From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7383FEB64DA for ; Thu, 6 Jul 2023 01:23:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0147F8D0002; Wed, 5 Jul 2023 21:23:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F06EE8D0001; Wed, 5 Jul 2023 21:23:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DCE898D0002; Wed, 5 Jul 2023 21:23:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id CDA6F8D0001 for ; Wed, 5 Jul 2023 21:23:00 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 9A212B05B5 for ; Thu, 6 Jul 2023 01:23:00 +0000 (UTC) X-FDA: 80979438120.26.3FACAFF Received: from mail-pf1-f207.google.com (mail-pf1-f207.google.com [209.85.210.207]) by imf07.hostedemail.com (Postfix) with ESMTP id EF5D340003 for ; Thu, 6 Jul 2023 01:22:57 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf07.hostedemail.com: domain of 3cBemZAkbAGMTZaLBMMFSBQQJE.HPPHMFVTFSDPOUFOU.DPN@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.207 as permitted sender) smtp.mailfrom=3cBemZAkbAGMTZaLBMMFSBQQJE.HPPHMFVTFSDPOUFOU.DPN@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688606578; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=vSgrqI1tjKK+SLtvqTTC2c0aEEq21oDHin1+SMO6l4k=; b=H2TY7jCK9+uJuS/HZ3CA/eD2gnjXfuh2gVRICS5QZwAlWC2rukhH8YYe4OTQBF697PRNGw LeODKtfOlen6v8NHi1y/JISIYGebNkBwy+3G42HXumjfWwDAQD7kOyL6suYZySyv9Ukbew KOJI/GSap3lN4BkPVdcyoKFdgUWpzrY= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf07.hostedemail.com: domain of 3cBemZAkbAGMTZaLBMMFSBQQJE.HPPHMFVTFSDPOUFOU.DPN@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.207 as permitted sender) smtp.mailfrom=3cBemZAkbAGMTZaLBMMFSBQQJE.HPPHMFVTFSDPOUFOU.DPN@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688606578; a=rsa-sha256; cv=none; b=YRr/ia4xZzXQ8aewNQ3rY5W6v5jwrlrAItMmXU0z/iLm6s3CzI0Z94E0m7UkdOAPAgt3f2 IXDWsg+bMi+a+DdgzBVHEqbLkZ4o2rYUXpXiIprUZ4HXoPMamq7wDni0kr8bES0R0LharE PquABELk6r0rWh0//gw3sdgSsbieCbE= Received: by mail-pf1-f207.google.com with SMTP id d2e1a72fcca58-682a4f1253aso1755069b3a.0 for ; Wed, 05 Jul 2023 18:22:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688606577; x=1691198577; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=vSgrqI1tjKK+SLtvqTTC2c0aEEq21oDHin1+SMO6l4k=; b=jrDarPmzs3CsqASm/nWHf0DKDccexoZuik9DN1L5aKIA4i0ZYdxS6nWcH879KpBIcX gtWx0CYWIchmw5vGUvH1By5CZEY/iTRUH63hOG0Xso7GWfopqEnJmo6kyPc10Dbbb1Xz FUdMDnuZ+/J5Cs1sVd8MfgS5Mald277IWQkELV3bZizmoj444ZYRiTpHlqAGMsv205G7 o7GpbogWWOLvrz12mFQRPRBNAx98MLKVAfj9SS8S/EFVkE/jNnHine1FJl+XWVc3pukS 3h3Q1swCg+w4v7G57sDu6bC005A5c6GfWiVrRtxLeokYrVku77tdVxwt0RSu4jz86i/n we9g== X-Gm-Message-State: ABy/qLZdfILVNhptbgOYPdYxs1EcfUAAeF5rlIqJSAFmALvhpgr5UgaE edvuJdVzFcARwlD2yAsjv56y/lCoULcInHEepWQDUvsNRRvN X-Google-Smtp-Source: APBJJlEWyE4rK+pNbs4GF/eQajyh1zUUnT+TTk5cMlr2Cyw3UDgmFNVzXVAPTK+V6q9hGSYexl+RD+cseeKUpvzOR8/ldYJv3rKS MIME-Version: 1.0 