bisecting cause commit starting from 605cbf3d5f20470ec303b79feda3202935f4a142 building syzkaller on ed282a3a908662a18525a686f2adfa76731df95e testing commit 605cbf3d5f20470ec303b79feda3202935f4a142 with gcc (GCC) 8.1.0 kernel signature: 8b7426f4503bd065f122d4598692b0519f2ae5e6899b3be20e54e1e40292513d run #0: crashed: BUG: Bad page map run #1: crashed: kernel panic: corrupted stack end in sys_inotify_rm_watch run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: Bad page map run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in ip6_finish_output2 testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 383edab6ca5c40460a611ca071a6438c6994cef39a6ae0080786878997dda8d5 all runs: OK # git bisect start 605cbf3d5f20470ec303b79feda3202935f4a142 bcf876870b95592b52519ed4aafcf9d95999bc9c Bisecting: 8006 revisions left to test after this (roughly 13 steps) [47ec5303d73ea344e84f46660fff693c57641386] Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next testing commit 47ec5303d73ea344e84f46660fff693c57641386 with gcc (GCC) 8.1.0 kernel signature: 78d8485a64cbc633678309f90126c71b670d8431700cf4e45c5b73193d7c653c all runs: OK # git bisect good 47ec5303d73ea344e84f46660fff693c57641386 Bisecting: 4075 revisions left to test after this (roughly 12 steps) [ed3854ff994b35cc11658d43d01a421bd5088d23] Merge tag 'ktest-v5.9' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-ktest testing commit ed3854ff994b35cc11658d43d01a421bd5088d23 with gcc (GCC) 8.1.0 kernel signature: 310fd5c076de55aaab25b98b60e07739567c07800cb9821c387762b5eba76959 all runs: OK # git bisect good ed3854ff994b35cc11658d43d01a421bd5088d23 Bisecting: 2043 revisions left to test after this (roughly 11 steps) [9d0e9f29c5aa17772dc1fc1ac1905a386b78d113] Merge remote-tracking branch 'realtek/for-next' into master testing commit 9d0e9f29c5aa17772dc1fc1ac1905a386b78d113 with gcc (GCC) 8.1.0 kernel signature: b407061fb335cceb0886c333e2d97bc2629dd9b064609bfda52825d79c96c660 all runs: OK # git bisect good 9d0e9f29c5aa17772dc1fc1ac1905a386b78d113 Bisecting: 943 revisions left to test after this (roughly 10 steps) [0e25fdc1d6a134bfa235738d16112b160191d979] Merge remote-tracking branch 'amdgpu/drm-next' into master testing commit 0e25fdc1d6a134bfa235738d16112b160191d979 with gcc (GCC) 8.1.0 kernel signature: af5896634616055919728a526fca90a2a6775cd22352f1c758793f25e6327eb8 all runs: OK # git bisect good 0e25fdc1d6a134bfa235738d16112b160191d979 Bisecting: 476 revisions left to test after this (roughly 9 steps) [a7d0ae1295665744fdc45c905884f8caa2ddad46] Merge remote-tracking branch 'ipmi/for-next' into master testing commit a7d0ae1295665744fdc45c905884f8caa2ddad46 with gcc (GCC) 8.1.0 kernel signature: 4676cc23f477a362ceae934e7d34aa9c789077ad11e840bb214183a2a1c830f5 all runs: OK # git bisect good a7d0ae1295665744fdc45c905884f8caa2ddad46 Bisecting: 232 revisions left to test after this (roughly 8 steps) [ce221cd9456ee54799278c60b22f2f2cefce2680] Merge remote-tracking branch 'livepatching/for-next' into master testing commit ce221cd9456ee54799278c60b22f2f2cefce2680 with gcc (GCC) 8.1.0 kernel signature: 88b9c1827e440600e3844efe0a90d850baf1f739e7f00ab21a9e5f7fb6b61471 run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: kernel panic: corrupted stack end in sys_exit_group run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad rss-counter state run #6: crashed: BUG: Bad page map run #7: crashed: kernel panic: corrupted stack end in sys_futex run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in neigh_flush_dev run #9: crashed: BUG: Bad page map # git bisect bad ce221cd9456ee54799278c60b22f2f2cefce2680 Bisecting: 92 revisions left to test after this (roughly 7 steps) [0832cfc8c4d42e27a27361007301642edf003fd3] Merge remote-tracking branch 'staging/staging-next' into master testing commit 0832cfc8c4d42e27a27361007301642edf003fd3 with gcc (GCC) 8.1.0 kernel signature: becb400eddfdb0dec4bfac172ba473b9e36eeebc6c88f3c723dffab46fd3e51b run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: kernel panic: corrupted stack end in sys_futex run #6: crashed: BUG: Bad page map run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: unable to handle kernel NULL pointer dereference in dst_dev_put # git bisect bad 0832cfc8c4d42e27a27361007301642edf003fd3 Bisecting: 78 revisions left to test after this (roughly 6 steps) [986e9b888f7f0fec2d88e415071bd7f955866bc9] Merge remote-tracking branch 'char-misc/char-misc-next' into master testing commit 986e9b888f7f0fec2d88e415071bd7f955866bc9 with gcc (GCC) 8.1.0 kernel signature: bed30b8a4470b9fd2c057363b569ca58f9398d2cff2999b6fc3dfaaa35e685dc run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in neigh_flush_dev run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in neigh_flush_dev run #4: crashed: BUG: Bad page map run #5: crashed: kernel panic: corrupted stack end in sys_futex run #6: crashed: BUG: Bad page map run #7: crashed: WARNING: suspicious RCU usage in __fib6_update_sernum_upto_root run #8: crashed: kernel panic: corrupted stack end in ret_from_fork run #9: crashed: kernel panic: corrupted stack end in do_sys_open # git bisect bad 986e9b888f7f0fec2d88e415071bd7f955866bc9 Bisecting: 40 revisions left to test after this (roughly 5 steps) [377c0d7ea5bb93251e71559c115d2f94650c00d6] dt-bindings: timer: Add compatible for Mediatek MT8192 testing commit 377c0d7ea5bb93251e71559c115d2f94650c00d6 with gcc (GCC) 8.1.0 kernel signature: 517b13584d5e75cbbb3b984b85de730240b82c0ebe32f283b14dec6b7de00260 run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in fib_create_info run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad page map run #3: crashed: BUG: Bad page map run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in neigh_flush_dev run #5: crashed: BUG: Bad page map run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in neigh_flush_dev run #7: crashed: kernel panic: corrupted stack end in vcs_read run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in ip6_finish_output2 run #9: crashed: BUG: Bad page map # git bisect bad 377c0d7ea5bb93251e71559c115d2f94650c00d6 Bisecting: 15 revisions left to test after this (roughly 4 steps) [6d507c75e0cd359e4cede48230fb7e7a45c9bb74] vs_screen: kill tmp_count from vcs_read testing commit 6d507c75e0cd359e4cede48230fb7e7a45c9bb74 with gcc (GCC) 8.1.0 kernel signature: 994128b520f49e8333e71a9473af03b35f1570ae03e1b0bccd235e47f774258f all runs: OK # git bisect good 6d507c75e0cd359e4cede48230fb7e7a45c9bb74 Bisecting: 7 revisions left to test after this (roughly 3 steps) [9b07655c7740a97b918ebe7dc59447e29e22a957] newport_con: make module's init & exit static using module_driver testing commit 9b07655c7740a97b918ebe7dc59447e29e22a957 with gcc (GCC) 8.1.0 kernel signature: a5a6a82fdd5b255b811839c2b6f5df057ad511a7b15e8cabaf29611131978cc2 run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: kernel panic: corrupted stack end in sys_futex run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in free_work run #7: crashed: BUG: Bad page map run #8: crashed: BUG: Bad page map run #9: crashed: BUG: Bad page map # git bisect bad 9b07655c7740a97b918ebe7dc59447e29e22a957 Bisecting: 3 revisions left to test after this (roughly 2 steps) [b1c32fcfadf5593ab7a63261cc8a5747c36e627e] vc_screen: extract vcs_read_buf_header testing commit b1c32fcfadf5593ab7a63261cc8a5747c36e627e with gcc (GCC) 8.1.0 kernel signature: 851d6255d329f7fc7586195b6a16e42e662b1f43397985e876d27e143ab93c83 run #0: crashed: BUG: Bad page map run #1: crashed: BUG: Bad page map run #2: crashed: BUG: Bad rss-counter state run #3: crashed: BUG: Bad page map run #4: crashed: BUG: Bad page map run #5: crashed: BUG: Bad page map run #6: crashed: WARNING in fib6_walk_continue run #7: crashed: BUG: Bad page map run #8: crashed: kernel panic: corrupted stack end in call_usermodehelper_exec_async run #9: crashed: BUG: Bad page map # git bisect bad b1c32fcfadf5593ab7a63261cc8a5747c36e627e Bisecting: 1 revision left to test after this (roughly 1 step) [5a52baaab029e38e919efff2abc0d4e89338d464] vc_screen: extract vcs_read_buf_noattr testing commit 5a52baaab029e38e919efff2abc0d4e89338d464 with gcc (GCC) 8.1.0 kernel signature: 7ee63778a8640d2ddaf2d36614400ced9b9f939fbd9c1c5180446d42c1fba255 all runs: OK # git bisect good 