Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[ 8.851518][ T22] audit: type=1400 audit(1583211260.026:10): avc: denied { watch } for pid=1791 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 8.859437][ T22] audit: type=1400 audit(1583211260.026:11): avc: denied { watch } for pid=1791 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2280 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 11.172199][ T22] audit: type=1400 audit(1583211262.346:12): avc: denied { map } for pid=1869 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.113' (ECDSA) to the list of known hosts. executing program [ 17.191866][ T22] audit: type=1400 audit(1583211268.366:13): avc: denied { map } for pid=1881 comm="syz-executor111" path="/root/syz-executor111083082" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 17.207718][ T22] audit: type=1400 audit(1583211268.376:14): avc: denied { prog_load } for pid=1883 comm="syz-executor111" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 17.213067][ T22] audit: type=1400 audit(1583211268.386:15): avc: denied { prog_run } for pid=1883 comm="syz-executor111" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 17.213250][ T1883] ------------[ cut here ]------------ [ 17.241719][ T1883] Illegal XDP return value 4294967274, expect packet loss! [ 17.248999][ T1883] WARNING: CPU: 0 PID: 1883 at net/core/filter.c:6909 bpf_warn_invalid_xdp_action+0x5a/0x60 [ 17.259150][ T1883] Modules linked in: [ 17.263017][ T1883] CPU: 0 PID: 1883 Comm: syz-executor111 Not tainted 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 17.273143][ T1883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 17.283185][ T1883] RIP: 0010:bpf_warn_invalid_xdp_action+0x5a/0x60 [ 17.289582][ T1883] Code: e8 eb 29 5e fe 83 fb 04 48 c7 c0 73 78 56 84 48 c7 c6 7b 78 56 84 48 0f 47 f0 48 c7 c7 46 78 56 84 89 da 31 c0 e8 16 f8 34 fe <0f> 0b eb bc 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 4c 89 [ 17.309155][ T1883] RSP: 0018:ffff8881cfd07728 EFLAGS: 00010246 [ 17.315195][ T1883] RAX: c48abe47afe90900 RBX: 00000000ffffffea RCX: ffff8881d3216740 [ 17.323146][ T1883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 17.331091][ T1883] RBP: ffff8881cfd07730 R08: ffffffff812d0af0 R09: ffffed103b743e92 [ 17.339033][ T1883] R10: ffffed103b743e92 R11: 0000000000000000 R12: 00000000ffffffea [ 17.346992][ T1883] R13: ffff8881cfd28840 R14: dffffc0000000000 R15: ffffc900004fc000 [ 17.355521][ T1883] FS: 00000000015b0880(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 17.364439][ T1883] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 17.371068][ T1883] CR2: 000000002062b000 CR3: 00000001d317d006 CR4: 00000000001606f0 [ 17.379067][ T1883] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 17.387049][ T1883] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 17.394992][ T1883] Call Trace: [ 17.398254][ T1883] tun_xdp_act+0x1b6/0x740 [ 17.402641][ T1883] ? __kasan_check_write+0x14/0x20 [ 17.407739][ T1883] ? copyin+0x92/0xb0 [ 17.411691][ T1883] ? tun_flow_update+0x870/0x870 [ 17.416618][ T1883] ? bpf_prog_b160932daadeb384+0x7c0/0x1000 [ 17.422497][ T1883] tun_get_user+0x1cce/0x3d10 [ 17.427153][ T1883] ? tun_do_read+0x1f10/0x1f10 [ 17.431901][ T1883] ? netlink_detachskb+0x60/0x60 [ 17.436825][ T1883] ? put_pid+0x82/0xe0 [ 17.440865][ T1883] ? netlink_sendmsg+0xa28/0xd40 [ 17.445775][ T1883] ? __rcu_read_lock+0x50/0x50 [ 17.450508][ T1883] ? netlink_getsockopt+0x900/0x900 [ 17.455723][ T1883] tun_chr_write_iter+0x134/0x1c0 [ 17.460734][ T1883] do_iter_readv_writev+0x5fa/0x890 [ 17.465907][ T1883] ? vfs_dedupe_file_range+0xa00/0xa00 [ 17.471388][ T1883] ? security_file_permission+0x157/0x350 [ 17.477084][ T1883] ? rw_verify_area+0x1c2/0x360 [ 17.481968][ T1883] do_iter_write+0x180/0x590 [ 17.486580][ T1883] do_writev+0x2cd/0x560 [ 17.490797][ T1883] ? do_readv+0x400/0x400 [ 17.495136][ T1883] ? __up_read+0x6f/0x1b0 [ 17.499484][ T1883] ? __kasan_check_write+0x14/0x20 [ 17.504576][ T1883] ? __fpregs_load_activate+0x2fc/0x3b0 [ 17.510119][ T1883] ? switch_fpu_return+0x10/0x10 [ 17.515054][ T1883] ? __kasan_check_read+0x11/0x20 [ 17.520074][ T1883] __x64_sys_writev+0x7d/0x90 [ 17.524720][ T1883] do_syscall_64+0xc0/0x100 [ 17.529210][ T1883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 17.535083][ T1883] RIP: 0033:0x4420c0 [ 17.538949][ T1883] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 31 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 17.559093][ T1883] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 17.567494][ T1883] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004420c0 [ 17.575447][ T1883] RDX: 0000000000000001 RSI: 00007ffcd5dfe440 RDI: 00000000000000f0 [ 17.583406][ T1883] RBP: 0000000000000000 R08: 00000000000051f4 R09: 00000000bb1414ac executing program [ 17.591414][ T1883] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000 [ 17.599375][ T1883] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 17.607325][ T1883] ---[ end trace 882a9f0d66d0d00c ]--- [ 17.614525][ T1884] BUG: Bad page state in process syz-executor111 pfn:1cfcc0 [ 17.621905][ T1884] page:ffffea00073f3000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 17.631125][ T1884] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 17.639704][ T1884] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 17.648256][ T1884] page dumped because: nonzero _refcount [ 17.653880][ T1884] Modules linked in: [ 17.658208][ T1884] CPU: 1 PID: 1884 Comm: syz-executor111 Tainted: G W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 17.669711][ T1884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 17.679741][ T1884] Call Trace: [ 17.683006][ T1884] dump_stack+0x1b0/0x228 [ 17.687316][ T1884] ? is_module_text_address+0x130/0x130 [ 17.692961][ T1884] ? show_regs_print_info+0x18/0x18 [ 17.698136][ T1884] bad_page+0x262/0x290 [ 17.702266][ T1884] ? _raw_spin_lock+0x170/0x170 [ 17.707117][ T1884] ? is_free_buddy_page+0x190/0x190 [ 17.712301][ T1884] ? __kasan_check_read+0x11/0x20 [ 17.717317][ T1884] ? __zone_watermark_ok+0x9b/0x270 [ 17.722488][ T1884] get_page_from_freelist+0x505a/0x57e0 [ 17.728014][ T1884] ? __read_once_size_nocheck+0x10/0x10 [ 17.733529][ T1884] ? unwind_next_frame+0x415/0x870 [ 17.738638][ T1884] ? __rcu_read_lock+0x50/0x50 [ 17.743407][ T1884] ? unwind_next_frame+0x415/0x870 [ 17.748491][ T1884] ? __alloc_pages_nodemask+0x3010/0x3010 [ 17.754182][ T1884] ? 0xffffffffa0008000 [ 17.758729][ T1884] __alloc_pages_nodemask+0x44f/0x3010 [ 17.764161][ T1884] ? __kasan_check_read+0x11/0x20 [ 17.769159][ T1884] ? prep_new_page+0x13a/0x3a0 [ 17.773894][ T1884] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 17.779430][ T1884] ? get_page_from_freelist+0x5426/0x57e0 [ 17.785157][ T1884] ? __rcu_read_lock+0x50/0x50 [ 17.789899][ T1884] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 17.795852][ T1884] alloc_slab_page+0x3f/0x390 [ 17.800509][ T1884] new_slab+0x98/0x430 [ 17.804588][ T1884] ___slab_alloc+0x2e0/0x450 [ 17.809157][ T1884] ? bpf_check+0x136/0xe7b0 [ 17.813635][ T1884] ? __should_failslab+0x90/0x160 [ 17.818633][ T1884] ? bpf_check+0x136/0xe7b0 [ 17.823133][ T1884] kmem_cache_alloc_trace+0x23f/0x2f0 [ 17.828627][ T1884] bpf_check+0x136/0xe7b0 [ 17.832957][ T1884] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 17.838906][ T1884] ? 0xffffffffa0008000 [ 17.843042][ T1884] ? is_bpf_text_address+0x2c8/0x2e0 [ 17.848298][ T1884] ? stack_trace_save+0x1e0/0x1e0 [ 17.853293][ T1884] ? __kernel_text_address+0x9a/0x110 [ 17.858641][ T1884] ? unwind_get_return_address+0x4c/0x90 [ 17.864244][ T1884] ? arch_stack_walk+0x98/0xe0 [ 17.868977][ T1884] ? stack_trace_save+0x111/0x1e0 [ 17.873972][ T1884] ? stack_trace_snprint+0x150/0x150 [ 17.879242][ T1884] ? stack_trace_snprint+0x150/0x150 [ 17.884503][ T1884] ? bpf_verifier_log_write+0x230/0x230 [ 17.890033][ T1884] ? __kasan_kmalloc+0x179/0x1b0 [ 17.894941][ T1884] ? __kasan_kmalloc+0x117/0x1b0 [ 17.899871][ T1884] ? kasan_kmalloc+0x9/0x10 [ 17.904343][ T1884] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 17.909792][ T1884] ? selinux_bpf_prog_alloc+0x51/0x150 [ 17.915222][ T1884] ? security_bpf_prog_alloc+0x50/0xb0 [ 17.920666][ T1884] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 17.925506][ T1884] ? __x64_sys_bpf+0x7a/0x90 [ 17.930112][ T1884] ? do_syscall_64+0xc0/0x100 [ 17.934765][ T1884] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 17.940825][ T1884] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 17.946866][ T1884] ? pcpu_alloc_area+0x7eb/0x940 [ 17.951780][ T1884] ? find_next_bit+0xd8/0x120 [ 17.957004][ T1884] ? cpumask_next+0x11/0x30 [ 17.961533][ T1884] ? __should_failslab+0x90/0x160 [ 17.966534][ T1884] ? selinux_bpf_prog_alloc+0x51/0x150 [ 17.971983][ T1884] ? kasan_kmalloc+0x9/0x10 [ 17.976467][ T1884] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 17.981900][ T1884] ? memset+0x31/0x40 [ 17.985865][ T1884] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 17.990988][ T1884] __do_sys_bpf+0x80a8/0xbbc0 [ 17.995637][ T1884] ? wp_page_copy+0xd24/0x10e0 [ 18.000416][ T1884] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 18.005934][ T1884] ? __rcu_read_lock+0x50/0x50 [ 18.010669][ T1884] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 18.016443][ T1884] ? __bpf_prog_put_rcu+0x350/0x350 [ 18.021636][ T1884] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 18.027161][ T1884] ? mem_cgroup_from_task+0x60/0x60 [ 18.032344][ T1884] ? __kasan_check_read+0x11/0x20 [ 18.037352][ T1884] ? __lru_cache_add+0x1ae/0x200 [ 18.042260][ T1884] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 18.048821][ T1884] ? _raw_spin_unlock+0x9/0x20 [ 18.053569][ T1884] ? handle_mm_fault+0xb2f/0x41c0 [ 18.058576][ T1884] ? alloc_file+0x84/0x4b0 [ 18.062976][ T1884] ? finish_fault+0x230/0x230 [ 18.067632][ T1884] ? __kasan_check_write+0x14/0x20 [ 18.072712][ T1884] ? __up_read+0x6f/0x1b0 [ 18.077012][ T1884] ? __down_read+0x240/0x240 [ 18.081571][ T1884] __x64_sys_bpf+0x7a/0x90 [ 18.085957][ T1884] do_syscall_64+0xc0/0x100 [ 18.090445][ T1884] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.096305][ T1884] RIP: 0033:0x4421c9 [ 18.100183][ T1884] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 18.119769][ T1884] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 18.128146][ T1884] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 18.136117][ T1884] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 executing program [ 18.144074][ T1884] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 18.152014][ T1884] R10: 0000000000000004 R11: 0000000000000246 R12: 000000000000432e [ 18.159956][ T1884] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 18.167899][ T1884] Disabling lock debugging due to kernel taint [ 18.176859][ T1885] BUG: Bad page state in process syz-executor111 pfn:1c5400 [ 18.184249][ T1885] page:ffffea0007150000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 18.193425][ T1885] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 18.202239][ T1885] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 18.210796][ T1885] page dumped because: nonzero _refcount [ 18.216576][ T1885] Modules linked in: [ 18.220462][ T1885] CPU: 0 PID: 1885 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 18.231974][ T1885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.242098][ T1885] Call Trace: [ 18.245360][ T1885] dump_stack+0x1b0/0x228 [ 18.249664][ T1885] ? is_module_text_address+0x130/0x130 [ 18.255177][ T1885] ? show_regs_print_info+0x18/0x18 [ 18.260349][ T1885] bad_page+0x262/0x290 [ 18.264478][ T1885] ? _raw_spin_lock+0x170/0x170 [ 18.269310][ T1885] ? is_free_buddy_page+0x190/0x190 [ 18.274477][ T1885] ? __kasan_check_read+0x11/0x20 [ 18.279469][ T1885] ? __zone_watermark_ok+0x9b/0x270 [ 18.284647][ T1885] get_page_from_freelist+0x505a/0x57e0 [ 18.290174][ T1885] ? __read_once_size_nocheck+0x10/0x10 [ 18.295687][ T1885] ? unwind_next_frame+0x415/0x870 [ 18.300767][ T1885] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 18.306721][ T1885] ? __alloc_pages_nodemask+0x3010/0x3010 [ 18.312409][ T1885] ? 0xffffffffa0010000 [ 18.316534][ T1885] __alloc_pages_nodemask+0x44f/0x3010 [ 18.322004][ T1885] ? unwind_get_return_address+0x4c/0x90 [ 18.327635][ T1885] ? stack_trace_save+0x111/0x1e0 [ 18.332631][ T1885] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 18.338147][ T1885] ? __kasan_kmalloc+0x179/0x1b0 [ 18.343071][ T1885] ? __kasan_kmalloc+0x117/0x1b0 [ 18.347975][ T1885] ? kasan_kmalloc+0x9/0x10 [ 18.352451][ T1885] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 18.358399][ T1885] ? do_check+0x16c/0x249b0 [ 18.362885][ T1885] ? bpf_check+0x4063/0xe7b0 [ 18.367462][ T1885] ? __do_sys_bpf+0x80a8/0xbbc0 [ 18.372283][ T1885] ? __x64_sys_bpf+0x7a/0x90 [ 18.376854][ T1885] ? do_syscall_64+0xc0/0x100 [ 18.381565][ T1885] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.387756][ T1885] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 18.393708][ T1885] ? 