ci2 starts bisection 2024-08-25 14:15:57.992847208 +0000 UTC m=+183286.882987497
bisecting cause commit starting from d2bafcf224f3911b183113b2fcb536c9e90684a3
building syzkaller on d7d323527f8e6073ec1da024a08c26f50626254f
ensuring issue is reproducible on original commit d2bafcf224f3911b183113b2fcb536c9e90684a3

testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 00f034fc5b0b960fd7a9fb18cdf8a9f1303da62cb564c9417a35901fd66e0caa
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
check whether we can drop unnecessary instrumentation
disabling configs for [BUG LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a3323db6d0df266ba15922ce54596dac036ebb29e73becd8860e5609e83e1c12
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the bug reproduces without the instrumentation
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
kconfig minimization: base=3993 full=8129 leaves diff=2115
split chunks (needed=false): <2115>
split chunk #0 of len 2115 into 5 parts
testing without sub-chunk 1/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: a1bfb40496fca650b785c099f1148ebff6fa3386aea09f4ddf0e322b9ae9499b
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 2/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 4ed4fcb28048d5a6f8fc05ed5e1ee66660a049e1ab0266316fa6d80c78965319
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 3/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 52d355178dff0e84af48037d4efa710e1d38d44dfe2bc8d7f1169e74c7cde227
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 4/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 6e99698ffa616eedfa9487d03650fc35d5bed1dde86270448f3b57e97a1dd756
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the chunk can be dropped
testing without sub-chunk 5/5
disabling configs for [ATOMIC_SLEEP HANG LEAK UBSAN BUG LOCKDEP], they are not needed
testing commit d2bafcf224f3911b183113b2fcb536c9e90684a3 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 3865004de10c40daa62f914aca3cd1f733d09e040e4187f5a54fc8d25f1b9f80
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
the chunk can be dropped
disabling configs for [LOCKDEP ATOMIC_SLEEP HANG LEAK UBSAN BUG], they are not needed
picked [v6.10 v6.9 v6.8 v6.6 v6.4 v6.2 v6.0 v5.18 v5.15 v5.12 v5.9 v5.6 v5.3 v5.0 v4.19] out of 33 release tags
testing release v6.10
testing commit 0c3836482481200ead7b416ca80c68a29cfdaabd gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 5078a9e709f8cf6999cf9846c79094299fc02b3ead517cc3b45cab19aaee5daf
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
testing release v6.9
testing commit a38297e3fb012ddfa7ce0321a7e5a8daeb1872b6 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: b48395a51c6c9025637b587f695b8ad3b5a4c33d845e21c69754466cbc72387f
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
testing release v6.8
testing commit e8f897f4afef0031fe618a8e94127a0934896aba gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 465d2b9f8b6bc85c524a81f7f01cd1176ef81f420f9df91e17dc0569f6d60e04
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
testing release v6.6
testing commit ffc253263a1375a65fa6c9f62a893e9767fbebfa gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 9f52af6871bb18a244f892794d4f9dafcb4dc1b9ddaf2afc47ba2bfb94d4c605
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
testing release v6.4
testing commit 6995e2de6891c724bfeb2db33d7b87775f913ad1 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 0fd816248a4d199578d542d28df1d8df0ca92c2ee146640f71a9150635b2fecd
all runs: OK
false negative chance: 0.000
# git bisect start ffc253263a1375a65fa6c9f62a893e9767fbebfa 6995e2de6891c724bfeb2db33d7b87775f913ad1
Bisecting: 14974 revisions left to test after this (roughly 14 steps)
[692f5510159c79bfa312a4e27a15e266232bfb4c] Merge tag 'asoc-v6.6' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

testing commit 692f5510159c79bfa312a4e27a15e266232bfb4c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 8315ca3ae639c3471ed09dfb9cc6a237d1f72cd6cb1960fdce869efa442f5eb4
all runs: OK
false negative chance: 0.000
# git bisect good 692f5510159c79bfa312a4e27a15e266232bfb4c
Bisecting: 7105 revisions left to test after this (roughly 13 steps)
[0e72db77672ff4758a31fb5259c754a7bb229751] Merge tag 'soc-dt-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

