From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61480C02198 for ; Thu, 6 Feb 2025 06:34:42 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C0E2F6B0083; Thu, 6 Feb 2025 01:34:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BBC27280001; Thu, 6 Feb 2025 01:34:41 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A5C986B008C; Thu, 6 Feb 2025 01:34:41 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 849DF6B0083 for ; Thu, 6 Feb 2025 01:34:41 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 3ABF51A0EEF for ; Thu, 6 Feb 2025 06:34:41 +0000 (UTC) X-FDA: 83088556362.01.0472652 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by imf08.hostedemail.com (Postfix) with ESMTP id 45F83160004 for ; Thu, 6 Feb 2025 06:34:39 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=BdBFmqTh; spf=pass (imf08.hostedemail.com: domain of senozhatsky@chromium.org designates 209.85.214.173 as permitted sender) smtp.mailfrom=senozhatsky@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738823679; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=a7ECNJBXu40RP2Clx2OxfF2Lbt/uQreXDitoikmAYNM=; b=ZvEyb4PQahiA3Nbxmd8rSUk6BHfA/4ze+THpCCaLfq0+AKAIy4wgt3TbajIldq55kxGTwB apyCGQC5M+ZfRrdPgbgVX5WdI9+6rQUBf98vpJxG+L2mQLJAiDozu4ymL51N5of6WQYwTm mvFDEMi3/iATZ4C9DdNUhZTbFA9lYME= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738823679; a=rsa-sha256; cv=none; b=CEqVzxkkNyPW8ReL0QZmR11ouu5t/SQNOovjW3IeQrFezIH45jOnPTFfdQ0XizuJTyVSr2 GR4Tk6KeLrvQSwtS97Fnt2qDWsLgb0DNhhcl5MvnWXe+RLSJiGs0O04W3k4wU2+mgG300I eCILH2tpSUC3BSJBU1fcZzs5OJ4f30Y= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=BdBFmqTh; spf=pass (imf08.hostedemail.com: domain of senozhatsky@chromium.org designates 209.85.214.173 as permitted sender) smtp.mailfrom=senozhatsky@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-21ddab8800bso8415945ad.3 for ; Wed, 05 Feb 2025 22:34:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1738823678; x=1739428478; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=a7ECNJBXu40RP2Clx2OxfF2Lbt/uQreXDitoikmAYNM=; b=BdBFmqThXK3H4OHpoxOkcqZZc9JvxX0v8yF9d3RZVRY9BjrPfHf4BZT9kGsbNIyI5m zbthnTg7JtIyZZYAKG6KPIVLXFM2/JtxtiBDBZAG/V7f274quUg6eewz7/jPTeJk2NMw 4UEENojKAhNLvEilSVx/LbiAC4vfMEASr9kzQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738823678; x=1739428478; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=a7ECNJBXu40RP2Clx2OxfF2Lbt/uQreXDitoikmAYNM=; b=rvGTfVpzsgxXhpDfh+C7jwzJJYaFoV/ccwdpbYPpxICWSmSBnmqAZxwZAyAh7nWISv NfAeuoyY2N+m/vAzxdWkJr1gnBjZpuCh5ORgnNKOuRa+zYdQXwKeThE0bc+JzXgxPJIK BtjTgKM2OeMfqzj9+TLFpIdvTnBxbCa0sc11Bmio1IYvYICZgmoevpFa7Ofk8pprQZWg cZ9Ft2fa1nvoL2e0BAVWu40wvkqdIZHj9ZjcwKvuDZ+ZcYN65nLV+b7fVgDDW4cBybvw 2+NlW1cf/DqwAtNjw4P+ohOOahyHxcWarZVDciGeysUmzDvO79RGOt/2LM3n8AovkRTD qZ8Q== X-Forwarded-Encrypted: i=1; AJvYcCWzlTZZQC++oMTK/fTWUvKcm0f1TaMO1+3e9fTGF4MDkfX805PqmxFEPrkIb4rYbG8Q909XrfuIwg==@kvack.org X-Gm-Message-State: AOJu0YxnqCBVY3F5wPhKWKOoHGVDAl9xfvaBUCkhc9YJAIrrrVLPNzac