[syzbot] [mm?] linux-next test error: kernel BUG in post_alloc_hook

[syzbot <syzbot+8ffca916f3fa5455f9b4@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    a225caacc365 Add linux-next specific files for 20260603
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=13b0de66580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=717edf2a5f9fc390
dashboard link: https://syzkaller.appspot.com/bug?extid=8ffca916f3fa5455f9b4
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f799d07ea17d/disk-a225caac.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/72d0f0ff94e6/vmlinux-a225caac.xz
kernel image: https://storage.googleapis.com/syzbot-assets/99d4279e6fec/bzImage-a225caac.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8ffca916f3fa5455f9b4@syzkaller.appspotmail.com

Initmem setup node 1 [mem 0x0000000140001000-0x000000023fffffff]
On node 0, zone DMA: 1 pages in unavailable ranges
On node 0, zone DMA: 97 pages in unavailable ranges
On node 0, zone Normal: 3 pages in unavailable ranges
setup_percpu: NR_CPUS:8 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:2
percpu: Embedded 71 pages/cpu s253896 r8192 d28728 u1048576
pcpu-alloc: s253896 r8192 d28728 u1048576 alloc=1*2097152
pcpu-alloc: [0] 0 1 
kvm-guest: PV spinlocks enabled
PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=64 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=32 rose.rose_ndevs=32 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=32 max_loop=32 nbds_max=32 \
Kernel command line: comedi.comedi_num_legacy_minors=4 panic_on_warn=1 BOOT_IMAGE=/boot/bzImage root=/dev/sda1 console=ttyS0
Unknown kernel command line parameters "nbds_max=32", will be passed to user space.
random: crng init done
printk: log buffer data + meta data: 262144 + 917504 = 1179648 bytes
software IO TLB: area num 2.
Fallback order for Node 0: 0 1 
Fallback order for Node 1: 1 0 
Built 2 zonelists, mobility grouping on.  Total pages: 2097051
Policy zone: Normal
mem auto-init: stack:all(zero), heap alloc:on, heap free:off
stackdepot: allocating hash table via alloc_large_system_hash
stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear)
stackdepot: allocating space for 8192 stack pools via memblock
**********************************************************
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
**                                                      **
** This system shows unhashed kernel memory addresses   **
** via the console, logs, and other interfaces. This    **
** might reduce the security of your system.            **
**                                                      **
** If you see this message and you are not debugging    **
** the kernel, report this immediately to your system   **
** administrator!                                       **
**                                                      **
** Use hash_pointers=always to force this mode off      **
**                                                      **
**   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
**********************************************************
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13fe38
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x100000000000040(head|node=0|zone=2)
raw: 0100000000000040 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
head: 0100000000000040 dead000000000100 dead000000000122 0000000000000000
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
head: 0100000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page))
------------[ cut here ]------------
kernel BUG at ./include/linux/page-flags.h:682!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted syzkaller #0 PREEMPT_{RT,(undef)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:__ClearPagePrezeroed include/linux/page-flags.h:682 [inline]
RIP: 0010:post_alloc_hook+0x287/0x310 mm/page_alloc.c:1863
Code: ff ff 89 da be 01 00 00 00 48 c7 c7 40 50 4f 8e e8 ce 4b d4 02 e9 c5 fe ff ff 4c 89 ef 48 c7 c6 40 ef 7a 8b e8 2a c6 05 ff 90 <0f> 0b 31 ed f7 44 24 04 00 01 00 00 0f 84 8e fd ff ff e9 86 fd ff
RSP: 0000:ffffffff8e0078e0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8e0fef40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed10170c4903 R12: dffffc0000000000
R13: ffffea0004ff8e00 R14: 1ffffd40009ff1c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a79000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000e1b8000 CR4: 00000000000100b0
Call Trace:
 <TASK>
 prep_new_page mm/page_alloc.c:1925 [inline]
 get_page_from_freelist+0x3081/0x3320 mm/page_alloc.c:4015
 __alloc_frozen_pages_noprof+0x194/0x380 mm/page_alloc.c:5376
 __alloc_pages_mpol+0xe0/0x390 mm/mempolicy.c:2495
 alloc_slab_page mm/slub.c:3287 [inline]
 allocate_slab+0x83/0x5e0 mm/slub.c:3404
 new_slab mm/slub.c:3447 [inline]
 ___slab_alloc+0x160/0x930 mm/slub.c:4485
 __slab_alloc_node mm/slub.c:4549 [inline]
 slab_alloc_node mm/slub.c:4925 [inline]
 __do_kmalloc_node mm/slub.c:5331 [inline]
 __kmalloc_noprof+0x140/0x7b0 mm/slub.c:5345
 _kmalloc_noprof include/linux/slab.h:973 [inline]
 _kzalloc_noprof include/linux/slab.h:1286 [inline]
 __alloc_empty_sheaf mm/slub.c:2774 [inline]
 alloc_empty_sheaf mm/slub.c:2794 [inline]
 init_percpu_sheaves mm/slub.c:7555 [inline]
 do_kmem_cache_create+0x8ae/0x9a0 mm/slub.c:8595
 create_boot_cache+0xbf/0x120 mm/slab_common.c:717
 create_kmalloc_cache+0x41/0xb0 mm/slab_common.c:735
 new_kmalloc_cache+0xd4/0x180 mm/slab_common.c:982
 create_kmalloc_caches+0x14/0x50 mm/slab_common.c:1005
 kmem_cache_init+0x14a/0x1e0 mm/slub.c:8496
 mm_core_init+0x7e/0xb0 mm/mm_init.c:2728
 start_kernel+0x162/0x3e0 init/main.c:1034
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x157
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__ClearPagePrezeroed include/linux/page-flags.h:682 [inline]
RIP: 0010:post_alloc_hook+0x287/0x310 mm/page_alloc.c:1863
Code: ff ff 89 da be 01 00 00 00 48 c7 c7 40 50 4f 8e e8 ce 4b d4 02 e9 c5 fe ff ff 4c 89 ef 48 c7 c6 40 ef 7a 8b e8 2a c6 05 ff 90 <0f> 0b 31 ed f7 44 24 04 00 01 00 00 0f 84 8e fd ff ff e9 86 fd ff
RSP: 0000:ffffffff8e0078e0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff8e0fef40
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: ffffed10170c4903 R12: dffffc0000000000
R13: ffffea0004ff8e00 R14: 1ffffd40009ff1c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125a79000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000e1b8000 CR4: 00000000000100b0


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup