ci starts bisection 2022-11-12 09:12:11.827771818 +0000 UTC m=+148895.885295795 bisecting cause commit starting from f8f60f322f0640c8edda2942ca5f84b7a27c417a building syzkaller on 3ead01ade920906b89aff0066a9d5e922ee270c8 ensuring issue is reproducible on original commit f8f60f322f0640c8edda2942ca5f84b7a27c417a testing commit f8f60f322f0640c8edda2942ca5f84b7a27c417a gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0ea8c84ad00aabdc639b85768ed58a724cc2a6177c05393df618e31eb2691091 run #0: crashed: WARNING in snd_usbmidi_output_open run #1: crashed: WARNING in snd_usbmidi_output_open run #2: crashed: WARNING in snd_usbmidi_output_open run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: WARNING in snd_usbmidi_output_open run #5: crashed: WARNING in snd_usbmidi_output_open run #6: crashed: WARNING in snd_usbmidi_output_open run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: WARNING in snd_usbmidi_output_open run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: WARNING in snd_usbmidi_output_open run #11: crashed: WARNING in snd_usbmidi_output_open run #12: crashed: WARNING in snd_usbmidi_output_open run #13: crashed: WARNING in snd_usbmidi_output_open run #14: crashed: INFO: rcu detected stall in corrupted run #15: crashed: INFO: rcu detected stall in corrupted run #16: crashed: INFO: rcu detected stall in corrupted run #17: crashed: INFO: rcu detected stall in corrupted run #18: crashed: INFO: rcu detected stall in corrupted run #19: crashed: INFO: rcu detected stall in corrupted testing release v6.0 testing commit 4fe89d07dcc2804c8b562f6c7896a45643d34b2f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e568d4bd762f3816875e111fcf3af0320505bd8dae4dbd5ad303c0b7b015a282 run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in corrupted run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in corrupted run #4: crashed: INFO: rcu detected stall in corrupted run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK testing release v5.19 testing commit 3d7cb6b04c3f3115719235cc6866b10326de34cd gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 459681251808e2f68f044b7b194cf08ab65a3229cd6a80efcb0266c013cad84d all runs: OK # git bisect start 4fe89d07dcc2804c8b562f6c7896a45643d34b2f 3d7cb6b04c3f3115719235cc6866b10326de34cd Bisecting: 8384 revisions left to test after this (roughly 13 steps) [78acd4ca433425e6dd4032cfc2156c60e34931f2] usb: cdns3: Don't use priv_dev uninitialized in cdns3_gadget_ep_enable() testing commit 78acd4ca433425e6dd4032cfc2156c60e34931f2 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 194239e37bbf09a6a0b7040123d232928f89402170c9bece624a349bc1d9cd15 all runs: basic kernel testing failed: WARNING: ODEBUG bug in mgmt_index_removed # git bisect skip 78acd4ca433425e6dd4032cfc2156c60e34931f2 Bisecting: 8384 revisions left to test after this (roughly 13 steps) [586fb2641371cf7f23a401ab1c79b17e3ec457f4] ASoC: soc-core.c: fixup snd_soc_of_get_dai_link_cpus() testing commit 586fb2641371cf7f23a401ab1c79b17e3ec457f4 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7a24c46fe0d56289e7495ca94d5622b409ac7c2ae7e5b2e0a8d764eae5b07265 run #0: crashed: KASAN: use-after-free Read in driver_register run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: crashed: KASAN: use-after-free Read in driver_register run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 586fb2641371cf7f23a401ab1c79b17e3ec457f4 Bisecting: 273 revisions left to test after this (roughly 8 steps) [7ed1f83bb4f05fe460984ae49e98d1c1be38fb5f] ASoC: SOF: Compile and runtime IPC version selection testing commit 7ed1f83bb4f05fe460984ae49e98d1c1be38fb5f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 99545185385949b69f5d07e0efcfef8d8d463264a3f293f533f8455a05108d2f run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: crashed: KASAN: use-after-free Read in driver_register run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 7ed1f83bb4f05fe460984ae49e98d1c1be38fb5f Bisecting: 114 revisions left to test after this (roughly 7 steps) [e288179dd09a0980c0bce20d5017e0dba95b4407] ASoC: DAI clocking terminology modernisation testing commit e288179dd09a0980c0bce20d5017e0dba95b4407 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b0ae4973f42dfaef2f1a299bd4c8a1f93bf536aebf92ef7d63fd6e544c2790d3 run #0: OK run #1: crashed: KASAN: use-after-free Read in driver_register run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: crashed: KASAN: use-after-free Read in driver_register run #8: OK run #9: OK run #10: OK run #11: OK run #12: crashed: KASAN: use-after-free Read in driver_register run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad e288179dd09a0980c0bce20d5017e0dba95b4407 Bisecting: 70 revisions left to test after this (roughly 6 steps) [ed05d691b921bff37e2397f7a41507b858950020] OPE support on Tegra210 and later testing commit ed05d691b921bff37e2397f7a41507b858950020 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1f9922b4da2ab09eb01d21a51de8eaab16dedde4302d6193a4588d672de51ecb run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: crashed: KASAN: use-after-free Read in driver_register run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad ed05d691b921bff37e2397f7a41507b858950020 Bisecting: 34 revisions left to test after this (roughly 5 steps) [a8b1b9ce5d48bada80868d0ba8d1ee00157f01ee] ALSA: hda: cirrus: Add initial DSP support and firmware loading testing commit a8b1b9ce5d48bada80868d0ba8d1ee00157f01ee gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 33b0e41cdc33e9a286266f520379db043c0cb803778552cbe71636543cdb5b60 run #0: crashed: KASAN: use-after-free Read in driver_register run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad a8b1b9ce5d48bada80868d0ba8d1ee00157f01ee Bisecting: 16 revisions left to test after this (roughly 4 steps) [3ae190edc5f6f64f296f8dd15f4b511f529ab402] ASoC: nau8822: Don't reconfigure PLL to the same values testing commit 3ae190edc5f6f64f296f8dd15f4b511f529ab402 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 9ac134dddaa5356ec53fceac9cb9592066155a0523c686b14ff852cf35214743 run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness run #10: boot failed: INFO: task hung in add_early_randomness run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 3ae190edc5f6f64f296f8dd15f4b511f529ab402 Bisecting: 7 revisions left to test after this (roughly 3 steps) [12ba5ceb4a08d5ea776d3eaf83c0cee63fafe952] ASoC: mediatek: remove unnecessary check of clk_disable_unprepare testing commit 12ba5ceb4a08d5ea776d3eaf83c0cee63fafe952 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 43eb97f69969af71ba6ac6748fc7bcfc334f6e9878e01fef351b3a19c56a3473 run #0: crashed: KASAN: use-after-free Read in driver_register run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 12ba5ceb4a08d5ea776d3eaf83c0cee63fafe952 Bisecting: 3 revisions left to test after this (roughly 2 steps) [32882881078bd8f8fae47ff69c102d9e691f5bb9] ASoC: qcom: soundwire: Add support for controlling audio CGCR from HLOS testing commit 32882881078bd8f8fae47ff69c102d9e691f5bb9 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 03b11b620fd156b6b1751489fe869bff553f43d45f21583a275a7a2f6a8c7af4 run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 32882881078bd8f8fae47ff69c102d9e691f5bb9 Bisecting: 1 revision left to test after this (roughly 1 step) [7472eb8d7dd12b6b9b1a4f4527719cc9c7f5965f] ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe testing commit 7472eb8d7dd12b6b9b1a4f4527719cc9c7f5965f gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: caa7d668e8e0bfa7895e8af94c3fc8e7e2d7da0650083856c4d15e7b6832367f run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: crashed: KASAN: use-after-free Read in driver_register run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: boot failed: INFO: task hung in add_early_randomness run #9: boot failed: INFO: task hung in add_early_randomness run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 7472eb8d7dd12b6b9b1a4f4527719cc9c7f5965f Bisecting: 0 revisions left to test after this (roughly 0 steps) [4f8ed19593872b710f27bbc3b7a9ce03310efc57] ASoC: tfa9879: Use modern ASoC DAI format terminology testing commit 4f8ed19593872b710f27bbc3b7a9ce03310efc57 gcc compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 56f0a0ec00a629c629019e4870ac06be3b72514b33477e706673cde3938891dd run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: boot failed: INFO: task hung in add_early_randomness run #8: crashed: KASAN: use-after-free Read in driver_register run #9: boot failed: INFO: task hung in add_early_randomness run #10: boot failed: INFO: task hung in add_early_randomness run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 4f8ed19593872b710f27bbc3b7a9ce03310efc57 4f8ed19593872b710f27bbc3b7a9ce03310efc57 is the first bad commit commit 4f8ed19593872b710f27bbc3b7a9ce03310efc57 Author: Mark Brown Date: Thu Jun 2 15:10:58 2022 +0200 ASoC: tfa9879: Use modern ASoC DAI format terminology As part of moving to remove the old style defines for the bus clocks update the tfa9879 driver to use more modern terminology for clocking. Signed-off-by: Mark Brown Acked-by: Peter Rosin Link: https://lore.kernel.org/r/20220602131058.3552621-1-broonie@kernel.org Signed-off-by: Mark Brown sound/soc/codecs/tfa9879.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) culprit signature: 56f0a0ec00a629c629019e4870ac06be3b72514b33477e706673cde3938891dd parent signature: 03b11b620fd156b6b1751489fe869bff553f43d45f21583a275a7a2f6a8c7af4 Reproducer flagged being flaky revisions tested: 14, total time: 4h16m14.86247267s (build: 1h48m57.293323197s, test: 2h25m21.493733428s) first bad commit: 4f8ed19593872b710f27bbc3b7a9ce03310efc57 ASoC: tfa9879: Use modern ASoC DAI format terminology recipients (to): ["alsa-devel@alsa-project.org" "broonie@kernel.org" "broonie@kernel.org" "lgirdwood@gmail.com" "peda@axentia.se" "peda@axentia.se" "perex@perex.cz" "tiwai@suse.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in driver_register ================================================================== BUG: KASAN: use-after-free in driver_find drivers/base/driver.c:293 [inline] BUG: KASAN: use-after-free in driver_register+0x32b/0x380 drivers/base/driver.c:233 Read of size 8 at addr ffff888076f11cc8 by task syz-executor411/23585 CPU: 1 PID: 23585 Comm: syz-executor411 Not tainted 5.19.