Warning: Permanently added '[localhost]:25530' (ED25519) to the list of known hosts.
1970/01/01 00:03:34 parsed 1 programs
syzkaller login: [  221.548122][ T3324] cgroup: Unknown subsys name 'net'
[  221.765754][ T3324] cgroup: Unknown subsys name 'cpuset'
[  221.801739][ T3324] cgroup: Unknown subsys name 'rlimit'
[  222.666667][ T3324] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  233.754068][ T3331] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  237.943280][ T3336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.970822][ T3336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  239.634527][ T3336] hsr_slave_0: entered promiscuous mode
[  239.645283][ T3336] hsr_slave_1: entered promiscuous mode
[  240.537351][ T3336] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  240.566988][ T3336] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  240.585297][ T3336] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  240.604952][ T3336] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  241.849110][ T3336] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.566971][ T3336] veth0_vlan: entered promiscuous mode
[  246.630902][ T3336] veth1_vlan: entered promiscuous mode
[  246.806086][ T3336] veth0_macvtap: entered promiscuous mode
[  246.847028][ T3336] veth1_macvtap: entered promiscuous mode
[  247.033318][   T14] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.038118][   T14] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.038674][   T14] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.038993][   T14] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.893859][   T14] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.999740][   T14] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.214425][   T14] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.384876][   T14] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.705007][   T14] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  249.747946][   T14] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  249.784147][   T14] bond0 (unregistering): Released all slaves
[  249.986573][   T14] hsr_slave_0: left promiscuous mode
[  249.990103][   T14] hsr_slave_1: left promiscuous mode
[  250.007875][   T14] veth1_macvtap: left promiscuous mode
[  250.008424][   T14] veth0_macvtap: left promiscuous mode
[  250.008887][   T14] veth1_vlan: left promiscuous mode
[  250.009270][   T14] veth0_vlan: left promiscuous mode
1970/01/01 00:04:23 executed programs: 0
[  266.560873][ T3493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  266.595189][ T3493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  268.435958][ T3493] hsr_slave_0: entered promiscuous mode
[  268.444418][ T3493] hsr_slave_1: entered promiscuous mode
[  269.617010][ T3493] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  269.648236][ T3493] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  269.677333][ T3493] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  269.705548][ T3493] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  271.203236][ T3493] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.487115][ T3493] veth0_vlan: entered promiscuous mode
[  276.538955][ T3493] veth1_vlan: entered promiscuous mode
[  276.727927][ T3493] veth0_macvtap: entered promiscuous mode
[  276.764135][ T3493] veth1_macvtap: entered promiscuous mode
[  276.989653][  T104] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.992054][  T104] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.997330][  T104] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.999744][  T104] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
1970/01/01 00:04:37 executed programs: 2
[  277.697086][ T3592] ==================================================================
[  277.701231][ T3592] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x110/0x2d0
[  277.703861][ T3592] Read at addr fdf000000f7c1000 by task syz.2.17/3592
[  277.704637][ T3592] Pointer tag: [fd], memory tag: [fe]
[  277.704833][ T3592] 
[  277.705797][ T3592] CPU: 1 UID: 0 PID: 3592 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT 
[  277.706304][ T3592] Hardware name: linux,dummy-virt (DT)
[  277.706674][ T3592] Call trace:
[  277.707125][ T3592]  show_stack+0x18/0x24 (C)
[  277.707680][ T3592]  dump_stack_lvl+0x78/0x90
[  277.707939][ T3592]  print_report+0x108/0x61c
[  277.708147][ T3592]  kasan_report+0x88/0xac
[  277.708362][ T3592]  __do_kernel_fault+0x170/0x1c8
[  277.708593][ T3592]  do_bad_area+0x68/0x78
[  277.708797][ T3592]  do_tag_check_fault+0x34/0x44
[  277.708989][ T3592]  do_mem_abort+0x44/0x94
[  277.709171][ T3592]  el1_abort+0x40/0x60
[  277.709364][ T3592]  el1h_64_sync_handler+0x50/0xac
[  277.709572][ T3592]  el1h_64_sync+0x6c/0x70
[  277.709880][ T3592]  __kvm_pgtable_walk+0x110/0x2d0 (P)
[  277.710084][ T3592]  kvm_pgtable_walk+0xd0/0x164
[  277.710290][ T3592]  kvm_pgtable_stage2_destroy_range+0x3c/0x70
[  277.710508][ T3592]  kvm_stage2_destroy+0x74/0xd0
[  277.710773][ T3592]  kvm_free_stage2_pgd+0x4c/0x84
[  277.710999][ T3592]  kvm_uninit_stage2_mmu+0x1c/0x34
[  277.711217][ T3592]  kvm_arch_flush_shadow_all+0x6c/0x84
[  277.711436][ T3592]  kvm_mmu_notifier_release+0x30/0x84
[  277.711661][ T3592]  mmu_notifier_unregister+0x5c/0x11c
[  277.711881][ T3592]  kvm_destroy_vm+0x148/0x2b0
[  277.712146][ T3592]  kvm_vm_release+0x80/0xb0
[  277.712364][ T3592]  __fput+0xcc/0x2dc
[  277.712594][ T3592]  ____fput+0x14/0x20
[  277.712809][ T3592]  task_work_run+0x78/0xd4
[  277.713029][ T3592]  do_notify_resume+0x13c/0x16c
[  277.713247][ T3592]  el0_svc+0x108/0x10c
[  277.713464][ T3592]  el0t_64_sync_handler+0xa0/0xe4
[  277.713694][ T3592]  el0t_64_sync+0x1a4/0x1a8
[  277.714149][ T3592] 
[  277.714408][ T3592] The buggy address belongs to the physical page:
[  277.714961][ T3592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f7c1
[  277.715414][ T3592] flags: 0x1ffc80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x2)
[  277.716501][ T3592] raw: 01ffc80000000000 ffffc1ffc03df088 ffffc1ffc02393c8 0000000000000000
[  277.716687][ T3592] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  277.716885][ T3592] page dumped because: kasan: bad access detected
[  277.716985][ T3592] 
[  277.717062][ T3592] Memory state around the buggy address:
[  277.717384][ T3592]  fff000000f7c0e00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
[  277.717586][ T3592]  fff000000f7c0f00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
[  277.717728][ T3592] >fff000000f7c1000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  277.717860][ T3592]                    ^
[  277.718182][ T3592]  fff000000f7c1100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  277.718316][ T3592]  fff000000f7c1200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[  277.718482][ T3592] ==================================================================
[  277.720992][ T3592] Disabling lock debugging due to kernel taint
[  279.205436][ T3493] BUG: Bad page state in process syz-executor  pfn:48e4f
[  279.206042][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48e4f
[  279.206656][ T3493] flags: 0x1ffe00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x8)
[  279.206986][ T3493] raw: 01ffe00000000000 dead000000000100 dead000000000122 0000000000000000
[  279.207141][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  279.207230][ T3493] page dumped because: nonzero _refcount
[  279.207346][ T3493] Modules linked in:
[  279.208431][ T3493] CPU: 1 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  279.208811][ T3493] Tainted: [B]=BAD_PAGE
[  279.208931][ T3493] Hardware name: linux,dummy-virt (DT)
[  279.209046][ T3493] Call trace:
[  279.209131][ T3493]  show_stack+0x18/0x24 (C)
[  279.209386][ T3493]  dump_stack_lvl+0x78/0x90
[  279.209613][ T3493]  dump_stack+0x18/0x24
[  279.209840][ T3493]  bad_page+0x84/0x128
[  279.210064][ T3493]  check_new_page+0x104/0x130
[  279.210285][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  279.210505][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  279.210754][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  279.210986][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  279.211208][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  279.211427][ T3493]  alloc_pages_noprof+0x10/0x28
[  279.211644][ T3493]  __pud_alloc+0x44/0x294
[  279.211877][ T3493]  copy_page_range+0x1aec/0x2030
[  279.212199][ T3493]  dup_mmap+0x248/0x738
[  279.212477][ T3493]  copy_process+0xb10/0x1500
[  279.212705][ T3493]  kernel_clone+0x64/0x368
[  279.212937][ T3493]  __do_sys_clone+0x70/0xa8
[  279.213159][ T3493]  __arm64_sys_clone+0x20/0x2c
[  279.213381][ T3493]  invoke_syscall+0x48/0x110
[  279.213604][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  279.213837][ T3493]  do_el0_svc+0x1c/0x28
[  279.214101][ T3493]  el0_svc+0x34/0x10c
[  279.214328][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  279.214585][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  279.215635][ T3493] BUG: Bad page state in process syz-executor  pfn:4f7c1
[  279.215775][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f7c1
[  279.215947][ T3493] flags: 0x1ffc80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x2)
[  279.216205][ T3493] raw: 01ffc80000000000 dead000000000100 dead000000000122 0000000000000000