5a52baaab029e38e919efff2abc0d4e89338d464 Bisecting: 0 revisions left to test after this (roughly 0 steps) [6a6b76cc44c98a39d3e718aa2056e2e12b609615] vc_screen: extract vcs_read_buf testing commit 6a6b76cc44c98a39d3e718aa2056e2e12b609615 with gcc (GCC) 8.1.0 kernel signature: 2a81b4865d0fd0314a88e42b6d40b555f4a9324acb1c105744acb7d0652f0ff4 all runs: OK # git bisect good 6a6b76cc44c98a39d3e718aa2056e2e12b609615 b1c32fcfadf5593ab7a63261cc8a5747c36e627e is the first bad commit commit b1c32fcfadf5593ab7a63261cc8a5747c36e627e Author: Jiri Slaby Date: Tue Aug 18 10:57:05 2020 +0200 vc_screen: extract vcs_read_buf_header The attribute header handling is terrible in vcs_read_buf. Separate it to a new function and simply do memmove (of up to 4 bytes) to the start of the con_buf -- if user seeked. Signed-off-by: Jiri Slaby Link: https://lore.kernel.org/r/20200818085706.12163-15-jslaby@suse.cz Signed-off-by: Greg Kroah-Hartman drivers/tty/vt/vc_screen.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) culprit signature: 851d6255d329f7fc7586195b6a16e42e662b1f43397985e876d27e143ab93c83 parent signature: 2a81b4865d0fd0314a88e42b6d40b555f4a9324acb1c105744acb7d0652f0ff4 revisions tested: 16, total time: 3h5m48.142188704s (build: 1h14m5.753194575s, test: 1h50m0.8846648s) first bad commit: b1c32fcfadf5593ab7a63261cc8a5747c36e627e vc_screen: extract vcs_read_buf_header recipients (to): ["gregkh@linuxfoundation.org" "gregkh@linuxfoundation.org" "jslaby@suse.com" "jslaby@suse.cz" "linux-kernel@vger.kernel.org"] recipients (cc): ["nico@fluxnic.net"] crash: BUG: Bad page map BUG: Bad page map in process systemd-udevd pte:ffffedb65f625 pmd:10ffc5067 addr:00007fc5eda00000 vm_flags:08000075 anon_vma:0000000000000000 mapping:ffff8881289174e0 index:44 file:libc-2.24.so fault:ext4_filemap_fault mmap:ext4_file_mmap readpage:ext4_readpage CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#1] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#2] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#3] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#4] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#5] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#6] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#7] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6858 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6888 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6888 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#8] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6518 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6548 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6548 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6858 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6888 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6888 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#9] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec61d8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6208 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6208 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6518 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6548 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6548 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6858 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6888 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6888 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#10] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec5e98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec5ec8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec5ec8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec61d8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6208 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6208 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6518 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6548 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6548 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6858 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6888 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6888 