BUG: Bad page state in process syz-executor243 pfn:7ece7 page:ffffea0001fb39c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x7ece7 flags: 0xfff1000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff1000000820c ffffea00008301c8 ffffc90005507990 0000000000000000 raw: 000000000000001c ffff888029171000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5751, tgid 5750 (syz-executor243), ts 95934543795, free_ts 95901613067 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x2d0/0x350 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0xa28/0x3780 mm/page_alloc.c:3311 __alloc_pages+0x22f/0x2440 mm/page_alloc.c:4567 alloc_pages_mpol+0x258/0x5f0 mm/mempolicy.c:2133 folio_alloc+0x1e/0xe0 mm/mempolicy.c:2211 filemap_alloc_folio+0x3bb/0x490 mm/filemap.c:975 do_read_cache_folio+0x1b8/0x540 mm/filemap.c:3665 do_read_cache_page mm/filemap.c:3767 [inline] read_cache_page+0x5b/0x160 mm/filemap.c:3776 read_mapping_page include/linux/pagemap.h:871 [inline] __get_metapage+0x993/0x1170 fs/jfs/jfs_metapage.c:620 diRead+0x650/0xb00 fs/jfs/jfs_imap.c:364 jfs_iget+0x84/0x4c0 fs/jfs/inode.c:35 jfs_fill_super+0x6c8/0xd20 fs/jfs/super.c:580 mount_bdev+0x1df/0x2d0 fs/super.c:1663 legacy_get_tree+0x109/0x220 fs/fs_context.c:662 vfs_get_tree+0x8c/0x370 fs/super.c:1784 do_new_mount fs/namespace.c:3352 [inline] path_mount+0x14e6/0x1f20 fs/namespace.c:3679 page last free pid 5056 tgid 5056 stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x51f/0xb10 mm/page_alloc.c:2346 free_unref_page+0x33/0x3c0 mm/page_alloc.c:2486 lbmLogShutdown fs/jfs/jfs_logmgr.c:1864 [inline] lmLogShutdown+0x371/0x780 fs/jfs/jfs_logmgr.c:1684 lmLogClose+0x577/0x710 fs/jfs/jfs_logmgr.c:1460 jfs_umount+0x2f0/0x430 fs/jfs/jfs_umount.c:114 jfs_put_super+0x88/0x1d0 fs/jfs/super.c:194 generic_shutdown_super+0x159/0x3d0 fs/super.c:646 kill_block_super+0x3b/0x90 fs/super.c:1680 deactivate_locked_super+0xbc/0x1a0 fs/super.c:477 deactivate_super+0xde/0x100 fs/super.c:510 cleanup_mnt+0x222/0x450 fs/namespace.c:1267 task_work_run+0x14d/0x240 kernel/task_work.c:180 ptrace_notify+0x10d/0x130 kernel/signal.c:2390 ptrace_report_syscall include/linux/ptrace.h:411 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline] syscall_exit_work kernel/entry/common.c:167 [inline] syscall_exit_to_user_mode_prepare+0x126/0x230 kernel/entry/common.c:194 __syscall_exit_to_user_mode_work kernel/entry/common.c:199 [inline] syscall_exit_to_user_mode+0x11/0x2b0 kernel/entry/common.c:212 do_syscall_64+0xe0/0x250 arch/x86/entry/common.c:89 Modules linked in: CPU: 0 PID: 5759 Comm: syz-executor243 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106 bad_page+0xb4/0x200 mm/page_alloc.c:514 free_page_is_bad_report mm/page_alloc.c:957 [inline] free_page_is_bad mm/page_alloc.c:967 [inline] free_pages_prepare mm/page_alloc.c:1132 [inline] free_unref_page_prepare+0x545/0xb10 mm/page_alloc.c:2346 free_unref_page_list+0xe6/0xb40 mm/page_alloc.c:2532 release_pages+0x32a/0x14f0 mm/swap.c:1042 __folio_batch_release+0x77/0xe0 mm/swap.c:1062 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x33e/0xf00 mm/truncate.c:362 jfs_remount+0x4bd/0x650 fs/jfs/super.c:451 legacy_reconfigure+0x119/0x180 fs/fs_context.c:685 reconfigure_super+0x44f/0xb10 fs/super.c:1076 do_remount fs/namespace.c:2892 [inline] path_mount+0x172e/0x1f20 fs/namespace.c:3671 do_mount fs/namespace.c:3692 [inline] __do_sys_mount fs/namespace.c:3898 [inline] __se_sys_mount fs/namespace.c:3875 [inline] __x64_sys_mount+0x293/0x310 fs/namespace.c:3875 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f91a50ec0da Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f91a5086038 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000020000180 RCX: 00007f91a50ec0da RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 RBP: 0000000000000000 R08: 00007f91a50860d0 R09: 0000000000000000 R10: 0000000001a404ac R11: 0000000000000286 R12: 0000000020000100 R13: 00007f91a50860d0 R14: 0000000000000000 R15: 0000000020000a80