0xffffffffa0010000 [ 18.397836][ T1885] alloc_slab_page+0x3f/0x390 [ 18.402510][ T1885] new_slab+0x98/0x430 [ 18.406549][ T1885] ___slab_alloc+0x2e0/0x450 [ 18.411152][ T1885] ? do_check+0x223/0x249b0 [ 18.415631][ T1885] ? __should_failslab+0x90/0x160 [ 18.420686][ T1885] ? do_check+0x223/0x249b0 [ 18.425162][ T1885] kmem_cache_alloc_trace+0x23f/0x2f0 [ 18.430512][ T1885] do_check+0x223/0x249b0 [ 18.434861][ T1885] ? is_bpf_text_address+0x2c8/0x2e0 [ 18.440124][ T1885] ? stack_trace_save+0x1e0/0x1e0 [ 18.445171][ T1885] ? __kernel_text_address+0x9a/0x110 [ 18.450551][ T1885] ? unwind_get_return_address+0x4c/0x90 [ 18.456733][ T1885] ? arch_stack_walk+0x98/0xe0 [ 18.461490][ T1885] ? stack_trace_save+0x111/0x1e0 [ 18.466542][ T1885] ? stack_trace_snprint+0x150/0x150 [ 18.471836][ T1885] ? stack_trace_snprint+0x150/0x150 [ 18.477108][ T1885] ? kvfree+0x47/0x50 [ 18.481090][ T1885] ? __kasan_slab_free+0x1e2/0x220 [ 18.486185][ T1885] ? __kasan_slab_free+0x168/0x220 [ 18.491271][ T1885] ? kasan_slab_free+0xe/0x10 [ 18.495932][ T1885] ? kvfree+0x47/0x50 [ 18.499885][ T1885] ? bpf_check+0x4032/0xe7b0 [ 18.504446][ T1885] ? __do_sys_bpf+0x80a8/0xbbc0 [ 18.509282][ T1885] ? __x64_sys_bpf+0x7a/0x90 [ 18.513845][ T1885] ? do_syscall_64+0xc0/0x100 [ 18.518526][ T1885] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.524565][ T1885] ? do_syscall_64+0xc0/0x100 [ 18.529282][ T1885] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.535328][ T1885] ? __vunmap+0x8f2/0x990 [ 18.539668][ T1885] ? bpf_check+0xe7b0/0xe7b0 [ 18.544236][ T1885] ? vfree+0x62/0xf0 [ 18.548106][ T1885] ? bpf_prog_calc_tag+0x726/0x950 [ 18.553202][ T1885] ? sort_r+0x76/0x1120 [ 18.557819][ T1885] ? __bpf_prog_free+0xa0/0xa0 [ 18.562573][ T1885] ? kasan_slab_free+0xe/0x10 [ 18.567225][ T1885] ? kfree+0x170/0x6d0 [ 18.571284][ T1885] ? kvfree+0x47/0x50 [ 18.575251][ T1885] bpf_check+0x4063/0xe7b0 [ 18.579765][ T1885] ? is_bpf_text_address+0x2c8/0x2e0 [ 18.585028][ T1885] ? stack_trace_save+0x1e0/0x1e0 [ 18.590189][ T1885] ? __kernel_text_address+0x9a/0x110 [ 18.595579][ T1885] ? arch_stack_walk+0x98/0xe0 [ 18.600339][ T1885] ? stack_trace_save+0x111/0x1e0 [ 18.605342][ T1885] ? stack_trace_snprint+0x150/0x150 [ 18.610603][ T1885] ? bpf_verifier_log_write+0x230/0x230 [ 18.616135][ T1885] ? __kasan_kmalloc+0x179/0x1b0 [ 18.621050][ T1885] ? __kasan_kmalloc+0x117/0x1b0 [ 18.625978][ T1885] ? kasan_kmalloc+0x9/0x10 [ 18.630484][ T1885] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 18.635924][ T1885] ? selinux_bpf_prog_alloc+0x51/0x150 [ 18.641355][ T1885] ? security_bpf_prog_alloc+0x50/0xb0 [ 18.646811][ T1885] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 18.651634][ T1885] ? __x64_sys_bpf+0x7a/0x90 [ 18.656576][ T1885] ? do_syscall_64+0xc0/0x100 [ 18.661227][ T1885] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.667266][ T1885] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 18.673303][ T1885] ? pcpu_alloc_area+0x7eb/0x940 [ 18.678227][ T1885] ? find_next_bit+0xd8/0x120 [ 18.682875][ T1885] ? cpumask_next+0x11/0x30 [ 18.687365][ T1885] ? __should_failslab+0x90/0x160 [ 18.692395][ T1885] ? selinux_bpf_prog_alloc+0x51/0x150 [ 18.697849][ T1885] ? kasan_kmalloc+0x9/0x10 [ 18.702386][ T1885] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 18.707889][ T1885] ? memset+0x31/0x40 [ 18.711848][ T1885] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 18.716964][ T1885] __do_sys_bpf+0x80a8/0xbbc0 [ 18.721660][ T1885] ? wp_page_copy+0xd24/0x10e0 [ 18.726420][ T1885] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 18.731946][ T1885] ? __rcu_read_lock+0x50/0x50 [ 18.736688][ T1885] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 18.742466][ T1885] ? __bpf_prog_put_rcu+0x350/0x350 [ 18.747707][ T1885] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 18.753252][ T1885] ? mem_cgroup_from_task+0x60/0x60 [ 18.758999][ T1885] ? __kasan_check_read+0x11/0x20 [ 18.763998][ T1885] ? __lru_cache_add+0x1ae/0x200 [ 18.768907][ T1885] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 18.775483][ T1885] ? _raw_spin_unlock+0x9/0x20 [ 18.780233][ T1885] ? handle_mm_fault+0xb2f/0x41c0 [ 18.785229][ T1885] ? alloc_file+0x84/0x4b0 [ 18.789619][ T1885] ? finish_fault+0x230/0x230 [ 18.794321][ T1885] ? __kasan_check_write+0x14/0x20 [ 18.799411][ T1885] ? __up_read+0x6f/0x1b0 [ 18.803735][ T1885] ? __down_read+0x240/0x240 [ 18.808335][ T1885] __x64_sys_bpf+0x7a/0x90 [ 18.812729][ T1885] do_syscall_64+0xc0/0x100 [ 18.817215][ T1885] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.823107][ T1885] RIP: 0033:0x4421c9 [ 18.826980][ T1885] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 executing program [ 18.846619][ T1885] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 18.855451][ T1885] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 18.863396][ T1885] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 18.871393][ T1885] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 18.879370][ T1885] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000000044c5 [ 18.887318][ T1885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 18.897818][ T1886] BUG: Bad page state in process syz-executor111 pfn:1c5410 [ 18.905186][ T1886] page:ffffea0007150400 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 18.914352][ T1886] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 18.922914][ T1886] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 18.931491][ T1886] page dumped because: nonzero _refcount [ 18.937118][ T1886] Modules linked in: [ 18.940994][ T1886] CPU: 0 PID: 1886 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 18.952599][ T1886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.963067][ T1886] Call Trace: [ 18.966333][ T1886] dump_stack+0x1b0/0x228 [ 18.970636][ T1886] ? is_module_text_address+0x130/0x130 [ 18.976262][ T1886] ? show_regs_print_info+0x18/0x18 [ 18.981455][ T1886] bad_page+0x262/0x290 [ 18.985609][ T1886] ? _raw_spin_lock+0x170/0x170 [ 18.990431][ T1886] ? is_free_buddy_page+0x190/0x190 [ 18.995605][ T1886] ? __kasan_check_read+0x11/0x20 [ 19.000602][ T1886] ? __zone_watermark_ok+0x9b/0x270 [ 19.005771][ T1886] get_page_from_freelist+0x505a/0x57e0 [ 19.011310][ T1886] ? __kasan_check_write+0x14/0x20 [ 19.016397][ T1886] ? _raw_spin_lock_irqsave+0xda/0x1c0 [ 19.021849][ T1886] ? __read_once_size_nocheck+0x10/0x10 [ 19.027366][ T1886] ? _raw_spin_lock+0x170/0x170 [ 19.032204][ T1886] ? __alloc_pages_nodemask+0x3010/0x3010 [ 19.037896][ T1886] ? get_page_from_freelist+0x5426/0x57e0 [ 19.043587][ T1886] __alloc_pages_nodemask+0x44f/0x3010 [ 19.049036][ T1886] ? __kasan_check_read+0x11/0x20 [ 19.054046][ T1886] ? prep_new_page+0x13a/0x3a0 [ 19.059217][ T1886] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.064731][ T1886] ? get_page_from_freelist+0x5426/0x57e0 [ 19.070420][ T1886] ? __rcu_read_lock+0x50/0x50 [ 19.075184][ T1886] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 19.081197][ T1886] alloc_slab_page+0x3f/0x390 [ 19.086011][ T1886] new_slab+0x98/0x430 [ 19.090085][ T1886] ___slab_alloc+0x2e0/0x450 [ 19.094658][ T1886] ? bpf_check+0x136/0xe7b0 [ 19.099400][ T1886] ? __should_failslab+0x90/0x160 [ 19.104398][ T1886] ? bpf_check+0x136/0xe7b0 [ 19.108879][ T1886] kmem_cache_alloc_trace+0x23f/0x2f0 [ 19.114245][ T1886] bpf_check+0x136/0xe7b0 [ 19.118548][ T1886] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 19.124499][ T1886] ? 0xffffffffa0018000 [ 19.128639][ T1886] ? is_bpf_text_address+0x2c8/0x2e0 [ 19.133918][ T1886] ? stack_trace_save+0x1e0/0x1e0 [ 19.138918][ T1886] ? __kernel_text_address+0x9a/0x110 [ 19.144265][ T1886] ? unwind_get_return_address+0x4c/0x90 [ 19.149870][ T1886] ? arch_stack_walk+0x98/0xe0 [ 19.155237][ T1886] ? stack_trace_save+0x111/0x1e0 [ 19.160268][ T1886] ? stack_trace_snprint+0x150/0x150 [ 19.165543][ T1886] ? stack_trace_snprint+0x150/0x150 [ 19.170800][ T1886] ? bpf_verifier_log_write+0x230/0x230 [ 19.176328][ T1886] ? __kasan_kmalloc+0x179/0x1b0 [ 19.181248][ T1886] ? __kasan_kmalloc+0x117/0x1b0 [ 19.186164][ T1886] ? kasan_kmalloc+0x9/0x10 [ 19.190681][ T1886] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 19.196134][ T1886] ? selinux_bpf_prog_alloc+0x51/0x150 [ 19.201594][ T1886] ? security_bpf_prog_alloc+0x50/0xb0 [ 19.207025][ T1886] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 19.211868][ T1886] ? __x64_sys_bpf+0x7a/0x90 [ 19.216455][ T1886] ? do_syscall_64+0xc0/0x100 [ 19.221128][ T1886] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.227182][ T1886] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 19.233227][ T1886] ? pcpu_alloc_area+0x7eb/0x940 [ 19.238188][ T1886] ? find_next_bit+0xd8/0x120 [ 19.242837][ T1886] ? cpumask_next+0x11/0x30 [ 19.247320][ T1886] ? __should_failslab+0x90/0x160 [ 19.252316][ T1886] ? selinux_bpf_prog_alloc+0x51/0x150 [ 19.257751][ T1886] ? kasan_kmalloc+0x9/0x10 [ 19.262230][ T1886] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 19.267703][ T1886] ? memset+0x31/0x40 [ 19.271659][ T1886] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 19.276740][ T1886] __do_sys_bpf+0x80a8/0xbbc0 [ 19.281412][ T1886] ? wp_page_copy+0xd24/0x10e0 [ 19.286155][ T1886] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.291700][ T1886] ? __rcu_read_lock+0x50/0x50 [ 19.296437][ T1886] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 19.302219][ T1886] ? __bpf_prog_put_rcu+0x350/0x350 [ 19.307603][ T1886] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 19.313146][ T1886] ? mem_cgroup_from_task+0x60/0x60 [ 19.318342][ T1886] ? __kasan_check_read+0x11/0x20 [ 19.323389][ T1886] ? __lru_cache_add+0x1ae/0x200 [ 19.328307][ T1886] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 19.334868][ T1886] ? _raw_spin_unlock+0x9/0x20 [ 19.339604][ T1886] ? handle_mm_fault+0xb2f/0x41c0 [ 19.344720][ T1886] ? alloc_file+0x84/0x4b0 [ 19.349132][ T1886] ? finish_fault+0x230/0x230 [ 19.353804][ T1886] ? __kasan_check_write+0x14/0x20 [ 19.359443][ T1886] ? __up_read+0x6f/0x1b0 [ 19.363771][ T1886] ? __down_read+0x240/0x240 [ 19.368343][ T1886] __x64_sys_bpf+0x7a/0x90 [ 19.372733][ T1886] do_syscall_64+0xc0/0x100 [ 19.377234][ T1886] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.383119][ T1886] RIP: 0033:0x4421c9 [ 19.386988][ T1886] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 19.406884][ T1886] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 19.415295][ T1886] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 19.424310][ T1886] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 19.432256][ T1886] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 19.440201][ T1886] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000000046f8 [ 19.448147][ T1886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 19.462259][ T1887] BUG: Bad page state in process init pfn:1d3470 [ 19.468679][ T1887] page:ffffea00074d1c00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 19.477866][ T1887] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 19.486506][ T1887] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 19.495087][ T1887] page dumped because: nonzero _refcount [ 19.500693][ T1887] Modules linked in: [ 19.504619][ T1887] CPU: 0 PID: 1887 Comm: init Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 19.515197][ T1887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.525270][ T1887] Call Trace: [ 19.528580][ T1887] dump_stack+0x1b0/0x228 [ 19.532945][ T1887] ? is_module_text_address+0x130/0x130 [ 19.538487][ T1887] ? show_regs_print_info+0x18/0x18 [ 19.543693][ T1887] bad_page+0x262/0x290 [ 19.547845][ T1887] ? _raw_spin_lock+0x170/0x170 [ 19.552681][ T1887] ? is_free_buddy_page+0x190/0x190 [ 19.558255][ T1887] ? __kasan_check_read+0x11/0x20 [ 19.563305][ T1887] ? __zone_watermark_ok+0x9b/0x270 [ 19.568489][ T1887] get_page_from_freelist+0x505a/0x57e0 [ 19.574007][ T1887] ? avc_denied+0x1b0/0x1b0 [ 19.578482][ T1887] ? __dquot_initialize+0x228/0xdc0 [ 19.583657][ T1887] ? avc_has_perm+0x15f/0x260 [ 19.588308][ T1887] ? dput+0x521/0x610 [ 19.592325][ T1887] ? __read_once_size_nocheck+0x10/0x10 [ 19.597879][ T1887] ? unwind_next_frame+0x415/0x870 [ 19.602965][ T1887] ? __rcu_read_lock+0x50/0x50 [ 19.607738][ T1887] ? unwind_next_frame+0x415/0x870 [ 19.612851][ T1887] ? 