./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3390360965
<...>
forked to background, child pid 4747
no interfaces have a carrier
[ 33.531525][ T4748] 8021q: adding VLAN 0 to HW filter on device bond0
[ 33.549282][ T4748] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts.
execve("./syz-executor3390360965", ["./syz-executor3390360965"], 0x7ffe800b1de0 /* 10 vars */) = 0
brk(NULL) = 0x555570a84000
brk(0x555570a84d00) = 0x555570a84d00
arch_prctl(ARCH_SET_FS, 0x555570a84380) = 0
set_tid_address(0x555570a84650) = 5078
set_robust_list(0x555570a84660, 24) = 0
rseq(0x555570a84ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3390360965", 4096) = 28
getrandom("\x0d\x5a\xdf\x20\x30\x0d\x94\xe0", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555570a84d00
brk(0x555570aa5d00) = 0x555570aa5d00
brk(0x555570aa6000) = 0x555570aa6000
mprotect(0x7fd7647de000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.bSi7rv", 0700) = 0
chmod("./syzkaller.bSi7rv", 0777) = 0
chdir("./syzkaller.bSi7rv") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5079 attached
, child_tidptr=0x555570a84650) = 5079
[pid 5079] set_robust_list(0x555570a84660, 24) = 0
[pid 5079] chdir("./0") = 0
[pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5079] setpgid(0, 0) = 0
[pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5079] write(3, "1000", 4) = 4
[pid 5079] close(3) = 0
[pid 5079] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5079] write(1, "executing program\n", 18executing program
) = 18
[pid 5079] memfd_create("syzkaller", 0) = 3
[pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5079] munmap(0x7fd75c200000, 138412032) = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5079] close(3) = 0
[pid 5079] close(4) = 0
[pid 5079] mkdir("./file0", 0777) = 0
[pid 5079] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5079] chdir("./file0") = 0
[pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
syzkaller login: [ 60.270854][ T5079] loop0: detected capacity change from 0 to 32768
[pid 5079] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5079] fspick(AT_FDCWD, ".", 0) = 5
[pid 5079] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5079] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid 5079] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5079] exit_group(0) = ?
[pid 5079] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=16 /* 0.16 s */} ---
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 60.427747][ T5078] BUG: Bad page state in process syz-executor339 pfn:781cf
[ 60.435235][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x781cf
[ 60.444057][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 60.453659][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 60.462226][ T5078] raw: 0000000000000003 ffff888045cfe6c8 00000000ffffffff 0000000000000000
[ 60.470830][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 60.478234][ T5078] page_owner tracks the page as allocated
[ 60.484118][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5079, tgid 5079 (syz-executor339), ts 60358478391, free_ts 60350734150
[ 60.501186][ T5078] post_alloc_hook+0x1f3/0x230
[ 60.506081][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 60.511646][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 60.516882][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 60.523055][ T5078] folio_alloc_noprof+0x128/0x180
[ 60.528140][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 60.533831][ T5078] do_read_cache_folio+0xed/0x820
[ 60.538858][ T5078] do_read_cache_page+0x30/0x200
[ 60.544270][ T5078] __get_metapage+0x330/0x1050
[ 60.549052][ T5078] dbAdjCtl+0x138/0x9c0
[ 60.553187][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 60.557901][ T5078] dbAllocCtl+0x113/0x920
[ 60.562239][ T5078] dbAllocAG+0x28f/0x10b0
[ 60.566748][ T5078] dbDiscardAG+0x352/0xa10
[ 60.571179][ T5078] jfs_ioc_trim+0x433/0x670
[ 60.575708][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 60.579953][ T5078] page last free pid 5079 tgid 5079 stack trace:
[ 60.586360][ T5078] free_unref_folios+0xf12/0x19c0
[ 60.591397][ T5078] folios_put_refs+0x93a/0xa60
[ 60.596212][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 60.601591][ T5078] reconfigure_super+0x5dd/0x880
[ 60.606561][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 60.611507][ T5078] do_syscall_64+0xf3/0x230
[ 60.616052][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.622058][ T5078] Modules linked in:
[ 60.626051][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 60.636559][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 60.646618][ T5078] Call Trace:
[ 60.649899][ T5078]
[ 60.652819][ T5078] dump_stack_lvl+0x241/0x360
[ 60.657515][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.662741][ T5078] ? __pfx_print_modules+0x10/0x10
[ 60.667893][ T5078] ? page_ext_get+0x20/0x2a0
[ 60.672482][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 60.677164][ T5078] bad_page+0x14c/0x170
[ 60.681319][ T5078] free_unref_folios+0x1121/0x19c0
[ 60.686434][ T5078] folios_put_refs+0x93a/0xa60
[ 60.691199][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 60.696477][ T5078] ? mlock_drain_local+0x79/0x490
[ 60.701498][ T5078] ? mlock_drain_local+0x79/0x490
[ 60.706514][ T5078] ? mlock_drain_local+0x28d/0x490
[ 60.711657][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 60.717378][ T5078] ? kasan_save_stack+0x4f/0x60
[ 60.722228][ T5078] ? kasan_save_stack+0x3f/0x60
[ 60.727077][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 60.732617][ T5078] ? call_rcu+0x167/0xa70
[ 60.736945][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 60.743179][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 60.748749][ T5078] ? mark_lock+0x9a/0x350
[ 60.753123][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 60.757830][ T5078] ? evict+0x577/0x630
[ 60.761938][ T5078] dbUnmount+0x115/0x190
[ 60.766298][ T5078] jfs_umount+0x238/0x3a0
[ 60.770645][ T5078] jfs_put_super+0x8a/0x190
[ 60.775185][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 60.780295][ T5078] generic_shutdown_super+0x136/0x2d0
[ 60.785666][ T5078] kill_block_super+0x44/0x90
[ 60.790333][ T5078] deactivate_locked_super+0xc4/0x130
[ 60.795704][ T5078] cleanup_mnt+0x41f/0x4b0
[ 60.800135][ T5078] ? lockdep_hardirqs_on+0x99/0x150
[ 60.805331][ T5078] task_work_run+0x24f/0x310
[ 60.809918][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 60.815022][ T5078] ? path_umount+0x284/0xf70
[ 60.819613][ T5078] ptrace_notify+0x2d2/0x380
[ 60.824202][ T5078] ? __pfx_path_umount+0x10/0x10
[ 60.829132][ T5078] ? user_path_at_empty+0x4c/0x60
[ 60.834162][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 60.839274][ T5078] ? __x64_sys_umount+0x126/0x170
[ 60.844291][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 60.849659][ T5078] syscall_exit_work+0xc6/0x190
[ 60.854504][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 60.860134][ T5078] do_syscall_64+0x100/0x230
[ 60.864720][ T5078] ? clear_bhb_loop+0x35/0x90
[ 60.869392][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.875308][ T5078] RIP: 0033:0x7fd7647654c7
