BUG: unable to handle page fault for address: fffffbfff3598930
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 13fff1067 PTE 0
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5190 Comm: klogd Not tainted 6.14.0-rc4-syzkaller-00295-gb91872c56940 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc900000073a0 EFLAGS: 00010086
RAX: 0000000000cef601 RBX: 1ffffffff3598930 RCX: ffffffff819cc4e4
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9acc4980
RBP: ffffffffffffffff R08: ffffffff9acc4987 R09: 1ffffffff3598930
R10: dffffc0000000000 R11: fffffbfff3598930 R12: ffff88807be6a8d4
R13: ffff88807be69e00 R14: dffffc0000000001 R15: fffffbfff3598931
FS: 00007fdd6b490380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3598930 CR3: 0000000032c6c000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
instrument_atomic_read include/linux/instrumented.h:68 [inline]
_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
__lock_acquire+0xc94/0x2100 kernel/locking/lockdep.c:5198
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:606
raw_spin_rq_lock kernel/sched/sched.h:1521 [inline]
_raw_spin_rq_lock_irqsave kernel/sched/sched.h:1541 [inline]
rq_lock_irqsave kernel/sched/sched.h:1838 [inline]
sched_balance_rq+0x4f3c/0x8870 kernel/sched/fair.c:11779
sched_balance_domains+0x565/0xa90 kernel/sched/fair.c:12207
handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:561
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5252
Code: c9 50 e8 29 2d 0c 00 48 83 c4 08 4c 89 f7 e8 fd 39 00 00 e9 de 04 00 00 4c 89 f7 e8 f0 9f 7a 0a e8 9b 07 39 00 fb 48 8b 5d c0 <48> 8d bb 08 16 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc90003bfef48 EFLAGS: 00000286
RAX: 38f4c68cc789fc00 RBX: ffff88807be69e00 RCX: ffffffff819d2afa
RDX: dffffc0000000000 RSI: ffffffff8c2aa4a0 RDI: ffffffff8c80f060
RBP: ffffc90003bfef90 R08: ffffffff94549877 R09: 1ffffffff28a930e
R10: dffffc0000000000 R11: fffffbfff28a930f R12: 1ffff110170c7eee
R13: dffffc0000000000 R14: ffff8880b863e940 R15: ffff8880b863f770
context_switch kernel/sched/core.c:5381 [inline]
__schedule+0x1916/0x4c90 kernel/sched/core.c:6765
preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6944
preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6968
preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0x130/0x140 kernel/locking/spinlock.c:194
__debug_check_no_obj_freed lib/debugobjects.c:1108 [inline]
debug_check_no_obj_freed+0x561/0x580 lib/debugobjects.c:1129
free_pages_prepare mm/page_alloc.c:1134 [inline]
free_frozen_pages+0x4c2/0x10e0 mm/page_alloc.c:2660
discard_slab mm/slub.c:2684 [inline]
__put_partials+0x160/0x1c0 mm/slub.c:3153
put_cpu_partial+0x17c/0x250 mm/slub.c:3228
__slab_free+0x290/0x380 mm/slub.c:4479
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4115 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4216
__alloc_skb+0x1c3/0x440 net/core/skbuff.c:596
alloc_skb include/linux/skbuff.h:1331 [inline]
alloc_skb_with_frags+0xc3/0x820 net/core/skbuff.c:6522
sock_alloc_send_pskb+0x91a/0xa60 net/core/sock.c:2914
unix_dgram_sendmsg+0x5e8/0x1df0 net/unix/af_unix.c:2017
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg+0x223/0x270 net/socket.c:733
__sys_sendto+0x363/0x4c0 net/socket.c:2187
__do_sys_sendto net/socket.c:2194 [inline]
__se_sys_sendto net/socket.c:2190 [inline]
__x64_sys_sendto+0xde/0x100 net/socket.c:2190
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdd6b5f29b5
Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc508407f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdd6b5f29b5
RDX: 000000000000005d RSI: 000055a54b27f790 RDI: 0000000000000003
RBP: 000055a54b278910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013
R13: 00007fdd6b780212 R14: 00007ffc508408f8 R15: 0000000000000000
</TASK>
Modules linked in:
CR2: fffffbfff3598930
---[ end trace 0000000000000000 ]---
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x82/0x290 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
RSP: 0018:ffffc900000073a0 EFLAGS: 00010086
RAX: 0000000000cef601 RBX: 1ffffffff3598930 RCX: ffffffff819cc4e4
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9acc4980
RBP: ffffffffffffffff R08: ffffffff9acc4987 R09: 1ffffffff3598930
R10: dffffc0000000000 R11: fffffbfff3598930 R12: ffff88807be6a8d4
R13: ffff88807be69e00 R14: dffffc0000000001 R15: fffffbfff3598931
FS: 00007fdd6b490380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffbfff3598930 CR3: 0000000032c6c000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 7 bytes skipped:
0: df 4f 8d fisttps -0x73(%rdi)
3: 3c 31 cmp $0x31,%al
5: 4c 89 fd mov %r15,%rbp
8: 4c 29 dd sub %r11,%rbp
b: 48 83 fd 10 cmp $0x10,%rbp
f: 7f 29 jg 0x3a
11: 48 85 ed test %rbp,%rbp
14: 0f 84 3e 01 00 00 je 0x158
1a: 4c 89 cd mov %r9,%rbp
1d: 48 f7 d5 not %rbp
20: 48 01 dd add %rbx,%rbp
* 23: 41 80 3b 00 cmpb $0x0,(%r11) <-- trapping instruction
27: 0f 85 c9 01 00 00 jne 0x1f6
2d: 49 ff c3 inc %r11
30: 48 ff c5 inc %rbp
33: 75 ee jne 0x23
35: e9 .byte 0xe9
36: 1e (bad)
37: 01 00 add %eax,(%rax)