BUG: Bad page state in process jfsCommit pfn:1e399 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x1e399 flags: 0xfff0000000401c(referenced|uptodate|dirty|private|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff0000000401c dead000000000100 dead000000000122 0000000000000000 raw: 000000000000001c ffff888077fed1f0 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5261, tgid 5260 (syz-executor172), ts 77039403451, free_ts 77037480293 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1468 prep_new_page mm/page_alloc.c:1476 [inline] get_page_from_freelist+0x2e2d/0x2ee0 mm/page_alloc.c:3402 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4660 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2336 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2343 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1008 do_read_cache_folio+0xed/0x820 mm/filemap.c:3752 do_read_cache_page+0x30/0x200 mm/filemap.c:3854 read_mapping_page include/linux/pagemap.h:896 [inline] __get_metapage+0x330/0x1050 fs/jfs/jfs_metapage.c:620 diRead+0x5f4/0xae0 fs/jfs/jfs_imap.c:364 jfs_iget+0x8c/0x3b0 fs/jfs/inode.c:35 jfs_fill_super+0x808/0xc50 fs/jfs/super.c:580 mount_bdev+0x20a/0x2d0 fs/super.c:1659 legacy_get_tree+0xee/0x190 fs/fs_context.c:662 vfs_get_tree+0x90/0x2a0 fs/super.c:1780 do_new_mount+0x2be/0xb40 fs/namespace.c:3352 page last free pid 5075 tgid 5075 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1088 [inline] free_unref_page+0xd19/0xea0 mm/page_alloc.c:2565 skb_free_frag include/linux/skbuff.h:3354 [inline] skb_free_head net/core/skbuff.c:1079 [inline] skb_release_data+0x6b2/0x880 net/core/skbuff.c:1108 skb_release_all net/core/skbuff.c:1173 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1187 tcp_rcv_established+0x10a2/0x2020 net/ipv4/tcp_input.c:6087 tcp_v4_do_rcv+0x965/0xc60 net/ipv4/tcp_ipv4.c:1909 sk_backlog_rcv include/net/sock.h:1106 [inline] __release_sock+0x214/0x350 net/core/sock.c:2983 release_sock+0x61/0x1f0 net/core/sock.c:3549 tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1349 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x1a6/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 1 PID: 112 Comm: jfsCommit Not tainted 6.10.0-rc1-syzkaller-00304-g83814698cf48 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 bad_page+0x14c/0x170 mm/page_alloc.c:498 free_page_is_bad mm/page_alloc.c:909 [inline] free_pages_prepare mm/page_alloc.c:1080 [inline] free_unref_page+0xe3e/0xea0 mm/page_alloc.c:2565 __folio_put+0x3b9/0x620 mm/swap.c:129 txUnlock+0x42f/0xca0 fs/jfs/jfs_txnmgr.c:947 txLazyCommit fs/jfs/jfs_txnmgr.c:2682 [inline] jfs_lazycommit+0x5f4/0xb80 fs/jfs/jfs_txnmgr.c:2733 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244