[BUG] KASAN: user-memory-access Write in mmput
From: Huang Forrest
Date: Fri May 15 2026 - 12:03:59 EST
Hello,
I found the following issue with syzkaller on:
HEAD commit: 7aaa8047eafd (HEAD -> master, tag: v7.0-rc6, origin/master, origin/HEAD) Linux 7.0-rc6.
git tree: https://github.com/torvalds/linux.git master
console output: https://gist.githubusercontent.com/Forest-kernel/af4f0603350baa0159d31e0a6d2ac777/raw/3aea8bbe1aa73fe42cd2c2959536f585749f6aa4/log
kernel config: https://gist.githubusercontent.com/Forest-kernel/354e7c56522ab60f29c8b96e7429e2e3/raw/97bb1e7d6f9406da5bd07e999c3634f250a5db0c/config.txt
dashboard link: N/A for local dashboard
compiler: gcc (Ubuntu 12.3.0-1ubuntu1~22.04) 12.3.0
userspace arch: x86_64
Here is a syzkaller reproducer for the bug: https://gist.githubusercontent.com/Forest-kernel/78a7e878d480666c691cf65b1c064428/raw/76f303da3b2d735b835478afbf5dd1509670e806/repro
Suspected root cause:
I suspect this is mainly a struct file / VFS lifetime issue.
KASAN reports a user-memory-access (4-byte write) in mmput → set_mm_exe_file → exe_file_allow_write_access → allow_write_access while modprobe is exiting via exit_group. The access address (0xffff89c9) does not look like a valid kernel object, which suggests mm->exe_file or the underlying struct file was already corrupted before teardown.
It may be a race or lifetime bug in the file descriptor / struct file / mm->exe_file interaction (reference counting, close/dup, or concurrent exit paths under PREEMPT), which exit_mm exposes first and other syscalls hit shortly after.
The following full report also in https://gist.githubusercontent.com/Forest-kernel/ca81beb63c6474104a310bcbcb0e946d/raw/1f3f4b17eb99b5cb71bb8a08cadda6da16dccfd3/report
==================================================================
BUG: KASAN: user-memory-access in instrument_atomic_read_write include/linux/instrumented.h:112 [inline]
BUG: KASAN: user-memory-access in atomic_inc include/linux/atomic/atomic-instrumented.h:435 [inline]
BUG: KASAN: user-memory-access in allow_write_access include/linux/fs.h:2806 [inline]
BUG: KASAN: user-memory-access in exe_file_allow_write_access include/linux/fs.h:2827 [inline]
BUG: KASAN: user-memory-access in set_mm_exe_file kernel/fork.c:1256 [inline]
BUG: KASAN: user-memory-access in __mmput kernel/fork.c:1177 [inline]
BUG: KASAN: user-memory-access in mmput+0xf5/0x320 kernel/fork.c:1198
Write of size 4 at addr 00000000ffff89c9 by task modprobe/14872
BUG: unable to handle page fault for address: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xab/0xe0 lib/dump_stack.c:120
kasan_report+0xce/0x100 mm/kasan/report.c:595
check_region_inline mm/kasan/generic.c:194 [inline]
kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:200
instrument_atomic_read_write include/linux/instrumented.h:112 [inline]
atomic_inc include/linux/atomic/atomic-instrumented.h:435 [inline]
allow_write_access include/linux/fs.h:2806 [inline]
exe_file_allow_write_access include/linux/fs.h:2827 [inline]
set_mm_exe_file kernel/fork.c:1256 [inline]
__mmput kernel/fork.c:1177 [inline]
mmput+0xf5/0x320 kernel/fork.c:1198
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
do_group_exit+0xc7/0x280 kernel/exit.c:1118
__do_sys_exit_group kernel/exit.c:1129 [inline]
__se_sys_exit_group kernel/exit.c:1127 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1127
x64_sys_call+0x16cd/0x1760 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
==================================================================
#PF: supervisor read access in kernel mode
#PF: error_code(0x0009) - reserved bit violation
PGD 18e505067 P4D 18e505067 PUD 1008e7063 PMD 119177063 PTE 1bbbc16380000001
Oops: Oops: 0009 [#1] SMP KASAN NOPTI
CPU: 2 UID: 0 PID: 13130 Comm: syz-executor Tainted: G B 7.0.0-rc6 #1 PREEMPT(lazy)
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget fs/file.c:1210 [inline]
RIP: 0010:fdget_pos+0x171/0x590 fs/file.c:1256
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
FS: 000055557b175500(0000) GS:ffff8881f4a8f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88811bbb9604 CR3: 0000000102fb2000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
class_fd_pos_constructor include/linux/file.h:85 [inline]
do_writev+0x75/0x340 fs/read_write.c:1096
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc25aa0d0cd
Code: 01 c8 48 89 38 48 89 48 08 48 39 c6 75 df 41 b9 14 00 00 00 66 0f 1f 84 00 00 00 00 00 48 89 de bf 02 00 00 00 44 89 c8 0f 05 <48> 83 f8 fc 74 ed 45 85 ff 0f 84 98 00 00 00 45 31 c9 b9 22 00 00
