bisecting cause commit starting from 1f77990c4b7960a82d599567c586ceb8289f71ed building syzkaller on af796c181d2f26346fd413a8aec4262799a13cd1 testing commit 1f77990c4b7960a82d599567c586ceb8289f71ed compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 7b72e30826fffe02d15f17975884622510725f0cca7a30fa6ab8b92c204bcc06 all runs: crashed: INFO: rcu detected stall in sys_recvmmsg testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8c219514f33cf5f7e995cffb6643e798eb9f0e406da2dbcbb7423680d5a3f503 all runs: OK # git bisect start 1f77990c4b7960a82d599567c586ceb8289f71ed 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 7508 revisions left to test after this (roughly 13 steps) [32b47072f319bb65e9afad59e78153d83496f1f5] Merge tag 'defconfig-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit 32b47072f319bb65e9afad59e78153d83496f1f5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 027fd2a46adefc4ac05cf1c2a2256bf2cc5e482b45ec6f92618882fbac7a7ae7 failed: failed to create VM pool: failed to create GCE image: create image operation failed: &{Code:PERMISSIONS_ERROR Location: Message:Required 'read' permission for 'disks/ci-upstream-linux-next-kasan-gce-root-bisect-job-bisect-job-image.tar.gz' ForceSendFields:[] NullFields:[]}. # git bisect skip 32b47072f319bb65e9afad59e78153d83496f1f5 Bisecting: 7508 revisions left to test after this (roughly 13 steps) [8a6430ab9c9c87cb64c512e505e8690bbaee190b] libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs testing commit 8a6430ab9c9c87cb64c512e505e8690bbaee190b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8e3c0583b178000f6e300be0bef5c5bfb6a44a5bc06923019dad9f952e95abde all runs: crashed: KASAN: use-after-free Read in __d_alloc # git bisect bad 8a6430ab9c9c87cb64c512e505e8690bbaee190b Bisecting: 4221 revisions left to test after this (roughly 12 steps) [ebf435d3b51b22340ef047aad0c2936ec4833ab2] Merge tag 'staging-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit ebf435d3b51b22340ef047aad0c2936ec4833ab2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip ebf435d3b51b22340ef047aad0c2936ec4833ab2 Bisecting: 4221 revisions left to test after this (roughly 12 steps) [fb1f667e71c079defa5918b8f457faa48120b6f1] drm/amd/pm: correct the fan speed PWM retrieving testing commit fb1f667e71c079defa5918b8f457faa48120b6f1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: da0d25029629cf8f7ef06a40e772ce4a7b986899caf3171021177969751dea86 all runs: OK # git bisect good fb1f667e71c079defa5918b8f457faa48120b6f1 Bisecting: 4036 revisions left to test after this (roughly 12 steps) [c6c3c5704ba70820f6b632982abde06661b7222a] Merge tag 'driver-core-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core testing commit c6c3c5704ba70820f6b632982abde06661b7222a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip c6c3c5704ba70820f6b632982abde06661b7222a Bisecting: 4036 revisions left to test after this (roughly 12 steps) [8b1e7076d26b935af7caec33dee2837c0ad7dbb5] ext2: use iomap_fiemap to implement ->fiemap testing commit 8b1e7076d26b935af7caec33dee2837c0ad7dbb5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 256ec8b38071abc67c72f7895de87238676fd8d92818b2cc88f0e761174bcbb3 all runs: OK # git bisect good 8b1e7076d26b935af7caec33dee2837c0ad7dbb5 Bisecting: 4036 revisions left to test after this (roughly 12 steps) [d5f78f50fff3c69915bde28be901b8da56da7e06] Merge remote-tracking branch 'spi/for-5.14' into spi-linus testing commit d5f78f50fff3c69915bde28be901b8da56da7e06 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fd2a24ba39df47075447d06db3abd3d03ba891d383f6537e474d38af9fc903bc all runs: OK # git bisect good d5f78f50fff3c69915bde28be901b8da56da7e06 Bisecting: 4036 revisions left to test after this (roughly 12 steps) [2fd585f4ed9de9b9259e95affdd7d8cde06b48c3] vfio: Provide better generic support for