./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3595280514
<...>
Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts.
execve("./syz-executor3595280514", ["./syz-executor3595280514"], 0x7ffe894a7ea0 /* 10 vars */) = 0
brk(NULL) = 0x555557310000
brk(0x555557310d00) = 0x555557310d00
arch_prctl(ARCH_SET_FS, 0x555557310380) = 0
set_tid_address(0x555557310650) = 5064
set_robust_list(0x555557310660, 24) = 0
rseq(0x555557310ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3595280514", 4096) = 28
getrandom("\xfc\x00\x69\xb7\x8b\xec\x6d\x39", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555557310d00
brk(0x555557331d00) = 0x555557331d00
brk(0x555557332000) = 0x555557332000
mprotect(0x7f701f388000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3
socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) = 4
ioctl(4, SIOCGIFINDEX, {ifr_name="ip6tnl0", ifr_ifindex=21}) = 0
[ 57.154164][ T5064] BUG: Bad page state in process syz-executor359 pfn:2a60b
[ 57.161523][ T5064] page:ffffea0000a982c0 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2a60b
[ 57.171971][ T5064] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[ 57.179138][ T5064] page_type: 0xfffffdff(table)
[ 57.183894][ T5064] raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
[ 57.192556][ T5064] raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
[ 57.201203][ T5064] page dumped because: nonzero mapcount
[ 57.206783][ T5064] page_owner tracks the page as allocated
[ 57.212644][ T5064] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 34, tgid 34 (kworker/u8:2), ts 10977406208, free_ts 0
[ 57.229352][ T5064] post_alloc_hook+0x1ea/0x210
[ 57.234149][ T5064] get_page_from_freelist+0x34eb/0x3680
[ 57.240003][ T5064] __alloc_pages+0x256/0x680
[ 57.245495][ T5064] alloc_pages_mpol+0x3e8/0x680
[ 57.250375][ T5064] __pte_alloc_kernel+0x7b/0x430
[ 57.255378][ T5064] __vmap_pages_range_noflush+0x769/0xb50
[ 57.261113][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 57.266536][ T5064] dup_task_struct+0x3e9/0x7d0
[ 57.271310][ T5064] copy_process+0x5d6/0x3db0
[ 57.275929][ T5064] kernel_clone+0x21e/0x8d0
[ 57.280443][ T5064] user_mode_thread+0x132/0x1a0
[ 57.285338][ T5064] call_usermodehelper_exec_work+0x5c/0x230
[ 57.291235][ T5064] process_scheduled_works+0x9d7/0x1730
[ 57.296806][ T5064] worker_thread+0x86d/0xd70
[ 57.301400][ T5064] kthread+0x2f0/0x390
[ 57.305514][ T5064] ret_from_fork+0x4b/0x80
[ 57.309940][ T5064] page_owner free stack trace missing
[ 57.315572][ T5064] Modules linked in:
[ 57.319488][ T5064] CPU: 1 PID: 5064 Comm: syz-executor359 Not tainted 6.8.0-rc3-next-20240205-syzkaller #0
[ 57.329374][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 57.339438][ T5064] Call Trace:
[ 57.342708][ T5064]
[ 57.345628][ T5064] dump_stack_lvl+0x1e7/0x2e0
[ 57.350310][ T5064] ? __pfx_dump_stack_lvl+0x10/0x10
[ 57.355498][ T5064] ? __pfx_print_modules+0x10/0x10
[ 57.360608][ T5064] ? dump_page+0x99f/0x1070
[ 57.365115][ T5064] bad_page+0x14c/0x170
[ 57.369268][ T5064] free_unref_page_prepare+0xa33/0xa90
[ 57.374725][ T5064] free_unref_page+0x37/0x3f0
[ 57.379414][ T5064] ? __virt_addr_valid+0x183/0x520
[ 57.384548][ T5064] pmd_free_pte_page+0x14e/0x1a0
[ 57.389501][ T5064] ? __pfx_pmd_free_pte_page+0x10/0x10
[ 57.394976][ T5064] vmap_range_noflush+0x5fc/0xbe0
[ 57.400034][ T5064] ? __pfx_vmap_range_noflush+0x10/0x10
[ 57.405585][ T5064] __vmap_pages_range_noflush+0x96c/0xb50
[ 57.411313][ T5064] ? __pfx___might_resched+0x10/0x10
