BUG: Bad page state in process syz-executor.0  pfn:31800
page:ffffea0000c60000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x20000 pfn:0x31800
head:ffffea0000c60000 order:9 compound_mapcount:0 compound_pincount:0
flags: 0xfff0000009000c(uptodate|dirty|head|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff0000009000c dead000000000100 dead000000000122 0000000000000000
raw: 0000000000020000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 9652, ts 3184170173292, free_ts 3171566564747
 prep_new_page mm/page_alloc.c:2434 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4165
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5389
 __alloc_pages_node include/linux/gfp.h:572 [inline]
 alloc_pages_vma+0x69b/0x770 mm/mempolicy.c:2214
 do_huge_pmd_anonymous_page+0x431/0x2830 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4441 [inline]
 __handle_mm_fault+0x2a1a/0x5110 mm/memory.c:4676
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4803
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1484 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1352 [inline]
 free_pcp_prepare+0x374/0x870 mm/page_alloc.c:1404
 free_unref_page_prepare mm/page_alloc.c:3325 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3404
 release_pages+0x748/0x1220 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:50 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:243 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:250
 zap_pte_range mm/memory.c:1441 [inline]
 zap_pmd_range mm/memory.c:1490 [inline]
 zap_pud_range mm/memory.c:1519 [inline]
 zap_p4d_range mm/memory.c:1540 [inline]
 unmap_page_range+0x1d1d/0x2a30 mm/memory.c:1561
 unmap_single_vma+0x198/0x310 mm/memory.c:1606
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1638
 exit_mmap+0x201/0x670 mm/mmap.c:3178
 __mmput+0x122/0x4b0 kernel/fork.c:1114
 mmput+0x56/0x60 kernel/fork.c:1135
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xa3c/0x2a30 kernel/exit.c:793
 do_group_exit+0xd2/0x2f0 kernel/exit.c:935
 get_signal+0x4b0/0x28c0 kernel/signal.c:2862
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
Modules linked in:
CPU: 1 PID: 9653 Comm: syz-executor.0 Not tainted 5.17.0-rc2-syzkaller-00169-gfe68195daf34 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:655
 check_free_page_bad mm/page_alloc.c:1210 [inline]
 check_free_page mm/page_alloc.c:1220 [inline]
 free_pages_prepare mm/page_alloc.c:1346 [inline]
 free_pcp_prepare+0x3a1/0x870 mm/page_alloc.c:1404
 free_unref_page_prepare mm/page_alloc.c:3325 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3404
 release_pages+0x748/0x1220 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:50 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:243 [inline]
 tlb_flush_mmu mm/mmu_gather.c:250 [inline]
 tlb_finish_mmu+0x165/0x8c0 mm/mmu_gather.c:341
 exit_mmap+0x21b/0x670 mm/mmap.c:3180
 __mmput+0x122/0x4b0 kernel/fork.c:1114
 mmput+0x56/0x60 kernel/fork.c:1135
 dup_mm+0xd73/0x13e0 kernel/fork.c:1467
 copy_mm kernel/fork.c:1503 [inline]
 copy_process+0x71f8/0x7300 kernel/fork.c:2164
 kernel_clone+0xe7/0xab0 kernel/fork.c:2555
 __do_sys_clone+0xc8/0x110 kernel/fork.c:2672
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f08b716d059
Code: Unable to access opcode bytes at RIP 0x7f08b716d02f.
RSP: 002b:00007f08b5ae2118 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007f08b727ff60 RCX: 00007f08b716d059
RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000000
RBP: 00007f08b71c708d R08: 0000000020000540 R09: 0000000020000540
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffcc4d87b1f R14: 00007f08b5ae2300 R15: 0000000000022000
 </TASK>