open/release vfio_device_ops testing commit 2fd585f4ed9de9b9259e95affdd7d8cde06b48c3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d1160d8902c8f15f9b828db35cf04a82fb901abe09c5773b5ec89e7daf021093 all runs: OK # git bisect good 2fd585f4ed9de9b9259e95affdd7d8cde06b48c3 Bisecting: 4028 revisions left to test after this (roughly 12 steps) [6a1ec89f2c56da9c2bd0afedb48268dde086d729] crypto: omap-sham - initialize req only after omap_sham_hw_init() testing commit 6a1ec89f2c56da9c2bd0afedb48268dde086d729 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d94849c1792f8a311461079ffbdb2b8788734269ca7b434e473d2880241b5022 all runs: OK # git bisect good 6a1ec89f2c56da9c2bd0afedb48268dde086d729 Bisecting: 4028 revisions left to test after this (roughly 12 steps) [fe4c09e56852ceb4f4e07ba42e1750b4f5188d76] ARM: at91: pm: move the setup of soc_pm.bu->suspended testing commit fe4c09e56852ceb4f4e07ba42e1750b4f5188d76 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4e5e627e5fc39964a51c5939e5a72017e548b86cc093cd509bf0866f09fa6ce2 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good fe4c09e56852ceb4f4e07ba42e1750b4f5188d76 Bisecting: 4023 revisions left to test after this (roughly 12 steps) [3bb8fa376b8a21ccaf25bf64cc70a6a54cf343f8] staging: rtl8192e: rtl8192e: rtl_core: remove unused global variable testing commit 3bb8fa376b8a21ccaf25bf64cc70a6a54cf343f8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 06aac72bea0f851213bb596d565713d4f9451c4179eef31c335f81be52a192dc all runs: OK # git bisect good 3bb8fa376b8a21ccaf25bf64cc70a6a54cf343f8 Bisecting: 3768 revisions left to test after this (roughly 12 steps) [ba1dc7f273c73b93e0e1dd9707b239ed69eebd70] Merge tag 'char-misc-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc testing commit ba1dc7f273c73b93e0e1dd9707b239ed69eebd70 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip ba1dc7f273c73b93e0e1dd9707b239ed69eebd70 Bisecting: 3768 revisions left to test after this (roughly 12 steps) [2c647ebe17140f1f5de09d4e30817b1b00a3b588] xen: swiotlb: return error code from xen_swiotlb_map_sg() testing commit 2c647ebe17140f1f5de09d4e30817b1b00a3b588 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1faa5fdb6081ef1ce38308eceeafdd452bbfd5a5a629382cf3576d14b2a21c79 all runs: OK # git bisect good 2c647ebe17140f1f5de09d4e30817b1b00a3b588 Bisecting: 3749 revisions left to test after this (roughly 12 steps) [aaa8e4922c887ff47ad66ef918193682bccc1905] net: qrtr: make checks in qrtr_endpoint_post() stricter testing commit aaa8e4922c887ff47ad66ef918193682bccc1905 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 49a7de6c7e1bafad59770eec4b1810f5c02428fd7fb0eaf28eb89a23e8880a20 all runs: OK # git bisect good aaa8e4922c887ff47ad66ef918193682bccc1905 Bisecting: 2748 revisions left to test after this (roughly 12 steps) [0d290223a6c77107b1c3988959e49279a8dafaba] Merge tag 'sound-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound testing commit 0d290223a6c77107b1c3988959e49279a8dafaba compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4f4c373d75524ee5d41a15f4b700b49630e44c880e37ab2ac3a87b7305b3164b run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: crashed: KASAN: use-after-free Read in __d_alloc run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: crashed: KASAN: use-after-free Read in __d_alloc run #7: OK run #8: OK run #9: OK # git bisect bad 0d290223a6c77107b1c3988959e49279a8dafaba Bisecting: 1593 revisions left to test after this (roughly 11 steps) [5cbba60596b1f32f637190ca9ed5b1acdadb852c] Merge tag 'pm-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm testing commit 5cbba60596b1f32f637190ca9ed5b1acdadb852c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b2ba8f13407105bd52da347a64379232e54fe73e1b35db7012ecd7afe741a619 run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: crashed: KASAN: use-after-free Read in __d_alloc run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: crashed: KASAN: use-after-free Read in __d_alloc run #7: crashed: KASAN: use-after-free Read in __d_alloc run #8: OK run #9: OK # git bisect bad 5cbba60596b1f32f637190ca9ed5b1acdadb852c Bisecting: 808 revisions left to test after this (roughly 10 steps) [8596e589b787732c8346f0482919e83cc9362db1] Merge tag 'timers-core-2021-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 8596e589b787732c8346f0482919e83cc9362db1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b0dbfc3a15c8e94650ffd69c0bd29c30f6df23d904e0b6d8ea138b5480c35dc9 all runs: OK # git bisect good 8596e589b787732c8346f0482919e83cc9362db1 Bisecting: 510 revisions left to test after this (roughly 9 steps) [b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c] Merge tag 'for-5.15/io_uring-vfs-2021-08-30' of git://git.kernel.dk/linux-block testing commit b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 55891ec3e733df01bfcc0c69a6e951f7a7ee83dc5392533ad08aa86a2a49e3d4 run #0: crashed: KFENCE: use-after-free in kvm_fastop_exception run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: crashed: KASAN: use-after-free Read in __d_alloc run #3: crashed: KASAN: use-after-free Read in __d_alloc run #4: crashed: KASAN: use-after-free Read in __d_alloc run #5: crashed: KASAN: use-after-free Read in __d_alloc run #6: crashed: KASAN: use-after-free Read in __d_alloc run #7: crashed: KASAN: use-after-free Read in __d_alloc run #8: crashed: KASAN: use-after-free Read in __d_alloc run #9: OK # git bisect bad b91db6a0b52e019b6bdabea3f1dbe36d85c7e52c Bisecting: 167 revisions left to test after this (roughly 7 steps) [679369114e55f422dc593d0628cfde1d04ae59b3] Merge tag 'for-5.15/block-2021-08-30' of git://git.kernel.dk/linux-block testing commit 679369114e55f422dc593d0628cfde1d04ae59b3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 47eb8dcae1fed757e85db75eb323d5f9e717d0fa449d1c60300483eaeb4937fc all runs: OK # git bisect good 679369114e55f422dc593d0628cfde1d04ae59b3 Bisecting: 83 revisions left to test after this (roughly 6 steps) [f1042b6ccb887f07301f6b096b3d0cfcf9189323] io_uring: allow updating linked timeouts testing commit f1042b6ccb887f07301f6b096b3d0cfcf9189323 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c972cde1e9f249259a2042e339d9991c8f53cf0394eb21ba7562b501fdeab949 all runs: OK # git bisect good f1042b6ccb887f07301f6b096b3d0cfcf9189323 Bisecting: 41 revisions left to test after this (roughly 5 steps) [6607cd319b6b91bff94e90f798a61c031650b514] raid1: ensure write behind bio has less than BIO_MAX_VECS sectors testing commit 6607cd319b6b91bff94e90f798a61c031650b514 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b7fccf29979e3701d4fad5f6e06b76e6d29e24c7343663714ee608f89325481a all runs: OK # git bisect good 6607cd319b6b91bff94e90f798a61c031650b514 Bisecting: 20 revisions left to test after this (roughly 4 steps) [c547d89a9a445f6bb757b93247de43d312e722da] Merge tag 'for-5.15/io_uring-2021-08-30' of git://git.kernel.dk/linux-block testing commit c547d89a9a445f6bb757b93247de43d312e722da compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c597339abe4d9ba229f57e4e0d42b357bc77e064a4140dfc4d0e5e5fbf6374d5 all runs: OK # git bisect good c547d89a9a445f6bb757b93247de43d312e722da Bisecting: 10 revisions left to test after this (roughly 3 steps) [7a8721f84fcb3b2946a92380b6fc311e017ff02c] io_uring: add support for IORING_OP_SYMLINKAT testing commit 7a8721f84fcb3b2946a92380b6fc311e017ff02c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0c9f13c212995ba2c77351c99ae5ef432e9883216ee09c9a2570fb1865ebc705 run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 7a8721f84fcb3b2946a92380b6fc311e017ff02c Bisecting: 4 revisions left to test after this (roughly 2 steps) [da2d0cede330192879e8e16ddb3158aa76ba5ec2] namei: make do_symlinkat() take struct filename testing commit da2d0cede330192879e8e16ddb3158aa76ba5ec2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 3d2b947cd0ee0c3fe241d1832fd7275e2ec4041554fb89e72afb82c57a1e75c6 run #0: boot failed: KFENCE: use-after-free in kvm_fastop_exception run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good da2d0cede330192879e8e16ddb3158aa76ba5ec2 Bisecting: 2 revisions left to test after this (roughly 1 step) [020250f31c4c75ac7687a673e29c00786582a5f4] namei: make do_linkat() take struct filename testing commit 020250f31c4c75ac7687a673e29c00786582a5f4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a1b02e2f633d5da5c271d897c2a407371dd6ab31a47a7deab269eaf4c056a359 run #0: crashed: KASAN: use-after-free Read in __d_alloc run #1: crashed: KASAN: use-after-free Read in __d_alloc run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 020250f31c4c75ac7687a673e29c00786582a5f4 Bisecting: 0 revisions left to test after this (roughly 0 steps) [8228e2c313194f13f1d1806ed5734a26c38d49ac] namei: add getname_uflags() testing commit 8228e2c313194f13f1d1806ed5734a26c38d49ac compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0e48948481e8bed334d7c67bb535a2be67145a9b4df0f962a40c41a7c8aa362f all runs: OK # git bisect good 8228e2c313194f13f1d1806ed5734a26c38d49ac 020250f31c4c75ac7687a673e29c00786582a5f4 is the first bad commit commit 020250f31c4c75ac7687a673e29c00786582a5f4 Author: Dmitry Kadashev Date: Thu Jul 8 13:34:43 2021 +0700 namei: make do_linkat() take struct filename Pass in the struct filename pointers instead of the user string, for uniformity with do_renameat2, do_unlinkat, do_mknodat, etc. Cc: Al Viro Cc: Christian Brauner Acked-by: Linus Torvalds Link: https://lore.kernel.org/io-uring/20210330071700.kpjoyp5zlni7uejm@wittgenstein/ Signed-off-by: Dmitry Kadashev Acked-by: Christian Brauner Link: https://lore.kernel.org/r/20210708063447.3556403-8-dkadashev@gmail.com Signed-off-by: Jens Axboe fs/namei.c | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) culprit signature: a1b02e2f633d5da5c271d897c2a407371dd6ab31a47a7deab269eaf4c056a359 parent signature: 0e48948481e8bed334d7c67bb535a2be67145a9b4df0f962a40c41a7c8aa362f Reproducer flagged being flaky revisions tested: 25, total time: 7h29m40.158052208s (build: 2h57m56.399631236s, test: 4h29m23.255186331s) first bad commit: 020250f31c4c75ac7687a673e29c00786582a5f4 namei: make do_linkat() take struct filename recipients (to): ["axboe@kernel.dk" "christian.brauner@ubuntu.com" "dkadashev@gmail.com" "torvalds@linux-foundation.org"] recipients (cc): [] crash: KASAN: use-after-free Read in __d_alloc ================================================================== BUG: KASAN: use-after-free in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: use-after-free in __d_alloc+0x161/0x950 fs/dcache.c:1775 Read of size 5 at addr ffff888015414420 by task kdevtmpfs/22 CPU: 0 PID: 22 Comm: kdevtmpfs Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:105 print_address_description.constprop.0.cold+0x6c/0x309 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:436 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x20/0x60 mm/kasan/shadow.c:65 memcpy include/linux/fortify-string.h:191 [inline] __d_alloc+0x161/0x950 fs/dcache.c:1775 d_alloc+0x3f/0x200 fs/dcache.c:1823 __lookup_hash+0x97/0x140 fs/namei.c:1554 kern_path_locked+0x146/0x300 fs/namei.c:2567 handle_remove+0x9a/0x4fa drivers/base/devtmpfs.c:312 handle drivers/base/devtmpfs.c:382 [inline] devtmpfs_work_loop drivers/base/devtmpfs.c:395 [inline] devtmpfsd+0x176/0x24e drivers/base/devtmpfs.c:437 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Allocated by task 22: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x83/0xb0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2959 