RSP: 002b:00007ffe841fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007ffe841fe030 RCX: 00007fc25aa0d0cd
RDX: 0000000000000003 RSI: 00007ffe841fe030 RDI: 0000000000000002
RBP: 00007ffe841fe160 R08: 000000000000002c R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000001
</TASK>
Modules linked in:
CR2: ffff88811bbb9604
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: ffff88811bbb9204
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget fs/file.c:1210 [inline]
RIP: 0010:fdget_pos+0x171/0x590 fs/file.c:1256
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0009) - reserved bit violation
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 18e505067 P4D 18e505067
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
PUD 1008e7063
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
PMD 119177063
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
PTE 1bbbc16380000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Oops: Oops: 0009 [#2] SMP KASAN NOPTI
FS: 000055557b175500(0000) GS:ffff8881f4a8f000(0000) knlGS:0000000000000000
CPU: 0 UID: 0 PID: 274 Comm: syz-executor Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Tainted: [B]=BAD_PAGE, [D]=DIE
CR2: ffff88811bbb9604 CR3: 0000000102fb2000 CR4: 0000000000350ef0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget+0x16d/0x430 fs/file.c:1210
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f4 01 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 01 f4 bb ff 85 ed 75 2a
note: syz-executor[13130] exited with irqs disabled
RSP: 0018:ffff88811a3bf658 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88811bbb9200 RCX: ffffffff94d4550f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9204
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102005e618
R10: 0000000000000001 R11: ffff88811986ac40 R12: ffff8881002f30c0
R13: 0000000000000016 R14: 0000000000400000 R15: 0000000000000016
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
class_fd_constructor include/linux/file.h:83 [inline]
select_poll_one fs/select.c:469 [inline]
do_select+0xb57/0x16f0 fs/select.c:536
core_sys_select+0x2e6/0x680 fs/select.c:677
do_pselect.constprop.0+0x19f/0x1e0 fs/select.c:759
__do_sys_pselect6 fs/select.c:798 [inline]
__se_sys_pselect6 fs/select.c:789 [inline]
__x64_sys_pselect6+0x182/0x240 fs/select.c:789
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fab3a647524
Code: 00 00 00 4c 8d 4c 24 40 85 c0 75 36 4c 89 f2 b8 0e 01 00 00 0f 05 48 3d 00 f0 ff ff 0f 87 80 00 00 00 48 8b 54 24 58 64 48 2b <14> 25 28 00 00 00 0f 85 9f 00 00 00 48 83 c4 68 41 5c 41 5e c3 0f
RSP: 002b:00007ffec6b8eff0 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007ffec6b8f530 RCX: 00007fab3a647524
RDX: 0000000000000000 RSI: 00007ffec6b8f160 RDI: 000000000000002a
RBP: 0000000000000027 R08: 00007ffec6b8f020 R09: 00007ffec6b8f030
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec6b8f160
R13: 00007ffec6b8f100 R14: 0000000000000000 R15: 00005555620bc790
</TASK>
Modules linked in:
CR2: ffff88811bbb9204
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 00000000ffff89c9
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget fs/file.c:1210 [inline]
RIP: 0010:fdget_pos+0x171/0x590 fs/file.c:1256
#PF: supervisor write access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0002) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Oops: Oops: 0002 [#3] SMP KASAN NOPTI
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Tainted: [B]=BAD_PAGE, [D]=DIE
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RIP: 0010:arch_atomic_inc arch/x86/include/asm/atomic.h:53 [inline]
RIP: 0010:raw_atomic_inc include/linux/atomic/atomic-arch-fallback.h:992 [inline]
RIP: 0010:atomic_inc include/linux/atomic/atomic-instrumented.h:436 [inline]
RIP: 0010:allow_write_access include/linux/fs.h:2806 [inline]
RIP: 0010:exe_file_allow_write_access include/linux/fs.h:2827 [inline]
RIP: 0010:set_mm_exe_file kernel/fork.c:1256 [inline]
RIP: 0010:__mmput kernel/fork.c:1177 [inline]
RIP: 0010:mmput+0xf5/0x320 kernel/fork.c:1198
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fa 01 00 00 48 8b 45 20 be 04 00 00 00 4c 8d a0 48 01 00 00 4c 89 e7 e8 eb 48 6f 00 <f0> 41 ff 04 24 48 89 ef e8 be d9 72 00 e8 19 1f 37 00 48 8d ab b8
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RSP: 0018:ffff88811574fde0 EFLAGS: 00010246
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