[ 60.879733][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 60.899366][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 60.907775][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 60.915737][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 60.923697][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 60.931656][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 60.939616][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 60.947594][ T5078]
[ 60.950817][ T5078] Disabling lock debugging due to kernel taint
[ 60.957250][ T5078] BUG: Bad page state in process syz-executor339 pfn:2502e
[ 60.964729][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x2502e
[ 60.973590][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 60.983142][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 60.991747][ T5078] raw: 0000000000000004 ffff888045cfe5d0 00000000ffffffff 0000000000000000
[ 61.000357][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 61.007673][ T5078] page_owner tracks the page as allocated
[ 61.013432][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5079, tgid 5079 (syz-executor339), ts 60357642186, free_ts 60350739807
[ 61.030518][ T5078] post_alloc_hook+0x1f3/0x230
[ 61.035310][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 61.040943][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 61.046200][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 61.051664][ T5078] folio_alloc_noprof+0x128/0x180
[ 61.056759][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 61.062396][ T5078] do_read_cache_folio+0xed/0x820
[ 61.067464][ T5078] do_read_cache_page+0x30/0x200
[ 61.072406][ T5078] __get_metapage+0x330/0x1050
[ 61.077191][ T5078] dbAllocCtl+0xd5/0x920
[ 61.081431][ T5078] dbAllocAG+0x28f/0x10b0
[ 61.085802][ T5078] dbDiscardAG+0x352/0xa10
[ 61.090229][ T5078] jfs_ioc_trim+0x433/0x670
[ 61.094799][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 61.099040][ T5078] __se_sys_ioctl+0xfc/0x170
[ 61.103738][ T5078] do_syscall_64+0xf3/0x230
[ 61.108245][ T5078] page last free pid 5079 tgid 5079 stack trace:
[ 61.114594][ T5078] free_unref_folios+0xf12/0x19c0
[ 61.119631][ T5078] folios_put_refs+0x93a/0xa60
[ 61.124426][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 61.129798][ T5078] reconfigure_super+0x5dd/0x880
[ 61.134755][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 61.139690][ T5078] do_syscall_64+0xf3/0x230
[ 61.144217][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.150113][ T5078] Modules linked in:
[ 61.154026][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 61.165999][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 61.176037][ T5078] Call Trace:
[ 61.179296][ T5078]
[ 61.182208][ T5078] dump_stack_lvl+0x241/0x360
[ 61.186873][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 61.192062][ T5078] ? __pfx_print_modules+0x10/0x10
[ 61.197153][ T5078] ? page_ext_get+0x20/0x2a0
[ 61.201721][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 61.206376][ T5078] bad_page+0x14c/0x170
[ 61.210514][ T5078] free_unref_folios+0x1121/0x19c0
[ 61.215615][ T5078] folios_put_refs+0x93a/0xa60
[ 61.220376][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 61.225646][ T5078] ? mlock_drain_local+0x79/0x490
[ 61.230658][ T5078] ? mlock_drain_local+0x79/0x490
[ 61.235669][ T5078] ? mlock_drain_local+0x28d/0x490
[ 61.240771][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 61.246483][ T5078] ? kasan_save_stack+0x4f/0x60
[ 61.251322][ T5078] ? kasan_save_stack+0x3f/0x60
[ 61.256162][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 61.261693][ T5078] ? call_rcu+0x167/0xa70
[ 61.266008][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 61.272235][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 61.277776][ T5078] ? mark_lock+0x9a/0x350
[ 61.282101][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 61.286766][ T5078] ? evict+0x577/0x630
[ 61.290821][ T5078] dbUnmount+0x115/0x190
[ 61.295056][ T5078] jfs_umount+0x238/0x3a0
[ 61.299374][ T5078] jfs_put_super+0x8a/0x190
[ 61.303863][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 61.308958][ T5078] generic_shutdown_super+0x136/0x2d0
[ 61.314320][ T5078] kill_block_super+0x44/0x90
[ 61.318979][ T5078] deactivate_locked_super+0xc4/0x130
[ 61.324339][ T5078] cleanup_mnt+0x41f/0x4b0
[ 61.328741][ T5078] ? lockdep_hardirqs_on+0x99/0x150
[ 61.333927][ T5078] task_work_run+0x24f/0x310
[ 61.338506][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 61.343604][ T5078] ? path_umount+0x284/0xf70
[ 61.348189][ T5078] ptrace_notify+0x2d2/0x380
[ 61.352769][ T5078] ? __pfx_path_umount+0x10/0x10
[ 61.357713][ T5078] ? user_path_at_empty+0x4c/0x60
[ 61.362727][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 61.367831][ T5078] ? __x64_sys_umount+0x126/0x170
[ 61.372850][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 61.378226][ T5078] syscall_exit_work+0xc6/0x190
[ 61.383065][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 61.388700][ T5078] do_syscall_64+0x100/0x230
[ 61.393281][ T5078] ? clear_bhb_loop+0x35/0x90
[ 61.397949][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 61.403830][ T5078] RIP: 0033:0x7fd7647654c7
[ 61.408248][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
[ 61.427847][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 61.436245][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 61.444201][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 61.452158][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 61.460118][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 61.468073][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 61.476036][ T5078]
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5081 attached
[pid 5081] set_robust_list(0x555570a84660, 24) = 0
[pid 5081] chdir("./1") = 0
[pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5081] setpgid(0, 0
[pid 5078] <... clone resumed>, child_tidptr=0x555570a84650) = 5081
[pid 5081] <... setpgid resumed>) = 0
[pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5081] write(3, "1000", 4) = 4
[pid 5081] close(3) = 0
[pid 5081] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5081] write(1, "executing program\n", 18executing program
) = 18
[pid 5081] memfd_create("syzkaller", 0) = 3
[pid 5081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5081] munmap(0x7fd75c200000, 138412032) = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5081] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5081] close(3) = 0
[pid 5081] close(4) = 0
[pid 5081] mkdir("./file0", 0777) = 0
[pid 5081] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5081] chdir("./file0") = 0
[pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5081] openat(AT_FDCWD, ".", O_RDONLY) = 4
[ 61.784222][ T5081] loop0: detected capacity change from 0 to 32768
[pid 5081] fspick(AT_FDCWD, ".", 0) = 5
[pid 5081] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5081] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid 5081] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5081] exit_group(0) = ?
