Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 9.098067][ T22] audit: type=1400 audit(1583688530.295:10): avc: denied { watch } for pid=1794 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1 [ 9.106518][ T22] audit: type=1400 audit(1583688530.295:11): avc: denied { watch } for pid=1794 comm="restorecond" path="/etc/selinux/restorecond.conf" dev="sda1" ino=2280 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 27.223200][ T22] audit: type=1400 audit(1583688548.425:12): avc: denied { map } for pid=1869 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. executing program [ 33.280982][ T22] audit: type=1400 audit(1583688554.475:13): avc: denied { map } for pid=1887 comm="syz-executor590" path="/root/syz-executor590473960" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 33.308634][ T22] audit: type=1400 audit(1583688554.475:14): avc: denied { prog_load } for pid=1889 comm="syz-executor590" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 33.333219][ T22] audit: type=1400 audit(1583688554.535:15): avc: denied { prog_run } for pid=1889 comm="syz-executor590" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 33.333451][ T1889] ------------[ cut here ]------------ [ 33.361993][ T1889] Illegal XDP return value 4294967274, expect packet loss! [ 33.369444][ T1889] WARNING: CPU: 0 PID: 1889 at net/core/filter.c:6909 bpf_warn_invalid_xdp_action+0x5a/0x60 [ 33.379474][ T1889] Modules linked in: [ 33.383347][ T1889] CPU: 0 PID: 1889 Comm: syz-executor590 Not tainted 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 33.393571][ T1889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.403784][ T1889] RIP: 0010:bpf_warn_invalid_xdp_action+0x5a/0x60 [ 33.410218][ T1889] Code: e8 0b 12 5e fe 83 fb 04 48 c7 c0 e3 72 56 84 48 c7 c6 eb 72 56 84 48 0f 47 f0 48 c7 c7 b6 72 56 84 89 da 31 c0 e8 46 e1 34 fe <0f> 0b eb bc 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 4c 89 [ 33.431054][ T1889] RSP: 0018:ffff8881cfd47728 EFLAGS: 00010246 [ 33.437113][ T1889] RAX: b5d61961c046b300 RBX: 00000000ffffffea RCX: ffff8881d1430ec0 [ 33.445603][ T1889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 33.453572][ T1889] RBP: ffff8881cfd47730 R08: ffffffff812d0c80 R09: ffffed103b743e92 [ 33.461538][ T1889] R10: ffffed103b743e92 R11: 0000000000000000 R12: 00000000ffffffea [ 33.469485][ T1889] R13: ffff8881cfcd0840 R14: dffffc0000000000 R15: ffffc90000534000 [ 33.477435][ T1889] FS: 0000000001c2a880(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 33.486347][ T1889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.492989][ T1889] CR2: 000055ed1832f4b0 CR3: 00000001d442b003 CR4: 00000000001606f0 [ 33.500960][ T1889] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 33.508909][ T1889] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 33.516854][ T1889] Call Trace: [ 33.520176][ T1889] tun_xdp_act+0x1b6/0x740 [ 33.524576][ T1889] ? __kasan_check_write+0x14/0x20 [ 33.529669][ T1889] ? copyin+0x92/0xb0 [ 33.533935][ T1889] ? tun_flow_update+0x870/0x870 [ 33.538848][ T1889] ? bpf_prog_0e2736c78828fcc1+0xf3f/0x1000 [ 33.546292][ T1889] tun_get_user+0x1cce/0x3d10 [ 33.550963][ T1889] ? tun_do_read+0x1f10/0x1f10 [ 33.555703][ T1889] ? netlink_detachskb+0x60/0x60 [ 33.560625][ T1889] ? put_pid+0x82/0xe0 [ 33.564714][ T1889] ? netlink_sendmsg+0xa28/0xd40 [ 33.569647][ T1889] ? __rcu_read_lock+0x50/0x50 [ 33.574389][ T1889] ? netlink_getsockopt+0x900/0x900 [ 33.579581][ T1889] tun_chr_write_iter+0x134/0x1c0 [ 33.584593][ T1889] do_iter_readv_writev+0x5fa/0x890 [ 33.589769][ T1889] ? vfs_dedupe_file_range+0xa00/0xa00 [ 33.595250][ T1889] ? security_file_permission+0x157/0x350 [ 33.600945][ T1889] ? rw_verify_area+0x1c2/0x360 [ 33.605865][ T1889] do_iter_write+0x180/0x590 [ 33.610429][ T1889] do_writev+0x2cd/0x560 [ 33.614643][ T1889] ? do_readv+0x400/0x400 [ 33.619004][ T1889] ? __up_read+0x6f/0x1b0 [ 33.623313][ T1889] ? __kasan_check_write+0x14/0x20 [ 33.628444][ T1889] ? __fpregs_load_activate+0x2fc/0x3b0 [ 33.633959][ T1889] ? switch_fpu_return+0x10/0x10 [ 33.638885][ T1889] ? __kasan_check_read+0x11/0x20 [ 33.643925][ T1889] __x64_sys_writev+0x7d/0x90 [ 33.648575][ T1889] do_syscall_64+0xc0/0x100 [ 33.653053][ T1889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 33.658930][ T1889] RIP: 0033:0x441e40 [ 33.662812][ T1889] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 91 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 33.682410][ T1889] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 33.690797][ T1889] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441e40 [ 33.698765][ T1889] RDX: 0000000000000001 RSI: 00007ffdfc0851d0 RDI: 00000000000000f0 [ 33.706760][ T1889] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 33.714717][ T1889] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000 [ 33.722681][ T1889] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 executing program [ 33.730657][ T1889] ---[ end trace 7fb1e257b2382f39 ]--- [ 33.738360][ T1890] BUG: Bad page state in process syz-executor590 pfn:1d4578 [ 33.745987][ T1890] page:ffffea0007515e00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 33.755252][ T1890] flags: 0x8000000000000000() [ 33.759910][ T1890] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 33.768466][ T1890] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 33.777031][ T1890] page dumped because: nonzero _refcount [ 33.782748][ T1890] Modules linked in: [ 33.786625][ T1890] CPU: 1 PID: 1890 Comm: syz-executor590 Tainted: G W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 33.798446][ T1890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.808499][ T1890] Call Trace: [ 33.811769][ T1890] dump_stack+0x1b0/0x228 [ 33.816097][ T1890] ? is_module_text_address+0x130/0x130 [ 33.821634][ T1890] ? show_regs_print_info+0x18/0x18 [ 33.826817][ T1890] bad_page+0x262/0x290 [ 33.830944][ T1890] ? _raw_spin_lock+0x170/0x170 [ 33.835902][ T1890] ? is_free_buddy_page+0x190/0x190 [ 33.841077][ T1890] ? __kasan_check_read+0x11/0x20 [ 33.846091][ T1890] ? __zone_watermark_ok+0x9b/0x270 [ 33.851271][ T1890] get_page_from_freelist+0x505a/0x57e0 [ 33.856809][ T1890] ? unwind_next_frame+0x415/0x870 [ 33.861909][ T1890] ? __rcu_read_lock+0x50/0x50 [ 33.866645][ T1890] ? unwind_next_frame+0x415/0x870 [ 33.871743][ T1890] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 33.877697][ T1890] ? 0xffffffffa0010000 [ 33.881843][ T1890] ? is_bpf_text_address+0x2c8/0x2e0 [ 33.887106][ T1890] ? stack_trace_save+0x1e0/0x1e0 [ 33.892115][ T1890] ? __kernel_text_address+0x9a/0x110 [ 33.897474][ T1890] ? unwind_get_return_address+0x4c/0x90 [ 33.903083][ T1890] ? arch_stack_walk+0x98/0xe0 [ 33.907855][ T1890] ? __alloc_pages_nodemask+0x3010/0x3010 [ 33.913549][ T1890] ? stack_trace_save+0x111/0x1e0 [ 33.918598][ T1890] __alloc_pages_nodemask+0x44f/0x3010 [ 33.924042][ T1890] ? __kasan_slab_free+0x168/0x220 [ 33.929256][ T1890] ? skb_release_data+0x536/0x690 [ 33.934379][ T1890] ? __kfree_skb+0x134/0x180 [ 33.939267][ T1890] ? __kasan_slab_free+0x1e2/0x220 [ 33.944563][ T1890] ? __kasan_slab_free+0x168/0x220 [ 33.949660][ T1890] ? netlink_sendmsg+0x9a7/0xd40 [ 33.954581][ T1890] ? __sys_sendmsg+0x26a/0x350 [ 33.959321][ T1890] ? __x64_sys_sendmsg+0x7f/0x90 [ 33.964237][ T1890] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 33.970306][ T1890] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 33.975654][ T1890] ? rhashtable_jhash2+0x1f1/0x330 [ 33.980751][ T1890] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 33.986281][ T1890] ? rht_key_hashfn+0x157/0x240 [ 33.991119][ T1890] ? deferred_put_nlk_sk+0x200/0x200 [ 33.996784][ T1890] ? __alloc_skb+0x109/0x540 [ 34.001347][ T1890] ? jhash+0x750/0x750 [ 34.005387][ T1890] ? netlink_hash+0xd0/0xd0 [ 34.009927][ T1890] ? avc_has_perm+0x15f/0x260 [ 34.014654][ T1890] ? skb_release_data+0x536/0x690 [ 34.019680][ T1890] ? __rcu_read_lock+0x50/0x50 [ 34.024432][ T1890] skb_page_frag_refill+0x11d/0x3b0 [ 34.029632][ T1890] tun_get_user+0x69a/0x3d10 [ 34.034447][ T1890] ? tun_do_read+0x1f10/0x1f10 [ 34.039197][ T1890] ? netlink_detachskb+0x60/0x60 [ 34.044126][ T1890] ? put_pid+0x82/0xe0 [ 34.048183][ T1890] ? netlink_sendmsg+0xa28/0xd40 [ 34.053123][ T1890] ? __rcu_read_lock+0x50/0x50 [ 34.057860][ T1890] ? netlink_getsockopt+0x900/0x900 [ 34.063065][ T1890] tun_chr_write_iter+0x134/0x1c0 [ 34.068069][ T1890] do_iter_readv_writev+0x5fa/0x890 [ 34.073260][ T1890] ? vfs_dedupe_file_range+0xa00/0xa00 [ 34.078703][ T1890] ? security_file_permission+0x157/0x350 [ 34.084395][ T1890] ? rw_verify_area+0x1c2/0x360 [ 34.089219][ T1890] do_iter_write+0x180/0x590 [ 34.093794][ T1890] do_writev+0x2cd/0x560 [ 34.098010][ T1890] ? do_readv+0x400/0x400 [ 34.102321][ T1890] ? __up_read+0x6f/0x1b0 [ 34.106692][ T1890] ? __down_read+0x240/0x240 [ 34.111260][ T1890] ? __kasan_check_read+0x11/0x20 [ 34.116310][ T1890] __x64_sys_writev+0x7d/0x90 [ 34.121100][ T1890] do_syscall_64+0xc0/0x100 [ 34.125689][ T1890] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 34.131707][ T1890] RIP: 0033:0x441e40 [ 34.135600][ T1890] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 91 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 34.155184][ T1890] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 34.163569][ T1890] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441e40 [ 34.171518][ T1890] RDX: 0000000000000001 RSI: 00007ffdfc0851d0 RDI: 00000000000000f0 executing program [ 34.179480][ T1890] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 34.187425][ T1890] R10: 00000000bb1414ac R11: 0000000000000246 R12: 000000000000820a [ 34.195384][ T1890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.203351][ T1890] Disabling lock debugging due to kernel taint [ 34.212968][ T1891] BUG: Bad page state in process syz-executor590 pfn:1d4540 [ 34.220493][ T1891] page:ffffea0007515000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 34.229661][ T1891] flags: 0x8000000000000000() [ 34.234420][ T1891] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 34.242998][ T1891] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 34.251659][ T1891] page dumped because: nonzero _refcount [ 34.257262][ T1891] Modules linked in: [ 34.261132][ T1891] CPU: 0 PID: 1891 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 34.272637][ T1891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.282682][ T1891] Call Trace: [ 34.285959][ T1891] dump_stack+0x1b0/0x228 [ 34.290277][ T1891] ? is_module_text_address+0x130/0x130 [ 34.295795][ T1891] ? show_regs_print_info+0x18/0x18 [ 34.300979][ T1891] bad_page+0x262/0x290 [ 34.305110][ T1891] ? _raw_spin_lock+0x170/0x170 [ 34.309935][ T1891] ? is_free_buddy_page+0x190/0x190 [ 34.315119][ T1891] ? __kasan_check_read+0x11/0x20 [ 34.320208][ T1891] ? __zone_watermark_ok+0x9b/0x270 [ 34.325398][ T1891] get_page_from_freelist+0x505a/0x57e0 [ 34.330938][ T1891] ? unwind_next_frame+0x415/0x870 [ 34.336030][ T1891] ? __rcu_read_lock+0x50/0x50 [ 34.340786][ T1891] ? unwind_next_frame+0x415/0x870 [ 34.345945][ T1891] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 34.352032][ T1891] ? 0xffffffffa0018000 [ 34.356171][ T1891] ? is_bpf_text_address+0x2c8/0x2e0 [ 34.361435][ T1891] ? stack_trace_save+0x1e0/0x1e0 [ 34.366461][ T1891] ? __kernel_text_address+0x9a/0x110 [ 34.371828][ T1891] ? unwind_get_return_address+0x4c/0x90 [ 34.377520][ T1891] ? arch_stack_walk+0x98/0xe0 [ 34.382281][ T1891] ? __alloc_pages_nodemask+0x3010/0x3010 [ 34.387987][ T1891] ? stack_trace_save+0x111/0x1e0 [ 34.393038][ T1891] __alloc_pages_nodemask+0x44f/0x3010 [ 34.398493][ T1891] ? __kasan_slab_free+0x168/0x220 [ 34.403593][ T1891] ? skb_release_data+0x536/0x690 [ 34.408597][ T1891] ? __kfree_skb+0x134/0x180 [ 34.413163][ T1891] ? __kasan_slab_free+0x1e2/0x220 [ 34.418398][ T1891] ? __kasan_slab_free+0x168/0x220 [ 34.423495][ T1891] ? netlink_sendmsg+0x9a7/0xd40 [ 34.428410][ T1891] ? __sys_sendmsg+0x26a/0x350 [ 34.433320][ T1891] ? __x64_sys_sendmsg+0x7f/0x90 [ 34.438361][ T1891] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 34.444399][ T1891] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 34.449745][ T1891] ? rhashtable_jhash2+0x1f1/0x330 [ 34.454829][ T1891] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 34.460451][ T1891] ? rht_key_hashfn+0x157/0x240 [ 34.465299][ T1891] ? deferred_put_nlk_sk+0x200/0x200 [ 34.470651][ T1891] ? __alloc_skb+0x109/0x540 [ 34.475333][ T1891] ? jhash+0x750/0x750 [ 34.479389][ T1891] ? netlink_hash+0xd0/0xd0 [ 34.483881][ T1891] ? avc_has_perm+0x15f/0x260 [ 34.488642][ T1891] ? skb_release_data+0x536/0x690 [ 34.493645][ T1891] ? __rcu_read_lock+0x50/0x50 [ 34.498403][ T1891] skb_page_frag_refill+0x11d/0x3b0 [ 34.503583][ T1891] tun_get_user+0x69a/0x3d10 [ 34.508152][ T1891] ? tun_do_read+0x1f10/0x1f10 [ 34.512901][ T1891] ? netlink_detachskb+0x60/0x60 [ 34.517816][ T1891] ? put_pid+0x82/0xe0 [ 34.521987][ T1891] ? netlink_sendmsg+0xa28/0xd40 [ 34.526920][ T1891] ? __rcu_read_lock+0x50/0x50 [ 34.531675][ T1891] ? netlink_getsockopt+0x900/0x900 [ 34.536849][ T1891] tun_chr_write_iter+0x134/0x1c0 [ 34.541858][ T1891] do_iter_readv_writev+0x5fa/0x890 [ 34.547039][ T1891] ? vfs_dedupe_file_range+0xa00/0xa00 [ 34.552473][ T1891] ? security_file_permission+0x157/0x350 [ 34.558163][ T1891] ? rw_verify_area+0x1c2/0x360 [ 34.563051][ T1891] do_iter_write+0x180/0x590 [ 34.567835][ T1891] do_writev+0x2cd/0x560 [ 34.572078][ T1891] ? do_readv+0x400/0x400 [ 34.576380][ T1891] ? __up_read+0x6f/0x1b0 [ 34.580705][ T1891] ? __down_read+0x240/0x240 [ 34.585271][ T1891] ? __kasan_check_read+0x11/0x20 [ 34.590268][ T1891] __x64_sys_writev+0x7d/0x90 [ 34.594956][ T1891] do_syscall_64+0xc0/0x100 [ 34.599666][ T1891] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 34.605535][ T1891] RIP: 0033:0x441e40 [ 34.609454][ T1891] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 91 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 34.629136][ T1891] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 34.637931][ T1891] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441e40 [ 34.645897][ T1891] RDX: 0000000000000001 RSI: 00007ffdfc0851d0 RDI: 00000000000000f0 [ 34.653860][ T1891] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 34.661806][ T1891] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00000000000083b9 [ 34.669752][ T1891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.678845][ T1888] BUG: Bad page state in process syz-executor590 pfn:1d4548 [ 34.686315][ T1888] page:ffffea0007515200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 34.695506][ T1888] flags: 0x8000000000000000() [ 34.700161][ T1888] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 34.708718][ T1888] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 34.717359][ T1888] page dumped because: nonzero _refcount [ 34.722961][ T1888] Modules linked in: [ 34.726832][ T1888] CPU: 0 PID: 1888 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 34.738335][ T1888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.748368][ T1888] Call Trace: [ 34.751647][ T1888] dump_stack+0x1b0/0x228 [ 34.755954][ T1888] ? is_module_text_address+0x130/0x130 [ 34.761475][ T1888] ? show_regs_print_info+0x18/0x18 [ 34.766655][ T1888] bad_page+0x262/0x290 [ 34.770870][ T1888] ? _raw_spin_lock+0x170/0x170 [ 34.775703][ T1888] ? is_free_buddy_page+0x190/0x190 [ 34.781015][ T1888] ? __kasan_check_read+0x11/0x20 [ 34.786025][ T1888] ? __zone_watermark_ok+0x9b/0x270 [ 34.791376][ T1888] get_page_from_freelist+0x505a/0x57e0 [ 34.796916][ T1888] ? __kasan_check_write+0x14/0x20 [ 34.802031][ T1888] ? __read_once_size_nocheck+0x10/0x10 [ 34.807557][ T1888] ? unwind_next_frame+0x415/0x870 [ 34.813266][ T1888] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 34.819218][ T1888] ? __alloc_pages_nodemask+0x3010/0x3010 [ 34.824908][ T1888] ? 0xffffffffa0018000 [ 34.829037][ T1888] __alloc_pages_nodemask+0x44f/0x3010 [ 34.834496][ T1888] ? unwind_get_return_address+0x4c/0x90 [ 34.840102][ T1888] ? stack_trace_save+0x111/0x1e0 [ 34.845110][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 34.850031][ T1888] ? __kasan_kmalloc+0x117/0x1b0 [ 34.854943][ T1888] ? kasan_slab_alloc+0xe/0x10 [ 34.859680][ T1888] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 34.865287][ T1888] ? __kasan_kmalloc+0x179/0x1b0 [ 34.870200][ T1888] ? copy_process+0x1852/0x52d0 [ 34.875027][ T1888] ? __kasan_kmalloc+0x117/0x1b0 [ 34.879949][ T1888] ? kasan_slab_alloc+0xe/0x10 [ 34.884696][ T1888] ? kmem_cache_alloc+0x120/0x2b0 [ 34.889705][ T1888] ? copy_process+0x18ae/0x52d0 [ 34.894528][ T1888] ? _do_fork+0x185/0x950 [ 34.898830][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 34.903741][ T1888] ? do_syscall_64+0xc0/0x100 [ 34.908393][ T1888] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 34.914438][ T1888] ? sched_slice+0x2c6/0x520 [ 34.919001][ T1888] ? memcpy+0x49/0x60 [ 34.923558][ T1888] ? __should_failslab+0x90/0x160 [ 34.930928][ T1888] ? kvmalloc_node+0xc6/0x120 [ 34.936318][ T1888] alloc_slab_page+0x3f/0x390 [ 34.942464][ T1888] new_slab+0x98/0x430 [ 34.946520][ T1888] ? __kasan_check_write+0x14/0x20 [ 34.951615][ T1888] ? lockref_get+0x1c2/0x2b0 [ 34.956265][ T1888] ___slab_alloc+0x2e0/0x450 [ 34.960838][ T1888] ? copy_process+0x1ac8/0x52d0 [ 34.965660][ T1888] ? __kasan_check_write+0x14/0x20 [ 34.970757][ T1888] ? __should_failslab+0x90/0x160 [ 34.975855][ T1888] ? copy_process+0x1ac8/0x52d0 [ 34.980680][ T1888] kmem_cache_alloc+0x203/0x2b0 [ 34.985505][ T1888] copy_process+0x1ac8/0x52d0 [ 34.990175][ T1888] ? kernel_wait4+0x380/0x380 [ 34.994864][ T1888] ? fork_idle+0x290/0x290 [ 34.999264][ T1888] ? put_pid+0x89/0xe0 [ 35.003311][ T1888] ? __ia32_sys_waitid+0xd0/0xd0 [ 35.008238][ T1888] ? do_nanosleep+0x58b/0x6b0 [ 35.012921][ T1888] _do_fork+0x185/0x950 [ 35.017054][ T1888] ? dup_mm+0x330/0x330 [ 35.021198][ T1888] ? __x64_sys_wait4+0x168/0x1c0 [ 35.026127][ T1888] ? do_wait+0x890/0x890 [ 35.030481][ T1888] __x64_sys_clone+0x247/0x2b0 [ 35.035233][ T1888] ? __ia32_sys_vfork+0x110/0x110 [ 35.040241][ T1888] ? syscall_return_slowpath+0x6f/0x500 [ 35.045781][ T1888] do_syscall_64+0xc0/0x100 [ 35.050259][ T1888] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 35.056136][ T1888] RIP: 0033:0x44084a [ 35.060007][ T1888] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 35.079614][ T1888] RSP: 002b:00007ffdfc085160 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 executing program executing program [ 35.088098][ T1888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044084a [ 35.096057][ T1888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 35.104002][ T1888] RBP: 00007ffdfc085180 R08: 0000000000000001 R09: 0000000001c2a880 [ 