[BUG] KASAN: user-memory-access in free_pgtables
From: Huang Forrest
Date: Sat Apr 25 2026 - 05:50:19 EST
Hello,
I found the following issue with syzkaller on:
HEAD commit: 7aaa8047eafd (HEAD -> master, tag: v7.0-rc6, origin/master, origin/HEAD) Linux 7.0-rc6.
git tree: https://github.com/torvalds/linux.git master
console output: N/A (local fuzzing run did not capture full serial console; only report0/log0 saved)
kernel config: https://gist.githubusercontent.com/Forest-kernel/354e7c56522ab60f29c8b96e7429e2e3/raw/97bb1e7d6f9406da5bd07e999c3634f250a5db0c/config.txt
dashboard link: N/A for local dashboard
compiler: gcc (Ubuntu 12.3.0-1ubuntu1~22.04) 12.3.0
userspace arch: x86_64
I don't have any reproducer for this issue yet.
Suspected root cause:
The first report message is "get_swap_device: Bad swap file entry", immediately followed by a WARN in swap_put_entries_direct() (mm/swapfile.c:1909).
I suspect that the root cause falls in these two possibilities:
1. The bad swap entry may itself be just a symptom: a prior unnoticed memory corruption like a UAF could have corrupted a swap entry/PTE/VMA field, which then surfaces as the WARNING occurs.
2. Alternatively, the swap entry issue itself might be the real trigger: a logic bug could let an invalid entry reach swap accounting , corrupting swap metadata and then leading to more serious secondary faults like user-memory-access.
The following full report also in https://gist.github.com/Forest-kernel/725ce788c4374d8e4945e5a13c67362e
==================================================================
get_swap_device: Bad swap file entry 80162affc3fffff
BUG: KASAN: user-memory-access in instrument_atomic_read include/linux/instrumented.h:82 [inline]
BUG: KASAN: user-memory-access in atomic_long_read include/linux/atomic/atomic-instrumented.h:3188 [inline]
BUG: KASAN: user-memory-access in rwsem_assert_held_write_nolockdep include/linux/rwsem.h:87 [inline]
BUG: KASAN: user-memory-access in rwsem_assert_held_write include/linux/rwsem.h:223 [inline]
BUG: KASAN: user-memory-access in mmap_assert_write_locked include/linux/mmap_lock.h:76 [inline]
BUG: KASAN: user-memory-access in __vma_raw_mm_seqnum include/linux/mmap_lock.h:272 [inline]
BUG: KASAN: user-memory-access in __is_vma_write_locked include/linux/mmap_lock.h:288 [inline]
BUG: KASAN: user-memory-access in vma_start_write include/linux/mmap_lock.h:300 [inline]
BUG: KASAN: user-memory-access in free_pgtables+0x53e/0xcd0 mm/memory.c:413
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 5123 Comm: syz-executor Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:pick_next_entity kernel/sched/fair.c:5547 [inline]
RIP: 0010:pick_task_fair+0x89/0x1e0 kernel/sched/fair.c:8966
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
------------[ cut here ]------------
WARNING: mm/swapfile.c:1909 at swap_put_entries_direct+0x1be/0x2c0 mm/swapfile.c:1909, CPU#2: syz-executor/3650
Modules linked in:
CPU: 2 UID: 0 PID: 3650 Comm: syz-executor Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:swap_put_entries_direct+0x1be/0x2c0 mm/swapfile.c:1909
Code: 48 8b 44 24 58 65 48 2b 05 c7 e0 9c 05 0f 85 db 00 00 00 48 83 c4 60 5b 5d 41 5c 41 5d 41 5e e9 68 9c ef 02 e8 93 21 cc ff 90 <0f> 0b 90 eb b9 e8 88 21 cc ff 49 8d 6c 24 08 48 b8 00 00 00 00 00
RSP: 0018:ffff88810bd0f768 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 000162affc3fffff RCX: ffffffffaae42f5d
RDX: ffff888113315640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000162affc400000 R08: 0000000000000001 R09: ffffed10217a1e92
R10: 0000000000000000 R11: 706177735f746567 R12: 0000000000000000
R13: 1ffff110217a1eed R14: dffffc0000000000 R15: ffff888117002000
FS: 0000000000000000(0000) GS:ffff88816a88f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 00000001014b7000 CR4: 0000000000350ef0
Call Trace:
<TASK>
zap_nonpresent_ptes mm/memory.c:1764 [inline]
do_zap_pte_range mm/memory.c:1831 [inline]
zap_pte_range mm/memory.c:1929 [inline]
zap_pmd_range mm/memory.c:2021 [inline]
zap_pud_range mm/memory.c:2049 [inline]
zap_p4d_range mm/memory.c:2070 [inline]
unmap_page_range+0x1645/0x3f40 mm/memory.c:2091
unmap_single_vma+0x153/0x240 mm/memory.c:2133
unmap_vmas+0x248/0x530 mm/memory.c:2171
exit_mmap+0x1ee/0x800 mm/mmap.c:1302
__mmput kernel/fork.c:1175 [inline]
mmput+0x6c/0x320 kernel/fork.c:1198
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
Read of size 8 at addr 0000000100000190 by task syz.2.164/6127
CPU: 5 UID: 0 PID: 6127 Comm: syz.2.164 Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xab/0xe0 lib/dump_stack.c:120
