Call Trace:
dump_stack_lvl+0x8b/0xb3
kernfs_put: syz6/memory.events: released with incorrect active_ref 0
dump_header+0x10b/0x7e4
WARNING: CPU: 0 PID: 48 at fs/kernfs/dir.c:531 kernfs_put.part.0+0x433/0x540
oom_kill_process.cold+0x10/0x15
Modules linked in:
out_of_memory+0x11e7/0x14b0
__alloc_pages_slowpath.constprop.0+0x1a72/0x2180
CPU: 0 PID: 48 Comm: kworker/0:2 Not tainted 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
__alloc_pages+0x421/0x4f0
RIP: 0010:kernfs_put.part.0+0x433/0x540
alloc_pages+0x1a0/0x2f0
Code: 03 80 3c 18 00 0f 85 ea 00 00 00 4d 8b 7d 38 e8 73 0b a7 ff 48 8b 14 24 44 89 f1 4c 89 fe 48 c7 c7 e0 58 72 84 e8 93 ac 6c 02 <0f> 0b e9 b9 fc ff ff 48 89 ef e8 0e b3 d9 ff e9 c1 fd ff ff e8 04
filemap_alloc_folio+0x2ce/0x360
RSP: 0018:ffff88800f45fbd8 EFLAGS: 00010286
__filemap_get_folio+0x328/0xd80
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
filemap_fault+0x1535/0x2270
RDX: ffff88800f2e8000 RSI: ffffffff812bd348 RDI: ffffed1001e8bf6d
RBP: ffff88800d2c62f0 R08: 0000000000000005 R09: 0000000000000000
__do_fault+0x10d/0x590
R10: 0000000080000000 R11: 0000000000000001 R12: ffff88800d2c62b8
__handle_mm_fault+0x135a/0x34f0
R13: ffff88800cdd59f8 R14: 0000000000000000 R15: ffff8880174f8938
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004521b0 CR3: 0000000018096000 CR4: 0000000000350ef0
handle_mm_fault+0x2e6/0xa10
Call Trace:
do_user_addr_fault+0x536/0x1300
exc_page_fault+0x98/0x1a0
kernfs_put+0x42/0x50
asm_exc_page_fault+0x27/0x30
kernfs_notify_workfn+0x417/0x560
RIP: 0033:0x7f3c1f5f4093
Code: Unable to access opcode bytes at RIP 0x7f3c1f5f4069.
RSP: 002b:00007ffc15dd72a0 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 000000000000001a RCX: 00007f3c1f61a8e1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffc15dd733c R08: 0000000000000000 R09: 00007ffc15df5080
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000032
process_one_work+0xa0f/0x1690
R13: 0000000000030b4b R14: 0000000000000014 R15: 00007ffc15dd73a0
Mem-Info:
active_anon:1165 inactive_anon:86328 isolated_anon:0
active_file:48 inactive_file:48 isolated_file:0
unevictable:0 dirty:13 writeback:0
slab_reclaimable:8864 slab_unreclaimable:58050
mapped:69677 shmem:111 pagetables:1029 bounce:0
kernel_misc_reclaimable:0
free:2686 free_pcp:0 free_cma:0
worker_thread+0x637/0x1250
Node 0 active_anon:4660kB inactive_anon:345312kB active_file:192kB inactive_file:192kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278708kB dirty:52kB writeback:0kB shmem:444kB writeback_tmp:0kB kernel_stack:4416kB pagetables:4116kB all_unreclaimable? no
Node 0
DMA free:6484kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
kthread+0x2ed/0x3a0
lowmem_reserve[]:
0
ret_from_fork+0x22/0x30
1615 1615 1615
Node 0 DMA32 free:4260kB boost:4096kB min:9216kB low:10868kB high:12520kB reserved_highatomic:2048KB active_anon:4240kB inactive_anon:345312kB active_file:144kB inactive_file:572kB unevictable:0kB writepending:304kB present:2080640kB managed:1658288kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
irq event stamp: 40749
lowmem_reserve[]: 0
hardirqs last enabled at (40759): [] asm_sysvec_apic_timer_interrupt+0x1b/0x20
0 0 0
hardirqs last disabled at (40770): [] sysvec_apic_timer_interrupt+0xb/0xc0
Node 0
softirqs last enabled at (39180): [] srcu_invoke_callbacks+0x1e5/0x3a0
DMA: 1*4kB
softirqs last disabled at (39176): [] srcu_invoke_callbacks+0x1b5/0x3a0
(U) 0*8kB
---[ end trace 0000000000000000 ]---
1*16kB (U)
==================================================================
0*32kB
BUG: KASAN: use-after-free in kernfs_notify+0x327/0x350
1*64kB
Read of size 2 at addr ffff88800d2c6350 by task ksoftirqd/0/13
(U)
CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G W 5.19.0-rc5-next-20220705 #1
0*128kB
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
1*256kB
print_report.cold+0x5e/0x5e1
(U)
0*512kB
kasan_report+0xb1/0x1b0
0*1024kB
kernfs_notify+0x327/0x350
1*2048kB
cgroup_file_notify+0xf5/0x1a0
(M)
1*4096kB
call_timer_fn+0x17d/0x5f0
(M)
= 6484kB
Node 0
DMA32:
__run_timers.part.0+0x65e/0xa50
522*4kB
(UME)
142*8kB
(UME)
run_timer_softirq+0xae/0x1a0
50*16kB
__do_softirq+0x1c8/0x8cc
(UM)
27*32kB
run_ksoftirqd+0x2d/0x60
(UMH)
smpboot_thread_fn+0x66f/0xa00
1*64kB
(H)
kthread+0x2ed/0x3a0
0*128kB
0*256kB
ret_from_fork+0x22/0x30
0*512kB
Allocated by task 297:
kasan_save_stack+0x1e/0x40
0*1024kB
__kasan_slab_alloc+0x66/0x80
0*2048kB
