Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts. executing program [ 18.170289][ T22] audit: type=1400 audit(1583697915.057:13): avc: denied { map } for pid=1876 comm="syz-executor819" path="/root/syz-executor819563880" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 18.190951][ T22] audit: type=1400 audit(1583697915.077:14): avc: denied { prog_load } for pid=1878 comm="syz-executor819" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 18.217706][ T22] audit: type=1400 audit(1583697915.107:15): avc: denied { prog_run } for pid=1878 comm="syz-executor819" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 18.217895][ T1878] ------------[ cut here ]------------ [ 18.249707][ T1878] Illegal XDP return value 4294967274, expect packet loss! [ 18.260824][ T1878] WARNING: CPU: 1 PID: 1878 at net/core/filter.c:6909 bpf_warn_invalid_xdp_action+0x5a/0x60 [ 18.273915][ T1878] Modules linked in: [ 18.280652][ T1878] CPU: 1 PID: 1878 Comm: syz-executor819 Not tainted 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 18.294681][ T1878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.311176][ T1878] RIP: 0010:bpf_warn_invalid_xdp_action+0x5a/0x60 [ 18.317653][ T1878] Code: e8 0b 12 5e fe 83 fb 04 48 c7 c0 e3 72 56 84 48 c7 c6 eb 72 56 84 48 0f 47 f0 48 c7 c7 b6 72 56 84 89 da 31 c0 e8 46 e1 34 fe <0f> 0b eb bc 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 50 4c 89 [ 18.350663][ T1878] RSP: 0018:ffff8881c627f728 EFLAGS: 00010246 [ 18.356876][ T1878] RAX: 915881b4f73f4800 RBX: 00000000ffffffea RCX: ffff8881d3089d80 [ 18.366224][ T1878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 18.377495][ T1878] RBP: ffff8881c627f730 R08: ffffffff812d0c80 R09: 0000000000000003 [ 18.385578][ T1878] R10: ffffed1038c4fe51 R11: 0000000000000004 R12: 00000000ffffffea [ 18.394417][ T1878] R13: ffff8881d0fb0840 R14: dffffc0000000000 R15: ffffc9000050c000 [ 18.403465][ T1878] FS: 0000000000868880(0000) GS:ffff8881dbb00000(0000) knlGS:0000000000000000 [ 18.412484][ T1878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 18.419108][ T1878] CR2: 0000000020002b00 CR3: 00000001d0ff1003 CR4: 00000000001606e0 [ 18.428321][ T1878] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 18.436280][ T1878] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 18.449287][ T1878] Call Trace: [ 18.452566][ T1878] tun_xdp_act+0x1b6/0x740 [ 18.458280][ T1878] ? __kasan_check_write+0x14/0x20 [ 18.463408][ T1878] ? copyin+0x92/0xb0 [ 18.468799][ T1878] ? tun_flow_update+0x870/0x870 [ 18.474691][ T1878] ? bpf_prog_1ed1caa9e1cd9e70+0x75f/0x1000 [ 18.482656][ T1878] tun_get_user+0x1cce/0x3d10 [ 18.488472][ T1878] ? __kasan_check_read+0x11/0x20 [ 18.493683][ T1878] ? __alloc_pages_nodemask+0x52d/0x3010 [ 18.499302][ T1878] ? tun_do_read+0x1f10/0x1f10 [ 18.504051][ T1878] ? put_pid+0x82/0xe0 [ 18.508113][ T1878] ? __rcu_read_lock+0x50/0x50 [ 18.513454][ T1878] ? __rcu_read_lock+0x50/0x50 [ 18.518564][ T1878] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 18.526276][ T1878] tun_chr_write_iter+0x134/0x1c0 [ 18.532214][ T1878] do_iter_readv_writev+0x5fa/0x890 [ 18.538059][ T1878] ? vfs_dedupe_file_range+0xa00/0xa00 [ 18.546101][ T1878] ? security_file_permission+0x157/0x350 [ 18.553282][ T1878] ? rw_verify_area+0x1c2/0x360 [ 18.558298][ T1878] do_iter_write+0x180/0x590 [ 18.563149][ T1878] do_writev+0x2cd/0x560 [ 18.567374][ T1878] ? do_readv+0x400/0x400 [ 18.571903][ T1878] ? __up_read+0x6f/0x1b0 [ 18.576514][ T1878] ? __down_read+0x240/0x240 [ 18.581253][ T1878] ? vmacache_find+0x21f/0x4d0 [ 18.586169][ T1878] ? do_user_addr_fault+0x6b7/0xb50 [ 18.591671][ T1878] __x64_sys_writev+0x7d/0x90 [ 18.596340][ T1878] do_syscall_64+0xc0/0x100 [ 18.601630][ T1878] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.607607][ T1878] RIP: 0033:0x441ff0 [ 18.612258][ T1878] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 01 90 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 18.632787][ T1878] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 18.641905][ T1878] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 0000000000441ff0 [ 18.649960][ T1878] RDX: 0000000000000001 RSI: 00007fff71db0e80 RDI: 00000000000000f0 [ 18.659244][ T1878] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 18.667279][ T1878] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000 [ 18.675236][ T1878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 18.683280][ T1878] ---[ end trace 6895f5cc1eb19b1e ]--- [ 18.689825][ T1877] BUG: Bad page state in process syz-executor819 pfn:1d0668 [ 18.697296][ T1877] page:ffffea0007419a00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 18.707384][ T1877] flags: 0x8000000000000000() [ 18.712215][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 18.720947][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 18.729588][ T1877] page dumped because: nonzero _refcount [ 18.735191][ T1877] Modules linked in: [ 18.739187][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 18.751609][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.761922][ T1877] Call Trace: [ 18.765477][ T1877] dump_stack+0x1b0/0x228 [ 18.769815][ T1877] ? is_module_text_address+0x130/0x130 [ 18.775432][ T1877] ? show_regs_print_info+0x18/0x18 [ 18.780617][ T1877] bad_page+0x262/0x290 [ 18.785695][ T1877] ? _raw_spin_lock+0x170/0x170 [ 18.790547][ T1877] ? is_free_buddy_page+0x190/0x190 [ 18.797046][ T1877] ? __kasan_check_read+0x11/0x20 [ 18.802043][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 18.807228][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 18.812759][ T1877] ? __read_once_size_nocheck+0x10/0x10 [ 18.818291][ T1877] ? unwind_next_frame+0x415/0x870 [ 18.823494][ T1877] ? __rcu_read_lock+0x50/0x50 [ 18.828249][ T1877] ? unwind_next_frame+0x415/0x870 [ 18.833357][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 18.839068][ T1877] ? 0xffffffffa0008000 [ 18.843208][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 18.848687][ T1877] ? arch_stack_walk+0x98/0xe0 [ 18.853528][ T1877] ? stack_trace_save+0x111/0x1e0 [ 18.858814][ T1877] ? stack_trace_snprint+0x150/0x150 [ 18.864073][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 18.868985][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 18.873931][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 18.878685][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 18.884230][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 18.889329][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 18.894253][ T1877] ? copy_process+0x1852/0x52d0 [ 18.899086][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 18.904006][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 18.908765][ T1877] ? kmem_cache_alloc+0x120/0x2b0 [ 18.913761][ T1877] ? copy_process+0x1ac8/0x52d0 [ 18.918582][ T1877] ? _do_fork+0x185/0x950 [ 18.922888][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 18.927883][ T1877] ? do_syscall_64+0xc0/0x100 [ 18.932539][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 18.938589][ T1877] ? avc_denied+0x1b0/0x1b0 [ 18.943068][ T1877] alloc_slab_page+0x3f/0x390 [ 18.947718][ T1877] new_slab+0x98/0x430 [ 18.951784][ T1877] ___slab_alloc+0x2e0/0x450 [ 18.956369][ T1877] ? dup_mm+0x29/0x330 [ 18.960478][ T1877] ? __should_failslab+0x90/0x160 [ 18.965644][ T1877] ? dup_mm+0x29/0x330 [ 18.969900][ T1877] kmem_cache_alloc+0x203/0x2b0 [ 18.974751][ T1877] ? sched_autogroup_detach+0x20/0x20 [ 18.980113][ T1877] dup_mm+0x29/0x330 [ 18.984000][ T1877] copy_process+0x2116/0x52d0 [ 18.988655][ T1877] ? kernel_wait4+0x380/0x380 [ 18.993311][ T1877] ? fork_idle+0x290/0x290 [ 18.997714][ T1877] ? put_pid+0x89/0xe0 [ 19.001766][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 19.006674][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 19.011321][ T1877] _do_fork+0x185/0x950 [ 19.015477][ T1877] ? dup_mm+0x330/0x330 [ 19.019621][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 19.024535][ T1877] ? do_wait+0x890/0x890 [ 19.028753][ T1877] __x64_sys_clone+0x247/0x2b0 [ 19.033496][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 19.038499][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 19.044014][ T1877] do_syscall_64+0xc0/0x100 [ 19.048618][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.054507][ T1877] RIP: 0033:0x4409fa [ 19.058388][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 19.078271][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 19.086859][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 19.094825][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 19.102782][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 19.110728][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 19.118672][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 executing program executing program [ 19.126647][ T1877] Disabling lock debugging due to kernel taint [ 19.136405][ T1880] BUG: Bad page state in process syz-executor819 pfn:1d05e0 [ 19.143941][ T1880] page:ffffea0007417800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 19.153113][ T1880] flags: 0x8000000000000000() [ 19.157878][ T1880] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 19.166550][ T1880] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 19.175652][ T1880] page dumped because: nonzero _refcount [ 19.181266][ T1880] Modules linked in: [ 19.185154][ T1880] CPU: 1 PID: 1880 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 19.196662][ T1880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.206789][ T1880] Call Trace: [ 19.210080][ T1880] dump_stack+0x1b0/0x228 [ 19.214438][ T1880] ? is_module_text_address+0x130/0x130 [ 19.219975][ T1880] ? show_regs_print_info+0x18/0x18 [ 19.225178][ T1880] bad_page+0x262/0x290 [ 19.229595][ T1880] ? _raw_spin_lock+0x170/0x170 [ 19.234442][ T1880] ? is_free_buddy_page+0x190/0x190 [ 19.239636][ T1880] ? __kasan_check_read+0x11/0x20 [ 19.244654][ T1880] ? __zone_watermark_ok+0x9b/0x270 [ 19.249843][ T1880] get_page_from_freelist+0x505a/0x57e0 [ 19.255375][ T1880] ? __kasan_check_write+0x14/0x20 [ 19.260569][ T1880] ? _raw_spin_lock_irqsave+0xda/0x1c0 [ 19.266007][ T1880] ? __read_once_size_nocheck+0x10/0x10 [ 19.271540][ T1880] ? _raw_spin_lock+0x170/0x170 [ 19.276369][ T1880] ? __alloc_pages_nodemask+0x3010/0x3010 [ 19.282152][ T1880] ? get_page_from_freelist+0x5426/0x57e0 [ 19.287880][ T1880] __alloc_pages_nodemask+0x44f/0x3010 [ 19.293349][ T1880] ? __kasan_check_read+0x11/0x20 [ 19.298414][ T1880] ? prep_new_page+0x13a/0x3a0 [ 19.303176][ T1880] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.308710][ T1880] ? get_page_from_freelist+0x5426/0x57e0 [ 19.314426][ T1880] ? __rcu_read_lock+0x50/0x50 [ 19.319184][ T1880] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 19.325171][ T1880] alloc_slab_page+0x3f/0x390 [ 19.329828][ T1880] new_slab+0x98/0x430 [ 19.333921][ T1880] ___slab_alloc+0x2e0/0x450 [ 19.338491][ T1880] ? bpf_check+0x136/0xe7b0 [ 19.342982][ T1880] ? __should_failslab+0x90/0x160 [ 19.348036][ T1880] ? bpf_check+0x136/0xe7b0 [ 19.352526][ T1880] kmem_cache_alloc_trace+0x23f/0x2f0 [ 19.357874][ T1880] bpf_check+0x136/0xe7b0 [ 19.362191][ T1880] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 19.368171][ T1880] ? 