BUG: Bad page state in process syz-executor.4 pfn:aa8e6 page:ffffea0002aa3980 count:0 mapcount:0 mapping: (null) index:0x2f flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002f 00000000ffffffff raw: ffffea0002a75ee0 ffffea00026df020 ffff88809bde83c0 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 1 PID: 10535 Comm: syz-executor.4 Not tainted 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 EXT4-fs error (device loop2): ext4_append:77: inode #2: comm syz-executor.2: Logical block already allocated BUG: Bad page state in process syz-executor.4 pfn:a9d7b page:ffffea0002a75ec0 count:0 mapcount:0 mapping: (null) index:0x2e flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002e 00000000ffffffff raw: ffffea0002ca6de0 ffffea0002aa39a0 ffff88809bde84b0 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 10535 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 autofs4:pid:10590:autofs4_fill_super: called with bogus options jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue BUG: Bad page state in process syz-executor.4 pfn:b29b7 page:ffffea0002ca6dc0 count:0 mapcount:0 mapping: (null) index:0x2d flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002d 00000000ffffffff raw: ffffea0002bec7e0 ffffea0002a75ee0 ffff88809bde85a0 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 1 PID: 10535 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 autofs4:pid:10614:autofs4_fill_super: called with bogus options EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue ERROR: (device loop4): txAbort: BUG: Bad page state in process syz-executor.4 pfn:a99e0 page:ffffea0002a67800 count:0 mapcount:0 mapping: (null) index:0x2f flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002f 00000000ffffffff raw: ffffea000252e2a0 ffffea00024a02a0 ffff8880b4963e10 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 10648 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 BUG: Bad page state in process syz-executor.4 pfn:94b8a page:ffffea000252e280 count:0 mapcount:0 mapping: (null) index:0x2e flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002e 00000000ffffffff raw: ffffea0002aafb20 ffffea0002a67820 ffff8880b4963f00 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 10648 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 BUG: Bad page state in process syz-executor.4 pfn:aabec page:ffffea0002aafb00 count:0 mapcount:0 mapping: (null) index:0x2d flags: 0xfff0000000100c(referenced|uptodate|private) raw: 00fff0000000100c 0000000000000000 000000000000002d 00000000ffffffff raw: ffffea000295cb60 ffffea000252e2a0 ffff8880aa259f00 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set bad because of flags: 0x1000(private) Modules linked in: CPU: 0 PID: 10648 Comm: syz-executor.4 Tainted: G B 4.14.295-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 bad_page.cold+0xdb/0x100 mm/page_alloc.c:576 free_hot_cold_page_list+0x93/0x300 mm/page_alloc.c:2663 release_pages+0x828/0xbf0 mm/swap.c:820 __pagevec_release+0x84/0xe0 mm/swap.c:837 pagevec_release include/linux/pagevec.h:78 [inline] truncate_inode_pages_range+0x5ce/0x13e0 mm/truncate.c:320 jfs_remount+0x41f/0x5a0 fs/jfs/super.c:485 do_remount_sb+0x150/0x530 fs/super.c:868 do_remount fs/namespace.c:2393 [inline] do_mount+0x15f3/0x2a30 fs/namespace.c:2896 SYSC_mount fs/namespace.c:3121 [inline] SyS_mount+0xa8/0x120 fs/namespace.c:3098 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7f5b311575a9 RSP: 002b:00007f5b2facb168 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f5b31278f80 RCX: 00007f5b311575a9 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 RBP: 00007f5b311b2580 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000060 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc0992588f R14: 00007f5b2facb300 R15: 0000000000022000 netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.5'. Zero length message leads to an empty skb audit: type=1800 audit(1665033244.210:2): pid=11453 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=14174 res=0 netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.5'. netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 1024 bytes leftover after parsing attributes in process `syz-executor.2'. netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. audit: type=1800 audit(1665033246.200:3): pid=11857 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=14210 res=0