kasan_report+0xce/0x100 mm/kasan/report.c:595
check_region_inline mm/kasan/generic.c:194 [inline]
kasan_check_range+0x100/0x1b0 mm/kasan/generic.c:200
instrument_atomic_read include/linux/instrumented.h:82 [inline]
atomic_long_read include/linux/atomic/atomic-instrumented.h:3188 [inline]
rwsem_assert_held_write_nolockdep include/linux/rwsem.h:87 [inline]
rwsem_assert_held_write include/linux/rwsem.h:223 [inline]
mmap_assert_write_locked include/linux/mmap_lock.h:76 [inline]
__vma_raw_mm_seqnum include/linux/mmap_lock.h:272 [inline]
__is_vma_write_locked include/linux/mmap_lock.h:288 [inline]
vma_start_write include/linux/mmap_lock.h:300 [inline]
free_pgtables+0x53e/0xcd0 mm/memory.c:413
exit_mmap+0x362/0x800 mm/mmap.c:1314
__mmput kernel/fork.c:1175 [inline]
mmput+0x6c/0x320 kernel/fork.c:1198
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
do_group_exit+0xc7/0x280 kernel/exit.c:1118
get_signal+0x20d2/0x2150 kernel/signal.c:3034
arch_do_signal_or_restart+0x8f/0x7a0 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0x6b/0x4c0 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
do_syscall_64+0x46d/0x580 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38134f777d
Code: Unable to access opcode bytes at 0x7f38134f7753.
RSP: 002b:00007f3811f36fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 00007f3813785fa0 RCX: 00007f38134f777d
RDX: 000000000000004e RSI: 00002000000000c0 RDI: 000000000000000c
RBP: 00007f3813594d74 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3813786038 R14: 00007f3813785fa0 R15: 00007f3811f17000
</TASK>
==================================================================
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
Call Trace:
<TASK>
pick_next_task_fair+0x98/0x1c60 kernel/sched/fair.c:8990
__do_sys_exit kernel/exit.c:1085 [inline]
__se_sys_exit kernel/exit.c:1083 [inline]
__x64_sys_exit+0x42/0x50 kernel/exit.c:1083
x64_sys_call+0x154f/0x1760 arch/x86/include/generated/asm/syscalls_64.h:61
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd94161777d
Code: Unable to access opcode bytes at 0x7fd941617753.
__pick_next_task kernel/sched/core.c:5929 [inline]
pick_next_task kernel/sched/core.c:6468 [inline]
__schedule+0x7ce/0x3ee0 kernel/sched/core.c:6852
RSP: 002b:00007fff7d837098 EFLAGS: 00000246
ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fd94161777d
RDX: 00007fd94165859a RSI: 00007fff7d8370c0 RDI: 000000000000000b
preempt_schedule_irq+0x49/0x80 kernel/sched/core.c:7238
RBP: 0000000000000000 R08: 00007fd9423e5000 R09: 0000000000007228
irqentry_exit+0xc1/0x660 kernel/entry/common.c:239
R10: 0000000000000053 R11: 0000000000000246 R12: 0000000000000000
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
RIP: 0010:__rcu_read_unlock+0x88/0xf0 kernel/rcu/tree_plugin.h:435
</TASK>
Code: fc ff df 48 89 fa 48 c1 ea 03 83 eb 01 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41 89 9c 24 3c 04 00 00 <85> db 75 37 48 8d bd 40 04 00 00 48 b8 00 00 00 00 00 fc ff df 48
---[ end trace 0000000000000000 ]---
RSP: 0018:ffff888110adf6e0 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffff888110ae0001
RDX: 0000000000000000 RSI: ffff888110adfdb0 RDI: ffff888100ec26bc
RBP: ffff888100ec2280 R08: 0000000000000001 R09: ffff888110adf7b0
R10: ffff888110adf770 R11: 0000000000009963 R12: ffff888100ec2280
R13: ffff888110adf770 R14: ffff888110adfde0 R15: ffff888110adfdd8
rcu_read_unlock include/linux/rcupdate.h:883 [inline]
class_rcu_destructor include/linux/rcupdate.h:1193 [inline]
unwind_next_frame+0x39d/0x2400 arch/x86/kernel/unwind_orc.c:495
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:57
kasan_save_track+0x17/0x60 mm/kasan/common.c:78
poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
__kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:415
kmalloc_noprof include/linux/slab.h:950 [inline]
slab_free_hook mm/slub.c:2637 [inline]
slab_free mm/slub.c:6165 [inline]
kmem_cache_free+0x245/0x3d0 mm/slub.c:6295
tear_down_vmas+0x182/0x3a0 mm/mmap.c:1264
exit_mmap+0x37f/0x800 mm/mmap.c:1322
__mmput kernel/fork.c:1175 [inline]
mmput+0x6c/0x320 kernel/fork.c:1198
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
do_group_exit+0xc7/0x280 kernel/exit.c:1118
__do_sys_exit_group kernel/exit.c:1129 [inline]
__se_sys_exit_group kernel/exit.c:1127 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1127
x64_sys_call+0x16cd/0x1760 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb99736777d
Code: Unable to access opcode bytes at 0x7fb997367753.