[  279.216378][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  279.216505][ T3493] page dumped because: nonzero _refcount
[  279.216596][ T3493] Modules linked in:
[  279.216765][ T3493] CPU: 1 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  279.217066][ T3493] Tainted: [B]=BAD_PAGE
[  279.217146][ T3493] Hardware name: linux,dummy-virt (DT)
[  279.217248][ T3493] Call trace:
[  279.217317][ T3493]  show_stack+0x18/0x24 (C)
[  279.217520][ T3493]  dump_stack_lvl+0x78/0x90
[  279.217715][ T3493]  dump_stack+0x18/0x24
[  279.217894][ T3493]  bad_page+0x84/0x128
[  279.218078][ T3493]  check_new_page+0x104/0x130
[  279.218267][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  279.218464][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  279.218686][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  279.218925][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  279.219136][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  279.219314][ T3493]  alloc_pages_noprof+0x10/0x28
[  279.219518][ T3493]  __pud_alloc+0x44/0x294
[  279.219752][ T3493]  copy_page_range+0x1aec/0x2030
[  279.219990][ T3493]  dup_mmap+0x248/0x738
[  279.220194][ T3493]  copy_process+0xb10/0x1500
[  279.220422][ T3493]  kernel_clone+0x64/0x368
[  279.220631][ T3493]  __do_sys_clone+0x70/0xa8
[  279.220847][ T3493]  __arm64_sys_clone+0x20/0x2c
[  279.221044][ T3493]  invoke_syscall+0x48/0x110
[  279.221216][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  279.221435][ T3493]  do_el0_svc+0x1c/0x28
[  279.221634][ T3493]  el0_svc+0x34/0x10c
[  279.221841][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  279.222163][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  282.257689][ T3597] BUG: Bad page state in process syz.2.20  pfn:4f7af
[  282.258198][ T3597] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f7af
[  282.258643][ T3597] flags: 0x1ffcc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3)
[  282.259043][ T3597] raw: 01ffcc0000000000 dead000000000100 dead000000000122 0000000000000000
[  282.259312][ T3597] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  282.259507][ T3597] page dumped because: nonzero _refcount
[  282.259677][ T3597] Modules linked in:
[  282.260055][ T3597] CPU: 0 UID: 0 PID: 3597 Comm: syz.2.20 Tainted: G    B               syzkaller #0 PREEMPT 
[  282.260359][ T3597] Tainted: [B]=BAD_PAGE
[  282.260459][ T3597] Hardware name: linux,dummy-virt (DT)
[  282.260570][ T3597] Call trace:
[  282.260658][ T3597]  show_stack+0x18/0x24 (C)
[  282.260921][ T3597]  dump_stack_lvl+0x78/0x90
[  282.261152][ T3597]  dump_stack+0x18/0x24
[  282.261392][ T3597]  bad_page+0x84/0x128
[  282.261614][ T3597]  check_new_page+0x104/0x130
[  282.261840][ T3597]  __rmqueue_pcplist+0x14c/0x1080
[  282.262142][ T3597]  get_page_from_freelist+0xa9c/0x19e0
[  282.262365][ T3597]  __alloc_frozen_pages_noprof+0x184/0xd34
[  282.262589][ T3597]  alloc_pages_mpol+0xb8/0x1b8
[  282.262854][ T3597]  alloc_frozen_pages_noprof+0x48/0xc0
[  282.263075][ T3597]  alloc_pages_noprof+0x10/0x28
[  282.263292][ T3597]  get_free_pages_noprof+0x14/0x70
[  282.263515][ T3597]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  282.263741][ T3597]  kvm_mmu_topup_memory_cache+0x18/0x24
[  282.263968][ T3597]  kvm_handle_guest_abort+0x7ec/0x115c
[  282.264192][ T3597]  handle_exit+0x60/0x184
[  282.264397][ T3597]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  282.264583][ T3597]  kvm_vcpu_ioctl+0x14c/0x878
[  282.264795][ T3597]  __arm64_sys_ioctl+0xac/0x104
[  282.264973][ T3597]  invoke_syscall+0x48/0x110
[  282.265152][ T3597]  el0_svc_common.constprop.0+0x40/0xe0
[  282.265356][ T3597]  do_el0_svc+0x1c/0x28
[  282.265554][ T3597]  el0_svc+0x34/0x10c
[  282.265743][ T3597]  el0t_64_sync_handler+0xa0/0xe4
[  282.265956][ T3597]  el0t_64_sync+0x1a4/0x1a8
[  282.267009][ T3597] BUG: Bad page state in process syz.2.20  pfn:4f592
[  282.267224][ T3597] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0xfbf000000f592f30 pfn:0x4f592
[  282.267476][ T3597] flags: 0x1ffe80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xa)
[  282.267824][ T3597] raw: 01ffe80000000000 dead000000000100 dead000000000122 0000000000000000
[  282.268105][ T3597] raw: fbf000000f592f30 0000000000000000 fffffe01ffffffff 0000000000000000
[  282.268298][ T3597] page dumped because: nonzero _refcount
[  282.268475][ T3597] Modules linked in:
[  282.268790][ T3597] CPU: 0 UID: 0 PID: 3597 Comm: syz.2.20 Tainted: G    B               syzkaller #0 PREEMPT 
[  282.269082][ T3597] Tainted: [B]=BAD_PAGE
[  282.269165][ T3597] Hardware name: linux,dummy-virt (DT)
[  282.269265][ T3597] Call trace:
[  282.269349][ T3597]  show_stack+0x18/0x24 (C)
[  282.269572][ T3597]  dump_stack_lvl+0x78/0x90
[  282.269782][ T3597]  dump_stack+0x18/0x24
[  282.269976][ T3597]  bad_page+0x84/0x128
[  282.270181][ T3597]  check_new_page+0x104/0x130
[  282.270379][ T3597]  __rmqueue_pcplist+0x14c/0x1080
[  282.270591][ T3597]  get_page_from_freelist+0xa9c/0x19e0
[  282.270849][ T3597]  __alloc_frozen_pages_noprof+0x184/0xd34
[  282.271073][ T3597]  alloc_pages_mpol+0xb8/0x1b8
[  282.271293][ T3597]  alloc_frozen_pages_noprof+0x48/0xc0
[  282.271512][ T3597]  alloc_pages_noprof+0x10/0x28
[  282.271733][ T3597]  get_free_pages_noprof+0x14/0x70
[  282.271961][ T3597]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  282.272269][ T3597]  kvm_mmu_topup_memory_cache+0x18/0x24
[  282.272526][ T3597]  kvm_handle_guest_abort+0x7ec/0x115c
[  282.272756][ T3597]  handle_exit+0x60/0x184
[  282.272986][ T3597]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  282.273208][ T3597]  kvm_vcpu_ioctl+0x14c/0x878
[  282.273405][ T3597]  __arm64_sys_ioctl+0xac/0x104
[  282.273599][ T3597]  invoke_syscall+0x48/0x110
[  282.273829][ T3597]  el0_svc_common.constprop.0+0x40/0xe0
[  282.274055][ T3597]  do_el0_svc+0x1c/0x28
[  282.274278][ T3597]  el0_svc+0x34/0x10c
[  282.274476][ T3597]  el0t_64_sync_handler+0xa0/0xe4
[  282.274675][ T3597]  el0t_64_sync+0x1a4/0x1a8
1970/01/01 00:04:43 executed programs: 6
[  283.427045][ T3598] BUG: Bad page state in process syz.2.21  pfn:48daa
[  283.427549][ T3598] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0xf0f0000008daa2d0 pfn:0x48daa
[  283.427712][ T3598] flags: 0x1ffcc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3)
[  283.427945][ T3598] raw: 01ffcc0000000000 dead000000000100 dead000000000122 0000000000000000
[  283.428164][ T3598] raw: f0f0000008daa2d0 0000000000000000 fffffe01ffffffff 0000000000000000
[  283.428742][ T3598] page dumped because: nonzero _refcount
[  283.428846][ T3598] Modules linked in:
[  283.429024][ T3598] CPU: 1 UID: 0 PID: 3598 Comm: syz.2.21 Tainted: G    B               syzkaller #0 PREEMPT 
[  283.429296][ T3598] Tainted: [B]=BAD_PAGE
[  283.429407][ T3598] Hardware name: linux,dummy-virt (DT)
[  283.429559][ T3598] Call trace:
[  283.429644][ T3598]  show_stack+0x18/0x24 (C)
[  283.429876][ T3598]  dump_stack_lvl+0x78/0x90
[  283.430102][ T3598]  dump_stack+0x18/0x24
[  283.430327][ T3598]  bad_page+0x84/0x128
[  283.430544][ T3598]  check_new_page+0x104/0x130
[  283.430786][ T3598]  __rmqueue_pcplist+0x14c/0x1080
[  283.431011][ T3598]  get_page_from_freelist+0xa9c/0x19e0
[  283.431217][ T3598]  __alloc_frozen_pages_noprof+0x184/0xd34
[  283.431437][ T3598]  alloc_pages_mpol+0xb8/0x1b8
[  283.431654][ T3598]  alloc_frozen_pages_noprof+0x48/0xc0
[  283.431869][ T3598]  alloc_pages_noprof+0x10/0x28
[  283.432124][ T3598]  get_free_pages_noprof+0x14/0x70
[  283.432293][ T3598]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  283.432410][ T3598]  kvm_mmu_topup_memory_cache+0x18/0x24
[  283.432523][ T3598]  kvm_handle_guest_abort+0x7ec/0x115c
[  283.432685][ T3598]  handle_exit+0x60/0x184
[  283.432879][ T3598]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  283.433122][ T3598]  kvm_vcpu_ioctl+0x14c/0x878
[  283.433347][ T3598]  __arm64_sys_ioctl+0xac/0x104
[  283.433582][ T3598]  invoke_syscall+0x48/0x110
[  283.433819][ T3598]  el0_svc_common.constprop.0+0x40/0xe0
[  283.434057][ T3598]  do_el0_svc+0x1c/0x28
[  283.434291][ T3598]  el0_svc+0x34/0x10c
[  283.434505][ T3598]  el0t_64_sync_handler+0xa0/0xe4
[  283.434737][ T3598]  el0t_64_sync+0x1a4/0x1a8
[  283.436701][ T3598] BUG: Bad page state in process syz.2.21  pfn:48c81
[  283.436840][ T3598] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48c81
[  283.436996][ T3598] flags: 0x1ffe00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x8)
[  283.437232][ T3598] raw: 01ffe00000000000 dead000000000100 dead000000000122 0000000000000000
[  283.437377][ T3598] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  283.437507][ T3598] page dumped because: nonzero _refcount
[  283.437601][ T3598] Modules linked in:
[  283.437761][ T3598] CPU: 1 UID: 0 PID: 3598 Comm: syz.2.21 Tainted: G    B               syzkaller #0 PREEMPT 
[  283.438029][ T3598] Tainted: [B]=BAD_PAGE
[  283.438115][ T3598] Hardware name: linux,dummy-virt (DT)
[  283.438213][ T3598] Call trace:
[  283.438296][ T3598]  show_stack+0x18/0x24 (C)
[  283.438512][ T3598]  dump_stack_lvl+0x78/0x90
[  283.438769][ T3598]  dump_stack+0x18/0x24
[  283.438978][ T3598]  bad_page+0x84/0x128
[  283.439178][ T3598]  check_new_page+0x104/0x130
[  283.439376][ T3598]  __rmqueue_pcplist+0x14c/0x1080
[  283.439586][ T3598]  get_page_from_freelist+0xa9c/0x19e0
