sd 0:0:1:0: [sg0] tag#4605 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#4605 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sd 0:0:1:0: [sg0] tag#4605 CDB[c0]: 00 00 00 00 00 00 00 00 BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:1355 in_atomic(): 0, irqs_disabled(): 1, pid: 2754, name: syz-executor.3 1 lock held by syz-executor.3/2754: #0: 00000000b4824fd9 (&mm->mmap_sem){++++}, at: __do_page_fault+0x3e2/0xde0 arch/x86/mm/fault.c:1341 irq event stamp: 334 hardirqs last enabled at (333): [] trace_hardirqs_on_thunk+0x1a/0x1c hardirqs last disabled at (334): [] trace_hardirqs_off_thunk+0x1a/0x1c softirqs last enabled at (0): [] copy_process.part.0+0x15c0/0x7f40 kernel/fork.c:1840 softirqs last disabled at (0): [<0000000000000000>] (null) CPU: 0 PID: 2754 Comm: syz-executor.3 Not tainted 4.19.143-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2fe lib/dump_stack.c:118 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6196 __do_page_fault+0x40d/0xde0 arch/x86/mm/fault.c:1355 invalid opcode: 0000 [#1] PREEMPT SMP KASAN page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1205 CPU: 1 PID: 2742 Comm: syz-executor.2 Not tainted 4.19.143-syzkaller #0 RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:270 [inline] RIP: 0010:do_syscall_64+0x202/0x620 arch/x86/entry/common.c:296 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Code: 00 0f 85 a8 03 00 00 48 83 3d 69 c1 d1 07 00 0f 84 1f 03 00 00 e8 de 17 69 00 fa 66 0f 1f 44 00 00 65 48 8b 1c 25 40 ee 00 00 <00> 00 4e 6e 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:317 [inline] RIP: 0010:test_ti_thread_flag include/linux/thread_info.h:84 [inline] RIP: 0010:addr_limit_user_check include/linux/syscalls.h:262 [inline] RIP: 0010:prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline] RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:271 [inline] RIP: 0010:do_syscall_64+0x212/0x620 arch/x86/entry/common.c:296 RSP: 0018:ffff88804a857f28 EFLAGS: 00010012 Code: 84 1f 03 00 00 e8 de 17 69 00 fa 66 0f 1f 44 00 00 65 48 8b 1c 25 40 ee 00 00 00 00 4e 6e 00 48 89 da 48 b8 00 00 00 00 00 fc df 48 c1 ea 03 80 3c 02 00 0f 85 83 03 00 00 4c 8b 23 31 ff 49 RSP: 0018:ffff88802a33ff28 EFLAGS: 00010002 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000c0e7000 RDX: 0000000000001932 RSI: ffffffff810099f2 RDI: 0000000000000005 RAX: ffff888049ab0200 RBX: 0000000000000000 RCX: ffffffff810099b3 RBP: ffff88804a857f58 R08: 0000000000000000 R09: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff810099f3 RDI: 0000000000000005 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 RBP: ffff88802a33ff58 R08: 0000000000000000 R09: 0000000000000000 R13: ffffffff88d25b58 R14: 0000000000000000 R15: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 R13: ffffffff88d25b58 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000001da9940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 entry_SYSCALL_64_after_hwframe+0x49/0xbe CR2: 00000000004e4330 CR3: 0000000091e98000 CR4: 00000000001426e0 RIP: 0033:0x45d5b9 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 Code: 5d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RSP: 002b:00007f660a6fcc78 EFLAGS: 00000246 Call Trace: ORIG_RAX: 0000000000000009 RAX: 0000000020011000 RBX: 0000000000020d00 RCX: 000000000045d5b9 entry_SYSCALL_64_after_hwframe+0x49/0xbe RDX: 0000000000000004 RSI: 0000000000003000 RDI: 0000000020011000 RIP: 0033:0x45ba81 RBP: 000000000118cf98 R08: ffffffffffffffff R09: 0000000000000000 Code: 75 14 b8 23 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 84 cf fb ff c3 48 83 ec 08 e8 ea 46 00 00 48 89 04 24 b8 23 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 33 47 00 00 48 89 d0 48 83 c4 08 48 3d 01 R10: 0000000000000032 R11: 0000000000000246 R12: 000000000118cf4c RSP: 002b:00007ffd956aa160 EFLAGS: 00000293 R13: 00007ffd5d5bbd6f R14: 00007f660a6fd9c0 R15: 000000000118cf4c ORIG_RAX: 0000000000000023 RAX: 0000000000000000 RBX: 00000000001b37b5 RCX: 000000000045ba81 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffd956aa170 RBP: 0000000000000001 R08: 00000000aa705f27 R09: 00000000aa705f2b R10: 00007ffd956aa270 R11: 0000000000000293 R12: 000000000118cf40 R13: 000000000118d940 R14: ffffffffffffffff R15: 000000000118d08c Modules linked in: ---[ end trace 5b6d181dabe273c0 ]--- BUG: unable to handle kernel paging request at 0000000000040000 RIP: 0010:constant_test_bit arch/x86/include/asm/bitops.h:317 [inline] RIP: 0010:test_ti_thread_flag include/linux/thread_info.h:84 [inline] RIP: 0010:addr_limit_user_check include/linux/syscalls.h:262 [inline] RIP: 0010:prepare_exit_to_usermode arch/x86/entry/common.c:190 [inline] RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:271 [inline] RIP: 0010:do_syscall_64+0x212/0x620 arch/x86/entry/common.c:296 PGD 9e1cf067 Code: 84 1f 03 00 00 e8 de 17 69 00 fa 66 0f 1f 44 00 00 65 48 8b 1c 25 40 ee 00 00 00 00 4e 6e 00 48 89 da 48 b8 00 00 00 00 00 fc df 48 c1 ea 03 80 3c 02 00 0f 85 83 03 00 00 4c 8b 23 31 ff 49 P4D 9e1cf067 RSP: 0018:ffff88802a33ff28 EFLAGS: 00010002 PUD 18c96067 PMD 0 RAX: ffff888049ab0200 RBX: 0000000000000000 RCX: ffffffff810099b3 RDX: 0000000000000000 RSI: ffffffff810099f3 RDI: 0000000000000005 Oops: 0002 [#2] PREEMPT SMP KASAN RBP: ffff88802a33ff58 R08: 0000000000000000 R09: 0000000000000000 CPU: 0 PID: 2754 Comm: syz-executor.3 Tainted: G D W 4.19.143-syzkaller #0 R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 R13: ffffffff88d25b58 R14: 0000000000000000 R15: 0000000000000000 RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:270 [inline] RIP: 0010:do_syscall_64+0x202/0x620 arch/x86/entry/common.c:296 FS: 0000000001da9940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 Code: 00 0f 85 a8 03 00 00 48 83 3d 69 c1 d1 07 00 0f 84 1f 03 00 00 e8 de 17 69 00 fa 66 0f 1f 44 00 00 65 48 8b 1c 25 40 ee 00 00 <00> 00 4e 6e 00 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 RSP: 0018:ffff88804a857f28 EFLAGS: 00010012 CR2: 00000000004e4330 CR3: 0000000091e98000 CR4: 00000000001426e0 RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000c0e7000 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 RDX: 0000000000001932 RSI: ffffffff810099f2 RDI: 0000000000000005 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 RBP: ffff88804a857f58 R08: 0000000000000000 R09: 0000000000000000