BUG: unable to handle page fault for address: fffffbfff3f8171b
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 14899 Comm: syz.6.1669 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc90004b7ed40 EFLAGS: 00010086
RAX: 000000000172ce01 RBX: 1ffffffff3f8171b RCX: ffffffff817ad1b4
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9fc0b8d8
RBP: ffffffffffffffff R08: ffffffff9fc0b8df R09: 1ffffffff3f8171b
R10: dffffc0000000000 R11: fffffbfff3f8171b R12: ffff88804351c6c4
R13: ffff88804351bc00 R14: dffffc0000000001 R15: fffffbfff3f8171c
FS: 00007f868117f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3f8171b CR3: 000000002859e000 CR4: 0000000000350ef0
Call Trace:
<TASK>
instrument_atomic_read include/linux/instrumented.h:68 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
__lock_acquire+0xc94/0x2100 kernel/locking/lockdep.c:5196
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:606
raw_spin_rq_lock kernel/sched/sched.h:1523 [inline]
_raw_spin_rq_lock_irqsave kernel/sched/sched.h:1543 [inline]
rq_lock_irqsave kernel/sched/sched.h:1808 [inline]
sched_balance_rq+0x4dcd/0x8620 kernel/sched/fair.c:11774
sched_balance_newidle+0x6ba/0xfd0 kernel/sched/fair.c:12836
balance_fair+0x44/0x70 kernel/sched/fair.c:8785
prev_balance kernel/sched/core.c:5995 [inline]
pick_next_task kernel/sched/core.c:6145 [inline]
__schedule+0x2a3f/0x4c30 kernel/sched/core.c:6709
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6848
futex_wait_queue+0x14e/0x1d0 kernel/futex/waitwake.c:370
__futex_wait+0x17f/0x320 kernel/futex/waitwake.c:669
futex_wait+0x101/0x360 kernel/futex/waitwake.c:697
do_futex+0x33b/0x560 kernel/futex/syscalls.c:102
__do_sys_futex kernel/futex/syscalls.c:179 [inline]
__se_sys_futex+0x3f9/0x480 kernel/futex/syscalls.c:160
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8680385d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f868117f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007f8680575fa8 RCX: 00007f8680385d29
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f8680575fa8
RBP: 00007f8680575fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8680575fac
R13: 0000000000000000 R14: 00007ffe2f22a530 R15: 00007ffe2f22a618
</TASK>
Modules linked in:
CR2: fffffbfff3f8171b
---[ end trace 0000000000000000 ]---
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc90004b7ed40 EFLAGS: 00010086
RAX: 000000000172ce01 RBX: 1ffffffff3f8171b RCX: ffffffff817ad1b4
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9fc0b8d8
RBP: ffffffffffffffff R08: ffffffff9fc0b8df R09: 1ffffffff3f8171b
R10: dffffc0000000000 R11: fffffbfff3f8171b R12: ffff88804351c6c4
R13: ffff88804351bc00 R14: dffffc0000000001 R15: fffffbfff3f8171c
FS: 00007f868117f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3f8171b CR3: 000000002859e000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 7 bytes skipped:
0: df 4f 8d fisttps -0x73(%rdi)
3: 3c 31 cmp $0x31,%al
5: 4c 89 fd mov %r15,%rbp
8: 4c 29 dd sub %r11,%rbp
b: 48 83 fd 10 cmp $0x10,%rbp
f: 7f 29 jg 0x3a
11: 48 85 ed test %rbp,%rbp
14: 0f 84 3e 01 00 00 je 0x158
1a: 4c 89 cd mov %r9,%rbp
1d: 48 f7 d5 not %rbp
20: 48 01 dd add %rbx,%rbp
* 23: 41 80 3b 00 cmpb $0x0,(%r11) <-- trapping instruction
27: 0f 85 c9 01 00 00 jne 0x1f6
2d: 49 ff c3 inc %r11
30: 48 ff c5 inc %rbp
33: 75 ee jne 0x23
35: e9 .byte 0xe9
36: 1e (bad)
37: 01 00 add %eax,(%rax)