[  283.439791][ T3598]  __alloc_frozen_pages_noprof+0x184/0xd34
[  283.439995][ T3598]  alloc_pages_mpol+0xb8/0x1b8
[  283.440194][ T3598]  alloc_frozen_pages_noprof+0x48/0xc0
[  283.440396][ T3598]  alloc_pages_noprof+0x10/0x28
[  283.440624][ T3598]  get_free_pages_noprof+0x14/0x70
[  283.440829][ T3598]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  283.441034][ T3598]  kvm_mmu_topup_memory_cache+0x18/0x24
[  283.441254][ T3598]  kvm_handle_guest_abort+0x7ec/0x115c
[  283.441494][ T3598]  handle_exit+0x60/0x184
[  283.441715][ T3598]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  283.441918][ T3598]  kvm_vcpu_ioctl+0x14c/0x878
[  283.442204][ T3598]  __arm64_sys_ioctl+0xac/0x104
[  283.442380][ T3598]  invoke_syscall+0x48/0x110
[  283.442578][ T3598]  el0_svc_common.constprop.0+0x40/0xe0
[  283.442805][ T3598]  do_el0_svc+0x1c/0x28
[  283.443021][ T3598]  el0_svc+0x34/0x10c
[  283.443232][ T3598]  el0t_64_sync_handler+0xa0/0xe4
[  283.443467][ T3598]  el0t_64_sync+0x1a4/0x1a8
[  283.491699][ T3598] BUG: Bad page state in process syz.2.21  pfn:4f7a1
[  283.491862][ T3598] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f7a1
[  283.492739][ T3598] flags: 0x1fffc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf)
[  283.492971][ T3598] raw: 01fffc0000000000 dead000000000100 dead000000000122 0000000000000000
[  283.493120][ T3598] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  283.493224][ T3598] page dumped because: nonzero _refcount
[  283.493329][ T3598] Modules linked in:
[  283.493503][ T3598] CPU: 1 UID: 0 PID: 3598 Comm: syz.2.21 Tainted: G    B               syzkaller #0 PREEMPT 
[  283.493807][ T3598] Tainted: [B]=BAD_PAGE
[  283.493899][ T3598] Hardware name: linux,dummy-virt (DT)
[  283.494001][ T3598] Call trace:
[  283.494099][ T3598]  show_stack+0x18/0x24 (C)
[  283.494335][ T3598]  dump_stack_lvl+0x78/0x90
[  283.494572][ T3598]  dump_stack+0x18/0x24
[  283.496366][ T3598]  bad_page+0x84/0x128
[  283.496616][ T3598]  check_new_page+0x104/0x130
[  283.496823][ T3598]  __rmqueue_pcplist+0x14c/0x1080
[  283.497029][ T3598]  get_page_from_freelist+0xa9c/0x19e0
[  283.497234][ T3598]  __alloc_frozen_pages_noprof+0x184/0xd34
[  283.497460][ T3598]  alloc_pages_mpol+0xb8/0x1b8
[  283.497693][ T3598]  alloc_frozen_pages_noprof+0x48/0xc0
[  283.497897][ T3598]  alloc_pages_noprof+0x10/0x28
[  283.498102][ T3598]  get_free_pages_noprof+0x14/0x70
[  283.498311][ T3598]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  283.498516][ T3598]  kvm_mmu_topup_memory_cache+0x18/0x24
[  283.498754][ T3598]  kvm_handle_guest_abort+0x7ec/0x115c
[  283.498963][ T3598]  handle_exit+0x60/0x184
[  283.499164][ T3598]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  283.499370][ T3598]  kvm_vcpu_ioctl+0x14c/0x878
[  283.499584][ T3598]  __arm64_sys_ioctl+0xac/0x104
[  283.499798][ T3598]  invoke_syscall+0x48/0x110
[  283.500007][ T3598]  el0_svc_common.constprop.0+0x40/0xe0
[  283.500213][ T3598]  do_el0_svc+0x1c/0x28
[  283.500432][ T3598]  el0_svc+0x34/0x10c
[  283.500666][ T3598]  el0t_64_sync_handler+0xa0/0xe4
[  283.500875][ T3598]  el0t_64_sync+0x1a4/0x1a8
[  283.501240][ T3598] BUG: Bad page state in process syz.2.21  pfn:43dac
[  283.501920][ T3598] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0xf9f0000003dac120 pfn:0x43dac
[  283.502392][ T3598] flags: 0x1fffc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf)
[  283.502647][ T3598] raw: 01fffc0000000000 dead000000000100 dead000000000122 0000000000000000
[  283.502837][ T3598] raw: f9f0000003dac120 0000000000000000 fffffe01ffffffff 0000000000000000
[  283.502941][ T3598] page dumped because: nonzero _refcount
[  283.503042][ T3598] Modules linked in:
[  283.503202][ T3598] CPU: 1 UID: 0 PID: 3598 Comm: syz.2.21 Tainted: G    B               syzkaller #0 PREEMPT 
[  283.503476][ T3598] Tainted: [B]=BAD_PAGE
[  283.503577][ T3598] Hardware name: linux,dummy-virt (DT)
[  283.503679][ T3598] Call trace:
[  283.503776][ T3598]  show_stack+0x18/0x24 (C)
[  283.503994][ T3598]  dump_stack_lvl+0x78/0x90
[  283.504200][ T3598]  dump_stack+0x18/0x24
[  283.504403][ T3598]  bad_page+0x84/0x128
[  283.504616][ T3598]  check_new_page+0x104/0x130
[  283.504821][ T3598]  __rmqueue_pcplist+0x14c/0x1080
[  283.505028][ T3598]  get_page_from_freelist+0xa9c/0x19e0
[  283.505233][ T3598]  __alloc_frozen_pages_noprof+0x184/0xd34
[  283.505437][ T3598]  alloc_pages_mpol+0xb8/0x1b8
[  283.505650][ T3598]  alloc_frozen_pages_noprof+0x48/0xc0
[  283.505853][ T3598]  alloc_pages_noprof+0x10/0x28
[  283.506056][ T3598]  get_free_pages_noprof+0x14/0x70
[  283.506267][ T3598]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  283.506473][ T3598]  kvm_mmu_topup_memory_cache+0x18/0x24
[  283.506698][ T3598]  kvm_handle_guest_abort+0x7ec/0x115c
[  283.506934][ T3598]  handle_exit+0x60/0x184
[  283.507161][ T3598]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  283.507384][ T3598]  kvm_vcpu_ioctl+0x14c/0x878
[  283.507606][ T3598]  __arm64_sys_ioctl+0xac/0x104
[  283.507815][ T3598]  invoke_syscall+0x48/0x110
[  283.508020][ T3598]  el0_svc_common.constprop.0+0x40/0xe0
[  283.508245][ T3598]  do_el0_svc+0x1c/0x28
[  283.508458][ T3598]  el0_svc+0x34/0x10c
[  283.508673][ T3598]  el0t_64_sync_handler+0xa0/0xe4
[  283.508898][ T3598]  el0t_64_sync+0x1a4/0x1a8
[  285.698855][ T3493] BUG: Bad page state in process syz-executor  pfn:4f843
[  285.699357][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f843
[  285.699756][ T3493] flags: 0x1ffd00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x4)
[  285.700103][ T3493] raw: 01ffd00000000000 dead000000000100 dead000000000122 0000000000000000
[  285.700368][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  285.700558][ T3493] page dumped because: nonzero _refcount
[  285.700736][ T3493] Modules linked in:
[  285.701081][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  285.701377][ T3493] Tainted: [B]=BAD_PAGE
[  285.701468][ T3493] Hardware name: linux,dummy-virt (DT)
[  285.701579][ T3493] Call trace:
[  285.701652][ T3493]  show_stack+0x18/0x24 (C)
[  285.701888][ T3493]  dump_stack_lvl+0x78/0x90
[  285.702166][ T3493]  dump_stack+0x18/0x24
[  285.702382][ T3493]  bad_page+0x84/0x128
[  285.702600][ T3493]  check_new_page+0x104/0x130
[  285.702863][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  285.703090][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  285.703311][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  285.703528][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  285.703745][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  285.703935][ T3493]  copy_process+0x928/0x1500
[  285.704146][ T3493]  kernel_clone+0x64/0x368
[  285.704331][ T3493]  __do_sys_clone+0x70/0xa8
[  285.704532][ T3493]  __arm64_sys_clone+0x20/0x2c
[  285.704749][ T3493]  invoke_syscall+0x48/0x110
[  285.704975][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  285.705183][ T3493]  do_el0_svc+0x1c/0x28
[  285.705397][ T3493]  el0_svc+0x34/0x10c
[  285.705596][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  285.705810][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  285.706806][ T3493] BUG: Bad page state in process syz-executor  pfn:48d78
[  285.707037][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0xf8f0000008d781b0 pfn:0x48d78
[  285.707276][ T3493] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9)
[  285.707624][ T3493] raw: 01ffe40000000000 dead000000000100 dead000000000122 0000000000000000
[  285.707903][ T3493] raw: f8f0000008d781b0 0000000000000000 fffffe01ffffffff 0000000000000000
[  285.708079][ T3493] page dumped because: nonzero _refcount
[  285.708237][ T3493] Modules linked in:
[  285.708580][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  285.708859][ T3493] Tainted: [B]=BAD_PAGE
[  285.708942][ T3493] Hardware name: linux,dummy-virt (DT)
[  285.709037][ T3493] Call trace:
[  285.709115][ T3493]  show_stack+0x18/0x24 (C)
[  285.709319][ T3493]  dump_stack_lvl+0x78/0x90
[  285.709503][ T3493]  dump_stack+0x18/0x24
[  285.709706][ T3493]  bad_page+0x84/0x128
[  285.709915][ T3493]  check_new_page+0x104/0x130
[  285.710100][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  285.710308][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  285.710524][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  285.710762][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  285.710984][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  285.711195][ T3493]  copy_process+0x928/0x1500
[  285.711402][ T3493]  kernel_clone+0x64/0x368
[  285.711601][ T3493]  __do_sys_clone+0x70/0xa8
[  285.711823][ T3493]  __arm64_sys_clone+0x20/0x2c
[  285.712125][ T3493]  invoke_syscall+0x48/0x110
[  285.712355][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  285.712579][ T3493]  do_el0_svc+0x1c/0x28
[  285.712811][ T3493]  el0_svc+0x34/0x10c
[  285.713034][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  285.713255][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  286.744671][ T3493] BUG: Bad page state in process syz-executor  pfn:4f873
[  286.745084][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f873
[  286.745504][ T3493] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5)
[  286.745833][ T3493] raw: 01ffd40000000000 dead000000000100 dead000000000122 0000000000000000