[pid 5081] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} ---
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 61.946427][ T5078] BUG: Bad page state in process syz-executor339 pfn:45d78
[ 61.953782][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x45d78
[ 61.962537][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 61.972110][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 61.980714][ T5078] raw: 0000000000000003 ffff888045cfeaa8 00000000ffffffff 0000000000000000
[ 61.989303][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 61.996593][ T5078] page_owner tracks the page as allocated
[ 62.002283][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5081, tgid 5081 (syz-executor339), ts 61856500441, free_ts 61855057062
[ 62.019352][ T5078] post_alloc_hook+0x1f3/0x230
[ 62.024152][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 62.029701][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 62.034916][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 62.040471][ T5078] folio_alloc_noprof+0x128/0x180
[ 62.045541][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 62.051200][ T5078] do_read_cache_folio+0xed/0x820
[ 62.056342][ T5078] do_read_cache_page+0x30/0x200
[ 62.061432][ T5078] __get_metapage+0x330/0x1050
[ 62.066246][ T5078] dbAdjCtl+0x138/0x9c0
[ 62.070410][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 62.075131][ T5078] dbAllocCtl+0x113/0x920
[ 62.079465][ T5078] dbAllocAG+0x28f/0x10b0
[ 62.083817][ T5078] dbDiscardAG+0x352/0xa10
[ 62.088241][ T5078] jfs_ioc_trim+0x433/0x670
[ 62.092728][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 62.097010][ T5078] page last free pid 5081 tgid 5081 stack trace:
[ 62.103698][ T5078] free_unref_folios+0xf12/0x19c0
[ 62.108708][ T5078] folios_put_refs+0x93a/0xa60
[ 62.113555][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 62.118928][ T5078] reconfigure_super+0x5dd/0x880
[ 62.123881][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 62.128820][ T5078] do_syscall_64+0xf3/0x230
[ 62.133305][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.139233][ T5078] Modules linked in:
[ 62.143127][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 62.155080][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 62.165125][ T5078] Call Trace:
[ 62.168398][ T5078]
[ 62.171323][ T5078] dump_stack_lvl+0x241/0x360
[ 62.175981][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.181256][ T5078] ? __pfx_print_modules+0x10/0x10
[ 62.186342][ T5078] ? page_ext_get+0x20/0x2a0
[ 62.190912][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 62.195832][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 62.200491][ T5078] bad_page+0x14c/0x170
[ 62.204625][ T5078] free_unref_folios+0x1121/0x19c0
[ 62.209716][ T5078] folios_put_refs+0x93a/0xa60
[ 62.214458][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 62.219734][ T5078] ? mlock_drain_local+0x79/0x490
[ 62.224736][ T5078] ? mlock_drain_local+0x79/0x490
[ 62.229760][ T5078] ? mlock_drain_local+0x28d/0x490
[ 62.234853][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 62.240564][ T5078] ? kasan_save_stack+0x4f/0x60
[ 62.245395][ T5078] ? kasan_save_stack+0x3f/0x60
[ 62.250224][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 62.255747][ T5078] ? call_rcu+0x167/0xa70
[ 62.260054][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 62.266272][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 62.271825][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 62.276484][ T5078] ? evict+0x577/0x630
[ 62.280532][ T5078] dbUnmount+0x115/0x190
[ 62.284774][ T5078] jfs_umount+0x238/0x3a0
[ 62.289082][ T5078] jfs_put_super+0x8a/0x190
[ 62.293576][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 62.298676][ T5078] generic_shutdown_super+0x136/0x2d0
[ 62.304025][ T5078] kill_block_super+0x44/0x90
[ 62.308678][ T5078] deactivate_locked_super+0xc4/0x130
[ 62.314026][ T5078] cleanup_mnt+0x41f/0x4b0
[ 62.318417][ T5078] task_work_run+0x24f/0x310
[ 62.322989][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 62.328078][ T5078] ? path_umount+0x284/0xf70
[ 62.332656][ T5078] ptrace_notify+0x2d2/0x380
[ 62.337240][ T5078] ? __pfx_path_umount+0x10/0x10
[ 62.342152][ T5078] ? user_path_at_empty+0x4c/0x60
[ 62.347152][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 62.352248][ T5078] ? __x64_sys_umount+0x126/0x170
[ 62.357249][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 62.362597][ T5078] syscall_exit_work+0xc6/0x190
[ 62.367427][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 62.373040][ T5078] do_syscall_64+0x100/0x230
[ 62.377614][ T5078] ? clear_bhb_loop+0x35/0x90
[ 62.382269][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.388154][ T5078] RIP: 0033:0x7fd7647654c7
[ 62.392548][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 62.412231][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 62.420638][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 62.428614][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 62.436588][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 62.444544][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 62.452492][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 62.460466][ T5078]
[ 62.463987][ T5078] BUG: Bad page state in process syz-executor339 pfn:47a80
[ 62.471291][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x47a80
[ 62.480088][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 62.489682][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 62.498305][ T5078] raw: 0000000000000004 ffff888045cfe9b0 00000000ffffffff 0000000000000000
[ 62.506944][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 62.514244][ T5078] page_owner tracks the page as allocated
[ 62.519952][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5081, tgid 5081 (syz-executor339), ts 61856273986, free_ts 61855061211
[ 62.537000][ T5078] post_alloc_hook+0x1f3/0x230
[ 62.541768][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 62.547333][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 62.552530][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 62.558012][ T5078] folio_alloc_noprof+0x128/0x180
[ 62.563048][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 62.568701][ T5078] do_read_cache_folio+0xed/0x820
[ 62.573779][ T5078] do_read_cache_page+0x30/0x200
[ 62.578698][ T5078] __get_metapage+0x330/0x1050
[ 62.583481][ T5078] dbAllocCtl+0xd5/0x920
[ 62.587718][ T5078] dbAllocAG+0x28f/0x10b0
[ 62.592037][ T5078] dbDiscardAG+0x352/0xa10
[ 62.596493][ T5078] jfs_ioc_trim+0x433/0x670
[ 62.600994][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 62.605265][ T5078] __se_sys_ioctl+0xfc/0x170
[ 62.609869][ T5078] do_syscall_64+0xf3/0x230
[ 62.614412][ T5078] page last free pid 5081 tgid 5081 stack trace:
[ 62.620768][ T5078] free_unref_folios+0xf12/0x19c0
[ 62.625942][ T5078] folios_put_refs+0x93a/0xa60
[ 62.630705][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 62.636101][ T5078] reconfigure_super+0x5dd/0x880
[ 62.641070][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 62.646023][ T5078] do_syscall_64+0xf3/0x230
[ 62.650524][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.656447][ T5078] Modules linked in:
[ 62.660367][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 62.672321][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 62.682365][ T5078] Call Trace:
[ 62.685646][ T5078]
[ 62.688566][ T5078] dump_stack_lvl+0x241/0x360
[ 62.693224][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 62.698398][ T5078] ? __pfx_print_modules+0x10/0x10
[ 62.703485][ T5078] ? page_ext_get+0x20/0x2a0
[ 62.708067][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 62.712983][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 62.717650][ T5078] bad_page+0x14c/0x170
[ 62.721787][ T5078] free_unref_folios+0x1121/0x19c0
[ 62.726879][ T5078] folios_put_refs+0x93a/0xa60
[ 62.731621][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 62.736881][ T5078] ? mlock_drain_local+0x79/0x490
[ 62.741885][ T5078] ? mlock_drain_local+0x79/0x490
[ 62.746890][ T5078] ? mlock_drain_local+0x28d/0x490
[ 62.751982][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 62.757686][ T5078] ? kasan_save_stack+0x4f/0x60
[ 62.762524][ T5078] ? kasan_save_stack+0x3f/0x60
[ 62.767352][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 62.772873][ T5078] ? call_rcu+0x167/0xa70
[ 62.777196][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 62.783412][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 62.788951][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 62.793618][ T5078] ? evict+0x577/0x630
[ 62.797668][ T5078] dbUnmount+0x115/0x190
[ 62.801892][ T5078] jfs_umount+0x238/0x3a0
