BUG: Bad page state in process kworker/u8:1  pfn:12771f
page: refcount:0 mapcount:0 mapping:ffff88811d691d30 index:0x0 pfn:0x12771f
aops:v9fs_addr_operations ino:2
flags: 0x4000000000000001(locked|zone=1)
raw: 4000000000000001 dead000000000100 dead000000000122 ffff88811d691d30
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Movable, gfp_mask 0x141cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE|__GFP_COMP), pid 3619, tgid 3618 (syz.2.1567), ts 113579043418, free_ts 113577680985
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x262/0x2a0 mm/page_alloc.c:1851
 prep_new_page mm/page_alloc.c:1859 [inline]
 get_page_from_freelist+0x2056/0x2120 mm/page_alloc.c:3858
 __alloc_frozen_pages_noprof+0x2bb/0x510 mm/page_alloc.c:5148
 __alloc_pages_noprof mm/page_alloc.c:5182 [inline]
 __folio_alloc_noprof+0x18/0xc0 mm/page_alloc.c:5192
 __folio_alloc_node_noprof include/linux/gfp.h:295 [inline]
 folio_alloc_noprof include/linux/gfp.h:330 [inline]
 filemap_alloc_folio_noprof include/linux/pagemap.h:653 [inline]
 __filemap_get_folio+0x35a/0x720 mm/filemap.c:1981
 netfs_grab_folio_for_write fs/netfs/buffered_write.c:47 [inline]
 netfs_perform_write+0x440/0x1e10 fs/netfs/buffered_write.c:179
 netfs_buffered_write_iter_locked+0xa3/0x1c0 fs/netfs/buffered_write.c:452
 netfs_file_write_iter+0x189/0x4b0 fs/netfs/buffered_write.c:491
 v9fs_file_write_iter+0xac/0xe0 fs/9p/vfs_file.c:407
 do_iter_readv_writev+0x627/0x810 fs/read_write.c:-1
 vfs_writev+0x443/0xcf0 fs/read_write.c:1057
 do_pwritev fs/read_write.c:1153 [inline]
 __do_sys_pwritev2 fs/read_write.c:1211 [inline]
 __se_sys_pwritev2+0x179/0x290 fs/read_write.c:1202
 __x64_sys_pwritev2+0xc3/0xf0 fs/read_write.c:1202
 x64_sys_call+0x2bf9/0x2fd0 arch/x86/include/generated/asm/syscalls_64.h:329
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x62/0x160 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
page last free pid 425 tgid 425 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 free_unref_folios+0xd43/0x13b0 mm/page_alloc.c:2952
 folios_put_refs+0x4c8/0x5b0 mm/swap.c:997
 folios_put include/linux/mm.h:1419 [inline]
 __folio_batch_release+0xac/0x100 mm/swap.c:1057
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x46d/0x1010 mm/shmem.c:1157
 shmem_truncate_range mm/shmem.c:1269 [inline]
 shmem_evict_inode+0x265/0xa00 mm/shmem.c:1397
 evict+0x4d0/0x970 fs/inode.c:810
 iput_final fs/inode.c:1897 [inline]
 iput+0x633/0x930 fs/inode.c:1923
 dentry_unlink_inode+0x373/0x420 fs/dcache.c:466
 __dentry_kill+0x1b4/0x5f0 fs/dcache.c:669
 dput+0x34b/0x4f0 fs/dcache.c:911
 do_renameat2+0x705/0xaa0 fs/namei.c:5280
 __do_sys_rename fs/namei.c:5325 [inline]
 __se_sys_rename fs/namei.c:5323 [inline]
 __x64_sys_rename+0x86/0xa0 fs/namei.c:5323
 x64_sys_call+0x201/0x2fd0 arch/x86/include/generated/asm/syscalls_64.h:83
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x62/0x160 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
Modules linked in:
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT  ff73a1e0073c97e61e5cf9407d5859bf90ff9d0a
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue: events_unbound netfs_write_collection_worker
Call Trace:
 <TASK>
 __dump_stack+0x21/0x30 lib/dump_stack.c:94
 dump_stack_lvl+0x10b/0x180 lib/dump_stack.c:120
 dump_stack+0x19/0x20 lib/dump_stack.c:129
 bad_page+0x18b/0x1e0 mm/page_alloc.c:650
 free_page_is_bad mm/page_alloc.c:1083 [inline]
 free_pages_prepare mm/page_alloc.c:1387 [inline]
 __free_frozen_pages+0xb70/0xbc0 mm/page_alloc.c:2895
 free_frozen_pages+0xf/0x30 mm/page_alloc.c:2933
 __folio_put+0x24e/0x2a0 mm/swap.c:112
 folio_put include/linux/mm.h:1360 [inline]
 folio_end_writeback+0x42c/0x4a0 mm/filemap.c:1665
 netfs_folio_written_back+0x39d/0x620 fs/netfs/write_collect.c:104
 netfs_writeback_unlock_folios fs/netfs/write_collect.c:162 [inline]
 netfs_collect_write_results fs/netfs/write_collect.c:316 [inline]
 netfs_write_collection+0x14f6/0x30a0 fs/netfs/write_collect.c:365
 netfs_write_collection_worker+0xc1/0x3e0 fs/netfs/write_collect.c:448
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0x7d5/0x1040 kernel/workqueue.c:3319
 worker_thread+0xc4e/0x1270 kernel/workqueue.c:3400
 kthread+0x6f4/0x880 kernel/kthread.c:463
 ret_from_fork+0x181/0x250 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>