kmem_cache_alloc+0x1b1/0x490
__kernfs_new_node+0xd4/0x8b0
0*4096kB
kernfs_new_node+0x93/0x120
= 4952kB
__kernfs_create_file+0x51/0x350
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
cgroup_addrm_files+0x3e2/0x9d0
213 total pagecache pages
css_populate_dir+0x19b/0x450
0 pages in swap cache
cgroup_apply_control_enable+0x3ae/0xa40
Free swap = 0kB
cgroup_mkdir+0x824/0x11f0
Total swap = 0kB
kernfs_iop_mkdir+0x149/0x1d0
524158 pages RAM
vfs_mkdir+0x417/0x6a0
0 pages HighMem/MovableOnly
do_mkdirat+0x17b/0x2e0
105746 pages reserved
__x64_sys_mkdir+0xf2/0x140
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null)
do_syscall_64+0x3b/0x90
,cpuset=
entry_SYSCALL_64_after_hwframe+0x46/0xb0
Freed by task 48:
syz2
kasan_save_stack+0x1e/0x40
kasan_set_track+0x21/0x30
,mems_allowed=0
kasan_set_free_info+0x20/0x30
,global_oom
__kasan_slab_free+0x108/0x190
,task_memcg=
kmem_cache_free+0xfb/0x600
kernfs_put.part.0+0x2c7/0x540
/syz2
kernfs_put+0x42/0x50
,task=syz-executor.2,pid=298,uid=0
kernfs_notify_workfn+0x417/0x560
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
The buggy address belongs to the object at ffff88800d2c62b8
which belongs to the cache kernfs_node_cache of size 168
The buggy address is located 152 bytes inside of
168-byte region [ffff88800d2c62b8, ffff88800d2c6360)
The buggy address belongs to the physical page:
page:00000000b7a48e4f refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800d2c6d98 pfn:0xd2c6
flags: 0x100000000000200(slab|node=0|zone=1)
raw: 0100000000000200 ffffea00003a63c8 ffffea000036a208 ffff8880080358c0
raw: ffff88800d2c6d98 0000000000110009 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88800d2c6200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
ffff88800d2c6280: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb
>ffff88800d2c6300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
^
ffff88800d2c6380: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
ffff88800d2c6400: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
==================================================================
------------[ cut here ]------------
WARNING: CPU: 0 PID: 13 at fs/kernfs/dir.c:504 kernfs_get.part.0+0x69/0x80
Modules linked in:
CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:kernfs_get.part.0+0x69/0x80
Code: 31 ff 89 ee e8 c8 0c a7 ff 85 ed 74 18 e8 ef 0f a7 ff be 04 00 00 00 48 89 df e8 d2 ba d9 ff f0 ff 03 5b 5d c3 e8 d7 0f a7 ff <0f> 0b eb df 48 89 df e8 7b b7 d9 ff eb c6 66 0f 1f 84 00 00 00 00
RSP: 0018:ffff88800825fb68 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff88800d2c62b8 RCX: 0000000000000100
RDX: ffff888008250000 RSI: ffffffff819de5c9 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: 1ffffffff0a01e40 R14: ffff88800d2c62b8 R15: ffff888045770490
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004521b0 CR3: 0000000018096000 CR4: 0000000000350ef0
Call Trace:
kernfs_get+0x1b/0x30
kernfs_notify+0x180/0x350
cgroup_file_notify+0xf5/0x1a0
call_timer_fn+0x17d/0x5f0
__run_timers.part.0+0x65e/0xa50
run_timer_softirq+0xae/0x1a0
__do_softirq+0x1c8/0x8cc
run_ksoftirqd+0x2d/0x60
smpboot_thread_fn+0x66f/0xa00
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
irq event stamp: 6813871
hardirqs last enabled at (6813870): [] _raw_spin_unlock_irq+0x1f/0x40
hardirqs last disabled at (6813871): [] _raw_spin_lock_irqsave+0x4e/0x50
softirqs last enabled at (6813810): [] run_ksoftirqd+0x2d/0x60
softirqs last disabled at (6813815): [] run_ksoftirqd+0x2d/0x60
---[ end trace 0000000000000000 ]---
Out of memory (oom_kill_allocating_task): Killed process 298 (syz-executor.2) total-vm:93280kB, anon-rss:384kB, file-rss:34768kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:0
systemd-journal invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=-250
CPU: 0 PID: 112 Comm: systemd-journal Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
dump_header+0x10b/0x7e4
oom_kill_process.cold+0x10/0x15
out_of_memory+0x11e7/0x14b0
__alloc_pages_slowpath.constprop.0+0x1a72/0x2180
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
filemap_alloc_folio+0x2ce/0x360
__filemap_get_folio+0x328/0xd80
filemap_fault+0x1535/0x2270
__do_fault+0x10d/0x590
__handle_mm_fault+0x135a/0x34f0
handle_mm_fault+0x2e6/0xa10
do_user_addr_fault+0x536/0x1300
exc_page_fault+0x98/0x1a0
asm_exc_page_fault+0x27/0x30
RIP: 0033:0x7fd16512c116
Code: Unable to access opcode bytes at RIP 0x7fd16512c0ec.