[ 62.806199][ T5078] jfs_put_super+0x8a/0x190
[ 62.810678][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 62.815770][ T5078] generic_shutdown_super+0x136/0x2d0
[ 62.821121][ T5078] kill_block_super+0x44/0x90
[ 62.825773][ T5078] deactivate_locked_super+0xc4/0x130
[ 62.831134][ T5078] cleanup_mnt+0x41f/0x4b0
[ 62.835530][ T5078] task_work_run+0x24f/0x310
[ 62.840100][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 62.845186][ T5078] ? path_umount+0x284/0xf70
[ 62.849770][ T5078] ptrace_notify+0x2d2/0x380
[ 62.854340][ T5078] ? __pfx_path_umount+0x10/0x10
[ 62.859256][ T5078] ? user_path_at_empty+0x4c/0x60
[ 62.864257][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 62.869350][ T5078] ? __x64_sys_umount+0x126/0x170
[ 62.874354][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 62.879708][ T5078] syscall_exit_work+0xc6/0x190
[ 62.884541][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 62.890151][ T5078] do_syscall_64+0x100/0x230
[ 62.894716][ T5078] ? clear_bhb_loop+0x35/0x90
[ 62.899385][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 62.905254][ T5078] RIP: 0033:0x7fd7647654c7
[ 62.909646][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 62.929227][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 62.937630][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 62.945597][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 62.953565][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 62.961523][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 62.969482][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 62.977445][ T5078]
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached
, child_tidptr=0x555570a84650) = 5082
[pid 5082] set_robust_list(0x555570a84660, 24) = 0
[pid 5082] chdir("./2") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] write(1, "executing program\n", 18executing program
) = 18
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5082] munmap(0x7fd75c200000, 138412032) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] close(4) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[pid 5082] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[ 63.240012][ T5082] loop0: detected capacity change from 0 to 32768
[pid 5082] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5082] fspick(AT_FDCWD, ".", 0) = 5
[pid 5082] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5082] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid 5082] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=8 /* 0.08 s */} ---
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 63.375082][ T5078] BUG: Bad page state in process syz-executor339 pfn:2c836
[ 63.382415][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x2c836
[ 63.391262][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 63.400839][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 63.409460][ T5078] raw: 0000000000000003 ffff88802458ec98 00000000ffffffff 0000000000000000
[ 63.418061][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 63.425371][ T5078] page_owner tracks the page as allocated
[ 63.431095][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5082, tgid 5082 (syz-executor339), ts 63329628076, free_ts 63318671388
[ 63.448131][ T5078] post_alloc_hook+0x1f3/0x230
[ 63.452899][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 63.458491][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 63.463715][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 63.469182][ T5078] folio_alloc_noprof+0x128/0x180
[ 63.474250][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 63.479907][ T5078] do_read_cache_folio+0xed/0x820
[ 63.484967][ T5078] do_read_cache_page+0x30/0x200
[ 63.489901][ T5078] __get_metapage+0x330/0x1050
[ 63.494694][ T5078] dbAdjCtl+0x138/0x9c0
[ 63.498868][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 63.503610][ T5078] dbAllocCtl+0x113/0x920
[ 63.507944][ T5078] dbAllocAG+0x28f/0x10b0
[ 63.512260][ T5078] dbDiscardAG+0x352/0xa10
[ 63.516714][ T5078] jfs_ioc_trim+0x433/0x670
[ 63.521219][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 63.525556][ T5078] page last free pid 5082 tgid 5082 stack trace:
[ 63.531900][ T5078] free_unref_folios+0xf12/0x19c0
[ 63.536946][ T5078] folios_put_refs+0x93a/0xa60
[ 63.541707][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 63.547112][ T5078] reconfigure_super+0x5dd/0x880
[ 63.552055][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 63.557010][ T5078] do_syscall_64+0xf3/0x230
[ 63.561512][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.567462][ T5078] Modules linked in:
[ 63.571356][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 63.583306][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 63.593342][ T5078] Call Trace:
[ 63.596619][ T5078]
[ 63.599531][ T5078] dump_stack_lvl+0x241/0x360
[ 63.604190][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 63.609712][ T5078] ? __pfx_print_modules+0x10/0x10
[ 63.614800][ T5078] ? page_ext_get+0x20/0x2a0
[ 63.619367][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 63.624288][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 63.628953][ T5078] bad_page+0x14c/0x170
[ 63.633100][ T5078] free_unref_folios+0x1121/0x19c0
[ 63.638201][ T5078] folios_put_refs+0x93a/0xa60
[ 63.643042][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 63.648319][ T5078] ? mlock_drain_local+0x79/0x490
[ 63.653335][ T5078] ? mlock_drain_local+0x79/0x490
[ 63.658365][ T5078] ? mlock_drain_local+0x28d/0x490
[ 63.663466][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 63.669175][ T5078] ? kasan_save_stack+0x4f/0x60
[ 63.674015][ T5078] ? kasan_save_stack+0x3f/0x60
[ 63.678852][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 63.684381][ T5078] ? call_rcu+0x167/0xa70
[ 63.688696][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 63.695028][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 63.700583][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 63.705250][ T5078] ? evict+0x577/0x630
[ 63.709307][ T5078] dbUnmount+0x115/0x190
[ 63.713541][ T5078] jfs_umount+0x238/0x3a0
[ 63.717861][ T5078] jfs_put_super+0x8a/0x190
[ 63.722348][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 63.727443][ T5078] generic_shutdown_super+0x136/0x2d0
[ 63.732805][ T5078] kill_block_super+0x44/0x90
[ 63.737466][ T5078] deactivate_locked_super+0xc4/0x130
[ 63.742827][ T5078] cleanup_mnt+0x41f/0x4b0
[ 63.747229][ T5078] task_work_run+0x24f/0x310
[ 63.751814][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 63.756913][ T5078] ? path_umount+0x284/0xf70
[ 63.761496][ T5078] ptrace_notify+0x2d2/0x380
[ 63.766095][ T5078] ? __pfx_path_umount+0x10/0x10
[ 63.771043][ T5078] ? user_path_at_empty+0x4c/0x60
[ 63.776073][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 63.781210][ T5078] ? __x64_sys_umount+0x126/0x170
[ 63.786236][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 63.791606][ T5078] syscall_exit_work+0xc6/0x190
[ 63.796450][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 63.802075][ T5078] do_syscall_64+0x100/0x230
[ 63.806670][ T5078] ? clear_bhb_loop+0x35/0x90
[ 63.811335][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.817215][ T5078] RIP: 0033:0x7fd7647654c7
[ 63.821642][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 63.841238][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 63.849642][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 63.857630][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 63.865617][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 63.873588][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 63.881551][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 63.889534][ T5078]
[ 63.895306][ T5078] BUG: Bad page state in process syz-executor339 pfn:45d06
[ 63.902629][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x45d06
[ 63.911890][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 63.921513][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 63.930123][ T5078] raw: 0000000000000004 ffff88802458eba0 00000000ffffffff 0000000000000000
[ 63.938762][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 63.946077][ T5078] page_owner tracks the page as allocated
[ 63.951790][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5082, tgid 5082 (syz-executor339), ts 63329267790, free_ts 63318676055
[ 63.968842][ T5078] post_alloc_hook+0x1f3/0x230
[ 63.973829][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 63.979363][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 63.984575][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 63.990042][ T5078] folio_alloc_noprof+0x128/0x180
