syzbot


BUG: Bad page map (4)

Status: auto-closed as invalid on 2022/04/02 04:25
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+5f10718b9688f3ce609e@syzkaller.appspotmail.com
First crash: 1477d, last: 837d
Discussions (1)
Title Replies (including bot) Last reply
BUG: Bad page map (4) 0 (1) 2020/03/06 17:24
Similar bugs (14)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: Bad page map 1 377d 377d 0/2 auto-obsoleted due to no activity on 2023/06/05 15:46
linux-4.19 BUG: Bad page map (3) 1 609d 609d 0/1 auto-obsoleted due to no activity on 2022/11/15 21:40
upstream BUG: Bad page map (5) mm io-uring C 35 430d 688d 22/26 fixed on 2023/02/24 13:50
linux-4.19 BUG: Bad page map (2) 10 796d 976d 0/1 auto-closed as invalid on 2022/05/13 11:22
upstream BUG: Bad page map (2) mm syz 127 2021d 2078d 0/26 closed as invalid on 2018/09/05 12:51
android-5-10 BUG: Bad page map (2) 1 159d 159d 0/2 auto-obsoleted due to no activity on 2024/01/10 02:50
upstream BUG: Bad page map mm 1 2080d 2080d 0/26 closed as invalid on 2018/07/08 13:28
upstream BUG: Bad page map (3) kernel 4 1891d 2017d 0/26 auto-closed as invalid on 2019/07/13 00:02
linux-4.19 BUG: Bad page map 2 1293d 1351d 0/1 auto-closed as invalid on 2021/01/01 08:20
upstream BUG: Bad page map (7) mm C done 19 169d 191d 25/26 fixed on 2023/12/21 03:45
android-54 BUG: Bad page map (2) 7 158d 276d 0/2 auto-obsoleted due to no activity on 2024/01/10 18:32
linux-4.14 BUG: Bad page map 1 1338d 1338d 0/1 auto-closed as invalid on 2020/11/16 16:05
upstream BUG: Bad page map (6) mm 1 343d 339d 0/26 auto-obsoleted due to no activity on 2023/07/09 13:20
android-54 BUG: Bad page map 1 572d 572d 0/2 auto-obsoleted due to no activity on 2022/12/23 04:05

Sample crash report:
__swap_info_get: Bad swap file entry 3fc47ffffffff
BUG: Bad page map in process syz-executor.0  pte:7700000000000 pmd:00111067
addr:00007efd0202e000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:1b
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00770077 pmd:00111067
page:ffffea000001dc00 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x20170 pfn:0x770
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
memcg:ffff8880114d4000
anon flags: 0x7ff0000009001c(uptodate|dirty|lru|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 ffffea000001dc08 dead000000000400
raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000
head: 007ff0000009001c ffffea0002aac348 ffffea0002aac208 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000100000000 ffff8880114d4000
page dumped because: bad pte
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846499362, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
addr:00007efd02090000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7d
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:77770000000077 pmd:00111067
addr:00007efd02091000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7e
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 vm_normal_page+0x10c/0x2a0 mm/memory.c:625
 zap_pte_range mm/memory.c:1338 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0xb0e/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
__swap_info_get: Bad swap file entry 3c47fffffffff
BUG: Bad page map in process syz-executor.0  pte:77000000000000 pmd:00111067
addr:00007efd02092000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7f
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00770077 pmd:00111067
page:ffffea000001dc00 refcount:1 mapcount:-2 mapping:0000000000000000 index:0x20170 pfn:0x770
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
memcg:ffff8880114d4000
anon flags: 0x7ff0000009001c(uptodate|dirty|lru|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 ffffea000001dc08 dead000000000400
raw: 0000000000000000 0000000000000000 00000000fffffffd 0000000000000000
head: 007ff0000009001c ffffea0002aac348 ffffea0002aac208 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000100000000 ffff8880114d4000
page dumped because: bad pte
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846499362, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
addr:00007efd020f4000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e1
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:77077000000077 pmd:00111067
addr:00007efd020f5000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e2
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 vm_normal_page+0x10c/0x2a0 mm/memory.c:625
 zap_pte_range mm/memory.c:1338 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0xb0e/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
__swap_info_get: Bad swap file entry 3c47fffffffff
BUG: Bad page map in process syz-executor.0  pte:77000000000000 pmd:00111067
addr:00007efd020f6000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e3
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00077077 pmd:00111067
page:ffffea0000001dc0 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x77
flags: 0x7ff0000000100a(referenced|dirty|reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff0000000100a ffffea0000001dc8 ffffea0000001dc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001fffffffe 0000000000000000
page dumped because: bad pte
page_owner info is not present (never set?)
addr:00007efd02158000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:145
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00601
page:ffffea0000018040 refcount:0 mapcount:2 mapping:0000000000000000 index:0x20001 pfn:0x601
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
anon flags: 0x7ff0000009000c(uptodate|dirty|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 0000000000010903 dead000000000200
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
head: 007ff0000009000c dead000000000100 dead000000000122 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero compound_mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449561, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 free_tail_pages_check+0x25b/0x2d0 mm/page_alloc.c:1229
 free_pages_prepare mm/page_alloc.c:1319 [inline]
 free_pcp_prepare+0x560/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00602
page:ffffea0000018080 refcount:0 mapcount:1 mapping:0000000000000000 index:0xdead000000000122 pfn:0x602
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000000000 0000000000000000
raw: dead000000000122 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449707, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00603
page:ffffea00000180c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x603
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000180c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449844, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00604
page:ffffea0000018100 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x604
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018108 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449974, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00605
page:ffffea0000018140 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x605
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018148 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450097, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00606
page:ffffea0000018180 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x606
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018188 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450236, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00607
page:ffffea00000181c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x607
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000181c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450361, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00608
page:ffffea0000018200 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x608
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018208 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450453, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00609
page:ffffea0000018240 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x609
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018248 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450615, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060a
page:ffffea0000018280 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60a
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018288 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450740, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060b
page:ffffea00000182c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60b
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000182c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450880, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060c
page:ffffea0000018300 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60c
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018308 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846451008, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060d
page:ffffea0000018340 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60d
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018348 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846451136, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060e
page:ffffea0000018380 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60e
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018388 0000000000000000

