BUG: Bad page state in iomap_write

Title	Replies (including bot)	Last reply
[syzbot] Monthly xfs report (Mar 2025)	0 (1)	2025/03/23 22:24
[syzbot] Monthly xfs report (Feb 2025)	0 (1)	2025/02/20 19:03
[syzbot] [mm?] BUG: Bad page state in iomap_write_begin	4 (6)	2024/11/21 09:55

Created	Duration	User	Patch	Repo	Result
2024/11/20 11:06	14m	hdanton@sina.com		git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.12-rc6	report log

Created

Duration

User

Patch

Repo

Result

2024/11/20 11:06

14m

hdanton@sina.com

git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.12-rc6

report log

BUG: Bad page state in process syz-executor412 pfn:49401 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49401 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001250001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001250001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5308, tgid 5308 (syz-executor412), ts 78177893113, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49400 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49400 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5308, tgid 5308 (syz-executor412), ts 78177893113, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:49601 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49601 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001258001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001258001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5318, tgid 5318 (syz-executor412), ts 78996722380, free_ts 78573948324 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49600 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49600 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5318, tgid 5318 (syz-executor412), ts 78996722380, free_ts 78573948324 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:48c01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x48c01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001230001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001230001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5327, tgid 5327 (syz-executor412), ts 79801898122, free_ts 79410551677 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:48c00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48c00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5327, tgid 5327 (syz-executor412), ts 79801898122, free_ts 79410551677 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:48e01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x48e01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001238001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001238001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5336, tgid 5336 (syz-executor412), ts 80629586754, free_ts 80209505616 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:48e00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48e00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5336, tgid 5336 (syz-executor412), ts 80629586754, free_ts 80209505616 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:49801 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49801 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001260001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001260001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5345, tgid 5345 (syz-executor412), ts 81462685895, free_ts 81053493494 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49800 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49800 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5345, tgid 5345 (syz-executor412), ts 81462685895, free_ts 81053493494 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:49a01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49a01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001268001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001268001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5354, tgid 5354 (syz-executor412), ts 82292440655, free_ts 81883615049 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49a00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49a00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5354, tgid 5354 (syz-executor412), ts 82292440655, free_ts 81883615049 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:49c01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49c01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001270001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001270001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5364, tgid 5364 (syz-executor412), ts 83183687110, free_ts 82722265110 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49c00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49c00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5364, tgid 5364 (syz-executor412), ts 83183687110, free_ts 82722265110 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:49e01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x49e01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001278001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001278001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5373, tgid 5373 (syz-executor412), ts 84024239166, free_ts 83603221103 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:49e00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49e00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5373, tgid 5373 (syz-executor412), ts 84024239166, free_ts 83603221103 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:4a201 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4a201 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001288001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001288001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5382, tgid 5382 (syz-executor412), ts 84865337560, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:4a200 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a200 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5382, tgid 5382 (syz-executor412), ts 84865337560, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:4a001 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4a001 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001280001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001280001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5391, tgid 5391 (syz-executor412), ts 85609743935, free_ts 84456547791 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:4a000 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a000 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5391, tgid 5391 (syz-executor412), ts 85609743935, free_ts 84456547791 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:4a801 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4a801 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea00012a0001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea00012a0001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5400, tgid 5400 (syz-executor412), ts 86415955344, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:4a800 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a800 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5400, tgid 5400 (syz-executor412), ts 86415955344, free_ts 0 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page_owner free stack trace missing Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:4aa01 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4aa01 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea00012a8001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea00012a8001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5409, tgid 5409 (syz-executor412), ts 87182312980, free_ts 86772397073 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> BUG: Bad page state in process syz-executor412 pfn:4aa00 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4aa00 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 0000000000000000 ffffffffffffffff 0000000000000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5409, tgid 5409 (syz-executor412), ts 87182312980, free_ts 86772397073 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:923 [inline] free_pages_prepare mm/page_alloc.c:1119 [inline] free_frozen_pages+0x1082/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342 truncate_inode_pages_range+0x36b/0x10e0 mm/truncate.c:327 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3c13562647 Code: 08 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffc6e0b1718 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3c13562647 RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc6e0b17d0 RBP: 00007ffc6e0b17d0 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc6e0b2840 R13: 000055556ad516c0 R14: 431bde82d7b634db R15: 00007ffc6e0b2860 </TASK> XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 BUG: Bad page state in process syz-executor412 pfn:4a401 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x4a401 head: order:0 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:-1 flags: 0x4fff0000000004d(locked|referenced|uptodate|head|node=1|zone=1|lastcpupid=0x7ff) raw: 04fff00000000000 ffffea0001290001 ffffffffffffffff ffffffff00000000 raw: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff0000000004d dead000000000100 dead000000000122 0000000000000000 head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 head: 04fff00000000000 ffffea0001290001 ffffffffffffffff ffffffff00000000 head: 0000000000000200 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: nonzero pincount page_owner tracks the page as allocated page last allocated via order 9, migratetype Movable, gfp_mask 0x153c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE|__GFP_WRITE), pid 5418, tgid 5418 (syz-executor412), ts 88050803165, free_ts 87633545020 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1551 prep_new_page mm/page_alloc.c:1559 [inline] get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3477 __alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4739 alloc_pages_mpol+0x311/0x660 mm/mempolicy.c:2270 alloc_frozen_pages_noprof mm/mempolicy.c:2341 [inline] alloc_pages_noprof+0x121/0x190 mm/mempolicy.c:2361 folio_alloc_noprof+0x1e/0x30 mm/mempolicy.c:2371 filemap_alloc_folio_noprof+0xe1/0x540 mm/filemap.c:1019 __filemap_get_folio+0x438/0xae0 mm/filemap.c:1970 iomap_get_folio fs/iomap/buffered-io.c:608 [inline] __iomap_get_folio fs/iomap/buffered-io.c:754 [inline] iomap_write_begin+0x4d3/0x1990 fs/iomap/buffered-io.c:797 iomap_write_iter fs/iomap/buffered-io.c:955 [inline] iomap_file_buffered_write+0x6ea/0x11c0 fs/iomap/buffered-io.c:1039 xfs_file_buffered_write+0x2cd/0xb20 fs/xfs/xfs_file.c:792 new_sync_write fs/read_write.c:586 [inline] vfs_write+0xacf/0xd10 fs/read_write.c:679 ksys_write+0x18f/0x2b0 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f page last free pid 5307 tgid 5307 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1127 [inline] free_unref_folios+0xe40/0x18b0 mm/page_alloc.c:2707 folios_put_refs+0x76c/0x860 mm/swap.c:994 folio_batch_release include/linux/pagevec.h:101 [inline] truncate_inode_pages_range+0x460/0x10e0 mm/truncate.c:330 evict+0x4fd/0x9a0 fs/inode.c:798 dispose_list fs/inode.c:845 [inline] evict_inodes+0x6f6/0x790 fs/inode.c:899 generic_shutdown_super+0xa0/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1710 xfs_kill_sb+0x15/0x50 fs/xfs/xfs_super.c:2111 deactivate_locked_super+0xc4/0x130 fs/super.c:473 cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1413 task_work_run+0x24f/0x310 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x13f/0x340 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 5307 Comm: syz-executor412 Tainted: G B 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0 Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_tail_page_prepare+0x2ab/0x4b0 free_pages_prepare mm/page_alloc.c:1103 [inline] free_frozen_pages+0x8b5/0x10e0 mm/page_alloc.c:2660 __folio_put+0x2b3/0x360 mm/swap.c:112 delete_from_page_cache_batch+0x8f5/0xa60 mm/filemap.c:342

