total, got 20 # git bisect skip 4b4b2228f521c338030b1f310a5dee73fd7d8f26 Bisecting: 15 revisions left to test after this (roughly 4 steps) [aadc3d2f42a5bfcec597bfd0d997e3982f740846] Bluetooth: HCI: Use skb_pull_data to parse Number of Complete Packets event testing commit aadc3d2f42a5bfcec597bfd0d997e3982f740846 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: c814576413303ce1e3acc7be081e19d748dd2e9b3838d860e695ccc0cedbed53 all runs: OK false negative chance: 0.000 # git bisect good aadc3d2f42a5bfcec597bfd0d997e3982f740846 Bisecting: 5 revisions left to test after this (roughly 3 steps) [47afe93c913a4cd0143667b59ba622086a2acfce] Bluetooth: HCI: Use skb_pull_data to parse LE Advertising Report event testing commit 47afe93c913a4cd0143667b59ba622086a2acfce gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 6609bb9ab9e537dfc0b1c467178564646720f550918bfcbdd13b949ebd5991dd all runs: OK false negative chance: 0.000 # git bisect good 47afe93c913a4cd0143667b59ba622086a2acfce Bisecting: 2 revisions left to test after this (roughly 2 steps) [3e54c5890c87a30b1019a3de9dab968ff2b21e06] Bluetooth: hci_event: Use of a function table to handle HCI events testing commit 3e54c5890c87a30b1019a3de9dab968ff2b21e06 gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 86942ce2748c6b669388f81f26cbb7e2f25b4548d32545fb1b9657dc3e7c06da all runs: OK false negative chance: 0.000 # git bisect good 3e54c5890c87a30b1019a3de9dab968ff2b21e06 Bisecting: 1 revision left to test after this (roughly 1 step) [95118dd4edfec950898a00180c6f998df0a6406d] Bluetooth: hci_event: Use of a function table to handle LE subevents testing commit 95118dd4edfec950898a00180c6f998df0a6406d gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: ab9e30a2427e23551ab7cc2699a4236038f67adcdab0099e0b27440aa3f6c60c all runs: OK false negative chance: 0.000 # git bisect good 95118dd4edfec950898a00180c6f998df0a6406d Bisecting: 0 revisions left to test after this (roughly 0 steps) [c8992cffbe7411c6da4c4416d5eecfc6b78e0fec] Bluetooth: hci_event: Use of a function table to handle Command Complete testing commit c8992cffbe7411c6da4c4416d5eecfc6b78e0fec gcc compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.40 kernel signature: 15f238b8dc3c2216552b57ecc9098edcff47f549fa708bbfd45c11b9020c99b6 run #0: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #1: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #2: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #3: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #4: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #5: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #6: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #7: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #8: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #9: crashed: KASAN: use-after-free Read in l2cap_unregister_user run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK representative crash: KASAN: use-after-free Read in l2cap_unregister_user, types: [KASAN] # git bisect bad c8992cffbe7411c6da4c4416d5eecfc6b78e0fec c8992cffbe7411c6da4c4416d5eecfc6b78e0fec is the first bad commit commit c8992cffbe7411c6da4c4416d5eecfc6b78e0fec Author: Luiz Augusto von Dentz Date: Wed Dec 1 10:55:05 2021 -0800 Bluetooth: hci_event: Use of a function table to handle Command Complete This change the use of switch statement to a function table which is easier to extend and can include min/max length of each command. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann net/bluetooth/hci_event.c | 1848 ++++++++++++++++++--------------------------- 1 file changed, 752 insertions(+), 1096 deletions(-) accumulated error probability: 0.00 culprit signature: 15f238b8dc3c2216552b57ecc9098edcff47f549fa708bbfd45c11b9020c99b6 parent signature: ab9e30a2427e23551ab7cc2699a4236038f67adcdab0099e0b27440aa3f6c60c reproducer is flaky (0.47 repro chance estimate) revisions tested: 36, total time: 11h20m6.389033537s (build: 5h32m4.302310197s, test: 5h25m42.853489261s) first bad commit: c8992cffbe7411c6da4c4416d5eecfc6b78e0fec Bluetooth: hci_event: Use of a function table to handle Command Complete recipients (to): ["davem@davemloft.net" "johan.hedberg@gmail.com" "kuba@kernel.org" "linux-bluetooth@vger.kernel.org" "luiz.dentz@gmail.com" "luiz.von.dentz@intel.com" "marcel@holtmann.org" "marcel@holtmann.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in l2cap_unregister_user ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:194 [inline] BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:682 [inline] BUG: KASAN: use-after-free in __mutex_lock+0xfb9/0x1040 kernel/locking/mutex.c:740 Read of size 8 at addr ffff888079c6c060 by task khidpd_7fff0008/4798 CPU: 0 PID: 4798 Comm: khidpd_7fff0008 Not tainted 5.16.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x41/0x5e lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x321 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 __mutex_waiter_is_first kernel/locking/mutex.c:194 [inline] __mutex_lock_common kernel/locking/mutex.c:682 [inline] __mutex_lock+0xfb9/0x1040 kernel/locking/mutex.c:740 l2cap_unregister_user+0x66/0x210 net/bluetooth/l2cap_core.c:1838 hidp_session_thread+0x400/0x5d0 net/bluetooth/hidp/core.c:1305 kthread+0x344/0x400 kernel/kthread.c:327 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295 Allocated by task 4432: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc mm/kasan/common.c:513 [inline] ____kasan_kmalloc mm/kasan/common.c:472 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:522 kmalloc include/linux/slab.h:595 [inline] kzalloc include/linux/slab.h:724 [inline] hci_alloc_dev_priv+0x14/0x24f0 net/bluetooth/hci_core.c:2419 hci_alloc_dev include/net/bluetooth/hci_core.h:1259 [inline] __vhci_create_device+0xd4/0x730 drivers/bluetooth/hci_vhci.c:304 vhci_create_device drivers/bluetooth/hci_vhci.c:372 [inline] vhci_get_user drivers/bluetooth/hci_vhci.c:429 [inline] vhci_write+0x261/0x3d0 drivers/bluetooth/hci_vhci.c:509 call_write_iter include/linux/fs.h:2162 [inline] new_sync_write+0x366/0x600 fs/read_write.c:503 vfs_write+0x59c/0x810 fs/read_write.c:590 ksys_write+0xf4/0x1d0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3c/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 4432: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xff/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1749 slab_free mm/slub.c:3513 [inline] kfree+0xe7/0x510 mm/slub.c:4561 hci_release_dev+0x439/0x550 net/bluetooth/hci_core.c:2735 bt_host_release+0x4d/0x80 net/bluetooth/hci_sysfs.c:88 device_release+0x96/0x190 drivers/base/core.c:2230 kobject_cleanup+0xfd/0x3a0 lib/kobject.c:705 vhci_release+0x7a/0xe0 drivers/bluetooth/hci_vhci.c:567 __fput+0x1ee/0x8c0 fs/file_table.c:280 task_work_run+0xc5/0x150 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0x9c7/0x2460 kernel/exit.c:832 do_group_exit+0xe7/0x2a0 kernel/exit.c:929 get_signal+0x3e1/0x1b20 kernel/signal.c:2830 arch_do_signal_or_restart+0x2b5/0x16d0 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0xfb/0x170 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x13/0x30 kernel/entry/common.c:300 do_syscall_64+0x4a/0x90 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae Last potentially related work creation: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 __kasan_record_aux_stack+0xf5/0x120 mm/kasan/generic.c:348 insert_work+0x45/0x380 kernel/workqueue.c:1354 __queue_work+0x54c/0xc50 kernel/workqueue.c:1520 queue_work_on+0x52/0x70 kernel/workqueue.c:1547 process_one_work+0x81d/0x1200 kernel/workqueue.c:2298 worker_thread+0x4a0/0xdd0 kernel/workqueue.c:2445 