RSP: 002b:00007ffe2e868da0 EFLAGS: 00010293
RAX: 0000000000000001 RBX: 0000562405774360 RCX: 00007fd16512c116
RDX: 0000000000000014 RSI: 000056240577a8f0 RDI: 0000000000000008
RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007ffe2e9c1080
R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000000
Mem-Info:
active_anon:1165 inactive_anon:86328 isolated_anon:0
active_file:23 inactive_file:17 isolated_file:0
unevictable:0 dirty:13 writeback:0
slab_reclaimable:8864 slab_unreclaimable:58050
mapped:69656 shmem:111 pagetables:1029 bounce:0
kernel_misc_reclaimable:0
free:2399 free_pcp:82 free_cma:0
Node 0 active_anon:4660kB inactive_anon:345312kB active_file:92kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278624kB dirty:52kB writeback:0kB shmem:444kB writeback_tmp:0kB kernel_stack:4160kB pagetables:4116kB all_unreclaimable? yes
Node 0 DMA free:6484kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:3112kB boost:0kB min:5120kB low:6772kB high:8424kB reserved_highatomic:2048KB active_anon:4240kB inactive_anon:345312kB active_file:144kB inactive_file:572kB unevictable:0kB writepending:304kB present:2080640kB managed:1658288kB mlocked:0kB bounce:0kB free_pcp:336kB local_pcp:248kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6484kB
Node 0 DMA32: 397*4kB (UME) 84*8kB (UME) 29*16kB (UM) 19*32kB (UMH) 1*64kB (H) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3396kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
171 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105746 pages reserved
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=112,uid=0
Out of memory (oom_kill_allocating_task): Killed process 112 (systemd-journal) total-vm:31948kB, anon-rss:872kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:76kB oom_score_adj:-250
syz-executor.2: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0
CPU: 0 PID: 4193 Comm: syz-executor.2 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
warn_alloc.cold+0x95/0x18a
__alloc_pages_slowpath.constprop.0+0x1bf1/0x2180
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
relay_open_buf.part.0+0x2a4/0xc00
relay_open+0x544/0xa50
do_blk_trace_setup+0x4bc/0xb60
__blk_trace_setup+0xca/0x180
blk_trace_setup+0x43/0x60
sg_ioctl+0x6a8/0x2820
__x64_sys_ioctl+0x196/0x210
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f3c1f5f5b19
Code: Unable to access opcode bytes at RIP 0x7f3c1f5f5aef.
RSP: 002b:00007f3c1cb4a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f3c1f709020 RCX: 00007f3c1f5f5b19
RDX: 0000000020000180 RSI: 00000000c0481273 RDI: 0000000000000007
RBP: 00007f3c1f64ff6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc15dd708f R14: 00007f3c1cb4a300 R15: 0000000000022000
Mem-Info:
active_anon:1165 inactive_anon:86328 isolated_anon:0
active_file:19 inactive_file:14 isolated_file:0
unevictable:0 dirty:13 writeback:0
slab_reclaimable:8864 slab_unreclaimable:58050
mapped:69656 shmem:111 pagetables:1029 bounce:0
kernel_misc_reclaimable:0
free:2273 free_pcp:210 free_cma:0
Node 0 active_anon:4660kB inactive_anon:345312kB active_file:76kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278624kB dirty:52kB writeback:0kB shmem:444kB writeback_tmp:0kB kernel_stack:4160kB pagetables:4116kB all_unreclaimable? yes
Node 0 DMA free:6484kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:2608kB boost:4096kB min:9216kB low:10868kB high:12520kB reserved_highatomic:2048KB active_anon:4240kB inactive_anon:345312kB active_file:144kB inactive_file:572kB unevictable:0kB writepending:304kB present:2080640kB managed:1658288kB mlocked:0kB bounce:0kB free_pcp:840kB local_pcp:720kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6484kB
Node 0 DMA32: 314*4kB (UME) 75*8kB (UME) 17*16kB (UM) 14*32kB (UH) 1*64kB (H) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2640kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
171 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105746 pages reserved
systemd[1]: ssh.service: A process of this unit has been killed by the OOM killer.