[ 57.416590][ T5064] ? page_ext_get+0x20/0x2a0
[ 57.421176][ T5064] ? __pfx___vmap_pages_range_noflush+0x10/0x10
[ 57.427414][ T5064] ? __folio_memcg+0x63/0x170
[ 57.432083][ T5064] ? split_page+0x1c3/0x240
[ 57.436588][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 57.441977][ T5064] ? __pfx___vmalloc_node_range+0x10/0x10
[ 57.447686][ T5064] ? rcu_is_watching+0x15/0xb0
[ 57.452446][ T5064] ? trace_kmalloc+0x1f/0xb0
[ 57.457029][ T5064] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[ 57.463280][ T5064] ? kvmalloc_node+0x72/0x190
[ 57.467952][ T5064] kvmalloc_node+0x142/0x190
[ 57.472532][ T5064] ? fq_pie_init+0x429/0x820
[ 57.477116][ T5064] fq_pie_init+0x429/0x820
[ 57.481527][ T5064] ? qdisc_lookup+0x350/0x6b0
[ 57.486197][ T5064] ? __pfx_fq_pie_init+0x10/0x10
[ 57.491126][ T5064] qdisc_create+0x9d4/0x1190
[ 57.495724][ T5064] ? __pfx_qdisc_create+0x10/0x10
[ 57.500833][ T5064] tc_modify_qdisc+0xa26/0x1e40
[ 57.505694][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 57.510989][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 57.516266][ T5064] rtnetlink_rcv_msg+0x885/0x1040
[ 57.521287][ T5064] ? rtnetlink_rcv_msg+0x208/0x1040
[ 57.526480][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 57.531934][ T5064] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 57.538083][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 57.543271][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 57.548470][ T5064] ? mark_lock+0x9a/0x350
[ 57.552787][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 57.557977][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 57.563001][ T5064] ? mark_lock+0x9a/0x350
[ 57.567330][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 57.572361][ T5064] netlink_rcv_skb+0x1e3/0x430
[ 57.577122][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 57.582574][ T5064] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 57.587868][ T5064] ? netlink_deliver_tap+0x2e/0x1b0
[ 57.593063][ T5064] netlink_unicast+0x7ea/0x980
[ 57.597828][ T5064] ? __pfx_netlink_unicast+0x10/0x10
[ 57.603103][ T5064] ? __virt_addr_valid+0x44e/0x520
[ 57.608210][ T5064] ? __phys_addr_symbol+0x2f/0x70
[ 57.613228][ T5064] ? __check_object_size+0x4bc/0xa00
[ 57.618505][ T5064] ? bpf_lsm_netlink_send+0x9/0x10
[ 57.623614][ T5064] netlink_sendmsg+0xa3c/0xd70
[ 57.628383][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 57.633663][ T5064] ? __import_iovec+0x552/0x890
[ 57.638514][ T5064] ? aa_sock_msg_perm+0x91/0x160
[ 57.643453][ T5064] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 57.648985][ T5064] ? security_socket_sendmsg+0x87/0xb0
[ 57.654437][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 57.659720][ T5064] __sock_sendmsg+0x221/0x270
[ 57.664396][ T5064] ____sys_sendmsg+0x525/0x7d0
[ 57.669159][ T5064] ? __pfx_____sys_sendmsg+0x10/0x10
[ 57.674440][ T5064] ? do_raw_spin_lock+0x14f/0x370
[ 57.679468][ T5064] __sys_sendmsg+0x2b0/0x3a0
[ 57.684050][ T5064] ? __pfx___sys_sendmsg+0x10/0x10
[ 57.689161][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 57.695506][ T5064] ? _raw_spin_unlock_irq+0x2e/0x50
[ 57.700692][ T5064] ? ptrace_notify+0x279/0x380
[ 57.705460][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 57.711785][ T5064] ? do_syscall_64+0x10a/0x240
[ 57.716541][ T5064] ? syscall_trace_enter+0x5f/0x150
[ 57.721729][ T5064] do_syscall_64+0xfb/0x240
[ 57.726227][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 57.732111][ T5064] RIP: 0033:0x7f701f315469