[  286.746085][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  286.746265][ T3493] page dumped because: nonzero _refcount
[  286.746416][ T3493] Modules linked in:
[  286.746775][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  286.747048][ T3493] Tainted: [B]=BAD_PAGE
[  286.747135][ T3493] Hardware name: linux,dummy-virt (DT)
[  286.747234][ T3493] Call trace:
[  286.747310][ T3493]  show_stack+0x18/0x24 (C)
[  286.747546][ T3493]  dump_stack_lvl+0x78/0x90
[  286.747754][ T3493]  dump_stack+0x18/0x24
[  286.747948][ T3493]  bad_page+0x84/0x128
[  286.748140][ T3493]  check_new_page+0x104/0x130
[  286.748347][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  286.748549][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  286.748744][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  286.748932][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  286.749129][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  286.749324][ T3493]  copy_process+0x928/0x1500
[  286.749540][ T3493]  kernel_clone+0x64/0x368
[  286.749740][ T3493]  __do_sys_clone+0x70/0xa8
[  286.749950][ T3493]  __arm64_sys_clone+0x20/0x2c
[  286.750147][ T3493]  invoke_syscall+0x48/0x110
[  286.750334][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  286.750535][ T3493]  do_el0_svc+0x1c/0x28
[  286.750760][ T3493]  el0_svc+0x34/0x10c
[  286.750951][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  286.751148][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  286.751481][ T3493] BUG: Bad page state in process syz-executor  pfn:4f847
[  286.751699][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f847
[  286.751937][ T3493] flags: 0x1fffc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf)
[  286.752707][ T3493] raw: 01fffc0000000000 dead000000000100 dead000000000122 0000000000000000
[  286.752953][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  286.753145][ T3493] page dumped because: nonzero _refcount
[  286.753311][ T3493] Modules linked in:
[  286.753647][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  286.753926][ T3493] Tainted: [B]=BAD_PAGE
[  286.754013][ T3493] Hardware name: linux,dummy-virt (DT)
[  286.754104][ T3493] Call trace:
[  286.754174][ T3493]  show_stack+0x18/0x24 (C)
[  286.754371][ T3493]  dump_stack_lvl+0x78/0x90
[  286.754583][ T3493]  dump_stack+0x18/0x24
[  286.754816][ T3493]  bad_page+0x84/0x128
[  286.755019][ T3493]  check_new_page+0x104/0x130
[  286.755211][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  286.755409][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  286.755629][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  286.755822][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  286.756022][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  286.756221][ T3493]  copy_process+0x928/0x1500
[  286.756429][ T3493]  kernel_clone+0x64/0x368
[  286.756638][ T3493]  __do_sys_clone+0x70/0xa8
[  286.756828][ T3493]  __arm64_sys_clone+0x20/0x2c
[  286.757016][ T3493]  invoke_syscall+0x48/0x110
[  286.757218][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  286.757426][ T3493]  do_el0_svc+0x1c/0x28
[  286.757644][ T3493]  el0_svc+0x34/0x10c
[  286.757858][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  286.758063][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  288.218993][ T3602] BUG: Bad page state in process syz.2.25  pfn:4f8a8
[  288.219275][ T3602] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8a8
[  288.219504][ T3602] flags: 0x1ffd80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6)
[  288.219717][ T3602] raw: 01ffd80000000000 dead000000000100 dead000000000122 0000000000000000
[  288.219855][ T3602] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  288.219958][ T3602] page dumped because: nonzero _refcount
[  288.220049][ T3602] Modules linked in:
[  288.220238][ T3602] CPU: 0 UID: 0 PID: 3602 Comm: syz.2.25 Tainted: G    B               syzkaller #0 PREEMPT 
[  288.220398][ T3602] Tainted: [B]=BAD_PAGE
[  288.220449][ T3602] Hardware name: linux,dummy-virt (DT)
[  288.220507][ T3602] Call trace:
[  288.220559][ T3602]  show_stack+0x18/0x24 (C)
[  288.220692][ T3602]  dump_stack_lvl+0x78/0x90
[  288.220810][ T3602]  dump_stack+0x18/0x24
[  288.220924][ T3602]  bad_page+0x84/0x128
[  288.221039][ T3602]  check_new_page+0x104/0x130
[  288.221153][ T3602]  __rmqueue_pcplist+0x14c/0x1080
[  288.221267][ T3602]  get_page_from_freelist+0xa9c/0x19e0
[  288.221405][ T3602]  __alloc_frozen_pages_noprof+0x184/0xd34
[  288.221521][ T3602]  alloc_pages_mpol+0xb8/0x1b8
[  288.221639][ T3602]  alloc_frozen_pages_noprof+0x48/0xc0
[  288.221751][ T3602]  alloc_pages_noprof+0x10/0x28
[  288.221864][ T3602]  get_free_pages_noprof+0x14/0x70
[  288.222023][ T3602]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  288.222157][ T3602]  kvm_mmu_topup_memory_cache+0x18/0x24
[  288.222271][ T3602]  kvm_handle_guest_abort+0x7ec/0x115c
[  288.222386][ T3602]  handle_exit+0x60/0x184
[  288.222500][ T3602]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  288.222626][ T3602]  kvm_vcpu_ioctl+0x14c/0x878
[  288.222792][ T3602]  __arm64_sys_ioctl+0xac/0x104
[  288.222915][ T3602]  invoke_syscall+0x48/0x110
[  288.223031][ T3602]  el0_svc_common.constprop.0+0x40/0xe0
[  288.223146][ T3602]  do_el0_svc+0x1c/0x28
[  288.223261][ T3602]  el0_svc+0x34/0x10c
[  288.223376][ T3602]  el0t_64_sync_handler+0xa0/0xe4
[  288.223491][ T3602]  el0t_64_sync+0x1a4/0x1a8
[  288.224356][ T3602] BUG: Bad page state in process syz.2.25  pfn:4f87c
[  288.224484][ T3602] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f87c
[  288.224628][ T3602] flags: 0x1ffec0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xb)
[  288.224807][ T3602] raw: 01ffec0000000000 dead000000000100 dead000000000122 0000000000000000
[  288.224980][ T3602] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  288.225091][ T3602] page dumped because: nonzero _refcount
[  288.225182][ T3602] Modules linked in:
[  288.225360][ T3602] CPU: 0 UID: 0 PID: 3602 Comm: syz.2.25 Tainted: G    B               syzkaller #0 PREEMPT 
[  288.225517][ T3602] Tainted: [B]=BAD_PAGE
[  288.225576][ T3602] Hardware name: linux,dummy-virt (DT)
[  288.225659][ T3602] Call trace:
[  288.225720][ T3602]  show_stack+0x18/0x24 (C)
[  288.225861][ T3602]  dump_stack_lvl+0x78/0x90
[  288.226000][ T3602]  dump_stack+0x18/0x24
[  288.226114][ T3602]  bad_page+0x84/0x128
[  288.226229][ T3602]  check_new_page+0x104/0x130
[  288.226342][ T3602]  __rmqueue_pcplist+0x14c/0x1080
[  288.226456][ T3602]  get_page_from_freelist+0xa9c/0x19e0
[  288.226581][ T3602]  __alloc_frozen_pages_noprof+0x184/0xd34
[  288.226772][ T3602]  alloc_pages_mpol+0xb8/0x1b8
[  288.226923][ T3602]  alloc_frozen_pages_noprof+0x48/0xc0
[  288.227038][ T3602]  alloc_pages_noprof+0x10/0x28
[  288.227150][ T3602]  get_free_pages_noprof+0x14/0x70
[  288.227264][ T3602]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  288.227377][ T3602]  kvm_mmu_topup_memory_cache+0x18/0x24
[  288.227489][ T3602]  kvm_handle_guest_abort+0x7ec/0x115c
[  288.227610][ T3602]  handle_exit+0x60/0x184
[  288.227722][ T3602]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  288.227838][ T3602]  kvm_vcpu_ioctl+0x14c/0x878
[  288.227954][ T3602]  __arm64_sys_ioctl+0xac/0x104
[  288.228070][ T3602]  invoke_syscall+0x48/0x110
[  288.228222][ T3602]  el0_svc_common.constprop.0+0x40/0xe0
[  288.228344][ T3602]  do_el0_svc+0x1c/0x28
[  288.228459][ T3602]  el0_svc+0x34/0x10c
[  288.228580][ T3602]  el0t_64_sync_handler+0xa0/0xe4
[  288.228724][ T3602]  el0t_64_sync+0x1a4/0x1a8
1970/01/01 00:04:49 executed programs: 11
[  290.552918][ T3493] BUG: Bad page state in process syz-executor  pfn:4f8ea
[  290.553180][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8ea
[  290.553422][ T3493] flags: 0x1fff80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xe)
[  290.553616][ T3493] raw: 01fff80000000000 dead000000000100 dead000000000122 0000000000000000
[  290.553752][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  290.553866][ T3493] page dumped because: nonzero _refcount
[  290.553960][ T3493] Modules linked in:
[  290.554154][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  290.554315][ T3493] Tainted: [B]=BAD_PAGE
[  290.554365][ T3493] Hardware name: linux,dummy-virt (DT)
[  290.554423][ T3493] Call trace:
[  290.554494][ T3493]  show_stack+0x18/0x24 (C)
[  290.554634][ T3493]  dump_stack_lvl+0x78/0x90
[  290.554806][ T3493]  dump_stack+0x18/0x24
[  290.554924][ T3493]  bad_page+0x84/0x128
[  290.555041][ T3493]  check_new_page+0x104/0x130
[  290.555155][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  290.555269][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  290.555384][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  290.555498][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  290.555615][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  290.555727][ T3493]  copy_process+0x928/0x1500
[  290.555858][ T3493]  kernel_clone+0x64/0x368
[  290.556010][ T3493]  __do_sys_clone+0x70/0xa8
[  290.556180][ T3493]  __arm64_sys_clone+0x20/0x2c
[  290.556345][ T3493]  invoke_syscall+0x48/0x110
[  290.556514][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  290.556687][ T3493]  do_el0_svc+0x1c/0x28
[  290.556872][ T3493]  el0_svc+0x34/0x10c