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL
systemd[1]: systemd-journald.service: Failed with result 'oom-kill'.
systemd[1]: systemd-journald.service: Consumed 5.258s CPU time.
systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopping Flush Journal to Persistent Storage...
systemd[1]: Starting Load/Save RF Kill Switch Status...
systemd[1]: ssh.service: Failed with result 'oom-kill'.
systemd[1]: ssh.service: Unit process 258 (sshd) remains running after unit stopped.
systemd[1]: ssh.service: Unit process 301 (syz-executor.7) remains running after unit stopped.
systemd[1]: ssh.service: Consumed 1min 37.817s CPU time.
systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1.
systemd[1]: Stopped OpenBSD Secure Shell server.
systemd[1]: ssh.service: Consumed 1min 37.834s CPU time.
systemd[1]: ssh.service: Found left-over process 258 (sshd) in control group while starting unit. Ignoring.
systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
systemd[1]: ssh.service: Found left-over process 301 (syz-executor.7) in control group while starting unit. Ignoring.
systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
systemd[1]: Starting OpenBSD Secure Shell server...
systemd[1]: Started Load/Save RF Kill Switch Status.
systemd[1]: systemd-journal-flush.service: Succeeded.
systemd[1]: Stopped Flush Journal to Persistent Storage.
systemd[1]: Stopped Journal Service.
systemd[1]: systemd-journald.service: Consumed 5.258s CPU time.
systemd[1]: Starting Journal Service...
oom_reaper: reaped process 4187 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=0, oom_score_adj=-250
CPU: 1 PID: 4233 Comm: systemd-journal Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
dump_header+0x10b/0x7e4
oom_kill_process.cold+0x10/0x15
out_of_memory+0x11e7/0x14b0
__alloc_pages_slowpath.constprop.0+0x1a72/0x2180
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
allocate_slab+0x25b/0x310
___slab_alloc+0x6c7/0xab0
kmem_cache_alloc_bulk+0x264/0x790
mas_alloc_nodes+0x2a6/0x6a0
mas_preallocate+0xff/0x2d0
do_mas_align_munmap.constprop.0+0x111/0xff0
do_mas_munmap+0x1e8/0x2b0
mmap_region+0x21c/0x19f0
do_mmap+0x824/0xf40
vm_mmap_pgoff+0x1ab/0x270
ksys_mmap_pgoff+0x3cc/0x4f0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f8e29ff8d82
Code: eb aa 66 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 33 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 56 5b 5d c3 0f 1f 00 c7 05 ae 03 01 00 16 00
RSP: 002b:00007ffe4f96b168 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000812 RCX: 00007f8e29ff8d82
RDX: 0000000000000001 RSI: 0000000000014000 RDI: 00007f8e293a2000
RBP: 00007f8e293a2000 R08: 000000000000000a R09: 000000000000b000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007f8e2979d860
R13: 00007ffe4f96b180 R14: 00007ffe4f96b1e0 R15: 00007ffe4f96b510
Mem-Info:
active_anon:38 inactive_anon:8092 isolated_anon:0
active_file:1089 inactive_file:1089 isolated_file:0
unevictable:0 dirty:20 writeback:0
slab_reclaimable:8321 slab_unreclaimable:57512
mapped:10513 shmem:85 pagetables:387 bounce:0
kernel_misc_reclaimable:0
free:3752 free_pcp:38 free_cma:0
Node 0 active_anon:152kB inactive_anon:32368kB active_file:4356kB inactive_file:4356kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:42052kB dirty:80kB writeback:0kB shmem:340kB writeback_tmp:0kB kernel_stack:3648kB pagetables:1548kB all_unreclaimable? no
Node 0 DMA free:6484kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:8524kB boost:12288kB min:17408kB low:19060kB high:20712kB reserved_highatomic:2048KB active_anon:152kB inactive_anon:32336kB active_file:4660kB inactive_file:4600kB unevictable:0kB writepending:164kB present:2080640kB managed:1658288kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6500kB
Node 0 DMA32: 706*4kB (UME) 301*8kB (UME) 103*16kB (UME) 27*32kB (UMH) 6*64kB (H) 4*128kB (H) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8896kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
2255 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105746 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 30KB 30KB