[ 57.736516][ T5064] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 57.756110][ T5064] RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.764516][ T5064] RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
[ 57.772477][ T5064] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 57.780438][ T5064] RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
[ 57.788401][ T5064] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 57.796362][ T5064] R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
[ 57.804337][ T5064]
[ 57.808001][ T5064] Disabling lock debugging due to kernel taint
[ 57.814180][ T5064] BUG: Bad page state in process syz-executor359 pfn:2ac6f
[ 57.821488][ T5064] page:ffffea0000ab1bc0 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2ac6f
[ 57.831933][ T5064] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[ 57.839157][ T5064] page_type: 0xfffffdff(table)
[ 57.843902][ T5064] raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
[ 57.852508][ T5064] raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
[ 57.861096][ T5064] page dumped because: nonzero mapcount
[ 57.866672][ T5064] page_owner tracks the page as allocated
[ 57.872377][ T5064] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 11, tgid 11 (kworker/u8:1), ts 11000185391, free_ts 0
[ 57.889068][ T5064] post_alloc_hook+0x1ea/0x210
[ 57.893833][ T5064] get_page_from_freelist+0x34eb/0x3680
[ 57.899401][ T5064] __alloc_pages+0x256/0x680
[ 57.903991][ T5064] alloc_pages_mpol+0x3e8/0x680
[ 57.908867][ T5064] __pte_alloc_kernel+0x7b/0x430
[ 57.913803][ T5064] __vmap_pages_range_noflush+0x769/0xb50
[ 57.919549][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 57.924915][ T5064] dup_task_struct+0x3e9/0x7d0
[ 57.929731][ T5064] copy_process+0x5d6/0x3db0
[ 57.934323][ T5064] kernel_clone+0x21e/0x8d0
[ 57.938847][ T5064] user_mode_thread+0x132/0x1a0
[ 57.943695][ T5064] call_usermodehelper_exec_work+0x5c/0x230
[ 57.949610][ T5064] process_scheduled_works+0x9d7/0x1730
[ 57.955184][ T5064] worker_thread+0x86d/0xd70
[ 57.959763][ T5064] kthread+0x2f0/0x390
[ 57.963808][ T5064] ret_from_fork+0x4b/0x80
[ 57.968244][ T5064] page_owner free stack trace missing
[ 57.973601][ T5064] Modules linked in:
[ 57.977505][ T5064] CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G B 6.8.0-rc3-next-20240205-syzkaller #0
[ 57.988871][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 57.998904][ T5064] Call Trace:
[ 58.002161][ T5064]
[ 58.005074][ T5064] dump_stack_lvl+0x1e7/0x2e0
[ 58.009734][ T5064] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.014908][ T5064] ? __pfx_print_modules+0x10/0x10
[ 58.020000][ T5064] ? dump_page+0x99f/0x1070
[ 58.024483][ T5064] bad_page+0x14c/0x170
[ 58.028617][ T5064] free_unref_page_prepare+0xa33/0xa90
[ 58.034058][ T5064] free_unref_page+0x37/0x3f0
[ 58.038710][ T5064] ? __virt_addr_valid+0x183/0x520
[ 58.043801][ T5064] pmd_free_pte_page+0x14e/0x1a0
[ 58.048724][ T5064] ? __pfx_pmd_free_pte_page+0x10/0x10
[ 58.054178][ T5064] vmap_range_noflush+0x5fc/0xbe0
[ 58.059206][ T5064] ? __pfx_vmap_range_noflush+0x10/0x10
[ 58.064747][ T5064] __vmap_pages_range_noflush+0x96c/0xb50
[ 58.070460][ T5064] ? __pfx___might_resched+0x10/0x10
[ 58.075730][ T5064] ? page_ext_get+0x20/0x2a0
[ 58.080309][ T5064] ? __pfx___vmap_pages_range_noflush+0x10/0x10
[ 58.086537][ T5064] ? __folio_memcg+0x63/0x170
[ 58.091199][ T5064] ? split_page+0x1c3/0x240