RSP: 002b:00007ffd98c095f8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fb99736777d
RDX: 00007fb9973a859a RSI: 0000000000000000 RDI: 000000000000000b
RBP: 00007ffd98c09bfc R08: 0000000000000000 R09: 000000000000000b
R10: 000000000000000e R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000007221 R14: 0000000000000000 R15: 00000000000071f9
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xe1d646401ffff12b: 0000 [#2] SMP KASAN NOPTI
RIP: 0010:pick_next_entity kernel/sched/fair.c:5547 [inline]
RIP: 0010:pick_task_fair+0x89/0x1e0 kernel/sched/fair.c:8966
KASAN: maybe wild-memory-access in range [0x0eb25200ffff8958-0x0eb25200ffff895f]
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
CPU: 1 UID: 0 PID: 3489 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
RIP: 0010:cpuacct_account_field+0x8c/0x110 kernel/sched/cpuacct.c:357
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
Code: fb 00 bb cf ae 74 5b 48 bd 00 00 00 00 00 fc ff df 48 63 f6 4c 8d 24 f5 00 00 00 00 48 8d bb d8 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 75 41 48 8b 83 d8 00 00 00 48 8d bb b8 00 00 00 4c 01
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RSP: 0018:ffff88811b048c88 EFLAGS: 00010016
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RAX: 01d64a401ffff12b RBX: 0eb25200ffff8881 RCX: 0000000000010000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
RDX: 1ffff11022e6cb02 RSI: 0000000000000002 RDI: 0eb25200ffff8959
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed102360919a
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
R10: 0000000000015a2a R11: ffff88811b048ff8 R12: 0000000000000010
note: syz-executor[5123] exited with irqs disabled
R13: 00000000000f4240 R14: ffff888104356500 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
cgroup_account_cputime_field include/linux/cgroup.h:755 [inline]
task_group_account_field kernel/sched/cputime.c:115 [inline]
account_system_index_time+0x113/0x1f0 kernel/sched/cputime.c:178
update_process_times+0x82/0x1f0 kernel/time/timer.c:2472
tick_sched_handle kernel/time/tick-sched.c:298 [inline]
tick_nohz_handler+0x5a1/0x710 kernel/time/tick-sched.c:319
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x411/0x8a0 kernel/time/hrtimer.c:1849
hrtimer_interrupt+0x2f4/0x7c0 kernel/time/hrtimer.c:1911
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
__sysvec_apic_timer_interrupt+0x88/0x2d0 arch/x86/kernel/apic/apic.c:1062
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0x67/0x80 arch/x86/kernel/apic/apic.c:1056
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80 kernel/kcov.c:216
Code: 00 e9 6c ff ff ff 4d 01 d7 4d 89 39 e9 ef fd ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <65> 48 8b 15 18 bf d0 05 65 8b 05 29 bf d0 05 a9 00 01 ff 00 74 1d
RSP: 0018:ffff8881031477f0 EFLAGS: 00000216
RAX: ffff888100c74680 RBX: 0000000000001000 RCX: ffffffffaad67b73
RDX: ffff88810150d640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: fffff94000040026
R10: 0000000000000000 R11: ffffea00042a5400 R12: ffffea0000200100
R13: 00007f8f51ecf000 R14: dffffc0000000000 R15: ffffea0000200130
zap_pte_range mm/memory.c:1938 [inline]
zap_pmd_range mm/memory.c:2021 [inline]
zap_pud_range mm/memory.c:2049 [inline]
zap_p4d_range mm/memory.c:2070 [inline]
unmap_page_range+0xe53/0x3f40 mm/memory.c:2091
unmap_single_vma+0x153/0x240 mm/memory.c:2133
unmap_vmas+0x248/0x530 mm/memory.c:2171
exit_mmap+0x1ee/0x800 mm/mmap.c:1302
__mmput kernel/fork.c:1175 [inline]
mmput+0x6c/0x320 kernel/fork.c:1198
exit_mm kernel/exit.c:581 [inline]
do_exit+0x7c1/0x28e0 kernel/exit.c:964
__do_sys_exit kernel/exit.c:1085 [inline]
__se_sys_exit kernel/exit.c:1083 [inline]
__x64_sys_exit+0x42/0x50 kernel/exit.c:1083
x64_sys_call+0x154f/0x1760 arch/x86/include/generated/asm/syscalls_64.h:61
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfc/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f52c8777d
Code: Unable to access opcode bytes at 0x7f8f52c87753.
