general protection fault, probably for non-canonical address 0xffff000000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: maybe wild-memory-access in range [0xfff8200000000000-0xfff8200000000007] CPU: 1 PID: 294 Comm: kworker/u4:0 Not tainted 6.0.0-rc1-syzkaller-00028-g4dce3b375179 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:rcu_do_batch kernel/rcu/tree.c:2245 [inline] RIP: 0010:rcu_core+0x7af/0x1780 kernel/rcu/tree.c:2505 Code: 07 f3 f7 ff 49 8d 7f 08 5e 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 f8 0b 00 00 49 8b 47 08 4c 89 ff 49 c7 47 08 00 00 00 00 d0 48 c7 c6 f0 2f 32 81 48 c7 c7 c0 4e a9 87 e8 4c eb f7 ff 65 RSP: 0000:ffffc90000178e68 EFLAGS: 00010246 RAX: ffff000000000000 RBX: 0000000000000000 RCX: 603ad66270707a3c RDX: 1ffff11021d1413e RSI: ffffffff81322f8d RDI: ffff88810e7630a8 RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffff8b0766df R10: fffffbfff160ecdb R11: 0000000000000001 R12: dffffc0000000000 R13: ffffc90000178ed8 R14: 0000000000000004 R15: ffff88810e7630a8 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000007825000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __do_softirq+0x1c0/0x9a9 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x113/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1106 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xd2/0x180 mm/kasan/generic.c:189 Code: 48 83 c0 01 48 39 d0 74 7a 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 50 80 38 00 74 f2 eb d4 41 bc 08 00 00 00 RSP: 0000:ffffc9000177f840 EFLAGS: 00000246 RAX: fffffbfff11bd2ba RBX: fffffbfff11bd2bb RCX: ffffffff812a1c01 RDX: fffffbfff11bd2bb RSI: 0000000000000008 RDI: ffffffff88de95d0 RBP: fffffbfff11bd2ba R08: 0000000000000000 R09: ffffffff88de95d7 R10: fffffbfff11bd2ba R11: 0000000000000000 R12: ffffffff87ba4480 R13: 0000000000000cc0 R14: ffffffff816af92d R15: 0000000000000cc0 instrument_atomic_read include/linux/instrumented.h:71 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] cpumask_test_cpu include/linux/cpumask.h:370 [inline] cpu_online include/linux/cpumask.h:945 [inline] trace_lock_release include/trace/events/lock.h:69 [inline] lock_release+0xa1/0x780 kernel/locking/lockdep.c:5677 might_alloc include/linux/sched/mm.h:271 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc_node mm/slub.c:3157 [inline] slab_alloc mm/slub.c:3251 [inline] __kmem_cache_alloc_lru mm/slub.c:3258 [inline] kmem_cache_alloc+0x3b/0x4a0 mm/slub.c:3268 ptlock_alloc+0x1d/0x70 mm/memory.c:5774 ptlock_init include/linux/mm.h:2254 [inline] pgtable_pte_page_ctor include/linux/mm.h:2281 [inline] __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline] pte_alloc_one+0x68/0x230 arch/x86/mm/pgtable.c:33 __pte_alloc+0x69/0x250 mm/memory.c:468 do_anonymous_page mm/memory.c:4052 [inline] handle_pte_fault mm/memory.c:4909 [inline] __handle_mm_fault+0x229f/0x31c0 mm/memory.c:5053 handle_mm_fault+0x1c8/0x780 mm/memory.c:5151 faultin_page mm/gup.c:955 [inline] __get_user_pages+0x50f/0x1020 mm/gup.c:1195 __get_user_pages_locked mm/gup.c:1399 [inline] __get_user_pages_remote+0x18f/0x830 mm/gup.c:2109 get_user_pages_remote+0x84/0xc0 mm/gup.c:2182 get_arg_page+0xe4/0x2a0 fs/exec.c:222 copy_string_kernel+0x169/0x460 fs/exec.c:639 kernel_execve+0x2d6/0x500 fs/exec.c:1996 call_usermodehelper_exec_async+0x2e3/0x580 kernel/umh.c:112 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rcu_do_batch kernel/rcu/tree.c:2245 [inline] RIP: 0010:rcu_core+0x7af/0x1780 kernel/rcu/tree.c:2505 Code: 07 f3 f7 ff 49 8d 7f 08 5e 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 f8 0b 00 00 49 8b 47 08 4c 89 ff 49 c7 47 08 00 00 00 00 d0 48 c7 c6 f0 2f 32 81 48 c7 c7 c0 4e a9 87 e8 4c eb f7 ff 65 RSP: 0000:ffffc90000178e68 EFLAGS: 00010246 RAX: ffff000000000000 RBX: 0000000000000000 RCX: 603ad66270707a3c RDX: 1ffff11021d1413e RSI: ffffffff81322f8d RDI: ffff88810e7630a8 RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffff8b0766df R10: fffffbfff160ecdb R11: 0000000000000001 R12: dffffc0000000000 R13: ffffc90000178ed8 R14: 0000000000000004 R15: ffff88810e7630a8 FS: 0000000000000000(0000) GS:ffff8881f6900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000007825000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: f3 f7 ff repz idiv %edi 3: 49 8d 7f 08 lea 0x8(%r15),%rdi 7: 5e pop %rsi 8: 48 89 f8 mov %rdi,%rax b: 48 c1 e8 03 shr $0x3,%rax f: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) 14: 0f 85 f8 0b 00 00 jne 0xc12 1a: 49 8b 47 08 mov 0x8(%r15),%rax 1e: 4c 89 ff mov %r15,%rdi 21: 49 c7 47 08 00 00 00 movq $0x0,0x8(%r15) 28: 00 * 29: ff d0 callq *%rax <-- trapping instruction 2b: 48 c7 c6 f0 2f 32 81 mov $0xffffffff81322ff0,%rsi 32: 48 c7 c7 c0 4e a9 87 mov $0xffffffff87a94ec0,%rdi 39: e8 4c eb f7 ff callq 0xfff7eb8a 3e: 65 gs