[  290.557059][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  290.557240][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  290.557546][ T3493] BUG: Bad page state in process syz-executor  pfn:4f8be
[  290.557707][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8be
[  290.557847][ T3493] flags: 0x1fffc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf)
[  290.558025][ T3493] raw: 01fffc0000000000 dead000000000100 dead000000000122 0000000000000000
[  290.558160][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  290.558261][ T3493] page dumped because: nonzero _refcount
[  290.558355][ T3493] Modules linked in:
[  290.558531][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  290.558690][ T3493] Tainted: [B]=BAD_PAGE
[  290.558782][ T3493] Hardware name: linux,dummy-virt (DT)
[  290.558842][ T3493] Call trace:
[  290.558886][ T3493]  show_stack+0x18/0x24 (C)
[  290.559023][ T3493]  dump_stack_lvl+0x78/0x90
[  290.559140][ T3493]  dump_stack+0x18/0x24
[  290.559253][ T3493]  bad_page+0x84/0x128
[  290.559368][ T3493]  check_new_page+0x104/0x130
[  290.559481][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  290.559600][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  290.559715][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  290.559833][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  290.559946][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  290.560058][ T3493]  copy_process+0x928/0x1500
[  290.560173][ T3493]  kernel_clone+0x64/0x368
[  290.560288][ T3493]  __do_sys_clone+0x70/0xa8
[  290.560441][ T3493]  __arm64_sys_clone+0x20/0x2c
[  290.560564][ T3493]  invoke_syscall+0x48/0x110
[  290.560719][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  290.560852][ T3493]  do_el0_svc+0x1c/0x28
[  290.560966][ T3493]  el0_svc+0x34/0x10c
[  290.561081][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  290.561214][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  291.939126][ T3605] BUG: Bad page state in process syz.2.28  pfn:4f920
[  291.939624][ T3605] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f920
[  291.940034][ T3605] flags: 0x1ffdc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x7)
[  291.940371][ T3605] raw: 01ffdc0000000000 dead000000000100 dead000000000122 0000000000000000
[  291.940602][ T3605] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  291.940767][ T3605] page dumped because: nonzero _refcount
[  291.940920][ T3605] Modules linked in:
[  291.941242][ T3605] CPU: 0 UID: 0 PID: 3605 Comm: syz.2.28 Tainted: G    B               syzkaller #0 PREEMPT 
[  291.941549][ T3605] Tainted: [B]=BAD_PAGE
[  291.941646][ T3605] Hardware name: linux,dummy-virt (DT)
[  291.941753][ T3605] Call trace:
[  291.941834][ T3605]  show_stack+0x18/0x24 (C)
[  291.942114][ T3605]  dump_stack_lvl+0x78/0x90
[  291.942342][ T3605]  dump_stack+0x18/0x24
[  291.942532][ T3605]  bad_page+0x84/0x128
[  291.942762][ T3605]  check_new_page+0x104/0x130
[  291.942964][ T3605]  __rmqueue_pcplist+0x14c/0x1080
[  291.943149][ T3605]  get_page_from_freelist+0xa9c/0x19e0
[  291.943339][ T3605]  __alloc_frozen_pages_noprof+0x184/0xd34
[  291.943532][ T3605]  alloc_pages_mpol+0xb8/0x1b8
[  291.943732][ T3605]  alloc_frozen_pages_noprof+0x48/0xc0
[  291.943950][ T3605]  alloc_pages_noprof+0x10/0x28
[  291.944134][ T3605]  get_free_pages_noprof+0x14/0x70
[  291.944308][ T3605]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  291.944489][ T3605]  kvm_mmu_topup_memory_cache+0x18/0x24
[  291.944669][ T3605]  kvm_handle_guest_abort+0x7ec/0x115c
[  291.944863][ T3605]  handle_exit+0x60/0x184
[  291.945057][ T3605]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  291.945265][ T3605]  kvm_vcpu_ioctl+0x14c/0x878
[  291.945467][ T3605]  __arm64_sys_ioctl+0xac/0x104
[  291.945675][ T3605]  invoke_syscall+0x48/0x110
[  291.945876][ T3605]  el0_svc_common.constprop.0+0x40/0xe0
[  291.946095][ T3605]  do_el0_svc+0x1c/0x28
[  291.946314][ T3605]  el0_svc+0x34/0x10c
[  291.946524][ T3605]  el0t_64_sync_handler+0xa0/0xe4
[  291.946748][ T3605]  el0t_64_sync+0x1a4/0x1a8
[  291.948082][ T3605] BUG: Bad page state in process syz.2.28  pfn:4f8f4
[  291.948296][ T3605] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8f4
[  291.948532][ T3605] flags: 0x1fff40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xd)
[  291.948872][ T3605] raw: 01fff40000000000 dead000000000100 dead000000000122 0000000000000000
[  291.949140][ T3605] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  291.949338][ T3605] page dumped because: nonzero _refcount
[  291.949513][ T3605] Modules linked in:
[  291.949861][ T3605] CPU: 0 UID: 0 PID: 3605 Comm: syz.2.28 Tainted: G    B               syzkaller #0 PREEMPT 
[  291.950128][ T3605] Tainted: [B]=BAD_PAGE
[  291.950213][ T3605] Hardware name: linux,dummy-virt (DT)
[  291.950308][ T3605] Call trace:
[  291.950381][ T3605]  show_stack+0x18/0x24 (C)
[  291.950587][ T3605]  dump_stack_lvl+0x78/0x90
[  291.950803][ T3605]  dump_stack+0x18/0x24
[  291.950989][ T3605]  bad_page+0x84/0x128
[  291.951170][ T3605]  check_new_page+0x104/0x130
[  291.951357][ T3605]  __rmqueue_pcplist+0x14c/0x1080
[  291.951539][ T3605]  get_page_from_freelist+0xa9c/0x19e0
[  291.951734][ T3605]  __alloc_frozen_pages_noprof+0x184/0xd34
[  291.951979][ T3605]  alloc_pages_mpol+0xb8/0x1b8
[  291.952210][ T3605]  alloc_frozen_pages_noprof+0x48/0xc0
[  291.952407][ T3605]  alloc_pages_noprof+0x10/0x28
[  291.952596][ T3605]  get_free_pages_noprof+0x14/0x70
[  291.952800][ T3605]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  291.952981][ T3605]  kvm_mmu_topup_memory_cache+0x18/0x24
[  291.953158][ T3605]  kvm_handle_guest_abort+0x7ec/0x115c
[  291.953339][ T3605]  handle_exit+0x60/0x184
[  291.953527][ T3605]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  291.953726][ T3605]  kvm_vcpu_ioctl+0x14c/0x878
[  291.953936][ T3605]  __arm64_sys_ioctl+0xac/0x104
[  291.954147][ T3605]  invoke_syscall+0x48/0x110
[  291.954367][ T3605]  el0_svc_common.constprop.0+0x40/0xe0
[  291.954581][ T3605]  do_el0_svc+0x1c/0x28
[  291.954806][ T3605]  el0_svc+0x34/0x10c
[  291.954999][ T3605]  el0t_64_sync_handler+0xa0/0xe4
[  291.955263][ T3605]  el0t_64_sync+0x1a4/0x1a8
[  293.237284][ T3493] BUG: Bad page state in process syz-executor  pfn:4f8b1
[  293.237858][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8b1
[  293.238250][ T3493] flags: 0x1ffdc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x7)
[  293.238537][ T3493] raw: 01ffdc0000000000 dead000000000100 dead000000000122 0000000000000000
[  293.238745][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  293.238863][ T3493] page dumped because: nonzero _refcount
[  293.238951][ T3493] Modules linked in:
[  293.239190][ T3493] CPU: 1 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  293.239454][ T3493] Tainted: [B]=BAD_PAGE
[  293.239534][ T3493] Hardware name: linux,dummy-virt (DT)
[  293.239624][ T3493] Call trace:
[  293.239718][ T3493]  show_stack+0x18/0x24 (C)
[  293.239935][ T3493]  dump_stack_lvl+0x78/0x90
[  293.240144][ T3493]  dump_stack+0x18/0x24
[  293.240339][ T3493]  bad_page+0x84/0x128
[  293.240527][ T3493]  check_new_page+0x104/0x130
[  293.240721][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  293.240900][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  293.241080][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  293.241284][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  293.241480][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  293.241663][ T3493]  alloc_pages_noprof+0x10/0x28
[  293.241842][ T3493]  __pmd_alloc+0x40/0x298
[  293.242670][ T3493]  copy_page_range+0x15f4/0x2030
[  293.243100][ T3493]  dup_mmap+0x248/0x738
[  293.243450][ T3493]  copy_process+0xb10/0x1500
[  293.243666][ T3493]  kernel_clone+0x64/0x368
[  293.243884][ T3493]  __do_sys_clone+0x70/0xa8
[  293.244095][ T3493]  __arm64_sys_clone+0x20/0x2c
[  293.244343][ T3493]  invoke_syscall+0x48/0x110
[  293.244683][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  293.244913][ T3493]  do_el0_svc+0x1c/0x28
[  293.245162][ T3493]  el0_svc+0x34/0x10c
[  293.245380][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  293.245615][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  293.246574][ T3493] BUG: Bad page state in process syz-executor  pfn:4f8f2
[  293.246696][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8f2
[  293.246874][ T3493] flags: 0x1ffdc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x7)
[  293.247104][ T3493] raw: 01ffdc0000000000 dead000000000100 dead000000000122 0000000000000000
[  293.247250][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  293.247346][ T3493] page dumped because: nonzero _refcount
[  293.247440][ T3493] Modules linked in:
[  293.247611][ T3493] CPU: 1 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  293.247972][ T3493] Tainted: [B]=BAD_PAGE
[  293.248079][ T3493] Hardware name: linux,dummy-virt (DT)
[  293.248196][ T3493] Call trace:
[  293.248287][ T3493]  show_stack+0x18/0x24 (C)
[  293.248487][ T3493]  dump_stack_lvl+0x78/0x90
[  293.248685][ T3493]  dump_stack+0x18/0x24
[  293.248915][ T3493]  bad_page+0x84/0x128
[  293.249105][ T3493]  check_new_page+0x104/0x130
[  293.249320][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  293.249529][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  293.249752][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  293.249967][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  293.250182][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  293.250398][ T3493]  alloc_pages_noprof+0x10/0x28