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 driver_find drivers/base/driver.c:293 [inline] driver_register+0x32b/0x380 drivers/base/driver.c:233 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:515 [inline] raw_ioctl+0x12d6/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1222 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7feff9a04d17 Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 64 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffec77222a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffec7723320 RCX: 00007feff9a04d17 RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b R10: 00007ffec7722340 R11: 0000000000000246 R12: 00007feff9a77440 R13: 0000000000000003 R14: 00007ffec77222f0 R15: 00007ffec7724380 Allocated by task 23431: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:733 [inline] bus_add_driver+0xb4/0x580 drivers/base/bus.c:602 driver_register+0x1e9/0x380 drivers/base/driver.c:240 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:515 [inline] raw_ioctl+0x12d6/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1222 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Freed by task 23585: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1727 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1753 slab_free mm/slub.c:3507 [inline] kfree+0xd6/0x4d0 mm/slub.c:4555 kobject_cleanup lib/kobject.c:673 [inline] kobject_release lib/kobject.c:704 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x139/0x410 lib/kobject.c:721 driver_find drivers/base/driver.c:291 [inline] driver_register+0x1b1/0x380 drivers/base/driver.c:233 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:515 [inline] raw_ioctl+0x12d6/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1222 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff888076f11c00 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 200 bytes inside of 256-byte region [ffff888076f11c00, ffff888076f11d00) The buggy address belongs to the physical page: page:ffffea0001dbc400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76f10 head:ffffea0001dbc400 order:1 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 ffffea0001dd6f00 dead000000000003 ffff888010841b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 142, tgid 142 (kworker/0:2), ts 75937672795, free_ts 75842344275 prep_new_page mm/page_alloc.c:2456 [inline] get_page_from_freelist+0x1290/0x3b70 mm/page_alloc.c:4198 __alloc_pages+0x1c7/0x510 mm/page_alloc.c:5426 __alloc_pages_node include/linux/gfp.h:587 [inline] alloc_slab_page mm/slub.c:1799 [inline] allocate_slab+0x80/0x3c0 mm/slub.c:1942 new_slab mm/slub.c:2002 [inline] ___slab_alloc+0x985/0xd90 mm/slub.c:3002 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3089 slab_alloc_node mm/slub.c:3180 [inline] __kmalloc_node+0x2cb/0x390 mm/slub.c:4461 kmalloc_array_node include/linux/slab.h:695 [inline] kcalloc_node include/linux/slab.h:700 [inline] memcg_alloc_slab_cgroups+0x8b/0x140 mm/memcontrol.c:2818 account_slab mm/slab.h:653 [inline] allocate_slab+0x2c9/0x3c0 mm/slub.c:1958 new_slab mm/slub.c:2002 [inline] ___slab_alloc+0x985/0xd90 mm/slub.c:3002 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3089 slab_alloc_node mm/slub.c:3180 [inline] slab_alloc mm/slub.c:3222 [inline] __kmem_cache_alloc_lru mm/slub.c:3229 [inline] kmem_cache_alloc+0x360/0x3b0 mm/slub.c:3239 kmem_cache_zalloc include/linux/slab.h:723 [inline] node_alloc net/ipv6/ip6_fib.c:187 [inline] fib6_add_1+0x277/0x1510 net/ipv6/ip6_fib.c:881 fib6_add+0x1a1/0x3590 net/ipv6/ip6_fib.c:1393 __ip6_ins_rt net/ipv6/route.c:1302 [inline] ip6_ins_rt+0xa9/0x100 net/ipv6/route.c:1312 __ipv6_ifa_notify+0x713/0x910 net/ipv6/addrconf.c:6153 ipv6_ifa_notify net/ipv6/addrconf.c:6192 [inline] addrconf_dad_completed+0x110/0xce0 net/ipv6/addrconf.c:4209 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1371 [inline] free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1421 free_unref_page_prepare mm/page_alloc.c:3343 [inline] free_unref_page+0x19/0x6a0 mm/page_alloc.c:3438 qlink_free mm/kasan/quarantine.c:168 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:294 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:750 [inline] slab_alloc_node mm/slub.c:3214 [inline] slab_alloc mm/slub.c:3222 [inline] __kmalloc+0x200/0x350 mm/slub.c:4413 kmalloc include/linux/slab.h:605 [inline] tomoyo_realpath_from_path+0xb0/0x6a0 security/tomoyo/realpath.c:254 tomoyo_get_realpath security/tomoyo/file.c:151 [inline] tomoyo_path_number_perm+0x1a6/0x4d0 security/tomoyo/file.c:723 security_file_ioctl+0x44/0x80 security/security.c:1551 __do_sys_ioctl fs/ioctl.c:864 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x99/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Memory state around the buggy address: ffff888076f11b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888076f11c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888076f11c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888076f11d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888076f11d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================