0xffffffffa0020000 [ 19.616986][ T1887] ? __alloc_pages_nodemask+0x3010/0x3010 [ 19.622686][ T1887] ? is_bpf_text_address+0x2c8/0x2e0 [ 19.627957][ T1887] ? stack_trace_save+0x1e0/0x1e0 [ 19.632976][ T1887] __alloc_pages_nodemask+0x44f/0x3010 [ 19.638432][ T1887] ? stack_trace_snprint+0x150/0x150 [ 19.643794][ T1887] ? stack_trace_save+0x111/0x1e0 [ 19.648813][ T1887] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.654330][ T1887] ? __kasan_kmalloc+0x117/0x1b0 [ 19.659795][ T1887] ? kasan_kmalloc+0x9/0x10 [ 19.664283][ T1887] ? __kmalloc+0x102/0x310 [ 19.668669][ T1887] ? kzalloc+0x26/0x40 [ 19.672711][ T1887] ? security_prepare_creds+0x40/0x270 [ 19.678152][ T1887] ? prepare_creds+0x295/0x390 [ 19.682886][ T1887] ? do_faccessat+0x9d/0x7f0 [ 19.687445][ T1887] ? __x64_sys_access+0x5f/0x70 [ 19.692270][ T1887] ? do_syscall_64+0xc0/0x100 [ 19.696929][ T1887] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.703002][ T1887] ? __kasan_kmalloc+0x179/0x1b0 [ 19.707918][ T1887] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.713977][ T1887] ? __kasan_kmalloc+0x117/0x1b0 [ 19.718883][ T1887] ? kasan_slab_alloc+0xe/0x10 [ 19.723624][ T1887] ? kmem_cache_alloc+0x120/0x2b0 [ 19.728636][ T1887] ? prepare_creds+0x24/0x390 [ 19.733303][ T1887] ? override_release+0xc2/0x290 [ 19.738213][ T1887] ? set_one_prio+0x270/0x270 [ 19.742868][ T1887] ? __up_read+0x6f/0x1b0 [ 19.747183][ T1887] alloc_slab_page+0x3f/0x390 [ 19.751848][ T1887] new_slab+0x98/0x430 [ 19.756352][ T1887] ? _copy_to_user+0x92/0xb0 [ 19.760927][ T1887] ___slab_alloc+0x2e0/0x450 [ 19.765490][ T1887] ? __should_failslab+0x90/0x160 [ 19.770485][ T1887] ? getname_flags+0xba/0x640 [ 19.775131][ T1887] ? kzalloc+0x26/0x40 [ 19.779174][ T1887] ? __should_failslab+0x90/0x160 [ 19.784187][ T1887] ? getname_flags+0xba/0x640 [ 19.788856][ T1887] kmem_cache_alloc+0x203/0x2b0 [ 19.793677][ T1887] getname_flags+0xba/0x640 [ 19.798159][ T1887] ? __put_user_ns+0x60/0x60 [ 19.802752][ T1887] user_path_at_empty+0x2d/0x50 [ 19.807584][ T1887] do_faccessat+0x2f3/0x7f0 [ 19.812106][ T1887] ? __ia32_sys_fallocate+0x110/0x110 [ 19.817482][ T1887] ? prepare_exit_to_usermode+0x13a/0x370 [ 19.823204][ T1887] __x64_sys_access+0x5f/0x70 [ 19.827858][ T1887] do_syscall_64+0xc0/0x100 [ 19.832333][ T1887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.838200][ T1887] RIP: 0033:0x7faa74fa13c7 [ 19.842627][ T1887] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d 68 4a 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4a 2b 00 31 d2 48 29 c2 64 [ 19.862798][ T1887] RSP: 002b:00007ffc7b189638 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 19.871179][ T1887] RAX: ffffffffffffffda RBX: 0000000000407a00 RCX: 00007faa74fa13c7 [ 19.879172][ T1887] RDX: 00007ffc7b18984c RSI: 0000000000000000 RDI: 00007faa75020365 [ 19.887211][ T1887] RBP: 00007ffc7b189800 R08: 00000000000000db R09: 0000000000000800 [ 19.895173][ T1887] R10: 000000000000000a R11: 0000000000000246 R12: 000000000000075f executing program [ 19.903124][ T1887] R13: 00000000004072f7 R14: 00007ffc7b189800 R15: 000000000253ef6c [ 19.919813][ T1882] BUG: Bad page state in process syz-executor111 pfn:1cfd20 [ 19.927317][ T1882] page:ffffea00073f4800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 19.936500][ T1882] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 19.945184][ T1882] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 19.953774][ T1882] page dumped because: nonzero _refcount [ 19.959382][ T1882] Modules linked in: [ 19.963261][ T1882] CPU: 1 PID: 1882 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 19.975033][ T1882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.985068][ T1882] Call Trace: [ 19.988343][ T1882] dump_stack+0x1b0/0x228 [ 19.992707][ T1882] ? is_module_text_address+0x130/0x130 [ 19.998322][ T1882] ? show_regs_print_info+0x18/0x18 [ 20.003510][ T1882] bad_page+0x262/0x290 [ 20.007657][ T1882] ? _raw_spin_lock+0x170/0x170 [ 20.012485][ T1882] ? is_free_buddy_page+0x190/0x190 [ 20.017779][ T1882] ? __kasan_check_read+0x11/0x20 [ 20.022800][ T1882] ? __zone_watermark_ok+0x9b/0x270 [ 20.027984][ T1882] get_page_from_freelist+0x505a/0x57e0 [ 20.033515][ T1882] ? invalidate_inode_page+0x260/0x260 [ 20.038957][ T1882] ? __kasan_check_write+0x14/0x20 [ 20.044048][ T1882] ? __read_once_size_nocheck+0x10/0x10 [ 20.049569][ T1882] ? unwind_next_frame+0x415/0x870 [ 20.055281][ T1882] ? __rcu_read_lock+0x50/0x50 [ 20.060026][ T1882] ? unwind_next_frame+0x415/0x870 [ 20.065110][ T1882] ? __alloc_pages_nodemask+0x3010/0x3010 [ 20.070910][ T1882] ? 0xffffffffa0008000 [ 20.075052][ T1882] __alloc_pages_nodemask+0x44f/0x3010 [ 20.080489][ T1882] ? arch_stack_walk+0x98/0xe0 [ 20.085239][ T1882] ? stack_trace_save+0x111/0x1e0 [ 20.090242][ T1882] ? stack_trace_snprint+0x150/0x150 [ 20.095513][ T1882] ? stack_trace_save+0x111/0x1e0 [ 20.100524][ T1882] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 20.106054][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 20.110972][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 20.115886][ T1882] ? kasan_kmalloc+0x9/0x10 [ 20.120365][ T1882] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 20.125799][ T1882] ? alloc_fdtable+0x98/0x290 [ 20.130452][ T1882] ? dup_fd+0x7ad/0xb60 [ 20.134593][ T1882] ? copy_process+0x1725/0x52d0 [ 20.139421][ T1882] ? _do_fork+0x185/0x950 [ 20.143729][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 20.148642][ T1882] ? do_syscall_64+0xc0/0x100 [ 20.153319][ T1882] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.159378][ T1882] ? dup_fd+0x6f/0xb60 [ 20.163426][ T1882] ? copy_process+0x1725/0x52d0 [ 20.168363][ T1882] ? _do_fork+0x185/0x950 [ 20.172666][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 20.177581][ T1882] ? do_syscall_64+0xc0/0x100 [ 20.182336][ T1882] ? __rcu_read_lock+0x50/0x50 [ 20.187079][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 20.191993][ T1882] alloc_slab_page+0x3f/0x390 [ 20.196728][ T1882] new_slab+0x98/0x430 [ 20.200783][ T1882] ___slab_alloc+0x2e0/0x450 [ 20.205367][ T1882] ? kvmalloc_node+0xc6/0x120 [ 20.210026][ T1882] ? memcpy+0x49/0x60 [ 20.213986][ T1882] ? __should_failslab+0x90/0x160 [ 20.218996][ T1882] ? kvmalloc_node+0xc6/0x120 [ 20.223861][ T1882] __kmalloc+0x26d/0x310 [ 20.228777][ T1882] kvmalloc_node+0xc6/0x120 [ 20.233278][ T1882] alloc_fdtable+0xe3/0x290 [ 20.237758][ T1882] dup_fd+0x7ad/0xb60 [ 20.241736][ T1882] ? perf_event_attrs+0x30/0x30 [ 20.246564][ T1882] ? selinux_task_alloc+0x95/0xb0 [ 20.251567][ T1882] copy_process+0x1725/0x52d0 [ 20.256226][ T1882] ? kernel_wait4+0x380/0x380 [ 20.260891][ T1882] ? fork_idle+0x290/0x290 [ 20.265312][ T1882] ? put_pid+0x89/0xe0 [ 20.269363][ T1882] ? __ia32_sys_waitid+0xd0/0xd0 [ 20.274302][ T1882] ? do_nanosleep+0x58b/0x6b0 [ 20.278971][ T1882] _do_fork+0x185/0x950 [ 20.283156][ T1882] ? dup_mm+0x330/0x330 [ 20.287315][ T1882] ? __x64_sys_wait4+0x168/0x1c0 [ 20.292260][ T1882] ? do_wait+0x890/0x890 [ 20.296573][ T1882] __x64_sys_clone+0x247/0x2b0 [ 20.301311][ T1882] ? __ia32_sys_vfork+0x110/0x110 [ 20.306348][ T1882] ? syscall_return_slowpath+0x6f/0x500 [ 20.311874][ T1882] do_syscall_64+0xc0/0x100 [ 20.316353][ T1882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.322330][ T1882] RIP: 0033:0x440aca [ 20.326898][ T1882] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 20.346478][ T1882] RSP: 002b:00007ffcd5dfe3d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 executing program [ 20.354974][ T1882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440aca [ 20.362950][ T1882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 20.370898][ T1882] RBP: 00007ffcd5dfe3f0 R08: 0000000000000001 R09: 00000000015b0880 [ 20.378850][ T1882] R10: 00000000015b0b50 R11: 0000000000000246 R12: 0000000000000001 [ 20.386801][ T1882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 executing program [ 20.404850][ T1894] BUG: Bad page state in process syz-executor111 pfn:1cff18 [ 20.404929][ T1892] ------------[ cut here ]------------ [ 20.417798][ T1892] virt_to_cache: Object is not a Slab page! [ 20.424020][ T1894] page:ffffea00073fc600 refcount:0 mapcount:0 mapping:ffff8881da8e4000 index:0x0 compound_mapcount: 0 [ 20.424032][ T1892] WARNING: CPU: 0 PID: 1892 at mm/slab.h:474 kmem_cache_free+0x324/0x7a0 [ 20.424037][ T1892] Modules linked in: [ 20.447235][ T1892] CPU: 0 PID: 1892 Comm: init Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 20.457876][ T1892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.468020][ T1892] RIP: 0010:kmem_cache_free+0x324/0x7a0 [ 20.473542][ T1892] Code: 03 03 01 48 c7 c7 6d c8 4c 84 48 c7 c6 8d c8 4c 84 31 c0 4c 89 45 b8 e8 5a 7b a9 ff 4c 8b 45 b8 48 ba 00 00 00 00 00 ea ff ff <0f> 0b e9 81 fd ff ff 48 ff c8 48 89 c3 e9 4a fd ff ff 48 ff c8 48 [ 20.493124][ T1892] RSP: 0018:ffff8881cfc27b50 EFLAGS: 00010246 [ 20.499172][ T1892] RAX: 085c3fb7b4dde600 RBX: ffffea00073fc680 RCX: ffff8881d2252c40 [ 20.507231][ T1892] RDX: ffffea0000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 20.515184][ T1892] RBP: ffff8881cfc27bd0 R08: ffff8881da8e4000 R09: ffffed103b745dc0 [ 20.523145][ T1892] R10: ffffed103b745dc0 R11: 0000000000000000 R12: 8000000000000000 [ 20.531093][ T1892] R13: ffffffff7fffffff R14: 0000777f80000000 R15: ffff88824ff1a200 [ 20.539059][ T1892] FS: 00007faa758d17a0(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 20.547965][ T1892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.554525][ T1892] CR2: 0000000000608340 CR3: 00000001d46cb006 CR4: 00000000001606f0 [ 20.562477][ T1892] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.570439][ T1892] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.578395][ T1892] Call Trace: [ 20.581671][ T1892] ? _raw_spin_lock+0xa1/0x170 [ 20.586419][ T1892] ? do_swap_page+0x1530/0x1530 [ 20.591246][ T1892] filename_lookup+0x4e6/0x6c0 [ 20.595988][ T1892] ? hashlen_string+0x120/0x120 [ 20.600825][ T1892] ? __check_object_size+0x309/0x3d0 [ 20.606094][ T1892] ? getname_flags+0x214/0x640 [ 20.610838][ T1892] user_path_at_empty+0x40/0x50 [ 20.615664][ T1892] do_faccessat+0x2f3/0x7f0 [ 20.620153][ T1892] ? __ia32_sys_fallocate+0x110/0x110 [ 20.625500][ T1892] ? __fd_install+0x119/0x250 [ 20.630158][ T1892] __x64_sys_access+0x5f/0x70 [ 20.634917][ T1892] do_syscall_64+0xc0/0x100 [ 20.639396][ T1892] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.645285][ T1892] RIP: 0033:0x7faa74fa13c7 [ 20.649703][ T1892] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d 68 4a 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4a 2b 00 31 d2 48 29 c2 64 [ 20.669287][ T1892] RSP: 002b:00007ffc7b189668 EFLAGS: 00000202 ORIG_RAX: 0000000000000015 [ 20.677761][ T1892] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007faa74fa13c7 [ 20.685710][ T1892] RDX: 0000000000000764 RSI: 0000000000000002 RDI: 0000000000407618 [ 20.693659][ T1892] RBP: 00000000004072f7 R08: 00000000004072f7 R09: 00007ffc7b1899d0 [ 20.701637][ T1892] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000764 [ 20.709591][ T1892] R13: 000000000253f03c R14: 000000000253f03c R15: 00000000004072f7 [ 20.717577][ T1892] ---[ end trace 882a9f0d66d0d00d ]--- [ 20.723043][ T1894] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da8e4000 [ 20.725860][ T1892] BUG: Bad page state in process getty pfn:1cfe80 [ 20.738953][ T1892] page:ffffea00073fa000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 20.748124][ T1892] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 20.757177][ T1892] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 20.765791][ T1892] page dumped because: nonzero _refcount [ 20.771403][ T1892] Modules linked in: [ 20.775296][ T1892] CPU: 0 PID: 1892 Comm: getty Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 20.785937][ T1892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.796054][ T1892] Call Trace: [ 20.799357][ T1892] dump_stack+0x1b0/0x228 [ 20.803697][ T1892] ? is_module_text_address+0x130/0x130 [ 20.809238][ T1892] ? show_regs_print_info+0x18/0x18 [ 20.814414][ T1892] bad_page+0x262/0x290 [ 20.818547][ T1892] ? _raw_spin_lock+0x170/0x170 [ 20.823371][ T1892] ? is_free_buddy_page+0x190/0x190 [ 20.828547][ T1892] ? __kasan_check_read+0x11/0x20 [ 20.833655][ T1892] ? __zone_watermark_ok+0x9b/0x270 [ 20.838842][ T1892] get_page_from_freelist+0x505a/0x57e0 [ 20.844401][ T1892] ? __read_once_size_nocheck+0x10/0x10 [ 20.849923][ T1892] ? unwind_next_frame+0x415/0x870 [ 20.855466][ T1892] ? __rcu_read_lock+0x50/0x50 [ 20.860207][ T1892] ? unwind_next_frame+0x415/0x870 [ 20.865297][ T1892] ? 