X-Received: by 2002:a05:6a00:39a6:b0:676:20f8:be57 with SMTP id fi38-20020a056a0039a600b0067620f8be57mr1043341pfb.0.1688606576836; Wed, 05 Jul 2023 18:22:56 -0700 (PDT) Date: Wed, 05 Jul 2023 18:22:56 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000002d884205ffc75b9a@google.com> Subject: [syzbot] [mm?] KASAN: slab-out-of-bounds Read in mt_validate_nulls From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Stat-Signature: 4i7dgxdeuobrb7i9n53a6zh3a9zznqr6 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: EF5D340003 X-HE-Tag: 1688606577-363872 X-HE-Meta: U2FsdGVkX18lYt8BCYyVvGTFkJ7nqwhavi+i69H0wQKNAj531rd7lgTvdapJIvpmSdfvKWLoMJXtcsm+zEtBEK3sZqWcCwe5vsdnO1bIKVZDqo5UnrfYtC7WEeRxP4BO8tc+tYrrXTcHpRDjqPt16ePHacfkaSl4nU31HkytGSyrwNHKX0XuvteCZ6E/n5xCv98vroE5rqIYZzuaSp22N/GO4tSJyUxgVimVuPExMGi9+zqdcRsQlVpwW51D6tr0NWLvevXpxol5IgxziJ22THrHqbsdwl2PCDJ2UtvCYnXWJ99NIrCSMFHuCbUFn/r1yvOshnLgHpTuCCfEpyz6Nb5zJepBQyRfb0+5+pdL6+uiRQG4wOaJn0kW8Slxhv9/99YC43JDAPQJXk3jI+yyxFBpky5vOBnUujysNClrhnF7K+lu52E/lIgILEkLfYmmz08il+Iarn0FQCRP2uBXC1YCt93rRxXVxNflFo2CcnVAcVM2avtafvGMhllfnOFsmt2SWYwJpJGcIQwOlmrn8r6k7xixkotSRzO9VnL3LtbSxAZzqDWjD7Sfmge3VBnyF78gUJd1tg8ITIsnGIL415np6UtKAxAqwR1NkB5mGpSIv7PaZMq+hm0y8Lr7+lZHIzRZgU8ZEpUIcKUvu8wnPZ/l88ywEsGgAqtl79XYijYV9gXzCPWjpDIf0JL6gshi6YSdFWha8PmuAR9arWepaGDviQI1LnKVmiJJofGGS9jvGeHnsAYICVr/snuMUOGvwCHLI7KTFNV4Kt07IjDgriHUDB5Zc65QbVX/frMNeXnwp0hO21X5eRb6Dik9aBsfs7Gw9rdjoFrmxwyEQGBsCCTokhgLGhIo97Qp3wj5szt99hAZnCP1qJFrGN8jpc8QDQA5Un2sllzNwNMuS7HqU+bFFHqSqbA+WsmGvcyXUHyPegy2NID84epOox4IG004O2P5iBfUhKXaGQa2sig t3NwcGvH zIeXHXXEPzBeAaPgTVwtCPVBXRFFuz7HdAi2zWvmMhK+GXVS0+b88wZiain26vXlcOwu9mfF1497zA73zjqHdJEEMy+oSbE1Q+whYc4HZXWYO/IaQSI9IweMyJRkr/vk/EKnthNEqk7bqUW0doovSvV07vt+iVE3Gy387PJONISb4NNPOm5YaJDp7rX/ZU2l87b555miXXSwbXaEMhdOBGkqCVPgxNmYHG8WMmdYyArxITlnpQ9V1CLKo1vkyNMPxmQuL2LnylCZSJ7YsomcAzcUqc4NrMirMHHyxeEldJGBGE2n0RiMoXiyEwYVUWNzs7xCAQ6B6pJboVXlxVcxT132VlW6QZQFT9zU3iHcQ6XZx9o4mlcsO1lUFuE1MPOfHPkGeBDb1+lbPJPhH+E2o4xausDxDNn97rNT3l4m9G6quX8TKd+K4YFiPsafbOx6rLFm3F/Ohyhnv/GIOKJWSYYERHmkn3nvOG/dqq7vccR6LjkDLCELMeKOKAXIKpZ7+tCy5t55lmwDJCbxGlsDhPJ1FmhaRUq96doyS9Vbej+03yBMCIIiRkYLBxDqtqZ6H5ddDB5HWBvlEB/vwbtVViMnOjn9TYKA83oGztkjb4d8wTBlslMOfaEN6tCHsC1q4s1Ai435Li+ldWqXMSSpE/Q7WPrJEGmhtN9O87QskCQnAsDFVVtlPBN3x+65mgmFo8AqLG+SlnBtUuESIqYV7ERGUYUlNaNJ4FQ/DtD0CywBIoc2ojhOGcykf8S2nJiszzI5o4xMt+2VY38ibCfqCqnzcMKXMCCtpgVU/F07NhxZfzQ3L2vDohHwl3BqYu8VduFUWXEGtRA4qy3zXAN2DTSusjsEUymQbHwaEr6qMYVP9fgg/EW0Kh8126i3pr7q85YEX+sTepJoXgVFZsu2thG1o4+PzOtUzt8mpX1hlO5DS+F9/d2luobVoWrNeR6Rr776GU6H0n5/nhsMJEe02gIkSIJFu oXk3wxSc Kcpmrp9T1n9pAN+1wlNaHx1c40B8NvYNUfTygRjlXRCN1vlPiI+kGwe1KCpU5TLs1cMvdzwKrMTBoza34+tmZVD9RNXa6vcpAXLxOTPjK5bBAEiJZPtEOLD6T6OVMsZDGMRgesXBRinSIVWC7+u0YuBLnoHjC5ano/5e138PcGrp2CswlU7Z8dI4aS99vLHKb1Pvl4vWhRx1v8X/QCn42FZlf+/QwQvQ/QQeoTn+487qbWYBG44x7/rYHh+GeZRgTAM4+cqT2Bsb1qdYQFctgO4yLkLYG5XR5wrFk0bOXwZ2dyA6wUrLIw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hello, syzbot