RAX: 0000000000000000 RBX: ffff888105862b80 RCX: ffffffff94c85206
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
RDX: ffff888104d28000 RSI: 0000000000000000 RDI: 0000000000000007
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
RBP: ffff888119042400 R08: 0000000000000001 R09: fffffbfff34cae2c
note: syz-executor[274] exited with irqs disabled
R10: 0000000000000000 R11: fffffffffffea348 R12: 00000000ffff89c9
R13: ffff888105862d10 R14: 0000000000000000 R15: ffff8881009cbc00
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
Call Trace:
<TASK>
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
do_group_exit+0xc7/0x280 kernel/exit.c:1118
__do_sys_exit_group kernel/exit.c:1129 [inline]
__se_sys_exit_group kernel/exit.c:1127 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1127
x64_sys_call+0x16cd/0x1760 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
Modules linked in:
CR2: 00000000ffff89c9
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 000000d60000001d
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget fs/file.c:1210 [inline]
RIP: 0010:fdget_pos+0x171/0x590 fs/file.c:1256
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0000) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
Oops: Oops: 0000 [#4] SMP KASAN NOPTI
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Tainted: [B]=BAD_PAGE, [D]=DIE
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
RIP: 0010:find_stack lib/stackdepot.c:610 [inline]
RIP: 0010:stack_depot_save_flags+0x164/0x7f0 lib/stackdepot.c:676
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
RSP: 0018:ffff8881003df920 EFLAGS: 00010292
note: modprobe[14872] exited with irqs disabled
RAX: 00000000499a352c RBX: 00000000499a352c RCX: ffff8881816352c0
RDX: ffffffff9440477a RSI: 0000000000000002 RDI: 000000006fa49abc
RBP: 000000d60000000d R08: ffffffff996a3fd0 R09: ffff8881003df878
R10: 00000000553bcf3b R11: 00000000682d263e R12: 0000000000000001
R13: ffff8881003df978 R14: 000000000000000d R15: 000000000000000d
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
kasan_save_stack+0x42/0x60 mm/kasan/common.c:58
kasan_save_track+0x17/0x60 mm/kasan/common.c:78
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x43/0x70 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2685 [inline]
slab_free mm/slub.c:6165 [inline]
kmem_cache_free+0xb8/0x3d0 mm/slub.c:6295
avc_node_free+0x45/0x60 security/selinux/avc.c:433
rcu_do_batch kernel/rcu/tree.c:2617 [inline]
rcu_core+0x521/0x1820 kernel/rcu/tree.c:2869
handle_softirqs+0x1b8/0x640 kernel/softirq.c:622
run_ksoftirqd kernel/softirq.c:1063 [inline]
run_ksoftirqd+0x22/0x30 kernel/softirq.c:1055
smpboot_thread_fn+0x3f9/0x910 kernel/smpboot.c:160
kthread+0x33b/0x440 kernel/kthread.c:436
ret_from_fork+0x3e0/0x7f0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
</TASK>
Modules linked in:
CR2: 000000d60000001d
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#5] SMP KASAN NOPTI
RIP: 0010:__fget_light fs/file.c:1198 [inline]
RIP: 0010:fdget fs/file.c:1210 [inline]
RIP: 0010:fdget_pos+0x171/0x590 fs/file.c:1256
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
CPU: 4 UID: 0 PID: 14811 Comm: syz.2.1265 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
Tainted: [B]=BAD_PAGE, [D]=DIE
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RIP: 0010:update_curr+0x26/0x570 kernel/sched/fair.c:1293
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Code: 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 48 53 48 89 fa 48 c1 ea 03 48 83 ec 08 <80> 3c 02 00 0f 85 4a 04 00 00 48 8d bd 38 01 00 00 48 8b 5d 48 48
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
RSP: 0018:ffff88818f108bf8 EFLAGS: 00010092
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000000f341c
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
R10: ffff8881033a2100 R11: ffff8881033a20a0 R12: 0000000000000138
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff88811938c800 R15: dffffc0000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
FS: 00007f2bef746640(0000) GS:ffff8881f4b0f000(0000) knlGS:0000000000000000
----------------
Code disassembly (best guess):
0: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
7: fc ff df
a: 48 89 fa mov %rdi,%rdx
d: 48 c1 ea 03 shr $0x3,%rdx
11: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx
15: 48 89 f8 mov %rdi,%rax
18: 83 e0 07 and $0x7,%eax
1b: 83 c0 03 add $0x3,%eax
1e: 38 d0 cmp %dl,%al
20: 7c 08 jl 0x2a