0xffffffffa0010000 [ 19.372318][ T1880] ? is_bpf_text_address+0x2c8/0x2e0 [ 19.378173][ T1880] ? stack_trace_save+0x1e0/0x1e0 [ 19.383172][ T1880] ? __kernel_text_address+0x9a/0x110 [ 19.388524][ T1880] ? unwind_get_return_address+0x4c/0x90 [ 19.394144][ T1880] ? arch_stack_walk+0x98/0xe0 [ 19.398894][ T1880] ? stack_trace_save+0x111/0x1e0 [ 19.403915][ T1880] ? stack_trace_snprint+0x150/0x150 [ 19.409173][ T1880] ? stack_trace_snprint+0x150/0x150 [ 19.414440][ T1880] ? bpf_verifier_log_write+0x230/0x230 [ 19.419969][ T1880] ? __kasan_kmalloc+0x179/0x1b0 [ 19.425658][ T1880] ? __kasan_kmalloc+0x117/0x1b0 [ 19.430583][ T1880] ? kasan_kmalloc+0x9/0x10 [ 19.435062][ T1880] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 19.440504][ T1880] ? selinux_bpf_prog_alloc+0x51/0x150 [ 19.445968][ T1880] ? security_bpf_prog_alloc+0x50/0xb0 [ 19.451409][ T1880] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 19.456245][ T1880] ? __x64_sys_bpf+0x7a/0x90 [ 19.460885][ T1880] ? do_syscall_64+0xc0/0x100 [ 19.465539][ T1880] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.471617][ T1880] ? pcpu_block_update_hint_alloc+0x970/0xcf0 [ 19.477759][ T1880] ? pcpu_alloc_area+0x7eb/0x940 [ 19.482681][ T1880] ? find_next_bit+0xd8/0x120 [ 19.487361][ T1880] ? cpumask_next+0x11/0x30 [ 19.491842][ T1880] ? __should_failslab+0x90/0x160 [ 19.496842][ T1880] ? selinux_bpf_prog_alloc+0x51/0x150 [ 19.502276][ T1880] ? kasan_kmalloc+0x9/0x10 [ 19.506755][ T1880] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 19.512213][ T1880] ? memset+0x31/0x40 [ 19.516377][ T1880] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 19.521466][ T1880] __do_sys_bpf+0x80a8/0xbbc0 [ 19.526177][ T1880] ? wp_page_copy+0xd24/0x10e0 [ 19.530929][ T1880] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.536456][ T1880] ? __rcu_read_lock+0x50/0x50 [ 19.541225][ T1880] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 19.547018][ T1880] ? __bpf_prog_put_rcu+0x350/0x350 [ 19.552196][ T1880] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 19.557729][ T1880] ? mem_cgroup_from_task+0x60/0x60 [ 19.562901][ T1880] ? __kasan_check_read+0x11/0x20 [ 19.567901][ T1880] ? __lru_cache_add+0x1ae/0x200 [ 19.572812][ T1880] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 19.579387][ T1880] ? _raw_spin_unlock+0x9/0x20 [ 19.584125][ T1880] ? handle_mm_fault+0xb2f/0x41c0 [ 19.589127][ T1880] ? alloc_file+0x84/0x4b0 [ 19.593533][ T1880] ? finish_fault+0x230/0x230 [ 19.598197][ T1880] ? __kasan_check_write+0x14/0x20 [ 19.603293][ T1880] ? __up_read+0x6f/0x1b0 [ 19.607612][ T1880] ? __down_read+0x240/0x240 [ 19.612182][ T1880] __x64_sys_bpf+0x7a/0x90 [ 19.616622][ T1880] do_syscall_64+0xc0/0x100 [ 19.621214][ T1880] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.627111][ T1880] RIP: 0033:0x4420f9 [ 19.630984][ T1880] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 19.650582][ T1880] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 19.659498][ T1880] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 19.668884][ T1880] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 executing program [ 19.676924][ T1880] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 19.684934][ T1880] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000004aac [ 19.692899][ T1880] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 19.705052][ T1877] BUG: Bad page state in process syz-executor819 pfn:1d04a0 [ 19.712426][ T1877] page:ffffea0007412800 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 19.721589][ T1877] flags: 0x8000000000000000() [ 19.726255][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 19.734895][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 19.743459][ T1877] page dumped because: nonzero _refcount [ 19.749060][ T1877] Modules linked in: [ 19.752944][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 19.764456][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.774515][ T1877] Call Trace: [ 19.777788][ T1877] dump_stack+0x1b0/0x228 [ 19.782105][ T1877] ? is_module_text_address+0x130/0x130 [ 19.787660][ T1877] ? show_regs_print_info+0x18/0x18 [ 19.792832][ T1877] bad_page+0x262/0x290 [ 19.796956][ T1877] ? _raw_spin_lock+0x170/0x170 [ 19.801776][ T1877] ? is_free_buddy_page+0x190/0x190 [ 19.806949][ T1877] ? __kasan_check_read+0x11/0x20 [ 19.811941][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 19.817109][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 19.822653][ T1877] ? invalidate_inode_page+0x260/0x260 [ 19.828086][ T1877] ? __kasan_check_write+0x14/0x20 [ 19.833177][ T1877] ? __read_once_size_nocheck+0x10/0x10 [ 19.838700][ T1877] ? unwind_next_frame+0x415/0x870 [ 19.843786][ T1877] ? __rcu_read_lock+0x50/0x50 [ 19.848519][ T1877] ? unwind_next_frame+0x415/0x870 [ 19.853604][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 19.859919][ T1877] ? 0xffffffffa0020000 [ 19.864228][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 19.869673][ T1877] ? arch_stack_walk+0x98/0xe0 [ 19.874466][ T1877] ? stack_trace_save+0x111/0x1e0 [ 19.879522][ T1877] ? stack_trace_snprint+0x150/0x150 [ 19.884817][ T1877] ? stack_trace_save+0x111/0x1e0 [ 19.889873][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 19.895488][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 19.900404][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 19.905404][ T1877] ? kasan_kmalloc+0x9/0x10 [ 19.909891][ T1877] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 19.915329][ T1877] ? alloc_fdtable+0x98/0x290 [ 19.920002][ T1877] ? dup_fd+0x7ad/0xb60 [ 19.924139][ T1877] ? copy_process+0x1725/0x52d0 [ 19.928965][ T1877] ? _do_fork+0x185/0x950 [ 19.933278][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 19.938190][ T1877] ? do_syscall_64+0xc0/0x100 [ 19.942871][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.948968][ T1877] ? dup_fd+0x6f/0xb60 [ 19.953031][ T1877] ? copy_process+0x1725/0x52d0 [ 19.957910][ T1877] ? _do_fork+0x185/0x950 [ 19.962314][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 19.967297][ T1877] ? do_syscall_64+0xc0/0x100 [ 19.971975][ T1877] ? __rcu_read_lock+0x50/0x50 [ 19.976740][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 19.981678][ T1877] alloc_slab_page+0x3f/0x390 [ 19.986358][ T1877] new_slab+0x98/0x430 [ 19.990402][ T1877] ___slab_alloc+0x2e0/0x450 [ 19.994965][ T1877] ? kvmalloc_node+0xc6/0x120 [ 19.999610][ T1877] ? memcpy+0x49/0x60 [ 20.003918][ T1877] ? __should_failslab+0x90/0x160 [ 20.008918][ T1877] ? kvmalloc_node+0xc6/0x120 [ 20.013580][ T1877] __kmalloc+0x26d/0x310 [ 20.017801][ T1877] kvmalloc_node+0xc6/0x120 [ 20.022282][ T1877] alloc_fdtable+0xe3/0x290 [ 20.026767][ T1877] dup_fd+0x7ad/0xb60 [ 20.030721][ T1877] ? perf_event_attrs+0x30/0x30 [ 20.035569][ T1877] ? selinux_task_alloc+0x95/0xb0 [ 20.040567][ T1877] copy_process+0x1725/0x52d0 [ 20.045280][ T1877] ? kernel_wait4+0x380/0x380 [ 20.050147][ T1877] ? fork_idle+0x290/0x290 [ 20.054579][ T1877] ? put_pid+0x89/0xe0 [ 20.058857][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 20.063782][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 20.068434][ T1877] _do_fork+0x185/0x950 [ 20.072577][ T1877] ? dup_mm+0x330/0x330 [ 20.077091][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 20.082008][ T1877] ? do_wait+0x890/0x890 [ 20.086231][ T1877] __x64_sys_clone+0x247/0x2b0 [ 20.090967][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 20.095962][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 20.101514][ T1877] do_syscall_64+0xc0/0x100 [ 20.108634][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.114814][ T1877] RIP: 0033:0x4409fa [ 20.119348][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 20.140254][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 20.148756][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 20.157249][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 20.165261][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 20.173327][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 20.181556][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 20.189526][ T1877] BUG: Bad page state in process syz-executor819 pfn:1d05b0 [ 20.196944][ T1877] page:ffffea0007416c00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 20.206351][ T1877] flags: 0x8000000000000000() [ 20.211205][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 20.220825][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 20.229555][ T1877] page dumped because: nonzero _refcount [ 20.235168][ T1877] Modules linked in: [ 20.239046][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 20.250947][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.261011][ T1877] Call Trace: [ 20.264310][ T1877] dump_stack+0x1b0/0x228 [ 20.268628][ T1877] ? is_module_text_address+0x130/0x130 [ 20.274159][ T1877] ? show_regs_print_info+0x18/0x18 [ 20.279341][ T1877] bad_page+0x262/0x290 [ 20.283491][ T1877] ? _raw_spin_lock+0x170/0x170 [ 20.288414][ T1877] ? is_free_buddy_page+0x190/0x190 [ 20.293655][ T1877] ? __kasan_check_read+0x11/0x20 [ 20.298677][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 20.303855][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 20.309385][ T1877] ? invalidate_inode_page+0x260/0x260 [ 20.314884][ T1877] ? __kasan_check_write+0x14/0x20 [ 20.320007][ T1877] ? __read_once_size_nocheck+0x10/0x10 [ 20.325709][ T1877] ? unwind_next_frame+0x415/0x870 [ 20.330907][ T1877] ? __rcu_read_lock+0x50/0x50 [ 20.335662][ T1877] ? unwind_next_frame+0x415/0x870 [ 20.340775][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 20.346489][ T1877] ? 0xffffffffa0020000 [ 20.352554][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 20.358016][ T1877] ? arch_stack_walk+0x98/0xe0 [ 20.362778][ T1877] ? stack_trace_save+0x111/0x1e0 [ 20.367873][ T1877] ? stack_trace_snprint+0x150/0x150 [ 20.378086][ T1877] ? stack_trace_save+0x111/0x1e0 [ 20.386314][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 20.391903][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 20.404441][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 20.409639][ T1877] ? kasan_kmalloc+0x9/0x10 [ 20.416904][ T1877] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 20.422470][ T1877] ? alloc_fdtable+0x98/0x290 [ 20.427747][ T1877] ? dup_fd+0x7ad/0xb60 [ 20.433307][ T1877] ? copy_process+0x1725/0x52d0 [ 20.438455][ T1877] ? _do_fork+0x185/0x950 [ 20.442769][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 20.448271][ T1877] ? do_syscall_64+0xc0/0x100 [ 20.452939][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.459109][ T1877] ? dup_fd+0x6f/0xb60 [ 20.463267][ T1877] ? copy_process+0x1725/0x52d0 [ 20.468120][ T1877] ? _do_fork+0x185/0x950 [ 20.472445][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 20.477381][ T1877] ? do_syscall_64+0xc0/0x100 [ 20.482054][ T1877] ? __rcu_read_lock+0x50/0x50 [ 20.486793][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 20.493302][ T1877] alloc_slab_page+0x3f/0x390 [ 20.498014][ T1877] new_slab+0x98/0x430 [ 20.502058][ T1877] ___slab_alloc+0x2e0/0x450 [ 20.506707][ T1877] ? kvmalloc_node+0xc6/0x120 [ 20.511366][ T1877] ? memcpy+0x49/0x60 [ 20.515334][ T1877] ? __should_failslab+0x90/0x160 [ 20.520340][ T1877] ? kvmalloc_node+0xc6/0x120 [ 20.525005][ T1877] __kmalloc+0x26d/0x310 [ 20.529279][ T1877] kvmalloc_node+0xc6/0x120 [ 20.534640][ T1877] alloc_fdtable+0xe3/0x290 [ 20.539237][ T1877] dup_fd+0x7ad/0xb60 [ 20.543252][ T1877] ? perf_event_attrs+0x30/0x30 [ 20.548092][ T1877] ? selinux_task_alloc+0x95/0xb0 [ 20.554313][ T1877] copy_process+0x1725/0x52d0 [ 20.559062][ T1877] ? kernel_wait4+0x380/0x380 [ 20.563741][ T1877] ? fork_idle+0x290/0x290 [ 20.568232][ T1877] ? put_pid+0x89/0xe0 [ 20.572311][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 20.577267][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 20.582107][ T1877] _do_fork+0x185/0x950 [ 20.586267][ T1877] ? dup_mm+0x330/0x330 [ 20.590417][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 20.595335][ T1877] ? do_wait+0x890/0x890 [ 20.599654][ T1877] __x64_sys_clone+0x247/0x2b0 [ 20.604573][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 20.609771][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 20.616275][ T1877] do_syscall_64+0xc0/0x100 [ 20.621379][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.627705][ T1877] RIP: 0033:0x4409fa [ 20.631591][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 20.651166][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 20.659816][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 20.667878][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 20.675944][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 executing program [ 20.683893][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 20.691836][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 20.712196][ T1883] BUG: Bad page state in process syz-executor819 pfn:1d36b0 executing program executing program [ 20.725581][ T1883] page:ffffea00074dac00 refcount:0 mapcount:0 mapping:ffff8881da8e5c00 index:0x0 compound_mapcount: 0 [ 20.736955][ T1883] flags: 0x8000000000010200(slab|head) [ 20.743019][ T1886] BUG: Bad page state in process init pfn:1d06a8 [ 20.749451][ T1886] page:ffffea000741aa00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 20.758650][ T1886] flags: 0x8000000000000000() [ 20.763467][ T1886] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 20.772380][ T1886] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 20.780937][ T1886] page dumped because: nonzero _refcount [ 20.786539][ T1886] Modules linked in: [ 20.790412][ T1886] CPU: 1 PID: 1886 Comm: init Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 20.800967][ T1886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.811005][ T1886] Call Trace: [ 20.814292][ T1886] dump_stack+0x1b0/0x228 [ 20.818604][ T1886] ? is_module_text_address+0x130/0x130 [ 20.824120][ T1886] ? show_regs_print_info+0x18/0x18 [ 20.829376][ T1886] bad_page+0x262/0x290 [ 20.833500][ T1886] ? _raw_spin_lock+0x170/0x170 [ 20.838328][ T1886] ? is_free_buddy_page+0x190/0x190 [ 20.843504][ T1886] ? __kasan_check_read+0x11/0x20 [ 20.848501][ T1886] ? __zone_watermark_ok+0x9b/0x270 [ 20.853679][ T1886] get_page_from_freelist+0x505a/0x57e0 [ 20.859216][ T1886] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 20.865207][ T1886] ? arch_stack_walk+0x98/0xe0 [ 20.869955][ T1886] ? __read_once_size_nocheck+0x10/0x10 [ 20.875477][ T1886] ? unwind_next_frame+0x415/0x870 [ 20.880559][ T1886] ? __rcu_read_lock+0x50/0x50 [ 20.885292][ T1886] ? unwind_next_frame+0x415/0x870 [ 20.890372][ T1886] ? 