35.111951][ T1888] R10: 0000000001c2ab50 R11: 0000000000000246 R12: 0000000000000001 [ 35.119897][ T1888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.131494][ T1893] BUG: Bad page state in process syz-executor590 pfn:1d4b88 [ 35.139044][ T1893] page:ffffea000752e200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 35.148256][ T1893] flags: 0x8000000000000000() [ 35.152907][ T1893] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 35.161562][ T1893] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 35.170289][ T1893] page dumped because: nonzero _refcount [ 35.175937][ T1893] Modules linked in: [ 35.179810][ T1893] CPU: 0 PID: 1893 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 35.191322][ T1893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.201363][ T1893] Call Trace: [ 35.204804][ T1893] dump_stack+0x1b0/0x228 [ 35.209114][ T1893] ? is_module_text_address+0x130/0x130 [ 35.214635][ T1893] ? show_regs_print_info+0x18/0x18 [ 35.219810][ T1893] bad_page+0x262/0x290 [ 35.223941][ T1893] ? _raw_spin_lock+0x170/0x170 [ 35.228796][ T1893] ? is_free_buddy_page+0x190/0x190 [ 35.233980][ T1893] ? __kasan_check_read+0x11/0x20 [ 35.238994][ T1893] ? __zone_watermark_ok+0x9b/0x270 [ 35.244169][ T1893] get_page_from_freelist+0x505a/0x57e0 [ 35.249793][ T1893] ? __read_once_size_nocheck+0x10/0x10 [ 35.255428][ T1893] ? unwind_next_frame+0x415/0x870 [ 35.260531][ T1893] ? __rcu_read_lock+0x50/0x50 [ 35.265276][ T1893] ? unwind_next_frame+0x415/0x870 [ 35.270369][ T1893] ? __alloc_pages_nodemask+0x3010/0x3010 [ 35.276062][ T1893] ? 0xffffffffa0008000 [ 35.280191][ T1893] __alloc_pages_nodemask+0x44f/0x3010 [ 35.285624][ T1893] ? __kasan_check_read+0x11/0x20 [ 35.290631][ T1893] ? prep_new_page+0x13a/0x3a0 [ 35.295373][ T1893] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 35.301252][ T1893] ? get_page_from_freelist+0x5426/0x57e0 [ 35.306943][ T1893] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 35.313072][ T1893] alloc_slab_page+0x3f/0x390 [ 35.317747][ T1893] new_slab+0x98/0x430 [ 35.321790][ T1893] ___slab_alloc+0x2e0/0x450 [ 35.326368][ T1893] ? bpf_check+0x136/0xe7b0 [ 35.330872][ T1893] ? __should_failslab+0x90/0x160 [ 35.335898][ T1893] ? bpf_check+0x136/0xe7b0 [ 35.340384][ T1893] kmem_cache_alloc_trace+0x23f/0x2f0 [ 35.345732][ T1893] bpf_check+0x136/0xe7b0 [ 35.350052][ T1893] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 35.356012][ T1893] ? 0xffffffffa0008000 [ 35.360157][ T1893] ? is_bpf_text_address+0x2c8/0x2e0 [ 35.365424][ T1893] ? stack_trace_save+0x1e0/0x1e0 [ 35.370436][ T1893] ? __kernel_text_address+0x9a/0x110 [ 35.375782][ T1893] ? unwind_get_return_address+0x4c/0x90 [ 35.381502][ T1893] ? arch_stack_walk+0x98/0xe0 [ 35.386250][ T1893] ? stack_trace_save+0x111/0x1e0 [ 35.391250][ T1893] ? stack_trace_snprint+0x150/0x150 [ 35.396506][ T1893] ? stack_trace_snprint+0x150/0x150 [ 35.401776][ T1893] ? bpf_verifier_log_write+0x230/0x230 [ 35.407301][ T1893] ? __kasan_kmalloc+0x179/0x1b0 [ 35.412331][ T1893] ? __kasan_kmalloc+0x117/0x1b0 [ 35.417259][ T1893] ? kasan_kmalloc+0x9/0x10 [ 35.421760][ T1893] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 35.427219][ T1893] ? selinux_bpf_prog_alloc+0x51/0x150 [ 35.433211][ T1893] ? security_bpf_prog_alloc+0x50/0xb0 [ 35.438657][ T1893] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 35.443494][ T1893] ? __x64_sys_bpf+0x7a/0x90 [ 35.448068][ T1893] ? do_syscall_64+0xc0/0x100 [ 35.452737][ T1893] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 35.458964][ T1893] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 35.464493][ T1893] ? pcpu_next_fit_region+0x64e/0x7d0 [ 35.470012][ T1893] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 35.476059][ T1893] ? pcpu_alloc_area+0x7eb/0x940 [ 35.481133][ T1893] ? find_next_bit+0xd8/0x120 [ 35.485802][ T1893] ? cpumask_next+0x11/0x30 [ 35.490293][ T1893] ? __should_failslab+0x90/0x160 [ 35.495302][ T1893] ? selinux_bpf_prog_alloc+0x51/0x150 [ 35.500760][ T1893] ? kasan_kmalloc+0x9/0x10 [ 35.505273][ T1893] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 35.510702][ T1893] ? memset+0x31/0x40 [ 35.514672][ T1893] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 35.519757][ T1893] __do_sys_bpf+0x80a8/0xbbc0 [ 35.524421][ T1893] ? wp_page_copy+0xd24/0x10e0 [ 35.529158][ T1893] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 35.534678][ T1893] ? __rcu_read_lock+0x50/0x50 [ 35.539418][ T1893] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 35.545225][ T1893] ? __bpf_prog_put_rcu+0x350/0x350 [ 35.550397][ T1893] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 35.555915][ T1893] ? mem_cgroup_from_task+0x60/0x60 [ 35.561088][ T1893] ? __kasan_check_read+0x11/0x20 [ 35.566084][ T1893] ? __lru_cache_add+0x1ae/0x200 [ 35.571496][ T1893] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 35.582278][ T1893] ? _raw_spin_unlock+0x9/0x20 [ 35.590491][ T1893] ? handle_mm_fault+0xb2f/0x41c0 [ 35.596565][ T1893] ? alloc_file+0x84/0x4b0 [ 35.601144][ T1893] ? finish_fault+0x230/0x230 [ 35.606112][ T1893] ? __kasan_check_write+0x14/0x20 [ 35.611202][ T1893] ? __up_read+0x6f/0x1b0 [ 35.615543][ T1893] ? __down_read+0x240/0x240 [ 35.620123][ T1893] __x64_sys_bpf+0x7a/0x90 [ 35.624697][ T1893] do_syscall_64+0xc0/0x100 [ 35.629176][ T1893] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 35.635053][ T1893] RIP: 0033:0x441f49 [ 35.638941][ T1893] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 35.658715][ T1893] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 35.667117][ T1893] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441f49 [ 35.675128][ T1893] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 35.683102][ T1893] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 35.691062][ T1893] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000008928 [ 35.699027][ T1893] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 35.708362][ T1888] BUG: Bad page state in process syz-executor590 pfn:1cfd88 [ 35.715744][ T1888] page:ffffea00073f6200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 35.724908][ T1888] flags: 0x8000000000000000() [ 35.729557][ T1888] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 35.738108][ T1888] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 35.746665][ T1888] page dumped because: nonzero _refcount [ 35.752285][ T1888] Modules linked in: [ 35.756177][ T1888] CPU: 0 PID: 1888 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 35.767705][ T1888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.777754][ T1888] Call Trace: [ 35.781037][ T1888] dump_stack+0x1b0/0x228 [ 35.785348][ T1888] ? is_module_text_address+0x130/0x130 [ 35.790865][ T1888] ? show_regs_print_info+0x18/0x18 [ 35.796033][ T1888] bad_page+0x262/0x290 [ 35.800171][ T1888] ? _raw_spin_lock+0x170/0x170 [ 35.804994][ T1888] ? is_free_buddy_page+0x190/0x190 [ 35.810164][ T1888] ? __kasan_check_read+0x11/0x20 [ 35.815159][ T1888] ? __zone_watermark_ok+0x9b/0x270 [ 35.820338][ T1888] get_page_from_freelist+0x505a/0x57e0 [ 35.825859][ T1888] ? 0xffffffffa0010000 [ 35.829988][ T1888] ? is_bpf_text_address+0x2c8/0x2e0 [ 35.835246][ T1888] ? stack_trace_save+0x1e0/0x1e0 [ 35.840240][ T1888] ? __kernel_text_address+0x9a/0x110 [ 35.845583][ T1888] ? unwind_get_return_address+0x4c/0x90 [ 35.851274][ T1888] ? arch_stack_walk+0x98/0xe0 [ 35.856030][ T1888] ? stack_trace_save+0x111/0x1e0 [ 35.861040][ T1888] ? __alloc_pages_nodemask+0x3010/0x3010 [ 35.866755][ T1888] ? stack_trace_snprint+0x150/0x150 [ 35.872021][ T1888] __alloc_pages_nodemask+0x44f/0x3010 [ 35.877452][ T1888] ? __kasan_kmalloc+0x179/0x1b0 [ 35.882359][ T1888] ? kasan_slab_alloc+0xe/0x10 [ 35.887144][ T1888] ? kmem_cache_alloc+0x120/0x2b0 [ 35.892172][ T1888] ? copy_process+0x59b/0x52d0 [ 35.898119][ T1888] ? _do_fork+0x185/0x950 [ 35.902419][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 35.907336][ T1888] ? do_syscall_64+0xc0/0x100 [ 35.912010][ T1888] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 35.918094][ T1888] ? __kasan_check_write+0x14/0x20 [ 35.923189][ T1888] ? mod_node_page_state+0xd0/0xf0 [ 35.928283][ T1888] ? alloc_slab_page+0x135/0x390 [ 35.933220][ T1888] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 35.938745][ T1888] ? setup_object+0xfa/0x130 [ 35.943310][ T1888] ? new_slab+0x21b/0x430 [ 35.947611][ T1888] ? ___slab_alloc+0x2e0/0x450 [ 35.952358][ T1888] ? copy_process+0x59b/0x52d0 [ 35.957092][ T1888] ? __kasan_check_write+0x14/0x20 [ 35.962172][ T1888] ? copy_process+0x59b/0x52d0 [ 35.966908][ T1888] ? kasan_slab_alloc+0xe/0x10 [ 35.971660][ T1888] copy_process+0x5eb/0x52d0 [ 35.976223][ T1888] ? kernel_wait4+0x380/0x380 [ 35.980881][ T1888] ? fork_idle+0x290/0x290 [ 35.985267][ T1888] ? put_pid+0x89/0xe0 [ 35.989317][ T1888] ? __ia32_sys_waitid+0xd0/0xd0 [ 35.994224][ T1888] ? do_nanosleep+0x58b/0x6b0 [ 35.998868][ T1888] _do_fork+0x185/0x950 [ 36.002992][ T1888] ? dup_mm+0x330/0x330 [ 36.007124][ T1888] ? __x64_sys_wait4+0x168/0x1c0 [ 36.012049][ T1888] ? do_wait+0x890/0x890 [ 36.016322][ T1888] __x64_sys_clone+0x247/0x2b0 [ 36.021070][ T1888] ? __ia32_sys_vfork+0x110/0x110 [ 36.026072][ T1888] ? syscall_return_slowpath+0x6f/0x500 [ 36.031602][ T1888] do_syscall_64+0xc0/0x100 [ 36.036525][ T1888] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.042390][ T1888] RIP: 0033:0x44084a [ 