Nq053eKVXvSqKv1eeHtu2rC2TmxDf4LgTD0dzoW/9gLLLdX2i7UZIDj5P+DdBA== X-Gm-Gg: ASbGnctEb+vCEfbkIj/7pLuJvWce+c8xYYzIvS+R8pvunEV+r1ndHUaQcQjKG9neD8B DI3tGuZYzctIzYucJI7cejeaRgBSnuFEVqiCaSjIgwKpwoDdz+nr3//sU4uV6zpglYHocgjoBw7 Lzw+Au1NbEM156lq4uGMU6/V3QM3DgjgfmXsaBhcRaN++XwxgHbIYnKxPJTLEY4z5Y3OuVceNEo LYWNLC9lkfWmPpWEupO7goANiGRsheV5OacFcQ3lN+f8WMl2X+shhJI3VUFUuvwhBE+IwFYaBIu YyUjjCjN2NW6A4CRN/g= X-Google-Smtp-Source: AGHT+IH2hs1CTPH8ai63DHl8Dw9B7d0EhYu7JD/3b18TSz8mXtvbx2qi1AzsEls4nrBxaiYiKzflpA== X-Received: by 2002:a17:902:d583:b0:211:8404:a957 with SMTP id d9443c01a7336-21f17edda50mr105723575ad.41.1738823677923; Wed, 05 Feb 2025 22:34:37 -0800 (PST) Received: from google.com ([2401:fa00:8f:203:28ab:cea4:aa8a:127a]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21f3687c4c6sm4667755ad.176.2025.02.05.22.34.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Feb 2025 22:34:37 -0800 (PST) Date: Thu, 6 Feb 2025 15:34:26 +0900 From: Sergey Senozhatsky To: "Kirill A. Shutemov" Cc: Kairui Song , Andrew Morton , "Matthew Wilcox (Oracle)" , Jens Axboe , "Jason A. Donenfeld" , Andi Shyti , Chengming Zhou , Christian Brauner , Christophe Leroy , Dan Carpenter , David Airlie , David Hildenbrand , Hao Ge , Jani Nikula , Johannes Weiner , Joonas Lahtinen , Josef Bacik , Masami Hiramatsu , Mathieu Desnoyers , Miklos Szeredi , Nhat Pham , Oscar Salvador , Ran Xiaokai , Rodrigo Vivi , Simona Vetter , Steven Rostedt , Tvrtko Ursulin , Vlastimil Babka , Yosry Ahmed , Yu Zhao , intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-trace-kernel@vger.kernel.org Subject: Re: [PATCHv3 06/11] mm/vmscan: Use PG_dropbehind instead of PG_reclaim Message-ID: <6vfuyhsy5mkyjscyffrjg3xbu3e5qx46ipqbwnrshnp3ernzw2@m2f3lycrg5z4> References: <20250130100050.1868208-1-kirill.shutemov@linux.intel.com> <20250130100050.1868208-7-kirill.shutemov@linux.intel.com> <42h65xowqe36eymr6pcomo7wzpe26kzwvyzg44hftqqczc5n6y@w2z5wvdrvktm> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42h65xowqe36eymr6pcomo7wzpe26kzwvyzg44hftqqczc5n6y@w2z5wvdrvktm> X-Stat-Signature: cps9uooy8zj7jeoypp9dmpujuowr3oe8 X-Rspamd-Queue-Id: 45F83160004 X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1738823679-294970 X-HE-Meta: U2FsdGVkX1/N4lmW64i/cbLRRsMqqpSfrNSuJ36sn7AJfOdaxJwgXeuRkuj/NHndqhI67xA9+k9GBWBF16X8jzqL3Q4VgGBDTTNAvbo+LN3awpFub8INihsNt0el18t/HljIjEMW1GrHCgyneCdLWovjrLgCyyq/en6satkQ9f30lfNo1iF+102NT8OX0Dv64BcIT581JXHWVMpj9BSZxfCm1Imap2cuRwMF2lVP99EoZCYjcrSYyJ7stH4Yz+3fNTXIIHL070IwMIRfl62FxC6WguFwV29ieimR4KyNejJqRVi7gQKLm/oL+C8cB7me37z1ZRmpAIkdkkcbSy7UxVz/xa3bYm+oJOP2uWbXnXa4oWaYdum2mBIZ19Xm80Fd/a8FxBbFmxqDveUMfrI/FsBlqL+aHaYyFLgGgX7/9y064TfIx0yvp1avObhXVgKCeG7jvr/3NDpFTJGHvuWG7jW1W+zckF4N9iZHL/mrwepHe+vBKmHumUOB/Z9XFoPBoPkq2E6sAo6UohufVRwgYjBG6UP2oaHGdydeaVOMGqbZDJRT21jWVUmU4NVryhr63/okFBgVqh/OL9jZKQeKgXgJ9j0O6qTImPdtlPa/ZCU0CenDfNqQjn1esVvltzE/EC7VX9KXxjauFXwT3IjMMv9rlEEbD4Zc8NxDAHOVw/7YT9x0WaK4LBAvTxufo1tfs8/dsO9Skqr3APW05qMsB787n8aIhFGQgRo3daQjBsOwBrbsFbBy6bNQvr8FkOhhN0rtJkTL8hNHtiYq1e0wv3ze0NfPtdxYIr6HoxL/uJpcRPW9m68WdveUlWPyxuw1F/FsVME2HM+9ieq32lWlFlhVL5HsjTMwXbQpUQlcHCezuB82CO5PE8No2joUqDSywOJU94rBdXVbse5h1Yn1DsjBK+HyjoHx6x/QC0uRo292KvRxmGeDmrOhoWpiSJTapDlpFZltIVuNk218kMS