Hello, syzbot found the following issue on: HEAD commit: 848e07631744 Merge tag 'hid-for-linus-2025030501' of git:/.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1247ca54580000 kernel config: https://syzkaller.appspot.com/x/.config?x=2040405600e83619 dashboard link: https://syzkaller.appspot.com/bug?extid=d26257274cf7b53db74a compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-848e0763.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c46426c0526b/vmlinux-848e0763.xz kernel image: https://storage.googleapis.com/syzbot-assets/d575feb1a7df/bzImage-848e0763.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+d26257274cf7b53db74a@xxxxxxxxxxxxxxxxxxxxxxxxx ================================================================== BUG: KASAN: wild-memory-access in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: wild-memory-access in atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] BUG: KASAN: wild-memory-access in __swap_cgroup_id_lookup mm/swap_cgroup.c:28 [inline] BUG: KASAN: wild-memory-access in lookup_swap_cgroup_id+0x82/0xf0 mm/swap_cgroup.c:127 Read of size 4 at addr 0007c8805a01cd3c by task udevd/5306 CPU: 0 UID: 0 PID: 5306 Comm: udevd Not tainted 6.14.0-rc5-syzkaller-00039-g848e07631744 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_report+0xe3/0x5b0 mm/kasan/report.c:524 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline] __swap_cgroup_id_lookup mm/swap_cgroup.c:28 [inline] lookup_swap_cgroup_id+0x82/0xf0 mm/swap_cgroup.c:127 swap_pte_batch+0x142/0x330 mm/internal.h:333 zap_nonpresent_ptes mm/memory.c:1634 [inline] do_zap_pte_range mm/memory.c:1702 [inline] zap_pte_range mm/memory.c:1742 [inline] zap_pmd_range mm/memory.c:1834 [inline] zap_pud_range mm/memory.c:1863 [inline] zap_p4d_range mm/memory.c:1884 [inline] unmap_page_range+0x1bb5/0x4510 mm/memory.c:1905 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1995 exit_mmap+0x283/0xd40 mm/mmap.c:1284 __mmput+0x115/0x420 kernel/fork.c:1356 exit_mm+0x220/0x310 kernel/exit.c:570 do_exit+0x9ad/0x28e0 kernel/exit.c:925 do_group_exit+0x207/0x2c0 kernel/exit.c:1087 get_signal+0x168c/0x1720 kernel/signal.c:3036 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] irqentry_exit_to_user_mode+0x7e/0x250 kernel/entry/common.c:231 exc_page_fault+0x590/0x8b0 arch/x86/mm/fault.c:1541 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0033:0x56281d3a39d0 Code: Unable to access opcode bytes at 0x56281d3a39a6. RSP: 002b:00007ffd4e66dab0 EFLAGS: 00010246 RAX: 00007ffd4e66dac8 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00007ffd4e66dad8 RDI: 00007ffd4e66db10 RBP: 000056283b5a6980 R08: 0000000000000007 R09: a02c58fefe889121 R10: 00000000ffffffff R11: 0000000000000246 R12: 000056283b5a6980 R13: 00007ffd4e66db98 R14: 0000000000000000 R15: 000056281d3ae4df </TASK> ================================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@xxxxxxxxxxxxxxxx. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