[ 63.995096][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 64.000754][ T5078] do_read_cache_folio+0xed/0x820
[ 64.005804][ T5078] do_read_cache_page+0x30/0x200
[ 64.010742][ T5078] __get_metapage+0x330/0x1050
[ 64.015529][ T5078] dbAllocCtl+0xd5/0x920
[ 64.019834][ T5078] dbAllocAG+0x28f/0x10b0
[ 64.024226][ T5078] dbDiscardAG+0x352/0xa10
[ 64.028670][ T5078] jfs_ioc_trim+0x433/0x670
[ 64.033185][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 64.037544][ T5078] __se_sys_ioctl+0xfc/0x170
[ 64.042166][ T5078] do_syscall_64+0xf3/0x230
[ 64.046708][ T5078] page last free pid 5082 tgid 5082 stack trace:
[ 64.053143][ T5078] free_unref_folios+0xf12/0x19c0
[ 64.058242][ T5078] folios_put_refs+0x93a/0xa60
[ 64.063022][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 64.068484][ T5078] reconfigure_super+0x5dd/0x880
[ 64.073479][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 64.078415][ T5078] do_syscall_64+0xf3/0x230
[ 64.082900][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 64.088840][ T5078] Modules linked in:
[ 64.092741][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 64.104707][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 64.114750][ T5078] Call Trace:
[ 64.118016][ T5078]
[ 64.120928][ T5078] dump_stack_lvl+0x241/0x360
[ 64.125589][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 64.130765][ T5078] ? __pfx_print_modules+0x10/0x10
[ 64.135863][ T5078] ? page_ext_get+0x20/0x2a0
[ 64.140435][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 64.145359][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 64.150025][ T5078] bad_page+0x14c/0x170
[ 64.154170][ T5078] free_unref_folios+0x1121/0x19c0
[ 64.159271][ T5078] folios_put_refs+0x93a/0xa60
[ 64.164024][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 64.169296][ T5078] ? mlock_drain_local+0x79/0x490
[ 64.174308][ T5078] ? mlock_drain_local+0x79/0x490
[ 64.179332][ T5078] ? mlock_drain_local+0x28d/0x490
[ 64.184444][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 64.190175][ T5078] ? kasan_save_stack+0x4f/0x60
[ 64.195026][ T5078] ? kasan_save_stack+0x3f/0x60
[ 64.199869][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 64.205406][ T5078] ? call_rcu+0x167/0xa70
[ 64.209731][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 64.215962][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 64.221519][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 64.226184][ T5078] ? evict+0x577/0x630
[ 64.230243][ T5078] dbUnmount+0x115/0x190
[ 64.234477][ T5078] jfs_umount+0x238/0x3a0
[ 64.238797][ T5078] jfs_put_super+0x8a/0x190
[ 64.243291][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 64.248397][ T5078] generic_shutdown_super+0x136/0x2d0
[ 64.253766][ T5078] kill_block_super+0x44/0x90
[ 64.258428][ T5078] deactivate_locked_super+0xc4/0x130
[ 64.263787][ T5078] cleanup_mnt+0x41f/0x4b0
[ 64.268191][ T5078] task_work_run+0x24f/0x310
[ 64.272772][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 64.277877][ T5078] ? path_umount+0x284/0xf70
[ 64.282458][ T5078] ptrace_notify+0x2d2/0x380
[ 64.287037][ T5078] ? __pfx_path_umount+0x10/0x10
[ 64.291962][ T5078] ? user_path_at_empty+0x4c/0x60
[ 64.296972][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 64.302073][ T5078] ? __x64_sys_umount+0x126/0x170
[ 64.307083][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 64.312445][ T5078] syscall_exit_work+0xc6/0x190
[ 64.317287][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 64.322908][ T5078] do_syscall_64+0x100/0x230
[ 64.327491][ T5078] ? clear_bhb_loop+0x35/0x90
[ 64.332154][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 64.338121][ T5078] RIP: 0033:0x7fd7647654c7
[ 64.342520][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 64.362111][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 64.370508][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
[ 64.378464][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 64.386419][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 64.394376][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 64.402335][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 64.410296][ T5078]
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached
, child_tidptr=0x555570a84650) = 5083
[pid 5083] set_robust_list(0x555570a84660, 24) = 0
[pid 5083] chdir("./3") = 0
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setpgid(0, 0) = 0
[pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1000", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] write(1, "executing program\n", 18executing program
) = 18
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5083] munmap(0x7fd75c200000, 138412032) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] close(4) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[pid 5083] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5083] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5083] fspick(AT_FDCWD, ".", 0) = 5
[pid 5083] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5083] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[ 64.711983][ T5083] loop0: detected capacity change from 0 to 32768
[pid 5083] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5083] exit_group(0) = ?
[pid 5083] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} ---
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 64.825292][ T5078] BUG: Bad page state in process syz-executor339 pfn:23f3f
[ 64.832601][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x23f3f
[ 64.841443][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 64.851050][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 64.859681][ T5078] raw: 0000000000000003 ffff8880228c6e88 00000000ffffffff 0000000000000000
[ 64.868336][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 64.875738][ T5078] page_owner tracks the page as allocated
[ 64.881462][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5083, tgid 5083 (syz-executor339), ts 64781263661, free_ts 64780730224
[ 64.898612][ T5078] post_alloc_hook+0x1f3/0x230
[ 64.903446][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 64.909032][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 64.914267][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 64.919758][ T5078] folio_alloc_noprof+0x128/0x180
[ 64.924886][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 64.930571][ T5078] do_read_cache_folio+0xed/0x820
[ 64.935764][ T5078] do_read_cache_page+0x30/0x200
[ 64.940749][ T5078] __get_metapage+0x330/0x1050
[ 64.945580][ T5078] dbAdjCtl+0x138/0x9c0
[ 64.949921][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 64.954667][ T5078] dbAllocCtl+0x113/0x920
[ 64.959025][ T5078] dbAllocAG+0x28f/0x10b0
[ 64.963359][ T5078] dbDiscardAG+0x352/0xa10
[ 64.967851][ T5078] jfs_ioc_trim+0x433/0x670
[ 64.972467][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 64.976832][ T5078] page last free pid 5083 tgid 5083 stack trace:
[ 64.983174][ T5078] free_unref_page+0xd19/0xea0
[ 64.987973][ T5078] skb_release_data+0x6b2/0x880
[ 64.992850][ T5078] __kfree_skb+0x55/0x70
[ 64.997182][ T5078] tcp_rcv_established+0x10a2/0x2020
[ 65.002490][ T5078] tcp_v4_do_rcv+0x965/0xc60
[ 65.007130][ T5078] tcp_v4_rcv+0x2d90/0x37b0
[ 65.011642][ T5078] ip_protocol_deliver_rcu+0x225/0x430
[ 65.017147][ T5078] ip_local_deliver_finish+0x33f/0x5f0
[ 65.022634][ T5078] NF_HOOK+0x3a4/0x450
[ 65.026725][ T5078] ip_sublist_rcv_finish+0x3be/0x4f0
[ 65.032010][ T5078] ip_sublist_rcv+0x75d/0xab0
[ 65.036710][ T5078] ip_list_rcv+0x42b/0x480
[ 65.041152][ T5078] __netif_receive_skb_list_core+0x95a/0x980
[ 65.047153][ T5078] netif_receive_skb_list_internal+0xa51/0xe30
[ 65.053309][ T5078] napi_complete_done+0x310/0x8e0
[ 65.058351][ T5078] virtnet_poll+0xd68/0x18c0
[ 65.062992][ T5078] Modules linked in:
[ 65.067141][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 65.079104][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 65.089138][ T5078] Call Trace:
[ 65.092417][ T5078]
[ 65.095346][ T5078] dump_stack_lvl+0x241/0x360
[ 65.100006][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.105183][ T5078] ? __pfx_print_modules+0x10/0x10
[ 65.110281][ T5078] ? page_ext_get+0x20/0x2a0
[ 65.114879][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 65.119799][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 65.124462][ T5078] bad_page+0x14c/0x170
[ 65.128626][ T5078] free_unref_folios+0x1121/0x19c0
[ 65.133730][ T5078] folios_put_refs+0x93a/0xa60
[ 65.138485][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 65.143760][ T5078] ? mlock_drain_local+0x79/0x490
[ 65.148772][ T5078] ? mlock_drain_local+0x79/0x490
[ 65.153784][ T5078] ? mlock_drain_local+0x28d/0x490