[  293.250612][ T3493]  __pmd_alloc+0x40/0x298
[  293.250910][ T3493]  copy_page_range+0x15f4/0x2030
[  293.251129][ T3493]  dup_mmap+0x248/0x738
[  293.251370][ T3493]  copy_process+0xb10/0x1500
[  293.251614][ T3493]  kernel_clone+0x64/0x368
[  293.251842][ T3493]  __do_sys_clone+0x70/0xa8
[  293.252130][ T3493]  __arm64_sys_clone+0x20/0x2c
[  293.252346][ T3493]  invoke_syscall+0x48/0x110
[  293.252580][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  293.252841][ T3493]  do_el0_svc+0x1c/0x28
[  293.253031][ T3493]  el0_svc+0x34/0x10c
[  293.253249][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  293.253453][ T3493]  el0t_64_sync+0x1a4/0x1a8
1970/01/01 00:04:54 executed programs: 15
[  296.917485][ T3609] BUG: Bad page state in process syz.2.32  pfn:4f8c3
[  296.917948][ T3609] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8c3
[  296.918426][ T3609] flags: 0x1fff00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xc)
[  296.918800][ T3609] raw: 01fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  296.919049][ T3609] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  296.919230][ T3609] page dumped because: nonzero _refcount
[  296.919395][ T3609] Modules linked in:
[  296.919753][ T3609] CPU: 0 UID: 0 PID: 3609 Comm: syz.2.32 Tainted: G    B               syzkaller #0 PREEMPT 
[  296.920035][ T3609] Tainted: [B]=BAD_PAGE
[  296.920121][ T3609] Hardware name: linux,dummy-virt (DT)
[  296.920221][ T3609] Call trace:
[  296.920304][ T3609]  show_stack+0x18/0x24 (C)
[  296.920553][ T3609]  dump_stack_lvl+0x78/0x90
[  296.920768][ T3609]  dump_stack+0x18/0x24
[  296.920973][ T3609]  bad_page+0x84/0x128
[  296.921172][ T3609]  check_new_page+0x104/0x130
[  296.921401][ T3609]  __rmqueue_pcplist+0x14c/0x1080
[  296.921607][ T3609]  get_page_from_freelist+0xa9c/0x19e0
[  296.921811][ T3609]  __alloc_frozen_pages_noprof+0x184/0xd34
[  296.922078][ T3609]  alloc_pages_mpol+0xb8/0x1b8
[  296.922327][ T3609]  alloc_frozen_pages_noprof+0x48/0xc0
[  296.922542][ T3609]  alloc_pages_noprof+0x10/0x28
[  296.922773][ T3609]  get_free_pages_noprof+0x14/0x70
[  296.922978][ T3609]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  296.923192][ T3609]  kvm_mmu_topup_memory_cache+0x18/0x24
[  296.923397][ T3609]  kvm_handle_guest_abort+0x7ec/0x115c
[  296.923605][ T3609]  handle_exit+0x60/0x184
[  296.923812][ T3609]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  296.924017][ T3609]  kvm_vcpu_ioctl+0x14c/0x878
[  296.924224][ T3609]  __arm64_sys_ioctl+0xac/0x104
[  296.924438][ T3609]  invoke_syscall+0x48/0x110
[  296.924665][ T3609]  el0_svc_common.constprop.0+0x40/0xe0
[  296.924876][ T3609]  do_el0_svc+0x1c/0x28
[  296.925088][ T3609]  el0_svc+0x34/0x10c
[  296.925297][ T3609]  el0t_64_sync_handler+0xa0/0xe4
[  296.925505][ T3609]  el0t_64_sync+0x1a4/0x1a8
[  296.926572][ T3609] BUG: Bad page state in process syz.2.32  pfn:4f8ec
[  296.926805][ T3609] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8ec
[  296.927382][ T3609] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9)
[  296.927862][ T3609] raw: 01ffe40000000000 dead000000000100 dead000000000122 0000000000000000
[  296.928122][ T3609] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  296.928345][ T3609] page dumped because: nonzero _refcount
[  296.928523][ T3609] Modules linked in:
[  296.928861][ T3609] CPU: 0 UID: 0 PID: 3609 Comm: syz.2.32 Tainted: G    B               syzkaller #0 PREEMPT 
[  296.929304][ T3609] Tainted: [B]=BAD_PAGE
[  296.929442][ T3609] Hardware name: linux,dummy-virt (DT)
[  296.929570][ T3609] Call trace:
[  296.929673][ T3609]  show_stack+0x18/0x24 (C)
[  296.929902][ T3609]  dump_stack_lvl+0x78/0x90
[  296.930107][ T3609]  dump_stack+0x18/0x24
[  296.930313][ T3609]  bad_page+0x84/0x128
[  296.930534][ T3609]  check_new_page+0x104/0x130
[  296.930773][ T3609]  __rmqueue_pcplist+0x14c/0x1080
[  296.930978][ T3609]  get_page_from_freelist+0xa9c/0x19e0
[  296.931189][ T3609]  __alloc_frozen_pages_noprof+0x184/0xd34
[  296.931394][ T3609]  alloc_pages_mpol+0xb8/0x1b8
[  296.931608][ T3609]  alloc_frozen_pages_noprof+0x48/0xc0
[  296.931804][ T3609]  alloc_pages_noprof+0x10/0x28
[  296.932041][ T3609]  get_free_pages_noprof+0x14/0x70
[  296.932267][ T3609]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  296.932508][ T3609]  kvm_mmu_topup_memory_cache+0x18/0x24
[  296.932717][ T3609]  kvm_handle_guest_abort+0x7ec/0x115c
[  296.932915][ T3609]  handle_exit+0x60/0x184
[  296.933119][ T3609]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  296.933323][ T3609]  kvm_vcpu_ioctl+0x14c/0x878
[  296.933542][ T3609]  __arm64_sys_ioctl+0xac/0x104
[  296.933752][ T3609]  invoke_syscall+0x48/0x110
[  296.933961][ T3609]  el0_svc_common.constprop.0+0x40/0xe0
[  296.934170][ T3609]  do_el0_svc+0x1c/0x28
[  296.934380][ T3609]  el0_svc+0x34/0x10c
[  296.934601][ T3609]  el0t_64_sync_handler+0xa0/0xe4
[  296.934840][ T3609]  el0t_64_sync+0x1a4/0x1a8
[  298.158995][ T3493] BUG: Bad page state in process syz-executor  pfn:4f918
[  298.159484][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f918
[  298.159960][ T3493] flags: 0x1fffc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xf)
[  298.160318][ T3493] raw: 01fffc0000000000 dead000000000100 dead000000000122 0000000000000000
[  298.160579][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  298.160781][ T3493] page dumped because: nonzero _refcount
[  298.160942][ T3493] Modules linked in:
[  298.161256][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  298.161537][ T3493] Tainted: [B]=BAD_PAGE
[  298.161619][ T3493] Hardware name: linux,dummy-virt (DT)
[  298.161715][ T3493] Call trace:
[  298.161803][ T3493]  show_stack+0x18/0x24 (C)
[  298.162071][ T3493]  dump_stack_lvl+0x78/0x90
[  298.162312][ T3493]  dump_stack+0x18/0x24
[  298.162504][ T3493]  bad_page+0x84/0x128
[  298.162699][ T3493]  check_new_page+0x104/0x130
[  298.162931][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  298.163128][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  298.163320][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  298.163508][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  298.163708][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  298.163917][ T3493]  alloc_pages_noprof+0x10/0x28
[  298.164121][ T3493]  __pmd_alloc+0x40/0x298
[  298.164316][ T3493]  copy_page_range+0x15f4/0x2030
[  298.164510][ T3493]  dup_mmap+0x248/0x738
[  298.164717][ T3493]  copy_process+0xb10/0x1500
[  298.164944][ T3493]  kernel_clone+0x64/0x368
[  298.165151][ T3493]  __do_sys_clone+0x70/0xa8
[  298.165366][ T3493]  __arm64_sys_clone+0x20/0x2c
[  298.165577][ T3493]  invoke_syscall+0x48/0x110
[  298.165763][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  298.165967][ T3493]  do_el0_svc+0x1c/0x28
[  298.166137][ T3493]  el0_svc+0x34/0x10c
[  298.166330][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  298.166519][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  298.167352][ T3493] BUG: Bad page state in process syz-executor  pfn:4f8b3
[  298.167565][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f8b3
[  298.167802][ T3493] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5)
[  298.168117][ T3493] raw: 01ffd40000000000 dead000000000100 dead000000000122 0000000000000000
[  298.168362][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  298.168553][ T3493] page dumped because: nonzero _refcount
[  298.168719][ T3493] Modules linked in:
[  298.169043][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  298.169303][ T3493] Tainted: [B]=BAD_PAGE
[  298.169384][ T3493] Hardware name: linux,dummy-virt (DT)
[  298.169472][ T3493] Call trace:
[  298.169546][ T3493]  show_stack+0x18/0x24 (C)
[  298.169760][ T3493]  dump_stack_lvl+0x78/0x90
[  298.169969][ T3493]  dump_stack+0x18/0x24
[  298.170161][ T3493]  bad_page+0x84/0x128
[  298.170358][ T3493]  check_new_page+0x104/0x130
[  298.170557][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  298.170793][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  298.170994][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  298.171179][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  298.171367][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  298.171565][ T3493]  alloc_pages_noprof+0x10/0x28
[  298.171753][ T3493]  __pmd_alloc+0x40/0x298
[  298.171942][ T3493]  copy_page_range+0x15f4/0x2030
[  298.172184][ T3493]  dup_mmap+0x248/0x738
[  298.172365][ T3493]  copy_process+0xb10/0x1500
[  298.172548][ T3493]  kernel_clone+0x64/0x368
[  298.172729][ T3493]  __do_sys_clone+0x70/0xa8
[  298.172926][ T3493]  __arm64_sys_clone+0x20/0x2c
[  298.173124][ T3493]  invoke_syscall+0x48/0x110
[  298.173315][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  298.173511][ T3493]  do_el0_svc+0x1c/0x28
[  298.173718][ T3493]  el0_svc+0x34/0x10c
[  298.173942][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  298.174156][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  299.631152][ T3493] BUG: Bad page state in process syz-executor  pfn:4f94c
[  299.631635][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f94c
[  299.632755][ T3493] flags: 0x1ffcc0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x3)