0xffffffffa0008000 [ 20.894498][ T1886] ? __alloc_pages_nodemask+0x3010/0x3010 [ 20.900259][ T1886] ? is_bpf_text_address+0x2c8/0x2e0 [ 20.905563][ T1886] ? stack_trace_save+0x1e0/0x1e0 [ 20.910586][ T1886] __alloc_pages_nodemask+0x44f/0x3010 [ 20.916024][ T1886] ? stack_trace_snprint+0x150/0x150 [ 20.921290][ T1886] ? stack_trace_save+0x111/0x1e0 [ 20.926292][ T1886] ? kasan_slab_free+0xe/0x10 [ 20.930938][ T1886] ? kmem_cache_free+0x181/0x7a0 [ 20.936234][ T1886] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 20.941766][ T1886] ? __kasan_kmalloc+0x117/0x1b0 [ 20.946672][ T1886] ? kasan_kmalloc+0x9/0x10 [ 20.951327][ T1886] ? __kmalloc+0x102/0x310 [ 20.955715][ T1886] ? kzalloc+0x26/0x40 [ 20.959757][ T1886] ? security_prepare_creds+0x40/0x270 [ 20.965185][ T1886] ? prepare_creds+0x295/0x390 [ 20.969929][ T1886] ? do_faccessat+0x9d/0x7f0 [ 20.974500][ T1886] ? __x64_sys_access+0x5f/0x70 [ 20.979328][ T1886] ? do_syscall_64+0xc0/0x100 [ 20.983987][ T1886] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.990027][ T1886] ? __kasan_kmalloc+0x179/0x1b0 [ 20.994945][ T1886] ? __kasan_kmalloc+0x117/0x1b0 [ 20.999852][ T1886] ? kasan_slab_alloc+0xe/0x10 [ 21.004596][ T1886] ? kmem_cache_alloc+0x120/0x2b0 [ 21.009604][ T1886] ? prepare_creds+0x24/0x390 [ 21.014257][ T1886] ? security_file_lock+0xab/0xc0 [ 21.019271][ T1886] alloc_slab_page+0x3f/0x390 [ 21.023931][ T1886] ? __rcu_read_lock+0x50/0x50 [ 21.028968][ T1886] new_slab+0x98/0x430 [ 21.033018][ T1886] ? fsnotify+0x1390/0x1450 [ 21.037497][ T1886] ___slab_alloc+0x2e0/0x450 [ 21.042061][ T1886] ? __should_failslab+0x90/0x160 [ 21.047078][ T1886] ? getname_flags+0xba/0x640 [ 21.051750][ T1886] ? kzalloc+0x26/0x40 [ 21.055806][ T1886] ? __should_failslab+0x90/0x160 [ 21.060818][ T1886] ? getname_flags+0xba/0x640 [ 21.065478][ T1886] kmem_cache_alloc+0x203/0x2b0 [ 21.070373][ T1886] getname_flags+0xba/0x640 [ 21.074865][ T1886] ? __put_user_ns+0x60/0x60 [ 21.079455][ T1886] user_path_at_empty+0x2d/0x50 [ 21.084304][ T1886] do_faccessat+0x2f3/0x7f0 [ 21.088785][ T1886] ? __ia32_sys_fallocate+0x110/0x110 [ 21.094132][ T1886] ? prepare_exit_to_usermode+0x13a/0x370 [ 21.099842][ T1886] __x64_sys_access+0x5f/0x70 [ 21.104495][ T1886] do_syscall_64+0xc0/0x100 [ 21.109079][ T1886] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.114951][ T1886] RIP: 0033:0x7f50615b93c7 [ 21.119359][ T1886] Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d 68 4a 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4a 2b 00 31 d2 48 29 c2 64 [ 21.139134][ T1886] RSP: 002b:00007fffa5ec8368 EFLAGS: 00000202 ORIG_RAX: 0000000000000015 [ 21.147519][ T1886] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f50615b93c7 [ 21.155459][ T1886] RDX: 000000000000075e RSI: 0000000000000002 RDI: 0000000000407a00 [ 21.163403][ T1886] RBP: 00000000004072f7 R08: 00007fffa5ec86e0 R09: 0000000000000001 [ 21.171346][ T1886] R10: 0000000000000008 R11: 0000000000000202 R12: 000000000000075e [ 21.179345][ T1886] R13: 00000000004072f7 R14: 000000000153b10c R15: 000000000153b10c executing program [ 21.188889][ T1883] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881da8e5c00 [ 21.198206][ T1883] raw: 0000000000000000 0000000000070007 00000000ffffffff 0000000000000000 [ 21.207294][ T1883] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 21.214838][ T1733] BUG: Bad page state in process rsyslogd pfn:1d0728 [ 21.221586][ T1733] page:ffffea000741ca00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 21.230773][ T1733] flags: 0x8000000000000000() [ 21.235429][ T1733] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 21.243996][ T1733] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 21.252547][ T1733] page dumped because: nonzero _refcount [ 21.258148][ T1733] Modules linked in: [ 21.262029][ T1733] CPU: 0 PID: 1733 Comm: rsyslogd Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 21.272987][ T1733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.283035][ T1733] Call Trace: [ 21.286326][ T1733] dump_stack+0x1b0/0x228 [ 21.290651][ T1733] ? is_module_text_address+0x130/0x130 [ 21.296208][ T1733] ? show_regs_print_info+0x18/0x18 [ 21.301407][ T1733] bad_page+0x262/0x290 [ 21.305582][ T1733] ? _raw_spin_lock+0x170/0x170 [ 21.310548][ T1733] ? is_free_buddy_page+0x190/0x190 [ 21.315749][ T1733] ? __kasan_check_read+0x11/0x20 [ 21.320778][ T1733] ? __zone_watermark_ok+0x9b/0x270 [ 21.325957][ T1733] get_page_from_freelist+0x505a/0x57e0 [ 21.331486][ T1733] ? check_preempt_wakeup+0x56a/0xba0 [ 21.336849][ T1733] ? __read_once_size_nocheck+0x10/0x10 [ 21.342385][ T1733] ? unwind_next_frame+0x415/0x870 [ 21.347469][ T1733] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 21.353430][ T1733] ? __alloc_pages_nodemask+0x3010/0x3010 [ 21.359121][ T1733] ? __kasan_check_read+0x11/0x20 [ 21.364117][ T1733] ? update_curr+0x176/0x8c0 [ 21.368682][ T1733] __alloc_pages_nodemask+0x44f/0x3010 [ 21.374258][ T1733] ? update_cfs_group+0x25a/0x270 [ 21.379262][ T1733] ? __kasan_check_read+0x11/0x20 [ 21.384285][ T1733] ? reweight_entity+0x87/0xb10 [ 21.389139][ T1733] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 21.394676][ T1733] ? update_load_avg+0x4a7/0x1350 [ 21.399688][ T1733] ? switch_mm_irqs_off+0x3c8/0x9d0 [ 21.405039][ T1733] ? __kasan_check_write+0x14/0x20 [ 21.410137][ T1733] alloc_slab_page+0x3f/0x390 [ 21.414796][ T1733] ? _raw_spin_lock+0x170/0x170 [ 21.419622][ T1733] new_slab+0x98/0x430 [ 21.423668][ T1733] ? __kasan_check_write+0x14/0x20 [ 21.428750][ T1733] ___slab_alloc+0x2e0/0x450 [ 21.433313][ T1733] ? do_syslog+0x1011/0x1450 [ 21.437873][ T1733] ? __should_failslab+0x90/0x160 [ 21.442870][ T1733] ? do_syslog+0x1011/0x1450 [ 21.447450][ T1733] kmem_cache_alloc_trace+0x23f/0x2f0 [ 21.452806][ T1733] do_syslog+0x1011/0x1450 [ 21.457210][ T1733] ? printk+0x109/0x109 [ 21.461360][ T1733] ? init_wait_entry+0xe0/0xe0 [ 21.466101][ T1733] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 21.471881][ T1733] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 21.477438][ T1733] kmsg_read+0x94/0xd0 [ 21.481489][ T1733] ? proc_net_ns_exit+0x70/0x70 [ 21.486323][ T1733] proc_reg_read+0x227/0x350 [ 21.490920][ T1733] ? proc_reg_llseek+0x330/0x330 [ 21.495847][ T1733] ? fsnotify+0x1390/0x1450 [ 21.500345][ T1733] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 21.506927][ T1733] ? proc_reg_llseek+0x330/0x330 [ 21.511863][ T1733] __vfs_read+0xff/0x6f0 [ 21.516102][ T1733] ? rw_verify_area+0x360/0x360 [ 21.520952][ T1733] ? security_file_permission+0x241/0x350 [ 21.526686][ T1733] ? rw_verify_area+0x1c2/0x360 [ 21.531519][ T1733] vfs_read+0x16e/0x380 [ 21.535676][ T1733] ksys_read+0x168/0x2a0 [ 21.539902][ T1733] ? vfs_write+0x4e0/0x4e0 [ 21.544298][ T1733] ? __kasan_check_read+0x11/0x20 [ 21.549317][ T1733] __x64_sys_read+0x7b/0x90 [ 21.553810][ T1733] do_syscall_64+0xc0/0x100 [ 21.558314][ T1733] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.564188][ T1733] RIP: 0033:0x7f00266081fd [ 21.568604][ T1733] Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 21.588206][ T1733] RSP: 002b:00007f0023ba7e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 [ 21.596798][ T1733] RAX: ffffffffffffffda RBX: 0000000000f824b0 RCX: 00007f00266081fd [ 21.604885][ T1733] RDX: 0000000000000fff RSI: 00007f00253dc5a0 RDI: 0000000000000004 [ 21.612858][ T1733] RBP: 0000000000000000 R08: 0000000000f6d260 R09: 0000000004000001 [ 21.621074][ T1733] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 21.629125][ T1733] R13: 00007f0023ba89c0 R14: 00007f0026c4d040 R15: 0000000000000003 [ 21.637322][ T1883] bad because of flags: 0x200(slab) [ 21.642700][ T1883] Modules linked in: [ 21.646609][ T1883] CPU: 0 PID: 1883 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 21.658142][ T1883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.668175][ T1883] Call Trace: [ 21.671451][ T1883] dump_stack+0x1b0/0x228 [ 21.675774][ T1883] ? is_module_text_address+0x130/0x130 [ 21.681310][ T1883] ? show_regs_print_info+0x18/0x18 [ 21.686500][ T1883] bad_page+0x262/0x290 [ 21.690631][ T1883] ? is_free_buddy_page+0x190/0x190 [ 21.695803][ T1883] __free_pages_ok+0x759/0xd80 [ 21.700540][ T1883] ? __kasan_check_read+0x11/0x20 [ 21.705549][ T1883] ? set_pageblock_migratetype+0x150/0x150 [ 21.711332][ T1883] free_compound_page+0x67/0x90 [ 21.716157][ T1883] __put_page+0xf7/0x120 [ 21.720372][ T1883] do_exit+0x1d53/0x26f0 [ 21.724587][ T1883] ? mm_update_next_owner+0x5f0/0x5f0 [ 21.729946][ T1883] ? do_user_addr_fault+0x6b7/0xb50 [ 21.735117][ T1883] do_group_exit+0x153/0x2a0 [ 21.739680][ T1883] __do_sys_exit_group+0x17/0x20 [ 21.744595][ T1883] __se_sys_exit_group+0x14/0x20 [ 21.749615][ T1883] __x64_sys_exit_group+0x3b/0x40 [ 21.754614][ T1883] do_syscall_64+0xc0/0x100 [ 21.759095][ T1883] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 21.764979][ T1883] RIP: 0033:0x440ca8 [ 21.768849][ T1883] Code: 72 72 6f 72 20 25 64 2e 20 49 67 6e 6f 72 65 64 2c 20 72 75 6e 6e 69 6e 67 20 77 69 74 68 20 64 65 66 61 75 6c 74 20 73 65 74 <74> 69 6e 67 00 00 00 00 49 6e 76 61 6c 69 64 20 22 24 4d 61 69 6e executing program [ 21.788425][ T1883] RSP: 002b:00007fff71db0df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 21.796812][ T1883] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440ca8 [ 21.804758][ T1883] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 21.813055][ T1883] RBP: 00000000004c6b50 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 21.821014][ T1883] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001 [ 21.829018][ T1883] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 21.840270][ T1892] BUG: Bad page state in process syz-executor819 pfn:1c6278 [ 21.847643][ T1892] page:ffffea0007189e00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 21.856820][ T1892] flags: 0x8000000000000000() [ 21.861473][ T1892] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 21.870048][ T1892] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 21.878597][ T1892] page dumped because: nonzero _refcount [ 21.884250][ T1892] Modules linked in: [ 21.888143][ T1892] CPU: 0 PID: 1892 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 21.899666][ T1892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.909709][ T1892] Call Trace: [ 21.912995][ T1892] dump_stack+0x1b0/0x228 [ 21.917772][ T1892] ? is_module_text_address+0x130/0x130 [ 21.923316][ T1892] ? show_regs_print_info+0x18/0x18 [ 21.928863][ T1892] bad_page+0x262/0x290 [ 21.933026][ T1892] ? _raw_spin_lock+0x170/0x170 [ 21.938200][ T1892] ? is_free_buddy_page+0x190/0x190 [ 21.943389][ T1892] ? __kasan_check_read+0x11/0x20 [ 21.948394][ T1892] ? __zone_watermark_ok+0x9b/0x270 [ 21.953582][ T1892] get_page_from_freelist+0x505a/0x57e0 [ 21.959133][ T1892] ? unwind_next_frame+0x415/0x870 [ 21.964233][ T1892] ? __rcu_read_lock+0x50/0x50 [ 21.968968][ T1892] ? unwind_next_frame+0x415/0x870 [ 21.974069][ T1892] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 21.980039][ T1892] ? 