__swap_info_get: Bad swap file entry 3fc47ffffffff
BUG: Bad page map in process syz-executor.0  pte:7700000000000 pmd:00111067
addr:00007efd0202e000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:1b
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00770077 pmd:00111067
page:ffffea000001dc00 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x20170 pfn:0x770
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
memcg:ffff8880114d4000
anon flags: 0x7ff0000009001c(uptodate|dirty|lru|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 ffffea000001dc08 dead000000000400
raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000
head: 007ff0000009001c ffffea0002aac348 ffffea0002aac208 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000100000000 ffff8880114d4000
page dumped because: bad pte
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846499362, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
addr:00007efd02090000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7d
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:77770000000077 pmd:00111067
addr:00007efd02091000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7e
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 vm_normal_page+0x10c/0x2a0 mm/memory.c:625
 zap_pte_range mm/memory.c:1338 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0xb0e/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
__swap_info_get: Bad swap file entry 3c47fffffffff
BUG: Bad page map in process syz-executor.0  pte:77000000000000 pmd:00111067
addr:00007efd02092000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:7f
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00770077 pmd:00111067
page:ffffea000001dc00 refcount:1 mapcount:-2 mapping:0000000000000000 index:0x20170 pfn:0x770
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
memcg:ffff8880114d4000
anon flags: 0x7ff0000009001c(uptodate|dirty|lru|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 ffffea000001dc08 dead000000000400
raw: 0000000000000000 0000000000000000 00000000fffffffd 0000000000000000
head: 007ff0000009001c ffffea0002aac348 ffffea0002aac208 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000100000000 ffff8880114d4000
page dumped because: bad pte
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846499362, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
addr:00007efd020f4000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e1
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:77077000000077 pmd:00111067
addr:00007efd020f5000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e2
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 vm_normal_page+0x10c/0x2a0 mm/memory.c:625
 zap_pte_range mm/memory.c:1338 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0xb0e/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
__swap_info_get: Bad swap file entry 3c47fffffffff
BUG: Bad page map in process syz-executor.0  pte:77000000000000 pmd:00111067
addr:00007efd020f6000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:e3
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1398 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x2016/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page map in process syz-executor.0  pte:00077077 pmd:00111067
page:ffffea0000001dc0 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x77
flags: 0x7ff0000000100a(referenced|dirty|reserved|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff0000000100a ffffea0000001dc8 ffffea0000001dc8 0000000000000000
raw: 0000000000000000 0000000000000000 00000001fffffffe 0000000000000000
page dumped because: bad pte
page_owner info is not present (never set?)
addr:00007efd02158000 vm_flags:180400fb anon_vma:0000000000000000 mapping:ffff88801705e2a8 index:145
file:kcov fault:0x0 mmap:kcov_mmap readpage:0x0
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2bc/0x2e5 mm/memory.c:562
 zap_pte_range mm/memory.c:1359 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1fe1/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00601
page:ffffea0000018040 refcount:0 mapcount:2 mapping:0000000000000000 index:0x20001 pfn:0x601
head:ffffea0000018000 order:9 compound_mapcount:1 compound_pincount:0
anon flags: 0x7ff0000009000c(uptodate|dirty|head|swapbacked|node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 ffffea0000018001 0000000000010903 dead000000000200
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
head: 007ff0000009000c dead000000000100 dead000000000122 ffff88807eddc501
head: 0000000000020000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero compound_mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449561, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 free_tail_pages_check+0x25b/0x2d0 mm/page_alloc.c:1229
 free_pages_prepare mm/page_alloc.c:1319 [inline]
 free_pcp_prepare+0x560/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00602
page:ffffea0000018080 refcount:0 mapcount:1 mapping:0000000000000000 index:0xdead000000000122 pfn:0x602
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000000000 0000000000000000
raw: dead000000000122 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449707, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00603
page:ffffea00000180c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x603
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000180c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449844, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00604
