From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13C69E7716D for ; Wed, 4 Dec 2024 10:17:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 73E006B0088; Wed, 4 Dec 2024 05:17:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6EE046B0089; Wed, 4 Dec 2024 05:17:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B5FA6B008A; Wed, 4 Dec 2024 05:17:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 368B66B0088 for ; Wed, 4 Dec 2024 05:17:29 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id DE14EA0FA5 for ; Wed, 4 Dec 2024 10:17:28 +0000 (UTC) X-FDA: 82856874198.12.4589EDC Received: from mail-il1-f205.google.com (mail-il1-f205.google.com [209.85.166.205]) by imf06.hostedemail.com (Postfix) with ESMTP id 2172818000B for ; Wed, 4 Dec 2024 10:17:16 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf06.hostedemail.com: domain of 3NixQZwkbABE9FG1r22v8r66zu.x55x2vB9v8t54Av4A.t53@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=3NixQZwkbABE9FG1r22v8r66zu.x55x2vB9v8t54Av4A.t53@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733307436; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=Iw/VcAAZWEK1jQy36Tn6GDQ8Hn65r2cAT438ozyLJZg=; b=u/HtZ0I7ZaQgePIVSR+KpY+Ic7Kc9qzHCQNpCN4DT3B4qUEcWECB2+8HowVh3M0NYLmUZj XpzyGoFcPUexntuQ5IoqQywAS6FgfGJYrg3BsBS4HPMOsjv7U6KloWlaJgWg8h3fI1xOqo UAnRYUgeN3hAjyGhjxfKCwE6I4GSMmk= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf06.hostedemail.com: domain of 3NixQZwkbABE9FG1r22v8r66zu.x55x2vB9v8t54Av4A.t53@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=3NixQZwkbABE9FG1r22v8r66zu.x55x2vB9v8t54Av4A.t53@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733307436; a=rsa-sha256; cv=none; b=JM1uXBBomdC7uemLWB6ngzldQPn3KqvRWqHg9QwvPlP6Ip6wTmTX86rMkF1xSnuP5Vqp7/ SxHVp/05nMtcvmzRLBJPkh75q8+SvXQdgV8KK8SNsZPDzgiWkOLFDDdTXtFbbtwVAaqX2s HiKOz3DImYirjbHkZoGdoowvSQboaB8= Received: by mail-il1-f205.google.com with SMTP id e9e14a558f8ab-3a794990ef3so7094805ab.1 for ; Wed, 04 Dec 2024 02:17:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733307446; x=1733912246; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Iw/VcAAZWEK1jQy36Tn6GDQ8Hn65r2cAT438ozyLJZg=; b=AU8OQPJUibgp6sdFbityTDQoh6D28M1yx6iURLOJFs3Vl+OrCgXxHKajXTC2DyxP4q NJFyAi+tqGHhYXFRHcWEAeNXtW6+Ui2WmrBRRB/MtIUYwhAWbUreqGKoWx2UkoTszeJy +PSS6rWT4T8bfiujIsNJWamS8VqXAHmUhadGbaAjqukaHYXkyTXQh19x1I9Lk6aa+53A sJgU+hzIZD6GoK4q0+S9uiy/nirgrvQSIOjHNGNY3jfGawInLJDkrhK+Q3XC/uIDoRmw LTlArEh0XJt/9EqHMQ3TCyg6iNaMJpAwxw5aCBS3NeilXtDCCtvGKwF4Ijh8h5a4qkcf GqnA== X-Forwarded-Encrypted: i=1; AJvYcCXepYO0VHSiWbcyoOUuBD6l25JK1xUpsHwPzSW4Tez8ADgNG6YDuBkR0vKbOqT/pOMDIIVSUQkPzA==@kvack.org X-Gm-Message-State: AOJu0Yxkat7hUiuHzmy51yOzyw02TWgneZkx1Z8JyyXZ3Qkw3H/4YCrL s3YZaeCO6mDhPHTrw0wT7HqYnmg3U43h1Tu8Pmmez3LlnwSD4+zK899R6lbvc5AwIvqMtTVpiCc KaediRqL5qZxXJ2QpAFUViG/LxAt4X091NNz0TKRWmK1BRgAga0v44tc= X-Google-Smtp-Source: AGHT+IFtk7ENyw7UvH21aYgVXn4nX9q4NjNzOY/EAWw9bMSqFp1i1DEGxnVL4cLSbhSNMqN40/G6fCPuQEPiTMz7j4On/UHxNMpr MIME-Version: 1.0 X-Received: by 2002:a05:6e02:20ce:b0:3a7:cff5:16d6 with SMTP id