[  299.633142][ T3493] raw: 01ffcc0000000000 dead000000000100 dead000000000122 0000000000000000
[  299.633407][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  299.633607][ T3493] page dumped because: nonzero _refcount
[  299.633804][ T3493] Modules linked in:
[  299.634178][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  299.634490][ T3493] Tainted: [B]=BAD_PAGE
[  299.634590][ T3493] Hardware name: linux,dummy-virt (DT)
[  299.634701][ T3493] Call trace:
[  299.634833][ T3493]  show_stack+0x18/0x24 (C)
[  299.635090][ T3493]  dump_stack_lvl+0x78/0x90
[  299.635318][ T3493]  dump_stack+0x18/0x24
[  299.635531][ T3493]  bad_page+0x84/0x128
[  299.635745][ T3493]  check_new_page+0x104/0x130
[  299.635973][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  299.636193][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  299.636415][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  299.636612][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  299.636793][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  299.636957][ T3493]  copy_process+0x928/0x1500
1970/01/01 00:04:59 executed programs: 19
[  299.637127][ T3493]  kernel_clone+0x64/0x368
[  299.637303][ T3493]  __do_sys_clone+0x70/0xa8
[  299.637487][ T3493]  __arm64_sys_clone+0x20/0x2c
[  299.637696][ T3493]  invoke_syscall+0x48/0x110
[  299.637917][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  299.638134][ T3493]  do_el0_svc+0x1c/0x28
[  299.638355][ T3493]  el0_svc+0x34/0x10c
[  299.638579][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  299.638832][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  299.639209][ T3493] BUG: Bad page state in process syz-executor  pfn:4f921
[  299.639426][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f921
[  299.639733][ T3493] flags: 0x1fff80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xe)
[  299.640089][ T3493] raw: 01fff80000000000 dead000000000100 dead000000000122 0000000000000000
[  299.640355][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  299.640556][ T3493] page dumped because: nonzero _refcount
[  299.640739][ T3493] Modules linked in:
[  299.641104][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  299.641434][ T3493] Tainted: [B]=BAD_PAGE
[  299.641529][ T3493] Hardware name: linux,dummy-virt (DT)
[  299.641635][ T3493] Call trace:
[  299.641721][ T3493]  show_stack+0x18/0x24 (C)
[  299.642000][ T3493]  dump_stack_lvl+0x78/0x90
[  299.642354][ T3493]  dump_stack+0x18/0x24
[  299.642573][ T3493]  bad_page+0x84/0x128
[  299.642836][ T3493]  check_new_page+0x104/0x130
[  299.643057][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  299.643260][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  299.643429][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  299.643592][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  299.643776][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  299.643959][ T3493]  copy_process+0x928/0x1500
[  299.644148][ T3493]  kernel_clone+0x64/0x368
[  299.644334][ T3493]  __do_sys_clone+0x70/0xa8
[  299.644538][ T3493]  __arm64_sys_clone+0x20/0x2c
[  299.644732][ T3493]  invoke_syscall+0x48/0x110
[  299.644943][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  299.645155][ T3493]  do_el0_svc+0x1c/0x28
[  299.645363][ T3493]  el0_svc+0x34/0x10c
[  299.645572][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  299.645794][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  301.074692][ T3493] BUG: Bad page state in process syz-executor  pfn:4f978
[  301.075259][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f978
[  301.075757][ T3493] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5)
[  301.076138][ T3493] raw: 01ffd40000000000 dead000000000100 dead000000000122 0000000000000000
[  301.076406][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  301.076620][ T3493] page dumped because: nonzero _refcount
[  301.076786][ T3493] Modules linked in:
[  301.077185][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  301.077429][ T3493] Tainted: [B]=BAD_PAGE
[  301.077542][ T3493] Hardware name: linux,dummy-virt (DT)
[  301.077660][ T3493] Call trace:
[  301.077754][ T3493]  show_stack+0x18/0x24 (C)
[  301.077967][ T3493]  dump_stack_lvl+0x78/0x90
[  301.078239][ T3493]  dump_stack+0x18/0x24
[  301.078454][ T3493]  bad_page+0x84/0x128
[  301.078748][ T3493]  check_new_page+0x104/0x130
[  301.078950][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  301.079183][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  301.079382][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  301.079661][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  301.079859][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  301.080049][ T3493]  alloc_pages_noprof+0x10/0x28
[  301.080242][ T3493]  __pte_alloc+0x38/0x14c
[  301.080436][ T3493]  copy_page_range+0x137c/0x2030
[  301.080636][ T3493]  dup_mmap+0x248/0x738
[  301.080822][ T3493]  copy_process+0xb10/0x1500
[  301.081010][ T3493]  kernel_clone+0x64/0x368
[  301.081194][ T3493]  __do_sys_clone+0x70/0xa8
[  301.081406][ T3493]  __arm64_sys_clone+0x20/0x2c
[  301.081611][ T3493]  invoke_syscall+0x48/0x110
[  301.081817][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  301.082052][ T3493]  do_el0_svc+0x1c/0x28
[  301.082283][ T3493]  el0_svc+0x34/0x10c
[  301.082494][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  301.082694][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  301.083484][ T3493] BUG: Bad page state in process syz-executor  pfn:4f91b
[  301.083701][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f91b
[  301.083940][ T3493] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9)
[  301.084254][ T3493] raw: 01ffe40000000000 dead000000000100 dead000000000122 0000000000000000
[  301.084512][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  301.084739][ T3493] page dumped because: nonzero _refcount
[  301.084967][ T3493] Modules linked in:
[  301.085360][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  301.085647][ T3493] Tainted: [B]=BAD_PAGE
[  301.085740][ T3493] Hardware name: linux,dummy-virt (DT)
[  301.085837][ T3493] Call trace:
[  301.085914][ T3493]  show_stack+0x18/0x24 (C)
[  301.086121][ T3493]  dump_stack_lvl+0x78/0x90
[  301.086311][ T3493]  dump_stack+0x18/0x24
[  301.086491][ T3493]  bad_page+0x84/0x128
[  301.086672][ T3493]  check_new_page+0x104/0x130
[  301.086873][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  301.087042][ T3493]  get_page_from_freelist+0xa9c/0x19e0
[  301.087222][ T3493]  __alloc_frozen_pages_noprof+0x184/0xd34
[  301.087409][ T3493]  alloc_pages_mpol+0xb8/0x1b8
[  301.087624][ T3493]  alloc_frozen_pages_noprof+0x48/0xc0
[  301.087838][ T3493]  alloc_pages_noprof+0x10/0x28
[  301.088050][ T3493]  __pte_alloc+0x38/0x14c
[  301.088260][ T3493]  copy_page_range+0x137c/0x2030
[  301.088437][ T3493]  dup_mmap+0x248/0x738
[  301.088619][ T3493]  copy_process+0xb10/0x1500
[  301.088804][ T3493]  kernel_clone+0x64/0x368
[  301.089002][ T3493]  __do_sys_clone+0x70/0xa8
[  301.089191][ T3493]  __arm64_sys_clone+0x20/0x2c
[  301.089374][ T3493]  invoke_syscall+0x48/0x110
[  301.089579][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  301.089788][ T3493]  do_el0_svc+0x1c/0x28
[  301.089993][ T3493]  el0_svc+0x34/0x10c
[  301.090197][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  301.090383][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  303.243133][ T3493] BUG: Bad page state in process syz-executor  pfn:4f917
[  303.243387][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f917
[  303.243621][ T3493] flags: 0x1ffd80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6)
[  303.243823][ T3493] raw: 01ffd80000000000 dead000000000100 dead000000000122 0000000000000000
[  303.243962][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  303.244066][ T3493] page dumped because: nonzero _refcount
[  303.244159][ T3493] Modules linked in:
[  303.244356][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  303.244520][ T3493] Tainted: [B]=BAD_PAGE
[  303.244571][ T3493] Hardware name: linux,dummy-virt (DT)
[  303.244630][ T3493] Call trace:
[  303.244676][ T3493]  show_stack+0x18/0x24 (C)
[  303.244818][ T3493]  dump_stack_lvl+0x78/0x90
[  303.244944][ T3493]  dump_stack+0x18/0x24
[  303.245060][ T3493]  bad_page+0x84/0x128
[  303.245178][ T3493]  check_new_page+0x104/0x130
[  303.245293][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  303.245409][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  303.245525][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  303.245642][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  303.245756][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  303.245899][ T3493]  copy_process+0x928/0x1500
[  303.246048][ T3493]  kernel_clone+0x64/0x368
[  303.246165][ T3493]  __do_sys_clone+0x70/0xa8
[  303.246281][ T3493]  __arm64_sys_clone+0x20/0x2c
[  303.246397][ T3493]  invoke_syscall+0x48/0x110
[  303.246515][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  303.246634][ T3493]  do_el0_svc+0x1c/0x28
[  303.246820][ T3493]  el0_svc+0x34/0x10c
[  303.246942][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  303.247058][ T3493]  el0t_64_sync+0x1a4/0x1a8
[  303.247244][ T3493] BUG: Bad page state in process syz-executor  pfn:4f95d
