bisecting cause commit starting from 761c6d7ec820f123b931e7b8ef7ec7c8564e450f
building syzkaller on 6972b10616d785401dea17cec890cca8916424a7
testing commit 761c6d7ec820f123b931e7b8ef7ec7c8564e450f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 43002ea49245b3f6f9e68743e7d8db8a4a5ec459376d9b1b78ffdac9bc6ee9a6
all runs: crashed: WARNING in __v9fs_get_acl
testing release v5.13
testing commit 62fb9874f5da54fdb243003b386128037319b219
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: eaab50170f966c8b3eb39852b91e95d9bc7e454d96827a490e5a435720d1ffbe
all runs: crashed: no output from test machine
testing release v5.12
testing commit 9f4ad9e425a1d3b6a34617b8ea226d56a119a717
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: a2c67d0aa4cd9031fb2dccc0e9429d13c38be324308c26aa1ef6b084265ddb79
all runs: crashed: no output from test machine
testing release v5.11
testing commit f40ddce88593482919761f74910f42f4b84c004b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 760afc9eb3d03287b34ea942b7a411382f5645571be3e022de43df2d69784b74
all runs: crashed: no output from test machine
testing release v5.10
testing commit 2c85ebc57b3e1817b6ce1a6b703928e113a90442
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: ed87a01106570e960457a093defc61da2463f8df499a22d92a19e05b34bca040
run #0: crashed: no output from test machine
run #1: crashed: no output from test machine
run #2: crashed: no output from test machine
run #3: crashed: no output from test machine
run #4: crashed: no output from test machine
run #5: crashed: no output from test machine
run #6: crashed: no output from test machine
run #7: crashed: no output from test machine
run #8: OK
run #9: OK
testing release v5.9
testing commit bbf5c979011a099af5dc76498918ed7df445635b
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: a6ff38e82dd9e7b72f8594f21d4456e9f130fed2d0baffe8f9a1ac831a8846b8
all runs: crashed: no output from test machine
testing release v5.8
testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c
compiler: gcc (GCC) 8.4.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: 148af9454d2419d8c534f359dc0ada77e2a0b73e26499bd1d569517b33bb77e1
all runs: crashed: no output from test machine
testing release v5.7
testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162
compiler: gcc version 8.4.1 20210217 (GCC), GNU ld (GNU Binutils for Debian) 2.35.1
kernel signature: c39813ac1b4cf9ee17cd9581d29834c9312d7a9e2d37c5149682cd29e326d445
all runs: crashed: no output from test machine
testing release v5.6
testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 65e9f41c1707ffe281e68adea77024db743fc3aec52e15a3092851b775aa1091
all runs: crashed: no output from test machine
testing release v5.5
testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: df229a265ef77d7ea04c00e82025c3f1c0476396510a270bc6ec4e905f5dd17e
all runs: crashed: no output from test machine
testing release v5.4
testing commit 219d54332a09e8d8741c1e1982f5eae56099de85
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4db262e20e001154554aacba8ee069cf005e1d0d472bd35a6ff08601ed7ef2f2
all runs: crashed: WARNING in __v9fs_get_acl
testing release v5.3
testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8a03cb69477372e7c3f6c0fee23e5ea1b68880d5ca37439f59113cf3c4eda96e
all runs: crashed: WARNING in __v9fs_get_acl
testing release v5.2
testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: a63def1637c68d4b2393eca6fa64f291c241df7444f98d045fce92c45e3140a6
all runs: crashed: WARNING in __v9fs_get_acl
testing release v5.1
testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: f8efdfe78b77cd25d04aab4225a16b81c92c36c009eef26f6201701b40898542
all runs: crashed: WARNING in __v9fs_get_acl
testing release v5.0
testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 8febb2553a8c0a5b6ddbcecc9d82d1b651fdece6c7b63653a085e30edb3aa2ec
all runs: crashed: WARNING in __v9fs_get_acl
testing release v4.20
testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 105b8cc6a7542b566883dbf0dc3e52eb9a71396674d3b40fdb607f2da0970fcf
all runs: crashed: WARNING in __v9fs_get_acl
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: d66c48a3c3faba40a5ecc109e36d9cb4544ffaac7b5ecdc23ace2c28916ed531
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: crashed: general protection fault in batadv_iv_ogm_queue_add
reproducer seems to be flaky
testing release v4.18
testing commit 94710cac0ef4ee177a63b5227664b38c95bbf703
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: ba370e5a661443c680b7962c6f4e0cef64aed7b317a2c121cb313663637fbe7f
all runs: OK
# git bisect start 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d 94710cac0ef4ee177a63b5227664b38c95bbf703
Bisecting: 7596 revisions left to test after this (roughly 13 steps)
[db06f826ec12bf0701ea7fc0a3c0aa00b84417c8] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

testing commit db06f826ec12bf0701ea7fc0a3c0aa00b84417c8
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 3859a0d3c97038b444a72eb64f8c52dfb7ad31532a9584ef85f270c4475fcb88
all runs: OK
# git bisect good db06f826ec12bf0701ea7fc0a3c0aa00b84417c8
Bisecting: 3768 revisions left to test after this (roughly 12 steps)
[cd9b44f90763c3367e8dd0601849ffb028e8ba52] Merge branch 'akpm' (patches from Andrew)

testing commit cd9b44f90763c3367e8dd0601849ffb028e8ba52
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: cc17ba4c49ddb807c2ff6d2f4329d2a64f0d6813d7bfb864bdd90878498bff7b
all runs: OK
# git bisect good cd9b44f90763c3367e8dd0601849ffb028e8ba52
Bisecting: 1886 revisions left to test after this (roughly 11 steps)
[4290d5b9ca018be10c7582524f7500df731bfab0] Merge tag 'for-linus-4.19b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

testing commit 4290d5b9ca018be10c7582524f7500df731bfab0
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: eeb4c34f82fb374679d9315512f80cda56c37dc2daf17664d924a64be3e59f9e
all runs: OK
# git bisect good 4290d5b9ca018be10c7582524f7500df731bfab0
Bisecting: 942 revisions left to test after this (roughly 10 steps)
[576156bb01a62c1f64b32b416593862bb34bddaa] Merge branch 'for-upstream/malidp-fixes' of git://linux-arm.org/linux-ld into drm-fixes

testing commit 576156bb01a62c1f64b32b416593862bb34bddaa
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: e9dce306dd8227d8d91d2f172dcf65b6605fff2f812e1ea62974116e238e9539
all runs: OK
# git bisect good 576156bb01a62c1f64b32b416593862bb34bddaa
Bisecting: 470 revisions left to test after this (roughly 9 steps)
[4fbeba43b9b6f76a270108edcf5305dc1882a478] Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

testing commit 4fbeba43b9b6f76a270108edcf5305dc1882a478
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 50553eb7045eebe0f06013d2c51a4cf8c038c2992f97c38755762c14b520acf2
all runs: OK
# git bisect good 4fbeba43b9b6f76a270108edcf5305dc1882a478
Bisecting: 218 revisions left to test after this (roughly 8 steps)
[90ad18418c2d3db23ee827cdd74fed2ca9b70a18] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

testing commit 90ad18418c2d3db23ee827cdd74fed2ca9b70a18
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 59e4a13004e69067bcade26f9974147007c7ea4ed3c414fc9b95485cf7d6bf11
all runs: OK
# git bisect good 90ad18418c2d3db23ee827cdd74fed2ca9b70a18
Bisecting: 121 revisions left to test after this (roughly 7 steps)
[2a96661054452c3016c377d72a38c6d4948ea6ae] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc

testing commit 2a96661054452c3016c377d72a38c6d4948ea6ae
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: ceff5f6f82714db08f02f780427983dfba80077f53b3fabee5613da3166712f6
all runs: OK
# git bisect good 2a96661054452c3016c377d72a38c6d4948ea6ae
Bisecting: 62 revisions left to test after this (roughly 6 steps)
[b2a205ff49b9c55d4bdda1bdb10ad19ebd646221] Merge tag 'for-linus-20181019' of git://git.kernel.dk/linux-block

testing commit b2a205ff49b9c55d4bdda1bdb10ad19ebd646221
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: acb903ecbf8998623704b14dec5aee6fedbe4afb4c268d28bc6b0b4e95e3d665
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: crashed: general protection fault in batadv_iv_ogm_queue_add
run #19: OK
# git bisect bad b2a205ff49b9c55d4bdda1bdb10ad19ebd646221
Bisecting: 29 revisions left to test after this (roughly 5 steps)
[0ac1077e3a549bf8d35971613e2be05bdbb41a00] sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead

testing commit 0ac1077e3a549bf8d35971613e2be05bdbb41a00
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: c81b049f82d02d6fa02e0a2ec40c86d7b2f196930b41e12090b8549acf7c9eb4
run #0: OK
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
run #10: OK
run #11: OK
run #12: OK
run #13: OK
run #14: OK
run #15: OK
run #16: OK
run #17: OK
run #18: OK
run #19: crashed: KASAN: use-after-free Write in batadv_iv_ogm_schedule
# git bisect bad 0ac1077e3a549bf8d35971613e2be05bdbb41a00
Bisecting: 14 revisions left to test after this (roughly 4 steps)
[d7b4c24f45d2efe51b8f213da4593fefd49240ba] rxrpc: Fix an uninitialised variable

testing commit d7b4c24f45d2efe51b8f213da4593fefd49240ba
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 31047b0151609cbcc01bdc11f31e35301c9b07ec7ab7a0d9078d243b05eda9fa
all runs: OK
# git bisect good d7b4c24f45d2efe51b8f213da4593fefd49240ba
Bisecting: 7 revisions left to test after this (roughly 3 steps)
[fbe1222c63b805e946c3af29b0bfbfee4c2fbeff] qed: fix spelling mistake "Ireelevant" -> "Irrelevant"

testing commit fbe1222c63b805e946c3af29b0bfbfee4c2fbeff
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: d374ca0d55ecb13ec56cb990e5620a86248264ea2508e32012cd8842081753a8
all runs: OK
# git bisect good fbe1222c63b805e946c3af29b0bfbfee4c2fbeff
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[8913806f166e47c6b3fe8253e9cfb9caabe64341] nfp: flower: fix pedit set actions for multiple partial masks

testing commit 8913806f166e47c6b3fe8253e9cfb9caabe64341
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4404ac4f61e93f776d2d9bb02a754bc3f92fb08f16dd96c20cd4d3977983b7fd
all runs: OK
# git bisect good 8913806f166e47c6b3fe8253e9cfb9caabe64341
Bisecting: 1 revision left to test after this (roughly 1 step)
[140b6abac26d799f75d772ab5e969b34ad8d68f1] nfp: flower: use offsets provided by pedit instead of index for ipv6

testing commit 140b6abac26d799f75d772ab5e969b34ad8d68f1
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4404ac4f61e93f776d2d9bb02a754bc3f92fb08f16dd96c20cd4d3977983b7fd
all runs: OK
# git bisect good 140b6abac26d799f75d772ab5e969b34ad8d68f1
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[bd8be2cf8b69573707f837786474c00ff7423a0f] Merge branch 'nfp-fix-pedit-set-action-offloads'

testing commit bd8be2cf8b69573707f837786474c00ff7423a0f
compiler: gcc version 8.4.1 20210217 (GCC)
kernel signature: 4404ac4f61e93f776d2d9bb02a754bc3f92fb08f16dd96c20cd4d3977983b7fd
all runs: OK
# git bisect good bd8be2cf8b69573707f837786474c00ff7423a0f
0ac1077e3a549bf8d35971613e2be05bdbb41a00 is the first bad commit
commit 0ac1077e3a549bf8d35971613e2be05bdbb41a00
Author: Xin Long <lucien.xin@gmail.com>
Date:   Tue Oct 16 15:52:02 2018 +0800

    sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead
    
    According to rfc7496 section 4.3 or 4.4:
    
       sprstat_policy:  This parameter indicates for which PR-SCTP policy
          the user wants the information.  It is an error to use
          SCTP_PR_SCTP_NONE in sprstat_policy.  If SCTP_PR_SCTP_ALL is used,
          the counters provided are aggregated over all supported policies.
    