36.046255][ T1888] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 36.065833][ T1888] RSP: 002b:00007ffdfc085160 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 36.074584][ T1888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044084a [ 36.082548][ T1888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 executing program executing program [ 36.090527][ T1888] RBP: 00007ffdfc085180 R08: 0000000000000001 R09: 0000000001c2a880 [ 36.098488][ T1888] R10: 0000000001c2ab50 R11: 0000000000000246 R12: 0000000000000001 [ 36.106584][ T1888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 36.118095][ T1895] BUG: Bad page state in process syz-executor590 pfn:1cfd60 [ 36.125478][ T1895] page:ffffea00073f5800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 36.134739][ T1895] flags: 0x8000000000000000() [ 36.139454][ T1895] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 36.148040][ T1895] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 36.156622][ T1895] page dumped because: nonzero _refcount [ 36.162224][ T1895] Modules linked in: [ 36.166095][ T1895] CPU: 0 PID: 1895 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 36.177611][ T1895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.187642][ T1895] Call Trace: [ 36.191434][ T1895] dump_stack+0x1b0/0x228 [ 36.195738][ T1895] ? is_module_text_address+0x130/0x130 [ 36.201268][ T1895] ? show_regs_print_info+0x18/0x18 [ 36.206455][ T1895] bad_page+0x262/0x290 [ 36.210584][ T1895] ? _raw_spin_lock+0x170/0x170 [ 36.215407][ T1895] ? is_free_buddy_page+0x190/0x190 [ 36.220575][ T1895] ? __kasan_check_read+0x11/0x20 [ 36.225570][ T1895] ? __zone_watermark_ok+0x9b/0x270 [ 36.230753][ T1895] get_page_from_freelist+0x505a/0x57e0 [ 36.236276][ T1895] ? __read_once_size_nocheck+0x10/0x10 [ 36.241793][ T1895] ? unwind_next_frame+0x415/0x870 [ 36.246889][ T1895] ? __rcu_read_lock+0x50/0x50 [ 36.251631][ T1895] ? unwind_next_frame+0x415/0x870 [ 36.256892][ T1895] ? __alloc_pages_nodemask+0x3010/0x3010 [ 36.262725][ T1895] ? 0xffffffffa0020000 [ 36.267506][ T1895] __alloc_pages_nodemask+0x44f/0x3010 [ 36.272968][ T1895] ? __kasan_check_read+0x11/0x20 [ 36.278006][ T1895] ? prep_new_page+0x13a/0x3a0 [ 36.282753][ T1895] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 36.288274][ T1895] ? get_page_from_freelist+0x5426/0x57e0 [ 36.293977][ T1895] ? __rcu_read_lock+0x50/0x50 [ 36.298742][ T1895] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 36.304834][ T1895] alloc_slab_page+0x3f/0x390 [ 36.309500][ T1895] new_slab+0x98/0x430 [ 36.313545][ T1895] ___slab_alloc+0x2e0/0x450 [ 36.318132][ T1895] ? bpf_check+0x136/0xe7b0 [ 36.322787][ T1895] ? __should_failslab+0x90/0x160 [ 36.327792][ T1895] ? bpf_check+0x136/0xe7b0 [ 36.336095][ T1895] kmem_cache_alloc_trace+0x23f/0x2f0 [ 36.341443][ T1895] bpf_check+0x136/0xe7b0 [ 36.345760][ T1895] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 36.351831][ T1895] ? 0xffffffffa0020000 [ 36.355968][ T1895] ? is_bpf_text_address+0x2c8/0x2e0 [ 36.361228][ T1895] ? stack_trace_save+0x1e0/0x1e0 [ 36.366228][ T1895] ? __kernel_text_address+0x9a/0x110 [ 36.371591][ T1895] ? unwind_get_return_address+0x4c/0x90 [ 36.377213][ T1895] ? arch_stack_walk+0x98/0xe0 [ 36.381966][ T1895] ? stack_trace_save+0x111/0x1e0 [ 36.386973][ T1895] ? stack_trace_snprint+0x150/0x150 [ 36.392230][ T1895] ? stack_trace_snprint+0x150/0x150 [ 36.397495][ T1895] ? bpf_verifier_log_write+0x230/0x230 [ 36.403016][ T1895] ? __kasan_kmalloc+0x179/0x1b0 [ 36.407923][ T1895] ? __kasan_kmalloc+0x117/0x1b0 [ 36.412919][ T1895] ? kasan_kmalloc+0x9/0x10 [ 36.417417][ T1895] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 36.422846][ T1895] ? selinux_bpf_prog_alloc+0x51/0x150 [ 36.428273][ T1895] ? security_bpf_prog_alloc+0x50/0xb0 [ 36.433708][ T1895] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 36.438541][ T1895] ? __x64_sys_bpf+0x7a/0x90 [ 36.443107][ T1895] ? do_syscall_64+0xc0/0x100 [ 36.447757][ T1895] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.453796][ T1895] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 36.459849][ T1895] ? pcpu_alloc_area+0x7eb/0x940 [ 36.464797][ T1895] ? find_next_bit+0xd8/0x120 [ 36.469448][ T1895] ? cpumask_next+0x11/0x30 [ 36.473925][ T1895] ? __should_failslab+0x90/0x160 [ 36.478935][ T1895] ? selinux_bpf_prog_alloc+0x51/0x150 [ 36.484378][ T1895] ? kasan_kmalloc+0x9/0x10 [ 36.488857][ T1895] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 36.494308][ T1895] ? memset+0x31/0x40 [ 36.498275][ T1895] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 36.503381][ T1895] __do_sys_bpf+0x80a8/0xbbc0 [ 36.508116][ T1895] ? wp_page_copy+0xd24/0x10e0 [ 36.512868][ T1895] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 36.518409][ T1895] ? __rcu_read_lock+0x50/0x50 [ 36.523149][ T1895] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 36.528943][ T1895] ? __bpf_prog_put_rcu+0x350/0x350 [ 36.534115][ T1895] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 36.539654][ T1895] ? mem_cgroup_from_task+0x60/0x60 [ 36.545114][ T1895] ? __kasan_check_read+0x11/0x20 [ 36.550121][ T1895] ? __lru_cache_add+0x1ae/0x200 [ 36.555047][ T1895] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 36.561661][ T1895] ? _raw_spin_unlock+0x9/0x20 [ 36.566405][ T1895] ? handle_mm_fault+0xb2f/0x41c0 [ 36.571501][ T1895] ? alloc_file+0x84/0x4b0 [ 36.575930][ T1895] ? finish_fault+0x230/0x230 [ 36.580643][ T1895] ? __kasan_check_write+0x14/0x20 [ 36.585749][ T1895] ? __up_read+0x6f/0x1b0 [ 36.590103][ T1895] ? __down_read+0x240/0x240 [ 36.594678][ T1895] __x64_sys_bpf+0x7a/0x90 [ 36.599083][ T1895] do_syscall_64+0xc0/0x100 [ 36.603576][ T1895] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.609456][ T1895] RIP: 0033:0x441f49 [ 36.613374][ T1895] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 36.632964][ T1895] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 36.641359][ T1895] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441f49 [ 36.649314][ T1895] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 36.657261][ T1895] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 36.665224][ T1895] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000008d03 [ 36.674375][ T1895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 36.693149][ T1888] BUG: Bad page state in process syz-executor590 pfn:1cfd78 [ 36.700738][ T1888] page:ffffea00073f5e00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 36.709916][ T1888] flags: 0x8000000000000000() [ 36.714611][ T1888] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 36.723262][ T1888] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 36.731876][ T1888] page dumped because: nonzero _refcount [ 36.737488][ T1888] Modules linked in: [ 36.741357][ T1888] CPU: 1 PID: 1888 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 36.752875][ T1888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.763088][ T1888] Call Trace: [ 36.766368][ T1888] dump_stack+0x1b0/0x228 [ 36.770879][ T1888] ? is_module_text_address+0x130/0x130 [ 36.776420][ T1888] ? show_regs_print_info+0x18/0x18 [ 36.781602][ T1888] bad_page+0x262/0x290 [ 36.785736][ T1888] ? _raw_spin_lock+0x170/0x170 [ 36.790583][ T1888] ? is_free_buddy_page+0x190/0x190 [ 36.795757][ T1888] ? __kasan_check_read+0x11/0x20 [ 36.800754][ T1888] ? __zone_watermark_ok+0x9b/0x270 [ 36.805926][ T1888] get_page_from_freelist+0x505a/0x57e0 [ 36.811441][ T1888] ? invalidate_inode_page+0x260/0x260 [ 36.816880][ T1888] ? __kasan_check_write+0x14/0x20 [ 36.821976][ T1888] ? __read_once_size_nocheck+0x10/0x10 [ 36.827527][ T1888] ? unwind_next_frame+0x415/0x870 [ 36.832621][ T1888] ? __rcu_read_lock+0x50/0x50 [ 36.837369][ T1888] ? unwind_next_frame+0x415/0x870 [ 36.842467][ T1888] ? __alloc_pages_nodemask+0x3010/0x3010 [ 36.848160][ T1888] ? 0xffffffffa0018000 [ 36.852291][ T1888] __alloc_pages_nodemask+0x44f/0x3010 [ 36.857821][ T1888] ? arch_stack_walk+0x98/0xe0 [ 36.862556][ T1888] ? stack_trace_save+0x111/0x1e0 [ 36.867548][ T1888] ? stack_trace_snprint+0x150/0x150 [ 36.872800][ T1888] ? stack_trace_save+0x111/0x1e0 [ 36.877797][ T1888] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 36.883326][ T1888] ? __kasan_kmalloc+0x179/0x1b0 [ 36.888243][ T1888] ? __kasan_kmalloc+0x117/0x1b0 [ 36.893160][ T1888] ? kasan_kmalloc+0x9/0x10 [ 36.897634][ T1888] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 36.903085][ T1888] ? alloc_fdtable+0x98/0x290 [ 36.907741][ T1888] ? dup_fd+0x7ad/0xb60 [ 36.911870][ T1888] ? copy_process+0x1725/0x52d0 [ 36.916688][ T1888] ? _do_fork+0x185/0x950 [ 36.921000][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 36.925919][ T1888] ? do_syscall_64+0xc0/0x100 [ 36.930603][ T1888] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.936655][ T1888] ? dup_fd+0x6f/0xb60 [ 36.940715][ T1888] ? copy_process+0x1725/0x52d0 [ 36.945560][ T1888] ? _do_fork+0x185/0x950 [ 36.950022][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 36.954933][ T1888] ? do_syscall_64+0xc0/0x100 [ 36.959586][ T1888] ? __rcu_read_lock+0x50/0x50 [ 36.964334][ T1888] ? __x64_sys_clone+0x247/0x2b0 [ 36.969263][ T1888] alloc_slab_page+0x3f/0x390 [ 36.975328][ T1888] new_slab+0x98/0x430 [ 36.979377][ T1888] ___slab_alloc+0x2e0/0x450 [ 36.983950][ T1888] ? kvmalloc_node+0xc6/0x120 [ 36.988605][ T1888] ? memcpy+0x49/0x60 [ 36.992572][ T1888] ? __should_failslab+0x90/0x160 [ 36.997588][ T1888] ? kvmalloc_node+0xc6/0x120 [ 37.002245][ T1888] __kmalloc+0x26d/0x310 [ 37.006530][ T1888] kvmalloc_node+0xc6/0x120 [ 37.011126][ T1888] alloc_fdtable+0xe3/0x290 [ 37.015626][ T1888] dup_fd+0x7ad/0xb60 [ 37.019582][ T1888] ? perf_event_attrs+0x30/0x30 [ 37.024433][ T1888] ? selinux_task_alloc+0x95/0xb0 [ 37.029435][ T1888] copy_process+0x1725/0x52d0 [ 37.034090][ T1888] ? kernel_wait4+0x380/0x380 [ 37.038761][ T1888] ? fork_idle+0x290/0x290 [ 37.043336][ T1888] ? put_pid+0x89/0xe0 [ 37.047395][ T1888] ? __ia32_sys_waitid+0xd0/0xd0 [ 37.052320][ T1888] ? do_nanosleep+0x58b/0x6b0 [ 37.057108][ T1888] _do_fork+0x185/0x950 [ 37.061257][ T1888] ? dup_mm+0x330/0x330 [ 37.065442][ T1888] ? __x64_sys_wait4+0x168/0x1c0 [ 37.070365][ T1888] ? do_wait+0x890/0x890 [ 37.074595][ T1888] __x64_sys_clone+0x247/0x2b0 [ 37.079346][ T1888] ? __ia32_sys_vfork+0x110/0x110 [ 37.084357][ T1888] ? syscall_return_slowpath+0x6f/0x500 [ 37.089889][ T1888] do_syscall_64+0xc0/0x100 [ 37.094378][ T1888] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 37.100265][ T1888] RIP: 0033:0x44084a [ 37.104201][ T1888] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 37.123792][ T1888] RSP: 002b:00007ffdfc085160 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 37.132200][ T1888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000044084a [ 37.140164][ T1888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 executing program executing program [ 37.148169][ T1888] RBP: 00007ffdfc085180 R08: 0000000000000001 R09: 0000000001c2a880 [ 37.156127][ T1888] R10: 0000000001c2ab50 R11: 0000000000000246 R12: 0000000000000001 [ 37.164078][ T1888] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.175634][ T1897] BUG: Bad page state in process syz-executor590 pfn:1cfc28 [ 37.183133][ T1897] page:ffffea00073f0a00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.192486][ T1897] flags: 0x8000000000000000() [ 37.197149][ T1897] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 37.205735][ T1897] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 37.214956][ T1897] page dumped because: nonzero _refcount [ 37.220781][ T1897] Modules linked in: [ 37.224707][ T1897] CPU: 0 PID: 1897 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 37.236385][ T1897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.246474][ T1897] Call Trace: [ 37.249899][ T1897] dump_stack+0x1b0/0x228 [ 37.254215][ T1897] ? is_module_text_address+0x130/0x130 [ 37.259749][ T1897] ? show_regs_print_info+0x18/0x18 [ 37.264923][ T1897] bad_page+0x262/0x290 [ 37.269051][ T1897] ? _raw_spin_lock+0x170/0x170 [ 37.273900][ T1897] ? is_free_buddy_page+0x190/0x190 [ 37.279088][ T1897] ? __kasan_check_read+0x11/0x20 [ 37.284113][ T1897] ? __zone_watermark_ok+0x9b/0x270 [ 37.289288][ T1897] get_page_from_freelist+0x505a/0x57e0 [ 37.294912][ T1897] ? __kasan_check_write+0x14/0x20 [ 37.300006][ T1897] ? __read_once_size_nocheck+0x10/0x10 [ 37.305535][ T1897] ? unwind_next_frame+0x415/0x870 [ 37.310641][ T1897] ? __rcu_read_lock+0x50/0x50 [ 37.315389][ T1897] ? unwind_next_frame+0x415/0x870 [ 37.320490][ T1897] ? __alloc_pages_nodemask+0x3010/0x3010 [ 37.326411][ T1897] ? 0xffffffffa0008000 [ 37.330563][ T1897] __alloc_pages_nodemask+0x44f/0x3010 [ 37.336058][ T1897] ? __kasan_check_read+0x11/0x20 [ 37.341079][ T1897] ? prep_new_page+0x13a/0x3a0 [ 37.345837][ T1897] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 37.351556][ T1897] ? get_page_from_freelist+0x5426/0x57e0 [ 37.358465][ T1897] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 37.364460][ T1897] alloc_slab_page+0x3f/0x390 [ 37.369130][ T1897] new_slab+0x98/0x430 [ 37.373182][ T1897] ___slab_alloc+0x2e0/0x450 [ 37.378707][ T1897] ? bpf_check+0x136/0xe7b0 [ 37.383196][ T1897] ? __should_failslab+0x90/0x160 [ 37.388201][ T1897] ? bpf_check+0x136/0xe7b0 [ 37.392686][ T1897] kmem_cache_alloc_trace+0x23f/0x2f0 [ 37.398113][ T1897] bpf_check+0x136/0xe7b0 [ 37.402580][ T1897] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 37.408817][ T1897] ? 0xffffffffa0008000 [ 37.412972][ T1897] ? is_bpf_text_address+0x2c8/0x2e0 [ 37.418256][ T1897] ? stack_trace_save+0x1e0/0x1e0 [ 37.424322][ T1897] ? __kernel_text_address+0x9a/0x110 [ 37.429679][ T1897] ? unwind_get_return_address+0x4c/0x90 [ 37.435735][ T1897] ? arch_stack_walk+0x98/0xe0 [ 37.440502][ T1897] ? stack_trace_save+0x111/0x1e0 [ 37.445523][ T1897] ? stack_trace_snprint+0x150/0x150 [ 37.451087][ T1897] ? stack_trace_snprint+0x150/0x150 [ 37.456437][ T1897] ? bpf_verifier_log_write+0x230/0x230 [ 37.462443][ T1897] ? __kasan_kmalloc+0x179/0x1b0 [ 37.467366][ T1897] ? __kasan_kmalloc+0x117/0x1b0 [ 37.472279][ T1897] ? kasan_kmalloc+0x9/0x10 [ 37.476801][ T1897] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 37.482233][ T1897] ? selinux_bpf_prog_alloc+0x51/0x150 [ 37.487690][ T1897] ? security_bpf_prog_alloc+0x50/0xb0 [ 37.493121][ T1897] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 37.497944][ T1897] ? __x64_sys_bpf+0x7a/0x90 [ 37.502523][ T1897] ? do_syscall_64+0xc0/0x100 [ 37.507177][ T1897] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 37.513218][ T1897] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 37.518745][ T1897] ? pcpu_next_fit_region+0x64e/0x7d0 [ 37.524106][ T1897] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 37.530164][ T1897] ? pcpu_alloc_area+0x7eb/0x940 [ 37.535080][ T1897] ? find_next_bit+0xd8/0x120 [ 37.539744][ T1897] ? cpumask_next+0x11/0x30 [ 37.544218][ T1897] ? __should_failslab+0x90/0x160 [ 37.549214][ T1897] ? selinux_bpf_prog_alloc+0x51/0x150 [ 37.554645][ T1897] ? kasan_kmalloc+0x9/0x10 [ 37.559123][ T1897] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 37.564572][ T1897] ? memset+0x31/0x40 [ 37.568588][ T1897] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 37.573748][ T1897] __do_sys_bpf+0x80a8/0xbbc0 [ 37.578409][ T1897] ? wp_page_copy+0xd24/0x10e0 [ 37.583157][ T1897] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 37.588824][ T1897] ? __rcu_read_lock+0x50/0x50 [ 37.593564][ T1897] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 37.599342][ T1897] ? __bpf_prog_put_rcu+0x350/0x350 [ 37.604526][ T1897] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 37.610052][ T1897] ? mem_cgroup_from_task+0x60/0x60 [ 37.615236][ T1897] ? __kasan_check_read+0x11/0x20 [ 37.620247][ T1897] ? __lru_cache_add+0x1ae/0x200 [ 37.625157][ T1897] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 37.631789][ T1897] ? _raw_spin_unlock+0x9/0x20 [ 37.636564][ T1897] ? handle_mm_fault+0xb2f/0x41c0 [ 37.641565][ T1897] ? alloc_file+0x84/0x4b0 [ 37.645956][ T1897] ? finish_fault+0x230/0x230 [ 37.650613][ T1897] ? __kasan_check_write+0x14/0x20 [ 37.655706][ T1897] ? __up_read+0x6f/0x1b0 [ 37.660070][ T1897] ? __down_read+0x240/0x240 [ 37.664775][ T1897] __x64_sys_bpf+0x7a/0x90 [ 37.669288][ T1897] do_syscall_64+0xc0/0x100 [ 37.673774][ T1897] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 37.679643][ T1897] RIP: 0033:0x441f49 [ 37.683511][ T1897] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 37.703410][ T1897] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 37.711801][ T1897] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441f49 [ 37.719752][ T1897] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 37.727709][ T1897] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 37.735654][ T1897] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000009125 executing program [ 37.743615][ T1897] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 37.753877][ T1898] BUG: Bad page state in process syz-executor590 pfn:1d0640 [ 37.761433][ T1898] page:ffffea0007419000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 37.770956][ T1898] flags: 0x8000000000000000() [ 37.775625][ T1898] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 37.784205][ T1898] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 37.792766][ T1898] page dumped because: nonzero _refcount [ 37.798368][ T1898] Modules linked in: [ 37.802519][ T1898] CPU: 1 PID: 1898 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 37.814225][ T1898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.824255][ T1898] Call Trace: [ 37.827527][ T1898] dump_stack+0x1b0/0x228 [ 37.831832][ T1898] ? is_module_text_address+0x130/0x130 [ 37.837377][ T1898] ? show_regs_print_info+0x18/0x18 [ 37.842562][ T1898] bad_page+0x262/0x290 [ 37.846711][ T1898] ? _raw_spin_lock+0x170/0x170 [ 37.851543][ T1898] ? is_free_buddy_page+0x190/0x190 [ 37.856757][ T1898] ? __kasan_check_read+0x11/0x20 [ 37.861761][ T1898] ? __zone_watermark_ok+0x9b/0x270 [ 37.866934][ T1898] get_page_from_freelist+0x505a/0x57e0 [ 37.872465][ T1898] ? __kasan_check_write+0x14/0x20 [ 37.877547][ T1898] ? _raw_spin_lock_irqsave+0xda/0x1c0 [ 37.882977][ T1898] ? __read_once_size_nocheck+0x10/0x10 [ 37.888491][ T1898] ? _raw_spin_lock+0x170/0x170 [ 37.893318][ T1898] ? __alloc_pages_nodemask+0x3010/0x3010 [ 37.899023][ T1898] ? get_page_from_freelist+0x5426/0x57e0 [ 37.904716][ T1898] __alloc_pages_nodemask+0x44f/0x3010 [ 37.910160][ T1898] ? __kasan_check_read+0x11/0x20 [ 37.915176][ T1898] ? prep_new_page+0x13a/0x3a0 [ 37.919913][ T1898] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 37.925432][ T1898] ? get_page_from_freelist+0x5426/0x57e0 [ 37.931123][ T1898] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 37.937077][ T1898] alloc_slab_page+0x3f/0x390 [ 37.941730][ T1898] new_slab+0x98/0x430 [ 37.945779][ T1898] ___slab_alloc+0x2e0/0x450 [ 37.950353][ T1898] ? bpf_check+0x136/0xe7b0 [ 37.954831][ T1898] ? __should_failslab+0x90/0x160 [ 37.959824][ T1898] ? bpf_check+0x136/0xe7b0 [ 37.964302][ T1898] kmem_cache_alloc_trace+0x23f/0x2f0 [ 37.970254][ T1898] bpf_check+0x136/0xe7b0 [ 37.974559][ T1898] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 37.980509][ T1898] ? 0xffffffffa0010000 [ 37.984650][ T1898] ? is_bpf_text_address+0x2c8/0x2e0 [ 37.989907][ T1898] ? stack_trace_save+0x1e0/0x1e0 [ 37.994906][ T1898] ? __kernel_text_address+0x9a/0x110 [ 38.000251][ T1898] ? unwind_get_return_address+0x4c/0x90 [ 38.005857][ T1898] ? arch_stack_walk+0x98/0xe0 [ 38.010619][ T1898] ? stack_trace_save+0x111/0x1e0 [ 38.015740][ T1898] ? stack_trace_snprint+0x150/0x150 [ 38.021003][ T1898] ? stack_trace_snprint+0x150/0x150 [ 38.026261][ T1898] ? bpf_verifier_log_write+0x230/0x230 [ 38.031808][ T1898] ? __kasan_kmalloc+0x179/0x1b0 [ 38.036821][ T1898] ? __kasan_kmalloc+0x117/0x1b0 [ 38.041757][ T1898] ? kasan_kmalloc+0x9/0x10 [ 38.046235][ T1898] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 38.051665][ T1898] ? selinux_bpf_prog_alloc+0x51/0x150 [ 38.057122][ T1898] ? security_bpf_prog_alloc+0x50/0xb0 [ 38.062559][ T1898] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 38.069711][ T1898] ? __x64_sys_bpf+0x7a/0x90 [ 38.074416][ T1898] ? do_syscall_64+0xc0/0x100 [ 38.079088][ T1898] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.085160][ T1898] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 38.090722][ T1898] ? pcpu_next_fit_region+0x64e/0x7d0 [ 38.096080][ T1898] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 38.102125][ T1898] ? pcpu_alloc_area+0x7eb/0x940 [ 38.107036][ T1898] ? find_next_bit+0xd8/0x120 [ 38.111707][ T1898] ? cpumask_next+0x11/0x30 [ 38.116313][ T1898] ? __should_failslab+0x90/0x160 [ 38.121354][ T1898] ? selinux_bpf_prog_alloc+0x51/0x150 [ 38.126802][ T1898] ? kasan_kmalloc+0x9/0x10 [ 38.131296][ T1898] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 38.136934][ T1898] ? memset+0x31/0x40 [ 38.140902][ T1898] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 38.145995][ T1898] __do_sys_bpf+0x80a8/0xbbc0 [ 38.150651][ T1898] ? wp_page_copy+0xd24/0x10e0 [ 38.155470][ T1898] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 38.161008][ T1898] ? __rcu_read_lock+0x50/0x50 [ 38.165749][ T1898] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 38.171534][ T1898] ? __bpf_prog_put_rcu+0x350/0x350 [ 38.176719][ T1898] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 38.182247][ T1898] ? mem_cgroup_from_task+0x60/0x60 [ 38.187417][ T1898] ? __kasan_check_read+0x11/0x20 [ 38.192422][ T1898] ? __lru_cache_add+0x1ae/0x200 [ 38.197345][ T1898] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 38.203905][ T1898] ? _raw_spin_unlock+0x9/0x20 [ 38.208646][ T1898] ? handle_mm_fault+0xb2f/0x41c0 [ 38.213657][ T1898] ? alloc_file+0x84/0x4b0 [ 38.218091][ T1898] ? finish_fault+0x230/0x230 [ 38.222751][ T1898] ? __kasan_check_write+0x14/0x20 [ 38.227849][ T1898] ? __up_read+0x6f/0x1b0 [ 38.232248][ T1898] ? __down_read+0x240/0x240 [ 38.237009][ T1898] __x64_sys_bpf+0x7a/0x90 [ 38.241411][ T1898] do_syscall_64+0xc0/0x100 [ 38.245902][ T1898] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.251933][ T1898] RIP: 0033:0x441f49 [ 38.255806][ T1898] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 38.275538][ T1898] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 38.283926][ T1898] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441f49 [ 38.291883][ T1898] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 executing program [ 38.299829][ T1898] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 38.307774][ T1898] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000009127 [ 38.315730][ T1898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 38.327487][ T1899] BUG: Bad page state in process syz-executor590 pfn:1d0650 [ 38.334896][ T1899] page:ffffea0007419400 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 38.344075][ T1899] flags: 0x8000000000000000() [ 38.348738][ T1899] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 38.357388][ T1899] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 38.365945][ T1899] page dumped because: nonzero _refcount [ 38.371551][ T1899] Modules linked in: [ 38.375434][ T1899] CPU: 1 PID: 1899 Comm: syz-executor590 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 38.387053][ T1899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.397183][ T1899] Call Trace: [ 38.400459][ T1899] dump_stack+0x1b0/0x228 [ 38.405460][ T1899] ? is_module_text_address+0x130/0x130 [ 38.410981][ T1899] ? show_regs_print_info+0x18/0x18 [ 38.416174][ T1899] bad_page+0x262/0x290 [ 38.420316][ T1899] ? _raw_spin_lock+0x170/0x170 [ 38.425413][ T1899] ? is_free_buddy_page+0x190/0x190 [ 38.430594][ T1899] ? __kasan_check_read+0x11/0x20 [ 38.435599][ T1899] ? __zone_watermark_ok+0x9b/0x270 [ 38.440886][ T1899] get_page_from_freelist+0x505a/0x57e0 [ 38.446432][ T1899] ? unwind_next_frame+0x415/0x870 [ 38.451562][ T1899] ? __rcu_read_lock+0x50/0x50 [ 38.456425][ T1899] ? unwind_next_frame+0x415/0x870 [ 38.461621][ T1899] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 38.467773][ T1899] ? 0xffffffffa0028000 [ 38.471939][ T1899] ? is_bpf_text_address+0x2c8/0x2e0 [ 38.477329][ T1899] ? stack_trace_save+0x1e0/0x1e0 [ 38.482333][ T1899] ? __kernel_text_address+0x9a/0x110 [ 38.487771][ T1899] ? unwind_get_return_address+0x4c/0x90 [ 38.493380][ T1899] ? arch_stack_walk+0x98/0xe0 [ 38.498121][ T1899] ? __alloc_pages_nodemask+0x3010/0x3010 [ 38.503829][ T1899] ? stack_trace_save+0x111/0x1e0 [ 38.508836][ T1899] __alloc_pages_nodemask+0x44f/0x3010 [ 38.514272][ T1899] ? __kasan_slab_free+0x168/0x220 [ 38.519369][ T1899] ? skb_release_data+0x536/0x690 [ 38.524368][ T1899] ? __kfree_skb+0x134/0x180 [ 38.528934][ T1899] ? __kasan_slab_free+0x1e2/0x220 [ 38.534028][ T1899] ? __kasan_slab_free+0x168/0x220 [ 38.539182][ T1899] ? netlink_sendmsg+0x9a7/0xd40 [ 38.544435][ T1899] ? __sys_sendmsg+0x26a/0x350 [ 38.549488][ T1899] ? __x64_sys_sendmsg+0x7f/0x90 [ 38.554513][ T1899] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.560561][ T1899] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 38.565931][ T1899] ? rhashtable_jhash2+0x1f1/0x330 [ 38.571058][ T1899] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 38.577287][ T1899] ? rht_key_hashfn+0x157/0x240 [ 38.582122][ T1899] ? deferred_put_nlk_sk+0x200/0x200 [ 38.587397][ T1899] ? __alloc_skb+0x109/0x540 [ 38.592310][ T1899] ? jhash+0x750/0x750 [ 38.596351][ T1899] ? netlink_hash+0xd0/0xd0 [ 38.601797][ T1899] ? avc_has_perm+0x15f/0x260 [ 38.606628][ T1899] ? skb_release_data+0x536/0x690 [ 38.611635][ T1899] ? __rcu_read_lock+0x50/0x50 [ 38.616373][ T1899] skb_page_frag_refill+0x11d/0x3b0 [ 38.621903][ T1899] tun_get_user+0x69a/0x3d10 [ 38.626643][ T1899] ? tun_do_read+0x1f10/0x1f10 [ 38.631400][ T1899] ? netlink_detachskb+0x60/0x60 [ 38.636400][ T1899] ? put_pid+0x82/0xe0 [ 38.640470][ T1899] ? netlink_sendmsg+0xa28/0xd40 [ 38.645397][ T1899] ? __rcu_read_lock+0x50/0x50 [ 38.650241][ T1899] ? netlink_getsockopt+0x900/0x900 [ 38.656380][ T1899] tun_chr_write_iter+0x134/0x1c0 [ 38.661471][ T1899] do_iter_readv_writev+0x5fa/0x890 [ 38.666671][ T1899] ? vfs_dedupe_file_range+0xa00/0xa00 [ 38.672112][ T1899] ? security_file_permission+0x157/0x350 [ 38.677812][ T1899] ? rw_verify_area+0x1c2/0x360 [ 38.682642][ T1899] do_iter_write+0x180/0x590 [ 38.687211][ T1899] do_writev+0x2cd/0x560 [ 38.691428][ T1899] ? do_readv+0x400/0x400 [ 38.695732][ T1899] ? __up_read+0x6f/0x1b0 [ 38.700035][ T1899] ? __down_read+0x240/0x240 [ 38.704604][ T1899] ? __kasan_check_read+0x11/0x20 [ 38.709614][ T1899] __x64_sys_writev+0x7d/0x90 [ 38.714295][ T1899] do_syscall_64+0xc0/0x100 [ 38.719141][ T1899] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.725027][ T1899] RIP: 0033:0x441e40 [ 38.728912][ T1899] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 91 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 38.748498][ T1899] RSP: 002b:00007ffdfc085188 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 38.756883][ T1899] RAX: ffffffffffffffda RBX: 00007ffdfc0851a0 RCX: 0000000000441e40 [ 38.764848][ T1899] RDX: 0000000000000001 RSI: 00007ffdfc0851d0 RDI: 00000000000000f0 [ 38.772888][ T1899] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 38.780833][ T1899] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000009369 [ 38.788783][ T1899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 38.797479][ T1899] BUG: Bad page state in process syz-executor590 pfn:1d0658 [ 38.797536][ T1732] ------------[ cut here ]------------ [ 38.804894][ T1899] page:ffffea0007419600 refcount:0 mapcount:0 mapping:ffff8881da802a00 index:0x0 compound_mapcount: 0 [ 38.810298][ T1732] kernel BUG at mm/slub.c:3949! [ 38.821211][ T1899] flags: 0x8000000000010200(slab|head) [ 38.826940][ T1732] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 38.837554][ T1732] CPU: 0 PID: 1732 Comm: rsyslogd Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 38.848465][ T1732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.858810][ T1732] RIP: 0010:kfree+0x6b1/0x6d0 [ 38.863468][ T1732] Code: 8b 8a 90 01 00 00 f0 48 ff 49 20 f0 48 29 41 28 f6 42 0a 08 75 16 48 8b 7d c0 48 8b 75 b8 e8 e6 39 00 00 e9 bb fb ff ff 0f 0b <0f> 0b 48 8b 7d b0 48 c7 c6 40 a9 70 81 e8 2d 8f c0 ff e9 a2 fb ff [ 38.883138][ T1732] RSP: 0018:ffff8881d2b77958 EFLAGS: 00010246 [ 38.889201][ T1732] RAX: 0000000000000000 RBX: ffffea0007419640 RCX: ffffea0007419640 [ 38.897145][ T1732] RDX: 0000000000000000 RSI: 00000000000005e3 RDI: ffff8881d0659800 [ 38.905100][ T1732] RBP: ffff8881d2b779d0 R08: ffffffff812cf9b3 R09: 0000000000000003 [ 38.913322][ T1732] R10: ffffed103a56ef2d R11: 0000000000000004 R12: ffff8881d0659800 [ 38.921274][ T1732] R13: 1ffff1103a56ef48 R14: 0000000000000000 R15: dffffc0000000000 [ 38.929348][ T1732] FS: 00007fc443e2b700(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 38.938266][ T1732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.944826][ T1732] CR2: 00007ffdfc0851a0 CR3: 00000001cfbee005 CR4: 00000000001606f0 [ 38.952772][ T1732] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.960716][ T1732] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.968665][ T1732] Call Trace: [ 38.971937][ T1732] ? do_syslog+0x13d6/0x1450 [ 38.976503][ T1732] ? __kasan_check_read+0x11/0x20 [ 38.981510][ T1732] do_syslog+0x13d6/0x1450 [ 38.985991][ T1732] ? printk+0x109/0x109 [ 38.990130][ T1732] ? futex_exit_release+0xd0/0xd0 [ 38.995127][ T1732] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 39.001041][ T1732] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 39.006590][ T1732] kmsg_read+0x94/0xd0 [ 39.010734][ T1732] ? proc_net_ns_exit+0x70/0x70 [ 39.015575][ T1732] proc_reg_read+0x227/0x350 [ 39.020151][ T1732] ? proc_reg_llseek+0x330/0x330 [ 39.025080][ T1732] ? fsnotify+0x1390/0x1450 [ 39.029574][ T1732] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 39.036142][ T1732] ? proc_reg_llseek+0x330/0x330 [ 39.041071][ T1732] __vfs_read+0xff/0x6f0 [ 39.045320][ T1732] ? rw_verify_area+0x360/0x360 [ 39.050169][ T1732] ? security_file_permission+0x241/0x350 [ 39.055869][ T1732] ? rw_verify_area+0x1c2/0x360 [ 39.060699][ T1732] vfs_read+0x16e/0x380 [ 39.064842][ T1732] ksys_read+0x168/0x2a0 [ 39.069068][ T1732] ? vfs_write+0x4e0/0x4e0 [ 39.073590][ T1732] ? __kasan_check_read+0x11/0x20 [ 39.078609][ T1732] __x64_sys_read+0x7b/0x90 [ 39.083112][ T1732] do_syscall_64+0xc0/0x100 [ 39.087609][ T1732] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.093475][ T1732] RIP: 0033:0x7fc44688b1fd [ 39.097884][ T1732] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 39.117486][ T1732] RSP: 002b:00007fc443e2ae30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 39.125901][ T1732] RAX: ffffffffffffffda RBX: 00000000011544b0 RCX: 00007fc44688b1fd [ 39.133864][ T1732] RDX: 0000000000000fff RSI: 00007fc44565f5a0 RDI: 0000000000000004 [ 39.141899][ T1732] RBP: 0000000000000000 R08: 000000000113f260 R09: 0000000000000000 [ 39.149936][ T1732] R10: 5f726574695f6f64 R11: 0000000000000293 R12: 000000000065e420 [ 39.157880][ T1732] R13: 00007fc443e2b9c0 R14: 00007fc446ed0040 R15: 0000000000000003 [ 39.165836][ T1732] Modules linked in: [ 39.169741][ T1899] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da802a00 [ 39.169995][ T1885] ------------[ cut here ]------------ [ 39.178459][ T1899] raw: 0000000000000000 0000000080100010 00000000ffffffff 0000000000000000 [ 39.183804][ T1885] WARNING: CPU: 0 PID: 1885 at mm/slub.c:3927 __ksize+0xd4/0xf0 [ 39.183806][ T1885] Modules linked in: [ 39.183818][ T1885] CPU: 0 PID: 1885 Comm: sshd Tainted: G B D W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 39.183821][ T1885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.183829][ T1885] RIP: 0010:__ksize+0xd4/0xf0 [ 39.183837][ T1885] Code: 48 ff c8 48 89 c1 f7 01 00 02 00 00 75 b3 f7 07 00 00 01 00 75 08 48 8b 47 08 a8 01 74 0c f7 07 00 00 01 00 75 0e 31 c9 eb 0e <0f> 0b f7 07 00 00 01 00 74 f2 0f b6 4f 51 b8 00 10 00 00 48 d3 e0 [ 39.183841][ T1885] RSP: 0018:ffff8881d071f738 EFLAGS: 00010246 [ 39.183848][ T1885] RAX: 0000000000000000 RBX: ffff8881d065a800 RCX: ffffea0007419680 [ 39.183852][ T1885] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffea0007419680 [ 39.183856][ T1885] RBP: ffff8881d071f738 R08: dffffc0000000000 R09: ffffed103a0cb501 [ 39.183861][ T1885] R10: ffffed103a0cb501 R11: 0000000000000000 R12: ffff8881cfd4d900 [ 39.183865][ T1885] R13: 0000000000000cc0 R14: ffff8881d065a800 R15: 0000000000000280 [ 39.183872][ T1885] FS: 00007ffb73b287c0(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 39.183877][ T1885] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.183881][ T1885] CR2: 00007ffdfc0851a0 CR3: 00000001cd57a004 CR4: 00000000001606f0 [ 39.183888][ T1885] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.183892][ T1885] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.183894][ T1885] Call Trace: [ 39.183907][ T1885] ksize+0x2e/0x50 [ 39.192655][ T1899] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 39.200170][ T1885] ? sk_stream_alloc_skb+0x216/0xbb0 [ 39.204069][ T1899] bad because of flags: 0x200(slab) [ 39.214692][ T1885] __alloc_skb+0x129/0x540 [ 39.214704][ T1885] sk_stream_alloc_skb+0x216/0xbb0 [ 39.224742][ T1899] Modules linked in: [ 39.229390][ T1885] tcp_sendmsg_locked+0xe5b/0x3db0 [ 39.249179][ T1899] CPU: 1 PID: 1899 Comm: syz-executor590 Tainted: G B D W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 39.255225][ T1885] ? __kasan_check_read+0x11/0x20 [ 39.263180][ T1899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.271147][ T1885] ? _local_bh_enable+0x30/0x30 [ 39.279086][ T1899] Call Trace: [ 39.287045][ T1885] ? _raw_spin_lock_bh+0xa4/0x180 [ 39.287059][ T1885] ? tcp_free_fastopen_req+0x80/0x80 [ 39.295008][ T1899] dump_stack+0x1b0/0x228 [ 39.303920][ T1885] tcp_sendmsg+0x2f/0x50 [ 39.310490][ T1899] ? is_module_text_address+0x130/0x130 [ 39.318631][ T1885] inet_sendmsg+0xa1/0xc0 [ 39.326767][ T1899] ? show_regs_print_info+0x18/0x18 [ 39.334726][ T1885] ? inet_send_prepare+0x4d0/0x4d0 [ 39.338017][ T1899] bad_page+0x262/0x290 [ 39.341721][ T1885] sock_write_iter+0x352/0x4a0 [ 39.349050][ T1899] ? is_free_buddy_page+0x190/0x190 [ 39.354415][ T1885] ? avc_has_perm_noaudit+0x3f0/0x3f0 [ 39.359589][ T1899] __free_pages_ok+0x759/0xd80 [ 39.363982][ T1885] ? sock_read_iter+0x470/0x470 [ 39.369061][ T1899] ? __kasan_check_read+0x11/0x20 [ 39.372928][ T1885] ? file_has_perm+0x4ed/0x6a0 [ 39.378010][ T1899] ? set_pageblock_migratetype+0x150/0x150 [ 39.389513][ T1885] ? iov_iter_init+0x8a/0x170 [ 39.394863][ T1899] free_compound_page+0x67/0x90 [ 39.405133][ T1885] __vfs_write+0x579/0x700 [ 39.410070][ T1899] __put_page+0xf7/0x120 [ 39.413346][ T1885] ? __kernel_write+0x350/0x350 [ 39.418350][ T1899] do_exit+0x1d53/0x26f0 [ 39.423618][ T1885] ? security_file_permission+0x157/0x350 [ 39.427917][ T1899] ? mm_update_next_owner+0x5f0/0x5f0 [ 39.432132][ T1885] ? rw_verify_area+0x1c2/0x360 [ 39.437664][ T1899] ? do_user_addr_fault+0x6b7/0xb50 [ 39.442223][ T1885] vfs_write+0x203/0x4e0 [ 39.447391][ T1899] do_group_exit+0x153/0x2a0 [ 39.452487][ T1885] ksys_write+0x168/0x2a0 [ 39.456621][ T1899] __do_sys_exit_group+0x17/0x20 [ 39.461353][ T1885] ? __ia32_sys_read+0x90/0x90 [ 39.466526][ T1899] __se_sys_exit_group+0x14/0x20 [ 39.472134][ T1885] ? __kasan_check_read+0x11/0x20 [ 39.476888][ T1899] __x64_sys_exit_group+0x3b/0x40 [ 39.481711][ T1885] __x64_sys_write+0x7b/0x90 [ 39.486704][ T1899] do_syscall_64+0xc0/0x100 [ 39.491438][ T1885] do_syscall_64+0xc0/0x100 [ 39.497221][ T1899] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.501882][ T1885] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 39.506703][ T1899] RIP: 0033:0x440af8 [ 39.511097][ T1885] RIP: 0033:0x7ffb71ec3370 [ 39.515311][ T1899] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 39.520142][ T1885] Code: 73 01 c3 48 8b 0d c8 4a 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 83 3d 85 a2 2b 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 0e 8a 01 00 48 89 04 24 [ 39.524354][ T1899] RSP: 002b:00007ffdfc085148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 39.530134][ T1885] RSP: 002b:00007fff5fa90b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 39.535482][ T1899] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440af8 [ 39.540316][ T1885] RAX: ffffffffffffffda RBX: 0000000000000038 RCX: 00007ffb71ec3370 [ 39.545497][ T1899] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 39.549730][ T1885] RDX: 0000000000000038 RSI: 000055ed1832d490 RDI: 0000000000000003 [ 39.554411][ T1899] RBP: 00000000004c6950 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 39.558725][ T1885] RBP: 000055ed1832d490 R08: 0000000000000001 R09: 0101010101010101 [ 39.563652][ T1899] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001 [ 39.568828][ T1885] R10: 0000000000000008 R11: 0000000000000246 R12: 00007fff5fa90bfc [ 39.573822][ T1899] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 39.578823][ T1885] R13: 000055ed16c06fb4 R14: 0000000000000028 R15: 000055ed16c08ca0 [ 39.752735][ T1885] ---[ end trace 7fb1e257b2382f3a ]--- [ 39.759181][ T1732] ---[ end trace 7fb1e257b2382f3b ]--- [ 39.759944][ T1] BUG: Bad page state in process init pfn:1cfd90 [ 39.771059][ T1] page:ffffea00073f6400 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 39.780325][ T1] flags: 0x8000000000000000() [ 39.784989][ T1] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 39.793556][ T1] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 39.802172][ T1] page dumped because: nonzero _refcount [ 39.807967][ T1] Modules linked in: [ 39.811876][ T1] CPU: 0 PID: 1 Comm: init Tainted: G B D W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 39.822183][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.832224][ T1] Call Trace: [ 39.835496][ T1] dump_stack+0x1b0/0x228 [ 39.839798][ T1] ? is_module_text_address+0x130/0x130 [ 39.845400][ T1] ? show_regs_print_info+0x18/0x18 [ 39.850575][ T1] bad_page+0x262/0x290 [ 39.854703][ T1] ? __kasan_check_write+0x14/0x20 [ 39.859785][ T1] ? is_free_buddy_page+0x190/0x190 [ 39.864956][ T1] ? __kasan_check_read+0x11/0x20 [ 39.869950][ T1] get_page_from_freelist+0x2cce/0x57e0 [ 39.875483][ T1] ? __rcu_read_lock+0x50/0x50 [ 39.880218][ T1] ? unwind_next_frame+0x415/0x870 [ 39.885300][ T1] ? __alloc_pages_nodemask+0x3010/0x3010 [ 39.891081][ T1] ? 