netlink: 'syz-executor0': attribute type 6 has an invalid length. BUG: Bad page map in process syz-executor7 pte:129c26067 pmd:12f000067 page:ffffea0006fa8e40 count:1 mapcount:-1537 mapping:0000000000000000 index:0x0 flags: 0x200000000000014(referenced|dirty) netlink: 'syz-executor0': attribute type 6 has an invalid length. raw: 0200000000000014 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001fffff9fe ffff8801361dd000 raw: ffffea0006fdb420 ffffea0006ed29a0 0000000000000001 0000000000000000 page dumped because: bad pte page->mem_cgroup:ffff8801361dd000 addr:0000000099c9a95e vm_flags:100400fb anon_vma: (null) mapping:00000000265d09d3 index:30 file:kcov fault: (null) mmap:kcov_mmap readpage: (null) CPU: 1 PID: 7695 Comm: syz-executor7 Not tainted 4.18.0-rc8+ #34 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x1c0 lib/dump_stack.c:113 print_bad_pte+0xcae/0xde0 mm/memory.c:775 zap_pte_range mm/memory.c:1336 [inline] zap_pmd_range mm/memory.c:1436 [inline] zap_pud_range mm/memory.c:1465 [inline] zap_p4d_range mm/memory.c:1486 [inline] unmap_page_range+0x2119/0x3b60 mm/memory.c:1507 unmap_single_vma+0x445/0x5e0 mm/memory.c:1552 unmap_vmas+0x241/0x370 mm/memory.c:1582 exit_mmap+0x4d7/0x960 mm/mmap.c:3094 __mmput+0x154/0x5f0 kernel/fork.c:994 mmput+0xa7/0xe0 kernel/fork.c:1015 exit_mm+0x6dd/0x790 kernel/exit.c:545 do_exit+0xbf7/0x3890 kernel/exit.c:854 do_group_exit+0x1a0/0x350 kernel/exit.c:970 get_signal+0x1425/0x1ef0 kernel/signal.c:2468 do_signal+0x120/0x2090 arch/x86/kernel/signal.c:816 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline] prepare_exit_to_usermode+0x273/0x410 arch/x86/entry/common.c:197 syscall_return_slowpath+0xdb/0x700 arch/x86/entry/common.c:268 do_syscall_64+0x1ab/0x220 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f76a36efcf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: 0000000000000001 RBX: 00000000009301e8 RCX: 0000000000457089 RDX: 0000000000000001 RSI: 0000000000000001 RDI: 00000000009301ec RBP: 00000000009301e0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000009301ec R13: 0000000000a3fb9f R14: 00007f76a36f09c0 R15: 0000000000000002 netlink: 24 bytes leftover after parsing attributes in process `syz-executor1'. netlink: 24 bytes leftover after parsing attributes in process `syz-executor1'. input: syz0 as /devices/virtual/input/input9 input: syz0 as /devices/virtual/input/input10 mm/pgtable-generic.c:40: bad pmd 0000000003396c52(800000014e82b007) BUG: Bad page map in process syz-executor4 pte:127d3e067 pmd:12f000067 page:ffffea0006eef740 count:1 mapcount:-1537 mapping:0000000000000000 index:0x0 flags: 0x200000000000014(referenced|dirty) raw: 0200000000000014 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001fffff9fe ffff8801361dd000 raw: ffffea0006eef7a0 ffffea0006f8ac00 0000000000000001 0000000000000000 page dumped because: bad pte page->mem_cgroup:ffff8801361dd000 addr:00000000445dc719 vm_flags:100400fb anon_vma: (null) mapping:00000000265d09d3 index:9c file:kcov fault: (null) mmap:kcov_mmap readpage: (null) CPU: 1 PID: 7803 Comm: syz-executor4 Tainted: G B 4.18.0-rc8+ #34 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x1c0 lib/dump_stack.c:113 print_bad_pte+0xcae/0xde0 mm/memory.c:775 zap_pte_range mm/memory.c:1336 [inline] zap_pmd_range mm/memory.c:1436 [inline] zap_pud_range