0xffffffffa0008000 [ 21.984185][ T1892] ? is_bpf_text_address+0x2c8/0x2e0 [ 21.989446][ T1892] ? stack_trace_save+0x1e0/0x1e0 [ 21.994536][ T1892] ? __kernel_text_address+0x9a/0x110 [ 21.999988][ T1892] ? unwind_get_return_address+0x4c/0x90 [ 22.005806][ T1892] ? arch_stack_walk+0x98/0xe0 [ 22.010569][ T1892] ? __alloc_pages_nodemask+0x3010/0x3010 [ 22.016280][ T1892] ? prep_new_page+0x13a/0x3a0 [ 22.021047][ T1892] __alloc_pages_nodemask+0x44f/0x3010 [ 22.026569][ T1892] ? __kasan_slab_free+0x168/0x220 [ 22.032045][ T1892] ? __kfree_skb+0x134/0x180 [ 22.036630][ T1892] ? __kasan_slab_free+0x1e2/0x220 [ 22.041722][ T1892] ? __kasan_slab_free+0x168/0x220 [ 22.046852][ T1892] ? __sys_sendmsg+0x26a/0x350 [ 22.051609][ T1892] ? __x64_sys_sendmsg+0x7f/0x90 [ 22.056533][ T1892] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.062592][ T1892] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 22.067943][ T1892] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.073491][ T1892] ? deferred_put_nlk_sk+0x200/0x200 [ 22.078773][ T1892] ? __alloc_skb+0x109/0x540 [ 22.083362][ T1892] ? jhash+0x750/0x750 [ 22.087452][ T1892] ? netlink_hash+0xd0/0xd0 [ 22.092009][ T1892] ? avc_has_perm+0x15f/0x260 [ 22.096724][ T1892] ? skb_release_data+0x536/0x690 [ 22.102321][ T1892] ? __rcu_read_lock+0x50/0x50 [ 22.107086][ T1892] skb_page_frag_refill+0x11d/0x3b0 [ 22.112278][ T1892] tun_get_user+0x69a/0x3d10 [ 22.117110][ T1892] ? __kasan_check_read+0x11/0x20 [ 22.122112][ T1892] ? __alloc_pages_nodemask+0x52d/0x3010 [ 22.127740][ T1892] ? tun_do_read+0x1f10/0x1f10 [ 22.132660][ T1892] ? put_pid+0x82/0xe0 [ 22.136728][ T1892] ? __rcu_read_lock+0x50/0x50 [ 22.141481][ T1892] ? __rcu_read_lock+0x50/0x50 [ 22.146241][ T1892] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 22.152184][ T1892] tun_chr_write_iter+0x134/0x1c0 [ 22.157216][ T1892] do_iter_readv_writev+0x5fa/0x890 [ 22.162591][ T1892] ? vfs_dedupe_file_range+0xa00/0xa00 [ 22.168047][ T1892] ? security_file_permission+0x157/0x350 [ 22.173750][ T1892] ? rw_verify_area+0x1c2/0x360 [ 22.178585][ T1892] do_iter_write+0x180/0x590 [ 22.183146][ T1892] do_writev+0x2cd/0x560 [ 22.187357][ T1892] ? do_readv+0x400/0x400 [ 22.191672][ T1892] ? __up_read+0x6f/0x1b0 [ 22.195987][ T1892] ? __down_read+0x240/0x240 [ 22.200659][ T1892] ? vmacache_find+0x21f/0x4d0 [ 22.205428][ T1892] ? do_user_addr_fault+0x6b7/0xb50 [ 22.210626][ T1892] __x64_sys_writev+0x7d/0x90 [ 22.215374][ T1892] do_syscall_64+0xc0/0x100 [ 22.219878][ T1892] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.225754][ T1892] RIP: 0033:0x441ff0 [ 22.229622][ T1892] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 01 90 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 22.249223][ T1892] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 22.257765][ T1892] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 0000000000441ff0 [ 22.265791][ T1892] RDX: 0000000000000001 RSI: 00007fff71db0e80 RDI: 00000000000000f0 [ 22.273754][ T1892] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 22.282458][ T1892] R10: 00000000bb1414ac R11: 0000000000000246 R12: 00000000000052be [ 22.290892][ T1892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.300595][ T1877] BUG: Bad page state in process syz-executor819 pfn:1cfcc0 [ 22.308121][ T1877] page:ffffea00073f3000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 22.317440][ T1877] flags: 0x8000000000000000() [ 22.322103][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 22.330785][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 22.339436][ T1877] page dumped because: nonzero _refcount [ 22.345065][ T1877] Modules linked in: [ 22.348949][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 22.360467][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.370505][ T1877] Call Trace: [ 22.373798][ T1877] dump_stack+0x1b0/0x228 [ 22.378294][ T1877] ? is_module_text_address+0x130/0x130 [ 22.383821][ T1877] ? show_regs_print_info+0x18/0x18 [ 22.389035][ T1877] bad_page+0x262/0x290 [ 22.393189][ T1877] ? _raw_spin_lock+0x170/0x170 [ 22.398068][ T1877] ? is_free_buddy_page+0x190/0x190 [ 22.403598][ T1877] ? __kasan_check_read+0x11/0x20 [ 22.408604][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 22.413785][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 22.419308][ T1877] ? __kasan_check_write+0x14/0x20 [ 22.424743][ T1877] ? __read_once_size_nocheck+0x10/0x10 [ 22.430288][ T1877] ? unwind_next_frame+0x415/0x870 [ 22.435415][ T1877] ? __rcu_read_lock+0x50/0x50 [ 22.440200][ T1877] ? unwind_next_frame+0x415/0x870 [ 22.445304][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 22.451022][ T1877] ? 0xffffffffa0008000 [ 22.455174][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 22.460628][ T1877] ? arch_stack_walk+0x98/0xe0 [ 22.465541][ T1877] ? stack_trace_save+0x111/0x1e0 [ 22.470705][ T1877] ? stack_trace_snprint+0x150/0x150 [ 22.476003][ T1877] ? stack_trace_save+0x111/0x1e0 [ 22.481092][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.486911][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 22.491851][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 22.496842][ T1877] ? kasan_kmalloc+0x9/0x10 [ 22.501333][ T1877] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 22.506831][ T1877] ? alloc_fdtable+0x98/0x290 [ 22.511531][ T1877] ? dup_fd+0x7ad/0xb60 [ 22.515682][ T1877] ? copy_process+0x1725/0x52d0 [ 22.520565][ T1877] ? _do_fork+0x185/0x950 [ 22.524937][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 22.529862][ T1877] ? do_syscall_64+0xc0/0x100 [ 22.534515][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.540564][ T1877] ? dup_fd+0x6f/0xb60 [ 22.544619][ T1877] ? copy_process+0x1725/0x52d0 [ 22.549449][ T1877] ? _do_fork+0x185/0x950 [ 22.553759][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 22.558946][ T1877] ? do_syscall_64+0xc0/0x100 [ 22.563605][ T1877] ? __rcu_read_lock+0x50/0x50 [ 22.568360][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 22.573377][ T1877] alloc_slab_page+0x3f/0x390 [ 22.578038][ T1877] new_slab+0x98/0x430 [ 22.582116][ T1877] ___slab_alloc+0x2e0/0x450 [ 22.586692][ T1877] ? kvmalloc_node+0xc6/0x120 [ 22.591351][ T1877] ? new_slab+0x21b/0x430 [ 22.595691][ T1877] ? __should_failslab+0x90/0x160 [ 22.600704][ T1877] ? kvmalloc_node+0xc6/0x120 [ 22.605362][ T1877] __kmalloc+0x26d/0x310 [ 22.609587][ T1877] kvmalloc_node+0xc6/0x120 [ 22.614146][ T1877] alloc_fdtable+0xe3/0x290 [ 22.618639][ T1877] dup_fd+0x7ad/0xb60 [ 22.622659][ T1877] ? perf_event_attrs+0x30/0x30 [ 22.627499][ T1877] ? selinux_task_alloc+0x95/0xb0 [ 22.632506][ T1877] copy_process+0x1725/0x52d0 [ 22.637358][ T1877] ? kernel_wait4+0x380/0x380 [ 22.642014][ T1877] ? fork_idle+0x290/0x290 [ 22.646418][ T1877] ? put_pid+0x89/0xe0 [ 22.650477][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 22.655388][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 22.660036][ T1877] _do_fork+0x185/0x950 [ 22.664177][ T1877] ? dup_mm+0x330/0x330 [ 22.668304][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 22.673217][ T1877] ? do_wait+0x890/0x890 [ 22.677568][ T1877] __x64_sys_clone+0x247/0x2b0 [ 22.682631][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 22.687911][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 22.693459][ T1877] do_syscall_64+0xc0/0x100 [ 22.697980][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 22.703855][ T1877] RIP: 0033:0x4409fa [ 22.707739][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 22.727361][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 22.735974][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa executing program executing program [ 22.743953][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 22.752003][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 22.760432][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 22.768603][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 22.781406][ T1894] BUG: Bad page state in process syz-executor819 pfn:1cfc68 [ 22.789021][ T1894] page:ffffea00073f1a00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 22.798290][ T1894] flags: 0x8000000000000000() [ 22.802946][ T1894] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 22.811509][ T1894] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 22.820172][ T1894] page dumped because: nonzero _refcount [ 22.825781][ T1894] Modules linked in: [ 22.830457][ T1894] CPU: 0 PID: 1894 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 22.842321][ T1894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.852365][ T1894] Call Trace: [ 22.855692][ T1894] dump_stack+0x1b0/0x228 [ 22.860061][ T1894] ? is_module_text_address+0x130/0x130 [ 22.865586][ T1894] ? show_regs_print_info+0x18/0x18 [ 22.870763][ T1894] bad_page+0x262/0x290 [ 22.874896][ T1894] ? _raw_spin_lock+0x170/0x170 [ 22.879728][ T1894] ? is_free_buddy_page+0x190/0x190 [ 22.884913][ T1894] ? __kasan_check_read+0x11/0x20 [ 22.889911][ T1894] ? __zone_watermark_ok+0x9b/0x270 [ 22.895084][ T1894] get_page_from_freelist+0x505a/0x57e0 [ 22.900620][ T1894] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 22.906670][ T1894] ? 0xffffffffa0018000 [ 22.910821][ T1894] ? stack_trace_save+0x1e0/0x1e0 [ 22.915939][ T1894] ? __read_once_size_nocheck+0x10/0x10 [ 22.921475][ T1894] ? unwind_next_frame+0x415/0x870 [ 22.926773][ T1894] ? __alloc_pages_nodemask+0x3010/0x3010 [ 22.932480][ T1894] ? unwind_next_frame+0x415/0x870 [ 22.937580][ T1894] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 22.943537][ T1894] __alloc_pages_nodemask+0x44f/0x3010 [ 22.948982][ T1894] ? __kernel_text_address+0x9a/0x110 [ 22.954329][ T1894] ? arch_stack_walk+0x98/0xe0 [ 22.959113][ T1894] ? stack_trace_save+0x111/0x1e0 [ 22.964214][ T1894] ? stack_trace_snprint+0x150/0x150 [ 22.969548][ T1894] ? stack_trace_save+0x111/0x1e0 [ 22.974603][ T1894] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 22.980142][ T1894] ? stack_trace_snprint+0x150/0x150 [ 22.985415][ T1894] ? __kasan_kmalloc+0x179/0x1b0 [ 22.990342][ T1894] ? __kasan_kmalloc+0x117/0x1b0 [ 22.995673][ T1894] ? kasan_slab_alloc+0xe/0x10 [ 23.000446][ T1894] ? kmem_cache_alloc+0x120/0x2b0 [ 23.005472][ T1894] ? security_inode_alloc+0x36/0x1f0 [ 23.010754][ T1894] ? do_syscall_64+0xc0/0x100 [ 23.015415][ T1894] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.021468][ T1894] ? __kasan_kmalloc+0x117/0x1b0 [ 23.026387][ T1894] ? kasan_slab_alloc+0xe/0x10 [ 23.031123][ T1894] ? sock_alloc_inode+0x1b/0xc0 [ 23.035945][ T1894] ? new_inode_pseudo+0x68/0x240 [ 23.040855][ T1894] ? __sock_create+0x136/0x7b0 [ 23.045587][ T1894] ? __sys_socket+0x115/0x350 [ 23.050231][ T1894] ? __x64_sys_socket+0x7a/0x90 [ 23.055064][ T1894] alloc_slab_page+0x3f/0x390 [ 23.059714][ T1894] new_slab+0x98/0x430 [ 23.063753][ T1894] ? _raw_spin_lock+0x170/0x170 [ 23.068574][ T1894] ___slab_alloc+0x2e0/0x450 [ 23.073135][ T1894] ? sk_prot_alloc+0x11c/0x2f0 [ 23.077884][ T1894] ? __should_failslab+0x90/0x160 [ 23.082979][ T1894] ? sk_prot_alloc+0x11c/0x2f0 [ 23.087714][ T1894] __kmalloc+0x26d/0x310 [ 23.091930][ T1894] sk_prot_alloc+0x11c/0x2f0 [ 23.096492][ T1894] sk_alloc+0x35/0x300 [ 23.100632][ T1894] netlink_create+0x3ce/0x630 [ 23.105366][ T1894] ? rtnetlink_rcv+0x20/0x20 [ 23.109951][ T1894] __sock_create+0x3c6/0x7b0 [ 23.114522][ T1894] __sys_socket+0x115/0x350 [ 23.119457][ T1894] ? sock_create_kern+0x50/0x50 [ 23.124763][ T1894] ? __kasan_check_read+0x11/0x20 [ 23.129778][ T1894] __x64_sys_socket+0x7a/0x90 [ 23.134451][ T1894] do_syscall_64+0xc0/0x100 [ 23.138938][ T1894] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.144814][ T1894] RIP: 0033:0x4420f9 [ 23.148697][ T1894] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 23.168764][ T1894] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 23.177190][ T1894] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 23.185154][ T1894] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 executing program executing program [ 23.193201][ T1894] RBP: 0000000000000000 R08: 0000000000000004 R09: 00000000bb1414ac [ 23.201165][ T1894] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000058e8 [ 23.209121][ T1894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.223729][ T1896] BUG: Bad page state in process syz-executor819 pfn:1cfdd8 [ 23.231561][ T1896] page:ffffea00073f7600 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 23.240954][ T1896] flags: 0x8000000000000000() [ 23.245639][ T1896] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.254237][ T1896] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 23.262801][ T1896] page dumped because: nonzero _refcount [ 23.268412][ T1896] Modules linked in: [ 23.272302][ T1896] CPU: 1 PID: 1896 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 23.283820][ T1896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.294641][ T1896] Call Trace: [ 23.297922][ T1896] dump_stack+0x1b0/0x228 [ 23.302244][ T1896] ? is_module_text_address+0x130/0x130 [ 23.307768][ T1896] ? show_regs_print_info+0x18/0x18 [ 23.312944][ T1896] bad_page+0x262/0x290 [ 23.317075][ T1896] ? _raw_spin_lock+0x170/0x170 [ 23.321913][ T1896] ? is_free_buddy_page+0x190/0x190 [ 23.327095][ T1896] ? __kasan_check_read+0x11/0x20 [ 23.332111][ T1896] ? __zone_watermark_ok+0x9b/0x270 [ 23.337295][ T1896] get_page_from_freelist+0x505a/0x57e0 [ 23.342854][ T1896] ? unwind_next_frame+0x415/0x870 [ 23.347965][ T1896] ? __rcu_read_lock+0x50/0x50 [ 23.352744][ T1896] ? unwind_next_frame+0x415/0x870 [ 23.357841][ T1896] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 23.363886][ T1896] ? 