RSP: 002b:00007ffdf12940d8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f8f52c8777d
RDX: 00007f8f52cc859a RSI: 00007ffdf1294100 RDI: 000000000000000b
RBP: 00007ffdf1294740 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000049 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000065 R14: 0000000000000000 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: stack segment: 0000 [#3] SMP KASAN NOPTI
RIP: 0010:pick_next_entity kernel/sched/fair.c:5547 [inline]
RIP: 0010:pick_task_fair+0x89/0x1e0 kernel/sched/fair.c:8966
CPU: 3 UID: 0 PID: 3120 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:find_stack lib/stackdepot.c:610 [inline]
RIP: 0010:stack_depot_save_flags+0x164/0x7f0 lib/stackdepot.c:676
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RSP: 0000:ffff888114a279a8 EFLAGS: 00010096
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RAX: 00000000b8c9dc9e RBX: 00000000b8c9dc9e RCX: ffff88811a3dc9e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
RDX: ffffffffaa4012a6 RSI: 0000000000000003 RDI: 0000000099bcd7db
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RBP: 075200d30000000c R08: ffffffffaf8a3284 R09: ffff888114a27900
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
R10: 00000000b2322418 R11: 000000002c30fd98 R12: 0000000000000001
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
R13: ffff888114a27a00 R14: 000000000000000c R15: 000000000000000c
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
FS: 000055555b109500(0000) GS:ffff88816a8cf000(0000) knlGS:0000000000000000
----------------
Code disassembly (best guess):
0: c0 0f 84 rorb $0x84,(%rdi)
3: 0c 01 or $0x1,%al
5: 00 00 add %al,(%rax)
7: 4d 89 ee mov %r13,%r14
a: eb 6b jmp 0x77
c: 4c 89 f7 mov %r14,%rdi
f: be 01 00 00 00 mov $0x1,%esi
14: e8 c8 14 fe ff call 0xfffe14e1
19: 48 8d 78 59 lea 0x59(%rax),%rdi
1d: 48 89 fa mov %rdi,%rdx
20: 48 89 f9 mov %rdi,%rcx
23: 48 c1 ea 03 shr $0x3,%rdx
27: 83 e1 07 and $0x7,%ecx
* 2a: 42 0f b6 14 3a movzbl (%rdx,%r15,1),%edx <-- trapping instruction
2f: 38 ca cmp %cl,%dl
31: 7f 08 jg 0x3b
33: 84 d2 test %dl,%dl
35: 0f 85 ed 00 00 00 jne 0x128
3b: 80 78 59 00 cmpb $0x0,0x59(%rax)
3f: 0f .byte 0xf
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 5123 Comm: syz-executor Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:pick_task_fair+0x89/0x1e0
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
------------[ cut here ]------------
WARNING: mm/swapfile.c:1909 at swap_put_entries_direct+0x1be/0x2c0, CPU#2: syz-executor/3650
Modules linked in:
CPU: 2 UID: 0 PID: 3650 Comm: syz-executor Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:swap_put_entries_direct+0x1be/0x2c0
Code: 48 8b 44 24 58 65 48 2b 05 c7 e0 9c 05 0f 85 db 00 00 00 48 83 c4 60 5b 5d 41 5c 41 5d 41 5e e9 68 9c ef 02 e8 93 21 cc ff 90 <0f> 0b 90 eb b9 e8 88 21 cc ff 49 8d 6c 24 08 48 b8 00 00 00 00 00
RSP: 0018:ffff88810bd0f768 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 000162affc3fffff RCX: ffffffffaae42f5d
RDX: ffff888113315640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000162affc400000 R08: 0000000000000001 R09: ffffed10217a1e92
R10: 0000000000000000 R11: 706177735f746567 R12: 0000000000000000
R13: 1ffff110217a1eed R14: dffffc0000000000 R15: ffff888117002000
FS: 0000000000000000(0000) GS:ffff88816a88f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 00000001014b7000 CR4: 0000000000350ef0
Call Trace:
<TASK>
unmap_page_range+0x1645/0x3f40
unmap_single_vma+0x153/0x240
unmap_vmas+0x248/0x530
exit_mmap+0x1ee/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
Read of size 8 at addr 0000000100000190 by task syz.2.164/6127
CPU: 5 UID: 0 PID: 6127 Comm: syz.2.164 Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xab/0xe0
kasan_report+0xce/0x100
kasan_check_range+0x100/0x1b0
free_pgtables+0x53e/0xcd0
exit_mmap+0x362/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
get_signal+0x20d2/0x2150
arch_do_signal_or_restart+0x8f/0x7a0
exit_to_user_mode_loop+0x6b/0x4c0
do_syscall_64+0x46d/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38134f777d
Code: Unable to access opcode bytes at 0x7f38134f7753.
RSP: 002b:00007f3811f36fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 00007f3813785fa0 RCX: 00007f38134f777d
RDX: 000000000000004e RSI: 00002000000000c0 RDI: 000000000000000c
RBP: 00007f3813594d74 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3813786038 R14: 00007f3813785fa0 R15: 00007f3811f17000
</TASK>
==================================================================
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
Call Trace:
<TASK>
pick_next_task_fair+0x98/0x1c60
__x64_sys_exit+0x42/0x50
x64_sys_call+0x154f/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd94161777d
Code: Unable to access opcode bytes at 0x7fd941617753.
