------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4697 Comm: systemd-udevd Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: 67 fb 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 40 28 37 00 48 85 db 75 0d e8 a6 26 37 00 4c 89 e0 5b 5d 41 5c c3 e8 99 26 37 00 <0f> 0b e8 92 26 37 00 48 c7 c0 10 30 e7 89 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff88809d75f9a8 EFLAGS: 00010293
RAX: ffff88809d754000 RBX: 00ff88809ee4ab58 RCX: ffffffff812b5e78
RDX: 0000000000000000 RSI: ffffffff812b5ed7 RDI: 0000000000000006
RBP: 00ff88811ee4ab58 R08: 0000000000000000 R09: 00ff88811ee4ab58
R10: 0000000000000006 R11: 0000000000000000 R12: 010000009ee4ab58
R13: ffff88809d75fa00 R14: 0000000000000000 R15: 0000000000000286
FS:  00007fa51c2d88c0(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f83cc612000 CR3: 000000009d7c2000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:665 [inline]
 qlink_to_cache mm/kasan/quarantine.c:127 [inline]
 qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259
 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x110/0x370 mm/slab.c:3557
 getname_flags+0xce/0x590 fs/namei.c:140
 user_path_at_empty+0x2a/0x50 fs/namei.c:2609
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0x113/0x210 fs/stat.c:185
 vfs_lstat include/linux/fs.h:3137 [inline]
 __do_sys_newlstat fs/stat.c:350 [inline]
 __se_sys_newlstat+0x96/0x120 fs/stat.c:344
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fa51b14a335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007ffce81e5dc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000555c37534210 RCX: 00007fa51b14a335
RDX: 00007ffce81e5e00 RSI: 00007ffce81e5e00 RDI: 0000555c37533210
RBP: 00007ffce81e5ec0 R08: 00007fa51b4091e8 R09: 0000000000001010
R10: 0000000000000220 R11: 0000000000000246 R12: 0000555c37533210
R13: 0000555c37533224 R14: 0000555c3754355d R15: 0000555c37543564
Modules linked in:
---[ end trace 7150378e6b1c3933 ]---
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: 67 fb 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 40 28 37 00 48 85 db 75 0d e8 a6 26 37 00 4c 89 e0 5b 5d 41 5c c3 e8 99 26 37 00 <0f> 0b e8 92 26 37 00 48 c7 c0 10 30 e7 89 48 ba 00 00 00 00 00 fc
device geneve2 entered promiscuous mode
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 8110 Comm: syz-fuzzer Tainted: G      D           4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: 67 fb 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 40 28 37 00 48 85 db 75 0d e8 a6 26 37 00 4c 89 e0 5b 5d 41 5c c3 e8 99 26 37 00 <0f> 0b e8 92 26 37 00 48 c7 c0 10 30 e7 89 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff8880b262f608 EFLAGS: 00010293
RAX: ffff8880afc38280 RBX: c6ff8880b45b5d80 RCX: ffffffff812b5e78
RDX: 0000000000000000 RSI: ffffffff812b5ed7 RDI: 0000000000000006
RBP: c6ff8881345b5d80 R08: 0000000000000000 R09: c6ff8881345b5d80
R10: 0000000000000006 R11: 0000000000000009 R12: c7000000b45b5d80
R13: ffff8880b262f660 R14: 0000000000000000 R15: 0000000000000286
FS:  000000c000353490(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555559e6708 CR3: 0000000098e0f000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:665 [inline]
 qlink_to_cache mm/kasan/quarantine.c:127 [inline]
 qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259
 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc_node mm/slab.c:3340 [inline]
 kmem_cache_alloc_node+0x133/0x3b0 mm/slab.c:3647
 __alloc_skb+0x71/0x560 net/core/skbuff.c:193
 alloc_skb_fclone include/linux/skbuff.h:1037 [inline]
 sk_stream_alloc_skb+0xba/0x850 net/ipv4/tcp.c:884
 tcp_sendmsg_locked+0xc0b/0x2f60 net/ipv4/tcp.c:1312
 tcp_sendmsg+0x2b/0x40 net/ipv4/tcp.c:1462
 inet_sendmsg+0x132/0x5a0 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:661
 sock_write_iter+0x287/0x3c0 net/socket.c:966
