BUG: Bad page state in process syz-executor359  pfn:2a60b
page:ffffea0000a982c0 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2a60b
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xfffffdff(table)
raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 34, tgid 34 (kworker/u8:2), ts 10977406208, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1539
 prep_new_page mm/page_alloc.c:1546 [inline]
 get_page_from_freelist+0x34eb/0x3680 mm/page_alloc.c:3353
 __alloc_pages+0x256/0x680 mm/page_alloc.c:4609
 alloc_pages_mpol+0x3e8/0x680 mm/mempolicy.c:2263
 pagetable_alloc include/linux/mm.h:2842 [inline]
 __pte_alloc_one_kernel include/asm-generic/pgalloc.h:21 [inline]
 pte_alloc_one_kernel include/asm-generic/pgalloc.h:40 [inline]
 __pte_alloc_kernel+0x7b/0x430 mm/memory.c:452
 vmap_pages_pte_range mm/vmalloc.c:469 [inline]
 vmap_pages_pmd_range mm/vmalloc.c:501 [inline]
 vmap_pages_pud_range mm/vmalloc.c:519 [inline]
 vmap_pages_p4d_range mm/vmalloc.c:537 [inline]
 vmap_small_pages_range_noflush mm/vmalloc.c:559 [inline]
 __vmap_pages_range_noflush+0x769/0xb50 mm/vmalloc.c:588
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 alloc_thread_stack_node kernel/fork.c:308 [inline]
 dup_task_struct+0x3e9/0x7d0 kernel/fork.c:1113
 copy_process+0x5d6/0x3db0 kernel/fork.c:2341
 kernel_clone+0x21e/0x8d0 kernel/fork.c:2916
 user_mode_thread+0x132/0x1a0 kernel/fork.c:2994
 call_usermodehelper_exec_work+0x5c/0x230 kernel/umh.c:172
 process_one_work kernel/workqueue.c:3102 [inline]
 process_scheduled_works+0x9d7/0x1730 kernel/workqueue.c:3182
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3263
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 5064 Comm: syz-executor359 Not tainted 6.8.0-rc3-next-20240205-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 bad_page+0x14c/0x170 mm/page_alloc.c:514
 free_page_is_bad mm/page_alloc.c:967 [inline]
 free_pages_prepare mm/page_alloc.c:1132 [inline]
 free_unref_page_prepare+0xa33/0xa90 mm/page_alloc.c:2388
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2528
 pmd_free_pte_page+0x14e/0x1a0 arch/x86/mm/pgtable.c:869
 vmap_try_huge_pmd mm/vmalloc.c:145 [inline]
 vmap_pmd_range mm/vmalloc.c:164 [inline]
 vmap_pud_range mm/vmalloc.c:220 [inline]
 vmap_p4d_range mm/vmalloc.c:271 [inline]
 vmap_range_noflush+0x5fc/0xbe0 mm/vmalloc.c:295
 __vmap_pages_range_noflush+0x96c/0xb50 mm/vmalloc.c:593
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 kvmalloc_node+0x142/0x190 mm/util.c:659
 kvmalloc include/linux/slab.h:728 [inline]
 kvmalloc_array include/linux/slab.h:746 [inline]
 kvcalloc include/linux/slab.h:751 [inline]
 fq_pie_init+0x429/0x820 net/sched/sch_fq_pie.c:440
 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355
 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776
 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6606
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3c/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f701f315469
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
BUG: Bad page state in process syz-executor359  pfn:2ac6f
page:ffffea0000ab1bc0 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2ac6f
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xfffffdff(table)
raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 11, tgid 11 (kworker/u8:1), ts 11000185391, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1539
 prep_new_page mm/page_alloc.c:1546 [inline]
 get_page_from_freelist+0x34eb/0x3680 mm/page_alloc.c:3353
 __alloc_pages+0x256/0x680 mm/page_alloc.c:4609
 alloc_pages_mpol+0x3e8/0x680 mm/mempolicy.c:2263
 pagetable_alloc include/linux/mm.h:2842 [inline]
 __pte_alloc_one_kernel include/asm-generic/pgalloc.h:21 [inline]
 pte_alloc_one_kernel include/asm-generic/pgalloc.h:40 [inline]
 __pte_alloc_kernel+0x7b/0x430 mm/memory.c:452
 vmap_pages_pte_range mm/vmalloc.c:469 [inline]
 vmap_pages_pmd_range mm/vmalloc.c:501 [inline]
 vmap_pages_pud_range mm/vmalloc.c:519 [inline]
 vmap_pages_p4d_range mm/vmalloc.c:537 [inline]
 vmap_small_pages_range_noflush mm/vmalloc.c:559 [inline]
 __vmap_pages_range_noflush+0x769/0xb50 mm/vmalloc.c:588
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 alloc_thread_stack_node kernel/fork.c:308 [inline]
 dup_task_struct+0x3e9/0x7d0 kernel/fork.c:1113
 copy_process+0x5d6/0x3db0 kernel/fork.c:2341
 kernel_clone+0x21e/0x8d0 kernel/fork.c:2916
 user_mode_thread+0x132/0x1a0 kernel/fork.c:2994
 call_usermodehelper_exec_work+0x5c/0x230 kernel/umh.c:172
