BUG: unable to handle kernel paging request at ffff888094526380 kasan: CONFIG_KASAN_INLINE enabled #PF error: [normal kernel read fault] kasan: GPF could be caused by NULL-ptr deref or user memory access PGD c201067 P4D c201067 PUD 21ffff067 PMD a9343063 PTE 1ffff1101526872e Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff888094526380 CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 ================================================================== BUG: KASAN: stack-out-of-bounds in pgd_val arch/x86/include/asm/paravirt.h:419 [inline] BUG: KASAN: stack-out-of-bounds in dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 Read of size 8 at addr ffff8880a9160000 by task syz-executor1/27179 CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#2] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#3] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#4] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af59c0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5a00 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5a00 RBP: ffff888091af59f0 R08: ffff888051f1a680 R09: ffffed101235eb48 R10: ffffed101235eb47 R11: ffff888091af5a3f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#5] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af54d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5510 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5510 RBP: ffff888091af5500 R08: ffff888051f1a680 R09: ffffed101235eaaa R10: ffffed101235eaa9 R11: ffff888091af554f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af59c0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5a00 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5a00 RBP: ffff888091af59f0 R08: ffff888051f1a680 R09: ffffed101235eb48 R10: ffffed101235eb47 R11: ffff888091af5a3f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#6] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4fe0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5020 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5020 RBP: ffff888091af5010 R08: ffff888051f1a680 R09: ffffed101235ea0c R10: ffffed101235ea0b R11: ffff888091af505f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af54d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5510 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5510 RBP: ffff888091af5500 R08: ffff888051f1a680 R09: ffffed101235eaaa R10: ffffed101235eaa9 R11: ffff888091af554f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af59c0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5a00 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5a00 RBP: ffff888091af59f0 R08: ffff888051f1a680 R09: ffffed101235eb48 R10: ffffed101235eb47 R11: ffff888091af5a3f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#7] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4af0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af4b30 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af4b30 RBP: ffff888091af4b20 R08: ffff888051f1a680 R09: ffffed101235e96e R10: ffffed101235e96d R11: ffff888091af4b6f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4fe0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5020 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5020 RBP: ffff888091af5010 R08: ffff888051f1a680 R09: ffffed101235ea0c R10: ffffed101235ea0b R11: ffff888091af505f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af54d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5510 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5510 RBP: ffff888091af5500 R08: ffff888051f1a680 R09: ffffed101235eaaa R10: ffffed101235eaa9 R11: ffff888091af554f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af59c0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5a00 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5a00 RBP: ffff888091af59f0 R08: ffff888051f1a680 R09: ffffed101235eb48 R10: ffffed101235eb47 R11: ffff888091af5a3f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000 RDX: 0000000000040000 RSI: ffffffff81bba42b RDI: ffff88808750dea8 RBP: ffff888091af71d0 R08: ffff888051f1a680 R09: ffffed101235ee23 R10: ffffed101235ee22 R11: 0000000000000003 R12: ffffc900137f0000 R13: ffffc90014b1b000 R14: dffffc0000000000 R15: ffff888094526380 __vunmap+0x53/0x400 mm/vmalloc.c:1508 vfree+0x8d/0x140 mm/vmalloc.c:1597 netlink_skb_destructor+0xc8/0x210 net/netlink/af_netlink.c:375 skb_release_head_state+0xed/0x260 net/core/skbuff.c:614 skb_release_all+0x16/0x60 net/core/skbuff.c:625 __kfree_skb net/core/skbuff.c:641 [inline] consume_skb net/core/skbuff.c:701 [inline] consume_skb+0x18c/0x550 net/core/skbuff.c:695 netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline] netlink_unicast+0x57c/0x770 net/netlink/af_netlink.c:1336 netlink_sendmsg+0xa05/0xf90 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:621 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:631 kernel_sendmsg+0x44/0x50 net/socket.c:639 sock_no_sendpage+0x1cd/0x260 net/core/sock.c:2587 kernel_sendpage+0x95/0xf0 net/socket.c:3360 sock_sendpage+0x8b/0xc0 net/socket.c:846 pipe_to_sendpage+0x2b4/0x390 fs/splice.c:452 splice_from_pipe_feed fs/splice.c:503 [inline] __splice_from_pipe+0x39a/0x7e0 fs/splice.c:627 splice_from_pipe+0x1ea/0x310 fs/splice.c:662 