[ 58.095691][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 58.101059][ T5064] ? __pfx___vmalloc_node_range+0x10/0x10
[ 58.106761][ T5064] ? rcu_is_watching+0x15/0xb0
[ 58.111508][ T5064] ? trace_kmalloc+0x1f/0xb0
[ 58.116087][ T5064] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[ 58.122317][ T5064] ? kvmalloc_node+0x72/0x190
[ 58.126981][ T5064] kvmalloc_node+0x142/0x190
[ 58.131556][ T5064] ? fq_pie_init+0x429/0x820
[ 58.136135][ T5064] fq_pie_init+0x429/0x820
[ 58.140544][ T5064] ? qdisc_lookup+0x350/0x6b0
[ 58.145210][ T5064] ? __pfx_fq_pie_init+0x10/0x10
[ 58.150136][ T5064] qdisc_create+0x9d4/0x1190
[ 58.154718][ T5064] ? __pfx_qdisc_create+0x10/0x10
[ 58.159734][ T5064] tc_modify_qdisc+0xa26/0x1e40
[ 58.164578][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 58.169860][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 58.175134][ T5064] rtnetlink_rcv_msg+0x885/0x1040
[ 58.180150][ T5064] ? rtnetlink_rcv_msg+0x208/0x1040
[ 58.185338][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 58.190785][ T5064] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 58.196929][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.202113][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.207307][ T5064] ? mark_lock+0x9a/0x350
[ 58.211642][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.216849][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 58.221881][ T5064] ? mark_lock+0x9a/0x350
[ 58.226205][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 58.231219][ T5064] netlink_rcv_skb+0x1e3/0x430
[ 58.235976][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 58.241430][ T5064] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 58.246714][ T5064] ? netlink_deliver_tap+0x2e/0x1b0
[ 58.251904][ T5064] netlink_unicast+0x7ea/0x980
[ 58.256660][ T5064] ? __pfx_netlink_unicast+0x10/0x10
[ 58.261933][ T5064] ? __virt_addr_valid+0x44e/0x520
[ 58.267037][ T5064] ? __phys_addr_symbol+0x2f/0x70
[ 58.272051][ T5064] ? __check_object_size+0x4bc/0xa00
[ 58.277326][ T5064] ? bpf_lsm_netlink_send+0x9/0x10
[ 58.282429][ T5064] netlink_sendmsg+0xa3c/0xd70
[ 58.287189][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 58.292465][ T5064] ? __import_iovec+0x552/0x890
[ 58.297310][ T5064] ? aa_sock_msg_perm+0x91/0x160
[ 58.302235][ T5064] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 58.307506][ T5064] ? security_socket_sendmsg+0x87/0xb0
[ 58.312949][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 58.318225][ T5064] __sock_sendmsg+0x221/0x270
[ 58.322892][ T5064] ____sys_sendmsg+0x525/0x7d0
[ 58.327648][ T5064] ? __pfx_____sys_sendmsg+0x10/0x10
[ 58.332918][ T5064] ? do_raw_spin_lock+0x14f/0x370
[ 58.337935][ T5064] __sys_sendmsg+0x2b0/0x3a0
[ 58.342513][ T5064] ? __pfx___sys_sendmsg+0x10/0x10
[ 58.347617][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 58.353939][ T5064] ? _raw_spin_unlock_irq+0x2e/0x50
[ 58.359125][ T5064] ? ptrace_notify+0x279/0x380
[ 58.363882][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 58.370200][ T5064] ? do_syscall_64+0x10a/0x240
[ 58.374960][ T5064] ? syscall_trace_enter+0x5f/0x150
[ 58.380144][ T5064] do_syscall_64+0xfb/0x240
[ 58.384636][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 58.390517][ T5064] RIP: 0033:0x7f701f315469
[ 58.394916][ T5064] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 58.414532][ T5064] RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 58.422939][ T5064] RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