[ 65.158887][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 65.164602][ T5078] ? kasan_save_stack+0x4f/0x60
[ 65.169438][ T5078] ? kasan_save_stack+0x3f/0x60
[ 65.174277][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 65.179807][ T5078] ? call_rcu+0x167/0xa70
[ 65.184126][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 65.190351][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 65.195905][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 65.200569][ T5078] ? evict+0x577/0x630
[ 65.204631][ T5078] dbUnmount+0x115/0x190
[ 65.208868][ T5078] jfs_umount+0x238/0x3a0
[ 65.213188][ T5078] jfs_put_super+0x8a/0x190
[ 65.217679][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 65.222777][ T5078] generic_shutdown_super+0x136/0x2d0
[ 65.228141][ T5078] kill_block_super+0x44/0x90
[ 65.232821][ T5078] deactivate_locked_super+0xc4/0x130
[ 65.238182][ T5078] cleanup_mnt+0x41f/0x4b0
[ 65.242588][ T5078] task_work_run+0x24f/0x310
[ 65.247170][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 65.252268][ T5078] ? path_umount+0x284/0xf70
[ 65.256939][ T5078] ptrace_notify+0x2d2/0x380
[ 65.261605][ T5078] ? __pfx_path_umount+0x10/0x10
[ 65.266540][ T5078] ? user_path_at_empty+0x4c/0x60
[ 65.271552][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 65.276653][ T5078] ? __x64_sys_umount+0x126/0x170
[ 65.281665][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 65.287023][ T5078] syscall_exit_work+0xc6/0x190
[ 65.291863][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 65.297655][ T5078] do_syscall_64+0x100/0x230
[ 65.302232][ T5078] ? clear_bhb_loop+0x35/0x90
[ 65.306894][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.312775][ T5078] RIP: 0033:0x7fd7647654c7
[ 65.317175][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 65.336763][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 65.345159][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 65.353113][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 65.361064][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 65.369028][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 65.376984][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 65.384947][ T5078]
[ 65.388480][ T5078] BUG: Bad page state in process syz-executor339 pfn:462d4
[ 65.395838][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x462d4
[ 65.404610][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 65.414308][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 65.423026][ T5078] raw: 0000000000000004 ffff8880228c6d90 00000000ffffffff 0000000000000000
[ 65.431753][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 65.439297][ T5078] page_owner tracks the page as allocated
[ 65.445049][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5083, tgid 5083 (syz-executor339), ts 64780541829, free_ts 64769800667
[ 65.462284][ T5078] post_alloc_hook+0x1f3/0x230
[ 65.467063][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 65.472609][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 65.477844][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 65.483327][ T5078] folio_alloc_noprof+0x128/0x180
[ 65.488381][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 65.494073][ T5078] do_read_cache_folio+0xed/0x820
[ 65.499101][ T5078] do_read_cache_page+0x30/0x200
[ 65.504070][ T5078] __get_metapage+0x330/0x1050
[ 65.508836][ T5078] dbAllocCtl+0xd5/0x920
[ 65.513080][ T5078] dbAllocAG+0x28f/0x10b0
[ 65.517524][ T5078] dbDiscardAG+0x352/0xa10
[ 65.521953][ T5078] jfs_ioc_trim+0x433/0x670
[ 65.526572][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 65.530817][ T5078] __se_sys_ioctl+0xfc/0x170
[ 65.535460][ T5078] do_syscall_64+0xf3/0x230
[ 65.539964][ T5078] page last free pid 5083 tgid 5083 stack trace:
[ 65.546341][ T5078] free_unref_folios+0xf12/0x19c0
[ 65.551374][ T5078] folios_put_refs+0x93a/0xa60
[ 65.556192][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 65.561566][ T5078] reconfigure_super+0x5dd/0x880
[ 65.566574][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 65.571530][ T5078] do_syscall_64+0xf3/0x230
[ 65.576090][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.581992][ T5078] Modules linked in:
[ 65.585920][ T5078] CPU: 1 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 65.597901][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 65.607964][ T5078] Call Trace:
[ 65.611243][ T5078]
[ 65.614157][ T5078] dump_stack_lvl+0x241/0x360
[ 65.618820][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.624000][ T5078] ? __pfx_print_modules+0x10/0x10
[ 65.629180][ T5078] ? page_ext_get+0x20/0x2a0
[ 65.633750][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 65.638683][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 65.643339][ T5078] bad_page+0x14c/0x170
[ 65.647496][ T5078] free_unref_folios+0x1121/0x19c0
[ 65.652600][ T5078] folios_put_refs+0x93a/0xa60
[ 65.657354][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 65.662633][ T5078] ? mlock_drain_local+0x79/0x490
[ 65.667702][ T5078] ? mlock_drain_local+0x79/0x490
[ 65.672742][ T5078] ? mlock_drain_local+0x28d/0x490
[ 65.677865][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 65.683579][ T5078] ? kasan_save_stack+0x4f/0x60
[ 65.688421][ T5078] ? kasan_save_stack+0x3f/0x60
[ 65.693262][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 65.698794][ T5078] ? call_rcu+0x167/0xa70
[ 65.703113][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 65.709341][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 65.714899][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 65.719562][ T5078] ? evict+0x577/0x630
[ 65.723619][ T5078] dbUnmount+0x115/0x190
[ 65.727854][ T5078] jfs_umount+0x238/0x3a0
[ 65.732175][ T5078] jfs_put_super+0x8a/0x190
[ 65.736665][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 65.741758][ T5078] generic_shutdown_super+0x136/0x2d0
[ 65.747122][ T5078] kill_block_super+0x44/0x90
[ 65.751782][ T5078] deactivate_locked_super+0xc4/0x130
[ 65.757232][ T5078] cleanup_mnt+0x41f/0x4b0
[ 65.761644][ T5078] task_work_run+0x24f/0x310
[ 65.766226][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 65.771331][ T5078] ? path_umount+0x284/0xf70
[ 65.775914][ T5078] ptrace_notify+0x2d2/0x380
[ 65.780491][ T5078] ? __pfx_path_umount+0x10/0x10
[ 65.785427][ T5078] ? user_path_at_empty+0x4c/0x60
[ 65.790439][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 65.795540][ T5078] ? __x64_sys_umount+0x126/0x170
[ 65.800674][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 65.806046][ T5078] syscall_exit_work+0xc6/0x190
[ 65.810897][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 65.816533][ T5078] do_syscall_64+0x100/0x230
[ 65.821115][ T5078] ? clear_bhb_loop+0x35/0x90
[ 65.825789][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.831669][ T5078] RIP: 0033:0x7fd7647654c7
[ 65.836069][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 65.855658][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 65.864072][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 65.872144][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
[ 65.880111][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 65.888085][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 65.896316][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 65.904285][ T5078]
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached
[pid 5084] set_robust_list(0x555570a84660, 24
[pid 5078] <... clone resumed>, child_tidptr=0x555570a84650) = 5084
[pid 5084] <... set_robust_list resumed>) = 0
[pid 5084] chdir("./4") = 0
[pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5084] setpgid(0, 0) = 0
[pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5084] write(3, "1000", 4) = 4
[pid 5084] close(3) = 0
[pid 5084] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5084] write(1, "executing program\n", 18executing program
) = 18
[pid 5084] memfd_create("syzkaller", 0) = 3
[pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5084] munmap(0x7fd75c200000, 138412032) = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5084] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5084] close(3) = 0
[pid 5084] close(4) = 0
[pid 5084] mkdir("./file0", 0777) = 0
[pid 5084] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5084] chdir("./file0") = 0
[pid 5084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5084] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5084] fspick(AT_FDCWD, ".", 0) = 5
[pid 5084] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5084] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[ 66.297609][ T5084] loop0: detected capacity change from 0 to 32768
[pid 5084] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5084] exit_group(0) = ?