0xffffffffa0028000 [ 23.368039][ T1896] ? is_bpf_text_address+0x2c8/0x2e0 [ 23.373341][ T1896] ? stack_trace_save+0x1e0/0x1e0 [ 23.378957][ T1896] ? __kernel_text_address+0x9a/0x110 [ 23.384346][ T1896] ? unwind_get_return_address+0x4c/0x90 [ 23.390011][ T1896] ? arch_stack_walk+0x98/0xe0 [ 23.395291][ T1896] ? __alloc_pages_nodemask+0x3010/0x3010 [ 23.401004][ T1896] ? prep_new_page+0x13a/0x3a0 [ 23.405750][ T1896] __alloc_pages_nodemask+0x44f/0x3010 [ 23.411222][ T1896] ? __kasan_slab_free+0x168/0x220 [ 23.416328][ T1896] ? __kfree_skb+0x134/0x180 [ 23.420903][ T1896] ? __kasan_slab_free+0x1e2/0x220 [ 23.425998][ T1896] ? __kasan_slab_free+0x168/0x220 [ 23.431082][ T1896] ? __sys_sendmsg+0x26a/0x350 [ 23.435816][ T1896] ? __x64_sys_sendmsg+0x7f/0x90 [ 23.440726][ T1896] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.446769][ T1896] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 23.452125][ T1896] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.457666][ T1896] ? deferred_put_nlk_sk+0x200/0x200 [ 23.462952][ T1896] ? __alloc_skb+0x109/0x540 [ 23.467527][ T1896] ? jhash+0x750/0x750 [ 23.471570][ T1896] ? netlink_hash+0xd0/0xd0 [ 23.476111][ T1896] ? avc_has_perm+0x15f/0x260 [ 23.480880][ T1896] ? skb_release_data+0x536/0x690 [ 23.485906][ T1896] ? __rcu_read_lock+0x50/0x50 [ 23.490726][ T1896] skb_page_frag_refill+0x11d/0x3b0 [ 23.495923][ T1896] tun_get_user+0x69a/0x3d10 [ 23.500497][ T1896] ? __kasan_check_read+0x11/0x20 [ 23.505503][ T1896] ? __alloc_pages_nodemask+0x52d/0x3010 [ 23.511114][ T1896] ? tun_do_read+0x1f10/0x1f10 [ 23.515867][ T1896] ? put_pid+0x82/0xe0 [ 23.519917][ T1896] ? __rcu_read_lock+0x50/0x50 [ 23.524666][ T1896] ? __rcu_read_lock+0x50/0x50 [ 23.529555][ T1896] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 23.535351][ T1896] tun_chr_write_iter+0x134/0x1c0 [ 23.540354][ T1896] do_iter_readv_writev+0x5fa/0x890 [ 23.545541][ T1896] ? vfs_dedupe_file_range+0xa00/0xa00 [ 23.550992][ T1896] ? security_file_permission+0x157/0x350 [ 23.556794][ T1896] ? rw_verify_area+0x1c2/0x360 [ 23.561665][ T1896] do_iter_write+0x180/0x590 [ 23.566237][ T1896] do_writev+0x2cd/0x560 [ 23.570566][ T1896] ? do_readv+0x400/0x400 [ 23.575072][ T1896] ? __up_read+0x6f/0x1b0 [ 23.579749][ T1896] ? __down_read+0x240/0x240 [ 23.584315][ T1896] ? vmacache_find+0x21f/0x4d0 [ 23.589056][ T1896] ? do_user_addr_fault+0x6b7/0xb50 [ 23.594244][ T1896] __x64_sys_writev+0x7d/0x90 [ 23.598914][ T1896] do_syscall_64+0xc0/0x100 [ 23.603395][ T1896] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.609258][ T1896] RIP: 0033:0x441ff0 [ 23.613142][ T1896] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 01 90 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 23.632941][ T1896] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 23.641336][ T1896] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 0000000000441ff0 [ 23.649478][ T1896] RDX: 0000000000000001 RSI: 00007fff71db0e80 RDI: 00000000000000f0 [ 23.657531][ T1896] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 23.665626][ T1896] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000005aa3 [ 23.673603][ T1896] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 23.684081][ T1877] BUG: Bad page state in process syz-executor819 pfn:1cfda8 [ 23.691956][ T1877] page:ffffea00073f6a00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 23.704051][ T1877] flags: 0x8000000000000000() [ 23.709543][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 23.720040][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 23.728595][ T1877] page dumped because: nonzero _refcount [ 23.734200][ T1877] Modules linked in: [ 23.738368][ T1877] CPU: 0 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 23.751453][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.761913][ T1877] Call Trace: [ 23.765828][ T1877] dump_stack+0x1b0/0x228 [ 23.770312][ T1877] ? is_module_text_address+0x130/0x130 [ 23.776902][ T1877] ? show_regs_print_info+0x18/0x18 [ 23.782633][ T1877] bad_page+0x262/0x290 [ 23.787149][ T1877] ? _raw_spin_lock+0x170/0x170 [ 23.792134][ T1877] ? is_free_buddy_page+0x190/0x190 [ 23.797341][ T1877] ? __kasan_check_read+0x11/0x20 [ 23.802349][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 23.807821][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 23.813666][ T1877] ? invalidate_inode_page+0x260/0x260 [ 23.819281][ T1877] ? __kasan_check_write+0x14/0x20 [ 23.824605][ T1877] ? __read_once_size_nocheck+0x10/0x10 [ 23.830160][ T1877] ? unwind_next_frame+0x415/0x870 [ 23.835341][ T1877] ? __rcu_read_lock+0x50/0x50 [ 23.840099][ T1877] ? unwind_next_frame+0x415/0x870 [ 23.845764][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 23.851551][ T1877] ? 0xffffffffa0028000 [ 23.855769][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 23.861731][ T1877] ? arch_stack_walk+0x98/0xe0 [ 23.866739][ T1877] ? stack_trace_save+0x111/0x1e0 [ 23.872663][ T1877] ? stack_trace_snprint+0x150/0x150 [ 23.878039][ T1877] ? stack_trace_save+0x111/0x1e0 [ 23.883463][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 23.889469][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 23.894777][ T1877] ? __kasan_kmalloc+0x117/0x1b0 [ 23.899699][ T1877] ? kasan_kmalloc+0x9/0x10 [ 23.904535][ T1877] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 23.910081][ T1877] ? alloc_fdtable+0x98/0x290 [ 23.914997][ T1877] ? dup_fd+0x7ad/0xb60 [ 23.919156][ T1877] ? copy_process+0x1725/0x52d0 [ 23.923979][ T1877] ? _do_fork+0x185/0x950 [ 23.928373][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 23.933388][ T1877] ? do_syscall_64+0xc0/0x100 [ 23.938129][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 23.944483][ T1877] ? dup_fd+0x6f/0xb60 [ 23.948785][ T1877] ? copy_process+0x1725/0x52d0 [ 23.954174][ T1877] ? _do_fork+0x185/0x950 [ 23.958758][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 23.963769][ T1877] ? do_syscall_64+0xc0/0x100 [ 23.968451][ T1877] ? __rcu_read_lock+0x50/0x50 [ 23.973204][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 23.978806][ T1877] alloc_slab_page+0x3f/0x390 [ 23.983776][ T1877] new_slab+0x98/0x430 [ 23.987848][ T1877] ___slab_alloc+0x2e0/0x450 [ 23.993323][ T1877] ? kvmalloc_node+0xc6/0x120 [ 23.999240][ T1877] ? memcpy+0x49/0x60 [ 24.003385][ T1877] ? __should_failslab+0x90/0x160 [ 24.008495][ T1877] ? kvmalloc_node+0xc6/0x120 [ 24.013478][ T1877] __kmalloc+0x26d/0x310 [ 24.017802][ T1877] kvmalloc_node+0xc6/0x120 [ 24.022460][ T1877] alloc_fdtable+0xe3/0x290 [ 24.026944][ T1877] dup_fd+0x7ad/0xb60 [ 24.030903][ T1877] ? perf_event_attrs+0x30/0x30 [ 24.035733][ T1877] ? selinux_task_alloc+0x95/0xb0 [ 24.040777][ T1877] copy_process+0x1725/0x52d0 [ 24.046007][ T1877] ? kernel_wait4+0x380/0x380 [ 24.050834][ T1877] ? fork_idle+0x290/0x290 [ 24.055265][ T1877] ? put_pid+0x89/0xe0 [ 24.059591][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 24.064501][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 24.069150][ T1877] _do_fork+0x185/0x950 [ 24.073281][ T1877] ? dup_mm+0x330/0x330 [ 24.077423][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 24.082350][ T1877] ? do_wait+0x890/0x890 [ 24.086565][ T1877] __x64_sys_clone+0x247/0x2b0 [ 24.091303][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 24.096302][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 24.101830][ T1877] do_syscall_64+0xc0/0x100 [ 24.106309][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.112194][ T1877] RIP: 0033:0x4409fa [ 24.116066][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 24.135644][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 executing program [ 24.145418][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 24.153365][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 24.161312][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 24.169701][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 24.177649][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.188488][ T1877] BUG: Bad page state in process syz-executor819 pfn:1cfdc0 [ 24.195859][ T1877] page:ffffea00073f7000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 24.205033][ T1877] flags: 0x8000000000000000() [ 24.209690][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 24.218260][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 24.226815][ T1877] page dumped because: nonzero _refcount [ 24.232413][ T1877] Modules linked in: [ 24.236305][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 24.248255][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.258301][ T1877] Call Trace: [ 24.261595][ T1877] dump_stack+0x1b0/0x228 [ 24.265950][ T1877] ? is_module_text_address+0x130/0x130 [ 24.271493][ T1877] ? show_regs_print_info+0x18/0x18 [ 24.277435][ T1877] bad_page+0x262/0x290 [ 24.281597][ T1877] ? _raw_spin_lock+0x170/0x170 [ 24.286440][ T1877] ? is_free_buddy_page+0x190/0x190 [ 24.291625][ T1877] ? __kasan_check_read+0x11/0x20 [ 24.296628][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 24.301891][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 24.307436][ T1877] ? 0xffffffffa0008000 [ 24.311585][ T1877] ? is_bpf_text_address+0x2c8/0x2e0 [ 24.316881][ T1877] ? stack_trace_save+0x1e0/0x1e0 [ 24.321889][ T1877] ? __kernel_text_address+0x9a/0x110 [ 24.327245][ T1877] ? unwind_get_return_address+0x4c/0x90 [ 24.332868][ T1877] ? arch_stack_walk+0x98/0xe0 [ 24.337694][ T1877] ? stack_trace_save+0x111/0x1e0 [ 24.342704][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 24.348512][ T1877] ? stack_trace_snprint+0x150/0x150 [ 24.353798][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 24.359247][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 24.364190][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 24.368949][ T1877] ? kmem_cache_alloc+0x120/0x2b0 [ 24.374212][ T1877] ? copy_process+0x59b/0x52d0 [ 24.378965][ T1877] ? _do_fork+0x185/0x950 [ 24.383359][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 24.388371][ T1877] ? do_syscall_64+0xc0/0x100 [ 24.393049][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.399096][ T1877] ? alloc_slab_page+0x135/0x390 [ 24.404029][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 24.409558][ T1877] ? setup_object+0xfa/0x130 [ 24.414129][ T1877] ? new_slab+0x21b/0x430 [ 24.418432][ T1877] ? ___slab_alloc+0x2e0/0x450 [ 24.423184][ T1877] ? copy_process+0x59b/0x52d0 [ 24.427947][ T1877] ? __kasan_check_write+0x14/0x20 [ 24.433207][ T1877] ? copy_process+0x59b/0x52d0 [ 24.438041][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 24.442865][ T1877] copy_process+0x5eb/0x52d0 [ 24.447785][ T1877] ? kernel_wait4+0x380/0x380 [ 24.452553][ T1877] ? fork_idle+0x290/0x290 [ 24.457069][ T1877] ? put_pid+0x89/0xe0 [ 24.461280][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 24.466204][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 24.470874][ T1877] _do_fork+0x185/0x950 [ 24.475044][ T1877] ? dup_mm+0x330/0x330 [ 24.479305][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 24.484230][ T1877] ? do_wait+0x890/0x890 [ 24.488448][ T1877] __x64_sys_clone+0x247/0x2b0 [ 24.493190][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 24.498208][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 24.503734][ T1877] do_syscall_64+0xc0/0x100 [ 24.508262][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.514148][ T1877] RIP: 0033:0x4409fa [ 24.518020][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 24.537684][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 24.546077][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa executing program [ 24.554050][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 24.562012][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 24.569989][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 24.577951][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.589321][ T1877] BUG: Bad page state in process syz-executor819 pfn:1cfd48 [ 24.596705][ T1877] page:ffffea00073f5200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 24.605879][ T1877] flags: 0x8000000000000000() [ 24.610550][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 24.619200][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 24.627793][ T1877] page dumped because: nonzero _refcount [ 24.633416][ T1877] Modules linked in: [ 24.637308][ T1877] CPU: 1 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 24.648814][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.659242][ T1877] Call Trace: [ 24.662542][ T1877] dump_stack+0x1b0/0x228 [ 24.666852][ T1877] ? is_module_text_address+0x130/0x130 [ 24.672395][ T1877] ? show_regs_print_info+0x18/0x18 [ 24.677578][ T1877] bad_page+0x262/0x290 [ 24.681748][ T1877] ? _raw_spin_lock+0x170/0x170 [ 24.686619][ T1877] ? is_free_buddy_page+0x190/0x190 [ 24.691811][ T1877] ? __kasan_check_read+0x11/0x20 [ 24.696947][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 24.702137][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 24.707684][ T1877] ? 0xffffffffa0010000 [ 24.711853][ T1877] ? is_bpf_text_address+0x2c8/0x2e0 [ 24.717135][ T1877] ? stack_trace_save+0x1e0/0x1e0 [ 24.722355][ T1877] ? __kernel_text_address+0x9a/0x110 [ 24.727717][ T1877] ? unwind_get_return_address+0x4c/0x90 [ 24.733348][ T1877] ? arch_stack_walk+0x98/0xe0 [ 24.738112][ T1877] ? stack_trace_save+0x111/0x1e0 [ 24.743130][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 24.748830][ T1877] ? stack_trace_snprint+0x150/0x150 [ 24.754090][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 24.759527][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 24.764464][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 24.769208][ T1877] ? kmem_cache_alloc+0x120/0x2b0 [ 24.774302][ T1877] ? copy_process+0x59b/0x52d0 [ 24.779104][ T1877] ? _do_fork+0x185/0x950 [ 24.783415][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 24.788342][ T1877] ? do_syscall_64+0xc0/0x100 [ 24.793001][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.799057][ T1877] ? wait_consider_task+0x193f/0x2790 [ 24.804408][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 24.809927][ T1877] ? __kasan_check_write+0x14/0x20 [ 24.815012][ T1877] ? copy_process+0x59b/0x52d0 [ 24.819747][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 24.824494][ T1877] copy_process+0x5eb/0x52d0 [ 24.829062][ T1877] ? kernel_wait4+0x380/0x380 [ 24.833714][ T1877] ? fork_idle+0x290/0x290 [ 24.838109][ T1877] ? put_pid+0x89/0xe0 [ 24.842154][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 24.847068][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 24.851716][ T1877] _do_fork+0x185/0x950 [ 24.855855][ T1877] ? dup_mm+0x330/0x330 [ 24.859985][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 24.864897][ T1877] ? do_wait+0x890/0x890 [ 24.869111][ T1877] __x64_sys_clone+0x247/0x2b0 [ 24.873848][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 24.878855][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 24.884521][ T1877] do_syscall_64+0xc0/0x100 [ 24.889014][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 24.894907][ T1877] RIP: 0033:0x4409fa [ 24.898791][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 24.918555][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 24.926946][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 24.934908][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 24.942854][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 executing program [ 24.950812][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 24.958761][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 24.969696][ T1877] BUG: Bad page state in process syz-executor819 pfn:1cfd08 [ 24.977087][ T1877] page:ffffea00073f4200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 24.986270][ T1877] flags: 0x8000000000000000() [ 24.990940][ T1877] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 24.999501][ T1877] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.008052][ T1877] page dumped because: nonzero _refcount [ 25.013651][ T1877] Modules linked in: [ 25.017526][ T1877] CPU: 0 PID: 1877 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 25.029039][ T1877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.039079][ T1877] Call Trace: [ 25.042356][ T1877] dump_stack+0x1b0/0x228 [ 25.046845][ T1877] ? is_module_text_address+0x130/0x130 [ 25.052387][ T1877] ? show_regs_print_info+0x18/0x18 [ 25.057563][ T1877] bad_page+0x262/0x290 [ 25.061718][ T1877] ? _raw_spin_lock+0x170/0x170 [ 25.066573][ T1877] ? is_free_buddy_page+0x190/0x190 [ 25.071771][ T1877] ? __kasan_check_read+0x11/0x20 [ 25.077201][ T1877] ? __zone_watermark_ok+0x9b/0x270 [ 25.082527][ T1877] get_page_from_freelist+0x505a/0x57e0 [ 25.088072][ T1877] ? 0xffffffffa0018000 [ 25.092209][ T1877] ? is_bpf_text_address+0x2c8/0x2e0 [ 25.097571][ T1877] ? stack_trace_save+0x1e0/0x1e0 [ 25.102669][ T1877] ? __kernel_text_address+0x9a/0x110 [ 25.108043][ T1877] ? unwind_get_return_address+0x4c/0x90 [ 25.114092][ T1877] ? arch_stack_walk+0x98/0xe0 [ 25.119297][ T1877] ? stack_trace_save+0x111/0x1e0 [ 25.124402][ T1877] ? __alloc_pages_nodemask+0x3010/0x3010 [ 25.130111][ T1877] ? stack_trace_snprint+0x150/0x150 [ 25.135385][ T1877] __alloc_pages_nodemask+0x44f/0x3010 [ 25.140848][ T1877] ? __kasan_kmalloc+0x179/0x1b0 [ 25.145851][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 25.150590][ T1877] ? kmem_cache_alloc+0x120/0x2b0 [ 25.155609][ T1877] ? copy_process+0x59b/0x52d0 [ 25.160360][ T1877] ? _do_fork+0x185/0x950 [ 25.164684][ T1877] ? __x64_sys_clone+0x247/0x2b0 [ 25.169596][ T1877] ? do_syscall_64+0xc0/0x100 [ 25.174265][ T1877] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.180430][ T1877] ? wait_consider_task+0x193f/0x2790 [ 25.185817][ T1877] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 25.191367][ T1877] ? ___slab_alloc+0xab/0x450 [ 25.196115][ T1877] ? copy_process+0x59b/0x52d0 [ 25.200854][ T1877] ? __kasan_check_write+0x14/0x20 [ 25.205939][ T1877] ? copy_process+0x59b/0x52d0 [ 25.210699][ T1877] ? kasan_slab_alloc+0xe/0x10 [ 25.215438][ T1877] copy_process+0x5eb/0x52d0 [ 25.220355][ T1877] ? kernel_wait4+0x380/0x380 [ 25.225007][ T1877] ? fork_idle+0x290/0x290 [ 25.229398][ T1877] ? put_pid+0x89/0xe0 [ 25.233446][ T1877] ? __ia32_sys_waitid+0xd0/0xd0 [ 25.238600][ T1877] ? do_nanosleep+0x58b/0x6b0 [ 25.246708][ T1877] _do_fork+0x185/0x950 [ 25.254073][ T1877] ? dup_mm+0x330/0x330 [ 25.261331][ T1877] ? __x64_sys_wait4+0x168/0x1c0 [ 25.266246][ T1877] ? do_wait+0x890/0x890 [ 25.270464][ T1877] __x64_sys_clone+0x247/0x2b0 [ 25.275225][ T1877] ? __ia32_sys_vfork+0x110/0x110 [ 25.280229][ T1877] ? syscall_return_slowpath+0x6f/0x500 [ 25.285748][ T1877] do_syscall_64+0xc0/0x100 [ 25.290230][ T1877] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.296244][ T1877] RIP: 0033:0x4409fa [ 25.300136][ T1877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 25.321665][ T1877] RSP: 002b:00007fff71db0e10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 25.335197][ T1877] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004409fa [ 25.343243][ T1877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 executing program [ 25.351290][ T1877] RBP: 00007fff71db0e30 R08: 0000000000000001 R09: 0000000000868880 [ 25.359255][ T1877] R10: 0000000000868b50 R11: 0000000000000246 R12: 0000000000000001 [ 25.367443][ T1877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.377897][ T1900] BUG: Bad page state in process syz-executor819 pfn:1d0740 [ 25.387060][ T1900] page:ffffea000741d000 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.399649][ T1900] flags: 0x8000000000000000() [ 25.404304][ T1900] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.417754][ T1900] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.428807][ T1900] page dumped because: nonzero _refcount [ 25.434985][ T1900] Modules linked in: [ 25.439332][ T1900] CPU: 0 PID: 1900 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 25.451547][ T1900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.461692][ T1900] Call Trace: [ 25.464973][ T1900] dump_stack+0x1b0/0x228 [ 25.469338][ T1900] ? is_module_text_address+0x130/0x130 [ 25.474876][ T1900] ? show_regs_print_info+0x18/0x18 [ 25.480055][ T1900] bad_page+0x262/0x290 [ 25.484275][ T1900] ? _raw_spin_lock+0x170/0x170 [ 25.489167][ T1900] ? is_free_buddy_page+0x190/0x190 [ 25.494338][ T1900] ? __kasan_check_read+0x11/0x20 [ 25.499345][ T1900] ? __zone_watermark_ok+0x9b/0x270 [ 25.504514][ T1900] get_page_from_freelist+0x505a/0x57e0 [ 25.510103][ T1900] ? unwind_next_frame+0x415/0x870 [ 25.515264][ T1900] ? __rcu_read_lock+0x50/0x50 [ 25.520013][ T1900] ? unwind_next_frame+0x415/0x870 [ 25.525193][ T1900] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 25.531218][ T1900] ? 0xffffffffa0008000 [ 25.535402][ T1900] ? is_bpf_text_address+0x2c8/0x2e0 [ 25.540664][ T1900] ? stack_trace_save+0x1e0/0x1e0 [ 25.545684][ T1900] ? __kernel_text_address+0x9a/0x110 [ 25.551045][ T1900] ? unwind_get_return_address+0x4c/0x90 [ 25.556717][ T1900] ? arch_stack_walk+0x98/0xe0 [ 25.561463][ T1900] ? __alloc_pages_nodemask+0x3010/0x3010 [ 25.567884][ T1900] ? prep_new_page+0x13a/0x3a0 [ 25.572637][ T1900] __alloc_pages_nodemask+0x44f/0x3010 [ 25.578082][ T1900] ? __kasan_slab_free+0x168/0x220 [ 25.583167][ T1900] ? __kfree_skb+0x134/0x180 [ 25.587738][ T1900] ? __kasan_slab_free+0x1e2/0x220 [ 25.592819][ T1900] ? __kasan_slab_free+0x168/0x220 [ 25.597914][ T1900] ? __sys_sendmsg+0x26a/0x350 [ 25.602663][ T1900] ? __x64_sys_sendmsg+0x7f/0x90 [ 25.607581][ T1900] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.613659][ T1900] ? avc_has_perm_noaudit+0x2fc/0x3f0 [ 25.619055][ T1900] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 25.624585][ T1900] ? deferred_put_nlk_sk+0x200/0x200 [ 25.629872][ T1900] ? __alloc_skb+0x109/0x540 [ 25.634477][ T1900] ? jhash+0x750/0x750 [ 25.638530][ T1900] ? netlink_hash+0xd0/0xd0 [ 25.643076][ T1900] ? avc_has_perm+0x15f/0x260 [ 25.647742][ T1900] ? skb_release_data+0x536/0x690 [ 25.652770][ T1900] ? __rcu_read_lock+0x50/0x50 [ 25.657515][ T1900] skb_page_frag_refill+0x11d/0x3b0 [ 25.662691][ T1900] tun_get_user+0x69a/0x3d10 [ 25.667261][ T1900] ? __kasan_check_read+0x11/0x20 [ 25.672262][ T1900] ? __alloc_pages_nodemask+0x52d/0x3010 [ 25.677879][ T1900] ? tun_do_read+0x1f10/0x1f10 [ 25.682619][ T1900] ? put_pid+0x82/0xe0 [ 25.686678][ T1900] ? __rcu_read_lock+0x50/0x50 [ 25.691435][ T1900] ? __rcu_read_lock+0x50/0x50 [ 25.696318][ T1900] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 25.702123][ T1900] tun_chr_write_iter+0x134/0x1c0 [ 25.707237][ T1900] do_iter_readv_writev+0x5fa/0x890 [ 25.712421][ T1900] ? vfs_dedupe_file_range+0xa00/0xa00 [ 25.717864][ T1900] ? security_file_permission+0x157/0x350 [ 25.723902][ T1900] ? rw_verify_area+0x1c2/0x360 [ 25.728738][ T1900] do_iter_write+0x180/0x590 [ 25.733309][ T1900] do_writev+0x2cd/0x560 [ 25.737524][ T1900] ? do_readv+0x400/0x400 [ 25.741827][ T1900] ? __up_read+0x6f/0x1b0 [ 25.746648][ T1900] ? __down_read+0x240/0x240 [ 25.751223][ T1900] ? vmacache_find+0x21f/0x4d0 [ 25.755971][ T1900] ? do_user_addr_fault+0x6b7/0xb50 [ 25.761139][ T1900] __x64_sys_writev+0x7d/0x90 [ 25.765799][ T1900] do_syscall_64+0xc0/0x100 [ 25.770280][ T1900] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 25.776158][ T1900] RIP: 0033:0x441ff0 [ 25.780124][ T1900] Code: 05 48 3d 01 f0 ff ff 0f 83 5d 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 01 90 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 34 09 fc ff c3 48 83 ec 08 e8 ba 2b 00 00 [ 25.799713][ T1900] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 executing program [ 25.808294][ T1900] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 0000000000441ff0 [ 25.816305][ T1900] RDX: 0000000000000001 RSI: 00007fff71db0e80 RDI: 00000000000000f0 [ 25.824297][ T1900] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 25.832247][ T1900] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000006176 [ 25.840244][ T1900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.850315][ T1901] BUG: Bad page state in process syz-executor819 pfn:1d0710 [ 25.857689][ T1901] page:ffffea000741c400 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.866863][ T1901] flags: 0x8000000000000000() [ 25.871538][ T1901] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 25.880103][ T1901] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 25.888666][ T1901] page dumped because: nonzero _refcount [ 25.894265][ T1901] Modules linked in: [ 25.898151][ T1901] CPU: 0 PID: 1901 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 25.909656][ T1901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.919684][ T1901] Call Trace: [ 25.922957][ T1901] dump_stack+0x1b0/0x228 [ 25.927262][ T1901] ? is_module_text_address+0x130/0x130 [ 25.932786][ T1901] ? show_regs_print_info+0x18/0x18 [ 25.937972][ T1901] bad_page+0x262/0x290 [ 25.942106][ T1901] ? _raw_spin_lock+0x170/0x170 [ 25.946931][ T1901] ? is_free_buddy_page+0x190/0x190 [ 25.952102][ T1901] ? __kasan_check_read+0x11/0x20 [ 25.957101][ T1901] ? __zone_watermark_ok+0x9b/0x270 [ 25.962279][ T1901] get_page_from_freelist+0x505a/0x57e0 [ 25.967820][ T1901] ? __read_once_size_nocheck+0x10/0x10 [ 25.973340][ T1901] ? unwind_next_frame+0x415/0x870 [ 25.978436][ T1901] ? __rcu_read_lock+0x50/0x50 [ 25.983182][ T1901] ? unwind_next_frame+0x415/0x870 [ 25.988270][ T1901] ? __alloc_pages_nodemask+0x3010/0x3010 [ 25.993976][ T1901] ? 0xffffffffa0008000 [ 25.998108][ T1901] __alloc_pages_nodemask+0x44f/0x3010 [ 26.003549][ T1901] ? __kasan_check_read+0x11/0x20 [ 26.008573][ T1901] ? prep_new_page+0x13a/0x3a0 [ 26.013311][ T1901] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.018849][ T1901] ? get_page_from_freelist+0x5426/0x57e0 [ 26.024553][ T1901] ? __rcu_read_lock+0x50/0x50 [ 26.029293][ T1901] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.035258][ T1901] alloc_slab_page+0x3f/0x390 [ 26.039918][ T1901] new_slab+0x98/0x430 [ 26.043970][ T1901] ___slab_alloc+0x2e0/0x450 [ 26.048535][ T1901] ? bpf_check+0x136/0xe7b0 [ 26.053011][ T1901] ? __should_failslab+0x90/0x160 [ 26.058045][ T1901] ? bpf_check+0x136/0xe7b0 [ 26.062610][ T1901] kmem_cache_alloc_trace+0x23f/0x2f0 [ 26.067958][ T1901] bpf_check+0x136/0xe7b0 [ 26.072262][ T1901] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.078216][ T1901] ? 