[ 58.430901][ T5064] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 58.438858][ T5064] RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
[ 58.446818][ T5064] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 58.454775][ T5064] R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
[ 58.462737][ T5064]
[ 58.466071][ T5064] BUG: Bad page state in process syz-executor359 pfn:2af65
[ 58.473358][ T5064] page:ffffea0000abd940 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2af65
[ 58.483803][ T5064] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[ 58.490954][ T5064] page_type: 0xfffffdff(table)
[ 58.495751][ T5064] raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
[ 58.504324][ T5064] raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
[ 58.512926][ T5064] page dumped because: nonzero mapcount
[ 58.518486][ T5064] page_owner tracks the page as allocated
[ 58.524193][ T5064] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 2472, tgid 2472 (kworker/u8:7), ts 11021270716, free_ts 0
[ 58.541239][ T5064] post_alloc_hook+0x1ea/0x210
[ 58.546027][ T5064] get_page_from_freelist+0x34eb/0x3680
[ 58.551557][ T5064] __alloc_pages+0x256/0x680
[ 58.556170][ T5064] alloc_pages_mpol+0x3e8/0x680
[ 58.561020][ T5064] __pte_alloc_kernel+0x7b/0x430
[ 58.565973][ T5064] __vmap_pages_range_noflush+0x769/0xb50
[ 58.571691][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 58.577090][ T5064] dup_task_struct+0x3e9/0x7d0
[ 58.581851][ T5064] copy_process+0x5d6/0x3db0
[ 58.586459][ T5064] kernel_clone+0x21e/0x8d0
[ 58.590962][ T5064] user_mode_thread+0x132/0x1a0
[ 58.595843][ T5064] call_usermodehelper_exec_work+0x5c/0x230
[ 58.601733][ T5064] process_scheduled_works+0x9d7/0x1730
[ 58.607290][ T5064] worker_thread+0x86d/0xd70
[ 58.611878][ T5064] kthread+0x2f0/0x390
[ 58.615988][ T5064] ret_from_fork+0x4b/0x80
[ 58.620411][ T5064] page_owner free stack trace missing
[ 58.625797][ T5064] Modules linked in:
[ 58.629691][ T5064] CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G B 6.8.0-rc3-next-20240205-syzkaller #0
[ 58.641028][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 58.651058][ T5064] Call Trace:
[ 58.654315][ T5064]
[ 58.657225][ T5064] dump_stack_lvl+0x1e7/0x2e0
[ 58.661884][ T5064] ? __pfx_dump_stack_lvl+0x10/0x10
[ 58.667062][ T5064] ? __pfx_print_modules+0x10/0x10
[ 58.672152][ T5064] ? dump_page+0x99f/0x1070
[ 58.676633][ T5064] bad_page+0x14c/0x170
[ 58.680765][ T5064] free_unref_page_prepare+0xa33/0xa90
[ 58.686204][ T5064] free_unref_page+0x37/0x3f0
[ 58.690857][ T5064] ? __virt_addr_valid+0x183/0x520
[ 58.695949][ T5064] pmd_free_pte_page+0x14e/0x1a0
[ 58.700866][ T5064] ? __pfx_pmd_free_pte_page+0x10/0x10
[ 58.706306][ T5064] vmap_range_noflush+0x5fc/0xbe0
[ 58.711316][ T5064] ? __pfx_vmap_range_noflush+0x10/0x10
[ 58.716844][ T5064] __vmap_pages_range_noflush+0x96c/0xb50
[ 58.722547][ T5064] ? __pfx___might_resched+0x10/0x10
[ 58.727808][ T5064] ? page_ext_get+0x20/0x2a0
[ 58.732376][ T5064] ? __pfx___vmap_pages_range_noflush+0x10/0x10
[ 58.738601][ T5064] ? __folio_memcg+0x63/0x170
[ 58.743267][ T5064] ? split_page+0x1c3/0x240
[ 58.747761][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 58.753128][ T5064] ? __pfx___vmalloc_node_range+0x10/0x10
[ 58.758831][ T5064] ? rcu_is_watching+0x15/0xb0
[ 58.763578][ T5064] ? trace_kmalloc+0x1f/0xb0
[ 58.768158][ T5064] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[ 58.774388][ T5064] ? kvmalloc_node+0x72/0x190
