ERROR: (device loop4): txAbort: ERROR: (device loop5): txAbort: BUG: Bad page state in process syz-executor.4 pfn:af52b page:ffffea0002bd4ac0 count:0 mapcount:0 mapping: (null) index:0x2f flags: 0xfff0000000100c(referenced|uptodate|private) audit: type=1800 audit(1665082005.956:10): pid=9623 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=13894 res=0 audit: type=1804 audit(1665082005.966:11): pid=9623 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir500261205/syzkaller.wdWtUH/2/file0" dev="sda1" ino=13894 res=1 raw: 00fff0000000100c 0000000000000000 000000000000002f 00000000ffffffff ERROR: (device loop4): diRead: i_ino != di_number raw: ffffea00026b7f60 ffffea0002d4e9e0 ffff8880b41eeb40 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 9605 Comm: syz-executor.4 Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f903c79a5a9 RSP: 002b:00007f903b10e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f903c8bbf80 RCX: 00007f903c79a5a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f903c7f5580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffafc5adcf R14: 00007f903b10e300 R15: 0000000000022000 BUG: Bad page state in process syz-executor.4 pfn:9adfd page:ffffea00026b7f40 count:0 mapcount:0 mapping: (null) index:0x2e flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002e 00000000ffffffff raw: ffffea0002d3aba0 ffffea0002bd4ae0 ffff8880b41eec30 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 9605 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f903c79a5a9 RSP: 002b:00007f903b10e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f903c8bbf80 RCX: 00007f903c79a5a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f903c7f5580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffafc5adcf R14: 00007f903b10e300 R15: 0000000000022000 BUG: Bad page state in process syz-executor.4 pfn:b4eae page:ffffea0002d3ab80 count:0 mapcount:0 mapping: (null) index:0x2d flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002d 00000000ffffffff raw: ffffea00025a6c60 ffffea00026b7f60 ffff8880b41eed20 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 9605 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f903c79a5a9 RSP: 002b:00007f903b10e168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f903c8bbf80 RCX: 00007f903c79a5a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f903c7f5580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffafc5adcf R14: 00007f903b10e300 R15: 0000000000022000 L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. kauditd_printk_skb: 4 callbacks suppressed audit: type=1800 audit(1665082009.377:16): pid=9868 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13918 res=0 audit: type=1804 audit(1665082009.527:17): pid=9868 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/4/file0" dev="sda1" ino=13918 res=1 audit: type=1804 audit(1665082009.947:18): pid=9868 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/4/file0" dev="sda1" ino=13918 res=1 audit: type=1804 audit(1665082010.487:19): pid=9866 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/4/file0" dev="sda1" ino=13918 res=1 audit: type=1800 audit(1665082010.807:20): pid=9937 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13928 res=0 audit: type=1804 audit(1665082010.807:21): pid=9937 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/5/file0" dev="sda1" ino=13928 res=1 audit: type=1804 audit(1665082010.817:22): pid=9937 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/5/file0" dev="sda1" ino=13928 res=1 audit: type=1804 audit(1665082010.987:23): pid=9940 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/5/file0" dev="sda1" ino=13928 res=1 audit: type=1800 audit(1665082011.657:24): pid=10012 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=13888 res=0 audit: type=1804 audit(1665082011.657:25): pid=10012 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir1429895771/syzkaller.bI7WQP/6/file0" dev="sda1" ino=13888 res=1 kauditd_printk_skb: 6 callbacks suppressed audit: type=1800 audit(1665082015.247:32): pid=10247 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="file0" dev="sda1" ino=13971 res=0 audit: type=1804 audit(1665082015.447:33): pid=10247 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3575556032/syzkaller.7R46OK/27/file0" dev="sda1" ino=13971 res=1