mm/memory.c:1465 [inline] zap_p4d_range mm/memory.c:1486 [inline] unmap_page_range+0x2119/0x3b60 mm/memory.c:1507 unmap_single_vma+0x445/0x5e0 mm/memory.c:1552 unmap_vmas+0x241/0x370 mm/memory.c:1582 exit_mmap+0x4d7/0x960 mm/mmap.c:3094 __mmput+0x154/0x5f0 kernel/fork.c:994 mmput+0xa7/0xe0 kernel/fork.c:1015 exit_mm+0x6dd/0x790 kernel/exit.c:545 do_exit+0xbf7/0x3890 kernel/exit.c:854 do_group_exit+0x1a0/0x350 kernel/exit.c:970 __do_sys_exit_group+0x21/0x30 kernel/exit.c:981 __se_sys_exit_group+0x14/0x20 kernel/exit.c:979 __x64_sys_exit_group+0x4c/0x50 kernel/exit.c:979 do_syscall_64+0x15b/0x220 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:0000000000a3fda8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000457089 RDX: 0000000000410c41 RSI: fffffffffffffff7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffff R09: 0000000000035cd3 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000011 R13: 0000000000035cd3 R14: 0000000000000020 R15: badc0ffeebadface input:  as /devices/virtual/input/input11 mm/pgtable-generic.c:40: bad pmd 0000000003396c52(8000000141460007) BUG: Bad page map in process syz-executor4 pte:123e0f067 pmd:12f000067 page:ffffea0006d745a0 count:1 mapcount:-1537 mapping:0000000000000000 index:0x0 flags: 0x200000000000014(referenced|dirty) raw: 0200000000000014 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000000 0000000000000000 00000001fffff9fe ffff8801361dd000 raw: ffffea0006d74540 ffffea0006d744e0 0000000000000001 0000000000000000 page dumped because: bad pte page->mem_cgroup:ffff8801361dd000 addr:00000000ff26f1ac vm_flags:100400fb anon_vma: (null) mapping:00000000265d09d3 index:9c file:kcov fault: (null) mmap:kcov_mmap readpage: (null) CPU: 1 PID: 7900 Comm: syz-executor4 Tainted: G B 4.18.0-rc8+ #34 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x17c/0x1c0 lib/dump_stack.c:113 print_bad_pte+0xcae/0xde0 mm/memory.c:775 zap_pte_range mm/memory.c:1336 [inline] zap_pmd_range mm/memory.c:1436 [inline] zap_pud_range mm/memory.c:1465 [inline] zap_p4d_range mm/memory.c:1486 [inline] unmap_page_range+0x2119/0x3b60 mm/memory.c:1507 unmap_single_vma+0x445/0x5e0 mm/memory.c:1552 unmap_vmas+0x241/0x370 mm/memory.c:1582 exit_mmap+0x4d7/0x960 mm/mmap.c:3094 __mmput+0x154/0x5f0 kernel/fork.c:994 mmput+0xa7/0xe0 kernel/fork.c:1015 exit_mm+0x6dd/0x790 kernel/exit.c:545 do_exit+0xbf7/0x3890 kernel/exit.c:854 do_group_exit+0x1a0/0x350 kernel/exit.c:970 get_signal+0x1425/0x1ef0 kernel/signal.c:2468 do_signal+0x120/0x2090 arch/x86/kernel/signal.c:816 exit_to_usermode_loop arch/x86/entry/common.c:162 [inline] prepare_exit_to_usermode+0x273/0x410 arch/x86/entry/common.c:197 syscall_return_slowpath+0xdb/0x700 arch/x86/entry/common.c:268 do_syscall_64+0x1ab/0x220 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f7ea7aa4cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 0000000000930148 RCX: 0000000000457089 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000930148 RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000093014c R13: 0000000000a3fb9f R14: 00007f7ea7aa59c0 R15: 0000000000000001 netlink: 49 bytes leftover after parsing attributes in process `syz-executor2'. netlink: 49 bytes leftover after parsing attributes in process `syz-executor2'. BUG: unable to handle kernel paging request at ffffea042b520008 