found the following issue on: HEAD commit: a901a3568fd2 Merge tag 'iomap-6.5-merge-1' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=116a6d68a80000 kernel config: https://syzkaller.appspot.com/x/.config?x=7406f415f386e786 dashboard link: https://syzkaller.appspot.com/bug?extid=609e63261638ff3d5436 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10342968a80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d4cf70a80000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/119fd918f733/disk-a901a356.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/79f9ac119639/vmlinux-a901a356.xz kernel image: https://storage.googleapis.com/syzbot-assets/8bd8662e2869/bzImage-a901a356.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/183577244af6/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+609e63261638ff3d5436@syzkaller.appspotmail.com R10: 0000000000002000 R11: 0000000000000246 R12: 00007fb71e6c96b8 R13: 00007fb71e6c9180 R14: 00007fb71e6c91c0 R15: 00007fb71e7a16e8 ================================================================== BUG: KASAN: slab-out-of-bounds in mt_slot lib/maple_tree.c:816 [inline] BUG: KASAN: slab-out-of-bounds in mas_slot lib/maple_tree.c:849 [inline] BUG: KASAN: slab-out-of-bounds in mt_validate_nulls+0xc04/0xd10 lib/maple_tree.c:7172 Read of size 8 at addr ffff8880770ab100 by task syz-executor263/7002 CPU: 0 PID: 7002 Comm: syz-executor263 Not tainted 6.4.0-syzkaller-10173-ga901a3568fd2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:364 print_report mm/kasan/report.c:475 [inline] kasan_report+0x11d/0x130 mm/kasan/report.c:588 mt_slot lib/maple_tree.c:816 [inline] mas_slot lib/maple_tree.c:849 [inline] mt_validate_nulls+0xc04/0xd10 lib/maple_tree.c:7172 mt_validate+0x17e3/0x4370 lib/maple_tree.c:7227 validate_mm+0x9d/0x470 mm/mmap.c:300 do_vmi_align_munmap+0x1199/0x1680 mm/mmap.c:2561 do_vmi_munmap+0x266/0x430 mm/mmap.c:2619 __vm_munmap+0x137/0x380 mm/mmap.c:2899 __do_sys_munmap mm/mmap.c:2916 [inline] __se_sys_munmap mm/mmap.c:2913 [inline] __x64_sys_munmap+0x62/0x80 mm/mmap.c:2913 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fb71e71cef7 Code: 00 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb 85 66 2e 0f 1f 84 00 00 00 00 00 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb71e6c9168 EFLAGS: 00000246 ORIG_RAX: 000000000000000b RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb71e71cef7 RDX: 0000000000002000 RSI: 0000000000002000 RDI: 00007fb716288000 RBP: 00007fb716288000 R08: 0000000000000000 R09: 0000000000000176 R10: 0000000000002000 R11: 0000000000000246 R12: 00007fb71e6c96b8 R13: 00007fb71e6c9180 R14: 00007fb71e6c91c0 R15: 00007fb71e7a16e8 Allocated by task 7002: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x7f/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:186 [inline] slab_post_alloc_hook mm/slab.h:750 [inline] slab_alloc_node mm/slub.c:3470 [inline] slab_alloc mm/slub.c:3478 [inline] __kmem_cache_alloc_lru mm/slub.c:3485 [inline] kmem_cache_alloc+0x16c/0x380 mm/slub.c:3494 mt_alloc_one lib/maple_tree.c:159 [inline] mas_alloc_nodes+0x4ec/0x8b0 lib/maple_tree.c:1282 mas_node_count_gfp+0x106/0x140 lib/maple_tree.c:1362 mas_node_count lib/maple_tree.c:1376 [inline] mas_wr_node_store+0xa64/0x1170 lib/maple_tree.c:4100 mas_wr_modify+0x28b/0x10d0 lib/maple_tree.c:4346 mas_wr_store_entry.isra.0+0x495/0x1030 lib/maple_tree.c:4390 mas_store_gfp+0xce/0x1f0 lib/maple_tree.c:5506 vma_iter_clear_gfp mm/mmap.c:162 [inline] do_vmi_align_munmap+0xd02/0x1680 mm/mmap.c:2538 do_vmi_munmap+0x266/0x430 mm/mmap.c:2619 __vm_munmap+0x137/0x380 mm/mmap.c:2899 __do_sys_munmap mm/mmap.c:2916 [inline] __se_sys_munmap mm/mmap.c:2913 [inline] __x64_sys_munmap+0x62/0x80 mm/mmap.c:2913 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Last potentially related work creation: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0xb9/0xd0 mm/kasan/generic.c:491 __call_rcu_common.constprop.0+0x99/0x7e0 kernel/rcu/tree.c:2649 ma_free_rcu lib/maple_tree.c:189 [inline] mas_free lib/maple_tree.c:1344 [inline] mas_replace+0x98c/0xfa0 lib/maple_tree.c:1785 mas_wr_node_store+0xcab/0x1170 lib/maple_tree.c:4151 mas_wr_modify+0x28b/0x10d0 lib/maple_tree.c:4346 mas_wr_store_entry.isra.0+0x495/0x1030 lib/maple_tree.c:4390 mas_store_prealloc+0xb3/0x270 lib/maple_tree.c:5529 mmap_region+0x91c/0x2570 mm/mmap.c:2811 do_mmap+0x850/0xee0 mm/mmap.c:1362 vm_mmap_pgoff+0x1a2/0x3b0 mm/util.c:543 ksys_mmap_pgoff+0x7d/0x5b0 mm/mmap.c:1408 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Second to last potentially related work creation: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 __kasan_record_aux_stack+0xb9/0xd0 mm/kasan/generic.c:491 __call_rcu_common.constprop.0+0x99/0x7e0 kernel/rcu/tree.c:2649 ma_free_rcu lib/maple_tree.c:189 [inline] mas_free lib/maple_tree.c:1344 [inline] mas_replace+0x98c/0xfa0 lib/maple_tree.c:1785 mas_wr_node_store+0xcab/0x1170 lib/maple_tree.c:4151 mas_wr_modify+0x28b/0x10d0 lib/maple_tree.c:4346 mas_wr_store_entry.isra.0+0x495/0x1030 lib/maple_tree.c:4390 mas_store_prealloc+0xb3/0x270 lib/maple_tree.c:5529 vma_complete+0x8fd/0xdc0 mm/mmap.c:553 __split_vma+0x53b/0x830 mm/mmap.c:2381 split_vma+0xc6/0x110 mm/mmap.c:2409 mprotect_fixup+0x891/0xbd0 mm/mprotect.c:643 do_mprotect_pkey+0x883/0xd40 mm/mprotect.c:817 __do_sys_mprotect mm/mprotect.c:838 [inline] __se_sys_mprotect mm/mprotect.c:835 [inline] __x64_sys_mprotect+0x78/0xb0 mm/mprotect.c:835 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The buggy address belongs to the object at ffff8880770ab000 which belongs to the cache maple_node of size 256 The buggy address is located 0 