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832 do_splice_from fs/splice.c:851 [inline] direct_splice_actor+0x126/0x1a0 fs/splice.c:1023 splice_direct_to_actor+0x3be/0x9d0 fs/splice.c:978 do_splice_direct+0x2c7/0x420 fs/splice.c:1066 do_sendfile+0x61a/0xe60 fs/read_write.c:1436 __do_sys_sendfile64 fs/read_write.c:1491 [inline] __se_sys_sendfile64 fs/read_write.c:1483 [inline] __x64_sys_sendfile64+0x15a/0x240 fs/read_write.c:1483 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457ec9 syz-executor1: Corrupted page table at address 457e9f PGD a9160067 P4D a9160067 PUD ffffffff86d3ea8b Bad pagetable: 0009 [#8] PREEMPT SMP KASAN CPU: 0 PID: 27179 Comm: syz-executor1 Not tainted 5.0.0-rc2+ #26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4600 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af4640 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af4640 RBP: ffff888091af4630 R08: ffff888051f1a680 R09: ffffed101235e8d0 R10: ffffed101235e8cf R11: ffff888091af467f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 FS: 00007f5c0ac67700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000457e9f CR3: 000000009edba000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4af0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af4b30 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af4b30 RBP: ffff888091af4b20 R08: ffff888051f1a680 R09: ffffed101235e96e R10: ffffed101235e96d R11: ffff888091af4b6f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af4fe0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5020 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5020 RBP: ffff888091af5010 R08: ffff888051f1a680 R09: ffffed101235ea0c R10: ffffed101235ea0b R11: ffff888091af505f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af54d0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5510 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5510 RBP: ffff888091af5500 R08: ffff888051f1a680 R09: ffffed101235eaaa R10: ffffed101235eaa9 R11: ffff888091af554f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af59c0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5a00 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5a00 RBP: ffff888091af59f0 R08: ffff888051f1a680 R09: ffffed101235eb48 R10: ffffed101235eb47 R11: ffff888091af5a3f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af5eb0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af5ef0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af5ef0 RBP: ffff888091af5ee0 R08: ffff888051f1a680 R09: ffffed101235ebe6 R10: ffffed101235ebe5 R11: ffff888091af5f2f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 pgtable_bad+0x5c/0x90 arch/x86/mm/fault.c:716 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af63a0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af63e0 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af63e0 RBP: ffff888091af63d0 R08: ffff888051f1a680 R09: ffffed101235ec84 R10: ffffed101235ec83 R11: ffff888091af641f R12: 0000000000000040 R13: ffffffffffffffff R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_stack+0x39/0x3b arch/x86/kernel/dumpstack.c:293 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1db/0x2d0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:135 pgd_val arch/x86/include/asm/paravirt.h:419 [inline] dump_pagetable+0x85f/0x910 arch/x86/mm/fault.c:466 pgtable_bad+0x4a/0x90 arch/x86/mm/fault.c:714 do_user_addr_fault arch/x86/mm/fault.c:1340 [inline] __do_page_fault+0x7e6/0xd60 arch/x86/mm/fault.c:1541 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x20 arch/x86/lib/copy_user_64.S:181 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 83 RSP: 0018:ffff888091af6ae0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff888091af6b20 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 0000000000457e9f RDI: ffff888091af6b20 RBP: ffff888091af6b10 R08: ffff888051f1a680 R09: ffffed101235ed6c R10: ffffed101235ed6b R11: ffff888091af6b5f R12: 0000000000000040 R13: 00007ffffffff000 R14: 0000000000457e9f R15: ffff888051f1a680 show_opcodes+0x51/0x60 arch/x86/kernel/dumpstack.c:109 show_ip+0x32/0x38 arch/x86/kernel/dumpstack.c:126 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:73 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274 show_regs arch/x86/kernel/dumpstack.c:418 [inline] show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:408 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:383 no_context+0x428/0x9c0 arch/x86/mm/fault.c:855 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:947 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:954 do_kern_addr_fault arch/x86/mm/fault.c:1312 [inline] __do_page_fault+0x4ad/0xd60 arch/x86/mm/fault.c:1539 do_page_fault+0xe6/0x7d8 arch/x86/mm/fault.c:1572 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1143 RIP: 0010:__find_vmap_area mm/vmalloc.c:351 [inline] RIP: 0010:find_vmap_area+0x81/0x140 mm/vmalloc.c:750 Code: 00 48 8b 5b 10 e8 3f 53 c6 ff 48 85 db 74 7f e8 35 53 c6 ff 4c 8d 7b e8 4c 89 f8 48 c1 e8 03 42 80 3c 30 00 0f 85 8d 00 00 00 <4c> 8b 6b e8 4c 89 e7 4c 89 ee e8 30 54 c6 ff 4d 39 ec 72 a8 e8 06 RSP: 0018:ffff888091af71a8 EFLAGS: 00010246 RAX: 1ffff110128a4c70 RBX: ffff888094526398 RCX: ffffc90007dff000