Crashes (204):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/02/10 01:52	upstream	69b54314c975	ef44b750	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/02/10 00:40	upstream	69b54314c975	ef44b750	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/02/09 23:31	upstream	69b54314c975	ef44b750	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2024/11/17 01:03	upstream	e8bdb3c8be08	cfe3a04a	.config	console log	report	syz / log	C		[disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2024/11/16 08:33	upstream	f868cd251776	cfe3a04a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	BUG: Bad page state in iomap_write_begin
2025/05/09 06:57	upstream	2c89c1b655c0	bb813bcc	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/09 00:44	upstream	2c89c1b655c0	bb813bcc	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/08 17:33	upstream	d76bb1ebb558	dbf35fa1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/08 17:33	upstream	d76bb1ebb558	dbf35fa1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/07 22:04	upstream	707df3375124	dbf35fa1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/07 17:01	upstream	707df3375124	dbf35fa1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/06 22:53	upstream	0d8d44db295c	350f4ffc	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/04 19:32	upstream	e8ab83e34bdc	b0714e37	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/04 02:37	upstream	2a239ffbebb5	b0714e37	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/03 07:25	upstream	00b827f0cffa	b0714e37	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/01 17:41	upstream	4f79eaa2ceac	51b137cd	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/01 10:22	upstream	7a13c14ee59d	ce7952f4	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/05/01 06:28	upstream	7a13c14ee59d	ce7952f4	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/30 20:37	upstream	b6ea1680d0ac	937aafd7	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/27 17:58	upstream	5bc1018675ec	c6b4fb39	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/27 09:12	upstream	5bc1018675ec	c6b4fb39	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/26 13:13	upstream	f1a3944c860b	c6b4fb39	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/25 12:55	upstream	02ddfb981de8	dea5c7e4	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/23 03:50	upstream	bc3372351d0c	53a8b9bd	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/21 23:01	upstream	9d7a0577c9db	2a20f901	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/20 06:57	upstream	119009db2674	2a20f901	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/19 08:46	upstream	3088d26962e8	2a20f901	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/17 16:18	upstream	cfb2e2c57aef	552876f8	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/16 07:31	upstream	1a1d569a75f3	a95239b1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/15 14:31	upstream	834a4a689699	85125322	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/14 03:29	upstream	5aaaedb0cb54	0bd6db41	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/12 05:58	upstream	e618ee89561b	0bd6db41	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/11 20:54	upstream	900241a5cc15	12ba9c21	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/10 04:36	upstream	3b07108ada81	988b336c	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/07 17:46	upstream	0af2f6be1b42	2f0c9720	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/05 21:46	upstream	56f944529ec2	1c65791e	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/03 05:46	upstream	a1b5bd45d4ee	996a9618	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/04/02 10:46	upstream	91e5bfe317d8	c799dfdd	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/28 10:39	upstream	4fa118e5b79f	6c09fb82	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/26 17:17	upstream	1e26c5e28ca5	19e40f48	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/24 05:39	upstream	586de92313fc	875573af	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/23 15:20	upstream	183601b78a9b	4e8d3850	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/23 08:49	upstream	183601b78a9b	4e8d3850	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/22 00:19	upstream	d07de43e3f05	c6512ef7	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/18 19:15	upstream	76b6905c11fd	22a6c2b1	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/17 15:00	upstream	4701f33a1070	948c34e4	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/13 22:20	upstream	4003c9e78778	e2826670	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/11 00:36	upstream	4d872d51bc9d	16256247	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin
2025/03/10 17:28	upstream	80e54e84911a	16256247	.config	console log	report				[disk image (non-bootable)] [vmlinux] [kernel image]	ci-snapshot-upstream-root	BUG: Bad page state in iomap_write_begin

Crashes (204):

Assets (help?)

2025/02/10 01:52

upstream