BUG: Bad page state in process syz-executor.0  pfn:24388
page:ffffea000090e200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x24388
flags: 0xfff00000002004(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002004 ffffea0000872a88 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff888024d849b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4568, ts 86330610615, free_ts 86312306326
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x100/0x290 mm/slub.c:3233
 vm_area_dup+0x1e/0xb0 kernel/fork.c:358
 __split_vma+0xb1/0x410 mm/mmap.c:2718
 __do_munmap+0x375/0xdc0 mm/mmap.c:2844
 __vm_munmap+0x137/0x230 mm/mmap.c:2940
 __do_sys_munmap mm/mmap.c:2966 [inline]
 __se_sys_munmap mm/mmap.c:2962 [inline]
 __x64_sys_munmap+0x67/0x70 mm/mmap.c:2962
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Not tainted 5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000014f1d R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:716f4
page:ffffea0001c5bd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x716f4
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001c5bc88 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff88801e3449b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4624, ts 87417973019, free_ts 87403967448
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
 tlb_flush_mmu mm/mmu_gather.c:247 [inline]
 tlb_finish_mmu+0x164/0x2e0 mm/mmu_gather.c:338
 exit_mmap+0x3a6/0x5f0 mm/mmap.c:3206
 __mmput+0x115/0x3b0 kernel/fork.c:1127
 exit_mm+0x567/0x6c0 kernel/exit.c:550
 do_exit+0x599/0x20a0 kernel/exit.c:861
 do_group_exit+0x12e/0x300 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1005
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 0 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000015419 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:7327e
page:ffffea0001cc9f80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x7327e
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0000a6e408 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff88801f4c54d8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4688, ts 88342215474, free_ts 88171742506
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 tlb_batch_list_free mm/mmu_gather.c:61 [inline]
 tlb_finish_mmu+0x236/0x2e0 mm/mmu_gather.c:341
 exit_mmap+0x3a6/0x5f0 mm/mmap.c:3206
 __mmput+0x115/0x3b0 kernel/fork.c:1127
 exit_mm+0x567/0x6c0 kernel/exit.c:550
 do_exit+0x599/0x20a0 kernel/exit.c:861
 do_group_exit+0x12e/0x300 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1005
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 0 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 00000000000157fa R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:1b5dc
page:ffffea00006d7700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1b5dc
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001e1cfc8 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff888074267000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4746, ts 89245774060, free_ts 89198060799
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 __vunmap+0x8ab/0xa40 mm/vmalloc.c:2621
 free_work+0x56/0x80 mm/vmalloc.c:95
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
Modules linked in:
CPU: 0 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000015b88 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:7370d
page:ffffea0001cdc340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x7370d
flags: 0xfff00000002004(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002004 ffffea0001d0ac48 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff888074267aa8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4802, ts 90106213458, free_ts 90039893993
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
 tlb_flush_mmu mm/mmu_gather.c:247 [inline]
 tlb_finish_mmu+0x164/0x2e0 mm/mmu_gather.c:338
 exit_mmap+0x3a6/0x5f0 mm/mmap.c:3206
 __mmput+0x115/0x3b0 kernel/fork.c:1127
 exit_mm+0x567/0x6c0 kernel/exit.c:550
 do_exit+0x599/0x20a0 kernel/exit.c:861
 do_group_exit+0x12e/0x300 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1005
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 0 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000015eee R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:1adcf
page:ffffea00006b73c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1adcf
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001cc7548 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff888074267d90 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4852, ts 90935283386, free_ts 90866095108
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc_trace+0x103/0x2a0 mm/slub.c:3245
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:735 [inline]
 nsim_fib6_rt_create drivers/net/netdevsim/fib.c:545 [inline]
 nsim_fib6_rt_insert drivers/net/netdevsim/fib.c:750 [inline]
 nsim_fib6_event drivers/net/netdevsim/fib.c:854 [inline]
 nsim_fib_event drivers/net/netdevsim/fib.c:887 [inline]
 nsim_fib_event_work+0x1109/0x3240 drivers/net/netdevsim/fib.c:1483
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 process_scheduled_works kernel/workqueue.c:2373 [inline]
 worker_thread+0xdca/0x12a0 kernel/workqueue.c:2459
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
Modules linked in:
CPU: 0 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000016243 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:230d2
page:ffffea00008c3480 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x230d2
flags: 0xfff00000002004(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002004 ffffea00008d6bc8 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff8880791bdaa8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4854, ts 91765281807, free_ts 91463619664
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 kill_bdev block/bdev.c:77 [inline]
 blkdev_flush_mapping+0x182/0x340 block/bdev.c:659
 blkdev_put_whole block/bdev.c:690 [inline]
 blkdev_put+0x4d1/0x7d0 block/bdev.c:957
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000016584 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:7338f
page:ffffea0001cce3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x7338f
flags: 0xfff00000002004(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002004 ffffea0000a781c8 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff8880224e76c8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4856, ts 92596130369, free_ts 92540995059
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:240 [inline]
 tlb_flush_mmu mm/mmu_gather.c:247 [inline]
 tlb_finish_mmu+0x164/0x2e0 mm/mmu_gather.c:338
 unmap_region+0x315/0x360 mm/mmap.c:2657
 __do_munmap+0x9d3/0xdc0 mm/mmap.c:2887
 __vm_munmap+0x137/0x230 mm/mmap.c:2940
 __do_sys_munmap mm/mmap.c:2966 [inline]
 __se_sys_munmap mm/mmap.c:2962 [inline]
 __x64_sys_munmap+0x67/0x70 mm/mmap.c:2962
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 00000000000168cc R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:79bc0
page:ffffea0001e6f000 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x79bc0
flags: 0xfff00000002004(uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002004 ffffea0001e48308 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff8880239130f8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4858, ts 93384916958, free_ts 93210253382
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x100/0x290 mm/slub.c:3233
 ptlock_alloc+0x1c/0x60 mm/memory.c:5556
 ptlock_init include/linux/mm.h:2230 [inline]
 pgtable_pte_page_ctor include/linux/mm.h:2257 [inline]
 __pte_alloc_one include/asm-generic/pgalloc.h:66 [inline]
 pte_alloc_one+0xc5/0x2f0 arch/x86/mm/pgtable.c:33
 __pte_alloc+0x21/0x150 mm/memory.c:439
 do_anonymous_page mm/memory.c:3806 [inline]
 handle_pte_fault mm/memory.c:4648 [inline]
 __handle_mm_fault mm/memory.c:4785 [inline]
 handle_mm_fault+0x395c/0x43c0 mm/memory.c:4883
 do_user_addr_fault+0x489/0xc80 arch/x86/mm/fault.c:1357
 handle_page_fault arch/x86/mm/fault.c:1445 [inline]
 exc_page_fault+0x60/0x100 arch/x86/mm/fault.c:1501
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:606
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000016bd9 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:1fe6b
page:ffffea00007f9ac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1fe6b
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea00007d0588 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff88807280f8b8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4860, ts 94225578541, free_ts 94216451079
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x100/0x290 mm/slub.c:3233
 kmem_cache_zalloc include/linux/slab.h:725 [inline]
 locks_alloc_lock fs/locks.c:346 [inline]
 flock_make_lock fs/locks.c:515 [inline]
 __do_sys_flock fs/locks.c:2200 [inline]
 __se_sys_flock+0x14f/0x580 fs/locks.c:2181
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000016f19 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:78dd2
page:ffffea0001e37480 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x78dd2
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001d47508 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff888023913d90 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4862, ts 95022290697, free_ts 94742849827
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 kill_bdev block/bdev.c:77 [inline]
 blkdev_flush_mapping+0x182/0x340 block/bdev.c:659
 blkdev_put_whole block/bdev.c:690 [inline]
 blkdev_put+0x4d1/0x7d0 block/bdev.c:957
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 0000000000017255 R15: 0000000000000003
 </TASK>
BUG: Bad page state in process syz-executor.0  pfn:751c8
page:ffffea0001d47200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x751c8
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001e6e548 ffffc9000327fa00 0000000000000000
raw: 0000000000000004 ffff88807280fc98 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x100c40(GFP_NOFS|__GFP_HARDWALL), pid 4864, ts 95845424635, free_ts 95836062549
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x1b77/0x1c60 mm/page_alloc.c:4192
 __alloc_pages+0x1e1/0x470 mm/page_alloc.c:5474
 __page_cache_alloc+0xd2/0x3f0 mm/filemap.c:1022
 do_read_cache_page+0x1da/0x1030 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x35d/0x1060 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd4/0x9a0 fs/jfs/jfs_dmap.c:1890
 dbAllocAG+0x1e9/0xf10 fs/jfs/jfs_dmap.c:1436
 dbDiscardAG+0x2ca/0x8e0 fs/jfs/jfs_dmap.c:1685
 jfs_ioc_trim+0x42b/0x660 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2a5/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x637/0x6c0 mm/page_alloc.c:3317
 free_unref_page+0x94/0x280 mm/page_alloc.c:3396
 free_slab mm/slub.c:2015 [inline]
 discard_slab mm/slub.c:2021 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2507
 put_cpu_partial+0x12d/0x190 mm/slub.c:2587
 qlist_free_all+0x35/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x150/0x160 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xd0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x4c/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0x100/0x290 mm/slub.c:3233
 getname_flags+0xb5/0x500 fs/namei.c:138
 do_sys_openat2+0xcf/0x4a0 fs/open.c:1247
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __x64_sys_openat+0x135/0x160 fs/open.c:1280
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 4490 Comm: syz-executor.0 Tainted: G    B             5.15.185-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x383/0x6c0 mm/page_alloc.c:3317
 free_unref_page_list+0x122/0x7e0 mm/page_alloc.c:3433
 release_pages+0x184b/0x1bb0 mm/swap.c:963
 __pagevec_release+0x6d/0xe0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x2f3/0xef0 mm/truncate.c:329
 dbUnmount+0x105/0x170 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1fa/0x360 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x88/0x190 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x300 fs/super.c:475
 kill_block_super+0x7c/0xe0 fs/super.c:1427
 deactivate_locked_super+0x93/0xf0 fs/super.c:335
 cleanup_mnt+0x418/0x4d0 fs/namespace.c:1139
 task_work_run+0x125/0x1a0 kernel/task_work.c:188
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop+0x10f/0x130 kernel/entry/common.c:181
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f1c679170d7
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd50441ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f1c679613b9 RCX: 00007f1c679170d7
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffd50441f90
RBP: 00007ffd50441f90 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd50443050
R13: 00007f1c679613b9 R14: 000000000001757d R15: 0000000000000003
 </TASK>