fib6_nodes 24KB 24KB
ip6_dst_cache 22KB 22KB
PINGv6 31KB 31KB
RAWv6 94KB 94KB
UDPv6 62KB 62KB
tw_sock_TCPv6 15KB 15KB
TCPv6 62KB 62KB
scsi_sense_cache 8KB 8KB
virtio_scsi_cmd 16KB 16KB
bio-120 7KB 7KB
sgpool-128 59KB 59KB
sgpool-64 63KB 63KB
sgpool-32 110KB 110KB
sgpool-16 52KB 52KB
sgpool-8 56KB 56KB
io_kiocb 11KB 11KB
mqueue_inode_cache 60KB 60KB
nfs_commit_data 15KB 15KB
nfs_write_data 47KB 47KB
jbd2_inode 7KB 7KB
ext4_system_zone 7KB 7KB
ext4_io_end_vec 7KB 7KB
ext4_bio_post_read_ctx 15KB 15KB
kioctx 15KB 15KB
aio_kiocb 3KB 3KB
pid_namespace 7KB 7KB
rpc_buffers 31KB 31KB
rpc_tasks 3KB 3KB
UNIX-STREAM 236KB 320KB
UNIX 194KB 256KB
tcp_bind_bucket 8KB 8KB
ip_fib_trie 8KB 8KB
ip_fib_alias 11KB 11KB
ip_dst_cache 8KB 8KB
RAW 31KB 31KB
UDP 189KB 189KB
request_sock_TCP 7KB 7KB
TCP 58KB 58KB
hugetlbfs_inode_cache 15KB 15KB
bio-248 11KB 11KB
ep_head 8KB 8KB
eventpoll_pwq 15KB 15KB
eventpoll_epi 31KB 31KB
inotify_inode_mark 27KB 27KB
request_queue 63KB 63KB
blkdev_ioc 8KB 8KB
bio-184 36KB 36KB
biovec-max 306KB 480KB
biovec-64 220KB 220KB
biovec-16 41KB 41KB
uid_cache 7KB 7KB
dmaengine-unmap-2 4KB 4KB
audit_buffer 7KB 7KB
skbuff_fclone_cache 105KB 135KB
skbuff_head_cache 437KB 476KB
file_lock_cache 55KB 55KB
file_lock_ctx 7KB 7KB
fsnotify_mark_connector 20KB 20KB
taskstats 23KB 23KB
proc_dir_entry 356KB 356KB
pde_opener 7KB 7KB
seq_file 60KB 60KB
sigqueue 43KB 43KB
shmem_inode_cache 1367KB 1423KB
kernfs_iattrs_cache 262KB 262KB
kernfs_node_cache 5253KB 5253KB
mnt_cache 133KB 133KB
filp 1070KB 1462KB
names_cache 8368KB 8427KB
net_namespace 95KB 95KB
hashtab_node 278KB 278KB
ebitmap_node 1149KB 1149KB
avtab_node 4980KB 4980KB
avc_node 31KB 31KB
lsm_inode_cache 2941KB 3296KB
lsm_file_cache 64KB 128KB
key_jar 23KB 23KB
uts_namespace 15KB 15KB
nsproxy 7KB 7KB
vm_area_struct 945KB 945KB
mm_struct 215KB 283KB
fs_cache 42KB 48KB
files_cache 180KB 191KB
signal_cache 312KB 364KB
sighand_cache 330KB 330KB
task_struct 1063KB 1257KB
cred_jar 114KB 136KB
anon_vma_chain 224KB 224KB
anon_vma 193KB 208KB
pid 71KB 75KB
Acpi-Operand 87KB 146KB
Acpi-ParseExt 31KB 31KB
Acpi-Parse 35KB 51KB
Acpi-State 39KB 55KB
Acpi-Namespace 28KB 28KB
numa_policy 3KB 3KB
perf_event 95KB 95KB
trace_event_file 175KB 175KB
ftrace_event_field 308KB 308KB
pool_workqueue 32KB 32KB
maple_node 5392KB 5392KB
task_group 16KB 16KB
vmap_area 47KB 47KB
page->ptl 125KB 149KB
kmemleak_scan_area 19KB 19KB
kmemleak_object 135321KB 144934KB
kmalloc-cg-8k 64KB 64KB
kmalloc-cg-4k 2720KB 2720KB
kmalloc-cg-2k 1824KB 1824KB
kmalloc-cg-1k 438KB 480KB
kmalloc-cg-512 277KB 288KB
kmalloc-cg-256 40KB 40KB
kmalloc-cg-192 40KB 40KB
kmalloc-cg-128 40KB 40KB
kmalloc-cg-96 20KB 20KB
kmalloc-cg-64 16KB 16KB
kmalloc-cg-32 47KB 60KB
kmalloc-cg-16 8KB 8KB
kmalloc-cg-8 11KB 11KB
kmalloc-8k 5408KB 5408KB
kmalloc-4k 3768KB 3904KB
kmalloc-2k 3196KB 3424KB
kmalloc-1k 3264KB 3264KB
kmalloc-512 2670KB 2960KB
kmalloc-256 1088KB 1088KB
kmalloc-192 490KB 492KB
kmalloc-128 273KB 300KB
kmalloc-96 313KB 412KB
kmalloc-64 1062KB 1264KB
kmalloc-32 498KB 504KB
kmalloc-16 324KB 332KB
kmalloc-8 258KB 262KB
kmem_cache_node 51KB 51KB
kmem_cache 78KB 78KB
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=4233,uid=0
Out of memory (oom_kill_allocating_task): Killed process 4233 (systemd-journal) total-vm:13056kB, anon-rss:236kB, file-rss:188kB, shmem-rss:0kB, UID:0 pgtables:60kB oom_score_adj:-250
syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
CPU: 0 PID: 4217 Comm: syz-executor.2 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
dump_stack_lvl+0x8b/0xb3
dump_header+0x10b/0x7e4
oom_kill_process.cold+0x10/0x15
out_of_memory+0x11e7/0x14b0
__alloc_pages_slowpath.constprop.0+0x1a72/0x2180
__alloc_pages+0x421/0x4f0
alloc_pages+0x1a0/0x2f0
relay_open_buf.part.0+0x2a4/0xc00
relay_open+0x544/0xa50
do_blk_trace_setup+0x4bc/0xb60
__blk_trace_setup+0xca/0x180
blk_trace_setup+0x43/0x60
sg_ioctl+0x6a8/0x2820
__x64_sys_ioctl+0x196/0x210
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f3c1f5f5b19
Code: Unable to access opcode bytes at RIP 0x7f3c1f5f5aef.
RSP: 002b:00007f3c1cac6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f3c1f709320 RCX: 00007f3c1f5f5b19
RDX: 0000000020000180 RSI: 00000000c0481273 RDI: 0000000000000007
RBP: 00007f3c1f64ff6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffc15dd708f R14: 00007f3c1cac6300 R15: 0000000000022000
Mem-Info:
active_anon:36 inactive_anon:8106 isolated_anon:0
active_file:43 inactive_file:13 isolated_file:0
unevictable:0 dirty:20 writeback:0
slab_reclaimable:8058 slab_unreclaimable:57589
mapped:8699 shmem:85 pagetables:374 bounce:0
kernel_misc_reclaimable:0
free:2141 free_pcp:0 free_cma:0
Node 0 active_anon:144kB inactive_anon:32424kB active_file:84kB inactive_file:136kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34796kB dirty:80kB writeback:0kB shmem:340kB writeback_tmp:0kB kernel_stack:3648kB pagetables:1496kB all_unreclaimable? yes
Node 0 DMA free:6484kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 1615 1615 1615
Node 0 DMA32 free:2080kB boost:0kB min:5120kB low:6772kB high:8424kB reserved_highatomic:2048KB active_anon:144kB inactive_anon:32392kB active_file:0kB inactive_file:204kB unevictable:0kB writepending:164kB present:2080640kB managed:1658288kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
lowmem_reserve[]: 0 0 0 0
Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6484kB
Node 0 DMA32: 12*4kB (UM) 57*8kB (U) 18*16kB (U) 12*32kB (UH) 6*64kB (H) 4*128kB (H) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2328kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
160 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
105746 pages reserved
Unreclaimable slab info:
Name Used Total
pid_2 30KB 30KB
fib6_nodes 24KB 24KB
ip6_dst_cache 22KB 22KB
PINGv6 31KB 31KB
RAWv6 94KB 94KB
UDPv6 62KB 62KB
tw_sock_TCPv6 15KB 15KB
TCPv6 62KB 62KB
scsi_sense_cache 8KB 8KB
virtio_scsi_cmd 16KB 16KB
bio-120 7KB 7KB
sgpool-128 59KB 59KB
sgpool-64 63KB 63KB
sgpool-32 110KB 110KB
sgpool-16 52KB 52KB
sgpool-8 56KB 56KB
io_kiocb 11KB 11KB
mqueue_inode_cache 60KB 60KB
nfs_commit_data 15KB 15KB
nfs_write_data 47KB 47KB
jbd2_inode 7KB 7KB
ext4_system_zone 7KB 7KB
ext4_io_end_vec 7KB 7KB
ext4_bio_post_read_ctx 15KB 15KB
kioctx 15KB 15KB
aio_kiocb 3KB 3KB
pid_namespace 7KB 7KB
rpc_buffers 31KB 31KB
rpc_tasks 3KB 3KB
UNIX-STREAM 236KB 320KB
UNIX 194KB 256KB
tcp_bind_bucket 8KB 8KB
ip_fib_trie 8KB 8KB
ip_fib_alias 11KB 11KB
ip_dst_cache 8KB 8KB
RAW 31KB 31KB
UDP 189KB 189KB
request_sock_TCP 7KB 7KB
TCP 58KB 58KB
hugetlbfs_inode_cache 15KB 15KB
bio-248 11KB 11KB
ep_head 8KB 8KB
eventpoll_pwq 15KB 15KB
eventpoll_epi 31KB 31KB
inotify_inode_mark 27KB 27KB
request_queue 63KB 63KB
blkdev_ioc 8KB 8KB
bio-184 36KB 36KB
biovec-max 306KB 480KB
biovec-64 220KB 220KB
biovec-16 41KB 41KB
uid_cache 7KB 7KB
dmaengine-unmap-2 4KB 4KB
audit_buffer 7KB 7KB
skbuff_fclone_cache 105KB 135KB
skbuff_head_cache 449KB 476KB
file_lock_cache 55KB 55KB
file_lock_ctx 7KB 7KB
fsnotify_mark_connector 20KB 20KB
taskstats 23KB 23KB
proc_dir_entry 356KB 356KB
pde_opener 7KB 7KB
seq_file 60KB 60KB
sigqueue 43KB 43KB
shmem_inode_cache 1367KB 1423KB
kernfs_iattrs_cache 262KB 262KB
kernfs_node_cache 5253KB 5253KB
mnt_cache 133KB 133KB
filp 1070KB 1462KB
names_cache 8368KB 8427KB
net_namespace 95KB 95KB
hashtab_node 278KB 278KB
ebitmap_node 1149KB 1149KB
avtab_node 4980KB 4980KB
avc_node 31KB 31KB
lsm_inode_cache 2829KB 3221KB
lsm_file_cache 64KB 128KB
key_jar 23KB 23KB
uts_namespace 15KB 15KB
nsproxy 7KB 7KB
vm_area_struct 945KB 945KB
mm_struct 215KB 283KB
fs_cache 42KB 48KB
files_cache 180KB 191KB
signal_cache 312KB 364KB
sighand_cache 330KB 330KB
task_struct 1063KB 1257KB
cred_jar 114KB 136KB
anon_vma_chain 224KB 224KB
anon_vma 193KB 208KB
pid 71KB 75KB
Acpi-Operand 87KB 146KB
Acpi-ParseExt 31KB 31KB
Acpi-Parse 35KB 51KB
Acpi-State 39KB 55KB
Acpi-Namespace 28KB 28KB
numa_policy 3KB 3KB
perf_event 95KB 95KB
trace_event_file 175KB 175KB
ftrace_event_field 308KB 308KB
pool_workqueue 32KB 32KB
maple_node 5392KB 5392KB
task_group 16KB 16KB
vmap_area 47KB 47KB
page->ptl 125KB 149KB
kmemleak_scan_area 19KB 19KB
kmemleak_object 134764KB 144926KB
kmalloc-cg-8k 64KB 64KB
kmalloc-cg-4k 2720KB 2720KB
kmalloc-cg-2k 1824KB 1824KB
kmalloc-cg-1k 438KB 480KB
kmalloc-cg-512 277KB 288KB
kmalloc-cg-256 40KB 40KB
kmalloc-cg-192 40KB 40KB
kmalloc-cg-128 40KB 40KB
kmalloc-cg-96 20KB 20KB
kmalloc-cg-64 16KB 16KB
kmalloc-cg-32 47KB 60KB
kmalloc-cg-16 8KB 8KB
kmalloc-cg-8 11KB 11KB
kmalloc-8k 5408KB 5408KB
kmalloc-4k 3768KB 3904KB
kmalloc-2k 3196KB 3424KB
kmalloc-1k 3436KB 3488KB
kmalloc-512 2705KB 2960KB
kmalloc-256 1088KB 1088KB
kmalloc-192 490KB 492KB
kmalloc-128 273KB 300KB
kmalloc-96 324KB 412KB
kmalloc-64 1074KB 1264KB
kmalloc-32 498KB 504KB
kmalloc-16 324KB 332KB
kmalloc-8 258KB 262KB
kmem_cache_node 51KB 51KB
kmem_cache 78KB 78KB
oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=4217,uid=0
Out of memory (oom_kill_allocating_task): Killed process 4217 (syz-executor.2) total-vm:94336kB, anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000
systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL
systemd[1]: systemd-journald.service: Failed with result 'signal'.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at mm/kasan/shadow.c:134 kasan_unpoison+0x42/0x50
Modules linked in:
CPU: 0 PID: 48 Comm: kworker/0:2 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
RIP: 0010:kasan_unpoison+0x42/0x50
Code: 89 fb 48 83 c6 01 e8 7d fe ff ff 48 89 e8 83 e0 07 74 14 48 ba 00 00 00 00 00 fc ff df 48 01 eb 48 c1 eb 03 88 04 13 5b 5d c3 <0f> 0b c3 66 66 2e 0f 1f 84 00 00 00 00 00 41 57 48 89 f8 41 56 48
RSP: 0018:ffff88800f45f940 EFLAGS: 00010206
RAX: 0000000003113600 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000170 RDI: ffff888017856253
RBP: ffff88800784f780 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888017856253
R13: 0000000000092cc0 R14: 0000000000092cc0 R15: 0000000000092cc0
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2e00582380 CR3: 0000000005026000 CR4: 0000000000350ef0
Call Trace:
__kasan_slab_alloc+0x2c/0x80
kmem_cache_alloc+0x1b1/0x490
__create_object.isra.0+0x3d/0xc10
__kmalloc+0x25f/0x440
inotify_handle_inode_event+0x112/0x5a0
fsnotify_handle_inode_event.isra.0+0x230/0x370
fsnotify+0x1095/0x1530
kernfs_notify_workfn+0x18d/0x560
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
irq event stamp: 40870
hardirqs last enabled at (40869): [] kasan_quarantine_put+0x87/0x1e0
hardirqs last disabled at (40870): [] __schedule+0x11d9/0x24a0
softirqs last enabled at (39180): [] srcu_invoke_callbacks+0x1e5/0x3a0
softirqs last disabled at (39176): [] srcu_invoke_callbacks+0x1b5/0x3a0
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at kernel/rcu/tree.c:2776 call_rcu+0x6c6/0xa20
Modules linked in:
CPU: 0 PID: 48 Comm: kworker/0:2 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
RIP: 0010:call_rcu+0x6c6/0xa20
Code: c1 ea 03 80 3c 02 00 0f 85 c0 02 00 00 48 8b 85 a0 00 00 00 48 85 c0 0f 85 37 fa ff ff 4c 89 ff e8 9f d2 00 00 e9 2a fa ff ff <0f> 0b e9 50 f9 ff ff e8 3e 24 ff ff e9 05 fc ff ff e8 44 3a 46 00
RSP: 0018:ffff88800f45f998 EFLAGS: 00010206
RAX: 0000000000000000 RBX: ffff8880178562d3 RCX: ffffffff817afce4
RDX: 0000000000000000 RSI: ffffffff817af5a0 RDI: 0000000000000003
