BUG: Bad page state in process syz.6.1612  pfn:66789
page:ffffea000199e240 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x66789
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea000199e188 ffffc90003277880 0000000000000000
raw: 0000000000000004 ffff88801f880000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 10894, ts 576623218943, free_ts 576603445512
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x322a/0x33c0 mm/page_alloc.c:4159
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5423
 __page_cache_alloc+0xd4/0x4a0 mm/filemap.c:1022
 do_read_cache_page+0x1e5/0x1040 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x398/0x1070 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd5/0x920 fs/jfs/jfs_dmap.c:1884
 dbAllocAG+0x28b/0x10b0 fs/jfs/jfs_dmap.c:1432
 dbDiscardAG+0x34e/0xa10 fs/jfs/jfs_dmap.c:1681
 jfs_ioc_trim+0x452/0x6a0 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2ac/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page_list+0x1f7/0x8e0 mm/page_alloc.c:3433
 release_pages+0x1bb9/0x1f40 mm/swap.c:963
 __pagevec_release+0x80/0xf0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 __invalidate_mapping_pages+0x68f/0x7c0 mm/truncate.c:509
 reconfigure_super+0x5cc/0x870 fs/super.c:963
 do_remount fs/namespace.c:2668 [inline]
 path_mount+0xceb/0x10a0 fs/namespace.c:3334
 do_mount fs/namespace.c:3355 [inline]
 __do_sys_mount fs/namespace.c:3563 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3540
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 10937 Comm: syz.6.1612 Not tainted 5.15.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x48d/0xcf0 mm/page_alloc.c:3317
 free_unref_page_list+0x1f7/0x8e0 mm/page_alloc.c:3433
 release_pages+0x1bb9/0x1f40 mm/swap.c:963
 __pagevec_release+0x80/0xf0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x48b/0x1290 mm/truncate.c:329
 jfs_mount_rw+0x2bb/0x640 fs/jfs/jfs_mount.c:236
 jfs_remount+0x3cd/0x6a0 fs/jfs/super.c:459
 reconfigure_super+0x43a/0x870 fs/super.c:938
 vfs_fsconfig_locked fs/fsopen.c:254 [inline]
 __do_sys_fsconfig fs/fsopen.c:439 [inline]
 __se_sys_fsconfig+0x98b/0xec0 fs/fsopen.c:314
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f2684efe719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2683355038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f26850b6058 RCX: 00007f2684efe719
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 00007f2684f7132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f26850b6058 R15: 00007fffbb9f32e8
 </TASK>
BUG: Bad page state in process syz.6.1612  pfn:66786
page:ffffea000199e180 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x66786
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0000acc9c8 ffffc90003277880 0000000000000000
raw: 0000000000000003 ffff88801f8800f8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 10894, ts 576626458524, free_ts 576603433643
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x322a/0x33c0 mm/page_alloc.c:4159
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5423
 __page_cache_alloc+0xd4/0x4a0 mm/filemap.c:1022
 do_read_cache_page+0x1e5/0x1040 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x398/0x1070 fs/jfs/jfs_metapage.c:621
 dbAdjCtl+0x138/0x9c0 fs/jfs/jfs_dmap.c:2549
 dbAllocDmap fs/jfs/jfs_dmap.c:2110 [inline]
 dbAllocDmapLev+0x298/0x490 fs/jfs/jfs_dmap.c:2054
 dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1891
 dbAllocAG+0x28b/0x10b0 fs/jfs/jfs_dmap.c:1432
 dbDiscardAG+0x34e/0xa10 fs/jfs/jfs_dmap.c:1681
 jfs_ioc_trim+0x452/0x6a0 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2ac/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page_list+0x1f7/0x8e0 mm/page_alloc.c:3433
 release_pages+0x1bb9/0x1f40 mm/swap.c:963
 __pagevec_release+0x80/0xf0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 __invalidate_mapping_pages+0x68f/0x7c0 mm/truncate.c:509
 reconfigure_super+0x5cc/0x870 fs/super.c:963
 do_remount fs/namespace.c:2668 [inline]
 path_mount+0xceb/0x10a0 fs/namespace.c:3334
 do_mount fs/namespace.c:3355 [inline]
 __do_sys_mount fs/namespace.c:3563 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3540
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 0 PID: 10937 Comm: syz.6.1612 Tainted: G    B             5.15.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x48d/0xcf0 mm/page_alloc.c:3317
 free_unref_page_list+0x1f7/0x8e0 mm/page_alloc.c:3433
 release_pages+0x1bb9/0x1f40 mm/swap.c:963
 __pagevec_release+0x80/0xf0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x48b/0x1290 mm/truncate.c:329
 jfs_mount_rw+0x2bb/0x640 fs/jfs/jfs_mount.c:236
 jfs_remount+0x3cd/0x6a0 fs/jfs/super.c:459
 reconfigure_super+0x43a/0x870 fs/super.c:938
 vfs_fsconfig_locked fs/fsopen.c:254 [inline]
 __do_sys_fsconfig fs/fsopen.c:439 [inline]
 __se_sys_fsconfig+0x98b/0xec0 fs/fsopen.c:314
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f2684efe719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2683355038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f26850b6058 RCX: 00007f2684efe719
RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000005
RBP: 00007f2684f7132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f26850b6058 R15: 00007fffbb9f32e8
 </TASK>