[ 58.779050][ T5064] kvmalloc_node+0x142/0x190
[ 58.783627][ T5064] ? fq_pie_init+0x429/0x820
[ 58.788204][ T5064] fq_pie_init+0x429/0x820
[ 58.792607][ T5064] ? qdisc_lookup+0x350/0x6b0
[ 58.797276][ T5064] ? __pfx_fq_pie_init+0x10/0x10
[ 58.802201][ T5064] qdisc_create+0x9d4/0x1190
[ 58.806783][ T5064] ? __pfx_qdisc_create+0x10/0x10
[ 58.811796][ T5064] tc_modify_qdisc+0xa26/0x1e40
[ 58.816637][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 58.821917][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 58.827193][ T5064] rtnetlink_rcv_msg+0x885/0x1040
[ 58.832205][ T5064] ? rtnetlink_rcv_msg+0x208/0x1040
[ 58.837394][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 58.842842][ T5064] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 58.848987][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.854172][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.859361][ T5064] ? mark_lock+0x9a/0x350
[ 58.863676][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 58.868862][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 58.873875][ T5064] ? mark_lock+0x9a/0x350
[ 58.878192][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 58.883206][ T5064] netlink_rcv_skb+0x1e3/0x430
[ 58.887960][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 58.893408][ T5064] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 58.898686][ T5064] ? netlink_deliver_tap+0x2e/0x1b0
[ 58.903872][ T5064] netlink_unicast+0x7ea/0x980
[ 58.908626][ T5064] ? __pfx_netlink_unicast+0x10/0x10
[ 58.913900][ T5064] ? __virt_addr_valid+0x44e/0x520
[ 58.918999][ T5064] ? __phys_addr_symbol+0x2f/0x70
[ 58.924013][ T5064] ? __check_object_size+0x4bc/0xa00
[ 58.929288][ T5064] ? bpf_lsm_netlink_send+0x9/0x10
[ 58.934389][ T5064] netlink_sendmsg+0xa3c/0xd70
[ 58.939148][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 58.944425][ T5064] ? __import_iovec+0x552/0x890
[ 58.949353][ T5064] ? aa_sock_msg_perm+0x91/0x160
[ 58.954282][ T5064] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 58.959548][ T5064] ? security_socket_sendmsg+0x87/0xb0
[ 58.964992][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 58.970268][ T5064] __sock_sendmsg+0x221/0x270
[ 58.974938][ T5064] ____sys_sendmsg+0x525/0x7d0
[ 58.979724][ T5064] ? __pfx_____sys_sendmsg+0x10/0x10
[ 58.984998][ T5064] ? do_raw_spin_lock+0x14f/0x370
[ 58.990018][ T5064] __sys_sendmsg+0x2b0/0x3a0
[ 58.994594][ T5064] ? __pfx___sys_sendmsg+0x10/0x10
[ 58.999698][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.006021][ T5064] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.011204][ T5064] ? ptrace_notify+0x279/0x380
[ 59.015963][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.022279][ T5064] ? do_syscall_64+0x10a/0x240
[ 59.027030][ T5064] ? syscall_trace_enter+0x5f/0x150
[ 59.032220][ T5064] do_syscall_64+0xfb/0x240
[ 59.036710][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 59.042592][ T5064] RIP: 0033:0x7f701f315469
[ 59.046992][ T5064] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 59.066581][ T5064] RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 59.074977][ T5064] RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
[ 59.082936][ T5064] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
[ 59.090893][ T5064] RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
[ 59.098849][ T5064] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
[ 59.106803][ T5064] R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