RBP: ffff88800f45fa20 R08: 0000000000000001 R09: ffff8880178562e6
R10: ffffed1002f0ac5c R11: 0000000000000001 R12: ffffffff817af5a0
R13: ffffffff818ed256 R14: 0000000000000000 R15: ffff888007842640
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2e00582380 CR3: 0000000005026000 CR4: 0000000000350ef0
Call Trace:
kfree+0xbb/0x5d0
fsnotify_destroy_event+0x106/0x150
inotify_handle_inode_event+0x4cd/0x5a0
fsnotify_handle_inode_event.isra.0+0x230/0x370
fsnotify+0x1095/0x1530
kernfs_notify_workfn+0x18d/0x560
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
irq event stamp: 40870
hardirqs last enabled at (40869): [] kasan_quarantine_put+0x87/0x1e0
hardirqs last disabled at (40870): [] __schedule+0x11d9/0x24a0
softirqs last enabled at (39180): [] srcu_invoke_callbacks+0x1e5/0x3a0
softirqs last disabled at (39176): [] srcu_invoke_callbacks+0x1b5/0x3a0
---[ end trace 0000000000000000 ]---
BUG: kernel NULL pointer dereference, address: 0000000000000018
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 PID: 48 Comm: kworker/0:2 Tainted: G B W 5.19.0-rc5-next-20220705 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: events kernfs_notify_workfn
RIP: 0010:qlist_free_all+0xd3/0x190
Code: 03 05 41 84 7b 03 48 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48 8b 02 f6 c4 02 b8 00 00 00 00 48 0f 44 d0 <4c> 8b 72 18 e9 50 ff ff ff 49 83 7e 48 00 0f 85 68 ff ff ff 41 f7
RSP: 0018:ffff88800f45f978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88800cad3913 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffea0000382800 RDI: 0000000040000000
RBP: 0000000000000000 R08: ffff88800cad3913 R09: 000000000011000e
R10: ffffea0000382800 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88800f45f9b8 R14: 0000000000000000 R15: ffff88800e0a00e8
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000005026000 CR4: 0000000000350ef0
Call Trace:
kasan_quarantine_reduce+0x180/0x200
__kasan_slab_alloc+0x78/0x80
__kmalloc+0x1be/0x440
inotify_handle_inode_event+0x112/0x5a0
fsnotify_handle_inode_event.isra.0+0x230/0x370
fsnotify+0x1095/0x1530
kernfs_notify_workfn+0x18d/0x560
process_one_work+0xa0f/0x1690
worker_thread+0x637/0x1250
kthread+0x2ed/0x3a0
ret_from_fork+0x22/0x30
Modules linked in:
CR2: 0000000000000018
---[ end trace 0000000000000000 ]---
RIP: 0010:qlist_free_all+0xd3/0x190
Code: 03 05 41 84 7b 03 48 8b 48 08 48 89 c2 f6 c1 01 0f 85 b6 00 00 00 0f 1f 44 00 00 48 8b 02 f6 c4 02 b8 00 00 00 00 48 0f 44 d0 <4c> 8b 72 18 e9 50 ff ff ff 49 83 7e 48 00 0f 85 68 ff ff ff 41 f7
RSP: 0018:ffff88800f45f978 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88800cad3913 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffea0000382800 RDI: 0000000040000000
RBP: 0000000000000000 R08: ffff88800cad3913 R09: 000000000011000e
R10: ffffea0000382800 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff88800f45f9b8 R14: 0000000000000000 R15: ffff88800e0a00e8
FS: 0000000000000000(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000005026000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: 03 05 41 84 7b 03 add 0x37b8441(%rip),%eax # 0x37b8447
6: 48 8b 48 08 mov 0x8(%rax),%rcx
a: 48 89 c2 mov %rax,%rdx
d: f6 c1 01 test $0x1,%cl
10: 0f 85 b6 00 00 00 jne 0xcc
16: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
1b: 48 8b 02 mov (%rdx),%rax
1e: f6 c4 02 test $0x2,%ah
21: b8 00 00 00 00 mov $0x0,%eax
26: 48 0f 44 d0 cmove %rax,%rdx
* 2a: 4c 8b 72 18 mov 0x18(%rdx),%r14 <-- trapping instruction
2e: e9 50 ff ff ff jmpq 0xffffff83
33: 49 83 7e 48 00 cmpq $0x0,0x48(%r14)
38: 0f 85 68 ff ff ff jne 0xffffffa6
3e: 41 rex.B
3f: f7 .byte 0xf7