dbprAKDA Xr6healxOS1svGx5h4t5M5hjhMn5mKN/41ZssfX+GZOTrVpzK8o+rDl+wefLvyZZ04yE4MWuCdo02vtpsrREkBJzplv4p88kGRboG8AbXZiQ5V/GBWMgbH0KH3ljmpAFIIHShVyahT7BYrT/jfqibGPEPfyhuC+T7WwZTH3xo3/YcWj3EWZXmVJKArlACpU/6oDh4LWk4rsp9Yg19P1hS6FH40+aaVSdb8nhkKG9DmfSlXg1GLtinjnqRp2JHPfhIpBFxBDlVeUCP8OFbWkAjmP9dwzyeuR2CMqkEjeFQkYHIO83mH8fp8SPDh6nUQC5TBOQGdQJHRMrbbi++pwPvs0RXYphoC9ZYxoL7gZyRq4U67pL7yRAaooFcmXD2lDENwXO9gMSaqx4vzRCVJcdVA5cFgg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On (25/02/03 10:39), Kirill A. Shutemov wrote: > > Hi, I'm seeing following panic with SWAP after this commit: > > > > [ 29.672319] Oops: general protection fault, probably for > > non-canonical address 0xffff88909a3be3: 0000 [#1] PREEMPT SMP NOPTI > > [ 29.675503] CPU: 82 UID: 0 PID: 5145 Comm: tar Kdump: loaded Not > > tainted 6.13.0.ptch-g1fe9ea48ec98 #917 > > [ 29.677508] Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 > > [ 29.678886] RIP: 0010:__lock_acquire+0x20/0x15d0 > > Ouch. > > I failed to trigger it my setup. Could you share your reproducer? I'm seeing this as well (backtraces below). My repro is: - 4GB VM with 2 zram devices - one is setup as swap - the other one has ext4 fs on it - I dd large files to it --- xa_lock_irq(&mapping->i_pages): [ 94.609589][ T157] Oops: general protection fault, probably for non-canonical address 0xe01ffbf11020301a: 0000 [#1] PREEMPT SMP KASAN PTI [ 94.611881][ T157] KASAN: maybe wild-memory-access in range [0x00ffff88810180d0-0x00ffff88810180d7] [ 94.613567][ T157] CPU: 1 UID: 0 PID: 157 Comm: kswapd0 Not tainted 6.13.0+ #927 [ 94.614947][ T157] RIP: 0010:__lock_acquire+0x6a/0x1ef0 [ 94.615942][ T157] Code: 08 84 d2 0f 85 ed 13 00 00 44 8b 05 24 30 d5 02 45 85 c0 0f 84 bc 07 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 eb 18 00 00 49 8b 04 24 48 3d a0 8b ac 84 0f 84 [ 94.619668][ T157] RSP: 0018:ffff88810510eec0 EFLAGS: 00010002 [ 94.620835][ T157] RAX: dffffc0000000000 RBX: 1ffff11020a21df5 RCX: 1ffffffff084c092 [ 94.622329][ T157] RDX: 001ffff11020301a RSI: 0000000000000000 RDI: 00ffff88810180d1 [ 94.623779][ T157] RBP: 00ffff88810180d1 R08: 0000000000000001 R09: 0000000000000000 [ 94.625213][ T157] R10: ffffffff8425d0d7 R11: 0000000000000000 R12: 00ffff88810180d1 [ 94.626656][ T157] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 [ 94.628086][ T157] FS: 0000000000000000(0000) GS:ffff88815aa80000(0000) knlGS:0000000000000000 [ 94.629700][ T157] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.630894][ T157] CR2: 00007f757719c2b0 CR3: 0000000003c82005 CR4: 0000000000770ef0 [ 94.632333][ T157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 94.633796][ T157] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 94.635265][ T157] PKRU: 55555554 [ 94.635909][ T157] Call Trace: [ 