    We change to dump pr_assoc and pr_stream all status by SCTP_PR_SCTP_ALL
    instead, and return error for SCTP_PR_SCTP_NONE, as it also said "It is
    an error to use SCTP_PR_SCTP_NONE in sprstat_policy. "
    
    Fixes: 826d253d57b1 ("sctp: add SCTP_PR_ASSOC_STATUS on sctp sockopt")
    Fixes: d229d48d183f ("sctp: add SCTP_PR_STREAM_STATUS sockopt for prsctp")
    Reported-by: Ying Xu <yinxu@redhat.com>
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Acked-by: Neil Horman <nhorman@tuxdriver.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

 include/uapi/linux/sctp.h | 1 +
 net/sctp/socket.c         | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

culprit signature: c81b049f82d02d6fa02e0a2ec40c86d7b2f196930b41e12090b8549acf7c9eb4
parent  signature: 4404ac4f61e93f776d2d9bb02a754bc3f92fb08f16dd96c20cd4d3977983b7fd
Reproducer flagged being flaky
revisions tested: 32, total time: 7h27m36.324317321s (build: 3h15m37.315495389s, test: 4h7m34.792861327s)
first bad commit: 0ac1077e3a549bf8d35971613e2be05bdbb41a00 sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead
recipients (to): ["davem@davemloft.net" "lucien.xin@gmail.com" "nhorman@tuxdriver.com"]
recipients (cc): []
crash: KASAN: use-after-free Write in batadv_iv_ogm_schedule
batman_adv: batadv0: Interface deactivated: batadv_slave_0
batman_adv: batadv0: Removing interface: batadv_slave_0
batman_adv: batadv0: Interface deactivated: batadv_slave_1
batman_adv: batadv0: Removing interface: batadv_slave_1
==================================================================
BUG: KASAN: use-after-free in batadv_iv_ogm_schedule+0xe46/0xf30 net/batman-adv/bat_iv_ogm.c:958
Write of size 2 at addr ffff8800af2636a6 by task kworker/u4:7/10069

CPU: 0 PID: 10069 Comm: kworker/u4:7 Not tainted 4.19.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x15a/0x20d lib/dump_stack.c:113
 print_address_description.cold.6+0x9/0x244 mm/kasan/report.c:256
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report mm/kasan/report.c:412 [inline]
 kasan_report.cold.7+0x242/0x305 mm/kasan/report.c:396
 __asan_report_store2_noabort+0x17/0x20 mm/kasan/report.c:436
 batadv_iv_ogm_schedule+0xe46/0xf30 net/batman-adv/bat_iv_ogm.c:958
 batadv_iv_send_outstanding_bat_ogm_packet+0x4b2/0x7b0 net/batman-adv/bat_iv_ogm.c:1817
 process_one_work+0x7b9/0x14f0 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:413

Allocated by task 8646:
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 kasan_kmalloc.part.1+0x62/0xf0 mm/kasan/kasan.c:553
 kasan_kmalloc+0xaf/0xc0 mm/kasan/kasan.c:538
 kmem_cache_alloc_trace+0x13a/0x2f0 mm/slub.c:2733
 kmalloc include/linux/slab.h:513 [inline]
 batadv_iv_ogm_iface_enable+0x11c/0x370 net/batman-adv/bat_iv_ogm.c:387
 batadv_hardif_enable_interface+0x24d/0x9d0 net/batman-adv/hard-interface.c:776
 batadv_softif_slave_add+0x7f/0xd0 net/batman-adv/soft-interface.c:894
 do_set_master net/core/rtnetlink.c:2296 [inline]
 do_set_master+0x171/0x200 net/core/rtnetlink.c:2270
 do_setlink+0x94c/0x2e40 net/core/rtnetlink.c:2430
 rtnl_newlink+0x96a/0x1300 net/core/rtnetlink.c:3043
 rtnetlink_rcv_msg+0x34f/0x950 net/core/rtnetlink.c:4730
 netlink_rcv_skb+0x142/0x390 net/netlink/af_netlink.c:2454
 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4748
 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
 netlink_unicast+0x443/0x660 net/netlink/af_netlink.c:1343
 netlink_sendmsg+0x667/0xc60 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:621 [inline]
 sock_sendmsg+0xac/0xf0 net/socket.c:631
 __sys_sendto+0x1f2/0x2e0 net/socket.c:1788
 __do_sys_sendto net/socket.c:1800 [inline]
 __se_sys_sendto net/socket.c:1796 [inline]
 __x64_sys_sendto+0xdc/0x1a0 net/socket.c:1796
 do_syscall_64+0xda/0x540 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 3144:
 save_stack mm/kasan/kasan.c:448 [inline]
 set_track mm/kasan/kasan.c:460 [inline]
 __kasan_slab_free+0x167/0x240 mm/kasan/kasan.c:521
 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
 slab_free_hook mm/slub.c:1371 [inline]
 slab_free_freelist_hook mm/slub.c:1398 [inline]
 slab_free mm/slub.c:2953 [inline]
 kfree+0x130/0x360 mm/slub.c:3906
 batadv_iv_ogm_iface_disable+0x34/0x70 net/batman-adv/bat_iv_ogm.c:406
 batadv_hardif_disable_interface.cold.8+0x85f/0xdb4 net/batman-adv/hard-interface.c:872
 batadv_softif_destroy_netlink+0x94/0x100 net/batman-adv/soft-interface.c:1147
 default_device_exit_batch+0x239/0x3d0 net/core/dev.c:9545
 ops_exit_list.isra.3+0xd3/0x120 net/core/net_namespace.c:156
 cleanup_net+0x363/0x840 net/core/net_namespace.c:551
 process_one_work+0x7b9/0x14f0 kernel/workqueue.c:2153
 worker_thread+0x85/0xb60 kernel/workqueue.c:2296
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:413

The buggy address belongs to the object at ffff8800af263690
 which belongs to the cache kmalloc-32 of size 32
The buggy address is located 22 bytes inside of
 32-byte region [ffff8800af263690, ffff8800af2636b0)
The buggy address belongs to the page:
page:ffffea0002bc98c0 count:1 mapcount:0 mapping:ffff88013ffbb800 index:0xffff8800af263d50
flags: 0xfff00000000100(slab)
raw: 00fff00000000100 ffffea0002a774c8 ffffea0002d2f508 ffff88013ffbb800
raw: ffff8800af263d50 0000000000550053 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page allocated via order 0, migratetype Unmovable, gfp_mask 0x6012c0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY)
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook mm/page_alloc.c:1906 [inline]
 prep_new_page mm/page_alloc.c:1914 [inline]
 get_page_from_freelist+0x3033/0x4530 mm/page_alloc.c:3345
 __alloc_pages_nodemask+0x39e/0x2670 mm/page_alloc.c:4370
 alloc_pages_current+0xd6/0x1b0 mm/mempolicy.c:2093
 alloc_pages include/linux/gfp.h:509 [inline]
 alloc_slab_page mm/slub.c:1438 [inline]
 allocate_slab mm/slub.c:1583 [inline]
 new_slab+0x4a9/0x850 mm/slub.c:1654
 new_slab_objects mm/slub.c:2417 [inline]
 ___slab_alloc+0x648/0x980 mm/slub.c:2569
 __slab_alloc.isra.22+0x78/0xe0 mm/slub.c:2609
 slab_alloc_node mm/slub.c:2672 [inline]
 slab_alloc mm/slub.c:2714 [inline]
 __kmalloc+0x292/0x340 mm/slub.c:3747
 kmalloc include/linux/slab.h:518 [inline]
 shmem_initxattrs+0x11a/0x1e0 mm/shmem.c:3121
 security_inode_init_security security/security.c:502 [inline]
 security_inode_init_security+0x17f/0x2d0 security/security.c:475
 shmem_mknod+0x98/0x1a0 mm/shmem.c:2805
 vfs_mknod+0x419/0x6c0 fs/namei.c:3719
 handle_create+0x19e/0x4d0 drivers/base/devtmpfs.c:211
 handle drivers/base/devtmpfs.c:374 [inline]
 devtmpfsd drivers/base/devtmpfs.c:400 [inline]
 devtmpfsd+0x1ed/0x490 drivers/base/devtmpfs.c:379
 kthread+0x324/0x3e0 kernel/kthread.c:246
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:413

Memory state around the buggy address:
 ffff8800af263580: fb fb fc fc fb fb fb fb fc fc fb fb fb fb fc fc
 ffff8800af263600: fb fb fb fb fc fc fb fb fb fb fc fc fb fb fb fb
>ffff8800af263680: fc fc fb fb fb fb fc fc 00 00 00 00 fc fc 00 00
                               ^
 ffff8800af263700: 00 05 fc fc 00 00 00 05 fc fc 00 00 00 05 fc fc
 ffff8800af263780: 00 00 00 05 fc fc 00 00 00 05 fc fc 00 00 00 05
==================================================================