------------[ cut here ]------------ kernel BUG at arch/x86/mm/physaddr.c:27! invalid opcode: 0000 [#2] PREEMPT SMP KASAN CPU: 1 PID: 11744 Comm: syz-executor.0 Tainted: G D 5.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__phys_addr+0xb3/0x120 arch/x86/mm/physaddr.c:27 Code: 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 36 ce 3f 00 48 85 db 75 0f e8 8c cc 3f 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 7d cc 3f 00 <0f> 0b e8 76 cc 3f 00 48 c7 c0 10 50 87 89 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90003036ea8 EFLAGS: 00010212 RAX: 0000000000040000 RBX: 0a0a0a0a0a0a0a0a RCX: ffffc90002409000 RDX: 0000000000013b03 RSI: ffffffff81352ae3 RDI: 0000000000000006 RBP: ffffc90003036ec0 R08: ffff8880a1f761c0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0a0a818a0a0a0a0a R13: 0a0a0a0a8a0a0a0a R14: ffffc90003036f10 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f5d3cb40 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000002e727000 CR3: 0000000214642000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: virt_to_head_page include/linux/mm.h:731 [inline] qlink_to_cache mm/kasan/quarantine.c:128 [inline] qlist_free_all+0xc7/0x150 mm/kasan/quarantine.c:164 quarantine_reduce+0x15e/0x1a0 mm/kasan/quarantine.c:260 __kasan_kmalloc.constprop.0+0xa3/0xe0 mm/kasan/common.c:494 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:521 slab_post_alloc_hook mm/slab.h:584 [inline] slab_alloc_node mm/slab.c:3263 [inline] kmem_cache_alloc_node+0x138/0x740 mm/slab.c:3575 __alloc_skb+0xd5/0x5e0 net/core/skbuff.c:197 alloc_skb include/linux/skbuff.h:1049 [inline] alloc_skb_with_frags+0x93/0x590 net/core/skbuff.c:5664 sock_alloc_send_pskb+0x7ad/0x920 net/core/sock.c:2242 sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2259 __ip6_append_data.isra.0+0x1e94/0x3b60 net/ipv6/ip6_output.c:1511 ip6_make_skb+0x32f/0x570 net/ipv6/ip6_output.c:1874 udpv6_sendmsg+0x22d6/0x2b40 net/ipv6/udp.c:1465 inet6_sendmsg+0x9e/0xe0 net/ipv6/af_inet6.c:576 sock_sendmsg_nosec net/socket.c:639 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:659 ____sys_sendmsg+0x358/0x880 net/socket.c:2330 ___sys_sendmsg+0x100/0x170 net/socket.c:2384 __sys_sendmmsg+0x2db/0x4d0 net/socket.c:2467 __compat_sys_sendmmsg net/compat.c:656 [inline] __do_compat_sys_sendmmsg net/compat.c:663 [inline] __se_compat_sys_sendmmsg net/compat.c:660 [inline] __ia32_compat_sys_sendmmsg+0x9f/0x100 net/compat.c:660 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline] do_fast_syscall_32+0x27b/0xe16 arch/x86/entry/common.c:408 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f619a9 Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:00000000f5d3c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020006d00 RDX: 00000000000000c6 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 849d5505d3042ccf ]--- RIP: 0010:__phys_addr+0xb3/0x120 arch/x86/mm/physaddr.c:27 Code: 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 36 ce 3f 00 48 85 db 75 0f e8 8c cc 3f 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 7d cc 3f 00 <0f> 0b e8 76 cc 3f 00 48 c7 c0 10 50 87 89 48 ba 00 00 00 00 00 fc RSP: 0018:ffffc90004ba76c0 EFLAGS: 00010293