------------[ cut here ]------------
__x64_sys_sendfile64+0x1d5/0x210
WARNING: CPU: 1 PID: 13022 at lib/iov_iter.c:376 _copy_from_iter+0x2bf/0x1200
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f738f1e6b19
Modules linked in:
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f738c75c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f738f2f9f60 RCX: 00007f738f1e6b19
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000007
RBP: 00007f738c75c1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000100000 R11: 0000000000000246 R12: 0000000000000002
CPU: 1 PID: 13022 Comm: syz-executor.3 Not tainted 6.3.0-rc4-next-20230331 #1
R13: 00007ffc5b46f76f R14: 00007f738c75c300 R15: 0000000000022000
syz-executor.4: vmalloc error: size 4416, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
RIP: 0010:_copy_from_iter+0x2bf/0x1200
,cpuset=
Code: 5d 41 5e 41 5f e9 c5 ba 34 02 e8 2c 78 36 ff be 7c 01 00 00 48 c7 c7 60 cb 9e 84 e8 5b 72 5a ff e9 48 fe ff ff e8 11 78 36 ff <0f> 0b 45 31 f6 eb 87 e8 05 78 36 ff 31 ff 89 ee e8 3c 73 36 ff 40
syz4
RSP: 0018:ffff88804a7d7608 EFLAGS: 00010212
,mems_allowed=0
RAX: 00000000000034c2 RBX: 0000000000000000 RCX: ffffc900045ee000
CPU: 0 PID: 13013 Comm: syz-executor.4 Not tainted 6.3.0-rc4-next-20230331 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0xc1/0xf0
RDX: 0000000000040000 RSI: ffffffff82153a5f RDI: 0000000000000001
warn_alloc+0x214/0x370
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88804a7d7838
__vmalloc_node_range+0xbe1/0x1470
R13: ffffea000129c000 R14: 0000000000001000 R15: ffff88804a7d7838
FS: 00007f901874c700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
__vmalloc_node+0xac/0xf0
CR2: 0000001b2c524000 CR3: 00000000471ba000 CR4: 0000000000350ee0
netlink_sendmsg+0x6b1/0xe40
Call Trace:
kernel_sendmsg+0x1ba/0x200
sock_no_sendpage+0x13c/0x1c0
kernel_sendpage.part.0+0x162/0x470
sock_sendpage+0xe7/0x180
pipe_to_sendpage+0x2b3/0x390
copy_page_from_iter+0xe3/0x180
blk_rq_map_user_iov+0xb39/0x16c0
__splice_from_pipe+0x44b/0x890
generic_splice_sendpage+0xd9/0x140
blk_rq_map_user_io+0x1d1/0x200
direct_splice_actor+0x113/0x180
splice_direct_to_actor+0x33a/0x8c0
do_splice_direct+0x1bc/0x290
sg_common_write.constprop.0+0xd8d/0x15f0
do_sendfile+0xb1d/0x12b0
__x64_sys_sendfile64+0x1d5/0x210
sg_write.part.0+0x698/0xac0
do_syscall_64+0x3f/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f738f1e6b19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f738c75c188 EFLAGS: 00000246
ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f738f2f9f60 RCX: 00007f738f1e6b19
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000007
RBP: 00007f738c75c1d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000100000 R11: 0000000000000246 R12: 0000000000000002
R13: 00007ffc5b46f76f R14: 00007f738c75c300 R15: 0000000000022000
Mem-Info:
active_anon:55 inactive_anon:43850 isolated_anon:0
active_file:12169 inactive_file:64033 isolated_file:0
unevictable:0 dirty:278 writeback:0
slab_reclaimable:11723 slab_unreclaimable:60110
mapped:82144 shmem:104 pagetables:2446
sec_pagetables:0 bounce:0
kernel_misc_reclaimable:0
free:143487 free_pcp:652 free_cma:0
Node 0 active_anon:220kB inactive_anon:175400kB active_file:48676kB inactive_file:256132kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:328576kB dirty:1112kB writeback:0kB shmem:416kB writeback_tmp:0kB kernel_stack:5696kB pagetables:9784kB sec_pagetables:0kB all_unreclaimable? no
Node 0 DMA free:15360kB boost:0kB min:44kB low:56kB high:68kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