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7bd8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7c08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 4a5ae121e54e1d3c R12: ffffc90002ec7c08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xb3/0xec lib/dump_stack.c:118 print_bad_pte.cold.117+0x93/0xbd mm/memory.c:547 vm_normal_page+0x48/0xb0 mm/memory.c:610 do_numa_page mm/memory.c:4049 [inline] handle_pte_fault mm/memory.c:4231 [inline] __handle_mm_fault mm/memory.c:4356 [inline] handle_mm_fault+0xd8d/0x17f0 mm/memory.c:4454 do_user_addr_fault arch/x86/mm/fault.c:1294 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x34f/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0033:0x7fc5eda000e0 systemd-udevd: Corrupted page table at address 7fc5eda000b6 PGD 10ffaa067 P4D 10ffaa067 PUD 10ffab067 PMD 10ffc5067 PTE ffffedb65f625 Bad pagetable: 0009 [#11] PREEMPT SMP CPU: 1 PID: 8270 Comm: systemd-udevd Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec5b58 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec5b88 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec5b88 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 FS: 00007fc5eec248c0(0000) GS:ffff88812c100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5eda000b6 CR3: 000000010ffa3000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec5e98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec5ec8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec5ec8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec61d8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6208 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6208 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6518 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6548 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6548 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6858 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6888 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6888 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6b98 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6bc8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000037323854 R12: ffffc90002ec6bc8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec6ed8 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec6f08 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec6f08 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7218 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7248 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000014a80 R12: ffffc90002ec7248 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7558 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec7588 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000015fd0 R12: ffffc90002ec7588 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538 RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205 Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 RSP: 0000:ffffc90002ec7898 EFLAGS: 00010046 RAX: 0000000000000002 RBX: 0000000000000040 RCX: 0000000000000040 RDX: 0000000000000040 RSI: 00007fc5eda000b6 RDI: ffffc90002ec78c8 RBP: 00007fc5eda000b6 R08: 0000000000000000 R09: 0000000000000001 R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90002ec78c8 R13: ffff8881106364c0 R14: ffff8881106364c0 R15: ffffffff8401b939 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_from_user arch/x86/include/asm/uaccess_64.h:68 [inline] __copy_from_user_inatomic include/linux/uaccess.h:79 [inline] copy_from_user_nmi+0x8d/0xa0 arch/x86/lib/usercopy.c:33 copy_code arch/x86/kernel/dumpstack.c:87 [inline] show_opcodes+0x50/0x70 arch/x86/kernel/dumpstack.c:117 show_iret_regs+0xd/0x33 arch/x86/kernel/dumpstack.c:138 __show_regs+0x1f/0x40 arch/x86/kernel/process_64.c:73 show_trace_log_lvl+0x25b/0x2ba arch/x86/kernel/dumpstack.c:281 __die_body+0x15/0x60 arch/x86/kernel/dumpstack.c:400 pgtable_bad+0x50/0x70 arch/x86/mm/fault.c:552 do_user_addr_fault arch/x86/mm/fault.c:1157 [inline] handle_page_fault arch/x86/mm/fault.c:1351 [inline] exc_page_fault+0x570/0x6f0 arch/x86/mm/fault.c:1404 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:538