__schedule+0x7ce/0x3ee0
RSP: 002b:00007fff7d837098 EFLAGS: 00000246
ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fd94161777d
RDX: 00007fd94165859a RSI: 00007fff7d8370c0 RDI: 000000000000000b
preempt_schedule_irq+0x49/0x80
RBP: 0000000000000000 R08: 00007fd9423e5000 R09: 0000000000007228
irqentry_exit+0xc1/0x660
R10: 0000000000000053 R11: 0000000000000246 R12: 0000000000000000
asm_sysvec_apic_timer_interrupt+0x1a/0x20
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
RIP: 0010:__rcu_read_unlock+0x88/0xf0
</TASK>
Code: fc ff df 48 89 fa 48 c1 ea 03 83 eb 01 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41 89 9c 24 3c 04 00 00 <85> db 75 37 48 8d bd 40 04 00 00 48 b8 00 00 00 00 00 fc ff df 48
---[ end trace 0000000000000000 ]---
RSP: 0018:ffff888110adf6e0 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffff888110ae0001
RDX: 0000000000000000 RSI: ffff888110adfdb0 RDI: ffff888100ec26bc
RBP: ffff888100ec2280 R08: 0000000000000001 R09: ffff888110adf7b0
R10: ffff888110adf770 R11: 0000000000009963 R12: ffff888100ec2280
R13: ffff888110adf770 R14: ffff888110adfde0 R15: ffff888110adfdd8
unwind_next_frame+0x39d/0x2400
arch_stack_walk+0x94/0x100
stack_trace_save+0x8e/0xc0
kasan_save_stack+0x33/0x60
kasan_save_track+0x17/0x60
__kasan_kmalloc+0x8f/0xa0
kmem_cache_free+0x245/0x3d0
tear_down_vmas+0x182/0x3a0
exit_mmap+0x37f/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb99736777d
Code: Unable to access opcode bytes at 0x7fb997367753.
RSP: 002b:00007ffd98c095f8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fb99736777d
RDX: 00007fb9973a859a RSI: 0000000000000000 RDI: 000000000000000b
RBP: 00007ffd98c09bfc R08: 0000000000000000 R09: 000000000000000b
R10: 000000000000000e R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000007221 R14: 0000000000000000 R15: 00000000000071f9
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xe1d646401ffff12b: 0000 [#2] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
KASAN: maybe wild-memory-access in range [0x0eb25200ffff8958-0x0eb25200ffff895f]
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
CPU: 1 UID: 0 PID: 3489 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
RIP: 0010:cpuacct_account_field+0x8c/0x110
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
Code: fb 00 bb cf ae 74 5b 48 bd 00 00 00 00 00 fc ff df 48 63 f6 4c 8d 24 f5 00 00 00 00 48 8d bb d8 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 75 41 48 8b 83 d8 00 00 00 48 8d bb b8 00 00 00 4c 01
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RSP: 0018:ffff88811b048c88 EFLAGS: 00010016
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RAX: 01d64a401ffff12b RBX: 0eb25200ffff8881 RCX: 0000000000010000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
RDX: 1ffff11022e6cb02 RSI: 0000000000000002 RDI: 0eb25200ffff8959
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed102360919a
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
R10: 0000000000015a2a R11: ffff88811b048ff8 R12: 0000000000000010
note: syz-executor[5123] exited with irqs disabled
R13: 00000000000f4240 R14: ffff888104356500 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
account_system_index_time+0x113/0x1f0
update_process_times+0x82/0x1f0
tick_nohz_handler+0x5a1/0x710
__hrtimer_run_queues+0x411/0x8a0
hrtimer_interrupt+0x2f4/0x7c0
__sysvec_apic_timer_interrupt+0x88/0x2d0
sysvec_apic_timer_interrupt+0x67/0x80
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80
Code: 00 e9 6c ff ff ff 4d 01 d7 4d 89 39 e9 ef fd ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <65> 48 8b 15 18 bf d0 05 65 8b 05 29 bf d0 05 a9 00 01 ff 00 74 1d
RSP: 0018:ffff8881031477f0 EFLAGS: 00000216
RAX: ffff888100c74680 RBX: 0000000000001000 RCX: ffffffffaad67b73
RDX: ffff88810150d640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: fffff94000040026
R10: 0000000000000000 R11: ffffea00042a5400 R12: ffffea0000200100
R13: 00007f8f51ecf000 R14: dffffc0000000000 R15: ffffea0000200130
unmap_page_range+0xe53/0x3f40
unmap_single_vma+0x153/0x240
unmap_vmas+0x248/0x530
exit_mmap+0x1ee/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
__x64_sys_exit+0x42/0x50
x64_sys_call+0x154f/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f52c8777d
Code: Unable to access opcode bytes at 0x7f8f52c87753.