22: 84 d2 test %dl,%dl
24: 0f 85 11 03 00 00 jne 0x33b
* 2a: 8b 6b 04 mov 0x4(%rbx),%ebp <-- trapping instruction
2d: 31 ff xor %edi,%edi
2f: 81 e5 00 40 00 00 and $0x4000,%ebp
35: 89 ee mov %ebp,%esi
37: e8 cd c7 bb ff call 0xffbbc809
3c: 85 ed test %ebp,%ebp
3e: 0f .byte 0xf
3f: 85 .byte 0x85
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Write of size 4 at addr 00000000ffff89c9 by task modprobe/14872
BUG: unable to handle page fault for address: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xab/0xe0
kasan_report+0xce/0x100
kasan_check_range+0x100/0x1b0
mmput+0xf5/0x320
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
==================================================================
#PF: supervisor read access in kernel mode
#PF: error_code(0x0009) - reserved bit violation
PGD 18e505067 P4D 18e505067 PUD 1008e7063 PMD 119177063 PTE 1bbbc16380000001
Oops: Oops: 0009 [#1] SMP KASAN NOPTI
CPU: 2 UID: 0 PID: 13130 Comm: syz-executor Tainted: G B 7.0.0-rc6 #1 PREEMPT(lazy)
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:fdget_pos+0x171/0x590
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
FS: 000055557b175500(0000) GS:ffff8881f4a8f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88811bbb9604 CR3: 0000000102fb2000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
do_writev+0x75/0x340
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc25aa0d0cd
Code: 01 c8 48 89 38 48 89 48 08 48 39 c6 75 df 41 b9 14 00 00 00 66 0f 1f 84 00 00 00 00 00 48 89 de bf 02 00 00 00 44 89 c8 0f 05 <48> 83 f8 fc 74 ed 45 85 ff 0f 84 98 00 00 00 45 31 c9 b9 22 00 00
RSP: 002b:00007ffe841fe030 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007ffe841fe030 RCX: 00007fc25aa0d0cd
RDX: 0000000000000003 RSI: 00007ffe841fe030 RDI: 0000000000000002
RBP: 00007ffe841fe160 R08: 000000000000002c R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000001
</TASK>
Modules linked in:
CR2: ffff88811bbb9604
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: ffff88811bbb9204
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0009) - reserved bit violation
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 18e505067 P4D 18e505067
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
PUD 1008e7063
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
PMD 119177063
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
PTE 1bbbc16380000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Oops: Oops: 0009 [#2] SMP KASAN NOPTI
FS: 000055557b175500(0000) GS:ffff8881f4a8f000(0000) knlGS:0000000000000000
CPU: 0 UID: 0 PID: 274 Comm: syz-executor Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Tainted: [B]=BAD_PAGE, [D]=DIE
CR2: ffff88811bbb9604 CR3: 0000000102fb2000 CR4: 0000000000350ef0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RIP: 0010:fdget+0x16d/0x430
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f4 01 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 01 f4 bb ff 85 ed 75 2a
note: syz-executor[13130] exited with irqs disabled
RSP: 0018:ffff88811a3bf658 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88811bbb9200 RCX: ffffffff94d4550f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9204
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102005e618
R10: 0000000000000001 R11: ffff88811986ac40 R12: ffff8881002f30c0
R13: 0000000000000016 R14: 0000000000400000 R15: 0000000000000016
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
do_select+0xb57/0x16f0
core_sys_select+0x2e6/0x680
do_pselect.constprop.0+0x19f/0x1e0
__x64_sys_pselect6+0x182/0x240
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fab3a647524
Code: 00 00 00 4c 8d 4c 24 40 85 c0 75 36 4c 89 f2 b8 0e 01 00 00 0f 05 48 3d 00 f0 ff ff 0f 87 80 00 00 00 48 8b 54 24 58 64 48 2b <14> 25 28 00 00 00 0f 85 9f 00 00 00 48 83 c4 68 41 5c 41 5e c3 0f
RSP: 002b:00007ffec6b8eff0 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007ffec6b8f530 RCX: 00007fab3a647524
RDX: 0000000000000000 RSI: 00007ffec6b8f160 RDI: 000000000000002a
RBP: 0000000000000027 R08: 00007ffec6b8f020 R09: 00007ffec6b8f030
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec6b8f160
R13: 00007ffec6b8f100 R14: 0000000000000000 R15: 00005555620bc790
</TASK>
Modules linked in:
CR2: ffff88811bbb9204
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 00000000ffff89c9
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor write access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0002) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Oops: Oops: 0002 [#3] SMP KASAN NOPTI