e9e14a558f8ab-3a7f9c03859mr54650895ab.3.1733307446206; Wed, 04 Dec 2024 02:17:26 -0800 (PST) Date: Wed, 04 Dec 2024 02:17:26 -0800 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <67502c36.050a0220.17bd51.0062.GAE@google.com> Subject: [syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 2172818000B X-Rspamd-Server: rspam12 X-Stat-Signature: bdambf76s9c3yjkeh7qq11fq9ay85x9c X-Rspam-User: X-HE-Tag: 1733307436-523789 X-HE-Meta: U2FsdGVkX18NmhMbz5DGuN+PXjKRJzDZ0t8xQNgZuT5Hnh6kFZn2bRmIqBjHkyztq+jYjyGOs/0BPj52PNGIIK8ynlkDS6br5RywxD3z+iNZLno/+qz0VXYb/moTByRPv7mdPz5IhZldIBQl/l5xJPE+T4qblhCAvVjiEXrWvQIdDYkOfEMXlcxHEUDFMGh1xRS1PxZFt21qAsDBR6pK25wGg3AOE46dtmIyhfpC6E9o5sgNia2CFWY0UA2FzUeDlPw63P0YZlEddAIbN1OXvKgd05hceTTXwCUPNq6zCCOZJ3qEeuXuhTVIbeTIsOyQ0MyXYPbzlk9zlkRv0ecx9sLXDxKVzLF0Oz9UGaal3qbUk+JEv+KZIF0sgLNSpOBdxN+sTCI+9rhbNJqr6B6/6wnoJ0aYkZ1ZutlnNcKhSjm7UTO1bAYJ4lzwxNzaE/9LbLZkixaN81/HBNOwiYxxAWKsl0xWTs9kwwkFLvh9l5jpc12eV2S4jmZBQ+1n9ekQeL+p+JHrfbugpfYtgPfHY7iuuOj55NapJXKxbpiLa5hDBUDthIYZXbHtOuzA84og3hqlq5kREJ6r4evbUCPl6h2dCDgTvIjeaDWeAE1z1j7Dghd9kSeNwy3SD9Z4JuZHBu2uZqYlmBdfqNQdBpDN7CHVnIMJ0y+XpQVCCMAmGSpqx+3PJycwiJWzNeXvZ4yylM1k8VECRphbWlF/xhtJIiNX50zVHliUciV9r2iw6SZZES4wHTx2X1rmprFcyJOSVwnIi3C6MaQAEFcrSPk1cEK+V7qqltJKoKZTshBP3oOV5VgBLWCKVTvPsMT/eSR/b4+9if2SRcY6Ip79c2yWYVw8g3nbu0bJH89UEJHx5Hssdtke6IZohgN00Aaa1lmESeZisXnFLqjsBBEplUbEhyH+KXU0qI61Um7+hLrG+U2kFWnXrxckNyvVSFTM6kwLmFt+7YKLtCCgGI3DCmc CmXm+EQp ZPBixNwZjNADfsXy8DovWrcjbZ93d3Uz/BENKX1yFrIwPQ5K52Vs5qyOpNwoLqg5S3B7bZuDAJzF9OHfj7uMIkqNRbPYBU1nLgkGMjqavZwCAtg+6EiOw+YbFyPeeag/CjisuaquLoyWCHt2cMNDphKzWl13wy7k9d4LmhmM6XNh4pvuq1x2cGMw7EPy4YmRrv3W982oucuQ0Y+PhOLBpnTy+7ntiO+xKDb63XJJw1iPgkIVb5w9DvQaq7irwjqJq8o/iRainImID/Pk5uo0Nu2rhXnTR20OSNkd8oBKqrbh37EWmsFUJkzFSin6EYHHUp42YcevfnQnbO2uGL41fomKzXCNSecgS2yFTzXFnSAc14T/VsCPdSTLkowDRLpHqZxGMDwllryJcFIYPLuBG2iNBIs09K8gk3exa4Jc9TL6nCd9A8J5MsHGpTUjW5UgveUOKIpA7JZhTPZcEFXmEVFruJ+WD3KlCz1Dukd0eoX1CJs5xxhL8xuID2sUFOxoUZw/olsjbQRHObj2veiFu7zWzIhTqUMmsRWpeIddusoi5sWelSEwfLprDUsZXqnpEqFV8abpGlmAKH9L2A1LHNwjJdNVfQTNHbQOMEeFUfOag2VHMdf6v4eXCvEtW/UP61ymQHl3LaNUkML0e2mJYYQKuhN1sovjZm//WwFB+mQcMvhw2/ihkIEyi7yOuNDJeOawn4XESvyo1nQMrCLtHmzsA0ygIANt1oMb4BZMZ5qqeUtexYsVZKfOY6e7daK46GHXG0IqNAKjlRXFik4E4faMM2QVAshPh+TNL7+Ubt88feeEFWvDqBzHHk4u5JdLfuzTT9/MvA6FJ4rJF3veHtEc/34mvbu2zX1vk1jl/VUdJtdENhTNMgsDc+8iRmWwoqprHuxsThmcjypPOKoDzgA95xZybKSUn22s125nDnJA/kzhVeSBB7tt1fi4EWJktrf25Ny1jnPAzi/yGOd6gfz+NNHB4 QJNnAaMa id3IIk7j2kRIY1JNf74OgpiIcRCHXHtzvUbEbYvuhbvq66Ad0dmrUgGLKv4awZWxKDY9IeAqOqxZOOS2CfckPifXwUQ1XEPabZTdxSnkV/a9UNGqqB3QtzW3VlY4eoi+E2CKuyP2oWbA/X9PjMpTrcLwANOCjUWus9ejtYCU7Y5Xef0dZg/cmibYZsjBEr2wMQ6hJDTCxtSNn7YNv2WXmq/u3pFiE8oAlWdpeR85rkMKRLvI5PWSQTbU0/NyoISXGIY+5/lLARqyGQTVMt4teflRoNwTx6wkuq3qoZ6HbHmXr7If9vAUlRKWiuEBkszZvdEEiTfTqv/kgZcjqiHbz0zzwstSkJzBMsKN3zm/yKZqvZ56ybeb9tKfC/g2xYkkCPcJjJNreJv5C4s/4xPSxEBZGAFh85V6 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: 2ba9f676d0a2 Merge tag 'drm-next-2024-11-29' of https://gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=17d56d30580000 kernel config: https://syzkaller.appspot.com/x/.config?x=92c00fea95836451 dashboard link: https://syzkaller.appspot.com/bug?extid=2f574f2471415b81417e compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-2ba9f676.