94.636512][ T157] [ 94.637052][ T157] ? show_trace_log_lvl+0x1a7/0x2e0 [ 94.638005][ T157] ? show_trace_log_lvl+0x1a7/0x2e0 [ 94.638960][ T157] ? lock_acquire.part.0+0xfa/0x310 [ 94.639909][ T157] ? __die_body.cold+0x8/0x12 [ 94.640765][ T157] ? die_addr+0x42/0x70 [ 94.641530][ T157] ? exc_general_protection+0x12e/0x210 [ 94.642558][ T157] ? asm_exc_general_protection+0x22/0x30 [ 94.643610][ T157] ? __lock_acquire+0x6a/0x1ef0 [ 94.644506][ T157] ? _raw_spin_unlock_irq+0x24/0x40 [ 94.645468][ T157] ? __wait_for_common+0x2f2/0x610 [ 94.646412][ T157] ? pci_mmcfg_reserved+0x120/0x120 [ 94.647364][ T157] ? submit_bio_noacct_nocheck+0x32e/0x3e0 [ 94.648448][ T157] ? lock_is_held_type+0x81/0xe0 [ 94.649360][ T157] lock_acquire.part.0+0xfa/0x310 [ 94.650288][ T157] ? folio_unmap_invalidate+0x286/0x550 [ 94.651324][ T157] ? __lock_acquire+0x1ef0/0x1ef0 [ 94.652250][ T157] ? submit_bio_wait+0x17c/0x200 [ 94.653166][ T157] ? submit_bio_wait_endio+0x40/0x40 [ 94.654140][ T157] ? lock_acquire+0x18a/0x1f0 [ 94.655008][ T157] _raw_spin_lock+0x2c/0x40 [ 94.655853][ T157] ? folio_unmap_invalidate+0x286/0x550 [ 94.656879][ T157] folio_unmap_invalidate+0x286/0x550 [ 94.657866][ T157] folio_end_writeback+0x146/0x190 [ 94.658815][ T157] swap_writepage_bdev_sync+0x312/0x410 [ 94.659840][ T157] ? swap_read_folio_bdev_sync+0x3c0/0x3c0 [ 94.660917][ T157] ? do_raw_spin_lock+0x12a/0x260 [ 94.661845][ T157] ? __rwlock_init+0x150/0x150 [ 94.662726][ T157] ? bio_kmalloc+0x20/0x20 [ 94.663548][ T157] ? swapcache_clear+0xd0/0xd0 [ 94.664431][ T157] swap_writepage+0x2a5/0x720 [ 94.665298][ T157] pageout+0x304/0x6a0 [ 94.666052][ T157] ? get_pte_pfn.isra.0+0x4d0/0x4d0 [ 94.667025][ T157] ? find_held_lock+0x2d/0x110 [ 94.667912][ T157] ? enable_swap_slots_cache+0x90/0x90 [ 94.668925][ T157] ? arch_tlbbatch_flush+0x1f6/0x370 [ 94.669903][ T157] shrink_folio_list+0x19b5/0x2600 [ 94.670856][ T157] ? pageout+0x6a0/0x6a0 [ 94.671649][ T157] ? isolate_folios+0x156/0x320 [ 94.672544][ T157] ? find_held_lock+0x2d/0x110 [ 94.673428][ T157] ? mark_lock+0xcc/0x12c0 [ 94.674258][ T157] ? mark_lock_irq+0x1cd0/0x1cd0 [ 94.675174][ T157] ? reacquire_held_locks+0x4d0/0x4d0 [ 94.676166][ T157] ? mark_held_locks+0x94/0xe0 [ 94.677045][ T157] evict_folios+0x4bb/0x1580 [ 94.677890][ T157] ? isolate_folios+0x320/0x320 [ 94.678787][ T157] ? __lock_acquire+0xc4c/0x1ef0 [ 94.679695][ T157] ? lock_is_held_type+0x81/0xe0 [ 94.680607][ T157] try_to_shrink_lruvec+0x41e/0x9e0 [ 94.681564][ T157] ? __lock_acquire+0xc4c/0x1ef0 [ 94.682482][ T157] ? evict_folios+0x1580/0x1580 [ 94.683390][ T157] ? lock_release+0x105/0x260 [ 94.684255][ T157] lru_gen_shrink_node+0x25d/0x660 [ 94.685202][ T157] ? balance_pgdat+0x5b5/0xf00 [ 94.686083][ T157] ? try_to_shrink_lruvec+0x9e0/0x9e0 [ 94.687076][ T157] ? pgdat_balanced+0xb8/0x110 [ 94.687957][ T157] balance_pgdat+0x532/0xf00 [ 94.688803][ T157] ? shrink_node.part.0+0xc30/0xc30 [ 94.689758][ T157] ? io_schedule_timeout+0x110/0x110 [ 94.690741][ T157] ? reacquire_held_locks+0x4d0/0x4d0 [ 94.691723][ T157] ? __lock_acquire+0x1ef0/0x1ef0 [ 94.692643][ T157] ? zone_watermark_ok_safe+0x32/0x290 [ 94.693650][ T157] ? inactive_is_low.isra.0+0xe0/0xe0 [ 94.694639][ T157] ? do_raw_spin_lock+0x12a/0x260 [ 94.695567][ T157] kswapd+0x2ef/0x4e0 [ 94.696297][ T157] ? balance_pgdat+0xf00/0xf00 [ 94.697176][ T157] ? __kthread_parkme+0xb1/0x1c0 [ 94.698087][ T157] ? balance_pgdat+0xf00/0xf00 [ 94.698971][ T157] kthread+0x38b/0x700 [ 94.699721][ T157] ? kthread_is_per_cpu+0xb0/0xb0 [ 94.700648][ T157] ? lock_acquire+0x18a/0x1f0 [ 94.701516][ T157] ? kthread_is_per_cpu+0xb0/0xb0 [ 94.702438][ T157] ret_from_fork+0x2d/0x70 [ 94.703267][ T157] ? kthread_is_per_cpu+0xb0/0xb0 [ 94.704193][ T157] ret_from_fork_asm+0x11/0x20 [ 94.705074][ T157] Also UAF in compactd [ 95.249096][ T146] ================================================================== [ 95.254091][ T146] BUG: KASAN: slab-use-after-free in kcompactd+0x9cd/0xa60 [ 95.257959][ T146] Read of size 4 at addr ffff888105100018 by task kcompactd0/146 [ 95.262100][ T146] [ 95.263347][ T146] CPU: 11 UID: 0 PID: 146 Comm: kcompactd0 Tainted: G D W 6.13.0+ #927 [ 95.263363][ T146] Tainted: [D]=DIE, [W]=WARN [ 95.263367][ T146] Call Trace: [ 95.263379][ T146] [ 95.263386][ T146] dump_stack_lvl+0x57/0x80 [ 95.263403][ T146] print_address_description.constprop.0+0x88/0x330 [ 95.263416][ T146] ? kcompactd+0x9cd/0xa60 [ 95.263425][ T146] print_report+0xe2/0x1cc [ 95.263433][ T146] ? __virt_addr_valid+0x1d1/0x3b0 [ 95.263442][ T146] ? kcompactd+0x9cd/0xa60 [ 95.263449][ T146] ? kcompactd+0x9cd/0xa60 [ 95.263456][ T146] kasan_report+0xb9/0x180 [ 95.263466][ T146] ? kcompactd+0x9cd/0xa60 [ 95.263476][ T146] kcompactd+0x9cd/0xa60 [ 95.263487][ T146] ? kcompactd_do_work+0x710/0x710 [ 95.263495][ T146] ? prepare_to_swait_exclusive+0x260/0x260 [ 95.263506][ T146] ? __kthread_parkme+0xb1/0x1c0 [ 95.263520][ T146] ? kcompactd_do_work+0x710/0x710 [ 95.263527][ T146] kthread+0x38b/0x700 [ 95.263535][ T146] ? kthread_is_per_cpu+0xb0/0xb0 [ 95.263542][ T146] ? lock_acquire+0x18a/0x1f0 [ 95.263552][ T146] ? kthread_is_per_cpu+0xb0/0xb0 [ 95.263559][ T146] ret_from_fork+0x2d/0x70 [ 95.263569][ T146] ? kthread_is_per_cpu+0xb0/0xb0 [ 95.263576][ T146] ret_from_fork_asm+0x11/0x20 [ 95.263589][ T146] [ 95.263592][ T146] [ 95.293474][ T146] Allocated by task 2: [ 95.294209][ T146] kasan_save_stack+0x1e/0x40 [ 95.295111][ T146] kasan_save_track+0x10/0x30 [ 95.295978][ T146] __kasan_slab_alloc+0x62/0x70 [ 95.296860][ T146] kmem_cache_alloc_node_noprof+0xdb/0x2a0 [ 95.297915][ T146] dup_task_struct+0x32/0x550 [ 95.298797][ T146] copy_process+0x309/0x45d0 [ 95.299656][ T146] kernel_clone+0xb7/0x600 [ 95.300451][ T146] kernel_thread+0xb0/0xe0 [ 95.301253][ T146] kthreadd+0x3b5/0x620 [ 95.302019][ T146] ret_from_fork+0x2d/0x70 [ 95.302865][ T146] ret_from_fork_asm+0x11/0x20 [ 95.303724][ T146] [ 95.304146][ T146] Freed by task 0: [ 95.304836][ T146] kasan_save_stack+0x1e/0x40 [ 95.305708][ T146] kasan_save_track+0x10/0x30 [ 95.306569][ T146] kasan_save_free_info+0x37/0x50 [ 95.307515][ T146] __kasan_slab_free+0x33/0x40 [ 95.308402][ T146] kmem_cache_free+0xff/0x480 [ 95.309256][ T146] delayed_put_task_struct+0x15a/0x1d0 [ 95.310258][ T146] rcu_do_batch+0x2ee/0xb70 [ 95.311113][ T146] rcu_core+0x4a6/0xa10 [ 95.311868][ T146] handle_softirqs+0x191/0x650 [ 95.312747][ T146] __irq_exit_rcu+0xaf/0xe0 [ 95.313643][ T146] irq_exit_rcu+0xa/0x20 [ 95.314536][ T146] sysvec_apic_timer_interrupt+0x65/0x80 [ 95.315616][ T146] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 95.316702][ T146] [ 95.317127][ T146] Last potentially related work creation: [ 95.318155][ T146] kasan_save_stack+0x1e/0x40 [ 95.319006][ T146] kasan_record_aux_stack+0x97/0xa0 [ 95.319947][ T146] __call_rcu_common.constprop.0+0x70/0x7b0 [ 95.321014][ T146] __schedule+0x75d/0x1720 [ 95.321817][ T146] schedule_idle+0x55/0x80 [ 95.322624][ T146] cpu_startup_entry+0x50/0x60 [ 95.323490][ T146] start_secondary+0x1b6/0x210 [ 95.324354][ T146] common_startup_64+0x12c/0x138 [ 95.325248][ T146] [ 95.325669][ T146] The buggy address belongs to the object at ffff888105100000 [ 95.325669][ T146] which belongs to the cache task_struct of size 8200 [ 95.328215][ T146] The buggy address is located 24 bytes inside of [ 95.328215][ T146] freed 8200-byte region [ffff888105100000, ffff888105102008) [ 95.330692][ T146] [ 95.331116][ T146] The buggy address belongs to the physical page: [ 95.332275][ T146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105100 [ 95.333862][ T146] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.335399][ T146] flags: 0x8000000000000040(head|zone=2) [ 95.336425][ T146] page_type: f5(slab) [ 95.337155][ T146] raw: 8000000000000040 ffff888100a80c80 dead000000000122 0000000000000000 [ 95.338716][ T146] raw: 0000000000000000 0000000000030003 00000000f5000000 0000000000000000 [ 95.340273][ T146] head: 8000000000000040 ffff888100a80c80 dead000000000122 0000000000000000 [ 95.341844][ T146] head: 0000000000000000 0000000000030003 00000000f5000000 0000000000000000 [ 95.343418][ T146] head: 8000000000000003 ffffea0004144001 ffffffffffffffff 0000000000000000 [ 95.344977][ T146] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 95.346540][ T146] page dumped because: kasan: bad access detected [ 95.347701][ T146] [ 95.348123][ T146] Memory state around the buggy address: [ 95.349139][ T146] ffff8881050fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.350598][ T146] ffff8881050fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.352054][ T146] >ffff888105100000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.353510][ T146] ^ [ 95.354389][ T146] ffff888105100080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.355856][ T146] ffff888105100100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 95.357315][ T146] ==================================================================