0xffffffffa0008000 [ 26.082344][ T1901] ? is_bpf_text_address+0x2c8/0x2e0 [ 26.087601][ T1901] ? stack_trace_save+0x1e0/0x1e0 [ 26.092596][ T1901] ? __kernel_text_address+0x9a/0x110 [ 26.097947][ T1901] ? unwind_get_return_address+0x4c/0x90 [ 26.103562][ T1901] ? arch_stack_walk+0x98/0xe0 [ 26.108297][ T1901] ? stack_trace_save+0x111/0x1e0 [ 26.113305][ T1901] ? stack_trace_snprint+0x150/0x150 [ 26.118655][ T1901] ? stack_trace_snprint+0x150/0x150 [ 26.123912][ T1901] ? bpf_verifier_log_write+0x230/0x230 [ 26.129432][ T1901] ? __kasan_kmalloc+0x179/0x1b0 [ 26.134341][ T1901] ? __kasan_kmalloc+0x117/0x1b0 [ 26.139254][ T1901] ? kasan_kmalloc+0x9/0x10 [ 26.143736][ T1901] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 26.149184][ T1901] ? selinux_bpf_prog_alloc+0x51/0x150 [ 26.154704][ T1901] ? security_bpf_prog_alloc+0x50/0xb0 [ 26.160158][ T1901] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 26.164992][ T1901] ? __x64_sys_bpf+0x7a/0x90 [ 26.169569][ T1901] ? do_syscall_64+0xc0/0x100 [ 26.174224][ T1901] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.180278][ T1901] ? pcpu_block_refresh_hint+0x22f/0x370 [ 26.185883][ T1901] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 26.191924][ T1901] ? pcpu_alloc_area+0x7eb/0x940 [ 26.196837][ T1901] ? find_next_bit+0xd8/0x120 [ 26.201483][ T1901] ? cpumask_next+0x11/0x30 [ 26.205963][ T1901] ? __should_failslab+0x90/0x160 [ 26.210966][ T1901] ? selinux_bpf_prog_alloc+0x51/0x150 [ 26.216394][ T1901] ? kasan_kmalloc+0x9/0x10 [ 26.220868][ T1901] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 26.226297][ T1901] ? memset+0x31/0x40 [ 26.230251][ T1901] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 26.235336][ T1901] __do_sys_bpf+0x80a8/0xbbc0 [ 26.240281][ T1901] ? wp_page_copy+0xd24/0x10e0 [ 26.245116][ T1901] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.250781][ T1901] ? __rcu_read_lock+0x50/0x50 [ 26.255608][ T1901] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 26.261963][ T1901] ? __bpf_prog_put_rcu+0x350/0x350 [ 26.267250][ T1901] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 26.272787][ T1901] ? mem_cgroup_from_task+0x60/0x60 [ 26.277962][ T1901] ? __kasan_check_read+0x11/0x20 [ 26.282995][ T1901] ? __lru_cache_add+0x1ae/0x200 [ 26.288015][ T1901] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 26.295039][ T1901] ? _raw_spin_unlock+0x9/0x20 [ 26.299843][ T1901] ? handle_mm_fault+0xb2f/0x41c0 [ 26.305461][ T1901] ? alloc_file+0x84/0x4b0 [ 26.309987][ T1901] ? finish_fault+0x230/0x230 [ 26.314644][ T1901] ? __kasan_check_write+0x14/0x20 [ 26.319741][ T1901] ? __up_read+0x6f/0x1b0 [ 26.324168][ T1901] ? __down_read+0x240/0x240 [ 26.328760][ T1901] __x64_sys_bpf+0x7a/0x90 [ 26.333275][ T1901] do_syscall_64+0xc0/0x100 [ 26.337968][ T1901] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.343890][ T1901] RIP: 0033:0x4420f9 [ 26.347793][ T1901] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 26.367389][ T1901] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 26.375875][ T1901] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 26.383825][ T1901] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 26.391874][ T1901] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 26.399932][ T1901] R10: 0000000000000004 R11: 0000000000000246 R12: 000000000000630f executing program [ 26.407968][ T1901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.425452][ T1902] BUG: Bad page state in process syz-executor819 pfn:1d06f8 [ 26.433300][ T1902] page:ffffea000741be00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 26.442469][ T1902] flags: 0x8000000000000000() [ 26.448875][ T1902] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.457842][ T1902] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 26.466656][ T1902] page dumped because: nonzero _refcount [ 26.472495][ T1902] Modules linked in: [ 26.476401][ T1902] CPU: 0 PID: 1902 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 26.488619][ T1902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.498777][ T1902] Call Trace: [ 26.502074][ T1902] dump_stack+0x1b0/0x228 [ 26.506387][ T1902] ? is_module_text_address+0x130/0x130 [ 26.511974][ T1902] ? show_regs_print_info+0x18/0x18 [ 26.517358][ T1902] bad_page+0x262/0x290 [ 26.521495][ T1902] ? _raw_spin_lock+0x170/0x170 [ 26.526321][ T1902] ? is_free_buddy_page+0x190/0x190 [ 26.531507][ T1902] ? __kasan_check_read+0x11/0x20 [ 26.536571][ T1902] ? __zone_watermark_ok+0x9b/0x270 [ 26.541749][ T1902] get_page_from_freelist+0x505a/0x57e0 [ 26.547427][ T1902] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.553393][ T1902] ? 0xffffffffa0010000 [ 26.557534][ T1902] ? stack_trace_save+0x1e0/0x1e0 [ 26.562592][ T1902] ? __read_once_size_nocheck+0x10/0x10 [ 26.568111][ T1902] ? unwind_next_frame+0x415/0x870 [ 26.573194][ T1902] ? __alloc_pages_nodemask+0x3010/0x3010 [ 26.578885][ T1902] ? unwind_next_frame+0x415/0x870 [ 26.583979][ T1902] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 26.589930][ T1902] __alloc_pages_nodemask+0x44f/0x3010 [ 26.595370][ T1902] ? __kernel_text_address+0x9a/0x110 [ 26.600722][ T1902] ? arch_stack_walk+0x98/0xe0 [ 26.605459][ T1902] ? stack_trace_save+0x111/0x1e0 [ 26.610462][ T1902] ? stack_trace_snprint+0x150/0x150 [ 26.615719][ T1902] ? stack_trace_save+0x111/0x1e0 [ 26.620736][ T1902] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 26.626273][ T1902] ? stack_trace_snprint+0x150/0x150 [ 26.631554][ T1902] ? __kasan_kmalloc+0x179/0x1b0 [ 26.636468][ T1902] ? __kasan_kmalloc+0x117/0x1b0 [ 26.641391][ T1902] ? kasan_slab_alloc+0xe/0x10 [ 26.646153][ T1902] ? kmem_cache_alloc+0x120/0x2b0 [ 26.651250][ T1902] ? security_inode_alloc+0x36/0x1f0 [ 26.656532][ T1902] ? do_syscall_64+0xc0/0x100 [ 26.661183][ T1902] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.667229][ T1902] ? __kasan_kmalloc+0x117/0x1b0 [ 26.672133][ T1902] ? kasan_slab_alloc+0xe/0x10 [ 26.676881][ T1902] ? sock_alloc_inode+0x1b/0xc0 [ 26.681702][ T1902] ? new_inode_pseudo+0x68/0x240 [ 26.686624][ T1902] ? __sock_create+0x136/0x7b0 [ 26.691364][ T1902] ? __sys_socket+0x115/0x350 [ 26.696045][ T1902] ? __x64_sys_socket+0x7a/0x90 [ 26.700913][ T1902] alloc_slab_page+0x3f/0x390 [ 26.705578][ T1902] new_slab+0x98/0x430 [ 26.709627][ T1902] ? _raw_spin_lock+0x170/0x170 [ 26.714463][ T1902] ___slab_alloc+0x2e0/0x450 [ 26.719045][ T1902] ? sk_prot_alloc+0x11c/0x2f0 [ 26.723835][ T1902] ? __should_failslab+0x90/0x160 [ 26.728849][ T1902] ? sk_prot_alloc+0x11c/0x2f0 [ 26.733598][ T1902] __kmalloc+0x26d/0x310 [ 26.737827][ T1902] sk_prot_alloc+0x11c/0x2f0 [ 26.742397][ T1902] sk_alloc+0x35/0x300 [ 26.746440][ T1902] netlink_create+0x3ce/0x630 [ 26.751104][ T1902] ? rtnetlink_rcv+0x20/0x20 [ 26.755665][ T1902] __sock_create+0x3c6/0x7b0 [ 26.760227][ T1902] __sys_socket+0x115/0x350 [ 26.764877][ T1902] ? sock_create_kern+0x50/0x50 [ 26.769732][ T1902] ? __kasan_check_read+0x11/0x20 [ 26.774730][ T1902] __x64_sys_socket+0x7a/0x90 [ 26.779390][ T1902] do_syscall_64+0xc0/0x100 [ 26.783865][ T1902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 26.789736][ T1902] RIP: 0033:0x4420f9 [ 26.793602][ T1902] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 executing program executing program [ 26.813333][ T1902] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 26.821736][ T1902] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 26.829682][ T1902] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000010 [ 26.837622][ T1902] RBP: 0000000000000000 R08: 0000000000000004 R09: 00000000bb1414ac [ 26.845585][ T1902] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000064e8 [ 26.853662][ T1902] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.867631][ T1904] BUG: Bad page state in process syz-executor819 pfn:1d0770 [ 26.875110][ T1904] page:ffffea000741dc00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 26.884299][ T1904] flags: 0x8000000000000000() [ 26.889010][ T1904] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 26.897636][ T1904] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 26.906199][ T1904] page dumped because: nonzero _refcount [ 26.911800][ T1904] Modules linked in: [ 26.915750][ T1904] CPU: 0 PID: 1904 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 26.927267][ T1904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.937300][ T1904] Call Trace: [ 26.940585][ T1904] dump_stack+0x1b0/0x228 [ 26.944961][ T1904] ? is_module_text_address+0x130/0x130 [ 26.950487][ T1904] ? show_regs_print_info+0x18/0x18 [ 26.955668][ T1904] bad_page+0x262/0x290 [ 26.959801][ T1904] ? _raw_spin_lock+0x170/0x170 [ 26.964628][ T1904] ? is_free_buddy_page+0x190/0x190 [ 26.969799][ T1904] ? __kasan_check_read+0x11/0x20 [ 26.974792][ T1904] ? __zone_watermark_ok+0x9b/0x270 [ 26.980007][ T1904] get_page_from_freelist+0x505a/0x57e0 [ 26.985533][ T1904] ? __read_once_size_nocheck+0x10/0x10 [ 26.991047][ T1904] ? unwind_next_frame+0x415/0x870 [ 26.996171][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.001033][ T1904] ? unwind_next_frame+0x415/0x870 [ 27.006119][ T1904] ? __alloc_pages_nodemask+0x3010/0x3010 [ 27.011811][ T1904] ? 0xffffffffa0020000 [ 27.015941][ T1904] __alloc_pages_nodemask+0x44f/0x3010 [ 27.021376][ T1904] ? __kasan_check_read+0x11/0x20 [ 27.026375][ T1904] ? prep_new_page+0x13a/0x3a0 [ 27.031113][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.036690][ T1904] ? get_page_from_freelist+0x5426/0x57e0 [ 27.042437][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.047201][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.053193][ T1904] alloc_slab_page+0x3f/0x390 [ 27.057847][ T1904] new_slab+0x98/0x430 [ 27.061888][ T1904] ___slab_alloc+0x2e0/0x450 [ 27.066479][ T1904] ? bpf_check+0x136/0xe7b0 [ 27.071014][ T1904] ? __should_failslab+0x90/0x160 [ 27.076013][ T1904] ? bpf_check+0x136/0xe7b0 [ 27.080498][ T1904] kmem_cache_alloc_trace+0x23f/0x2f0 [ 27.085848][ T1904] bpf_check+0x136/0xe7b0 [ 27.090202][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.096416][ T1904] ? 0xffffffffa0020000 [ 27.100706][ T1904] ? is_bpf_text_address+0x2c8/0x2e0 [ 27.105993][ T1904] ? stack_trace_save+0x1e0/0x1e0 [ 27.110998][ T1904] ? __kernel_text_address+0x9a/0x110 [ 27.116345][ T1904] ? unwind_get_return_address+0x4c/0x90 [ 27.121972][ T1904] ? arch_stack_walk+0x98/0xe0 [ 27.126717][ T1904] ? stack_trace_save+0x111/0x1e0 [ 27.131730][ T1904] ? stack_trace_snprint+0x150/0x150 [ 27.136985][ T1904] ? stack_trace_snprint+0x150/0x150 [ 27.142240][ T1904] ? bpf_verifier_log_write+0x230/0x230 [ 27.147767][ T1904] ? __kasan_kmalloc+0x179/0x1b0 [ 27.153655][ T1904] ? __kasan_kmalloc+0x117/0x1b0 [ 27.158634][ T1904] ? kasan_kmalloc+0x9/0x10 [ 27.163140][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 27.168583][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 27.174012][ T1904] ? security_bpf_prog_alloc+0x50/0xb0 [ 27.179756][ T1904] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 27.184582][ T1904] ? __x64_sys_bpf+0x7a/0x90 [ 27.189183][ T1904] ? do_syscall_64+0xc0/0x100 [ 27.193836][ T1904] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.199879][ T1904] ? pcpu_block_refresh_hint+0x22f/0x370 [ 27.205537][ T1904] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 27.211701][ T1904] ? pcpu_alloc_area+0x7eb/0x940 [ 27.216628][ T1904] ? find_next_bit+0xd8/0x120 [ 27.221286][ T1904] ? cpumask_next+0x11/0x30 [ 27.225766][ T1904] ? __should_failslab+0x90/0x160 [ 27.230826][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 27.236278][ T1904] ? kasan_kmalloc+0x9/0x10 [ 27.240895][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 27.246352][ T1904] ? memset+0x31/0x40 [ 27.250352][ T1904] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 27.255439][ T1904] __do_sys_bpf+0x80a8/0xbbc0 [ 27.260104][ T1904] ? wp_page_copy+0xd24/0x10e0 [ 27.264842][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.270618][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.275355][ T1904] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 27.281133][ T1904] ? __bpf_prog_put_rcu+0x350/0x350 [ 27.286328][ T1904] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 27.291878][ T1904] ? mem_cgroup_from_task+0x60/0x60 [ 27.297068][ T1904] ? __kasan_check_read+0x11/0x20 [ 27.302076][ T1904] ? __lru_cache_add+0x1ae/0x200 [ 27.307073][ T1904] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 27.313643][ T1904] ? _raw_spin_unlock+0x9/0x20 [ 27.318402][ T1904] ? handle_mm_fault+0xb2f/0x41c0 [ 27.323447][ T1904] ? alloc_file+0x84/0x4b0 [ 27.327936][ T1904] ? finish_fault+0x230/0x230 [ 27.332589][ T1904] ? __kasan_check_write+0x14/0x20 [ 27.337673][ T1904] ? __up_read+0x6f/0x1b0 [ 27.341975][ T1904] ? __down_read+0x240/0x240 [ 27.346542][ T1904] __x64_sys_bpf+0x7a/0x90 [ 27.350943][ T1904] do_syscall_64+0xc0/0x100 [ 27.355417][ T1904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.361321][ T1904] RIP: 0033:0x4420f9 [ 27.365186][ T1904] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.384850][ T1904] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 27.393238][ T1904] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 27.401218][ T1904] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 27.409173][ T1904] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 27.417115][ T1904] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000000068e0 [ 27.425057][ T1904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.433018][ T1904] BUG: Bad page state in process syz-executor819 pfn:1cfd38 [ 27.440361][ T1904] page:ffffea00073f4e00 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 27.449534][ T1904] flags: 0x8000000000000000() [ 27.454202][ T1904] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 27.463040][ T1904] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 27.471601][ T1904] page dumped because: nonzero _refcount [ 27.477208][ T1904] Modules linked in: [ 27.481094][ T1904] CPU: 0 PID: 1904 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 27.492605][ T1904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.502737][ T1904] Call Trace: [ 27.506036][ T1904] dump_stack+0x1b0/0x228 [ 27.510349][ T1904] ? is_module_text_address+0x130/0x130 [ 27.515874][ T1904] ? show_regs_print_info+0x18/0x18 [ 27.521048][ T1904] bad_page+0x262/0x290 [ 27.525204][ T1904] ? _raw_spin_lock+0x170/0x170 [ 27.530046][ T1904] ? is_free_buddy_page+0x190/0x190 [ 27.535232][ T1904] ? __kasan_check_read+0x11/0x20 [ 27.540229][ T1904] ? __zone_watermark_ok+0x9b/0x270 [ 27.545444][ T1904] get_page_from_freelist+0x505a/0x57e0 [ 27.550983][ T1904] ? __read_once_size_nocheck+0x10/0x10 [ 27.556509][ T1904] ? unwind_next_frame+0x415/0x870 [ 27.561613][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.566379][ T1904] ? unwind_next_frame+0x415/0x870 [ 27.571470][ T1904] ? __alloc_pages_nodemask+0x3010/0x3010 [ 27.577167][ T1904] ? 