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Tainted: [B]=BAD_PAGE, [D]=DIE
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RIP: 0010:mmput+0xf5/0x320
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fa 01 00 00 48 8b 45 20 be 04 00 00 00 4c 8d a0 48 01 00 00 4c 89 e7 e8 eb 48 6f 00 <f0> 41 ff 04 24 48 89 ef e8 be d9 72 00 e8 19 1f 37 00 48 8d ab b8
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RSP: 0018:ffff88811574fde0 EFLAGS: 00010246
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
RAX: 0000000000000000 RBX: ffff888105862b80 RCX: ffffffff94c85206
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
RDX: ffff888104d28000 RSI: 0000000000000000 RDI: 0000000000000007
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
RBP: ffff888119042400 R08: 0000000000000001 R09: fffffbfff34cae2c
note: syz-executor[274] exited with irqs disabled
R10: 0000000000000000 R11: fffffffffffea348 R12: 00000000ffff89c9
R13: ffff888105862d10 R14: 0000000000000000 R15: ffff8881009cbc00
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
Call Trace:
<TASK>
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
Modules linked in:
CR2: 00000000ffff89c9
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 000000d60000001d
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0000) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
Oops: Oops: 0000 [#4] SMP KASAN NOPTI
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Tainted: [B]=BAD_PAGE, [D]=DIE
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
RSP: 0018:ffff8881003df920 EFLAGS: 00010292
note: modprobe[14872] exited with irqs disabled
RAX: 00000000499a352c RBX: 00000000499a352c RCX: ffff8881816352c0
RDX: ffffffff9440477a RSI: 0000000000000002 RDI: 000000006fa49abc
RBP: 000000d60000000d R08: ffffffff996a3fd0 R09: ffff8881003df878
R10: 00000000553bcf3b R11: 00000000682d263e R12: 0000000000000001
R13: ffff8881003df978 R14: 000000000000000d R15: 000000000000000d
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
kasan_save_stack+0x42/0x60
kasan_save_track+0x17/0x60
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x43/0x70
kmem_cache_free+0xb8/0x3d0
avc_node_free+0x45/0x60
rcu_core+0x521/0x1820
handle_softirqs+0x1b8/0x640
run_ksoftirqd+0x22/0x30
smpboot_thread_fn+0x3f9/0x910
kthread+0x33b/0x440
ret_from_fork+0x3e0/0x7f0
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
CR2: 000000d60000001d
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#5] SMP KASAN NOPTI
RIP: 0010:fdget_pos+0x171/0x590
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
CPU: 4 UID: 0 PID: 14811 Comm: syz.2.1265 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
Tainted: [B]=BAD_PAGE, [D]=DIE
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RIP: 0010:update_curr+0x26/0x570
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Code: 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 48 53 48 89 fa 48 c1 ea 03 48 83 ec 08 <80> 3c 02 00 0f 85 4a 04 00 00 48 8d bd 38 01 00 00 48 8b 5d 48 48
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
RSP: 0018:ffff88818f108bf8 EFLAGS: 00010092
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000000f341c
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
R10: ffff8881033a2100 R11: ffff8881033a20a0 R12: 0000000000000138
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff88811938c800 R15: dffffc0000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
FS: 00007f2bef746640(0000) GS:ffff8881f4b0f000(0000) knlGS:0000000000000000
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000001
</TASK>
Modules linked in:
CR2: ffff88811bbb9604
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: ffff88811bbb9204
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0009) - reserved bit violation
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 18e505067 P4D 18e505067
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
PUD 1008e7063
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
PMD 119177063
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
PTE 1bbbc16380000001
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Oops: Oops: 0009 [#2] SMP KASAN NOPTI
FS: 000055557b175500(0000) GS:ffff8881f4a8f000(0000) knlGS:0000000000000000
CPU: 0 UID: 0 PID: 274 Comm: syz-executor Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Tainted: [B]=BAD_PAGE, [D]=DIE
CR2: ffff88811bbb9604 CR3: 0000000102fb2000 CR4: 0000000000350ef0