bytes to the right of allocated 256-byte region [ffff8880770ab000, ffff8880770ab100) The buggy address belongs to the physical page: page:ffffea0001dc2a80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x770aa head:ffffea0001dc2a80 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000010200 ffff88801324d000 0000000000000000 dead000000000001 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4689, tgid 4689 (dhcpcd-run-hook), ts 21566309288, free_ts 20023594773 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x2db/0x350 mm/page_alloc.c:1570 prep_new_page mm/page_alloc.c:1577 [inline] get_page_from_freelist+0xfed/0x2d30 mm/page_alloc.c:3221 __alloc_pages+0x1cb/0x4a0 mm/page_alloc.c:4477 alloc_pages+0x1aa/0x270 mm/mempolicy.c:2279 alloc_slab_page mm/slub.c:1862 [inline] allocate_slab+0x25f/0x390 mm/slub.c:2009 new_slab mm/slub.c:2062 [inline] ___slab_alloc+0xbc3/0x15d0 mm/slub.c:3215 __kmem_cache_alloc_bulk mm/slub.c:3966 [inline] kmem_cache_alloc_bulk+0x270/0x860 mm/slub.c:4041 mt_alloc_bulk lib/maple_tree.c:164 [inline] mas_alloc_nodes+0x341/0x8b0 lib/maple_tree.c:1304 mas_node_count_gfp+0x106/0x140 lib/maple_tree.c:1362 mas_node_count lib/maple_tree.c:1376 [inline] mas_expected_entries+0x117/0x200 lib/maple_tree.c:5656 vma_iter_bulk_alloc include/linux/mm.h:898 [inline] dup_mmap+0x4e4/0x19b0 kernel/fork.c:681 dup_mm kernel/fork.c:1688 [inline] copy_mm kernel/fork.c:1737 [inline] copy_process+0x6663/0x75c0 kernel/fork.c:2503 kernel_clone+0xeb/0x890 kernel/fork.c:2911 __do_sys_clone+0xba/0x100 kernel/fork.c:3054 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1161 [inline] free_unref_page_prepare+0x62e/0xcb0 mm/page_alloc.c:2348 free_unref_page+0x33/0x370 mm/page_alloc.c:2443 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x195/0x220 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x63/0x90 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:186 [inline] slab_post_alloc_hook mm/slab.h:750 [inline] slab_alloc_node mm/slub.c:3470 [inline] slab_alloc mm/slub.c:3478 [inline] __kmem_cache_alloc_lru mm/slub.c:3485 [inline] kmem_cache_alloc+0x16c/0x380 mm/slub.c:3494 getname_flags.part.0+0x50/0x4f0 fs/namei.c:140 getname_flags+0x9e/0xe0 include/linux/audit.h:319 user_path_at_empty+0x2f/0x60 fs/namei.c:2906 do_readlinkat+0xcd/0x2f0 fs/stat.c:477 __do_sys_readlink fs/stat.c:510 [inline] __se_sys_readlink fs/stat.c:507 [inline] __x64_sys_readlink+0x78/0xb0 fs/stat.c:507 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Memory state around the buggy address: ffff8880770ab000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880770ab080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8880770ab100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880770ab180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880770ab200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup