free_slab mm/slub.c:2068 [inline] discard_slab mm/slub.c:2074 [inline] __unfreeze_partials+0x1ab/0x200 mm/slub.c:2548 put_cpu_partial+0x116/0x180 mm/slub.c:2624 qlist_free_all+0x2b/0x70 mm/kasan/quarantine.c:187 kasan_quarantine_reduce+0x169/0x180 mm/kasan/quarantine.c:294 __kasan_slab_alloc+0x2f/0xe0 mm/kasan/common.c:447 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:727 [inline] slab_alloc_node mm/slub.c:3243 [inline] slab_alloc mm/slub.c:3251 [inline] __kmem_cache_alloc_lru mm/slub.c:3258 [inline] kmem_cache_alloc+0x1a6/0x310 mm/slub.c:3268 getname_flags+0xb8/0x4e0 fs/namei.c:139 do_sys_openat2+0xd2/0x500 fs/open.c:1304 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd ------------[ cut here ]------------ kernel BUG at include/linux/memcontrol.h:478! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4931 Comm: syz-executor111 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:folio_memcg_rcu+0x17b/0x230 include/linux/memcontrol.h:478 Code: ff 4c 89 f0 48 25 ff 0f 00 00 74 20 e8 5e 89 c4 ff e9 1a ff ff ff e8 54 89 c4 ff 4c 89 f7 48 c7 c6 60 c8 98 8a e8 e5 15 00 00 <0f> 0b 4c 89 f7 be 08 00 00 00 e8 96 56 17 00 4c 89 f0 48 c1 e8 03 RSP: 0018:ffffc9000aa6f218 EFLAGS: 00010246 RAX: 005cff51ffc0b900 RBX: 0000000000000200 RCX: ffff88807afdbb00 RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff RBP: dffffc0000000000 R08: ffffffff81e3a89f R09: fffff5200154dda1 R10: fffff5200154dda1 R11: 1ffff9200154dda0 R12: 0000000000000000 R13: 00fff00000010200 R14: ffffea00005bba00 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f766ba141f0 CR3: 000000001c46a000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> workingset_activation+0x8a/0x450 mm/workingset.c:413 folio_mark_accessed+0x3ea/0xb50 mm/swap.c:440 handle_changed_spte_acc_track arch/x86/kvm/mmu/tdp_mmu.c:354 [inline] handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:609 [inline] handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:493 [inline] __handle_changed_spte+0x107b/0x1370 arch/x86/kvm/mmu/tdp_mmu.c:600 handle_changed_spte arch/x86/kvm/mmu/tdp_mmu.c:607 [inline] handle_removed_pt arch/x86/kvm/mmu/tdp_mmu.c:493 [inline] __handle_changed_spte+0xee8/0x1370 arch/x86/kvm/mmu/tdp_mmu.c:600 __tdp_mmu_set_spte+0x2f9/0xbe0 arch/x86/kvm/mmu/tdp_mmu.c:742 _tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:758 [inline] tdp_mmu_set_spte arch/x86/kvm/mmu/tdp_mmu.c:767 [inline] __tdp_mmu_zap_root+0x44b/0x680 arch/x86/kvm/mmu/tdp_mmu.c:873 tdp_mmu_zap_root+0x16f/0x2a0 arch/x86/kvm/mmu/tdp_mmu.c:909 kvm_tdp_mmu_zap_all+0xe6/0x2d0 arch/x86/kvm/mmu/tdp_mmu.c:1017 kvm_mmu_zap_all+0x2bc/0x360 arch/x86/kvm/mmu/mmu.c:6121 kvm_flush_shadow_all arch/x86/kvm/../../../virt/kvm/kvm_main.c:366 [inline] kvm_mmu_notifier_release+0x3e/0x80 arch/x86/kvm/../../../virt/kvm/kvm_main.c:836 mn_hlist_release mm/mmu_notifier.c:319 [inline] __mmu_notifier_release+0x3fb/0x680 mm/mmu_notifier.c:357 mmu_notifier_release include/linux/mmu_notifier.h:415 [inline] exit_mmap+0xb4/0x530 mm/mmap.c:3128 __mmput+0x111/0x3a0 kernel/fork.c:1187 exit_mm+0x211/0x2f0 kernel/exit.c:510 do_exit+0x4e1/0x20a0 kernel/exit.c:782 do_group_exit+0x23b/0x2f0 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:934 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f766b99ee29 Code: Unable to access opcode bytes at RIP 0x7f766b99edff. RSP: 002b:00007ffd6182b248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f766ba13350 RCX: 00007f766b99ee29 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f766ba13350 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:folio_memcg_rcu+0x17b/0x230 include/linux/memcontrol.h:478 Code: ff 4c 89 f0 48 25 ff 0f 00 00 74 20 e8 5e 89 c4 ff e9 1a ff ff ff e8 54 89 c4 ff 4c 89 f7 48 c7 c6 60 c8 98 8a e8 e5 15 00 00 <0f> 0b 4c 89 f7 be 08 00 00 00 e8 96 56 17 00 4c 89 f0 48 c1 e8 03 RSP: 0018:ffffc9000aa6f218 EFLAGS: 00010246 RAX: 005cff51ffc0b900 RBX: 0000000000000200 RCX: ffff88807afdbb00 RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff RBP: dffffc0000000000 R08: ffffffff81e3a89f R09: fffff5200154dda1 R10: fffff5200154dda1 R11: 1ffff9200154dda0 R12: 0000000000000000 R13: 00fff00000010200 R14: ffffea00005bba00 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f766ba141f0 CR3: 000000001c46a000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400