[pid 5084] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=10 /* 0.10 s */} ---
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 66.397098][ T5078] BUG: Bad page state in process syz-executor339 pfn:26f0a
[ 66.404894][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x26f0a
[ 66.413723][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 66.423317][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 66.431992][ T5078] raw: 0000000000000003 ffff88801f0a2aa8 00000000ffffffff 0000000000000000
[ 66.441013][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 66.448346][ T5078] page_owner tracks the page as allocated
[ 66.454416][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5084, tgid 5084 (syz-executor339), ts 66353205281, free_ts 66099246953
[ 66.471496][ T5078] post_alloc_hook+0x1f3/0x230
[ 66.476307][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 66.481862][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 66.487091][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 66.492653][ T5078] folio_alloc_noprof+0x128/0x180
[ 66.497720][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 66.503359][ T5078] do_read_cache_folio+0xed/0x820
[ 66.508420][ T5078] do_read_cache_page+0x30/0x200
[ 66.513352][ T5078] __get_metapage+0x330/0x1050
[ 66.518152][ T5078] dbAdjCtl+0x138/0x9c0
[ 66.522301][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 66.527097][ T5078] dbAllocCtl+0x113/0x920
[ 66.531423][ T5078] dbAllocAG+0x28f/0x10b0
[ 66.535811][ T5078] dbDiscardAG+0x352/0xa10
[ 66.540226][ T5078] jfs_ioc_trim+0x433/0x670
[ 66.544871][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 66.549118][ T5078] page last free pid 4534 tgid 4534 stack trace:
[ 66.555478][ T5078] free_unref_page+0xd19/0xea0
[ 66.560241][ T5078] __put_partials+0xeb/0x130
[ 66.564899][ T5078] put_cpu_partial+0x17c/0x250
[ 66.569681][ T5078] __slab_free+0x2ea/0x3d0
[ 66.574135][ T5078] qlist_free_all+0x9e/0x140
[ 66.578731][ T5078] kasan_quarantine_reduce+0x14f/0x170
[ 66.584213][ T5078] __kasan_slab_alloc+0x23/0x80
[ 66.589069][ T5078] __kmalloc_noprof+0x1a3/0x400
[ 66.593974][ T5078] tomoyo_realpath_from_path+0xcf/0x5e0
[ 66.599521][ T5078] tomoyo_path_perm+0x2b7/0x740
[ 66.604410][ T5078] security_inode_getattr+0xd8/0x130
[ 66.609698][ T5078] vfs_getattr+0x45/0x430
[ 66.614069][ T5078] vfs_fstatat+0xd6/0x190
[ 66.618419][ T5078] __x64_sys_newfstatat+0x125/0x1b0
[ 66.623655][ T5078] do_syscall_64+0xf3/0x230
[ 66.628169][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.634098][ T5078] Modules linked in:
[ 66.638010][ T5078] CPU: 1 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 66.649958][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 66.660001][ T5078] Call Trace:
[ 66.663266][ T5078]
[ 66.666173][ T5078] dump_stack_lvl+0x241/0x360
[ 66.670837][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 66.676025][ T5078] ? __pfx_print_modules+0x10/0x10
[ 66.681115][ T5078] ? page_ext_get+0x20/0x2a0
[ 66.685684][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 66.690598][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 66.695250][ T5078] bad_page+0x14c/0x170
[ 66.699387][ T5078] free_unref_folios+0x1121/0x19c0
[ 66.704477][ T5078] folios_put_refs+0x93a/0xa60
[ 66.709222][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 66.714482][ T5078] ? mlock_drain_local+0x79/0x490
[ 66.719498][ T5078] ? mlock_drain_local+0x79/0x490
[ 66.724503][ T5078] ? mlock_drain_local+0x28d/0x490
[ 66.729606][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 66.735324][ T5078] ? kasan_save_stack+0x4f/0x60
[ 66.740153][ T5078] ? kasan_save_stack+0x3f/0x60
[ 66.744984][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 66.750593][ T5078] ? call_rcu+0x167/0xa70
[ 66.754900][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 66.761114][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 66.766653][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 66.771306][ T5078] ? evict+0x577/0x630
[ 66.775359][ T5078] dbUnmount+0x115/0x190
[ 66.779580][ T5078] jfs_umount+0x238/0x3a0
[ 66.783889][ T5078] jfs_put_super+0x8a/0x190
[ 66.788370][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 66.793453][ T5078] generic_shutdown_super+0x136/0x2d0
[ 66.798805][ T5078] kill_block_super+0x44/0x90
[ 66.803456][ T5078] deactivate_locked_super+0xc4/0x130
[ 66.808808][ T5078] cleanup_mnt+0x41f/0x4b0
[ 66.813200][ T5078] task_work_run+0x24f/0x310
[ 66.817783][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 66.822871][ T5078] ? path_umount+0x284/0xf70
[ 66.827439][ T5078] ptrace_notify+0x2d2/0x380
[ 66.832010][ T5078] ? __pfx_path_umount+0x10/0x10
[ 66.836926][ T5078] ? user_path_at_empty+0x4c/0x60
[ 66.841928][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 66.847020][ T5078] ? __x64_sys_umount+0x126/0x170
[ 66.852026][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 66.857398][ T5078] syscall_exit_work+0xc6/0x190
[ 66.862274][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 66.867911][ T5078] do_syscall_64+0x100/0x230
[ 66.872517][ T5078] ? clear_bhb_loop+0x35/0x90
[ 66.877192][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.883088][ T5078] RIP: 0033:0x7fd7647654c7
[ 66.887500][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 66.907110][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 66.915520][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 66.923478][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 66.931432][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 66.939388][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 66.947349][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 66.955334][ T5078]
[ 66.958636][ T5078] BUG: Bad page state in process syz-executor339 pfn:26f09
[ 66.966066][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x26f09
[ 66.974880][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 66.984500][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 66.993087][ T5078] raw: 0000000000000004 ffff88801f0a29b0 00000000ffffffff 0000000000000000
[ 67.001713][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 67.009035][ T5078] page_owner tracks the page as allocated
[ 67.014797][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5084, tgid 5084 (syz-executor339), ts 66352923501, free_ts 66099246953
[ 67.031858][ T5078] post_alloc_hook+0x1f3/0x230
[ 67.036655][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 67.042180][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 67.047390][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 67.052851][ T5078] folio_alloc_noprof+0x128/0x180
[ 67.057917][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 67.063587][ T5078] do_read_cache_folio+0xed/0x820
[ 67.068600][ T5078] do_read_cache_page+0x30/0x200
[ 67.073589][ T5078] __get_metapage+0x330/0x1050
[ 67.078355][ T5078] dbAllocCtl+0xd5/0x920
[ 67.082576][ T5078] dbAllocAG+0x28f/0x10b0
[ 67.086960][ T5078] dbDiscardAG+0x352/0xa10
[ 67.091397][ T5078] jfs_ioc_trim+0x433/0x670
[ 67.096220][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 67.100472][ T5078] __se_sys_ioctl+0xfc/0x170
[ 67.105094][ T5078] do_syscall_64+0xf3/0x230
[ 67.109607][ T5078] page last free pid 4534 tgid 4534 stack trace:
[ 67.116164][ T5078] free_unref_page+0xd19/0xea0
[ 67.121022][ T5078] __put_partials+0xeb/0x130
[ 67.125646][ T5078] put_cpu_partial+0x17c/0x250
[ 67.130417][ T5078] __slab_free+0x2ea/0x3d0
[ 67.134937][ T5078] qlist_free_all+0x9e/0x140
[ 67.139549][ T5078] kasan_quarantine_reduce+0x14f/0x170
[ 67.145051][ T5078] __kasan_slab_alloc+0x23/0x80