testing commit 0e72db77672ff4758a31fb5259c754a7bb229751 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c6893e20cf1b36401bb3525b2a9d9c52cd11bfc2b8ae607fe672b20774fe7b61
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad 0e72db77672ff4758a31fb5259c754a7bb229751
Bisecting: 3474 revisions left to test after this (roughly 12 steps)
[bd6c11bc43c496cddfc6cf603b5d45365606dbd5] Merge tag 'net-next-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next

testing commit bd6c11bc43c496cddfc6cf603b5d45365606dbd5 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 95a7ca3a7dac5fc2c7e27eff4884454b3723345466e9b83a7209922a6beec254
all runs: OK
false negative chance: 0.000
# git bisect good bd6c11bc43c496cddfc6cf603b5d45365606dbd5
Bisecting: 2120 revisions left to test after this (roughly 11 steps)
[3698a75f5a98d0a6599e2878ab25d30a82dd836a] Merge tag 'drm-intel-next-fixes-2023-08-24' of git://anongit.freedesktop.org/drm/drm-intel into drm-next

testing commit 3698a75f5a98d0a6599e2878ab25d30a82dd836a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f0e112b7e590cc4a4cebd4dafc2362cb15b9ab97d0677754153772b3c896c4f0
all runs: OK
false negative chance: 0.000
# git bisect good 3698a75f5a98d0a6599e2878ab25d30a82dd836a
Bisecting: 1058 revisions left to test after this (roughly 10 steps)
[4fb0dacb78c6a041bbd38ddd998df806af5c2c69] Merge tag 'sound-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

testing commit 4fb0dacb78c6a041bbd38ddd998df806af5c2c69 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c8a89647f6201851f9a7f373fca4c93ff1b86dd2cab9b8b6f8003916a5f5a894
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad 4fb0dacb78c6a041bbd38ddd998df806af5c2c69
Bisecting: 518 revisions left to test after this (roughly 9 steps)
[b96a3e9142fdf346b05b20e867b4f0dfca119e96] Merge tag 'mm-stable-2023-08-28-18-26' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

testing commit b96a3e9142fdf346b05b20e867b4f0dfca119e96 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 56388472c72991288be0462fb0b66cd58b16636fac17663ccbfa05e2d3d117c4
all runs: OK
false negative chance: 0.000
# git bisect good b96a3e9142fdf346b05b20e867b4f0dfca119e96
Bisecting: 239 revisions left to test after this (roughly 8 steps)
[3d3dfeb3aec7b612d266d500c82054f1fded4980] Merge tag 'for-6.6/block-2023-08-28' of git://git.kernel.dk/linux

testing commit 3d3dfeb3aec7b612d266d500c82054f1fded4980 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f0f6a7d43a2da9278e80c776f7d194e3830f8994ca0f9200cd36bac3ea4c48d0
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad 3d3dfeb3aec7b612d266d500c82054f1fded4980
Bisecting: 116 revisions left to test after this (roughly 7 steps)
[c1b7fcf3f6d94c2c3528bf77054bf174a5ef63d7] Merge tag 'for-6.6/io_uring-2023-08-28' of git://git.kernel.dk/linux

testing commit c1b7fcf3f6d94c2c3528bf77054bf174a5ef63d7 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: d904988f72df1369d494471080e7dd286fbd3af0202c808243a43bf058719ba9
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad c1b7fcf3f6d94c2c3528bf77054bf174a5ef63d7
Bisecting: 80 revisions left to test after this (roughly 6 steps)
[dce8f8ed1de1d9d6d27c5ccd202ce4ec163b100c] document while_each_thread(), change first_tid() to use for_each_thread()

testing commit dce8f8ed1de1d9d6d27c5ccd202ce4ec163b100c gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: abdef697a6edc215b42d5a472132f26c55e1621dbd233167b242896feb5c84a5
all runs: OK
false negative chance: 0.000
# git bisect good dce8f8ed1de1d9d6d27c5ccd202ce4ec163b100c
Bisecting: 40 revisions left to test after this (roughly 5 steps)
[093a650b757210bc856ca7f5349fb5a4bb9d4bd6] io_uring: force inline io_fill_cqe_req

testing commit 093a650b757210bc856ca7f5349fb5a4bb9d4bd6 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: c8e6420f3e4d67b35f857b8cc744a87d71aa84c050af4209348bd369a35359b0
all runs: OK
false negative chance: 0.000
# git bisect good 093a650b757210bc856ca7f5349fb5a4bb9d4bd6
Bisecting: 22 revisions left to test after this (roughly 4 steps)
[daa22f5a78c27412e88d31780c4a6262cda559cd] Merge tag 'modules-6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux

testing commit daa22f5a78c27412e88d31780c4a6262cda559cd gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: ca3187270367dbffcb7d32bfccfc543f75a5599f0952d05993ca524bf76d13c4
all runs: OK
false negative chance: 0.000
# git bisect good daa22f5a78c27412e88d31780c4a6262cda559cd
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[c899710fe7f9f24dd77135875f199359f7b8b774] networking: Update to register_net_sysctl_sz

testing commit c899710fe7f9f24dd77135875f199359f7b8b774 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 76d1a9738f92b8bcdac79c2727c62443a94433a7b32eb450edf3d9e4cd68b70d
all runs: OK
false negative chance: 0.000
# git bisect good c899710fe7f9f24dd77135875f199359f7b8b774
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[0aa7aa5f766933d4f91b22d9658cd688e1f15dab] io_uring: move multishot cqe cache in ctx

testing commit 0aa7aa5f766933d4f91b22d9658cd688e1f15dab gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 687633e02746d6b9f850fd2585dfb4c464f2ed577c286397e42d9ebbcb21cb38
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad 0aa7aa5f766933d4f91b22d9658cd688e1f15dab
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[d7f06fea5d6be78403d42c9637f67bc883870094] io_uring: move non aligned field to the end

testing commit d7f06fea5d6be78403d42c9637f67bc883870094 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 710fa2114a15ba32cd6bbb6292f8401997c583904d72bcb6bb61a6e50be88ec5
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad d7f06fea5d6be78403d42c9637f67bc883870094
Bisecting: 0 revisions left to test after this (roughly 1 step)
[2af89abda7d9c2aeb573677e2c498ddb09f8058a] io_uring: add option to remove SQ indirection

testing commit 2af89abda7d9c2aeb573677e2c498ddb09f8058a gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: 34bdff31fd97788e91526daaccb95efda79e1e59a2613e163fec8d415c7dda29
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad 2af89abda7d9c2aeb573677e2c498ddb09f8058a
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[e5598d6ae62626d261b046a2f19347c38681ff51] io_uring: compact SQ/CQ heads/tails

testing commit e5598d6ae62626d261b046a2f19347c38681ff51 gcc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
kernel signature: f8bf435955ad1ba465ff5966b44357434f1073e3e973a636492a47c528128115
all runs: crashed: KASAN: use-after-free Read in ext4_inlinedir_to_tree
representative crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree, types: [KASAN]
# git bisect bad e5598d6ae62626d261b046a2f19347c38681ff51
e5598d6ae62626d261b046a2f19347c38681ff51 is the first bad commit
commit e5598d6ae62626d261b046a2f19347c38681ff51
Author: Pavel Begunkov <asml.silence@gmail.com>
Date:   Thu Aug 24 23:53:31 2023 +0100

    io_uring: compact SQ/CQ heads/tails
    
    Queues heads and tails cache line aligned. That makes sq, cq taking 4
    lines or 5 lines if we include the rest of struct io_rings (e.g.
    sq_flags is frequently accessed).
    
    Since modern io_uring is mostly single threaded, it doesn't make much
    send to spread them as such, it wastes space and puts additional pressure
    on caches. Put them all into a single line.
    
    Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
    Link: https://lore.kernel.org/r/9c8deddf9a7ed32069235a530d1e117fb460bc4c.1692916914.git.asml.silence@gmail.com
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 include/linux/io_uring_types.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

accumulated error probability: 0.00
culprit signature: f8bf435955ad1ba465ff5966b44357434f1073e3e973a636492a47c528128115
parent  signature: c8e6420f3e4d67b35f857b8cc744a87d71aa84c050af4209348bd369a35359b0
revisions tested: 28, total time: 5h28m48.266902952s (build: 2h39m1.756517237s, test: 2h38m48.078342305s)
first bad commit: e5598d6ae62626d261b046a2f19347c38681ff51 io_uring: compact SQ/CQ heads/tails
recipients (to): ["asml.silence@gmail.com" "axboe@kernel.dk"]
recipients (cc): []
crash: KASAN: use-after-free Read in ext4_inlinedir_to_tree
EXT4-fs error (device loop0): htree_dirblock_to_tree:1109: inode #2: block 21: comm syz-executor: bad entry in directory: directory entry overrun - offset=1004, inode=0, rec_len=1000, size=1024 fake=0
==================================================================
BUG: KASAN: use-after-free in ext4_read_inline_data fs/ext4/inline.c:209 [inline]
BUG: KASAN: use-after-free in ext4_inlinedir_to_tree+0x47d/0xf60 fs/ext4/inline.c:1366
Read of size 324 at addr ffff8881270d2c05 by task syz-executor/1876