Crashes (39):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/01 23:35 upstream 58e1100fdc59 61f86278 .config console log report info ci-upstream-kasan-gce-selinux-root BUG: Bad page map
2021/11/27 18:03 upstream c5c17547b778 63eeac02 .config console log report info ci-upstream-kasan-gce BUG: Bad page map
2021/11/25 16:54 upstream 5f53fa508db0 545ab074 .config console log report info ci-upstream-kasan-gce BUG: Bad page map
2021/11/06 03:09 upstream d4439a1189f9 4c1be0be .config console log report info ci-upstream-kasan-gce-root BUG: Bad page map
2021/11/01 22:43 upstream e66435936756 098b5d53 .config console log report info ci-upstream-kasan-gce-selinux-root BUG: Bad page map
2021/10/25 07:36 upstream 87066fdd2e30 4f0000ee .config console log report info ci-upstream-kasan-gce BUG: Bad page map
2021/08/24 20:56 upstream 6e764bcd1cf7 b599f2fc .config console log report info ci-upstream-kasan-gce-selinux-root BUG: Bad page map
2021/08/13 14:23 upstream f8e6dfc64f61 3fd2ea69 .config console log report info ci-upstream-kasan-gce-386 BUG: Bad page map
2021/07/13 23:21 upstream 40226a3d96ef fa0594c3 .config console log report info ci-upstream-kasan-gce-386 BUG: Bad page map
2021/04/23 06:10 net-next-old 57e222475545 590921a5 .config console log report info ci-upstream-net-kasan-gce BUG: Bad page map
2021/04/22 15:53 net-next-old 5d869070569a 33c28d03 .config console log report info ci-upstream-net-kasan-gce BUG: Bad page map
2021/12/03 04:24 linux-next f81e94e91878 61f86278 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/12/03 03:45 linux-next f81e94e91878 61f86278 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/12/02 01:34 linux-next f81e94e91878 61f86278 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/11/28 08:28 linux-next f81e94e91878 63eeac02 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/04/30 19:52 linux-next e3d35712f85a 77e2b668 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/04/26 20:55 linux-next e3d35712f85a e60b7df1 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/04/24 14:45 linux-next e3d35712f85a 17f0b706 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2021/04/24 01:30 linux-next e3d35712f85a 17f0b706 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2020/10/06 08:27 upstream 7575fdda569b 1880b4a9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/28 12:58 upstream a1b8638ba132 6bfdbe89 .config console log report info ci-upstream-kasan-gce-root
2020/09/28 11:37 upstream a1b8638ba132 6bfdbe89 .config console log report info ci-upstream-kasan-gce
2020/09/25 17:13 upstream 171d4ff79f96 4a006f63 .config console log report info ci-upstream-kasan-gce
2020/09/15 22:28 upstream fc4f28bb3daf 6989d6f6 .config console log report info ci-upstream-kasan-gce
2020/08/16 17:55 upstream 4b6c093e21d3 424dd8e7 .config console log report ci-upstream-kasan-gce
2020/07/23 23:55 upstream d15be546031c 70c104a1 .config console log report ci-upstream-kasan-gce
2020/07/21 01:24 upstream 5714ee50bb43 4285ffa3 .config console log report ci-upstream-kasan-gce
2020/07/10 05:11 upstream 0bddd227f3dc bc238812 .config console log report ci-upstream-kasan-gce
2020/05/28 02:04 upstream b0c3ba31be3e 142a0957 .config console log report ci-upstream-kasan-gce
2020/03/11 21:25 upstream e3a36eb6dfae e7caca8e .config console log report ci-upstream-kasan-gce
2020/03/07 07:36 upstream fb279f4e2386 fd2a5f28 .config console log report ci-upstream-kasan-gce
2020/09/02 20:38 upstream 9c7d619be5a0 abf9ba4f .config console log report ci-upstream-kasan-gce-386
2020/03/29 01:56 upstream 906c40438bb6 05736b29 .config console log report ci-upstream-kasan-gce-386
2021/01/11 07:47 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 841081d89d5a 2c1f2513 .config console log report info ci2-upstream-usb
2020/08/29 11:20 linux-next b36c969764ab d5a3ae1f .config console log report ci-upstream-linux-next-kasan-gce-root
2020/08/24 13:22 linux-next d8be0e12a522 67b599d1 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/07/01 22:54 linux-next aab2003999e7 39acb39d .config console log report ci-upstream-linux-next-kasan-gce-root
2020/05/13 23:48 linux-next ac935d227366 a885920d .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/02 14:03 linux-next c99b17ac0399 c88c7b75 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.