0xffffffffa0028000 [ 20.869431][ T1892] ? __alloc_pages_nodemask+0x3010/0x3010 [ 20.875132][ T1892] ? is_bpf_text_address+0x2c8/0x2e0 [ 20.880394][ T1892] ? stack_trace_save+0x1e0/0x1e0 [ 20.885403][ T1892] __alloc_pages_nodemask+0x44f/0x3010 [ 20.890941][ T1892] ? stack_trace_snprint+0x150/0x150 [ 20.896220][ T1892] ? stack_trace_save+0x111/0x1e0 [ 20.901237][ T1892] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 20.906761][ T1892] ? __kasan_kmalloc+0x117/0x1b0 [ 20.911673][ T1892] ? kasan_kmalloc+0x9/0x10 [ 20.916158][ T1892] ? __kmalloc+0x102/0x310 [ 20.920555][ T1892] ? kzalloc+0x26/0x40 [ 20.924623][ T1892] ? security_prepare_creds+0x40/0x270 [ 20.930056][ T1892] ? prepare_creds+0x295/0x390 [ 20.934810][ T1892] ? do_faccessat+0x9d/0x7f0 [ 20.939388][ T1892] ? __x64_sys_access+0x5f/0x70 [ 20.944217][ T1892] ? do_syscall_64+0xc0/0x100 [ 20.948874][ T1892] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.954938][ T1892] ? __kasan_kmalloc+0x179/0x1b0 [ 20.959856][ T1892] ? __kasan_kmalloc+0x117/0x1b0 [ 20.964786][ T1892] ? kasan_slab_alloc+0xe/0x10 [ 20.969544][ T1892] ? kmem_cache_alloc+0x120/0x2b0 [ 20.974649][ T1892] ? prepare_creds+0x24/0x390 [ 20.979323][ T1892] ? _raw_spin_lock+0xa1/0x170 [ 20.984063][ T1892] ? do_swap_page+0x1530/0x1530 [ 20.988890][ T1892] alloc_slab_page+0x3f/0x390 [ 20.993549][ T1892] new_slab+0x98/0x430 [ 20.997670][ T1892] ___slab_alloc+0x2e0/0x450 [ 21.002269][ T1892] ? __should_failslab+0x90/0x160 [ 21.007284][ T1892] ? getname_flags+0xba/0x640 [ 21.011950][ T1892] ? kzalloc+0x26/0x40 [ 21.016010][ T1892] ? __should_failslab+0x90/0x160 [ 21.021015][ T1892] ? getname_flags+0xba/0x640 [ 21.025669][ T1892] kmem_cache_alloc+0x203/0x2b0 [ 21.030496][ T1892] getname_flags+0xba/0x640 [ 21.034973][ T1892] ? __put_user_ns+0x60/0x60 [ 21.039549][ T1892] user_path_at_empty+0x2d/0x50 [ 21.044374][ T1892] do_faccessat+0x2f3/0x7f0 [ 21.048853][ T1892] ? __ia32_sys_fallocate+0x110/0x110 [ 21.054226][ T1892] __x64_sys_access+0x5f/0x70 [ 21.058877][ T1892] do_syscall_64+0xc0/0x100 [ 21.063357][ T1892] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.069239][ T1892] RIP: 0033:0x7fe511b1f267 [ 21.073630][ T1892] Code: 73 01 c3 48 8d 0d 3d af 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 90 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 0d af 20 00 31 d2 48 29 c2 89 [ 21.093210][ T1892] RSP: 002b:00007ffc09be3358 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 21.101617][ T1892] RAX: ffffffffffffffda RBX: 00007fe511d2a1c8 RCX: 00007fe511b1f267 executing program [ 21.109583][ T1892] RDX: 00007fe511b09158 RSI: 0000000000000004 RDI: 00007fe511b25e30 [ 21.117531][ T1892] RBP: 00007ffc09be34b0 R08: 00007fe511d2a770 R09: 0000000000000050 [ 21.125478][ T1892] R10: ffffffffffffffb0 R11: 0000000000000246 R12: 0000000000000000 [ 21.133440][ T1892] R13: 00007ffc09bec348 R14: 00007fe511d2abc8 R15: 0000000000000000 [ 21.141425][ T1894] raw: 0000000000000000 0000000000070007 00000000ffffffff 0000000000000000 [ 21.151218][ T1894] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 21.159058][ T1894] bad because of flags: 0x200(slab) [ 21.164292][ T1894] Modules linked in: [ 21.168213][ T1894] CPU: 1 PID: 1894 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 21.179748][ T1894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.189776][ T1894] Call Trace: [ 21.193044][ T1894] dump_stack+0x1b0/0x228 [ 21.197364][ T1894] ? is_module_text_address+0x130/0x130 [ 21.202887][ T1894] ? show_regs_print_info+0x18/0x18 [ 21.208140][ T1894] bad_page+0x262/0x290 [ 21.212272][ T1894] ? is_free_buddy_page+0x190/0x190 [ 21.217446][ T1894] __free_pages_ok+0x759/0xd80 [ 21.222181][ T1894] ? __kasan_check_read+0x11/0x20 [ 21.227193][ T1894] ? set_pageblock_migratetype+0x150/0x150 [ 21.232970][ T1894] free_compound_page+0x67/0x90 [ 21.237800][ T1894] __put_page+0xf7/0x120 [ 21.242015][ T1894] do_exit+0x1d53/0x26f0 [ 21.246236][ T1894] ? mm_update_next_owner+0x5f0/0x5f0 [ 21.251762][ T1894] ? do_user_addr_fault+0x6b7/0xb50 [ 21.256936][ T1894] do_group_exit+0x153/0x2a0 [ 21.261532][ T1894] __do_sys_exit_group+0x17/0x20 [ 21.266443][ T1894] __se_sys_exit_group+0x14/0x20 [ 21.271351][ T1894] __x64_sys_exit_group+0x3b/0x40 [ 21.276359][ T1894] do_syscall_64+0xc0/0x100 [ 21.280834][ T1894] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.286696][ T1894] RIP: 0033:0x440d78 [ 21.290562][ T1894] Code: 68 20 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 00 49 6e 76 61 6c 69 64 20 22 24 4d 61 69 6e 4d 73 67 51 75 65 75 65 57 6f <72> 6b 65 72 54 68 72 65 61 64 4d 69 6e 69 6d 75 6d 4d 65 73 73 61 [ 21.310150][ T1894] RSP: 002b:00007ffcd5dfe3b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 21.318596][ T1894] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440d78 [ 21.326571][ T1894] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 21.334533][ T1894] RBP: 00000000004c6c10 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 21.342512][ T1894] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001 [ 21.350503][ T1894] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 21.359468][ T1882] BUG: Bad page state in process syz-executor111 pfn:1cfd88 [ 21.366862][ T1882] page:ffffea00073f6200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 21.376027][ T1882] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 21.384678][ T1882] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 21.393228][ T1882] page dumped because: nonzero _refcount [ 21.398827][ T1882] Modules linked in: [ 21.402696][ T1882] CPU: 0 PID: 1882 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 21.414215][ T1882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.424278][ T1882] Call Trace: [ 21.427592][ T1882] dump_stack+0x1b0/0x228 [ 21.431896][ T1882] ? is_module_text_address+0x130/0x130 [ 21.437449][ T1882] ? show_regs_print_info+0x18/0x18 [ 21.442644][ T1882] bad_page+0x262/0x290 [ 21.446773][ T1882] ? _raw_spin_lock+0x170/0x170 [ 21.451690][ T1882] ? is_free_buddy_page+0x190/0x190 [ 21.456859][ T1882] ? __kasan_check_read+0x11/0x20 [ 21.461855][ T1882] ? __zone_watermark_ok+0x9b/0x270 [ 21.467038][ T1882] get_page_from_freelist+0x505a/0x57e0 [ 21.472577][ T1882] ? invalidate_inode_page+0x260/0x260 [ 21.478018][ T1882] ? __kasan_check_read+0x11/0x20 [ 21.483014][ T1882] ? __kasan_check_write+0x14/0x20 [ 21.488114][ T1882] ? __read_once_size_nocheck+0x10/0x10 [ 21.493645][ T1882] ? unwind_next_frame+0x415/0x870 [ 21.498726][ T1882] ? __rcu_read_lock+0x50/0x50 [ 21.503462][ T1882] ? unwind_next_frame+0x415/0x870 [ 21.508540][ T1882] ? __alloc_pages_nodemask+0x3010/0x3010 [ 21.514228][ T1882] ? 0xffffffffa0018000 [ 21.518355][ T1882] __alloc_pages_nodemask+0x44f/0x3010 [ 21.523786][ T1882] ? arch_stack_walk+0x98/0xe0 [ 21.528534][ T1882] ? stack_trace_save+0x111/0x1e0 [ 21.533629][ T1882] ? stack_trace_snprint+0x150/0x150 [ 21.538884][ T1882] ? stack_trace_save+0x111/0x1e0 [ 21.543895][ T1882] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 21.549410][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 21.554330][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 21.559233][ T1882] ? kasan_kmalloc+0x9/0x10 [ 21.563704][ T1882] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 21.569147][ T1882] ? alloc_fdtable+0x98/0x290 [ 21.573793][ T1882] ? dup_fd+0x7ad/0xb60 [ 21.577949][ T1882] ? copy_process+0x1725/0x52d0 [ 21.582781][ T1882] ? _do_fork+0x185/0x950 [ 21.587090][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 21.592147][ T1882] ? do_syscall_64+0xc0/0x100 [ 21.596814][ T1882] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.602853][ T1882] ? dup_fd+0x6f/0xb60 [ 21.606901][ T1882] ? copy_process+0x1725/0x52d0 [ 21.611721][ T1882] ? _do_fork+0x185/0x950 [ 21.616033][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 21.620939][ T1882] ? do_syscall_64+0xc0/0x100 [ 21.625600][ T1882] ? __rcu_read_lock+0x50/0x50 [ 21.630336][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 21.635347][ T1882] alloc_slab_page+0x3f/0x390 [ 21.640011][ T1882] new_slab+0x98/0x430 [ 21.644052][ T1882] ___slab_alloc+0x2e0/0x450 [ 21.648640][ T1882] ? kvmalloc_node+0xc6/0x120 [ 21.653288][ T1882] ? memcpy+0x49/0x60 [ 21.657240][ T1882] ? __should_failslab+0x90/0x160 [ 21.662248][ T1882] ? kvmalloc_node+0xc6/0x120 [ 21.666907][ T1882] __kmalloc+0x26d/0x310 [ 21.671134][ T1882] kvmalloc_node+0xc6/0x120 [ 21.675607][ T1882] alloc_fdtable+0xe3/0x290 [ 21.680532][ T1882] dup_fd+0x7ad/0xb60 [ 21.684499][ T1882] ? perf_event_attrs+0x30/0x30 [ 21.689321][ T1882] ? selinux_task_alloc+0x95/0xb0 [ 21.694313][ T1882] copy_process+0x1725/0x52d0 [ 21.698980][ T1882] ? kernel_wait4+0x380/0x380 [ 21.703628][ T1882] ? fork_idle+0x290/0x290 [ 21.708037][ T1882] ? put_pid+0x89/0xe0 [ 21.712093][ T1882] ? __ia32_sys_waitid+0xd0/0xd0 [ 21.717013][ T1882] ? do_nanosleep+0x58b/0x6b0 [ 21.721666][ T1882] _do_fork+0x185/0x950 [ 21.725812][ T1882] ? dup_mm+0x330/0x330 [ 21.729962][ T1882] ? __x64_sys_wait4+0x168/0x1c0 [ 21.734870][ T1882] ? do_wait+0x890/0x890 [ 21.739082][ T1882] __x64_sys_clone+0x247/0x2b0 [ 21.743830][ T1882] ? __ia32_sys_vfork+0x110/0x110 [ 21.748830][ T1882] ? syscall_return_slowpath+0x6f/0x500 [ 21.754809][ T1882] do_syscall_64+0xc0/0x100 [ 21.759289][ T1882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.765153][ T1882] RIP: 0033:0x440aca [ 21.769019][ T1882] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 21.788798][ T1882] RSP: 002b:00007ffcd5dfe3d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 21.797198][ T1882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440aca [ 21.805144][ T1882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 executing program [ 21.813138][ T1882] RBP: 00007ffcd5dfe3f0 R08: 0000000000000001 R09: 00000000015b0880 [ 21.821085][ T1882] R10: 00000000015b0b50 R11: 0000000000000246 R12: 0000000000000001 [ 21.829030][ T1882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 21.840694][ T1898] BUG: Bad page state in process syz-executor111 pfn:1d03d8 [ 21.848059][ T1898] page:ffffea000740f600 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 21.857830][ T1898] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 21.866387][ T1898] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 21.874941][ T1898] page dumped because: nonzero _refcount [ 21.880587][ T1898] Modules linked in: [ 21.884465][ T1898] CPU: 1 PID: 1898 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 21.895968][ T1898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.906022][ T1898] Call Trace: [ 21.909310][ T1898] dump_stack+0x1b0/0x228 [ 21.913634][ T1898] ? is_module_text_address+0x130/0x130 [ 21.919178][ T1898] ? show_regs_print_info+0x18/0x18 [ 21.924367][ T1898] bad_page+0x262/0x290 [ 21.928497][ T1898] ? _raw_spin_lock+0x170/0x170 [ 21.933337][ T1898] ? is_free_buddy_page+0x190/0x190 [ 21.938519][ T1898] ? __kasan_check_read+0x11/0x20 [ 21.943534][ T1898] ? __zone_watermark_ok+0x9b/0x270 [ 21.948707][ T1898] get_page_from_freelist+0x505a/0x57e0 [ 21.954233][ T1898] ? __kasan_check_read+0x11/0x20 [ 21.959231][ T1898] ? __alloc_pages_nodemask+0x52d/0x3010 [ 21.964836][ T1898] ? __alloc_pages_nodemask+0x3010/0x3010 [ 21.970534][ T1898] ? __rcu_read_lock+0x50/0x50 [ 21.975320][ T1898] ? unwind_next_frame+0x415/0x870 [ 21.980408][ T1898] __alloc_pages_nodemask+0x44f/0x3010 [ 21.985882][ T1898] ? unlock_page_memcg+0xe6/0x100 [ 21.990878][ T1898] ? page_add_file_rmap+0x4b/0x1f0 [ 21.996094][ T1898] ? page_add_file_rmap+0x176/0x1f0 [ 22.001271][ T1898] ? __rcu_read_lock+0x50/0x50 [ 22.006027][ T1898] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.011569][ T1898] ? filemap_map_pages+0x10aa/0x1120 [ 22.016830][ T1898] ? filemap_fault+0x19b0/0x19b0 [ 22.021752][ T1898] alloc_slab_page+0x3f/0x390 [ 22.026400][ T1898] new_slab+0x98/0x430 [ 22.030460][ T1898] ? handle_mm_fault+0xb2f/0x41c0 [ 22.035455][ T1898] ___slab_alloc+0x2e0/0x450 [ 22.040044][ T1898] ? getname_flags+0xba/0x640 [ 22.044703][ T1898] ? __should_failslab+0x90/0x160 [ 22.049698][ T1898] ? getname_flags+0xba/0x640 [ 22.054348][ T1898] kmem_cache_alloc+0x203/0x2b0 [ 22.059395][ T1898] getname_flags+0xba/0x640 [ 22.063886][ T1898] getname+0x19/0x20 [ 22.067756][ T1898] do_sys_open+0x32a/0x7a0 [ 22.072150][ T1898] ? file_open_root+0x440/0x440 [ 22.077002][ T1898] ? __kasan_check_read+0x11/0x20 [ 22.082026][ T1898] ? do_user_addr_fault+0x6b7/0xb50 [ 22.087198][ T1898] __x64_sys_open+0x87/0x90 [ 22.091672][ T1898] do_syscall_64+0xc0/0x100 [ 22.096146][ T1898] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.102017][ T1898] RIP: 0033:0x401e60 [ 22.105923][ T1898] Code: 48 83 c4 08 48 3d 01 f0 ff ff 0f 83 ba 0b 00 00 c3 66 0f 1f 84 00 00 00 00 00 83 3d cd 8c 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 94 0b 00 00 c3 48 83 ec 08 e8 fa 00 00 00 [ 22.125515][ T1898] RSP: 002b:00007ffcd5dfdee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 22.133898][ T1898] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000401e60 [ 22.141863][ T1898] RDX: 00007ffcd5dfdf14 RSI: 0000000000080001 RDI: 00000000004a8fad [ 22.149805][ T1898] RBP: 00007ffcd5dfdf10 R08: 0000000000000000 R09: 0000000000000004 executing program [ 22.157767][ T1898] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a8fad [ 22.165710][ T1898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.175878][ T1882] BUG: Bad page state in process syz-executor111 pfn:1d0338 [ 22.183249][ T1882] page:ffffea000740ce00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 22.192414][ T1882] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 22.200969][ T1882] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 22.209520][ T1882] page dumped because: nonzero _refcount [ 22.215121][ T1882] Modules linked in: [ 22.219006][ T1882] CPU: 0 PID: 1882 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 22.230522][ T1882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.240558][ T1882] Call Trace: [ 22.243845][ T1882] dump_stack+0x1b0/0x228 [ 22.248166][ T1882] ? is_module_text_address+0x130/0x130 [ 22.253704][ T1882] ? show_regs_print_info+0x18/0x18 [ 22.258893][ T1882] bad_page+0x262/0x290 [ 22.263025][ T1882] ? _raw_spin_lock+0x170/0x170 [ 22.267846][ T1882] ? is_free_buddy_page+0x190/0x190 [ 22.273017][ T1882] ? __kasan_check_read+0x11/0x20 [ 22.278011][ T1882] ? __zone_watermark_ok+0x9b/0x270 [ 22.283182][ T1882] get_page_from_freelist+0x505a/0x57e0 [ 22.288712][ T1882] ? __read_once_size_nocheck+0x10/0x10 [ 22.294229][ T1882] ? unwind_next_frame+0x415/0x870 [ 22.299316][ T1882] ? __rcu_read_lock+0x50/0x50 [ 22.304079][ T1882] ? unwind_next_frame+0x415/0x870 [ 22.309169][ T1882] ? __alloc_pages_nodemask+0x3010/0x3010 [ 22.314874][ T1882] ? 