0xffffffffa0020000 [ 27.581310][ T1904] __alloc_pages_nodemask+0x44f/0x3010 [ 27.586750][ T1904] ? __kasan_check_read+0x11/0x20 [ 27.592026][ T1904] ? prep_new_page+0x13a/0x3a0 [ 27.596776][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.602300][ T1904] ? get_page_from_freelist+0x5426/0x57e0 [ 27.608096][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.612846][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.618830][ T1904] alloc_slab_page+0x3f/0x390 [ 27.623688][ T1904] new_slab+0x98/0x430 [ 27.627749][ T1904] ___slab_alloc+0x2e0/0x450 [ 27.632339][ T1904] ? bpf_check+0x136/0xe7b0 [ 27.636833][ T1904] ? __should_failslab+0x90/0x160 [ 27.641841][ T1904] ? bpf_check+0x136/0xe7b0 [ 27.646336][ T1904] kmem_cache_alloc_trace+0x23f/0x2f0 [ 27.651683][ T1904] bpf_check+0x136/0xe7b0 [ 27.655993][ T1904] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 27.661951][ T1904] ? 0xffffffffa0020000 [ 27.666213][ T1904] ? is_bpf_text_address+0x2c8/0x2e0 [ 27.671564][ T1904] ? stack_trace_save+0x1e0/0x1e0 [ 27.676576][ T1904] ? __kernel_text_address+0x9a/0x110 [ 27.681931][ T1904] ? unwind_get_return_address+0x4c/0x90 [ 27.687539][ T1904] ? arch_stack_walk+0x98/0xe0 [ 27.692272][ T1904] ? stack_trace_save+0x111/0x1e0 [ 27.697941][ T1904] ? stack_trace_snprint+0x150/0x150 [ 27.703204][ T1904] ? stack_trace_snprint+0x150/0x150 [ 27.708483][ T1904] ? bpf_verifier_log_write+0x230/0x230 [ 27.714011][ T1904] ? __kasan_kmalloc+0x179/0x1b0 [ 27.718966][ T1904] ? __kasan_kmalloc+0x117/0x1b0 [ 27.723879][ T1904] ? kasan_kmalloc+0x9/0x10 [ 27.728388][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 27.733969][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 27.739421][ T1904] ? security_bpf_prog_alloc+0x50/0xb0 [ 27.744877][ T1904] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 27.749703][ T1904] ? __x64_sys_bpf+0x7a/0x90 [ 27.754265][ T1904] ? do_syscall_64+0xc0/0x100 [ 27.758959][ T1904] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.765014][ T1904] ? pcpu_block_refresh_hint+0x22f/0x370 [ 27.770619][ T1904] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 27.776657][ T1904] ? pcpu_alloc_area+0x7eb/0x940 [ 27.781569][ T1904] ? find_next_bit+0xd8/0x120 [ 27.786232][ T1904] ? cpumask_next+0x11/0x30 [ 27.790712][ T1904] ? __should_failslab+0x90/0x160 [ 27.796077][ T1904] ? selinux_bpf_prog_alloc+0x51/0x150 [ 27.802198][ T1904] ? kasan_kmalloc+0x9/0x10 [ 27.807788][ T1904] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 27.815499][ T1904] ? memset+0x31/0x40 [ 27.819470][ T1904] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 27.824566][ T1904] __do_sys_bpf+0x80a8/0xbbc0 [ 27.829656][ T1904] ? wp_page_copy+0xd24/0x10e0 [ 27.834572][ T1904] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 27.840629][ T1904] ? __rcu_read_lock+0x50/0x50 [ 27.845656][ T1904] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 27.851714][ T1904] ? __bpf_prog_put_rcu+0x350/0x350 [ 27.856890][ T1904] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 27.862429][ T1904] ? mem_cgroup_from_task+0x60/0x60 [ 27.867945][ T1904] ? __kasan_check_read+0x11/0x20 [ 27.873164][ T1904] ? __lru_cache_add+0x1ae/0x200 [ 27.878249][ T1904] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 27.884881][ T1904] ? _raw_spin_unlock+0x9/0x20 [ 27.889715][ T1904] ? handle_mm_fault+0xb2f/0x41c0 [ 27.894719][ T1904] ? alloc_file+0x84/0x4b0 [ 27.899317][ T1904] ? finish_fault+0x230/0x230 [ 27.903978][ T1904] ? __kasan_check_write+0x14/0x20 [ 27.909079][ T1904] ? __up_read+0x6f/0x1b0 [ 27.913382][ T1904] ? __down_read+0x240/0x240 [ 27.917962][ T1904] __x64_sys_bpf+0x7a/0x90 [ 27.922439][ T1904] do_syscall_64+0xc0/0x100 [ 27.926932][ T1904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 27.932811][ T1904] RIP: 0033:0x4420f9 [ 27.936799][ T1904] Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 27.957163][ T1904] RSP: 002b:00007fff71db0e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 executing program [ 27.967044][ T1904] RAX: ffffffffffffffda RBX: 00007fff71db0e50 RCX: 00000000004420f9 [ 27.975212][ T1904] RDX: 0000000000000070 RSI: 0000000020000180 RDI: 0000000000000005 [ 27.983364][ T1904] RBP: 0000000000000000 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 27.991607][ T1904] R10: 0000000000000004 R11: 0000000000000246 R12: 00000000000068e0 [ 27.999656][ T1904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 28.011533][ T1905] BUG: Bad page state in process syz-executor819 pfn:1cfd88 [ 28.018994][ T1905] page:ffffea00073f6200 refcount:-1 mapcount:0 mapping:0000000000000000 index:0x0 [ 28.028408][ T1905] flags: 0x8000000000000000() [ 28.033094][ T1905] raw: 8000000000000000 dead000000000100 dead000000000122 0000000000000000 [ 28.041665][ T1905] raw: 0000000000000000 0000000000000000 ffffffffffffffff 0000000000000000 [ 28.050484][ T1905] page dumped because: nonzero _refcount [ 28.056089][ T1905] Modules linked in: [ 28.060016][ T1905] CPU: 1 PID: 1905 Comm: syz-executor819 Tainted: G B W 5.4.24-syzkaller-00181-g3334f0da669e #0 [ 28.071612][ T1905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.081740][ T1905] Call Trace: [ 28.085016][ T1905] dump_stack+0x1b0/0x228 [ 28.089347][ T1905] ? is_module_text_address+0x130/0x130 [ 28.094958][ T1905] ? show_regs_print_info+0x18/0x18 [ 28.100503][ T1905] bad_page+0x262/0x290 [ 28.104638][ T1905] ? _raw_spin_lock+0x170/0x170 [ 28.109473][ T1905] ? is_free_buddy_page+0x190/0x190 [ 28.115303][ T1905] ? __kasan_check_read+0x11/0x20 [ 28.121247][ T1905] ? __zone_watermark_ok+0x9b/0x270 [ 28.127314][ T1905] get_page_from_freelist+0x505a/0x57e0 [ 28.132938][ T1905] ? __read_once_size_nocheck+0x10/0x10 [ 28.138460][ T1905] ? unwind_next_frame+0x415/0x870 [ 28.143549][ T1905] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 28.149601][ T1905] ? __alloc_pages_nodemask+0x3010/0x3010 [ 28.156092][ T1905] ? 0xffffffffa0008000 [ 28.161104][ T1905] __alloc_pages_nodemask+0x44f/0x3010 [ 28.166633][ T1905] ? unwind_get_return_address+0x4c/0x90 [ 28.172246][ T1905] ? stack_trace_save+0x111/0x1e0 [ 28.177249][ T1905] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 28.182772][ T1905] ? __kasan_kmalloc+0x179/0x1b0 [ 28.187723][ T1905] ? __kasan_kmalloc+0x117/0x1b0 [ 28.192647][ T1905] ? kasan_kmalloc+0x9/0x10 [ 28.197129][ T1905] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 28.202650][ T1905] ? do_check+0x16c/0x249b0 [ 28.207214][ T1905] ? bpf_check+0x4063/0xe7b0 [ 28.211881][ T1905] ? __do_sys_bpf+0x80a8/0xbbc0 [ 28.216724][ T1905] ? __x64_sys_bpf+0x7a/0x90 [ 28.221295][ T1905] ? do_syscall_64+0xc0/0x100 [ 28.225949][ T1905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.232099][ T1905] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 28.238251][ T1905] ? 0xffffffffa0008000 [ 28.242665][ T1905] alloc_slab_page+0x3f/0x390 [ 28.248726][ T1905] new_slab+0x98/0x430 [ 28.253149][ T1905] ___slab_alloc+0x2e0/0x450 [ 28.257838][ T1905] ? do_check+0x223/0x249b0 [ 28.262319][ T1905] ? __should_failslab+0x90/0x160 [ 28.267349][ T1905] ? do_check+0x223/0x249b0 [ 28.272367][ T1905] kmem_cache_alloc_trace+0x23f/0x2f0 [ 28.277744][ T1905] do_check+0x223/0x249b0 [ 28.282154][ T1905] ? is_bpf_text_address+0x2c8/0x2e0 [ 28.287422][ T1905] ? stack_trace_save+0x1e0/0x1e0 [ 28.292435][ T1905] ? __kernel_text_address+0x9a/0x110 [ 28.297787][ T1905] ? unwind_get_return_address+0x4c/0x90 [ 28.303405][ T1905] ? arch_stack_walk+0x98/0xe0 [ 28.310080][ T1905] ? stack_trace_save+0x111/0x1e0 [ 28.315568][ T1905] ? stack_trace_snprint+0x150/0x150 [ 28.321463][ T1905] ? stack_trace_snprint+0x150/0x150 [ 28.327014][ T1905] ? kvfree+0x47/0x50 [ 28.330977][ T1905] ? __kasan_slab_free+0x1e2/0x220 [ 28.336551][ T1905] ? __kasan_slab_free+0x168/0x220 [ 28.341908][ T1905] ? kasan_slab_free+0xe/0x10 [ 28.347011][ T1905] ? kvfree+0x47/0x50 [ 28.351411][ T1905] ? bpf_check+0x4032/0xe7b0 [ 28.355997][ T1905] ? __do_sys_bpf+0x80a8/0xbbc0 [ 28.360922][ T1905] ? __x64_sys_bpf+0x7a/0x90 [ 28.365503][ T1905] ? do_syscall_64+0xc0/0x100 [ 28.370169][ T1905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.376221][ T1905] ? do_syscall_64+0xc0/0x100 [ 28.381067][ T1905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.387216][ T1905] ? __vunmap+0x8f2/0x990 [ 28.391545][ T1905] ? bpf_check+0xe7b0/0xe7b0 [ 28.396158][ T1905] ? vfree+0x62/0xf0 [ 28.400391][ T1905] ? bpf_prog_calc_tag+0x726/0x950 [ 28.405484][ T1905] ? sort_r+0x76/0x1120 [ 28.409714][ T1905] ? __bpf_prog_free+0xa0/0xa0 [ 28.414463][ T1905] ? kasan_slab_free+0xe/0x10 [ 28.419215][ T1905] ? kfree+0x170/0x6d0 [ 28.423392][ T1905] ? kvfree+0x47/0x50 [ 28.427557][ T1905] bpf_check+0x4063/0xe7b0 [ 28.432611][ T1905] ? is_bpf_text_address+0x2c8/0x2e0 [ 28.438004][ T1905] ? stack_trace_save+0x1e0/0x1e0 [ 28.443196][ T1905] ? __kernel_text_address+0x9a/0x110 [ 28.448738][ T1905] ? arch_stack_walk+0x98/0xe0 [ 28.453492][ T1905] ? stack_trace_save+0x111/0x1e0 [ 28.459116][ T1905] ? stack_trace_snprint+0x150/0x150 [ 28.464674][ T1905] ? bpf_verifier_log_write+0x230/0x230 [ 28.470705][ T1905] ? __kasan_kmalloc+0x179/0x1b0 [ 28.475797][ T1905] ? __kasan_kmalloc+0x117/0x1b0 [ 28.480723][ T1905] ? kasan_kmalloc+0x9/0x10 [ 28.485204][ T1905] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 28.490921][ T1905] ? selinux_bpf_prog_alloc+0x51/0x150 [ 28.496617][ T1905] ? security_bpf_prog_alloc+0x50/0xb0 [ 28.502666][ T1905] ? __do_sys_bpf+0x5ce0/0xbbc0 [ 28.508265][ T1905] ? __x64_sys_bpf+0x7a/0x90 [ 28.512941][ T1905] ? do_syscall_64+0xc0/0x100 [ 28.517693][ T1905] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.523752][ T1905] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 28.529274][ T1905] ? pcpu_next_fit_region+0x64e/0x7d0 [ 28.534913][ T1905] ? pcpu_block_update_hint_alloc+0x977/0xcf0 [ 28.541594][ T1905] ? pcpu_alloc_area+0x7eb/0x940 [ 28.547643][ T1905] ? find_next_bit+0xd8/0x120 [ 28.552482][ T1905] ? cpumask_next+0x11/0x30 [ 28.556965][ T1905] ? __should_failslab+0x90/0x160 [ 28.562311][ T1905] ? selinux_bpf_prog_alloc+0x51/0x150 [ 28.567742][ T1905] ? kasan_kmalloc+0x9/0x10 [ 28.573648][ T1905] ? kmem_cache_alloc_trace+0xe2/0x2f0 [ 28.579168][ T1905] ? memset+0x31/0x40 [ 28.583249][ T1905] ? bpf_obj_name_cpy+0x9a9/0x1400 [ 28.588501][ T1905] __do_sys_bpf+0x80a8/0xbbc0 [ 28.594605][ T1905] ? wp_page_copy+0xd24/0x10e0 [ 28.599468][ T1905] ? gfp_pfmemalloc_allowed+0x140/0x140 [ 28.605240][ T1905] ? __rcu_read_lock+0x50/0x50 [ 28.610596][ T1905] ? __memcg_kmem_charge_memcg+0x340/0x340 [ 28.616735][ T1905] ? __bpf_prog_put_rcu+0x350/0x350 [ 28.621916][ T1905] ? get_mem_cgroup_from_mm+0x2b2/0x330 [ 28.627698][ T1905] ? mem_cgroup_from_task+0x60/0x60 [ 28.633308][ T1905] ? __kasan_check_read+0x11/0x20 [ 28.638399][ T1905] ? __lru_cache_add+0x1ae/0x200 [ 28.643334][ T1905] ? lru_cache_add_active_or_unevictable+0xa6/0x120 [ 28.652341][ T1905] ? _raw_spin_unlock+0x9/0x20 [ 28.657169][ T1905] ? handle_mm_fault+0xb2f/0x41c0 [ 28.662957][ T1905] ? alloc_file+0x84/0x4b0 [ 28.667361][ T1905] ? finish_fault+0x230/0x230 [ 28.672136][ T1905] ? __kasan_check_write+0x14/0x20 [ 28.677248][ T1905] ? __up_read+0x6f/0x1b0 [ 28.682129][ T1905] ? __down_read+0x240/0x240 [ 28.686857][ T1905] __x64_sys_bpf+0x7a/0x90 [ 28.691544][ T1905] do_syscall_64+0xc0/0x100 [ 28.696361][ T1905] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 28.702328][ T1905] RIP: 0033:0x4420f9