RSP: 002b:00007ffdf12940d8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f8f52c8777d
RDX: 00007f8f52cc859a RSI: 00007ffdf1294100 RDI: 000000000000000b
RBP: 00007ffdf1294740 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000049 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000065 R14: 0000000000000000 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: stack segment: 0000 [#3] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
CPU: 3 UID: 0 PID: 3120 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RSP: 0000:ffff888114a279a8 EFLAGS: 00010096
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RAX: 00000000b8c9dc9e RBX: 00000000b8c9dc9e RCX: ffff88811a3dc9e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
RDX: ffffffffaa4012a6 RSI: 0000000000000003 RDI: 0000000099bcd7db
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RBP: 075200d30000000c R08: ffffffffaf8a3284 R09: ffff888114a27900
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
R10: 00000000b2322418 R11: 000000002c30fd98 R12: 0000000000000001
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
R13: ffff888114a27a00 R14: 000000000000000c R15: 000000000000000c
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
FS: 000055555b109500(0000) GS:ffff88816a8cf000(0000) knlGS:0000000000000000
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
RIP: 0010:pick_task_fair+0x89/0x1e0
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
------------[ cut here ]------------
WARNING: mm/swapfile.c:1909 at swap_put_entries_direct+0x1be/0x2c0, CPU#2: syz-executor/3650
Modules linked in:
CPU: 2 UID: 0 PID: 3650 Comm: syz-executor Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:swap_put_entries_direct+0x1be/0x2c0
Code: 48 8b 44 24 58 65 48 2b 05 c7 e0 9c 05 0f 85 db 00 00 00 48 83 c4 60 5b 5d 41 5c 41 5d 41 5e e9 68 9c ef 02 e8 93 21 cc ff 90 <0f> 0b 90 eb b9 e8 88 21 cc ff 49 8d 6c 24 08 48 b8 00 00 00 00 00
RSP: 0018:ffff88810bd0f768 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 000162affc3fffff RCX: ffffffffaae42f5d
RDX: ffff888113315640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000162affc400000 R08: 0000000000000001 R09: ffffed10217a1e92
R10: 0000000000000000 R11: 706177735f746567 R12: 0000000000000000
R13: 1ffff110217a1eed R14: dffffc0000000000 R15: ffff888117002000
FS: 0000000000000000(0000) GS:ffff88816a88f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 00000001014b7000 CR4: 0000000000350ef0
Call Trace:
<TASK>
unmap_page_range+0x1645/0x3f40
unmap_single_vma+0x153/0x240
unmap_vmas+0x248/0x530
exit_mmap+0x1ee/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
Read of size 8 at addr 0000000100000190 by task syz.2.164/6127
CPU: 5 UID: 0 PID: 6127 Comm: syz.2.164 Not tainted 7.0.0-rc6 #1 PREEMPT(lazy)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xab/0xe0
kasan_report+0xce/0x100
kasan_check_range+0x100/0x1b0
free_pgtables+0x53e/0xcd0
exit_mmap+0x362/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
get_signal+0x20d2/0x2150
arch_do_signal_or_restart+0x8f/0x7a0
exit_to_user_mode_loop+0x6b/0x4c0
do_syscall_64+0x46d/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38134f777d
Code: Unable to access opcode bytes at 0x7f38134f7753.
RSP: 002b:00007f3811f36fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: fffffffffffffe00 RBX: 00007f3813785fa0 RCX: 00007f38134f777d
RDX: 000000000000004e RSI: 00002000000000c0 RDI: 000000000000000c
RBP: 00007f3813594d74 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f3813786038 R14: 00007f3813785fa0 R15: 00007f3811f17000
</TASK>
==================================================================
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
Call Trace:
<TASK>
pick_next_task_fair+0x98/0x1c60
__x64_sys_exit+0x42/0x50
x64_sys_call+0x154f/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd94161777d
Code: Unable to access opcode bytes at 0x7fd941617753.
__schedule+0x7ce/0x3ee0
RSP: 002b:00007fff7d837098 EFLAGS: 00000246
ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fd94161777d
RDX: 00007fd94165859a RSI: 00007fff7d8370c0 RDI: 000000000000000b
preempt_schedule_irq+0x49/0x80
RBP: 0000000000000000 R08: 00007fd9423e5000 R09: 0000000000007228
irqentry_exit+0xc1/0x660
R10: 0000000000000053 R11: 0000000000000246 R12: 0000000000000000
asm_sysvec_apic_timer_interrupt+0x1a/0x20
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
RIP: 0010:__rcu_read_unlock+0x88/0xf0
</TASK>
Code: fc ff df 48 89 fa 48 c1 ea 03 83 eb 01 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 62 41 89 9c 24 3c 04 00 00 <85> db 75 37 48 8d bd 40 04 00 00 48 b8 00 00 00 00 00 fc ff df 48
---[ end trace 0000000000000000 ]---
RSP: 0018:ffff888110adf6e0 EFLAGS: 00000246
RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffff888110ae0001
RDX: 0000000000000000 RSI: ffff888110adfdb0 RDI: ffff888100ec26bc
RBP: ffff888100ec2280 R08: 0000000000000001 R09: ffff888110adf7b0
R10: ffff888110adf770 R11: 0000000000009963 R12: ffff888100ec2280
R13: ffff888110adf770 R14: ffff888110adfde0 R15: ffff888110adfdd8
unwind_next_frame+0x39d/0x2400
arch_stack_walk+0x94/0x100
stack_trace_save+0x8e/0xc0
kasan_save_stack+0x33/0x60
kasan_save_track+0x17/0x60
__kasan_kmalloc+0x8f/0xa0
kmem_cache_free+0x245/0x3d0
tear_down_vmas+0x182/0x3a0
exit_mmap+0x37f/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
do_group_exit+0xc7/0x280
__x64_sys_exit_group+0x3e/0x50
x64_sys_call+0x16cd/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb99736777d
Code: Unable to access opcode bytes at 0x7fb997367753.
RSP: 002b:00007ffd98c095f8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007fb99736777d
RDX: 00007fb9973a859a RSI: 0000000000000000 RDI: 000000000000000b
RBP: 00007ffd98c09bfc R08: 0000000000000000 R09: 000000000000000b
R10: 000000000000000e R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000007221 R14: 0000000000000000 R15: 00000000000071f9
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xe1d646401ffff12b: 0000 [#2] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
KASAN: maybe wild-memory-access in range [0x0eb25200ffff8958-0x0eb25200ffff895f]
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
CPU: 1 UID: 0 PID: 3489 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
RIP: 0010:cpuacct_account_field+0x8c/0x110
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
Code: fb 00 bb cf ae 74 5b 48 bd 00 00 00 00 00 fc ff df 48 63 f6 4c 8d 24 f5 00 00 00 00 48 8d bb d8 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 75 41 48 8b 83 d8 00 00 00 48 8d bb b8 00 00 00 4c 01
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RSP: 0018:ffff88811b048c88 EFLAGS: 00010016
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RAX: 01d64a401ffff12b RBX: 0eb25200ffff8881 RCX: 0000000000010000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
RDX: 1ffff11022e6cb02 RSI: 0000000000000002 RDI: 0eb25200ffff8959
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed102360919a
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
R10: 0000000000015a2a R11: ffff88811b048ff8 R12: 0000000000000010
note: syz-executor[5123] exited with irqs disabled
R13: 00000000000f4240 R14: ffff888104356500 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
account_system_index_time+0x113/0x1f0
update_process_times+0x82/0x1f0
tick_nohz_handler+0x5a1/0x710
__hrtimer_run_queues+0x411/0x8a0
hrtimer_interrupt+0x2f4/0x7c0
__sysvec_apic_timer_interrupt+0x88/0x2d0
sysvec_apic_timer_interrupt+0x67/0x80
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80
Code: 00 e9 6c ff ff ff 4d 01 d7 4d 89 39 e9 ef fd ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <65> 48 8b 15 18 bf d0 05 65 8b 05 29 bf d0 05 a9 00 01 ff 00 74 1d
RSP: 0018:ffff8881031477f0 EFLAGS: 00000216
RAX: ffff888100c74680 RBX: 0000000000001000 RCX: ffffffffaad67b73
RDX: ffff88810150d640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: fffff94000040026
R10: 0000000000000000 R11: ffffea00042a5400 R12: ffffea0000200100
R13: 00007f8f51ecf000 R14: dffffc0000000000 R15: ffffea0000200130
unmap_page_range+0xe53/0x3f40
unmap_single_vma+0x153/0x240
unmap_vmas+0x248/0x530
exit_mmap+0x1ee/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
__x64_sys_exit+0x42/0x50
x64_sys_call+0x154f/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f52c8777d
Code: Unable to access opcode bytes at 0x7f8f52c87753.
RSP: 002b:00007ffdf12940d8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f8f52c8777d
RDX: 00007f8f52cc859a RSI: 00007ffdf1294100 RDI: 000000000000000b
RBP: 00007ffdf1294740 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000049 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000065 R14: 0000000000000000 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: stack segment: 0000 [#3] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
CPU: 3 UID: 0 PID: 3120 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RSP: 0000:ffff888114a279a8 EFLAGS: 00010096
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RAX: 00000000b8c9dc9e RBX: 00000000b8c9dc9e RCX: ffff88811a3dc9e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
RDX: ffffffffaa4012a6 RSI: 0000000000000003 RDI: 0000000099bcd7db
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RBP: 075200d30000000c R08: ffffffffaf8a3284 R09: ffff888114a27900
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
R10: 00000000b2322418 R11: 000000002c30fd98 R12: 0000000000000001
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
R13: ffff888114a27a00 R14: 000000000000000c R15: 000000000000000c
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
FS: 000055555b109500(0000) GS:ffff88816a8cf000(0000) knlGS:0000000000000000
<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>
R10: 000000000000000e R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000007221 R14: 0000000000000000 R15: 00000000000071f9
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: general protection fault, probably for non-canonical address 0xe1d646401ffff12b: 0000 [#2] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