 process_one_work kernel/workqueue.c:3102 [inline]
 process_scheduled_works+0x9d7/0x1730 kernel/workqueue.c:3182
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3263
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G    B              6.8.0-rc3-next-20240205-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 bad_page+0x14c/0x170 mm/page_alloc.c:514
 free_page_is_bad mm/page_alloc.c:967 [inline]
 free_pages_prepare mm/page_alloc.c:1132 [inline]
 free_unref_page_prepare+0xa33/0xa90 mm/page_alloc.c:2388
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2528
 pmd_free_pte_page+0x14e/0x1a0 arch/x86/mm/pgtable.c:869
 vmap_try_huge_pmd mm/vmalloc.c:145 [inline]
 vmap_pmd_range mm/vmalloc.c:164 [inline]
 vmap_pud_range mm/vmalloc.c:220 [inline]
 vmap_p4d_range mm/vmalloc.c:271 [inline]
 vmap_range_noflush+0x5fc/0xbe0 mm/vmalloc.c:295
 __vmap_pages_range_noflush+0x96c/0xb50 mm/vmalloc.c:593
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 kvmalloc_node+0x142/0x190 mm/util.c:659
 kvmalloc include/linux/slab.h:728 [inline]
 kvmalloc_array include/linux/slab.h:746 [inline]
 kvcalloc include/linux/slab.h:751 [inline]
 fq_pie_init+0x429/0x820 net/sched/sch_fq_pie.c:440
 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355
 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776
 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6606
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3c/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f701f315469
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
BUG: Bad page state in process syz-executor359  pfn:2af65
page:ffffea0000abd940 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2af65
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xfffffdff(table)
raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 2472, tgid 2472 (kworker/u8:7), ts 11021270716, free_ts 0
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1539
 prep_new_page mm/page_alloc.c:1546 [inline]
 get_page_from_freelist+0x34eb/0x3680 mm/page_alloc.c:3353
 __alloc_pages+0x256/0x680 mm/page_alloc.c:4609
 alloc_pages_mpol+0x3e8/0x680 mm/mempolicy.c:2263
 pagetable_alloc include/linux/mm.h:2842 [inline]
 __pte_alloc_one_kernel include/asm-generic/pgalloc.h:21 [inline]
 pte_alloc_one_kernel include/asm-generic/pgalloc.h:40 [inline]
 __pte_alloc_kernel+0x7b/0x430 mm/memory.c:452
 vmap_pages_pte_range mm/vmalloc.c:469 [inline]
 vmap_pages_pmd_range mm/vmalloc.c:501 [inline]
 vmap_pages_pud_range mm/vmalloc.c:519 [inline]
 vmap_pages_p4d_range mm/vmalloc.c:537 [inline]
 vmap_small_pages_range_noflush mm/vmalloc.c:559 [inline]
 __vmap_pages_range_noflush+0x769/0xb50 mm/vmalloc.c:588
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 alloc_thread_stack_node kernel/fork.c:308 [inline]
 dup_task_struct+0x3e9/0x7d0 kernel/fork.c:1113
 copy_process+0x5d6/0x3db0 kernel/fork.c:2341
 kernel_clone+0x21e/0x8d0 kernel/fork.c:2916
 user_mode_thread+0x132/0x1a0 kernel/fork.c:2994
 call_usermodehelper_exec_work+0x5c/0x230 kernel/umh.c:172
 process_one_work kernel/workqueue.c:3102 [inline]
 process_scheduled_works+0x9d7/0x1730 kernel/workqueue.c:3182
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3263
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G    B              6.8.0-rc3-next-20240205-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 bad_page+0x14c/0x170 mm/page_alloc.c:514
 free_page_is_bad mm/page_alloc.c:967 [inline]
 free_pages_prepare mm/page_alloc.c:1132 [inline]
 free_unref_page_prepare+0xa33/0xa90 mm/page_alloc.c:2388
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2528
 pmd_free_pte_page+0x14e/0x1a0 arch/x86/mm/pgtable.c:869
 vmap_try_huge_pmd mm/vmalloc.c:145 [inline]
 vmap_pmd_range mm/vmalloc.c:164 [inline]
 vmap_pud_range mm/vmalloc.c:220 [inline]
 vmap_p4d_range mm/vmalloc.c:271 [inline]
 vmap_range_noflush+0x5fc/0xbe0 mm/vmalloc.c:295
 __vmap_pages_range_noflush+0x96c/0xb50 mm/vmalloc.c:593
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 kvmalloc_node+0x142/0x190 mm/util.c:659
 kvmalloc include/linux/slab.h:728 [inline]
 kvmalloc_array include/linux/slab.h:746 [inline]
 kvcalloc include/linux/slab.h:751 [inline]
 fq_pie_init+0x429/0x820 net/sched/sch_fq_pie.c:440
 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355
 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776
 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6606
