BUG: Bad page map in process syz-executor.2 pte:8000000007700077 pmd:00152067 page:00000000ae4f1109 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x7700 flags: 0xfffe000000100a(referenced|dirty|reserved) raw: 00fffe000000100a ffffea00001dc008 ffffea00001dc008 0000000000000000 raw: 0000000000000000 0000000000000000 00000001fffffffe 0000000000000000 page dumped because: bad pte addr:000000000101f000 vm_flags:08100073 anon_vma:ffff888000454900 mapping:0000000000000000 index:101f file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 0 PID: 12046 Comm: syz-executor.2 Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_bad_pte.cold+0x1e6/0x219 mm/memory.c:549 zap_pte_range mm/memory.c:1284 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0x205c/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c BUG: Bad page state in process syz-executor.2 pfn:07700 page:00000000ae4f1109 refcount:0 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x7700 flags: 0xfffe000000100a(referenced|dirty|reserved) raw: 00fffe000000100a ffffea000847f488 ffffc90008f6f6c0 0000000000000000 raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Modules linked in: CPU: 0 PID: 12046 Comm: syz-executor.2 Tainted: G B 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 bad_page.cold+0x9c/0xbd mm/page_alloc.c:636 check_free_page_bad mm/page_alloc.c:1092 [inline] check_free_page mm/page_alloc.c:1102 [inline] free_pages_prepare mm/page_alloc.c:1203 [inline] free_pcp_prepare+0x256/0x2f0 mm/page_alloc.c:1244 free_unref_page_prepare mm/page_alloc.c:3099 [inline] free_unref_page_list+0x19a/0x930 mm/page_alloc.c:3168 release_pages+0x663/0x1810 mm/swap.c:913 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:242 [inline] tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249 zap_pte_range mm/memory.c:1348 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0x1d2d/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c BUG: Bad page map in process syz-executor.2 pte:7777705a874805 pmd:00152067 addr:0000000001074000 vm_flags:08100073 anon_vma:ffff888000454900 mapping:0000000000000000 index:1074 file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 1 PID: 12046 Comm: syz-executor.2 Tainted: G B 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_bad_pte.cold+0x1e6/0x219 mm/memory.c:549 vm_normal_page+0x224/0x380 mm/memory.c:612 zap_pte_range mm/memory.c:1255 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0xb95/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c swap_info_get: Bad swap file entry 4003ffffffffffff BUG: Bad page map in process syz-executor.2 pte:8000000000000000 pmd:00152067 addr:00000000010ca000 vm_flags:08100073 anon_vma:ffff888000454900 mapping:0000000000000000 index:10ca file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 1 PID: 12046 Comm: syz-executor.2 Tainted: G B 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_bad_pte.cold+0x1e6/0x219 mm/memory.c:549 zap_pte_range mm/memory.c:1328 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0x20b1/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c BUG: Bad page map in process syz-executor.2 pte:8000000077777777 pmd:00152067 addr:0000000001175000 vm_flags:08100073 anon_vma:ffff888000454900 mapping:0000000000000000 index:1175 file:(null) fault:0x0 mmap:0x0 readpage:0x0 CPU: 1 PID: 12046 Comm: syz-executor.2 Tainted: G B 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_bad_pte.cold+0x1e6/0x219 mm/memory.c:549 vm_normal_page+0x224/0x380 mm/memory.c:612 zap_pte_range mm/memory.c:1255 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0xb95/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c swap_info_get: Bad swap file entry 38004444447fffff BUG: Bad page map in process syz-executor.2 pte:7777777700000000 pmd:00152067 addr:00000000011ca000 vm_flags:08000071 anon_vma:0000000000000000 mapping:ffff888089a777e0 index:3a file:syzkaller-shm170672335 fault:ext4_filemap_fault mmap:ext4_file_mmap readpage:ext4_readpage CPU: 1 PID: 12046 Comm: syz-executor.2 Tainted: G B 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 print_bad_pte.cold+0x1e6/0x219 mm/memory.c:549 zap_pte_range mm/memory.c:1328 [inline] zap_pmd_range mm/memory.c:1386 [inline] zap_pud_range mm/memory.c:1415 [inline] zap_p4d_range mm/memory.c:1436 [inline] unmap_page_range+0x20b1/0x2a30 mm/memory.c:1457 unmap_single_vma+0x198/0x300 mm/memory.c:1502 unmap_vmas+0x168/0x2e0 mm/memory.c:1534 exit_mmap+0x2b1/0x530 mm/mmap.c:3183 __mmput+0x122/0x470 kernel/fork.c:1077 mmput+0x53/0x60 kernel/fork.c:1098 exit_mm kernel/exit.c:483 [inline] do_exit+0xa8b/0x29f0 kernel/exit.c:793 do_group_exit+0x125/0x310 kernel/exit.c:903 get_signal+0x428/0x1f00 kernel/signal.c:2757 arch_do_signal+0x82/0x2520 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:161 [inline] exit_to_user_mode_prepare+0x1ae/0x200 kernel/entry/common.c:192 syscall_exit_to_user_mode+0x7e/0x2e0 kernel/entry/common.c:267 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e179 Code: Bad RIP value. RSP: 002b:00007f470bd3fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 RAX: 0000000000000000 RBX: 0000000000033ec0 RCX: 000000000045e179 RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 000000000118cf98 R08: 0000000000047fe7 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c R13: 00007ffd3953e5cf R14: 00007f470bd409c0 R15: 000000000118cf4c BUG: Bad rss-counter state mm:000000000aa94d69 type:MM_FILEPAGES val:-1 BUG: Bad rss-counter state mm:000000000aa94d69 type:MM_ANONPAGES val:4 BUG: Bad rss-counter state mm:000000000aa94d69 type:MM_SWAPENTS val:-2