[  303.247353][ T3493] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f95d
[  303.247482][ T3493] flags: 0x1ffc80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x2)
[  303.247663][ T3493] raw: 01ffc80000000000 dead000000000100 dead000000000122 0000000000000000
[  303.247806][ T3493] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  303.247911][ T3493] page dumped because: nonzero _refcount
[  303.248002][ T3493] Modules linked in:
[  303.248176][ T3493] CPU: 0 UID: 0 PID: 3493 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT 
[  303.248335][ T3493] Tainted: [B]=BAD_PAGE
[  303.248385][ T3493] Hardware name: linux,dummy-virt (DT)
[  303.248440][ T3493] Call trace:
[  303.248484][ T3493]  show_stack+0x18/0x24 (C)
[  303.248606][ T3493]  dump_stack_lvl+0x78/0x90
[  303.248734][ T3493]  dump_stack+0x18/0x24
[  303.248875][ T3493]  bad_page+0x84/0x128
[  303.248991][ T3493]  check_new_page+0x104/0x130
[  303.249108][ T3493]  __rmqueue_pcplist+0x14c/0x1080
[  303.249249][ T3493]  alloc_pages_bulk_noprof+0x2a0/0x558
[  303.249367][ T3493]  alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c
[  303.249482][ T3493]  __vmalloc_node_range_noprof+0x45c/0x804
[  303.249599][ T3493]  __vmalloc_node_noprof+0x90/0xa0
[  303.249713][ T3493]  copy_process+0x928/0x1500
[  303.249833][ T3493]  kernel_clone+0x64/0x368
[  303.249949][ T3493]  __do_sys_clone+0x70/0xa8
[  303.250065][ T3493]  __arm64_sys_clone+0x20/0x2c
[  303.250180][ T3493]  invoke_syscall+0x48/0x110
[  303.250296][ T3493]  el0_svc_common.constprop.0+0x40/0xe0
[  303.250411][ T3493]  do_el0_svc+0x1c/0x28
[  303.250526][ T3493]  el0_svc+0x34/0x10c
[  303.250647][ T3493]  el0t_64_sync_handler+0xa0/0xe4
[  303.250826][ T3493]  el0t_64_sync+0x1a4/0x1a8
1970/01/01 00:05:05 executed programs: 24
[  307.429599][ T3617] BUG: Bad page state in process syz.2.40  pfn:4f9b2
[  307.430107][ T3617] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f9b2
[  307.430370][ T3617] flags: 0x1fff00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xc)
[  307.430565][ T3617] raw: 01fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  307.430739][ T3617] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  307.430875][ T3617] page dumped because: nonzero _refcount
[  307.430969][ T3617] Modules linked in:
[  307.431161][ T3617] CPU: 0 UID: 0 PID: 3617 Comm: syz.2.40 Tainted: G    B               syzkaller #0 PREEMPT 
[  307.431322][ T3617] Tainted: [B]=BAD_PAGE
[  307.431373][ T3617] Hardware name: linux,dummy-virt (DT)
[  307.431431][ T3617] Call trace:
[  307.431477][ T3617]  show_stack+0x18/0x24 (C)
[  307.431608][ T3617]  dump_stack_lvl+0x78/0x90
[  307.431727][ T3617]  dump_stack+0x18/0x24
[  307.431847][ T3617]  bad_page+0x84/0x128
[  307.431999][ T3617]  check_new_page+0x104/0x130
[  307.432137][ T3617]  __rmqueue_pcplist+0x14c/0x1080
[  307.432252][ T3617]  get_page_from_freelist+0xa9c/0x19e0
[  307.432402][ T3617]  __alloc_frozen_pages_noprof+0x184/0xd34
[  307.432567][ T3617]  alloc_pages_mpol+0xb8/0x1b8
[  307.432682][ T3617]  alloc_frozen_pages_noprof+0x48/0xc0
[  307.432801][ T3617]  alloc_pages_noprof+0x10/0x28
[  307.432914][ T3617]  get_free_pages_noprof+0x14/0x70
[  307.433028][ T3617]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  307.433142][ T3617]  kvm_mmu_topup_memory_cache+0x18/0x24
[  307.433253][ T3617]  kvm_handle_guest_abort+0x7ec/0x115c
[  307.433369][ T3617]  handle_exit+0x60/0x184
[  307.433536][ T3617]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  307.433658][ T3617]  kvm_vcpu_ioctl+0x14c/0x878
[  307.433775][ T3617]  __arm64_sys_ioctl+0xac/0x104
[  307.433898][ T3617]  invoke_syscall+0x48/0x110
[  307.434015][ T3617]  el0_svc_common.constprop.0+0x40/0xe0
[  307.434130][ T3617]  do_el0_svc+0x1c/0x28
[  307.434244][ T3617]  el0_svc+0x34/0x10c
[  307.434360][ T3617]  el0t_64_sync_handler+0xa0/0xe4
[  307.434475][ T3617]  el0t_64_sync+0x1a4/0x1a8
[  307.435048][ T3617] BUG: Bad page state in process syz.2.40  pfn:4f986
[  307.435167][ T3617] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4f986
[  307.435296][ T3617] flags: 0x1ffe80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xa)
[  307.435473][ T3617] raw: 01ffe80000000000 dead000000000100 dead000000000122 0000000000000000
[  307.435608][ T3617] raw: 0000000000000000 0000000000000000 fffffe01ffffffff 0000000000000000
[  307.435711][ T3617] page dumped because: nonzero _refcount
[  307.435809][ T3617] Modules linked in:
[  307.435985][ T3617] CPU: 0 UID: 0 PID: 3617 Comm: syz.2.40 Tainted: G    B               syzkaller #0 PREEMPT 
[  307.436143][ T3617] Tainted: [B]=BAD_PAGE
[  307.436192][ T3617] Hardware name: linux,dummy-virt (DT)
[  307.436258][ T3617] Call trace:
[  307.436320][ T3617]  show_stack+0x18/0x24 (C)
[  307.436489][ T3617]  dump_stack_lvl+0x78/0x90
[  307.436658][ T3617]  dump_stack+0x18/0x24
[  307.436837][ T3617]  bad_page+0x84/0x128
[  307.437019][ T3617]  check_new_page+0x104/0x130
[  307.437180][ T3617]  __rmqueue_pcplist+0x14c/0x1080
[  307.437295][ T3617]  get_page_from_freelist+0xa9c/0x19e0
[  307.437410][ T3617]  __alloc_frozen_pages_noprof+0x184/0xd34
[  307.437524][ T3617]  alloc_pages_mpol+0xb8/0x1b8
[  307.437640][ T3617]  alloc_frozen_pages_noprof+0x48/0xc0
[  307.437753][ T3617]  alloc_pages_noprof+0x10/0x28
[  307.437873][ T3617]  get_free_pages_noprof+0x14/0x70
[  307.437986][ T3617]  __kvm_mmu_topup_memory_cache+0xac/0x198
[  307.438099][ T3617]  kvm_mmu_topup_memory_cache+0x18/0x24
[  307.438211][ T3617]  kvm_handle_guest_abort+0x7ec/0x115c
[  307.438328][ T3617]  handle_exit+0x60/0x184
[  307.438440][ T3617]  kvm_arch_vcpu_ioctl_run+0x308/0x8d4
[  307.438555][ T3617]  kvm_vcpu_ioctl+0x14c/0x878
[  307.438671][ T3617]  __arm64_sys_ioctl+0xac/0x104
[  307.438842][ T3617]  invoke_syscall+0x48/0x110
[  307.438962][ T3617]  el0_svc_common.constprop.0+0x40/0xe0
[  307.439079][ T3617]  do_el0_svc+0x1c/0x28
[  307.439194][ T3617]  el0_svc+0x34/0x10c
[  307.439309][ T3617]  el0t_64_sync_handler+0xa0/0xe4
[  307.439424][ T3617]  el0t_64_sync+0x1a4/0x1a8

VM DIAGNOSIS:
17:29:25  Registers:
info registers vcpu 0

CPU#0
 PC=ffff8000808edf3c X00=0000000000000001 X01=fbf000000337b780
X02=0000000000000000 X03=0000000000000000 X04=0000000000000000
X05=0000000000000032 X06=0000000000000032 X07=0000000000000000
X08=7f7f7f7f7f7f7f7f X09=ffff800082aaf1a0 X10=0000000000000001
X11=ffff8000830c3e10 X12=ffff8000829ef238 X13=ffff8000830c3b7d
X14=ffff8000830c3b88 X15=ffff8000830c39f0 X16=ffff800080000000
X17=fff07ffffcfe1000 X18=00000000ffffffff X19=ffff8000830c3e10
X20=f7f0000003369880 X21=0000000000000004 X22=0000000000000f01
X23=ffff8000808eddb8 X24=000000000000004b X25=0000000000000001
X26=fbf000000337b780 X27=0000000000000000 X28=0000000000000000
X29=ffff8000830c3cd0 X30=ffff8000808edf3c  SP=ffff8000830c3cd0
PSTATE=004020c9 ---- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000aaaae155d880:0000aaaae100706d
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c0fc000000000000:c0fc000000fc0000
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bc000000bc00fc00:bc000000bc00fc00
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab096eec90
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab096ebf70
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc0ec47e0:0000ffffc0ec47e0
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc0ec47b0
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
info registers vcpu 1

CPU#1
 PC=ffff800080035ec0 X00=f3f00000066b7480 X01=0000aaab096ee000
X02=048c000aaab096ee X03=0000000aaab096ee X04=0000000000000001
X05=00e0000053a22cc3 X06=00e0000053a22cc3 X07=0088000000000480
X08=ffff800089283d98 X09=f6f0000003e04a00 X10=f6f0000003e04a0c
X11=1ede0000007c0941 X12=0000000000000000 X13=0000ffffbc748fff
X14=ffff800082091370 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=ffff800089283d28
X20=f0f000000f586300 X21=f0f000000f586300 X22=ffffc1ffc04e8880
X23=0000000000000000 X24=0000002000100073 X25=fff000000f7d7560
X26=f1f0000003360d00 X27=f0f000000f586300 X28=0000002000100073
X29=ffff800089283bc0 X30=ffff8000802a4d00  SP=ffff800089283bc0
PSTATE=61402009 -ZC- EL2h  SVCR=00000000 --  BTYPE=0     FPCR=00000000 FPSR=00000000
P00=0000000000000000 P01=0000000000000000 P02=0000000000000000
P03=0000000000000000 P04=0000000000000000 P05=0000000000000000
P06=0000000000000000 P07=0000000000000000 P08=0000000000000000
P09=0000000000000000 P10=0000000000000000 P11=0000000000000000
P12=0000000000000000 P13=0000000000000000 P14=0000000000000000
P15=0000000000000000 FFR=0000000000000000
Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:90984e2a6a4dd48e
Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffff00:ffffffffffffffff
Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fffffffeffffffff
Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffff00ff:0000ff000000ff00
Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0f00f000f0
Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbcc0bcbcbcbc:bcbcbcc0bcbcbcbc
Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab096eec90
Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab096ebf70
Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc0ec5280:0000ffffc0ec5280
Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc0ec5250
Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000
Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000