BUG: unable to handle page fault for address: 00007ffe73eba000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 PID: 4907 Comm: syz.0.818 Not tainted 6.10.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:__dev_flush+0x14/0x60
Code: 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 57 41 56 53 48 8b 1f 48 39 fb 74 42 49 89 fe <4c> 8b 3b 48 8d 7b 80 be 01 00 00 00 e8 4b 00 00 00 48 c7 43 20 00
RSP: 0018:ffffc900000e8e38 EFLAGS: 00010213
RAX: ffffc900001b3be8 RBX: 00007ffe73eba000 RCX: 0000000012f42ce8
RDX: ffffc900001b3c38 RSI: 00007ffe73eba000 RDI: ffffc900001b3c38
RBP: 0000000000000040 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888237d32440
R13: 0000000000000000 R14: ffffc900001b3c38 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe73eba000 CR3: 0000000003258000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
xdp_do_check_flushed+0x7f/0xb0 net/core/filter.c:4300
__napi_poll+0x52/0x1d0 net/core/dev.c:6774
napi_poll net/core/dev.c:6840 [inline]
net_rx_action+0x275/0x460 net/core/dev.c:6962
handle_softirqs+0xfe/0x2f0 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x45/0xc0 kernel/softirq.c:637
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:deref_stack_reg+0x7a/0x90 arch/x86/kernel/unwind_orc.c:406
Code: 83 3b 00 74 2a 48 8b 4b 08 4c 39 f9 77 21 48 8b 53 10 4c 39 fa 76 18 49 8d 77 08 31 c0 48 39 ce 76 0d 48 39 d6 77 08 49 8b 07 <49> 89 06 b0 01 5b 41 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00
RSP: 0018:ffffc900001b3720 EFLAGS: 00000287
RAX: 0000000000000192 RBX: ffffc900001b3788 RCX: ffffc900001b4000
RDX: ffffc900001b3d28 RSI: ffffc900001b3d20 RDI: ffffc900001b3788
RBP: ffffc900001b37d8 R08: 0000000000000000 R09: ffffffff839433f4
R10: 0000000000000000 R11: ffffffff8121ca90 R12: ffffc900001b3d28
R13: 0000000000000001 R14: ffffc900001b37c8 R15: ffffc900001b3d20
unwind_next_frame+0x9d7/0xc50
arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x47/0x70 kernel/stacktrace.c:122
save_stack+0xef/0x140 mm/page_owner.c:156
__reset_page_owner+0x40/0x130 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1093 [inline]
free_unref_folios+0x55a/0x9f0 mm/page_alloc.c:2637
folios_put_refs+0x154/0x190 mm/swap.c:1024
free_pages_and_swap_cache+0x165/0x1f0 mm/swap_state.c:329
__tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
tlb_flush_mmu+0x133/0x1a0 mm/mmu_gather.c:373
tlb_finish_mmu+0x41/0x80 mm/mmu_gather.c:465
exit_mmap+0x2cd/0x580 mm/mmap.c:3354
__mmput+0x28/0xf0 kernel/fork.c:1346
exit_mm+0xaa/0x110 kernel/exit.c:567
do_exit+0x1e3/0xa70 kernel/exit.c:863
do_group_exit+0x86/0xa0 kernel/exit.c:1025
get_signal+0x718/0x7d0 kernel/signal.c:2909
arch_do_signal_or_restart+0x89/0x2b0 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x57/0x1d0 kernel/entry/common.c:218
do_syscall_64+0x9a/0x1a0 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6590720b59
Code: Unable to access opcode bytes at 0x7f6590720b2f.
RSP: 002b:00007f65901aa0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f65908b0f68 RCX: 00007f6590720b59
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f65908b0f68
RBP: 00007f65908b0f60 R08: 00007f65901aa6c0 R09: 00007f65901aa6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65908b0f6c
R13: 000000000000000b R14: 00007ffe73eb9210 R15: 00007ffe73eb92f8
Modules linked in:
CR2: 00007ffe73eba000
---[ end trace 0000000000000000 ]---
RIP: 0010:__dev_flush+0x14/0x60
Code: 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 57 41 56 53 48 8b 1f 48 39 fb 74 42 49 89 fe <4c> 8b 3b 48 8d 7b 80 be 01 00 00 00 e8 4b 00 00 00 48 c7 43 20 00
RSP: 0018:ffffc900000e8e38 EFLAGS: 00010213
RAX: ffffc900001b3be8 RBX: 00007ffe73eba000 RCX: 0000000012f42ce8
RDX: ffffc900001b3c38 RSI: 00007ffe73eba000 RDI: ffffc900001b3c38
RBP: 0000000000000040 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888237d32440
R13: 0000000000000000 R14: ffffc900001b3c38 R15: 0000000000000003
FS: 0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe73eba000 CR3: 0000000003258000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
5: 90 nop
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 66 0f 1f 00 nopw (%rax)
19: 41 57 push %r15
1b: 41 56 push %r14
1d: 53 push %rbx
1e: 48 8b 1f mov (%rdi),%rbx
21: 48 39 fb cmp %rdi,%rbx
24: 74 42 je 0x68
26: 49 89 fe mov %rdi,%r14
* 29: 4c 8b 3b mov (%rbx),%r15 <-- trapping instruction
2c: 48 8d 7b 80 lea -0x80(%rbx),%rdi
30: be 01 00 00 00 mov $0x1,%esi
35: e8 4b 00 00 00 call 0x85
3a: 48 rex.W
3b: c7 .byte 0xc7
3c: 43 20 00 rex.XB and %al,(%r8)