0xffffffffa0018000 [ 39.895294][ T1] __alloc_pages_nodemask+0x44f/0x3010 [ 39.900861][ T1] ? arch_stack_walk+0x98/0xe0 [ 39.905604][ T1] ? stack_trace_save+0x111/0x1e0 [ 39.910614][ T1] ? stack_trace_snprint+0x150/0x150 [ 39.915990][ T1] ? __kasan_kmalloc+0x179/0x1b0 [ 39.920910][ T1] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 39.927930][ T1] ? anon_vma_clone+0xa1/0x4a0 [ 39.932684][ T1] ? __kasan_kmalloc+0x179/0x1b0 [ 39.937733][ T1] ? __kasan_kmalloc+0x117/0x1b0 [ 39.942649][ T1] ? kasan_slab_alloc+0xe/0x10 [ 39.947412][ T1] ? kmem_cache_alloc+0x120/0x2b0 [ 39.952412][ T1] ? anon_vma_fork+0x1c6/0x520 [ 39.957152][ T1] ? dup_mmap+0x597/0xc10 [ 39.961577][ T1] ? dup_mm+0x9e/0x330 [ 39.965702][ T1] ? copy_process+0x2116/0x52d0 [ 39.970522][ T1] ? _do_fork+0x185/0x950 [ 39.974820][ T1] ? __x64_sys_clone+0x247/0x2b0 [ 39.979727][ T1] ? do_syscall_64+0xc0/0x100 [ 39.984386][ T1] ? kasan_slab_alloc+0xe/0x10 [ 39.989139][ T1] ? kmem_cache_alloc+0x120/0x2b0 [ 39.994373][ T1] ? dup_mmap+0x4c4/0xc10 [ 39.998701][ T1] ? dup_mm+0x9e/0x330 [ 40.002894][ T1] ? copy_process+0x2116/0x52d0 [ 40.008579][ T1] ? __x64_sys_clone+0x247/0x2b0 [ 40.013505][ T1] ? do_syscall_64+0xc0/0x100 [ 40.018172][ T1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.024641][ T1] pte_alloc_one+0x1f/0xc0 [ 40.029460][ T1] __pte_alloc+0x21/0x1e0 [ 40.033760][ T1] copy_page_range+0x1432/0x16f0 [ 40.039279][ T1] ? print_bad_pte+0x570/0x570 [ 40.044016][ T1] dup_mmap+0x873/0xc10 [ 40.048154][ T1] ? __delayed_free_task+0x20/0x20 [ 40.053497][ T1] ? __kasan_check_write+0x14/0x20 [ 40.058578][ T1] ? mm_init+0x610/0x760 [ 40.062800][ T1] dup_mm+0x9e/0x330 [ 40.070187][ T1] copy_process+0x2116/0x52d0 [ 40.075038][ T1] ? __kasan_check_write+0x14/0x20 [ 40.080248][ T1] ? fork_idle+0x290/0x290 [ 40.085094][ T1] ? __kasan_check_write+0x14/0x20 [ 40.090376][ T1] ? _raw_spin_lock_irq+0xa2/0x180 [ 40.095565][ T1] ? __kasan_check_write+0x14/0x20 [ 40.100652][ T1] ? recalc_sigpending+0x19d/0x220 [ 40.105765][ T1] _do_fork+0x185/0x950 [ 40.110320][ T1] ? set_current_blocked+0x40/0x40 [ 40.115415][ T1] ? dup_mm+0x330/0x330 [ 40.119570][ T1] ? __kasan_check_read+0x11/0x20 [ 40.124580][ T1] ? _copy_to_user+0x92/0xb0 [ 40.129160][ T1] ? __se_sys_rt_sigprocmask+0x2f2/0x360 [ 40.135754][ T1] __x64_sys_clone+0x247/0x2b0 [ 40.140489][ T1] ? __ia32_sys_vfork+0x110/0x110 [ 40.145486][ T1] ? syscall_return_slowpath+0x6f/0x500 [ 40.151011][ T1] ? __x64_sys_rt_sigprocmask+0x9b/0xb0 [ 40.156528][ T1] do_syscall_64+0xc0/0x100 [ 40.161020][ T1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.166900][ T1] RIP: 0033:0x7f9706de4f46 [ 40.171288][ T1] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00 [ 40.190979][ T1] RSP: 002b:00007ffc7423dff0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 40.200318][ T1] RAX: ffffffffffffffda RBX: 00007ffc7423dff0 RCX: 00007f9706de4f46 executing program [ 40.209447][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 40.217398][ T1] RBP: 00007ffc7423e030 R08: 0000000000000000 R09: 0000000000000001 [ 40.225344][ T1] R10: 00007f9707739a70 R11: 0000000000000246 R12: 0000000000000000 [ 40.233286][ T1] R13: 0000000000000000 R14: 00007ffc7423e180 R15: 0000000001d0af58 [ 40.241655][ T1732] RIP: 0010:kfree+0x6b1/0x6d0 [ 40.243063][ C1] ------------[ cut here ]------------ [ 40.247110][ T1732] Code: 8b 8a 90 01 00 00 f0 48 ff 49 20 f0 48 29 41 28 f6 42 0a 08 75 16 48 8b 7d c0 48 8b 75 b8 e8 e6 39 00 00 e9 bb fb ff ff 0f 0b <0f> 0b 48 8b 7d b0 48 c7 c6 40 a9 70 81 e8 2d 8f c0 ff e9 a2 fb ff [ 40.252552][ C1] kernel BUG at mm/slub.c:3949! [ 40.252598][ C1] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 40.272980][ T1732] RSP: 0018:ffff8881d2b77958 EFLAGS: 00010246 [ 40.277745][ C1] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B D W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 40.283833][ T1732] RAX: 0000000000000000 RBX: ffffea0007419640 RCX: ffffea0007419640 [ 40.289862][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.300885][ T1732] RDX: 0000000000000000 RSI: 00000000000005e3 RDI: ffff8881d0659800 [ 40.309022][ C1] RIP: 0010:kfree+0x6b1/0x6d0 [ 40.309031][ C1] Code: 8b 8a 90 01 00 00 f0 48 ff 49 20 f0 48 29 41 28 f6 42 0a 08 75 16 48 8b 7d c0 48 8b 75 b8 e8 e6 39 00 00 e9 bb fb ff ff 0f 0b <0f> 0b 48 8b 7d b0 48 c7 c6 40 a9 70 81 e8 2d 8f c0 ff e9 a2 fb ff [ 40.309034][ C1] RSP: 0018:ffff8881daa1f938 EFLAGS: 00010246 [ 40.309039][ C1] RAX: 0000000000000000 RBX: ffffea0007419680 RCX: ffffea0007419680 [ 40.309043][ C1] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffff8881d065a800 [ 40.309053][ C1] RBP: ffff8881daa1f9b0 R08: ffffffff82d52ba5 R09: fffff94000e83dc7 [ 40.319547][ T1732] RBP: ffff8881d2b779d0 R08: ffffffff812cf9b3 R09: 0000000000000003 [ 40.327066][ C1] R10: fffff94000e83dc7 R11: 0000000000000000 R12: ffff8881d065a800 [ 40.327070][ C1] R13: ffffea000741ee00 R14: 0000000000000000 R15: 0000000000000ec0 [ 40.327075][ C1] FS: 0000000000000000(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 [ 40.327079][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.327083][ C1] CR2: 00000000006dab10 CR3: 000000000460e005 CR4: 00000000001606e0 [ 40.327089][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.327092][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.327095][ C1] Call Trace: [ 40.327105][ C1] ? sk_free+0x36/0x50 [ 40.327113][ C1] ? skb_release_data+0x536/0x690 [ 40.327120][ C1] skb_release_data+0x536/0x690 [ 40.327130][ C1] __kfree_skb+0x59/0x180 [ 40.327136][ C1] napi_consume_skb+0x21b/0x450 [ 40.327151][ C1] free_old_xmit_skbs+0x10b/0x270 [ 40.331864][ T1732] R10: ffffed103a56ef2d R11: 0000000000000004 R12: ffff8881d0659800 [ 40.351401][ C1] ? local_bh_enable+0x30/0x30 [ 40.351409][ C1] virtnet_poll_tx+0x1b6/0x330 [ 40.351424][ C1] net_rx_action+0x52c/0x1110 [ 40.351436][ C1] ? __qdisc_run+0x1db2/0x1df0 [ 40.357506][ T1732] R13: 1ffff1103a56ef48 R14: 0000000000000000 R15: dffffc0000000000 [ 40.365463][ C1] ? net_tx_action+0xa00/0xa00 [ 40.365471][ C1] ? net_tx_action+0x9da/0xa00 [ 40.365480][ C1] __do_softirq+0x235/0x57e [ 40.365490][ C1] ? ksoftirqd_should_run+0x20/0x20 [ 40.365496][ C1] run_ksoftirqd+0x17/0x20 [ 40.365502][ C1] smpboot_thread_fn+0x4f2/0x880 [ 40.365517][ C1] ? __sched_text_start+0x8/0x8 [ 40.375569][ T1732] FS: 00007fc443e2b700(0000) GS:ffff8881dba00000(0000) knlGS:0000000000000000 [ 40.383480][ C1] ? cpu_report_death+0x120/0x120 [ 40.383488][ C1] ? __kasan_check_read+0x11/0x20 [ 40.383493][ C1] ? __kasan_check_read+0x11/0x20 [ 40.383499][ C1] ? __kthread_parkme+0x152/0x190 [ 40.383505][ C1] kthread+0x31a/0x340 [ 40.383511][ C1] ? cpu_report_death+0x120/0x120 [ 40.383517][ C1] ? kthread_destroy_worker+0x270/0x270 [ 40.383523][ C1] ret_from_fork+0x1f/0x30 [ 40.383527][ C1] Modules linked in: [ 40.383551][ C1] ---[ end trace 7fb1e257b2382f3c ]--- [ 40.395895][ T1732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.399628][ C1] RIP: 0010:kfree+0x6b1/0x6d0 [ 40.399636][ C1] Code: 8b 8a 90 01 00 00 f0 48 ff 49 20 f0 48 29 41 28 f6 42 0a 08 75 16 48 8b 7d c0 48 8b 75 b8 e8 e6 39 00 00 e9 bb fb ff ff 0f 0b <0f> 0b 48 8b 7d b0 48 c7 c6 40 a9 70 81 e8 2d 8f c0 ff e9 a2 fb ff [ 40.399640][ C1] RSP: 0018:ffff8881d2b77958 EFLAGS: 00010246 [ 40.399645][ C1] RAX: 0000000000000000 RBX: ffffea0007419640 RCX: ffffea0007419640 [ 40.399656][ C1] RDX: 0000000000000000 RSI: 00000000000005e3 RDI: ffff8881d0659800 [ 40.408166][ T1732] CR2: 00007ffdfc0851a0 CR3: 00000001cfbee001 CR4: 00000000001606f0 [ 40.416861][ C1] RBP: ffff8881d2b779d0 R08: ffffffff812cf9b3 R09: 0000000000000003 [ 40.416865][ C1] R10: ffffed103a56ef2d R11: 0000000000000004 R12: ffff8881d0659800 [ 40.416868][ C1] R13: 1ffff1103a56ef48 R14: 0000000000000000 R15: dffffc0000000000 [ 40.416873][ C1] FS: 0000000000000000(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 [ 40.416885][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.423692][ T1732] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.432406][ C1] CR2: 00000000006dab10 CR3: 000000000460e005 CR4: 00000000001606e0 [ 40.432414][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 40.432417][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.432427][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 40.440526][ T1732] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 40.449674][ C1] Kernel Offset: disabled