KASAN: maybe wild-memory-access in range [0x0eb25200ffff8958-0x0eb25200ffff895f]
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
CPU: 1 UID: 0 PID: 3489 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
RIP: 0010:cpuacct_account_field+0x8c/0x110
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
Code: fb 00 bb cf ae 74 5b 48 bd 00 00 00 00 00 fc ff df 48 63 f6 4c 8d 24 f5 00 00 00 00 48 8d bb d8 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 75 41 48 8b 83 d8 00 00 00 48 8d bb b8 00 00 00 4c 01
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RSP: 0018:ffff88811b048c88 EFLAGS: 00010016
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RAX: 01d64a401ffff12b RBX: 0eb25200ffff8881 RCX: 0000000000010000
FS: 0000000000000000(0000) GS:ffff88816a80f000(0000) knlGS:0000000000000000
RDX: 1ffff11022e6cb02 RSI: 0000000000000002 RDI: 0eb25200ffff8959
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed102360919a
CR2: 00007ffd98c09c10 CR3: 00000000ace72000 CR4: 0000000000350ef0
R10: 0000000000015a2a R11: ffff88811b048ff8 R12: 0000000000000010
note: syz-executor[5123] exited with irqs disabled
R13: 00000000000f4240 R14: ffff888104356500 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
Call Trace:
<IRQ>
account_system_index_time+0x113/0x1f0
update_process_times+0x82/0x1f0
tick_nohz_handler+0x5a1/0x710
__hrtimer_run_queues+0x411/0x8a0
hrtimer_interrupt+0x2f4/0x7c0
__sysvec_apic_timer_interrupt+0x88/0x2d0
sysvec_apic_timer_interrupt+0x67/0x80
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x80
Code: 00 e9 6c ff ff ff 4d 01 d7 4d 89 39 e9 ef fd ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <65> 48 8b 15 18 bf d0 05 65 8b 05 29 bf d0 05 a9 00 01 ff 00 74 1d
RSP: 0018:ffff8881031477f0 EFLAGS: 00000216
RAX: ffff888100c74680 RBX: 0000000000001000 RCX: ffffffffaad67b73
RDX: ffff88810150d640 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000000 R09: fffff94000040026
R10: 0000000000000000 R11: ffffea00042a5400 R12: ffffea0000200100
R13: 00007f8f51ecf000 R14: dffffc0000000000 R15: ffffea0000200130
unmap_page_range+0xe53/0x3f40
unmap_single_vma+0x153/0x240
unmap_vmas+0x248/0x530
exit_mmap+0x1ee/0x800
mmput+0x6c/0x320
do_exit+0x7c1/0x28e0
__x64_sys_exit+0x42/0x50
x64_sys_call+0x154f/0x1760
do_syscall_64+0xfc/0x580
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8f52c8777d
Code: Unable to access opcode bytes at 0x7f8f52c87753.
RSP: 002b:00007ffdf12940d8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f8f52c8777d
RDX: 00007f8f52cc859a RSI: 00007ffdf1294100 RDI: 000000000000000b
RBP: 00007ffdf1294740 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000049 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000065 R14: 0000000000000000 R15: 0000000000000001
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Oops: stack segment: 0000 [#3] SMP KASAN NOPTI
RIP: 0010:pick_task_fair+0x89/0x1e0
CPU: 3 UID: 0 PID: 3120 Comm: syz-executor Tainted: G B D W 7.0.0-rc6 #1 PREEMPT(lazy)
Code: c0 0f 84 0c 01 00 00 4d 89 ee eb 6b 4c 89 f7 be 01 00 00 00 e8 c8 14 fe ff 48 8d 78 59 48 89 fa 48 89 f9 48 c1 ea 03 83 e1 07 <42> 0f b6 14 3a 38 ca 7f 08 84 d2 0f 85 ed 00 00 00 80 78 59 00 0f
Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN
RSP: 0018:ffff888110adf330 EFLAGS: 00010002
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
RIP: 0010:stack_depot_save_flags+0x164/0x7f0
RAX: 0000000000000000 RBX: ffff88811b035800 RCX: 0000000000000001
Code: e1 04 48 03 0d 75 8f f0 04 65 ff 05 06 35 e4 04 48 8b 29 48 39 e9 75 12 e9 96 00 00 00 48 8b 6d 00 48 39 e9 0f 84 6c 01 00 00 <39> 5d 10 75 ee 44 3b 7d 14 75 e8 31 c0 48 8b 54 c5 20 49 39 54 c5
RDX: 000000000000000b RSI: 0000000000000001 RDI: 0000000000000059
RSP: 0000:ffff888114a279a8 EFLAGS: 00010096
RBP: ffffed1023606b12 R08: 0000000000000001 R09: ffffed102215be92
RAX: 00000000b8c9dc9e RBX: 00000000b8c9dc9e RCX: ffff88811a3dc9e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88811b035890
RDX: ffffffffaa4012a6 RSI: 0000000000000003 RDI: 0000000099bcd7db
R13: ffff88811b035880 R14: ffff8881173a4000 R15: dffffc0000000000
RBP: 075200d30000000c R08: ffffffffaf8a3284 R09: ffff888114a27900
FS: 0000000000000000(0000) GS:ffff88816a84f000(0000) knlGS:0000000000000000
R10: 00000000b2322418 R11: 000000002c30fd98 R12: 0000000000000001
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
R13: ffff888114a27a00 R14: 000000000000000c R15: 000000000000000c
CR2: 00007ffffffff000 CR3: 0000000104120000 CR4: 0000000000350ef0
FS: 000055555b109500(0000) GS:ffff88816a8cf000(0000) knlGS:0000000000000000
Thanks,
Forrest021