PGD 21f7ef067 P4D 21f7ef067 PUD 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 4498 Comm: syz-executor4 Tainted: G B 4.18.0-rc8+ #34 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__read_once_size include/linux/compiler.h:197 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:PageMlocked include/linux/page-flags.h:354 [inline] RIP: 0010:__split_huge_pmd+0x514/0x2540 mm/huge_memory.c:2235 Code: 8d 0c 49 48 c1 e1 05 48 ba 00 00 00 00 00 ea ff ff 4c 8d 34 0a 48 8d 1c 0a 48 83 c3 08 48 85 f6 44 0f 44 e0 0f 85 4a 07 00 00 <4c> 8b 3b 48 89 df e8 01 e9 fd ff 48 8b 08 89 c8 83 e0 01 45 89 f8 RSP: 0018:ffff88014034f548 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffea042b520008 RCX: 000000042b520000 RDX: ffffea0000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88014034f6e0 R08: 0000000000000000 R09: 000077ff80000000 R10: ffffffff7fffffff R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffea042b520000 R15: 0000000000000000 FS: 000000000254a940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea042b520008 CR3: 000000014024c000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: zap_pmd_range mm/memory.c:1422 [inline] zap_pud_range mm/memory.c:1465 [inline] zap_p4d_range mm/memory.c:1486 [inline] unmap_page_range+0xc11/0x3b60 mm/memory.c:1507 unmap_single_vma+0x445/0x5e0 mm/memory.c:1552 unmap_vmas+0x241/0x370 mm/memory.c:1582 exit_mmap+0x4d7/0x960 mm/mmap.c:3094 __mmput+0x154/0x5f0 kernel/fork.c:994 mmput+0xa7/0xe0 kernel/fork.c:1015 exit_mm+0x6dd/0x790 kernel/exit.c:545 do_exit+0xbf7/0x3890 kernel/exit.c:854 do_group_exit+0x1a0/0x350 kernel/exit.c:970 __do_sys_exit_group+0x21/0x30 kernel/exit.c:981 __se_sys_exit_group+0x14/0x20 kernel/exit.c:979 __x64_sys_exit_group+0x4c/0x50 kernel/exit.c:979 do_syscall_64+0x15b/0x220 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x63/0xe7 RIP: 0033:0x457089 Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:0000000000a3f808 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000000457089 RDX: 0000000000036b00 RSI: 0000000000a3f840 RDI: 000000000000000b RBP: 0000000000000169 R08: 000000000254a940 R09: 00d000a800000000 R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000005 R13: 00000000000369f1 R14: 0000000000000023 R15: badc0ffeebadface Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: ffffea042b520008 ---[ end trace 4d0b45a2bdecf8ee ]--- RIP: 0010:__read_once_size include/linux/compiler.h:197 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:PageMlocked include/linux/page-flags.h:354 [inline] RIP: 0010:__split_huge_pmd+0x514/0x2540 mm/huge_memory.c:2235 Code: 8d 0c 49 48 c1 e1 05 48 ba 00 00 00 00 00 ea ff ff 4c 8d 34 0a 48 8d 1c 0a 48 83 c3 08 48 85 f6 44 0f 44 e0 0f 85 4a 07 00 00 <4c> 8b 3b 48 89 df e8 01 e9 fd ff 48 8b 08 89 c8 83 e0 01 45 89 f8 RSP: 0018:ffff88014034f548 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffea042b520008 RCX: 000000042b520000 RDX: ffffea0000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff88014034f6e0 R08: 0000000000000000 R09: 000077ff80000000 R10: ffffffff7fffffff R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: ffffea042b520000 R15: 0000000000000000 FS: 000000000254a940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea042b520008 CR3: 000000014024c000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400