[ 59.114761][ T5064]
[ 59.118131][ T5064] BUG: Bad page state in process syz-executor359 pfn:2ae92
[ 59.125457][ T5064] page:ffffea0000aba480 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2ae92
[ 59.135912][ T5064] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[ 59.143024][ T5064] page_type: 0xfffffdff(table)
[ 59.147809][ T5064] raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
[ 59.156432][ T5064] raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
[ 59.165001][ T5064] page dumped because: nonzero mapcount
[ 59.170555][ T5064] page_owner tracks the page as allocated
[ 59.176299][ T5064] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 1162, tgid 1162 (kworker/u8:6), ts 11100973115, free_ts 11080079170
[ 59.194199][ T5064] post_alloc_hook+0x1ea/0x210
[ 59.198988][ T5064] get_page_from_freelist+0x34eb/0x3680
[ 59.204537][ T5064] __alloc_pages+0x256/0x680
[ 59.209172][ T5064] alloc_pages_mpol+0x3e8/0x680
[ 59.214036][ T5064] __pte_alloc_kernel+0x7b/0x430
[ 59.219011][ T5064] __vmap_pages_range_noflush+0x769/0xb50
[ 59.224739][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 59.230140][ T5064] dup_task_struct+0x3e9/0x7d0
[ 59.234904][ T5064] copy_process+0x5d6/0x3db0
[ 59.239533][ T5064] kernel_clone+0x21e/0x8d0
[ 59.244037][ T5064] user_mode_thread+0x132/0x1a0
[ 59.248910][ T5064] call_usermodehelper_exec_work+0x5c/0x230
[ 59.254812][ T5064] process_scheduled_works+0x9d7/0x1730
[ 59.260418][ T5064] worker_thread+0x86d/0xd70
[ 59.265036][ T5064] kthread+0x2f0/0x390
[ 59.269111][ T5064] ret_from_fork+0x4b/0x80
[ 59.273547][ T5064] page last free pid 49 tgid 49 stack trace:
[ 59.279581][ T5064] free_unref_page_prepare+0x968/0xa90
[ 59.285084][ T5064] free_unref_page+0x37/0x3f0
[ 59.289748][ T5064] vfree+0x186/0x2e0
[ 59.293620][ T5064] delayed_vfree_work+0x56/0x80
[ 59.298506][ T5064] process_scheduled_works+0x9d7/0x1730
[ 59.304050][ T5064] worker_thread+0x86d/0xd70
[ 59.308660][ T5064] kthread+0x2f0/0x390
[ 59.312732][ T5064] ret_from_fork+0x4b/0x80
[ 59.317181][ T5064] ret_from_fork_asm+0x1a/0x30
[ 59.321949][ T5064] Modules linked in:
[ 59.325863][ T5064] CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G B 6.8.0-rc3-next-20240205-syzkaller #0
[ 59.337227][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 59.347262][ T5064] Call Trace:
[ 59.350523][ T5064]
[ 59.353435][ T5064] dump_stack_lvl+0x1e7/0x2e0
[ 59.358096][ T5064] ? __pfx_dump_stack_lvl+0x10/0x10
[ 59.363280][ T5064] ? __pfx_print_modules+0x10/0x10
[ 59.368374][ T5064] ? dump_page+0x99f/0x1070
[ 59.372858][ T5064] bad_page+0x14c/0x170
[ 59.377000][ T5064] free_unref_page_prepare+0xa33/0xa90
[ 59.382454][ T5064] free_unref_page+0x37/0x3f0
[ 59.387119][ T5064] ? __virt_addr_valid+0x183/0x520
[ 59.392225][ T5064] pmd_free_pte_page+0x14e/0x1a0
[ 59.397160][ T5064] ? __pfx_pmd_free_pte_page+0x10/0x10
[ 59.402614][ T5064] vmap_range_noflush+0x5fc/0xbe0
[ 59.407639][ T5064] ? __pfx_vmap_range_noflush+0x10/0x10
[ 59.413179][ T5064] __vmap_pages_range_noflush+0x96c/0xb50
[ 59.418914][ T5064] ? __pfx___might_resched+0x10/0x10
[ 59.424203][ T5064] ? page_ext_get+0x20/0x2a0
[ 59.428796][ T5064] ? __pfx___vmap_pages_range_noflush+0x10/0x10
[ 59.435035][ T5064] ? __folio_memcg+0x63/0x170
[ 59.439699][ T5064] ? split_page+0x1c3/0x240
[ 59.444198][ T5064] __vmalloc_node_range+0x104d/0x14a0
[ 59.449575][ T5064] ? __pfx___vmalloc_node_range+0x10/0x10
[ 59.455281][ T5064] ? rcu_is_watching+0x15/0xb0