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3c/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f701f315469
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcbd50308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007ffdcbd504d8 RCX: 00007f701f315469
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003
RBP: 00007f701f388610 R08: 00000000ffffffff R09: 00007ffdcbd504d8
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffdcbd504c8 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
BUG: Bad page state in process syz-executor359  pfn:2ae92
page:ffffea0000aba480 refcount:0 mapcount:-512 mapping:0000000000000000 index:0x0 pfn:0x2ae92
flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
page_type: 0xfffffdff(table)
raw: 00fff80000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000fffffdff 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_COMP|__GFP_ZERO), pid 1162, tgid 1162 (kworker/u8:6), ts 11100973115, free_ts 11080079170
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1539
 prep_new_page mm/page_alloc.c:1546 [inline]
 get_page_from_freelist+0x34eb/0x3680 mm/page_alloc.c:3353
 __alloc_pages+0x256/0x680 mm/page_alloc.c:4609
 alloc_pages_mpol+0x3e8/0x680 mm/mempolicy.c:2263
 pagetable_alloc include/linux/mm.h:2842 [inline]
 __pte_alloc_one_kernel include/asm-generic/pgalloc.h:21 [inline]
 pte_alloc_one_kernel include/asm-generic/pgalloc.h:40 [inline]
 __pte_alloc_kernel+0x7b/0x430 mm/memory.c:452
 vmap_pages_pte_range mm/vmalloc.c:469 [inline]
 vmap_pages_pmd_range mm/vmalloc.c:501 [inline]
 vmap_pages_pud_range mm/vmalloc.c:519 [inline]
 vmap_pages_p4d_range mm/vmalloc.c:537 [inline]
 vmap_small_pages_range_noflush mm/vmalloc.c:559 [inline]
 __vmap_pages_range_noflush+0x769/0xb50 mm/vmalloc.c:588
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 alloc_thread_stack_node kernel/fork.c:308 [inline]
 dup_task_struct+0x3e9/0x7d0 kernel/fork.c:1113
 copy_process+0x5d6/0x3db0 kernel/fork.c:2341
 kernel_clone+0x21e/0x8d0 kernel/fork.c:2916
 user_mode_thread+0x132/0x1a0 kernel/fork.c:2994
 call_usermodehelper_exec_work+0x5c/0x230 kernel/umh.c:172
 process_one_work kernel/workqueue.c:3102 [inline]
 process_scheduled_works+0x9d7/0x1730 kernel/workqueue.c:3182
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3263
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
page last free pid 49 tgid 49 stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1140 [inline]
 free_unref_page_prepare+0x968/0xa90 mm/page_alloc.c:2388
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2528
 vfree+0x186/0x2e0 mm/vmalloc.c:3252
 delayed_vfree_work+0x56/0x80 mm/vmalloc.c:3173
 process_one_work kernel/workqueue.c:3102 [inline]
 process_scheduled_works+0x9d7/0x1730 kernel/workqueue.c:3182
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3263
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:242
Modules linked in:
CPU: 1 PID: 5064 Comm: syz-executor359 Tainted: G    B              6.8.0-rc3-next-20240205-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 bad_page+0x14c/0x170 mm/page_alloc.c:514
 free_page_is_bad mm/page_alloc.c:967 [inline]
 free_pages_prepare mm/page_alloc.c:1132 [inline]
 free_unref_page_prepare+0xa33/0xa90 mm/page_alloc.c:2388
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2528
 pmd_free_pte_page+0x14e/0x1a0 arch/x86/mm/pgtable.c:869
 vmap_try_huge_pmd mm/vmalloc.c:145 [inline]
 vmap_pmd_range mm/vmalloc.c:164 [inline]
 vmap_pud_range mm/vmalloc.c:220 [inline]
 vmap_p4d_range mm/vmalloc.c:271 [inline]
 vmap_range_noflush+0x5fc/0xbe0 mm/vmalloc.c:295
 __vmap_pages_range_noflush+0x96c/0xb50 mm/vmalloc.c:593
 vmap_pages_range_noflush mm/vmalloc.c:613 [inline]
 vmap_pages_range mm/vmalloc.c:633 [inline]
 __vmalloc_area_node mm/vmalloc.c:3592 [inline]
 __vmalloc_node_range+0x104d/0x14a0 mm/vmalloc.c:3730
 kvmalloc_node+0x142/0x190 mm/util.c:659
 kvmalloc include/linux/slab.h:728 [inline]
 kvmalloc_array include/linux/slab.h:746 [inline]
 kvcalloc include/linux/slab.h:751 [inline]
 fq_pie_init+0x429/0x820 net/sched/sch_fq_pie.c:440
 qdisc_create+0x9d4/0x1190 net/sched/sch_api.c:1355
 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776
 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6606
 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0xa3c/0xd70 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:745
 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f701f315469
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdcbd503