BUG: Bad page state in process syz.0.739  pfn:2097b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2d pfn:0x2097b
flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
raw: 000000000000002d ffff8880155a6c98 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8599, tgid 8597 (syz.0.739), ts 514209376928, free_ts 508729786736
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3438
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4696
 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2263
 folio_alloc_noprof+0x1e/0xc0 mm/mempolicy.c:2347
 filemap_alloc_folio_noprof+0x3ba/0x490 mm/filemap.c:1008
 __filemap_get_folio+0x53d/0xae0 mm/filemap.c:1950
 pagecache_get_page+0x2c/0x250 mm/folio-compat.c:81
 find_or_create_page include/linux/pagemap.h:776 [inline]
 grab_cache_page include/linux/pagemap.h:892 [inline]
 __get_metapage+0x259/0x1170 fs/jfs/jfs_metapage.c:613
 diNewExt+0x846/0x1ab0 fs/jfs/jfs_imap.c:2272
 diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
 diAllocAG+0x170b/0x2340 fs/jfs/jfs_imap.c:1666
 diAlloc+0x8f7/0x1a70 fs/jfs/jfs_imap.c:1587
 ialloc+0x84/0x9e0 fs/jfs/jfs_inode.c:56
 jfs_mkdir+0x244/0xb40 fs/jfs/namei.c:225
 vfs_mkdir+0x580/0x860 fs/namei.c:4210
 do_mkdirat+0x301/0x3a0 fs/namei.c:4233
page last free pid 5206 tgid 5206 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2608
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 delayed_vfree_work+0x56/0x70 mm/vmalloc.c:3285
 process_one_work+0x9c8/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 1 UID: 0 PID: 8599 Comm: syz.0.739 Not tainted 6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_folios+0xa92/0x1390 mm/page_alloc.c:2656
 folios_put_refs+0x560/0x760 mm/swap.c:1039
 folio_batch_release include/linux/pagevec.h:101 [inline]
 truncate_inode_pages_range+0x334/0xe80 mm/truncate.c:346
 jfs_remount+0x4c1/0x650 fs/jfs/super.c:451
 legacy_reconfigure+0x11c/0x180 fs/fs_context.c:685
 reconfigure_super+0x452/0xb60 fs/super.c:1072
 do_remount fs/namespace.c:3012 [inline]
 path_mount+0x172d/0x1f20 fs/namespace.c:3791
 do_mount fs/namespace.c:3812 [inline]
 __do_sys_mount fs/namespace.c:4020 [inline]
 __se_sys_mount fs/namespace.c:3997 [inline]
 __x64_sys_mount+0x294/0x320 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f66c157761a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f66c23a2e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f66c23a2f00 RCX: 00007f66c157761a
RDX: 0000000020000f40 RSI: 0000000020000f00 RDI: 0000000000000000
RBP: 0000000020000f40 R08: 00007f66c23a2f00 R09: 0000000001a4a438
R10: 0000000001a4a438 R11: 0000000000000206 R12: 0000000020000f00
R13: 00007f66c23a2ec0 R14: 0000000000000000 R15: 00000000200008c0
 </TASK>
BUG: Bad page state in process syz.0.739  pfn:6d60e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2e pfn:0x6d60e
flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
raw: 000000000000002e ffff8880155a6d90 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8599, tgid 8597 (syz.0.739), ts 514209475218, free_ts 508715479875
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3438
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4696
 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2263
 folio_alloc_noprof+0x1e/0xc0 mm/mempolicy.c:2347
 filemap_alloc_folio_noprof+0x3ba/0x490 mm/filemap.c:1008
 __filemap_get_folio+0x53d/0xae0 mm/filemap.c:1950
 pagecache_get_page+0x2c/0x250 mm/folio-compat.c:81
 find_or_create_page include/linux/pagemap.h:776 [inline]
 grab_cache_page include/linux/pagemap.h:892 [inline]
 __get_metapage+0x259/0x1170 fs/jfs/jfs_metapage.c:613
 diNewExt+0x846/0x1ab0 fs/jfs/jfs_imap.c:2272
 diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
 diAllocAG+0x170b/0x2340 fs/jfs/jfs_imap.c:1666
 diAlloc+0x8f7/0x1a70 fs/jfs/jfs_imap.c:1587
 ialloc+0x84/0x9e0 fs/jfs/jfs_inode.c:56
 jfs_mkdir+0x244/0xb40 fs/jfs/namei.c:225
 vfs_mkdir+0x580/0x860 fs/namei.c:4210
 do_mkdirat+0x301/0x3a0 fs/namei.c:4233
page last free pid 5088 tgid 5088 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2608
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 bpf_prog_free_deferred+0x539/0x6f0 kernel/bpf/core.c:2800
 process_one_work+0x9c8/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c4/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 0 UID: 0 PID: 8599 Comm: syz.0.739 Tainted: G    B              6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_folios+0xa92/0x1390 mm/page_alloc.c:2656
 folios_put_refs+0x560/0x760 mm/swap.c:1039
 folio_batch_release include/linux/pagevec.h:101 [inline]
 truncate_inode_pages_range+0x334/0xe80 mm/truncate.c:346
 jfs_remount+0x4c1/0x650 fs/jfs/super.c:451
 legacy_reconfigure+0x11c/0x180 fs/fs_context.c:685
 reconfigure_super+0x452/0xb60 fs/super.c:1072
 do_remount fs/namespace.c:3012 [inline]
 path_mount+0x172d/0x1f20 fs/namespace.c:3791
 do_mount fs/namespace.c:3812 [inline]
 __do_sys_mount fs/namespace.c:4020 [inline]
 __se_sys_mount fs/namespace.c:3997 [inline]
 __x64_sys_mount+0x294/0x320 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f66c157761a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f66c23a2e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f66c23a2f00 RCX: 00007f66c157761a
RDX: 0000000020000f40 RSI: 0000000020000f00 RDI: 0000000000000000
RBP: 0000000020000f40 R08: 00007f66c23a2f00 R09: 0000000001a4a438
R10: 0000000001a4a438 R11: 0000000000000206 R12: 0000000020000f00
R13: 00007f66c23a2ec0 R14: 0000000000000000 R15: 00000000200008c0
 </TASK>
BUG: Bad page state in process syz.0.739  pfn:6643d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2f pfn:0x6643d
flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
raw: 000000000000002f ffff8880155a6e88 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 8599, tgid 8597 (syz.0.739), ts 514209569738, free_ts 508568004314
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3438
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4696
 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2263
 folio_alloc_noprof+0x1e/0xc0 mm/mempolicy.c:2347
 filemap_alloc_folio_noprof+0x3ba/0x490 mm/filemap.c:1008
 __filemap_get_folio+0x53d/0xae0 mm/filemap.c:1950
 pagecache_get_page+0x2c/0x250 mm/folio-compat.c:81
 find_or_create_page include/linux/pagemap.h:776 [inline]
 grab_cache_page include/linux/pagemap.h:892 [inline]
 __get_metapage+0x259/0x1170 fs/jfs/jfs_metapage.c:613
 diNewExt+0x846/0x1ab0 fs/jfs/jfs_imap.c:2272
 diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
 diAllocAG+0x170b/0x2340 fs/jfs/jfs_imap.c:1666
 diAlloc+0x8f7/0x1a70 fs/jfs/jfs_imap.c:1587
 ialloc+0x84/0x9e0 fs/jfs/jfs_inode.c:56
 jfs_mkdir+0x244/0xb40 fs/jfs/namei.c:225
 vfs_mkdir+0x580/0x860 fs/namei.c:4210
 do_mkdirat+0x301/0x3a0 fs/namei.c:4233
page last free pid 8553 tgid 8551 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2608
 tlb_batch_list_free mm/mmu_gather.c:159 [inline]
 tlb_finish_mmu+0x237/0x7b0 mm/mmu_gather.c:468
 exit_mmap+0x3d1/0xb20 mm/mmap.c:3395
 __mmput+0x12a/0x480 kernel/fork.c:1345
 mmput+0x62/0x70 kernel/fork.c:1367
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:869
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 get_signal+0x25fd/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 1 UID: 0 PID: 8599 Comm: syz.0.739 Tainted: G    B              6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
Tainted: [B]=BAD_PAGE
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_folios+0xa92/0x1390 mm/page_alloc.c:2656
 folios_put_refs+0x560/0x760 mm/swap.c:1039
 folio_batch_release include/linux/pagevec.h:101 [inline]
 truncate_inode_pages_range+0x334/0xe80 mm/truncate.c:346
 jfs_remount+0x4c1/0x650 fs/jfs/super.c:451
 legacy_reconfigure+0x11c/0x180 fs/fs_context.c:685
 reconfigure_super+0x452/0xb60 fs/super.c:1072
 do_remount fs/namespace.c:3012 [inline]
 path_mount+0x172d/0x1f20 fs/namespace.c:3791
 do_mount fs/namespace.c:3812 [inline]
 __do_sys_mount fs/namespace.c:4020 [inline]
 __se_sys_mount fs/namespace.c:3997 [inline]
 __x64_sys_mount+0x294/0x320 fs/namespace.c:3997
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f66c157761a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f66c23a2e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f66c23a2f00 RCX: 00007f66c157761a
RDX: 0000000020000f40 RSI: 0000000020000f00 RDI: 0000000000000000
RBP: 0000000020000f40 R08: 00007f66c23a2f00 R09: 0000000001a4a438
R10: 0000000001a4a438 R11: 0000000000000206 R12: 0000000020000f00
R13: 00007f66c23a2ec0 R14: 0000000000000000 R15: 00000000200008c0
 </TASK>