 call_write_iter include/linux/fs.h:1821 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x51b/0x770 fs/read_write.c:487
 vfs_write+0x1f3/0x540 fs/read_write.c:549
 ksys_write+0x12b/0x2a0 fs/read_write.c:599
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4b12db
Code: fb ff eb bd e8 46 96 fb ff e9 61 ff ff ff cc e8 fb 61 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30
RSP: 002b:000000c00745f5b0 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 000000c00001e800 RCX: 00000000004b12db
RDX: 0000000000000004 RSI: 000000c00000a200 RDI: 0000000000000006
RBP: 000000c00745f600 R08: 000000c00745f601 R09: 0000000000000004
R10: 0000000000000008 R11: 0000000000000202 R12: 000000000000011e
R13: 000000c000480000 R14: 000000000000007f R15: ffffffffffffd6dc
Modules linked in:
RSP: 0018:ffff88809d75f9a8 EFLAGS: 00010293
RAX: ffff88809d754000 RBX: 00ff88809ee4ab58 RCX: ffffffff812b5e78
---[ end trace 7150378e6b1c3934 ]---
RDX: 0000000000000000 RSI: ffffffff812b5ed7 RDI: 0000000000000006
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: 67 fb 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 40 28 37 00 48 85 db 75 0d e8 a6 26 37 00 4c 89 e0 5b 5d 41 5c c3 e8 99 26 37 00 <0f> 0b e8 92 26 37 00 48 c7 c0 10 30 e7 89 48 ba 00 00 00 00 00 fc
RBP: 00ff88811ee4ab58 R08: 0000000000000000 R09: 00ff88811ee4ab58
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
RSP: 0018:ffff88809d75f9a8 EFLAGS: 00010293
invalid opcode: 0000 [#3] PREEMPT SMP KASAN
CPU: 1 PID: 30372 Comm: syz-executor.4 Tainted: G      D           4.19.211-syzkaller #0
RAX: ffff88809d754000 RBX: 00ff88809ee4ab58 RCX: ffffffff812b5e78
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: 67 fb 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 40 28 37 00 48 85 db 75 0d e8 a6 26 37 00 4c 89 e0 5b 5d 41 5c c3 e8 99 26 37 00 <0f> 0b e8 92 26 37 00 48 c7 c0 10 30 e7 89 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff88823aac7730 EFLAGS: 00010293
RAX: ffff88805cda81c0 RBX: c67e7e187e1fa9c0 RCX: ffffffff812b5e78
RDX: 0000000000000000 RSI: ffffffff812b5ed7 RDI: 0000000000000006
RDX: 0000000000000000 RSI: ffffffff812b5ed7 RDI: 0000000000000006
RBP: c67e7e18fe1fa9c0 R08: 0000000000000000 R09: c67e7e18fe1fa9c0
R10: 0000000000000006 R11: 0000000000000009 R12: c67ef5987e1fa9c0
R13: ffff88823aac7788 R14: 0000000000000000 R15: 0000000000000286
FS:  00007f1484e8b700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
R10: 0000000000000006 R11: 0000000000000000 R12: 010000009ee4ab58
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f62a000 CR3: 000000023adbe000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:665 [inline]
 qlink_to_cache mm/kasan/quarantine.c:127 [inline]
 qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259
RBP: 00ff88811ee4ab58 R08: 0000000000000000 R09: 00ff88811ee4ab58
 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538
R13: ffff88809d75fa00 R14: 0000000000000000 R15: 0000000000000286
R10: 0000000000000006 R11: 0000000000000000 R12: 010000009ee4ab58
FS:  00007fa51c2d88c0(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
R13: ffff88809d75fa00 R14: 0000000000000000 R15: 0000000000000286
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x110/0x370 mm/slab.c:3557
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 kmem_cache_zalloc include/linux/slab.h:699 [inline]
 taskstats_tgid_alloc kernel/taskstats.c:575 [inline]
 taskstats_exit+0x66d/0xc10 kernel/taskstats.c:614
FS:  000000c000353490(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 do_exit+0x677/0x2be0 kernel/exit.c:855
CR2: 00007f83cc61d000 CR3: 000000009d7c2000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 do_group_exit+0x125/0x310 kernel/exit.c:967
 get_signal+0x3f2/0x1f70 kernel/signal.c:2589
CR2: 00007f83cc62f000 CR3: 0000000098e0f000 CR4: 00000000003406f0
 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400