0xffffffffa0010000 [ 22.319002][ T1882] __alloc_pages_nodemask+0x44f/0x3010 [ 22.324447][ T1882] ? arch_stack_walk+0x98/0xe0 [ 22.329188][ T1882] ? stack_trace_save+0x111/0x1e0 [ 22.334186][ T1882] ? stack_trace_snprint+0x150/0x150 [ 22.339468][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 22.344380][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 22.349308][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 22.354044][ T1882] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.359563][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 22.364475][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 22.369384][ T1882] ? copy_process+0x1852/0x52d0 [ 22.374313][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 22.379232][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 22.383970][ T1882] ? kmem_cache_alloc+0x120/0x2b0 [ 22.388967][ T1882] ? copy_process+0x1ac8/0x52d0 [ 22.393790][ T1882] ? _do_fork+0x185/0x950 [ 22.398112][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 22.403032][ T1882] ? do_syscall_64+0xc0/0x100 [ 22.407683][ T1882] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.413822][ T1882] ? avc_denied+0x1b0/0x1b0 [ 22.418301][ T1882] alloc_slab_page+0x3f/0x390 [ 22.423057][ T1882] new_slab+0x98/0x430 [ 22.427101][ T1882] ___slab_alloc+0x2e0/0x450 [ 22.431679][ T1882] ? dup_mm+0x29/0x330 [ 22.435723][ T1882] ? __should_failslab+0x90/0x160 [ 22.440737][ T1882] ? dup_mm+0x29/0x330 [ 22.444784][ T1882] kmem_cache_alloc+0x203/0x2b0 [ 22.449610][ T1882] ? sched_autogroup_detach+0x20/0x20 [ 22.454960][ T1882] dup_mm+0x29/0x330 [ 22.458843][ T1882] copy_process+0x2116/0x52d0 [ 22.463498][ T1882] ? kernel_wait4+0x380/0x380 [ 22.468148][ T1882] ? fork_idle+0x290/0x290 [ 22.473525][ T1882] ? put_pid+0x89/0xe0 [ 22.477675][ T1882] ? __ia32_sys_waitid+0xd0/0xd0 [ 22.482590][ T1882] ? do_nanosleep+0x58b/0x6b0 [ 22.487260][ T1882] _do_fork+0x185/0x950 [ 22.491408][ T1882] ? dup_mm+0x330/0x330 [ 22.495539][ T1882] ? __x64_sys_wait4+0x168/0x1c0 [ 22.500452][ T1882] ? do_wait+0x890/0x890 [ 22.504685][ T1882] __x64_sys_clone+0x247/0x2b0 [ 22.509423][ T1882] ? __ia32_sys_vfork+0x110/0x110 [ 22.514448][ T1882] ? syscall_return_slowpath+0x6f/0x500 [ 22.519963][ T1882] do_syscall_64+0xc0/0x100 [ 22.524444][ T1882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.530313][ T1882] RIP: 0033:0x440aca [ 22.534184][ T1882] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 22.553781][ T1882] RSP: 002b:00007ffcd5dfe3d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 executing program executing program [ 22.562169][ T1882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440aca [ 22.570116][ T1882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 22.578076][ T1882] RBP: 00007ffcd5dfe3f0 R08: 0000000000000001 R09: 00000000015b0880 [ 22.586023][ T1882] R10: 00000000015b0b50 R11: 0000000000000246 R12: 0000000000000001 [ 22.593985][ T1882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.605750][ T1900] BUG: Bad page state in process syz-executor111 pfn:1cf600 [ 22.613119][ T1900] page:ffffea00073d8000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 22.622300][ T1900] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 22.630873][ T1900] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 22.639431][ T1900] page dumped because: nonzero _refcount [ 22.645043][ T1900] Modules linked in: [ 22.648912][ T1900] CPU: 1 PID: 1900 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 22.660419][ T1900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.670447][ T1900] Call Trace: [ 22.673747][ T1900] dump_stack+0x1b0/0x228 [ 22.678051][ T1900] ? is_module_text_address+0x130/0x130 [ 22.683595][ T1900] ? show_regs_print_info+0x18/0x18 [ 22.688765][ T1900] bad_page+0x262/0x290 [ 22.693012][ T1900] ? _raw_spin_lock+0x170/0x170 [ 22.697837][ T1900] ? is_free_buddy_page+0x190/0x190 [ 22.703132][ T1900] ? __kasan_check_read+0x11/0x20 [ 22.708258][ T1900] ? __zone_watermark_ok+0x9b/0x270 [ 22.713482][ T1900] get_page_from_freelist+0x505a/0x57e0 [ 22.719027][ T1900] ? unwind_next_frame+0x415/0x870 [ 22.724111][ T1900] ? __rcu_read_lock+0x50/0x50 [ 22.728843][ T1900] ? unwind_next_frame+0x415/0x870 [ 22.733923][ T1900] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 22.739889][ T1900] ? 0xffffffffa0020000 [ 22.744032][ T1900] ? is_bpf_text_address+0x2c8/0x2e0 [ 22.749302][ T1900] ? stack_trace_save+0x1e0/0x1e0 [ 22.754348][ T1900] ? __kernel_text_address+0x9a/0x110 [ 22.759695][ T1900] ? unwind_get_return_address+0x4c/0x90 [ 22.766087][ T1900] ? arch_stack_walk+0x98/0xe0 [ 22.770828][ T1900] ? __alloc_pages_nodemask+0x3010/0x3010 [ 22.776520][ T1900] ? stack_trace_save+0x111/0x1e0 [ 22.781518][ T1900] __alloc_pages_nodemask+0x44f/0x3010 [ 22.786967][ T1900] ? __kasan_slab_free+0x168/0x220 [ 22.792050][ T1900] ? skb_release_data+0x536/0x690 [ 22.797065][ T1900] ? __kfree_skb+0x134/0x180 [ 22.801625][ T1900] ? __kasan_slab_free+0x1e2/0x220 [ 22.806746][ T1900] ? __kasan_slab_free+0x168/0x220 [ 22.811853][ T1900] ? netlink_sendmsg+0x9a7/0xd40 [ 22.816770][ T1900] ? __sys_sendmsg+0x26a/0x350 [ 22.821509][ T1900] ? __x64_sys_sendmsg+0x7f/0x90 [ 22.826449][ T1900] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.832503][ T1900] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 22.837848][ T1900] ? rhashtable_jhash2+0x1f1/0x330 [ 22.842970][ T1900] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.848495][ T1900] ? rht_key_hashfn+0x157/0x240 [ 22.853332][ T1900] ? deferred_put_nlk_sk+0x200/0x200 [ 22.858588][ T1900] ? __alloc_skb+0x109/0x540 [ 22.863150][ T1900] ? jhash+0x750/0x750 [ 22.867191][ T1900] ? netlink_hash+0xd0/0xd0 [ 22.871667][ T1900] ? avc_has_perm+0x15f/0x260 [ 22.876317][ T1900] ? skb_release_data+0x536/0x690 [ 22.881314][ T1900] ? __rcu_read_lock+0x50/0x50 [ 22.886053][ T1900] skb_page_frag_refill+0x11d/0x3b0 [ 22.891221][ T1900] tun_get_user+0x69a/0x3d10 [ 22.895907][ T1900] ? tun_do_read+0x1f10/0x1f10 [ 22.900643][ T1900] ? netlink_detachskb+0x60/0x60 [ 22.906410][ T1900] ? put_pid+0x82/0xe0 [ 22.910453][ T1900] ? netlink_sendmsg+0xa28/0xd40 [ 22.915406][ T1900] ? __rcu_read_lock+0x50/0x50 [ 22.920142][ T1900] ? netlink_getsockopt+0x900/0x900 [ 22.925333][ T1900] tun_chr_write_iter+0x134/0x1c0 [ 22.930333][ T1900] do_iter_readv_writev+0x5fa/0x890 [ 22.935528][ T1900] ? vfs_dedupe_file_range+0xa00/0xa00 [ 22.940962][ T1900] ? security_file_permission+0x157/0x350 [ 22.946665][ T1900] ? rw_verify_area+0x1c2/0x360 [ 22.951504][ T1900] do_iter_write+0x180/0x590 [ 22.956078][ T1900] do_writev+0x2cd/0x560 [ 22.960303][ T1900] ? do_readv+0x400/0x400 [ 22.964612][ T1900] ? __up_read+0x6f/0x1b0 [ 22.968928][ T1900] ? __down_read+0x240/0x240 [ 22.973549][ T1900] ? __kasan_check_read+0x11/0x20 [ 22.978554][ T1900] __x64_sys_writev+0x7d/0x90 [ 22.983205][ T1900] do_syscall_64+0xc0/0x100 [ 22.987729][ T1900] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.993619][ T1900] RIP: 0033:0x4420c0 [ 22.997489][ T1900] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 31 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 executing program [ 23.017068][ T1900] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 23.025504][ T1900] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004420c0 [ 23.033459][ T1900] RDX: 0000000000000001 RSI: 00007ffcd5dfe440 RDI: 00000000000000f0 [ 23.041402][ T1900] RBP: 0000000000000000 R08: 00000000000051f4 R09: 00000000bb1414ac [ 23.049343][ T1900] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000005842 [ 23.057287][ T1900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.067126][ T1901] BUG: Bad page state in process syz-executor111 pfn:1cf548 [ 23.074514][ T1901] page:ffffea00073d5200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 23.083684][ T1901] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.092343][ T1901] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 23.100908][ T1901] page dumped because: nonzero _refcount [ 23.106561][ T1901] Modules linked in: [ 23.110433][ T1901] CPU: 1 PID: 1901 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 23.122018][ T1901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.132107][ T1901] Call Trace: [ 23.135377][ T1901] dump_stack+0x1b0/0x228 [ 23.139676][ T1901] ? is_module_text_address+0x130/0x130 [ 23.145214][ T1901] ? show_regs_print_info+0x18/0x18 [ 23.150386][ T1901] bad_page+0x262/0x290 [ 23.154513][ T1901] ? _raw_spin_lock+0x170/0x170 [ 23.159337][ T1901] ? is_free_buddy_page+0x190/0x190 [ 23.164530][ T1901] ? __kasan_check_read+0x11/0x20 [ 23.169536][ T1901] ? __zone_watermark_ok+0x9b/0x270 [ 23.174706][ T1901] get_page_from_freelist+0x505a/0x57e0 [ 23.181098][ T1901] ? __read_once_size_nocheck+0x10/0x10 [ 23.186659][ T1901] ? unwind_next_frame+0x415/0x870 [ 23.191758][ T1901] ? __rcu_read_lock+0x50/0x50 [ 23.196501][ T1901] ? unwind_next_frame+0x415/0x870 [ 23.201601][ T1901] ? __alloc_pages_nodemask+0x3010/0x3010 [ 23.207300][ T1901] ? 0xffffffffa0020000 [ 23.211430][ T1901] __alloc_pages_nodemask+0x44f/0x3010 [ 23.216865][ T1901] ? __kasan_check_read+0x11/0x20 [ 23.221858][ T1901] ? prep_new_page+0x13a/0x3a0 [ 23.226589][ T1901] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.232103][ T1901] ? get_page_from_freelist+0x5426/0x57e0 [ 23.237795][ T1901] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 23.243836][ T1901] alloc_slab_page+0x3f/0x390 [ 23.248529][ T1901] new_slab+0x98/0x430 [ 23.252576][ T1901] ___slab_alloc+0x2e0/0x450 [ 23.257135][ T1901] ? bpf_check+0x136/0xe7b0 [ 23.261635][ T1901] ? __should_failslab+0x90/0x160 [ 23.266646][ T1901] ? bpf_check+0x136/0xe7b0 [ 23.271122][ T1901] kmem_cache_alloc_trace+0x23f/0x2f0 [ 23.276483][ T1901] bpf_check+0x136/0xe7b0 [ 23.280805][ T1901] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 23.286768][ T1901] ? 0xffffffffa0020000 [ 23.290912][ T1901] ? is_bpf_text_address+0x2c8/0x2e0 [ 23.296182][ T1901] ? stack_trace_save+0x1e0/0x1e0 [ 23.301275][ T1901] ? __kernel_text_address+0x9a/0x110 [ 23.306628][ T1901] ? unwind_get_return_address+0x4c/0x90 [ 23.312232][ T1901] ? arch_stack_walk+0x98/0xe0 [ 23.316966][ T1901] ? stack_trace_save+0x111/0x1e0 [ 23.321959][ T1901] ? stack_trace_snprint+0x150/0x150 [ 23.327212][ T1901] ? stack_trace_snprint+0x150/0x150 [ 23.332483][ T1901] ? bpf_verifier_log_write+0x230/0x230 [ 23.338000][ T1901] ? __kasan_kmalloc+0x179/0x1b0 [ 23.342905][ T1901] ? __kasan_kmalloc+0x117/0x1b0 [ 23.347810][ T1901] ? kasan_kmalloc+0x9/0x10 [ 23.352283][ T1901] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 23.357710][ T1901] ? selinux_bpf_prog_alloc+0x51/0x150 [ 23.363136][ T1901] ? security_bpf_prog_alloc+0x50/0xb0 [ 23.368564][ T1901] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 23.373403][ T1901] ? __x64_sys_bpf+0x7a/0x90 [ 23.378506][ T1901] ? do_syscall_64+0xc0/0x100 [ 23.383157][ T1901] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.389191][ T1901] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.394720][ T1901] ? pcpu_next_fit_region+0x64e/0x7d0 [ 23.400059][ T1901] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 23.406093][ T1901] ? pcpu_alloc_area+0x7eb/0x940 [ 23.411006][ T1901] ? find_next_bit+0xd8/0x120 [ 23.415671][ T1901] ? cpumask_next+0x11/0x30 [ 23.420153][ T1901] ? __should_failslab+0x90/0x160 [ 23.425166][ T1901] ? selinux_bpf_prog_alloc+0x51/0x150 [ 23.430611][ T1901] ? kasan_kmalloc+0x9/0x10 [ 23.435098][ T1901] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 23.440530][ T1901] ? memset+0x31/0x40 [ 23.444483][ T1901] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 23.449562][ T1901] __do_sys_bpf+0x80a8/0xbbc0 [ 23.454212][ T1901] ? wp_page_copy+0xd24/0x10e0 [ 23.458961][ T1901] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.464493][ T1901] ? __rcu_read_lock+0x50/0x50 [ 23.469225][ T1901] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 23.475001][ T1901] ? __bpf_prog_put_rcu+0x350/0x350 [ 23.480256][ T1901] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 23.485770][ T1901] ? mem_cgroup_from_task+0x60/0x60 [ 23.490953][ T1901] ? __kasan_check_read+0x11/0x20 [ 23.495959][ T1901] ? __lru_cache_add+0x1ae/0x200 [ 23.500865][ T1901] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 23.507421][ T1901] ? _raw_spin_unlock+0x9/0x20 [ 23.512153][ T1901] ? handle_mm_fault+0xb2f/0x41c0 [ 23.517145][ T1901] ? alloc_file+0x84/0x4b0 [ 23.521530][ T1901] ? finish_fault+0x230/0x230 [ 23.526172][ T1901] ? __kasan_check_write+0x14/0x20 [ 23.531269][ T1901] ? __up_read+0x6f/0x1b0 [ 23.535569][ T1901] ? __down_read+0x240/0x240 [ 23.540129][ T1901] __x64_sys_bpf+0x7a/0x90 [ 23.544523][ T1901] do_syscall_64+0xc0/0x100 [ 23.549010][ T1901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.554879][ T1901] RIP: 0033:0x4421c9 [ 23.558760][ T1901] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 23.578335][ T1901] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 23.586803][ T1901] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 23.594763][ T1901] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 23.602716][ T1901] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 23.610672][ T1901] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000005844 executing program [ 23.618613][ T1901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.628573][ T1902] BUG: Bad page state in process syz-executor111 pfn:1cf4d8 [ 23.635962][ T1902] page:ffffea00073d3600 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 23.645165][ T1902] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.653742][ T1902] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 23.662292][ T1902] page dumped because: nonzero _refcount [ 23.667905][ T1902] Modules linked in: [ 23.671776][ T1902] CPU: 0 PID: 1902 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 23.683296][ T1902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.693425][ T1902] Call Trace: [ 23.696710][ T1902] dump_stack+0x1b0/0x228 [ 23.701031][ T1902] ? is_module_text_address+0x130/0x130 [ 23.706556][ T1902] ? show_regs_print_info+0x18/0x18 [ 23.711750][ T1902] bad_page+0x262/0x290 [ 23.715875][ T1902] ? _raw_spin_lock+0x170/0x170 [ 23.720711][ T1902] ? is_free_buddy_page+0x190/0x190 [ 23.725881][ T1902] ? __kasan_check_read+0x11/0x20 [ 23.730922][ T1902] ? __zone_watermark_ok+0x9b/0x270 [ 23.736093][ T1902] get_page_from_freelist+0x505a/0x57e0 [ 23.741612][ T1902] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 23.747662][ T1902] ? 