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RIP: 0010:fdget+0x16d/0x430
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f4 01 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 01 f4 bb ff 85 ed 75 2a
note: syz-executor[13130] exited with irqs disabled
RSP: 0018:ffff88811a3bf658 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88811bbb9200 RCX: ffffffff94d4550f
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9204
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102005e618
R10: 0000000000000001 R11: ffff88811986ac40 R12: ffff8881002f30c0
R13: 0000000000000016 R14: 0000000000400000 R15: 0000000000000016
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
do_select+0xb57/0x16f0
core_sys_select+0x2e6/0x680
do_pselect.constprop.0+0x19f/0x1e0
__x64_sys_pselect6+0x182/0x240
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fab3a647524
Code: 00 00 00 4c 8d 4c 24 40 85 c0 75 36 4c 89 f2 b8 0e 01 00 00 0f 05 48 3d 00 f0 ff ff 0f 87 80 00 00 00 48 8b 54 24 58 64 48 2b <14> 25 28 00 00 00 0f 85 9f 00 00 00 48 83 c4 68 41 5c 41 5e c3 0f
RSP: 002b:00007ffec6b8eff0 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00007ffec6b8f530 RCX: 00007fab3a647524
RDX: 0000000000000000 RSI: 00007ffec6b8f160 RDI: 000000000000002a
RBP: 0000000000000027 R08: 00007ffec6b8f020 R09: 00007ffec6b8f030
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec6b8f160
R13: 00007ffec6b8f100 R14: 0000000000000000 R15: 00005555620bc790
</TASK>
Modules linked in:
CR2: ffff88811bbb9204
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 00000000ffff89c9
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor write access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0002) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Oops: Oops: 0002 [#3] SMP KASAN NOPTI
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Tainted: [B]=BAD_PAGE, [D]=DIE
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RIP: 0010:mmput+0xf5/0x320
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fa 01 00 00 48 8b 45 20 be 04 00 00 00 4c 8d a0 48 01 00 00 4c 89 e7 e8 eb 48 6f 00 <f0> 41 ff 04 24 48 89 ef e8 be d9 72 00 e8 19 1f 37 00 48 8d ab b8
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RSP: 0018:ffff88811574fde0 EFLAGS: 00010246
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
RAX: 0000000000000000 RBX: ffff888105862b80 RCX: ffffffff94c85206
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
RDX: ffff888104d28000 RSI: 0000000000000000 RDI: 0000000000000007
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
RBP: ffff888119042400 R08: 0000000000000001 R09: fffffbfff34cae2c
note: syz-executor[274] exited with irqs disabled
R10: 0000000000000000 R11: fffffffffffea348 R12: 00000000ffff89c9
R13: ffff888105862d10 R14: 0000000000000000 R15: ffff8881009cbc00
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
Call Trace:
<TASK>
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
Modules linked in:
CR2: 00000000ffff89c9
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 000000d60000001d
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0000) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
Oops: Oops: 0000 [#4] SMP KASAN NOPTI
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Tainted: [B]=BAD_PAGE, [D]=DIE
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
RSP: 0018:ffff8881003df920 EFLAGS: 00010292
note: modprobe[14872] exited with irqs disabled
RAX: 00000000499a352c RBX: 00000000499a352c RCX: ffff8881816352c0
RDX: ffffffff9440477a RSI: 0000000000000002 RDI: 000000006fa49abc
RBP: 000000d60000000d R08: ffffffff996a3fd0 R09: ffff8881003df878
R10: 00000000553bcf3b R11: 00000000682d263e R12: 0000000000000001
R13: ffff8881003df978 R14: 000000000000000d R15: 000000000000000d
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
kasan_save_stack+0x42/0x60
kasan_save_track+0x17/0x60
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x43/0x70
kmem_cache_free+0xb8/0x3d0
avc_node_free+0x45/0x60
rcu_core+0x521/0x1820
handle_softirqs+0x1b8/0x640
run_ksoftirqd+0x22/0x30
smpboot_thread_fn+0x3f9/0x910
kthread+0x33b/0x440
ret_from_fork+0x3e0/0x7f0
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
CR2: 000000d60000001d
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#5] SMP KASAN NOPTI
RIP: 0010:fdget_pos+0x171/0x590
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
CPU: 4 UID: 0 PID: 14811 Comm: syz.2.1265 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
Tainted: [B]=BAD_PAGE, [D]=DIE
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RIP: 0010:update_curr+0x26/0x570
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Code: 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 48 53 48 89 fa 48 c1 ea 03 48 83 ec 08 <80> 3c 02 00 0f 85 4a 04 00 00 48 8d bd 38 01 00 00 48 8b 5d 48 48
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
RSP: 0018:ffff88818f108bf8 EFLAGS: 00010092
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000000f341c
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
R10: ffff8881033a2100 R11: ffff8881033a20a0 R12: 0000000000000138
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff88811938c800 R15: dffffc0000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
FS: 00007f2bef746640(0000) GS:ffff8881f4b0f000(0000) knlGS:0000000000000000
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
R13: 00007ffec6b8f100 R14: 0000000000000000 R15: 00005555620bc790
</TASK>
Modules linked in:
CR2: ffff88811bbb9204
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 00000000ffff89c9
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor write access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0002) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Oops: Oops: 0002 [#3] SMP KASAN NOPTI
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
CPU: 5 UID: 0 PID: 14872 Comm: modprobe Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Tainted: [B]=BAD_PAGE, [D]=DIE
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RIP: 0010:mmput+0xf5/0x320
FS: 00005555620a7500(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fa 01 00 00 48 8b 45 20 be 04 00 00 00 4c 8d a0 48 01 00 00 4c 89 e7 e8 eb 48 6f 00 <f0> 41 ff 04 24 48 89 ef e8 be d9 72 00 e8 19 1f 37 00 48 8d ab b8
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RSP: 0018:ffff88811574fde0 EFLAGS: 00010246
CR2: ffff88811bbb9204 CR3: 000000011a265000 CR4: 0000000000350ef0
RAX: 0000000000000000 RBX: ffff888105862b80 RCX: ffffffff94c85206
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
RDX: ffff888104d28000 RSI: 0000000000000000 RDI: 0000000000000007
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
RBP: ffff888119042400 R08: 0000000000000001 R09: fffffbfff34cae2c
note: syz-executor[274] exited with irqs disabled
R10: 0000000000000000 R11: fffffffffffea348 R12: 00000000ffff89c9
R13: ffff888105862d10 R14: 0000000000000000 R15: ffff8881009cbc00
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
Call Trace:
<TASK>
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bd0daf409
Code: Unable to access opcode bytes at 0x7f5bd0daf3df.
RSP: 002b:00007ffedb54c248 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bd0eaa9e0 RCX: 00007f5bd0daf409
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffff80 R09: 00007ffedb54c15f
R10: 00007ffedb54c0c0 R11: 0000000000000246 R12: 00007f5bd0eaa9e0
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
Modules linked in:
CR2: 00000000ffff89c9
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 000000d60000001d
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0000) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
Oops: Oops: 0000 [#4] SMP KASAN NOPTI
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Tainted: [B]=BAD_PAGE, [D]=DIE
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
RSP: 0018:ffff8881003df920 EFLAGS: 00010292
note: modprobe[14872] exited with irqs disabled
RAX: 00000000499a352c RBX: 00000000499a352c RCX: ffff8881816352c0
RDX: ffffffff9440477a RSI: 0000000000000002 RDI: 000000006fa49abc
RBP: 000000d60000000d R08: ffffffff996a3fd0 R09: ffff8881003df878
R10: 00000000553bcf3b R11: 00000000682d263e R12: 0000000000000001
R13: ffff8881003df978 R14: 000000000000000d R15: 000000000000000d
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
kasan_save_stack+0x42/0x60
kasan_save_track+0x17/0x60
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x43/0x70
kmem_cache_free+0xb8/0x3d0
avc_node_free+0x45/0x60
rcu_core+0x521/0x1820
handle_softirqs+0x1b8/0x640
run_ksoftirqd+0x22/0x30
smpboot_thread_fn+0x3f9/0x910
kthread+0x33b/0x440
ret_from_fork+0x3e0/0x7f0
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
CR2: 000000d60000001d
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#5] SMP KASAN NOPTI
RIP: 0010:fdget_pos+0x171/0x590
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
CPU: 4 UID: 0 PID: 14811 Comm: syz.2.1265 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