sg_write+0x8d/0xe0
lowmem_reserve[]: 0
vfs_write+0x2d8/0xdc0
1606 1606
1606
Node 0
DMA32 free:558588kB boost:0kB min:5104kB low:6748kB high:8392kB reserved_highatomic:0KB active_anon:220kB inactive_anon:175400kB active_file:48676kB inactive_file:256132kB unevictable:0kB writepending:1112kB present:2080640kB managed:1655460kB mlocked:0kB bounce:0kB free_pcp:2608kB local_pcp:1828kB free_cma:0kB
ksys_write+0x12b/0x260
lowmem_reserve[]: 0
0 0
0
do_syscall_64+0x3f/0x90
Node 0
entry_SYSCALL_64_after_hwframe+0x72/0xdc
DMA: 0*4kB
RIP: 0033:0x7f901b1d6b19
0*8kB 0*16kB
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f901874c188 EFLAGS: 00000246
0*32kB 0*64kB
ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f901b2e9f60 RCX: 00007f901b1d6b19
0*128kB
RDX: 0000000000000125 RSI: 00000000200003c0 RDI: 0000000000000005
0*256kB 0*512kB
RBP: 00007f901b230f6d R08: 0000000000000000 R09: 0000000000000000
1*1024kB (U)
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc485ccdf R14: 00007f901874c300 R15: 0000000000022000
1*2048kB (M)
3*4096kB (M)
irq event stamp: 2439
hardirqs last enabled at (2447): [] vprintk_emit+0x504/0x560
= 15360kB
Node 0
hardirqs last disabled at (2472): [] sysvec_apic_timer_interrupt+0xf/0x90
softirqs last enabled at (1922): [] __irq_exit_rcu+0xcc/0x110
DMA32: 29*4kB
softirqs last disabled at (1909): [] __irq_exit_rcu+0xcc/0x110
(UE)
---[ end trace 0000000000000000 ]---
125*8kB (UME) 136*16kB (UME) 95*32kB (UME) 21*64kB (UE) 6*128kB (UE) 3*256kB (UE) 3*512kB (UME) 1*1024kB (M) 1*2048kB (U) 133*4096kB (M) = 558588kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
31057 total pagecache pages
0 pages in swap cache
Free swap = 0kB
Total swap = 0kB
524158 pages RAM
0 pages HighMem/MovableOnly
106453 pages reserved
sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
sr 1:0:0:0: [sr0] tag#0 Sense Key : Illegal Request [current]
sr 1:0:0:0: [sr0] tag#0 Add. Sense: Invalid command operation code
sr 1:0:0:0: [sr0] tag#0 CDB: Write(10) 2a 00 00 00 00 00 00 00 10 00
blk_print_req_error: 55 callbacks suppressed
critical target error, dev sr0, sector 0 op 0x1:(WRITE) flags 0x100000 phys_seg 64 prio class 2
buffer_io_error: 8174 callbacks suppressed
Buffer I/O error on dev sr0, logical block 0, lost async page write
Buffer I/O error on dev sr0, logical block 1, lost async page write
Buffer I/O error on dev sr0, logical block 2, lost async page write
Buffer I/O error on dev sr0, logical block 3, lost async page write
Buffer I/O error on dev sr0, logical block 4, lost async page write
Buffer I/O error on dev sr0, logical block 5, lost async page write
Buffer I/O error on dev sr0, logical block 6, lost async page write
Buffer I/O error on dev sr0, logical block 7, lost async page write
Buffer I/O error on dev sr0, logical block 8, lost async page write
Buffer I/O error on dev sr0, logical block 9, lost async page write
----------------
Code disassembly (best guess), 1 bytes skipped:
0: ff c3 inc %ebx
2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 40 00 nopl 0x0(%rax)
10: 48 89 f8 mov %rdi,%rax
13: 48 89 f7 mov %rsi,%rdi
16: 48 89 d6 mov %rdx,%rsi
19: 48 89 ca mov %rcx,%rdx
1c: 4d 89 c2 mov %r8,%r10
1f: 4d 89 c8 mov %r9,%r8
22: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
27: 0f 05 syscall
* 29: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
2f: 73 01 jae 0x32
31: c3 retq
32: 48 c7 c1 bc ff ff ff mov $0xffffffffffffffbc,%rcx
39: f7 d8 neg %eax
3b: 64 89 01 mov %eax,%fs:(%rcx)
3e: 48 rex.W