0xffffffffa0008000 [ 23.751811][ T1902] ? stack_trace_save+0x1e0/0x1e0 [ 23.756811][ T1902] ? __read_once_size_nocheck+0x10/0x10 [ 23.762325][ T1902] ? unwind_next_frame+0x415/0x870 [ 23.767409][ T1902] ? __alloc_pages_nodemask+0x3010/0x3010 [ 23.773097][ T1902] ? unwind_next_frame+0x415/0x870 [ 23.778179][ T1902] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 23.784130][ T1902] __alloc_pages_nodemask+0x44f/0x3010 [ 23.789561][ T1902] ? __kernel_text_address+0x9a/0x110 [ 23.794905][ T1902] ? arch_stack_walk+0x98/0xe0 [ 23.799663][ T1902] ? stack_trace_save+0x111/0x1e0 [ 23.804679][ T1902] ? stack_trace_snprint+0x150/0x150 [ 23.809987][ T1902] ? stack_trace_save+0x111/0x1e0 [ 23.814985][ T1902] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.820499][ T1902] ? stack_trace_snprint+0x150/0x150 [ 23.825780][ T1902] ? __kasan_kmalloc+0x179/0x1b0 [ 23.830701][ T1902] ? __kasan_kmalloc+0x117/0x1b0 [ 23.835634][ T1902] ? kasan_slab_alloc+0xe/0x10 [ 23.840367][ T1902] ? kmem_cache_alloc+0x120/0x2b0 [ 23.845378][ T1902] ? security_inode_alloc+0x36/0x1f0 [ 23.850648][ T1902] ? do_syscall_64+0xc0/0x100 [ 23.855296][ T1902] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.861350][ T1902] ? __kasan_kmalloc+0x117/0x1b0 [ 23.866257][ T1902] ? kasan_slab_alloc+0xe/0x10 [ 23.870989][ T1902] ? sock_alloc_inode+0x1b/0xc0 [ 23.875824][ T1902] ? new_inode_pseudo+0x68/0x240 [ 23.880734][ T1902] ? __sock_create+0x136/0x7b0 [ 23.885467][ T1902] ? __sys_socket+0x115/0x350 [ 23.890117][ T1902] ? __x64_sys_socket+0x7a/0x90 [ 23.894953][ T1902] alloc_slab_page+0x3f/0x390 [ 23.899619][ T1902] new_slab+0x98/0x430 [ 23.903663][ T1902] ? _raw_spin_lock+0x170/0x170 [ 23.908562][ T1902] ___slab_alloc+0x2e0/0x450 [ 23.913135][ T1902] ? sk_prot_alloc+0x11c/0x2f0 [ 23.917896][ T1902] ? __should_failslab+0x90/0x160 [ 23.922897][ T1902] ? sk_prot_alloc+0x11c/0x2f0 [ 23.927665][ T1902] __kmalloc+0x26d/0x310 [ 23.931909][ T1902] sk_prot_alloc+0x11c/0x2f0 [ 23.936514][ T1902] sk_alloc+0x35/0x300 [ 23.940670][ T1902] netlink_create+0x3ce/0x630 [ 23.945320][ T1902] ? rtnetlink_rcv+0x20/0x20 [ 23.949883][ T1902] __sock_create+0x3c6/0x7b0 [ 23.954448][ T1902] __sys_socket+0x115/0x350 [ 23.958925][ T1902] ? sock_create_kern+0x50/0x50 [ 23.963751][ T1902] ? __kasan_check_read+0x11/0x20 [ 23.968760][ T1902] __x64_sys_socket+0x7a/0x90 [ 23.973413][ T1902] do_syscall_64+0xc0/0x100 [ 23.977920][ T1902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.983831][ T1902] RIP: 0033:0x4421c9 [ 23.987701][ T1902] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 24.007550][ T1902] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 executing program [ 24.015931][ T1902] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 24.023876][ T1902] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 24.031851][ T1902] RBP: 0000000000000000 R08: 0000000000000004 R09: 00000000bb1414ac [ 24.039817][ T1902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000005a12 [ 24.047893][ T1902] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.059550][ T1903] BUG: Bad page state in process syz-executor111 pfn:1cfe90 [ 24.066939][ T1903] page:ffffea00073fa400 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 24.076117][ T1903] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 24.084680][ T1903] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 24.093249][ T1903] page dumped because: nonzero _refcount [ 24.098846][ T1903] Modules linked in: [ 24.102732][ T1903] CPU: 1 PID: 1903 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 24.114273][ T1903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.124299][ T1903] Call Trace: [ 24.127566][ T1903] dump_stack+0x1b0/0x228 [ 24.131884][ T1903] ? is_module_text_address+0x130/0x130 [ 24.137398][ T1903] ? show_regs_print_info+0x18/0x18 [ 24.142567][ T1903] bad_page+0x262/0x290 [ 24.146695][ T1903] ? _raw_spin_lock+0x170/0x170 [ 24.151535][ T1903] ? is_free_buddy_page+0x190/0x190 [ 24.156720][ T1903] ? __kasan_check_read+0x11/0x20 [ 24.161714][ T1903] ? __zone_watermark_ok+0x9b/0x270 [ 24.166902][ T1903] get_page_from_freelist+0x505a/0x57e0 [ 24.172439][ T1903] ? unwind_next_frame+0x415/0x870 [ 24.177537][ T1903] ? __rcu_read_lock+0x50/0x50 [ 24.182287][ T1903] ? unwind_next_frame+0x415/0x870 [ 24.187367][ T1903] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 24.193419][ T1903] ? 0xffffffffa0028000 [ 24.197560][ T1903] ? is_bpf_text_address+0x2c8/0x2e0 [ 24.202821][ T1903] ? stack_trace_save+0x1e0/0x1e0 [ 24.207824][ T1903] ? __kernel_text_address+0x9a/0x110 [ 24.213215][ T1903] ? unwind_get_return_address+0x4c/0x90 [ 24.218815][ T1903] ? arch_stack_walk+0x98/0xe0 [ 24.223546][ T1903] ? __alloc_pages_nodemask+0x3010/0x3010 [ 24.229234][ T1903] ? stack_trace_save+0x111/0x1e0 [ 24.234284][ T1903] __alloc_pages_nodemask+0x44f/0x3010 [ 24.239739][ T1903] ? __kasan_slab_free+0x168/0x220 [ 24.244821][ T1903] ? skb_release_data+0x536/0x690 [ 24.249828][ T1903] ? __kfree_skb+0x134/0x180 [ 24.254388][ T1903] ? __kasan_slab_free+0x1e2/0x220 [ 24.259473][ T1903] ? __kasan_slab_free+0x168/0x220 [ 24.264580][ T1903] ? netlink_sendmsg+0x9a7/0xd40 [ 24.269489][ T1903] ? __sys_sendmsg+0x26a/0x350 [ 24.274228][ T1903] ? __x64_sys_sendmsg+0x7f/0x90 [ 24.279149][ T1903] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.285186][ T1903] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 24.290528][ T1903] ? rhashtable_jhash2+0x1f1/0x330 [ 24.295622][ T1903] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 24.301136][ T1903] ? rht_key_hashfn+0x157/0x240 [ 24.306051][ T1903] ? deferred_put_nlk_sk+0x200/0x200 [ 24.311304][ T1903] ? __alloc_skb+0x109/0x540 [ 24.315876][ T1903] ? jhash+0x750/0x750 [ 24.319962][ T1903] ? netlink_hash+0xd0/0xd0 [ 24.324440][ T1903] ? avc_has_perm+0x15f/0x260 [ 24.329085][ T1903] ? skb_release_data+0x536/0x690 [ 24.334079][ T1903] ? __rcu_read_lock+0x50/0x50 [ 24.338814][ T1903] skb_page_frag_refill+0x11d/0x3b0 [ 24.343983][ T1903] tun_get_user+0x69a/0x3d10 [ 24.348544][ T1903] ? tun_do_read+0x1f10/0x1f10 [ 24.353276][ T1903] ? netlink_detachskb+0x60/0x60 [ 24.358206][ T1903] ? put_pid+0x82/0xe0 [ 24.362244][ T1903] ? netlink_sendmsg+0xa28/0xd40 [ 24.367161][ T1903] ? __rcu_read_lock+0x50/0x50 [ 24.371900][ T1903] ? netlink_getsockopt+0x900/0x900 [ 24.377071][ T1903] tun_chr_write_iter+0x134/0x1c0 [ 24.382104][ T1903] do_iter_readv_writev+0x5fa/0x890 [ 24.387288][ T1903] ? vfs_dedupe_file_range+0xa00/0xa00 [ 24.392719][ T1903] ? security_file_permission+0x157/0x350 [ 24.398408][ T1903] ? rw_verify_area+0x1c2/0x360 [ 24.403256][ T1903] do_iter_write+0x180/0x590 [ 24.407832][ T1903] do_writev+0x2cd/0x560 [ 24.412048][ T1903] ? do_readv+0x400/0x400 [ 24.416367][ T1903] ? __up_read+0x6f/0x1b0 [ 24.420772][ T1903] ? __down_read+0x240/0x240 [ 24.425333][ T1903] ? __kasan_check_read+0x11/0x20 [ 24.430330][ T1903] __x64_sys_writev+0x7d/0x90 [ 24.434979][ T1903] do_syscall_64+0xc0/0x100 [ 24.439455][ T1903] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.445330][ T1903] RIP: 0033:0x4420c0 [ 24.449221][ T1903] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 31 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 executing program [ 24.468795][ T1903] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 24.477179][ T1903] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004420c0 [ 24.485123][ T1903] RDX: 0000000000000001 RSI: 00007ffcd5dfe440 RDI: 00000000000000f0 [ 24.493066][ T1903] RBP: 0000000000000000 R08: 00000000000051f4 R09: 00000000bb1414ac [ 24.501011][ T1903] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000005c44 [ 24.508966][ T1903] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.518985][ T1904] BUG: Bad page state in process syz-executor111 pfn:1cfdb8 [ 24.526351][ T1904] page:ffffea00073f6e00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 24.535531][ T1904] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 24.544086][ T1904] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 24.552649][ T1904] page dumped because: nonzero _refcount [ 24.558246][ T1904] Modules linked in: [ 24.562121][ T1904] CPU: 1 PID: 1904 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 24.573625][ T1904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.583666][ T1904] Call Trace: [ 24.586930][ T1904] dump_stack+0x1b0/0x228 [ 24.591263][ T1904] ? is_module_text_address+0x130/0x130 [ 24.596779][ T1904] ? show_regs_print_info+0x18/0x18 [ 24.602228][ T1904] bad_page+0x262/0x290 [ 24.606358][ T1904] ? _raw_spin_lock+0x170/0x170 [ 24.611177][ T1904] ? is_free_buddy_page+0x190/0x190 [ 24.616357][ T1904] ? __kasan_check_read+0x11/0x20 [ 24.621351][ T1904] ? __zone_watermark_ok+0x9b/0x270 [ 24.626519][ T1904] get_page_from_freelist+0x505a/0x57e0 [ 24.632061][ T1904] ? __read_once_size_nocheck+0x10/0x10 [ 24.637574][ T1904] ? unwind_next_frame+0x415/0x870 [ 24.642669][ T1904] ? __rcu_read_lock+0x50/0x50 [ 24.647401][ T1904] ? unwind_next_frame+0x415/0x870 [ 24.652505][ T1904] ? __alloc_pages_nodemask+0x3010/0x3010 [ 24.658194][ T1904] ? 0xffffffffa0028000 [ 24.662334][ T1904] __alloc_pages_nodemask+0x44f/0x3010 [ 24.667768][ T1904] ? __kasan_check_read+0x11/0x20 [ 24.672765][ T1904] ? prep_new_page+0x13a/0x3a0 [ 24.677501][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 24.683032][ T1904] ? get_page_from_freelist+0x5426/0x57e0 [ 24.688832][ T1904] ? __rcu_read_lock+0x50/0x50 [ 24.693598][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 24.699553][ T1904] alloc_slab_page+0x3f/0x390 [ 24.704217][ T1904] new_slab+0x98/0x430 [ 24.708265][ T1904] ___slab_alloc+0x2e0/0x450 [ 24.712830][ T1904] ? bpf_check+0x136/0xe7b0 [ 24.717307][ T1904] ? __should_failslab+0x90/0x160 [ 24.722301][ T1904] ? bpf_check+0x136/0xe7b0 [ 24.726776][ T1904] kmem_cache_alloc_trace+0x23f/0x2f0 [ 24.732164][ T1904] bpf_check+0x136/0xe7b0 [ 24.736511][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 24.742469][ T1904] ? 0xffffffffa0028000 [ 24.746618][ T1904] ? is_bpf_text_address+0x2c8/0x2e0 [ 24.751876][ T1904] ? stack_trace_save+0x1e0/0x1e0 [ 24.756900][ T1904] ? __kernel_text_address+0x9a/0x110 [ 24.762440][ T1904] ? unwind_get_return_address+0x4c/0x90 [ 24.768073][ T1904] ? arch_stack_walk+0x98/0xe0 [ 24.772831][ T1904] ? stack_trace_save+0x111/0x1e0 [ 24.777827][ T1904] ? stack_trace_snprint+0x150/0x150 [ 24.783082][ T1904] ? stack_trace_snprint+0x150/0x150 [ 24.788350][ T1904] ? bpf_verifier_log_write+0x230/0x230 [ 24.793877][ T1904] ? __kasan_kmalloc+0x179/0x1b0 [ 24.798815][ T1904] ? __kasan_kmalloc+0x117/0x1b0 [ 24.803725][ T1904] ? kasan_kmalloc+0x9/0x10 [ 24.808200][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 24.813656][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 24.819131][ T1904] ? security_bpf_prog_alloc+0x50/0xb0 [ 24.824563][ T1904] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 24.829407][ T1904] ? __x64_sys_bpf+0x7a/0x90 [ 24.833966][ T1904] ? do_syscall_64+0xc0/0x100 [ 24.838613][ T1904] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.844652][ T1904] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 24.850689][ T1904] ? pcpu_alloc_area+0x7eb/0x940 [ 24.855615][ T1904] ? find_next_bit+0xd8/0x120 [ 24.860277][ T1904] ? cpumask_next+0x11/0x30 [ 24.864752][ T1904] ? __should_failslab+0x90/0x160 [ 24.869762][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 24.875209][ T1904] ? kasan_kmalloc+0x9/0x10 [ 24.879688][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 24.885116][ T1904] ? memset+0x31/0x40 [ 24.889068][ T1904] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 24.894177][ T1904] __do_sys_bpf+0x80a8/0xbbc0 [ 24.898828][ T1904] ? wp_page_copy+0xd24/0x10e0 [ 24.903569][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 24.909085][ T1904] ? __rcu_read_lock+0x50/0x50 [ 24.913820][ T1904] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 24.919599][ T1904] ? __bpf_prog_put_rcu+0x350/0x350 [ 24.924783][ T1904] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 24.930327][ T1904] ? mem_cgroup_from_task+0x60/0x60 [ 24.935503][ T1904] ? __kasan_check_read+0x11/0x20 [ 24.940515][ T1904] ? __lru_cache_add+0x1ae/0x200 [ 24.945447][ T1904] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 24.952014][ T1904] ? _raw_spin_unlock+0x9/0x20 [ 24.956766][ T1904] ? handle_mm_fault+0xb2f/0x41c0 [ 24.961760][ T1904] ? alloc_file+0x84/0x4b0 [ 24.966164][ T1904] ? finish_fault+0x230/0x230 [ 24.970823][ T1904] ? __kasan_check_write+0x14/0x20 [ 24.975906][ T1904] ? __up_read+0x6f/0x1b0 [ 24.980205][ T1904] ? __down_read+0x240/0x240 [ 24.984786][ T1904] __x64_sys_bpf+0x7a/0x90 [ 24.989173][ T1904] do_syscall_64+0xc0/0x100 [ 24.993677][ T1904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.999569][ T1904] RIP: 0033:0x4421c9 [ 25.003434][ T1904] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 executing program [ 25.023007][ T1904] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 25.031652][ T1904] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 [ 25.039600][ T1904] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 25.047575][ T1904] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 25.055547][ T1904] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000005df2 [ 25.063493][ T1904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.074093][ T1905] BUG: Bad page state in process syz-executor111 pfn:1cfec0 [ 25.081492][ T1905] page:ffffea00073fb000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.090658][ T1905] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.099214][ T1905] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.107784][ T1905] page dumped because: nonzero _refcount [ 25.113391][ T1905] Modules linked in: [ 25.117272][ T1905] CPU: 0 PID: 1905 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 25.128776][ T1905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.138825][ T1905] Call Trace: [ 25.142111][ T1905] dump_stack+0x1b0/0x228 [ 25.146486][ T1905] ? is_module_text_address+0x130/0x130 [ 25.152009][ T1905] ? show_regs_print_info+0x18/0x18 [ 25.157182][ T1905] bad_page+0x262/0x290 [ 25.161312][ T1905] ? _raw_spin_lock+0x170/0x170 [ 25.166154][ T1905] ? is_free_buddy_page+0x190/0x190 [ 25.171326][ T1905] ? __kasan_check_read+0x11/0x20 [ 25.176324][ T1905] ? __zone_watermark_ok+0x9b/0x270 [ 25.181497][ T1905] get_page_from_freelist+0x505a/0x57e0 [ 25.187019][ T1905] ? unwind_next_frame+0x415/0x870 [ 25.192100][ T1905] ? __rcu_read_lock+0x50/0x50 [ 25.196858][ T1905] ? unwind_next_frame+0x415/0x870 [ 25.201948][ T1905] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 25.207910][ T1905] ? 0xffffffffa0030000 [ 25.212051][ T1905] ? is_bpf_text_address+0x2c8/0x2e0 [ 25.217317][ T1905] ? stack_trace_save+0x1e0/0x1e0 [ 25.222316][ T1905] ? __kernel_text_address+0x9a/0x110 [ 25.227659][ T1905] ? unwind_get_return_address+0x4c/0x90 [ 25.233261][ T1905] ? arch_stack_walk+0x98/0xe0 [ 25.238001][ T1905] ? __alloc_pages_nodemask+0x3010/0x3010 [ 25.243694][ T1905] ? stack_trace_save+0x111/0x1e0 [ 25.248700][ T1905] __alloc_pages_nodemask+0x44f/0x3010 [ 25.254254][ T1905] ? __kasan_slab_free+0x168/0x220 [ 25.259545][ T1905] ? skb_release_data+0x536/0x690 [ 25.264554][ T1905] ? __kfree_skb+0x134/0x180 [ 25.269126][ T1905] ? __kasan_slab_free+0x1e2/0x220 [ 25.274216][ T1905] ? __kasan_slab_free+0x168/0x220 [ 25.279302][ T1905] ? netlink_sendmsg+0x9a7/0xd40 [ 25.284228][ T1905] ? __sys_sendmsg+0x26a/0x350 [ 25.288966][ T1905] ? __x64_sys_sendmsg+0x7f/0x90 [ 25.293893][ T1905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.299933][ T1905] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 25.305281][ T1905] ? rhashtable_jhash2+0x1f1/0x330 [ 25.310372][ T1905] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 25.315898][ T1905] ? rht_key_hashfn+0x157/0x240 [ 25.320725][ T1905] ? deferred_put_nlk_sk+0x200/0x200 [ 25.325982][ T1905] ? __alloc_skb+0x109/0x540 [ 25.330547][ T1905] ? jhash+0x750/0x750 [ 25.334596][ T1905] ? netlink_hash+0xd0/0xd0 [ 25.339077][ T1905] ? avc_has_perm+0x15f/0x260 [ 25.343732][ T1905] ? skb_release_data+0x536/0x690 [ 25.348748][ T1905] ? __rcu_read_lock+0x50/0x50 [ 25.353491][ T1905] skb_page_frag_refill+0x11d/0x3b0 [ 25.358682][ T1905] tun_get_user+0x69a/0x3d10 [ 25.363249][ T1905] ? tun_do_read+0x1f10/0x1f10 [ 25.368011][ T1905] ? netlink_detachskb+0x60/0x60 [ 25.372925][ T1905] ? put_pid+0x82/0xe0 [ 25.376983][ T1905] ? netlink_sendmsg+0xa28/0xd40 [ 25.381897][ T1905] ? __rcu_read_lock+0x50/0x50 [ 25.386632][ T1905] ? netlink_getsockopt+0x900/0x900 [ 25.391816][ T1905] tun_chr_write_iter+0x134/0x1c0 [ 25.396819][ T1905] do_iter_readv_writev+0x5fa/0x890 [ 25.401989][ T1905] ? vfs_dedupe_file_range+0xa00/0xa00 [ 25.407420][ T1905] ? security_file_permission+0x157/0x350 [ 25.413112][ T1905] ? rw_verify_area+0x1c2/0x360 [ 25.417936][ T1905] do_iter_write+0x180/0x590 [ 25.422503][ T1905] do_writev+0x2cd/0x560 [ 25.426719][ T1905] ? do_readv+0x400/0x400 [ 25.431034][ T1905] ? __up_read+0x6f/0x1b0 [ 25.435349][ T1905] ? __down_read+0x240/0x240 [ 25.440008][ T1905] ? __kasan_check_read+0x11/0x20 [ 25.445023][ T1905] __x64_sys_writev+0x7d/0x90 [ 25.449674][ T1905] do_syscall_64+0xc0/0x100 [ 25.454169][ T1905] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.460034][ T1905] RIP: 0033:0x4420c0 [ 25.463937][ T1905] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 31 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 25.483517][ T1905] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 25.491917][ T1905] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004420c0 [ 25.499877][ T1905] RDX: 0000000000000001 RSI: 00007ffcd5dfe440 RDI: 00000000000000f0 [ 25.507822][ T1905] RBP: 0000000000000000 R08: 00000000000051f4 R09: 00000000bb1414ac [ 25.515787][ T1905] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000005fbe [ 25.523735][ T1905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.533387][ T1882] BUG: Bad page state in process syz-executor111 pfn:1cfec8 [ 25.540751][ T1882] page:ffffea00073fb200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.549915][ T1882] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.558470][ T1882] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.567019][ T1882] page dumped because: nonzero _refcount [ 25.572618][ T1882] Modules linked in: [ 25.576521][ T1882] CPU: 1 PID: 1882 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 25.588042][ T1882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.598072][ T1882] Call Trace: [ 25.601339][ T1882] dump_stack+0x1b0/0x228 [ 25.605643][ T1882] ? is_module_text_address+0x130/0x130 [ 25.611278][ T1882] ? show_regs_print_info+0x18/0x18 [ 25.616498][ T1882] bad_page+0x262/0x290 [ 25.620665][ T1882] ? _raw_spin_lock+0x170/0x170 [ 25.625494][ T1882] ? is_free_buddy_page+0x190/0x190 [ 25.630674][ T1882] ? __kasan_check_read+0x11/0x20 [ 25.635700][ T1882] ? __zone_watermark_ok+0x9b/0x270 [ 25.640881][ T1882] get_page_from_freelist+0x505a/0x57e0 [ 25.646445][ T1882] ? 0xffffffffa0030000 [ 25.650573][ T1882] ? is_bpf_text_address+0x2c8/0x2e0 [ 25.660064][ T1882] ? stack_trace_save+0x1e0/0x1e0 [ 25.665071][ T1882] ? __kernel_text_address+0x9a/0x110 [ 25.670454][ T1882] ? unwind_get_return_address+0x4c/0x90 [ 25.676055][ T1882] ? arch_stack_walk+0x98/0xe0 [ 25.680787][ T1882] ? stack_trace_save+0x111/0x1e0 [ 25.685795][ T1882] ? __alloc_pages_nodemask+0x3010/0x3010 [ 25.691612][ T1882] ? stack_trace_snprint+0x150/0x150 [ 25.696878][ T1882] __alloc_pages_nodemask+0x44f/0x3010 [ 25.702305][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 25.707213][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 25.711979][ T1882] ? kmem_cache_alloc+0x120/0x2b0 [ 25.716980][ T1882] ? copy_process+0x59b/0x52d0 [ 25.721732][ T1882] ? _do_fork+0x185/0x950 [ 25.726031][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 25.730946][ T1882] ? do_syscall_64+0xc0/0x100 [ 25.735622][ T1882] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.741664][ T1882] ? alloc_slab_page+0x135/0x390 [ 25.746589][ T1882] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 25.752476][ T1882] ? setup_object+0xfa/0x130 [ 25.757043][ T1882] ? new_slab+0x21b/0x430 [ 25.761349][ T1882] ? ___slab_alloc+0x2e0/0x450 [ 25.766100][ T1882] ? copy_process+0x59b/0x52d0 [ 25.770842][ T1882] ? __kasan_check_write+0x14/0x20 [ 25.776058][ T1882] ? copy_process+0x59b/0x52d0 [ 25.780809][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 25.785559][ T1882] copy_process+0x5eb/0x52d0 [ 25.790122][ T1882] ? kernel_wait4+0x380/0x380 [ 25.794887][ T1882] ? fork_idle+0x290/0x290 [ 25.799273][ T1882] ? put_pid+0x89/0xe0 [ 25.803313][ T1882] ? __ia32_sys_waitid+0xd0/0xd0 [ 25.808229][ T1882] ? do_nanosleep+0x58b/0x6b0 [ 25.812879][ T1882] _do_fork+0x185/0x950 [ 25.817032][ T1882] ? dup_mm+0x330/0x330 [ 25.821173][ T1882] ? __x64_sys_wait4+0x168/0x1c0 [ 25.826081][ T1882] ? do_wait+0x890/0x890 [ 25.830290][ T1882] __x64_sys_clone+0x247/0x2b0 [ 25.835040][ T1882] ? __ia32_sys_vfork+0x110/0x110 [ 25.840050][ T1882] ? syscall_return_slowpath+0x6f/0x500 [ 25.845582][ T1882] do_syscall_64+0xc0/0x100 [ 25.850056][ T1882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.856036][ T1882] RIP: 0033:0x440aca [ 25.860451][ T1882] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 executing program [ 25.880117][ T1882] RSP: 002b:00007ffcd5dfe3d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 25.888512][ T1882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440aca [ 25.896457][ T1882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 25.904403][ T1882] RBP: 00007ffcd5dfe3f0 R08: 0000000000000001 R09: 00000000015b0880 [ 25.912387][ T1882] R10: 00000000015b0b50 R11: 0000000000000246 R12: 0000000000000001 [ 25.920358][ T1882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.931198][ T1882] BUG: Bad page state in process syz-executor111 pfn:1cf4f0 [ 25.938691][ T1882] page:ffffea00073d3c00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.947852][ T1882] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.956434][ T1882] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.965146][ T1882] page dumped because: nonzero _refcount [ 25.970842][ T1882] Modules linked in: [ 25.974727][ T1882] CPU: 1 PID: 1882 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 25.986285][ T1882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.996315][ T1882] Call Trace: [ 25.999578][ T1882] dump_stack+0x1b0/0x228 [ 26.004014][ T1882] ? is_module_text_address+0x130/0x130 [ 26.009528][ T1882] ? show_regs_print_info+0x18/0x18 [ 26.014747][ T1882] bad_page+0x262/0x290 [ 26.018878][ T1882] ? _raw_spin_lock+0x170/0x170 [ 26.023853][ T1882] ? is_free_buddy_page+0x190/0x190 [ 26.029052][ T1882] ? __kasan_check_read+0x11/0x20 [ 26.034041][ T1882] ? __zone_watermark_ok+0x9b/0x270 [ 26.039227][ T1882] get_page_from_freelist+0x505a/0x57e0 [ 26.044748][ T1882] ? __read_once_size_nocheck+0x10/0x10 [ 26.050282][ T1882] ? unwind_next_frame+0x415/0x870 [ 26.055370][ T1882] ? __rcu_read_lock+0x50/0x50 [ 26.060135][ T1882] ? unwind_next_frame+0x415/0x870 [ 26.065228][ T1882] ? __alloc_pages_nodemask+0x3010/0x3010 [ 26.070926][ T1882] ? 0xffffffffa0008000 [ 26.075056][ T1882] __alloc_pages_nodemask+0x44f/0x3010 [ 26.080493][ T1882] ? arch_stack_walk+0x98/0xe0 [ 26.085229][ T1882] ? stack_trace_save+0x111/0x1e0 [ 26.090223][ T1882] ? stack_trace_snprint+0x150/0x150 [ 26.095491][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 26.100439][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 26.105478][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 26.110473][ T1882] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.115996][ T1882] ? __kasan_kmalloc+0x179/0x1b0 [ 26.120948][ T1882] ? copy_process+0x1852/0x52d0 [ 26.125769][ T1882] ? __kasan_kmalloc+0x117/0x1b0 [ 26.130675][ T1882] ? kasan_slab_alloc+0xe/0x10 [ 26.135411][ T1882] ? kmem_cache_alloc+0x120/0x2b0 [ 26.140601][ T1882] ? copy_process+0x1ac8/0x52d0 [ 26.145422][ T1882] ? _do_fork+0x185/0x950 [ 26.149718][ T1882] ? __x64_sys_clone+0x247/0x2b0 [ 26.154627][ T1882] ? do_syscall_64+0xc0/0x100 [ 26.159275][ T1882] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.165365][ T1882] alloc_slab_page+0x3f/0x390 [ 26.170057][ T1882] new_slab+0x98/0x430 [ 26.174102][ T1882] ? setup_object+0xfa/0x130 [ 26.178692][ T1882] ___slab_alloc+0x2e0/0x450 [ 26.183252][ T1882] ? dup_mm+0x29/0x330 [ 26.187312][ T1882] ? __should_failslab+0x90/0x160 [ 26.192328][ T1882] ? dup_mm+0x29/0x330 [ 26.196387][ T1882] kmem_cache_alloc+0x203/0x2b0 [ 26.201227][ T1882] ? sched_autogroup_detach+0x20/0x20 [ 26.206584][ T1882] dup_mm+0x29/0x330 [ 26.210453][ T1882] copy_process+0x2116/0x52d0 [ 26.215119][ T1882] ? kernel_wait4+0x380/0x380 [ 26.219775][ T1882] ? fork_idle+0x290/0x290 [ 26.224167][ T1882] ? put_pid+0x89/0xe0 [ 26.228326][ T1882] ? __ia32_sys_waitid+0xd0/0xd0 [ 26.233234][ T1882] ? do_nanosleep+0x58b/0x6b0 [ 26.237890][ T1882] _do_fork+0x185/0x950 [ 26.242048][ T1882] ? dup_mm+0x330/0x330 [ 26.246190][ T1882] ? __x64_sys_wait4+0x168/0x1c0 [ 26.251099][ T1882] ? do_wait+0x890/0x890 [ 26.255319][ T1882] __x64_sys_clone+0x247/0x2b0 [ 26.260053][ T1882] ? __ia32_sys_vfork+0x110/0x110 [ 26.265052][ T1882] ? syscall_return_slowpath+0x6f/0x500 [ 26.270618][ T1882] do_syscall_64+0xc0/0x100 [ 26.275131][ T1882] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.280999][ T1882] RIP: 0033:0x440aca [ 26.284868][ T1882] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 26.304472][ T1882] RSP: 002b:00007ffcd5dfe3d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 26.312879][ T1882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440aca [ 26.320842][ T1882] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 executing program executing program [ 26.328787][ T1882] RBP: 00007ffcd5dfe3f0 R08: 0000000000000001 R09: 00000000015b0880 [ 26.336737][ T1882] R10: 00000000015b0b50 R11: 0000000000000246 R12: 0000000000000001 [ 26.344686][ T1882] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.356037][ T1908] BUG: Bad page state in process syz-executor111 pfn:1cff68 [ 26.363399][ T1908] page:ffffea00073fda00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 26.372565][ T1908] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.381120][ T1908] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 26.389675][ T1908] page dumped because: nonzero _refcount [ 26.395298][ T1908] Modules linked in: [ 26.399168][ T1908] CPU: 1 PID: 1908 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 26.410672][ T1908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.420701][ T1908] Call Trace: [ 26.424021][ T1908] dump_stack+0x1b0/0x228 [ 26.428368][ T1908] ? is_module_text_address+0x130/0x130 [ 26.433882][ T1908] ? show_regs_print_info+0x18/0x18 [ 26.439051][ T1908] bad_page+0x262/0x290 [ 26.443198][ T1908] ? _raw_spin_lock+0x170/0x170 [ 26.448022][ T1908] ? is_free_buddy_page+0x190/0x190 [ 26.453236][ T1908] ? __kasan_check_read+0x11/0x20 [ 26.458233][ T1908] ? __zone_watermark_ok+0x9b/0x270 [ 26.463405][ T1908] get_page_from_freelist+0x505a/0x57e0 [ 26.468928][ T1908] ? __read_once_size_nocheck+0x10/0x10 [ 26.474530][ T1908] ? unwind_next_frame+0x415/0x870 [ 26.479642][ T1908] ? __rcu_read_lock+0x50/0x50 [ 26.484385][ T1908] ? unwind_next_frame+0x415/0x870 [ 26.489472][ T1908] ? __alloc_pages_nodemask+0x3010/0x3010 [ 26.495167][ T1908] ? 0xffffffffa0010000 [ 26.499353][ T1908] __alloc_pages_nodemask+0x44f/0x3010 [ 26.504821][ T1908] ? __kasan_check_read+0x11/0x20 [ 26.509819][ T1908] ? prep_new_page+0x13a/0x3a0 [ 26.514554][ T1908] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.520351][ T1908] ? get_page_from_freelist+0x5426/0x57e0 [ 26.526084][ T1908] ? __rcu_read_lock+0x50/0x50 [ 26.530820][ T1908] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.536773][ T1908] alloc_slab_page+0x3f/0x390 [ 26.541424][ T1908] new_slab+0x98/0x430 [ 26.545466][ T1908] ___slab_alloc+0x2e0/0x450 [ 26.550027][ T1908] ? bpf_check+0x136/0xe7b0 [ 26.554506][ T1908] ? __should_failslab+0x90/0x160 [ 26.559515][ T1908] ? bpf_check+0x136/0xe7b0 [ 26.563989][ T1908] kmem_cache_alloc_trace+0x23f/0x2f0 [ 26.569347][ T1908] bpf_check+0x136/0xe7b0 [ 26.573649][ T1908] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.579600][ T1908] ? 0xffffffffa0010000 [ 26.583736][ T1908] ? is_bpf_text_address+0x2c8/0x2e0 [ 26.588994][ T1908] ? stack_trace_save+0x1e0/0x1e0 [ 26.594001][ T1908] ? __kernel_text_address+0x9a/0x110 [ 26.599365][ T1908] ? unwind_get_return_address+0x4c/0x90 [ 26.607717][ T1908] ? arch_stack_walk+0x98/0xe0 [ 26.612556][ T1908] ? stack_trace_save+0x111/0x1e0 [ 26.617555][ T1908] ? stack_trace_snprint+0x150/0x150 [ 26.622857][ T1908] ? stack_trace_snprint+0x150/0x150 [ 26.628131][ T1908] ? bpf_verifier_log_write+0x230/0x230 [ 26.633652][ T1908] ? __kasan_kmalloc+0x179/0x1b0 [ 26.638560][ T1908] ? __kasan_kmalloc+0x117/0x1b0 [ 26.643469][ T1908] ? kasan_kmalloc+0x9/0x10 [ 26.647961][ T1908] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 26.653504][ T1908] ? selinux_bpf_prog_alloc+0x51/0x150 [ 26.658935][ T1908] ? security_bpf_prog_alloc+0x50/0xb0 [ 26.664363][ T1908] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 26.669183][ T1908] ? __x64_sys_bpf+0x7a/0x90 [ 26.673874][ T1908] ? do_syscall_64+0xc0/0x100 [ 26.678539][ T1908] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.684580][ T1908] ? pcpu_block_refresh_hint+0x22f/0x370 [ 26.690184][ T1908] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 26.696228][ T1908] ? pcpu_alloc_area+0x7eb/0x940 [ 26.701140][ T1908] ? find_next_bit+0xd8/0x120 [ 26.705788][ T1908] ? cpumask_next+0x11/0x30 [ 26.710267][ T1908] ? __should_failslab+0x90/0x160 [ 26.715265][ T1908] ? selinux_bpf_prog_alloc+0x51/0x150 [ 26.720697][ T1908] ? kasan_kmalloc+0x9/0x10 [ 26.725187][ T1908] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 26.730631][ T1908] ? memset+0x31/0x40 [ 26.734585][ T1908] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 26.739666][ T1908] __do_sys_bpf+0x80a8/0xbbc0 [ 26.744328][ T1908] ? wp_page_copy+0xd24/0x10e0 [ 26.749082][ T1908] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.754613][ T1908] ? __rcu_read_lock+0x50/0x50 [ 26.759349][ T1908] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 26.765124][ T1908] ? __bpf_prog_put_rcu+0x350/0x350 [ 26.770296][ T1908] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 26.775819][ T1908] ? mem_cgroup_from_task+0x60/0x60 [ 26.780998][ T1908] ? __kasan_check_read+0x11/0x20 [ 26.785992][ T1908] ? __lru_cache_add+0x1ae/0x200 [ 26.790901][ T1908] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 26.797460][ T1908] ? _raw_spin_unlock+0x9/0x20 [ 26.802204][ T1908] ? handle_mm_fault+0xb2f/0x41c0 [ 26.807208][ T1908] ? alloc_file+0x84/0x4b0 [ 26.811599][ T1908] ? finish_fault+0x230/0x230 [ 26.816251][ T1908] ? __kasan_check_write+0x14/0x20 [ 26.821338][ T1908] ? __up_read+0x6f/0x1b0 [ 26.825638][ T1908] ? __down_read+0x240/0x240 [ 26.830207][ T1908] __x64_sys_bpf+0x7a/0x90 [ 26.834599][ T1908] do_syscall_64+0xc0/0x100 [ 26.839078][ T1908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.844961][ T1908] RIP: 0033:0x4421c9 [ 26.848833][ T1908] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.868408][ T1908] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 26.876800][ T1908] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004421c9 executing program [ 26.884762][ T1908] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 26.892705][ T1908] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 26.900663][ T1908] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000000066e9 [ 26.908607][ T1908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.919082][ T1909] BUG: Bad page state in process syz-executor111 pfn:1cff78 [ 26.926510][ T1909] page:ffffea00073fde00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 26.935693][ T1909] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.944325][ T1909] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 26.952881][ T1909] page dumped because: nonzero _refcount [ 26.958481][ T1909] Modules linked in: [ 26.962354][ T1909] CPU: 0 PID: 1909 Comm: syz-executor111 Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 26.973862][ T1909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.983892][ T1909] Call Trace: [ 26.987206][ T1909] dump_stack+0x1b0/0x228 [ 26.991509][ T1909] ? is_module_text_address+0x130/0x130 [ 26.997030][ T1909] ? show_regs_print_info+0x18/0x18 [ 27.002499][ T1909] bad_page+0x262/0x290 [ 27.006628][ T1909] ? _raw_spin_lock+0x170/0x170 [ 27.011492][ T1909] ? is_free_buddy_page+0x190/0x190 [ 27.016666][ T1909] ? __kasan_check_read+0x11/0x20 [ 27.021663][ T1909] ? __zone_watermark_ok+0x9b/0x270 [ 27.026846][ T1909] get_page_from_freelist+0x505a/0x57e0 [ 27.032372][ T1909] ? unwind_next_frame+0x415/0x870 [ 27.037458][ T1909] ? __rcu_read_lock+0x50/0x50 [ 27.042192][ T1909] ? unwind_next_frame+0x415/0x870 [ 27.047275][ T1909] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.053254][ T1909] ? 0xffffffffa0020000 [ 27.057382][ T1909] ? is_bpf_text_address+0x2c8/0x2e0 [ 27.062637][ T1909] ? stack_trace_save+0x1e0/0x1e0 [ 27.067634][ T1909] ? __kernel_text_address+0x9a/0x110 [ 27.072991][ T1909] ? unwind_get_return_address+0x4c/0x90 [ 27.078609][ T1909] ? arch_stack_walk+0x98/0xe0 [ 27.083364][ T1909] ? __alloc_pages_nodemask+0x3010/0x3010 [ 27.089067][ T1909] ? stack_trace_save+0x111/0x1e0 [ 27.094065][ T1909] __alloc_pages_nodemask+0x44f/0x3010 [ 27.099497][ T1909] ? __kasan_slab_free+0x168/0x220 [ 27.104576][ T1909] ? skb_release_data+0x536/0x690 [ 27.109568][ T1909] ? __kfree_skb+0x134/0x180 [ 27.114128][ T1909] ? __kasan_slab_free+0x1e2/0x220 [ 27.119206][ T1909] ? __kasan_slab_free+0x168/0x220 [ 27.124286][ T1909] ? netlink_sendmsg+0x9a7/0xd40 [ 27.129197][ T1909] ? __sys_sendmsg+0x26a/0x350 [ 27.133953][ T1909] ? __x64_sys_sendmsg+0x7f/0x90 [ 27.138951][ T1909] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.145006][ T1909] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 27.150353][ T1909] ? rhashtable_jhash2+0x1f1/0x330 [ 27.155433][ T1909] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.160950][ T1909] ? rht_key_hashfn+0x157/0x240 [ 27.165784][ T1909] ? deferred_put_nlk_sk+0x200/0x200 [ 27.171040][ T1909] ? __alloc_skb+0x109/0x540 [ 27.175610][ T1909] ? jhash+0x750/0x750 [ 27.179652][ T1909] ? netlink_hash+0xd0/0xd0 [ 27.184145][ T1909] ? avc_has_perm+0x15f/0x260 [ 27.188797][ T1909] ? skb_release_data+0x536/0x690 [ 27.193817][ T1909] ? __rcu_read_lock+0x50/0x50 [ 27.198557][ T1909] skb_page_frag_refill+0x11d/0x3b0 [ 27.203788][ T1909] tun_get_user+0x69a/0x3d10 [ 27.208394][ T1909] ? tun_do_read+0x1f10/0x1f10 [ 27.213129][ T1909] ? netlink_detachskb+0x60/0x60 [ 27.218054][ T1909] ? put_pid+0x82/0xe0 [ 27.222094][ T1909] ? netlink_sendmsg+0xa28/0xd40 [ 27.227012][ T1909] ? __rcu_read_lock+0x50/0x50 [ 27.231747][ T1909] ? netlink_getsockopt+0x900/0x900 [ 27.236915][ T1909] tun_chr_write_iter+0x134/0x1c0 [ 27.241937][ T1909] do_iter_readv_writev+0x5fa/0x890 [ 27.247294][ T1909] ? vfs_dedupe_file_range+0xa00/0xa00 [ 27.252724][ T1909] ? security_file_permission+0x157/0x350 [ 27.258414][ T1909] ? rw_verify_area+0x1c2/0x360 [ 27.263382][ T1909] do_iter_write+0x180/0x590 [ 27.267953][ T1909] do_writev+0x2cd/0x560 [ 27.272170][ T1909] ? do_readv+0x400/0x400 [ 27.276468][ T1909] ? __up_read+0x6f/0x1b0 [ 27.280768][ T1909] ? __down_read+0x240/0x240 [ 27.285344][ T1909] ? __kasan_check_read+0x11/0x20 [ 27.290368][ T1909] __x64_sys_writev+0x7d/0x90 [ 27.295049][ T1909] do_syscall_64+0xc0/0x100 [ 27.299527][ T1909] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.305416][ T1909] RIP: 0033:0x4420c0 [ 27.309285][ T1909] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 31 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 27.328912][ T1909] RSP: 002b:00007ffcd5dfe3f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 27.337295][ T1909] RAX: ffffffffffffffda RBX: 00007ffcd5dfe410 RCX: 00000000004420c0 [ 27.345289][ T1909] RDX: 0000000000000001 RSI: 00007ffcd5dfe440 RDI: 00000000000000f0 [ 27.353234][ T1909] RBP: 0000000000000000 R08: 00000000000051f4 R09: 00000000bb1414ac [ 27.361229][ T1909] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00000000000066eb [ 27.369178][ T1909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.378678][ T1879] BUG: Bad page state in process sshd pfn:1c5ba0 [ 27.385095][ T1879] page:ffffea000716e800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 27.394259][ T1879] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 27.402819][ T1879] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 27.411515][ T1879] page dumped because: nonzero _refcount [ 27.417115][ T1879] Modules linked in: [ 27.420991][ T1879] CPU: 1 PID: 1879 Comm: sshd Tainted: G B W 5.4.23-syzkaller-01268-g2c2101d18159 #0 [ 27.431556][ T1879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.441581][ T1879] Call Trace: [ 27.444885][ T1879] dump_stack+0x1b0/0x228 [ 27.449188][ T1879] ? is_module_text_address+0x130/0x130 [ 27.454741][ T1879] ? show_regs_print_info+0x18/0x18 [ 27.459910][ T1879] bad_page+0x262/0x290 [ 27.464036][ T1879] ? _raw_spin_lock+0x170/0x170 [ 27.468876][ T1879] ? is_free_buddy_page+0x190/0x190 [ 27.474070][ T1879] ? __kasan_check_read+0x11/0x20 [ 27.479067][ T1879] ? __zone_watermark_ok+0x9b/0x270 [ 27.484281][ T1879] get_page_from_freelist+0x505a/0x57e0 [ 27.489825][ T1879] ? ip_fragment+0x210/0x210 [ 27.494491][ T1879] ? __ip_finish_output+0x547/0x6e0 [ 27.499673][ T1879] ? __read_once_size_nocheck+0x10/0x10 [ 27.505206][ T1879] ? unwind_next_frame+0x415/0x870 [ 27.510292][ T1879] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.516241][ T1879] ? __alloc_pages_nodemask+0x3010/0x3010 [ 27.521930][ T1879] ? 0xffffffffa0020000 [ 27.526057][ T1879] __alloc_pages_nodemask+0x44f/0x3010 [ 27.531499][ T1879] ? unwind_get_return_address+0x4c/0x90 [ 27.537101][ T1879] ? stack_trace_save+0x111/0x1e0 [ 27.542095][ T1879] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.547609][ T1879] ? __kasan_kmalloc+0x179/0x1b0 [ 27.552534][ T1879] ? __kasan_kmalloc+0x117/0x1b0 [ 27.557457][ T1879] ? kasan_slab_alloc+0xe/0x10 [ 27.562188][ T1879] ? kmem_cache_alloc+0x120/0x2b0 [ 27.567198][ T1879] ? __alloc_skb+0xbc/0x540 [ 27.571673][ T1879] ? sk_stream_alloc_skb+0x216/0xbb0 [ 27.576927][ T1879] ? tcp_sendmsg_locked+0xe5b/0x3db0 [ 27.582258][ T1879] ? tcp_sendmsg+0x2f/0x50 [ 27.586649][ T1879] ? inet_sendmsg+0xa1/0xc0 [ 27.591126][ T1879] ? sock_write_iter+0x352/0x4a0 [ 27.596037][ T1879] ? __vfs_write+0x579/0x700 [ 27.600601][ T1879] ? vfs_write+0x203/0x4e0 [ 27.605000][ T1879] ? ksys_write+0x168/0x2a0 [ 27.609491][ T1879] ? __kasan_check_write+0x14/0x20 [ 27.614576][ T1879] ? fput_many+0x47/0x1a0 [ 27.618925][ T1879] ? fput+0x1a/0x20 [ 27.622751][ T1879] alloc_slab_page+0x3f/0x390 [ 27.627410][ T1879] ? do_select+0x199f/0x1b30 [ 27.631993][ T1879] new_slab+0x98/0x430