kthread+0x344/0x400 kernel/kthread.c:327 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295 Second to last potentially related work creation: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 __kasan_record_aux_stack+0xf5/0x120 mm/kasan/generic.c:348 insert_work+0x45/0x380 kernel/workqueue.c:1354 __queue_work+0x54c/0xc50 kernel/workqueue.c:1520 call_timer_fn+0x15b/0x3b0 kernel/time/timer.c:1421 expire_timers kernel/time/timer.c:1461 [inline] __run_timers.part.0+0x2c5/0x7a0 kernel/time/timer.c:1734 __run_timers kernel/time/timer.c:1715 [inline] run_timer_softirq+0x97/0x180 kernel/time/timer.c:1747 __do_softirq+0x1f1/0x641 kernel/softirq.c:558 The buggy address belongs to the object at ffff888079c6c000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 96 bytes inside of 8192-byte region [ffff888079c6c000, ffff888079c6e000) The buggy address belongs to the page: page:ffffea0001e71a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79c68 head:ffffea0001e71a00 order:3 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 ffffea0001f3f800 dead000000000003 ffff88800e842280 raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2866, ts 77716130185, free_ts 77691280461 prep_new_page mm/page_alloc.c:2418 [inline] get_page_from_freelist+0x1330/0x2e70 mm/page_alloc.c:4149 __alloc_pages+0x1b2/0x480 mm/page_alloc.c:5369 alloc_slab_page mm/slub.c:1793 [inline] allocate_slab+0x2ff/0x430 mm/slub.c:1930 new_slab mm/slub.c:1993 [inline] ___slab_alloc+0x8dd/0xbf0 mm/slub.c:3022 __slab_alloc.constprop.0+0x45/0x80 mm/slub.c:3109 slab_alloc_node mm/slub.c:3200 [inline] slab_alloc mm/slub.c:3242 [inline] __kmalloc+0x3bc/0x430 mm/slub.c:4419 kmalloc_array include/linux/slab.h:630 [inline] batadv_hash_new+0x9d/0x2a0 net/batman-adv/hash.c:56 batadv_nc_mesh_init+0x13c/0x450 net/batman-adv/network-coding.c:154 batadv_mesh_init+0x519/0x900 net/batman-adv/main.c:223 batadv_softif_init_late+0xaa3/0xd80 net/batman-adv/soft-interface.c:804 register_netdevice+0x421/0x1250 net/core/dev.c:9582 __rtnl_newlink+0xcc8/0x1370 net/core/rtnetlink.c:3457 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3505 rtnetlink_rcv_msg+0x39b/0x910 net/core/rtnetlink.c:5570 netlink_rcv_skb+0x11b/0x340 net/netlink/af_netlink.c:2487 netlink_unicast_kernel net/netlink/af_netlink.c:1315 [inline] netlink_unicast+0x433/0x700 net/netlink/af_netlink.c:1341 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1338 [inline] free_pcp_prepare+0x446/0x970 mm/page_alloc.c:1389 free_unref_page_prepare mm/page_alloc.c:3309 [inline] free_unref_page+0x19/0x500 mm/page_alloc.c:3388 __unfreeze_partials+0x30c/0x330 mm/slub.c:2527 qlink_free mm/kasan/quarantine.c:146 [inline] qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165 kasan_quarantine_reduce+0x180/0x1f0 mm/kasan/quarantine.c:272 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:259 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:3234 [inline] slab_alloc mm/slub.c:3242 [inline] __kmalloc+0x25e/0x430 mm/slub.c:4419 kmalloc include/linux/slab.h:595 [inline] load_elf_phdrs+0xd4/0x190 fs/binfmt_elf.c:480 load_elf_binary+0x186/0x3d80 fs/binfmt_elf.c:860 search_binary_handler fs/exec.c:1723 [inline] exec_binprm fs/exec.c:1764 [inline] bprm_execve fs/exec.c:1833 [inline] bprm_execve+0x639/0x13b0 fs/exec.c:1795 kernel_execve+0x2c2/0x3e0 fs/exec.c:1976 call_usermodehelper_exec_async+0x2c4/0x500 kernel/umh.c:112 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295 Memory state around the buggy address: ffff888079c6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888079c6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888079c6c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888079c6c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888079c6c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================