INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.15.202' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 34.828062] BUG: Bad page state in process syzkaller412798 pfn:1bdc00 [ 34.832840] BUG: Bad page state in process syzkaller412798 pfn:1bd800 [ 34.832846] page:ffffea0006f60000 count:0 mapcount:0 mapping: (null) index:0x20a00 [ 34.832853] flags: 0x200000000040019(locked|uptodate|dirty|swapbacked) [ 34.832860] raw: 0200000000040019 0000000000000000 0000000000020a00 00000000ffffffff [ 34.832864] raw: ffffea0006f60020 ffffea0006f60020 0000000000000000 0000000000000000 [ 34.832867] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 34.832869] bad because of flags: 0x1(locked) [ 34.832870] Modules linked in: [ 34.832878] CPU: 1 PID: 3037 Comm: syzkaller412798 Not tainted 4.13.0-rc5+ #35 [ 34.832881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.832883] Call Trace: [ 34.832897] dump_stack+0x194/0x257 [ 34.832909] ? arch_local_irq_restore+0x53/0x53 [ 34.832916] ? split_huge_page_to_list+0xab8/0x16c0 [ 34.832933] bad_page+0x230/0x2b0 [ 34.832940] ? si_mem_available+0x590/0x590 [ 34.832948] ? check_noncircular+0x20/0x20 [ 34.832954] ? __page_cache_release+0x750/0xd30 [ 34.832960] ? lock_downgrade+0x990/0x990 [ 34.832964] ? do_raw_spin_trylock+0x190/0x190 [ 34.832972] ? do_raw_spin_trylock+0x190/0x190 [ 34.832981] free_pages_check_bad+0x1f0/0x2e0 [ 34.832986] ? mem_cgroup_uncharge+0xfd/0x150 [ 34.832992] ? bad_page+0x2b0/0x2b0 executing program executing program executing program executing program [ 34.832999] ? __lock_is_held+0xb6/0x140 [ 34.833017] free_hot_cold_page+0x8cf/0x12b0 [ 34.833022] ? pagevec_move_tail_fn+0x1210/0x1210 [ 34.833031] ? mark_free_pages+0x350/0x350 [ 34.833039] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.833049] ? check_noncircular+0x20/0x20 [ 34.833052] ? pagevec_lru_move_fn+0x1cd/0x260 [ 34.833061] ? kvfree+0x60/0x60 [ 34.833073] ? deactivate_file_page+0x4b0/0x4b0 [ 34.833086] ? find_held_lock+0x35/0x1d0 [ 34.833101] ? madvise_free_pte_range+0xa68/0x1ec0 executing program executing program executing program executing program executing program executing program executing program [ 34.833107] ? lock_downgrade+0x990/0x990 [ 34.833112] ? madvise_free_single_vma+0x580/0x580 [ 34.833119] ? do_raw_spin_trylock+0x190/0x190 [ 34.833127] __put_page+0xfb/0x160 [ 34.833132] ? __lru_cache_add+0x410/0x410 [ 34.833137] ? check_same_owner+0x320/0x320 [ 34.833152] madvise_free_pte_range+0x137a/0x1ec0 [ 34.833168] ? madvise_willneed+0x960/0x960 [ 34.833177] ? find_held_lock+0x35/0x1d0 [ 34.833189] ? __free_pages_ok+0x1241/0x3150 [ 34.833194] ? lock_downgrade+0x990/0x990 [ 34.833203] ? do_raw_spin_trylock+0x190/0x190 [ 34.833216] ? __free_pages_ok+0x718/0x3150 [ 34.833225] ? print_usage_bug+0x480/0x480 [ 34.833231] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 34.833236] ? trace_hardirqs_on+0xd/0x10 [ 34.833242] ? print_usage_bug+0x480/0x480 [ 34.833261] ? drain_local_pages_wq+0x20/0x20 [ 34.833274] ? print_usage_bug+0x480/0x480 [ 34.833308] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 34.833321] ? debug_check_no_locks_freed+0x3c0/0x3c0 executing program executing program executing program executing program executing program executing program executing program [ 34.833328] ? madvise_willneed+0x960/0x960 [ 34.833335] __walk_page_range+0xc3a/0x1450 [ 34.833353] ? walk_page_test+0x130/0x130 [ 34.833358] ? vmacache_find+0x61/0x270 [ 34.833367] ? walk_page_test+0x5c/0x130 [ 34.833375] walk_page_range+0x200/0x470 [ 34.833384] ? __walk_page_range+0x1450/0x1450 [ 34.833399] madvise_free_page_range.isra.9+0x17d/0x230 [ 34.833408] ? SyS_fadvise64+0x5f0/0x5f0 [ 34.833413] ? madvise_willneed+0x960/0x960 [ 34.833424] ? arch_tlb_gather_mmu+0x2e8/0x3a0 executing program executing program [ 34.833436] madvise_free_single_vma+0x353/0x580 [ 34.833440] ? lock_acquire+0x1d5/0x580 [ 34.833448] ? madvise_free_page_range.isra.9+0x230/0x230 [ 34.833457] ? lock_release+0xa40/0xa40 [ 34.833464] ? kprobe_flush_task+0x1a3/0x5d0 [ 34.833472] ? blk_start_plug+0xbb/0x370 [ 34.833479] ? blk_lld_busy+0x60/0x60 [ 34.833488] ? userfaultfd_remove+0x102/0x220 [ 34.833498] ? vmacache_update+0xfe/0x130 [ 34.833504] ? find_vma+0x30/0x150 [ 34.833517] SyS_madvise+0x7d3/0x13c0 [ 34.833523] ? __free_pages+0xd8/0x150 executing program executing program executing program executing program executing program [ 34.833538] ? madvise_free_pte_range+0x1ec0/0x1ec0 [ 34.833550] ? syscall_return_slowpath+0x22f/0x450 [ 34.833556] ? prepare_exit_to_usermode+0x220/0x220 [ 34.833569] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 34.833580] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 34.833584] RIP: 0033:0x445799 [ 34.833586] RSP: 002b:00007f1aa0afadc8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 34.833591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445799 executing program executing program executing program executing program executing program executing program executing program [ 34.833593] RDX: 0000010200000008 RSI: 0000000000400000 RDI: 000000002092d000 [ 34.833596] RBP: 0000000000000086 R08: 00007f1aa0afb700 R09: 00007f1aa0afb700 [ 34.833598] R10: 00007f1aa0afb700 R11: 0000000000000246 R12: 0000000000000000 [ 34.833601] R13: 00007ffcf5b74fef R14: 00007f1aa0afb9c0 R15: 0000000000000000 [ 34.833605] ? entry_SYSCALL_64_fastpath+0x1f/0xbe [ 34.833652] Disabling lock debugging due to kernel taint [ 35.212545] page:ffffea0006f70000 count:0 mapcount:0 mapping: (null) index:0x20a00 executing program executing program executing program executing program executing program executing program executing program [ 35.223883] flags: 0x200000000040019(locked|uptodate|dirty|swapbacked) [ 35.236672] raw: 0200000000040019 0000000000000000 0000000000020a00 00000000ffffffff [ 35.249279] raw: ffffea0006f70020 ffffea0006f70020 0000000000000000 0000000000000000 [ 35.259951] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 35.266663] bad because of flags: 0x1(locked) [ 35.271170] Modules linked in: executing program executing program executing program executing program executing program executing program [ 35.274346] CPU: 0 PID: 3026 Comm: syzkaller412798 Tainted: G B 4.13.0-rc5+ #35 [ 35.282884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.292218] Call Trace: [ 35.294778] dump_stack+0x194/0x257 [ 35.298372] ? arch_local_irq_restore+0x53/0x53 [ 35.303017] ? split_huge_page_to_list+0xab8/0x16c0 [ 35.308005] bad_page+0x230/0x2b0 [ 35.311424] ? si_mem_available+0x590/0x590 [ 35.315715] ? check_noncircular+0x20/0x20 [ 35.319916] ? __page_cache_release+0x750/0xd30 [ 35.324553] ? lock_downgrade+0x990/0x990 [ 35.328697] ? do_raw_spin_trylock+0x190/0x190 [ 35.333242] ? do_raw_spin_trylock+0x190/0x190 [ 35.337792] free_pages_check_bad+0x1f0/0x2e0 [ 35.342254] ? mem_cgroup_uncharge+0xfd/0x150 [ 35.346717] ? bad_page+0x2b0/0x2b0 [ 35.350315] ? __lock_is_held+0xb6/0x140 [ 35.354349] free_hot_cold_page+0x8cf/0x12b0 [ 35.358722] ? pagevec_move_tail_fn+0x1210/0x1210 [ 35.363534] ? mark_free_pages+0x350/0x350 [ 35.367743] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.372727] ? check_noncircular+0x20/0x20 executing program executing program executing program executing program executing program executing program [ 35.376926] ? pagevec_lru_move_fn+0x1cd/0x260 [ 35.381473] ? kvfree+0x60/0x60 [ 35.384721] ? deactivate_file_page+0x4b0/0x4b0 [ 35.389356] ? find_held_lock+0x35/0x1d0 [ 35.393385] ? madvise_free_pte_range+0xa68/0x1ec0 [ 35.398289] ? lock_downgrade+0x990/0x990 [ 35.402403] ? madvise_free_single_vma+0x580/0x580 [ 35.407297] ? do_raw_spin_trylock+0x190/0x190 [ 35.411848] __put_page+0xfb/0x160 [ 35.415351] ? __lru_cache_add+0x410/0x410 [ 35.419550] ? check_same_owner+0x320/0x320 [ 35.423843] madvise_free_pte_range+0x137a/0x1ec0 [ 35.428658] ? madvise_willneed+0x960/0x960 [ 35.432949] ? find_held_lock+0x35/0x1d0 [ 35.437015] ? __free_pages_ok+0x1241/0x3150 [ 35.441389] ? lock_downgrade+0x990/0x990 [ 35.445504] ? do_raw_spin_trylock+0x190/0x190 [ 35.450058] ? __free_pages_ok+0x718/0x3150 [ 35.454347] ? print_usage_bug+0x480/0x480 [ 35.458544] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.463522] ? trace_hardirqs_on+0xd/0x10 [ 35.467633] ? print_usage_bug+0x480/0x480 [ 35.471850] ? drain_local_pages_wq+0x20/0x20 [ 35.476314] ? print_usage_bug+0x480/0x480 [ 35.480529] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.485688] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.490847] ? madvise_willneed+0x960/0x960 [ 35.495134] __walk_page_range+0xc3a/0x1450 [ 35.499426] ? walk_page_test+0x130/0x130 [ 35.503540] ? vmacache_find+0x61/0x270 [ 35.507480] ? walk_page_test+0x5c/0x130 [ 35.511592] walk_page_range+0x200/0x470 [ 35.515620] ? __walk_page_range+0x1450/0x1450 [ 35.520172] madvise_free_page_range.isra.9+0x17d/0x230 [ 35.525502] ? SyS_fadvise64+0x5f0/0x5f0 [ 35.529530] ? madvise_willneed+0x960/0x960 [ 35.533829] ? arch_tlb_gather_mmu+0x2e8/0x3a0 [ 35.538382] madvise_free_single_vma+0x353/0x580 [ 35.543105] ? lock_acquire+0x1d5/0x580 [ 35.547047] ? madvise_free_page_range.isra.9+0x230/0x230 [ 35.552552] ? lock_release+0xa40/0xa40 [ 35.556493] ? kprobe_flush_task+0x1a3/0x5d0 [ 35.560868] ? blk_start_plug+0xbb/0x370 [ 35.564894] ? blk_lld_busy+0x60/0x60 [ 35.568664] ? userfaultfd_remove+0x102/0x220 [ 35.573128] ? vmacache_update+0xfe/0x130 [ 35.577240] ? find_vma+0x30/0x150 [ 35.580749] SyS_madvise+0x7d3/0x13c0 [ 35.584529] ? __free_pages+0xd8/0x150 [ 35.588384] ? madvise_free_pte_range+0x1ec0/0x1ec0 [ 35.593483] ? syscall_return_slowpath+0x22f/0x450 [ 35.598376] ? prepare_exit_to_usermode+0x220/0x220 [ 35.603362] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.608088] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 35.612808] RIP: 0033:0x445799 [ 35.615964] RSP: 002b:00007f1aa0afadc8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 35.623645] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445799 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 35.630878] RDX: 0000010200000008 RSI: 0000000000400000 RDI: 000000002092d000 [ 35.638112] RBP: 0000000000000086 R08: 00007f1aa0afb700 R09: 00007f1aa0afb700 [ 35.645353] R10: 00007f1aa0afb700 R11: 0000000000000246 R12: 0000000000000000 [ 35.652588] R13: 00007ffcf5b74fef R14: 00007f1aa0afb9c0 R15: 0000000000000000 [ 35.659832] ? entry_SYSCALL_64_fastpath+0x1f/0xbe executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program