Tainted: [B]=BAD_PAGE, [D]=DIE
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RIP: 0010:update_curr+0x26/0x570
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Code: 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 48 53 48 89 fa 48 c1 ea 03 48 83 ec 08 <80> 3c 02 00 0f 85 4a 04 00 00 48 8d bd 38 01 00 00 48 8b 5d 48 48
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
RSP: 0018:ffff88818f108bf8 EFLAGS: 00010092
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000000f341c
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
R10: ffff8881033a2100 R11: ffff8881033a20a0 R12: 0000000000000138
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff88811938c800 R15: dffffc0000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
FS: 00007f2bef746640(0000) GS:ffff8881f4b0f000(0000) knlGS:0000000000000000
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
R13: 00007f5bd0eb02e0 R14: 0000000000000001 R15: 00007f5bd0eb02c8
</TASK>
Modules linked in:
CR2: 00000000ffff89c9
---[ end trace 0000000000000000 ]---
BUG: unable to handle page fault for address: 000000d60000001d
RIP: 0010:fdget_pos+0x171/0x590
#PF: supervisor read access in kernel mode
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
#PF: error_code(0x0000) - not-present page
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
PGD 0 P4D 0
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
Oops: Oops: 0000 [#4] SMP KASAN NOPTI
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
CPU: 0 UID: 0 PID: 14 Comm: ksoftirqd/0 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
Tainted: [B]=BAD_PAGE, [D]=DIE
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
FS: 0000000000000000(0000) GS:ffff8881f4b4f000(0000) knlGS:0000000000000000
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
CR2: 00000000ffff89c9 CR3: 000000018c872000 CR4: 0000000000350ef0
RSP: 0018:ffff8881003df920 EFLAGS: 00010292
note: modprobe[14872] exited with irqs disabled
RAX: 00000000499a352c RBX: 00000000499a352c RCX: ffff8881816352c0
RDX: ffffffff9440477a RSI: 0000000000000002 RDI: 000000006fa49abc
RBP: 000000d60000000d R08: ffffffff996a3fd0 R09: ffff8881003df878
R10: 00000000553bcf3b R11: 00000000682d263e R12: 0000000000000001
R13: ffff8881003df978 R14: 000000000000000d R15: 000000000000000d
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<TASK>
kasan_save_stack+0x42/0x60
kasan_save_track+0x17/0x60
kasan_save_free_info+0x3b/0x60
__kasan_slab_free+0x43/0x70
kmem_cache_free+0xb8/0x3d0
avc_node_free+0x45/0x60
rcu_core+0x521/0x1820
handle_softirqs+0x1b8/0x640
run_ksoftirqd+0x22/0x30
smpboot_thread_fn+0x3f9/0x910
kthread+0x33b/0x440
ret_from_fork+0x3e0/0x7f0
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
CR2: 000000d60000001d
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#5] SMP KASAN NOPTI
RIP: 0010:fdget_pos+0x171/0x590
KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 11 03 00 00 <8b> 6b 04 31 ff 81 e5 00 40 00 00 89 ee e8 cd c7 bb ff 85 ed 0f 85
CPU: 4 UID: 0 PID: 14811 Comm: syz.2.1265 Tainted: G B D 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff88816a6afe30 EFLAGS: 00010246
Tainted: [B]=BAD_PAGE, [D]=DIE
RAX: 0000000000000007 RBX: ffff88811bbb9600 RCX: ffffffff94d48143
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88811bbb9604
RIP: 0010:update_curr+0x26/0x570
RBP: ffffffffffffffff R08: 0000000000000000 R09: ffffed102075f548
Code: 90 90 90 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54 55 48 89 fd 48 83 c7 48 53 48 89 fa 48 c1 ea 03 48 83 ec 08 <80> 3c 02 00 0f 85 4a 04 00 00 48 8d bd 38 01 00 00 48 8b 5d 48 48
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888103afaa40
RSP: 0018:ffff88818f108bf8 EFLAGS: 00010092
R13: 0000000000000002 R14: 0000000000000000 R15: dffffc0000000000
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 00000000000f341c
FS: 0000000000000000(0000) GS:ffff8881f4a0f000(0000) knlGS:0000000000000000
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000048
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
CR2: 000000d60000001d CR3: 000000011a265000 CR4: 0000000000350ef0
R10: ffff8881033a2100 R11: ffff8881033a20a0 R12: 0000000000000138
DR0: 0000200000000000 DR1: 0000000000000000 DR2: 0000000000000000
R13: 0000000000000000 R14: ffff88811938c800 R15: dffffc0000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
FS: 00007f2bef746640(0000) GS:ffff8881f4b0f000(0000) knlGS:0000000000000000
Thanks,
Forrest021