CPU: 1 PID: 1876 Comm: syz-executor Not tainted 6.5.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xf8/0x260 lib/dump_stack.c:106
 print_address_description mm/kasan/report.c:364 [inline]
 print_report+0x167/0x540 mm/kasan/report.c:475
 kasan_report+0x175/0x1b0 mm/kasan/report.c:588
 kasan_check_range+0x282/0x290 mm/kasan/generic.c:187
 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105
 ext4_read_inline_data fs/ext4/inline.c:209 [inline]
 ext4_inlinedir_to_tree+0x47d/0xf60 fs/ext4/inline.c:1366
 ext4_htree_fill_tree+0x4de/0x1240 fs/ext4/namei.c:1208
 ext4_dx_readdir fs/ext4/dir.c:597 [inline]
 ext4_readdir+0x234c/0x2e30 fs/ext4/dir.c:142
 iterate_dir+0x1f0/0x500
 __do_sys_getdents64 fs/readdir.c:369 [inline]
 __se_sys_getdents64+0x1b3/0x3e0 fs/readdir.c:354
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9
RIP: 0033:0x7f6615173013
Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8
RSP: 002b:00007fff52f1f678 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
RAX: ffffffffffffffda RBX: 00005555569ac520 RCX: 00007f6615173013
RDX: 0000000000008000 RSI: 00005555569ac520 RDI: 0000000000000006
RBP: 00005555569ac4f4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8
R13: 0000000000000016 R14: 00005555569ac4f0 R15: 00007fff52f22a10
 </TASK>

The buggy address belongs to the physical page:
page:ffffea00049c3480 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1270d2
flags: 0x200000000000000(node=0|zone=2)
page_type: 0xffffffff()
raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 2158, tgid 2158 (modprobe), ts 62124616185, free_ts 62127053497
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x10f/0x130 mm/page_alloc.c:1570
 prep_new_page mm/page_alloc.c:1577 [inline]
 get_page_from_freelist+0x332d/0x35a0 mm/page_alloc.c:3221
 __alloc_pages+0x255/0x650 mm/page_alloc.c:4477
 vma_alloc_folio+0x696/0x880 mm/mempolicy.c:2240
 wp_page_copy mm/memory.c:3085 [inline]
 do_wp_page+0xa0f/0x2420 mm/memory.c:3446
 handle_pte_fault mm/memory.c:4955 [inline]
 __handle_mm_fault mm/memory.c:5079 [inline]
 handle_mm_fault+0x99f/0x29f0 mm/memory.c:5233
 do_user_addr_fault arch/x86/mm/fault.c:1392 [inline]
 handle_page_fault arch/x86/mm/fault.c:1486 [inline]
 exc_page_fault+0x264/0x760 arch/x86/mm/fault.c:1542
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1161 [inline]
 free_unref_page_prepare+0x807/0x930 mm/page_alloc.c:2348
 free_unref_page_list+0xb3/0x630 mm/page_alloc.c:2489
 release_pages+0x16b0/0x1860 mm/swap.c:1042
 tlb_batch_pages_flush mm/mmu_gather.c:97 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:292 [inline]
 tlb_flush_mmu+0x273/0x3d0 mm/mmu_gather.c:299
 tlb_finish_mmu+0xb6/0x1c0 mm/mmu_gather.c:391
 exit_mmap+0x345/0x830 mm/mmap.c:3214
 __mmput+0x61/0x290 kernel/fork.c:1348
 exit_mm+0x113/0x1b0 kernel/exit.c:567
 do_exit+0x7c7/0x2350 kernel/exit.c:861
 do_group_exit+0x1b9/0x280 kernel/exit.c:1024
 __do_sys_exit_group kernel/exit.c:1035 [inline]
 __se_sys_exit_group kernel/exit.c:1033 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x46/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x6f/0xd9

Memory state around the buggy address:
 ffff8881270d2b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8881270d2b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8881270d2c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                   ^
 ffff8881270d2c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff8881270d2d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================