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/67b607be891b/vmlinux-2ba9f676.xz kernel image: https://storage.googleapis.com/syzbot-assets/b142ef38c0ac/bzImage-2ba9f676.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2f574f2471415b81417e@syzkaller.appspotmail.com ================================================================== BUG: KASAN: slab-use-after-free in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: slab-use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: slab-use-after-free in mapping_unevictable include/linux/pagemap.h:269 [inline] BUG: KASAN: slab-use-after-free in folio_evictable mm/internal.h:435 [inline] BUG: KASAN: slab-use-after-free in lru_add+0x192/0xd70 mm/swap.c:136 Read of size 8 at addr ffff888024b24618 by task syz.7.1236/11255 CPU: 0 UID: 0 PID: 11255 Comm: syz.7.1236 Not tainted 6.12.0-syzkaller-11677-g2ba9f676d0a2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] mapping_unevictable include/linux/pagemap.h:269 [inline] folio_evictable mm/internal.h:435 [inline] lru_add+0x192/0xd70 mm/swap.c:136 folio_batch_move_lru+0x113/0x3b0 mm/swap.c:168 lru_add_drain_cpu+0x521/0x810 mm/swap.c:616 lru_add_drain+0x109/0x440 mm/swap.c:698 vms_clear_ptes+0x1f8/0x780 mm/vma.c:1133 vms_clean_up_area mm/vma.c:1155 [inline] __mmap_prepare mm/vma.c:2278 [inline] __mmap_region+0x4c9/0x2670 mm/vma.c:2443 mmap_region+0x127/0x320 mm/mmap.c:1347 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x1c8/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f26a0980849 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f26a1845058 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 RAX: ffffffffffffffda RBX: 00007f26a0b45fa0 RCX: 00007f26a0980849 RDX: 0000000000000002 RSI: 0000000000800000 RDI: 0000000020800000 RBP: 00007f26a09f3986 R08: ffffffffffffffff R09: 0000000000000000 R10: 0000000000042032 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f26a0b45fa0 R15: 00007ffd234568e8 Allocated by task 37: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_lru_noprof+0x226/0x3d0 mm/slub.c:4172 shmem_alloc_inode+0x25/0x50 mm/shmem.c:4980 alloc_inode+0x5d/0x230 fs/inode.c:336 new_inode_pseudo fs/inode.c:1174 [inline] new_inode+0x22/0x210 fs/inode.c:1193 __shmem_get_inode mm/shmem.c:2874 [inline] shmem_get_inode+0x194/0xf00 mm/shmem.c:2948 shmem_mknod+0x1a8/0x450 mm/shmem.c:3670 vfs_mknod+0x5d7/0x8e0 fs/namei.c:4189 handle_create drivers/base/devtmpfs.c:219 [inline] handle drivers/base/devtmpfs.c:384 [inline] devtmpfs_work_loop+0x1a8/0x7d0 drivers/base/devtmpfs.c:399 devtmpfsd+0x4c/0x50 drivers/base/devtmpfs.c:441 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 29: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x152/0x4c0 mm/slub.c:4700 i_callback+0x43/0x70 fs/inode.c:325 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 run_ksoftirqd kernel/softirq.c:943 [inline] run_ksoftirqd+0x3a/0x60 