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x285/0x4a0 mm/slub.c:2972 getname_kernel+0x48/0x330 fs/namei.c:226 kern_path_locked+0x6f/0x300 fs/namei.c:2558 handle_remove+0x9a/0x4fa drivers/base/devtmpfs.c:312 handle drivers/base/devtmpfs.c:382 [inline] devtmpfs_work_loop drivers/base/devtmpfs.c:395 [inline] devtmpfsd+0x176/0x24e drivers/base/devtmpfs.c:437 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Freed by task 22: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:360 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free mm/kasan/common.c:328 [inline] __kasan_slab_free+0xff/0x130 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:230 [inline] slab_free_hook mm/slub.c:1628 [inline] slab_free_freelist_hook+0xe3/0x250 mm/slub.c:1653 slab_free mm/slub.c:3213 [inline] kmem_cache_free+0x8a/0x5b0 mm/slub.c:3229 putname include/linux/err.h:41 [inline] filename_parentat fs/namei.c:2547 [inline] kern_path_locked+0xa7/0x300 fs/namei.c:2558 handle_remove+0x9a/0x4fa drivers/base/devtmpfs.c:312 handle drivers/base/devtmpfs.c:382 [inline] devtmpfs_work_loop drivers/base/devtmpfs.c:395 [inline] devtmpfsd+0x176/0x24e drivers/base/devtmpfs.c:437 kthread+0x38b/0x460 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 The buggy address belongs to the object at ffff888015414400 which belongs to the cache names_cache of size 4096 The buggy address is located 32 bytes inside of 4096-byte region [ffff888015414400, ffff888015415400) The buggy address belongs to the page: page:ffffea0000550400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15410 head:ffffea0000550400 order:3 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff88800fdc43c0 raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4870, ts 430594386934, free_ts 430594238103 prep_new_page mm/page_alloc.c:2436 [inline] get_page_from_freelist+0xa6f/0x2f50 mm/page_alloc.c:4168 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5390 alloc_slab_page mm/slub.c:1691 [inline] allocate_slab+0x32e/0x4b0 mm/slub.c:1831 new_slab mm/slub.c:1894 [inline] new_slab_objects mm/slub.c:2640 [inline] ___slab_alloc+0x4ba/0x820 mm/slub.c:2803 __slab_alloc.constprop.0+0xa7/0xf0 mm/slub.c:2843 slab_alloc_node mm/slub.c:2925 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x3e1/0x4a0 mm/slub.c:2972 getname_flags.part.0+0x4a/0x440 fs/namei.c:138 do_sys_openat2+0xd2/0x360 fs/open.c:1198 do_sys_open fs/open.c:1220 [inline] __do_sys_open fs/open.c:1228 [inline] __se_sys_open fs/open.c:1224 [inline] __x64_sys_open+0xfd/0x1a0 fs/open.c:1224 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1346 [inline] free_pcp_prepare+0x2c5/0x780 mm/page_alloc.c:1397 free_unref_page_prepare mm/page_alloc.c:3332 [inline] free_unref_page+0x19/0x690 mm/page_alloc.c:3411 unfreeze_partials+0x17c/0x1d0 mm/slub.c:2421 put_cpu_partial+0x13d/0x230 mm/slub.c:2457 qlink_free mm/kasan/quarantine.c:146 [inline] qlist_free_all+0x5a/0xc0 mm/kasan/quarantine.c:165 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:272 __kasan_slab_alloc+0x95/0xb0 mm/kasan/common.c:444 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2959 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x285/0x4a0 mm/slub.c:2972 prepare_creds+0x39/0x610 kernel/cred.c:262 access_override_creds fs/open.c:355 [inline] do_faccessat+0x273/0x660 fs/open.c:419 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Memory state around the buggy address: ffff888015414300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888015414380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888015414400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888015414480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888015414500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ==================================================================