page:ffffea0000018100 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x604
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018108 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846449974, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00605
page:ffffea0000018140 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x605
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018148 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450097, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00606
page:ffffea0000018180 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x606
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018188 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450236, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00607
page:ffffea00000181c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x607
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000181c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450361, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00608
page:ffffea0000018200 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x608
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018208 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450453, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:00609
page:ffffea0000018240 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x609
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018248 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450615, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060a
page:ffffea0000018280 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60a
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018288 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450740, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060b
page:ffffea00000182c0 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60b
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea00000182c8 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846450880, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060c
page:ffffea0000018300 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60c
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018308 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846451008, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 0 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060d
page:ffffea0000018340 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60d
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018348 0000000000000000
raw: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
page dumped because: nonzero mapcount
page_owner tracks the page as allocated
page last allocated via order 9, migratetype Movable, gfp_mask 0x13d20ca(GFP_TRANSHUGE_LIGHT|__GFP_NORETRY|__GFP_THISNODE), pid 5485, ts 1560846451136, free_ts 0
 prep_new_page mm/page_alloc.c:2418 [inline]
 get_page_from_freelist+0xa72/0x2f50 mm/page_alloc.c:4149
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5369
 __alloc_pages_node include/linux/gfp.h:570 [inline]
 alloc_pages_vma+0x6a7/0x7d0 mm/mempolicy.c:2133
 do_huge_pmd_anonymous_page+0x439/0x2840 mm/huge_memory.c:777
 create_huge_pmd mm/memory.c:4422 [inline]
 __handle_mm_fault+0x2a2a/0x5120 mm/memory.c:4657
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4784
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1485 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
page_owner free stack trace missing
Modules linked in:
CPU: 1 PID: 15432 Comm: syz-executor.0 Tainted: G    B             5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 bad_page.cold+0x9c/0xbd mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1197 [inline]
 check_free_page mm/page_alloc.c:1207 [inline]
 free_pages_prepare mm/page_alloc.c:1320 [inline]
 free_pcp_prepare+0x580/0x870 mm/page_alloc.c:1389
 free_unref_page_prepare mm/page_alloc.c:3309 [inline]
 free_unref_page+0x19/0x690 mm/page_alloc.c:3388
 release_pages+0x825/0x1480 mm/swap.c:956
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
 tlb_flush_mmu+0xe9/0x6b0 mm/mmu_gather.c:249
 zap_pte_range mm/memory.c:1418 [inline]
 zap_pmd_range mm/memory.c:1467 [inline]
 zap_pud_range mm/memory.c:1496 [inline]
 zap_p4d_range mm/memory.c:1517 [inline]
 unmap_page_range+0x1cac/0x29f0 mm/memory.c:1538
 unmap_single_vma+0x198/0x310 mm/memory.c:1583
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1615
 exit_mmap+0x1d0/0x630 mm/mmap.c:3170
 __mmput+0x122/0x4b0 kernel/fork.c:1113
 mmput+0x56/0x60 kernel/fork.c:1134
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xb27/0x2b40 kernel/exit.c:819
 do_group_exit+0x125/0x310 kernel/exit.c:929
 get_signal+0x47d/0x2220 kernel/signal.c:2852
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7efd0409bae9
Code: Unable to access opcode bytes at RIP 0x7efd0409babf.
RSP: 002b:00007efd015f0188 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 00000000000001b7 RBX: 00007efd041af020 RCX: 00007efd0409bae9
RDX: 00000000000001b7 RSI: 0000000020001040 RDI: 0000000000000006
RBP: 00007efd040f5f6d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb8398f2f R14: 00007efd015f0300 R15: 0000000000022000
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:0060e
page:ffffea0000018380 refcount:0 mapcount:1 mapping:0000000000000000 index:0x0 pfn:0x60e
flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 007ff00000000000 0000000000000000 ffffea0000018388 0000000000000000