kernel/softirq.c:935 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Last potentially related work creation: kasan_save_stack+0x33/0x60 mm/kasan/common.c:47 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544 __call_rcu_common.constprop.0+0x99/0x7a0 kernel/rcu/tree.c:3086 destroy_inode+0x12c/0x1b0 fs/inode.c:391 evict+0x5ed/0x960 fs/inode.c:827 iput_final fs/inode.c:1946 [inline] iput fs/inode.c:1972 [inline] iput+0x52a/0x890 fs/inode.c:1958 do_unlinkat+0x5c3/0x760 fs/namei.c:4594 __do_sys_unlink fs/namei.c:4635 [inline] __se_sys_unlink fs/namei.c:4633 [inline] __x64_sys_unlink+0xc5/0x110 fs/namei.c:4633 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The buggy address belongs to the object at ffff888024b24150 which belongs to the cache shmem_inode_cache of size 1544 The buggy address is located 1224 bytes inside of freed 1544-byte region [ffff888024b24150, ffff888024b24758) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24b20 head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) page_type: f5(slab) raw: 00fff00000000040 ffff88801ca8e780 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000130013 00000001f5000000 0000000000000000 head: 00fff00000000040 ffff88801ca8e780 dead000000000122 0000000000000000 head: 0000000000000000 0000000000130013 00000001f5000000 0000000000000000 head: 00fff00000000003 ffffea000092c801 ffffffffffffffff 0000000000000000 head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 37, tgid 37 (kdevtmpfs), ts 6023947933, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556 prep_new_page mm/page_alloc.c:1564 [inline] get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3474 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4751 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2265 alloc_slab_page mm/slub.c:2408 [inline] allocate_slab mm/slub.c:2574 [inline] new_slab+0x2c9/0x410 mm/slub.c:2627 ___slab_alloc+0xdac/0x1870 mm/slub.c:3815 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3905 __slab_alloc_node mm/slub.c:3980 [inline] slab_alloc_node mm/slub.c:4141 [inline] kmem_cache_alloc_lru_noprof+0xff/0x3d0 mm/slub.c:4172 shmem_alloc_inode+0x25/0x50 mm/shmem.c:4980 alloc_inode+0x5d/0x230 fs/inode.c:336 new_inode_pseudo fs/inode.c:1174 [inline] new_inode+0x22/0x210 fs/inode.c:1193 __shmem_get_inode mm/shmem.c:2874 [inline] shmem_get_inode+0x194/0xf00 mm/shmem.c:2948 shmem_mknod+0x1a8/0x450 mm/shmem.c:3670 vfs_mknod+0x5d7/0x8e0 fs/namei.c:4189 handle_create drivers/base/devtmpfs.c:219 [inline] handle drivers/base/devtmpfs.c:384 [inline] devtmpfs_work_loop+0x1a8/0x7d0 drivers/base/devtmpfs.c:399 devtmpfsd+0x4c/0x50 drivers/base/devtmpfs.c:441 page_owner free stack trace missing Memory state around the buggy address: ffff888024b24500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888024b24580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888024b24600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888024b24680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888024b24700: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup