RBP: 00007fa0365991d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffc4da2d60f R14: 00007fa036599300 R15: 0000000000022000
CPU: 0 PID: 30554 Comm: syz-executor.4 Not tainted 4.14.307-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Call Trace:
Modules linked in:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x149 lib/fault-inject.c:149
CPU: 1 PID: 30549 Comm: syz-executor.3 Not tainted 4.14.307-syzkaller #0
 should_fail_alloc_page mm/page_alloc.c:2898 [inline]
 prepare_alloc_pages mm/page_alloc.c:4165 [inline]
 __alloc_pages_nodemask+0x21e/0x2900 mm/page_alloc.c:4213
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
task: ffff8880ab430340 task.stack: ffff88807a778000
RIP: 0010:vhost_umem_interval_tree_iter_first drivers/vhost/vhost.c:53 [inline]
RIP: 0010:vhost_del_umem_range drivers/vhost/vhost.c:977 [inline]
RIP: 0010:vhost_process_iotlb_msg drivers/vhost/vhost.c:1048 [inline]
RIP: 0010:vhost_chr_write_iter drivers/vhost/vhost.c:1077 [inline]
RIP: 0010:vhost_chr_write_iter+0x873/0x1100 drivers/vhost/vhost.c:1061
RSP: 0018:ffff88807a77fc00 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff888088f02bc0 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff857f16f5 RDI: ffff888088f02c80
 alloc_pages_current+0x155/0x260 mm/mempolicy.c:2108
RBP: ffffed10111e0589 R08: 0000000000000000 R09: 00000000000406cb
 alloc_pages include/linux/gfp.h:520 [inline]
 pmd_alloc_one arch/x86/include/asm/pgalloc.h:102 [inline]
 __pmd_alloc+0x37/0x3f0 mm/memory.c:4355
R10: ffff8880ab430c18 R11: ffff8880ab430340 R12: 0000000000000002
 pmd_alloc include/linux/mm.h:1714 [inline]
 __handle_mm_fault+0x1398/0x4620 mm/memory.c:4206
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff1100f4eff87
FS:  00007f3629eae700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 handle_mm_fault+0x455/0x9c0 mm/memory.c:4276
CR2: 00007f447dc4e988 CR3: 00000000a8b59000 CR4: 00000000003406e0
 __do_page_fault+0x549/0xad0 arch/x86/mm/fault.c:1442
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1126
RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 arch/x86/lib/copy_user_64.S:67
RSP: 0018:ffff88809abf7df0 EFLAGS: 00050202
 call_write_iter include/linux/fs.h:1780 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x44c/0x630 fs/read_write.c:482
RAX: ffffed101357efcb RBX: 0000000000000010 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffff88809abf7e48 RDI: 0000000020000180
RBP: ffff88809abf7e48 R08: 0000000000000677 R09: ffffed101357efca
 vfs_write+0x17f/0x4d0 fs/read_write.c:544
R10: ffff88809abf7e57 R11: ffff888097600400 R12: 0000000020000180
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0xf2/0x210 fs/read_write.c:582
R13: 00007ffffffff000 R14: 0000000020000190 R15: 0000000000000000
 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:112 [inline]
 _copy_to_user+0xaa/0xd0 lib/usercopy.c:35
 copy_to_user include/linux/uaccess.h:155 [inline]
 put_timespec64+0x9e/0xf0 kernel/time/time.c:920
 SYSC_clock_gettime kernel/time/posix-timers.c:1075 [inline]
 SyS_clock_gettime+0x128/0x180 kernel/time/posix-timers.c:1063
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f362b93c0f9
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
RSP: 002b:00007f3629eae168 EFLAGS: 00000246
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
 ORIG_RAX: 0000000000000001
RIP: 0033:0x7f3d0acef0f9
RAX: ffffffffffffffda RBX: 00007f362ba5bf80 RCX: 00007f362b93c0f9
RSP: 002b:00007f3d09261168 EFLAGS: 00000246
RDX: 0000000000000048 RSI: 0000000020000080 RDI: 0000000000000003
 ORIG_RAX: 00000000000000e4
RBP: 00007f362b997ae9 R08: 0000000000000000 R09: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f3d0ae0ef80 RCX: 00007f3d0acef0f9
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006
R13: 00007ffe526e60af R14: 00007f3629eae300 R15: 0000000000022000
RBP: 00007f3d092611d0 R08: 0000000000000000 R09: 0000000000000000
Code: 
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
ff 
R13: 00007fff418c3b5f R14: 00007f3d09261300 R15: 0000000000022000
df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 c6 06 00 00 4c 8b ab c0 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e9 48 c1 e9 03 <80> 3c 01 00 0f 85 8f 06 00 00 49 8b 6d 00 48 85 ed 0f 84 e4 03 
RIP: vhost_umem_interval_tree_iter_first drivers/vhost/vhost.c:53 [inline] RSP: ffff88807a77fc00
RIP: vhost_del_umem_range drivers/vhost/vhost.c:977 [inline] RSP: ffff88807a77fc00
RIP: vhost_process_iotlb_msg drivers/vhost/vhost.c:1048 [inline] RSP: ffff88807a77fc00
RIP: vhost_chr_write_iter drivers/vhost/vhost.c:1077 [inline] RSP: ffff88807a77fc00
RIP: vhost_chr_write_iter+0x873/0x1100 drivers/vhost/vhost.c:1061 RSP: ffff88807a77fc00
---[ end trace accf9c7d27bb0e58 ]---