BUG: unable to handle page fault for address: ffffdc0000000fe9
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 11826067 P4D 11826067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1086 Comm: kworker/u4:6 Not tainted 6.0.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: events_unbound call_usermodehelper_exec_work
RIP: 0010:copy_thread+0xc5/0xa00 arch/x86/kernel/process.c:148
Code: 48 b8 00 00 00 00 00 fc ff df 48 8b 7d 20 4c 8d bf 58 7f 00 00 4c 8d a7 20 7f 00 00 48 81 c7 48 7f 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 12 08 00 00 49 8d 7f f8 49 c7 47 f0 00 00 00 00
RSP: 0018:ffffc900052df8f0 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffffc900052dfc10 RCX: 0000000000000000
RDX: 1fffe00000000fe9 RSI: ffffc900052dfc10 RDI: ffff000000007f48
RBP: ffff88801fcf0000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff000000007f20
R13: 0000000000808100 R14: 0000000000000000 R15: ffff000000007f58
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000fe9 CR3: 000000000bc8e000 CR4: 0000000000350ef0
Call Trace:
<TASK>
copy_process+0x3ced/0x7090 kernel/fork.c:2265
kernel_clone+0xe7/0xab0 kernel/fork.c:2673
user_mode_thread+0xad/0xe0 kernel/fork.c:2742
call_usermodehelper_exec_work kernel/umh.c:174 [inline]
call_usermodehelper_exec_work+0xcc/0x180 kernel/umh.c:160
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e4/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Modules linked in:
CR2: ffffdc0000000fe9
---[ end trace 0000000000000000 ]---
RIP: 0010:copy_thread+0xc5/0xa00 arch/x86/kernel/process.c:148
Code: 48 b8 00 00 00 00 00 fc ff df 48 8b 7d 20 4c 8d bf 58 7f 00 00 4c 8d a7 20 7f 00 00 48 81 c7 48 7f 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 12 08 00 00 49 8d 7f f8 49 c7 47 f0 00 00 00 00
RSP: 0018:ffffc900052df8f0 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffffc900052dfc10 RCX: 0000000000000000
RDX: 1fffe00000000fe9 RSI: ffffc900052dfc10 RDI: ffff000000007f48
RBP: ffff88801fcf0000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff000000007f20
R13: 0000000000808100 R14: 0000000000000000 R15: ffff000000007f58
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000fe9 CR3: 000000000bc8e000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
7: fc ff df
a: 48 8b 7d 20 mov 0x20(%rbp),%rdi
e: 4c 8d bf 58 7f 00 00 lea 0x7f58(%rdi),%r15
15: 4c 8d a7 20 7f 00 00 lea 0x7f20(%rdi),%r12
1c: 48 81 c7 48 7f 00 00 add $0x7f48,%rdi
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 12 08 00 00 jne 0x846
34: 49 8d 7f f8 lea -0x8(%r15),%rdi
38: 49 c7 47 f0 00 00 00 movq $0x0,-0x10(%r15)
3f: 00