[ 59.460030][ T5064] ? trace_kmalloc+0x1f/0xb0
[ 59.464607][ T5064] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[ 59.470839][ T5064] ? kvmalloc_node+0x72/0x190
[ 59.475505][ T5064] kvmalloc_node+0x142/0x190
[ 59.480083][ T5064] ? fq_pie_init+0x429/0x820
[ 59.484661][ T5064] fq_pie_init+0x429/0x820
[ 59.489072][ T5064] ? qdisc_lookup+0x350/0x6b0
[ 59.493733][ T5064] ? __pfx_fq_pie_init+0x10/0x10
[ 59.498657][ T5064] qdisc_create+0x9d4/0x1190
[ 59.503238][ T5064] ? __pfx_qdisc_create+0x10/0x10
[ 59.508253][ T5064] tc_modify_qdisc+0xa26/0x1e40
[ 59.513095][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 59.518375][ T5064] ? __pfx_tc_modify_qdisc+0x10/0x10
[ 59.523651][ T5064] rtnetlink_rcv_msg+0x885/0x1040
[ 59.528666][ T5064] ? rtnetlink_rcv_msg+0x208/0x1040
[ 59.533853][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 59.539300][ T5064] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 59.545443][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 59.550628][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 59.555816][ T5064] ? mark_lock+0x9a/0x350
[ 59.560132][ T5064] ? __pfx_validate_chain+0x10/0x10
[ 59.565315][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 59.570328][ T5064] ? mark_lock+0x9a/0x350
[ 59.574644][ T5064] ? __lock_acquire+0x1346/0x1fd0
[ 59.579658][ T5064] netlink_rcv_skb+0x1e3/0x430
[ 59.584416][ T5064] ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 59.589863][ T5064] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 59.595148][ T5064] ? netlink_deliver_tap+0x2e/0x1b0
[ 59.600338][ T5064] netlink_unicast+0x7ea/0x980
[ 59.605096][ T5064] ? __pfx_netlink_unicast+0x10/0x10
[ 59.610367][ T5064] ? __virt_addr_valid+0x44e/0x520
[ 59.615473][ T5064] ? __phys_addr_symbol+0x2f/0x70
[ 59.620486][ T5064] ? __check_object_size+0x4bc/0xa00
[ 59.625760][ T5064] ? bpf_lsm_netlink_send+0x9/0x10
[ 59.630862][ T5064] netlink_sendmsg+0xa3c/0xd70
[ 59.635625][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 59.640900][ T5064] ? __import_iovec+0x552/0x890
[ 59.645740][ T5064] ? aa_sock_msg_perm+0x91/0x160
[ 59.650670][ T5064] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 59.655940][ T5064] ? security_socket_sendmsg+0x87/0xb0
[ 59.661389][ T5064] ? __pfx_netlink_sendmsg+0x10/0x10
[ 59.666662][ T5064] __sock_sendmsg+0x221/0x270
[ 59.671332][ T5064] ____sys_sendmsg+0x525/0x7d0
[ 59.676086][ T5064] ? __pfx_____sys_sendmsg+0x10/0x10
[ 59.681358][ T5064] ? do_raw_spin_lock+0x14f/0x370
[ 59.686385][ T5064] __sys_sendmsg+0x2b0/0x3a0
[ 59.690961][ T5064] ? __pfx___sys_sendmsg+0x10/0x10
[ 59.696061][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.702387][ T5064] ? _raw_spin_unlock_irq+0x2e/0x50
[ 59.707570][ T5064] ? ptrace_notify+0x279/0x380
[ 59.712327][ T5064] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 59.718644][ T5064] ? do_syscall_64+0x10a/0x240
[ 59.723401][ T5064] ? syscall_trace_enter+0x5f/0x150
[ 59.728586][ T5064] do_syscall_64+0xfb/0x240
[ 59.733082][ T5064] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 59.738963][ T5064] RIP: 0033:0x7f701f315469
[ 59.743365][ T5064] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\x3c\x00\x00\x00\x24\x00\x0b\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x0b\x00\x01\x00\x66\x71\x5f\x70\x69\x65\x00\x00\x0c\x00\x02\x80\x08\x00\x02\x00\x9d\xf9\x00\x00", iov_len=60}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 60
exit_group(0) = ?
+++ exited with 0 +++
[ 59.762962][ T5064] RSP: 002b:00007ffdcbd503