[ 67.149910][ T5078] __kmalloc_noprof+0x1a3/0x400
[ 67.154834][ T5078] tomoyo_realpath_from_path+0xcf/0x5e0
[ 67.160398][ T5078] tomoyo_path_perm+0x2b7/0x740
[ 67.165284][ T5078] security_inode_getattr+0xd8/0x130
[ 67.170571][ T5078] vfs_getattr+0x45/0x430
[ 67.174946][ T5078] vfs_fstatat+0xd6/0x190
[ 67.179276][ T5078] __x64_sys_newfstatat+0x125/0x1b0
[ 67.184531][ T5078] do_syscall_64+0xf3/0x230
[ 67.189038][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.195025][ T5078] Modules linked in:
[ 67.198919][ T5078] CPU: 1 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 67.210866][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 67.220898][ T5078] Call Trace:
[ 67.224157][ T5078]
[ 67.227071][ T5078] dump_stack_lvl+0x241/0x360
[ 67.231730][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 67.236903][ T5078] ? __pfx_print_modules+0x10/0x10
[ 67.241993][ T5078] ? page_ext_get+0x20/0x2a0
[ 67.246561][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 67.251475][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 67.256130][ T5078] bad_page+0x14c/0x170
[ 67.260265][ T5078] free_unref_folios+0x1121/0x19c0
[ 67.265356][ T5078] folios_put_refs+0x93a/0xa60
[ 67.270098][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 67.275357][ T5078] ? mlock_drain_local+0x79/0x490
[ 67.280378][ T5078] ? mlock_drain_local+0x79/0x490
[ 67.285381][ T5078] ? mlock_drain_local+0x28d/0x490
[ 67.290472][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 67.296172][ T5078] ? kasan_save_stack+0x4f/0x60
[ 67.301001][ T5078] ? kasan_save_stack+0x3f/0x60
[ 67.305847][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 67.311368][ T5078] ? call_rcu+0x167/0xa70
[ 67.315674][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 67.321891][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 67.327429][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 67.332085][ T5078] ? evict+0x577/0x630
[ 67.336134][ T5078] dbUnmount+0x115/0x190
[ 67.340356][ T5078] jfs_umount+0x238/0x3a0
[ 67.344663][ T5078] jfs_put_super+0x8a/0x190
[ 67.349156][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 67.354260][ T5078] generic_shutdown_super+0x136/0x2d0
[ 67.359610][ T5078] kill_block_super+0x44/0x90
[ 67.364263][ T5078] deactivate_locked_super+0xc4/0x130
[ 67.369611][ T5078] cleanup_mnt+0x41f/0x4b0
[ 67.374006][ T5078] task_work_run+0x24f/0x310
[ 67.378591][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 67.383683][ T5078] ? path_umount+0x284/0xf70
[ 67.388254][ T5078] ptrace_notify+0x2d2/0x380
[ 67.392823][ T5078] ? __pfx_path_umount+0x10/0x10
[ 67.397735][ T5078] ? user_path_at_empty+0x4c/0x60
[ 67.402737][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 67.407829][ T5078] ? __x64_sys_umount+0x126/0x170
[ 67.412918][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 67.418283][ T5078] syscall_exit_work+0xc6/0x190
[ 67.423115][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 67.428733][ T5078] do_syscall_64+0x100/0x230
[ 67.433313][ T5078] ? clear_bhb_loop+0x35/0x90
[ 67.437971][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 67.443852][ T5078] RIP: 0033:0x7fd7647654c7
[ 67.448244][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 67.467822][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 67.476242][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 67.484207][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 67.492237][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
[ 67.500183][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 67.508130][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 67.516085][ T5078]
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached
, child_tidptr=0x555570a84650) = 5085
[pid 5085] set_robust_list(0x555570a84660, 24) = 0
[pid 5085] chdir("./5") = 0
[pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5085] setpgid(0, 0) = 0
[pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5085] write(3, "1000", 4) = 4
[pid 5085] close(3) = 0
[pid 5085] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5085] write(1, "executing program\n", 18) = 18
[pid 5085] memfd_create("syzkaller", 0) = 3
[pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5085] munmap(0x7fd75c200000, 138412032) = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5085] close(3) = 0
[pid 5085] close(4) = 0
[pid 5085] mkdir("./file0", 0777) = 0
[pid 5085] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5085] chdir("./file0") = 0
[pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5085] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5085] fspick(AT_FDCWD, ".", 0) = 5
[pid 5085] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5085] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[ 67.789942][ T5085] loop0: detected capacity change from 0 to 32768
[pid 5085] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5085] exit_group(0) = ?
[pid 5085] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5085, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=7 /* 0.07 s */} ---
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 67.913852][ T5078] BUG: Bad page state in process syz-executor339 pfn:1e7d7
[ 67.921227][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x1e7d7
[ 67.930385][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 67.940076][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 67.948676][ T5078] raw: 0000000000000003 ffff88801151caa8 00000000ffffffff 0000000000000000
[ 67.957288][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 67.964690][ T5078] page_owner tracks the page as allocated
[ 67.970391][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5085, tgid 5085 (syz-executor339), ts 67845661743, free_ts 67843462035
[ 67.987438][ T5078] post_alloc_hook+0x1f3/0x230
[ 67.992218][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 67.997818][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 68.003040][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 68.008551][ T5078] folio_alloc_noprof+0x128/0x180
[ 68.013610][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 68.019240][ T5078] do_read_cache_folio+0xed/0x820
[ 68.024284][ T5078] do_read_cache_page+0x30/0x200
[ 68.029222][ T5078] __get_metapage+0x330/0x1050
[ 68.034009][ T5078] dbAdjCtl+0x138/0x9c0
[ 68.038162][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 68.042838][ T5078] dbAllocCtl+0x113/0x920
[ 68.047298][ T5078] dbAllocAG+0x28f/0x10b0
[ 68.051658][ T5078] dbDiscardAG+0x352/0xa10
[ 68.056120][ T5078] jfs_ioc_trim+0x433/0x670
[ 68.060647][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 68.064919][ T5078] page last free pid 0 tgid 0 stack trace:
[ 68.070715][ T5078] free_unref_page+0xd19/0xea0
[ 68.075583][ T5078] rcu_core+0xafd/0x1830
[ 68.079920][ T5078] handle_softirqs+0x2c4/0x970
[ 68.084711][ T5078] __irq_exit_rcu+0xf4/0x1c0
[ 68.089300][ T5078] irq_exit_rcu+0x9/0x30
[ 68.093556][ T5078] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.099187][ T5078] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.105231][ T5078] Modules linked in:
[ 68.109216][ T5078] CPU: 1 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 68.121177][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 68.131216][ T5078] Call Trace:
[ 68.134483][ T5078]
[ 68.137400][ T5078] dump_stack_lvl+0x241/0x360
[ 68.142068][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.147251][ T5078] ? __pfx_print_modules+0x10/0x10
[ 68.152348][ T5078] ? page_ext_get+0x20/0x2a0
[ 68.156923][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 68.161849][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 68.166516][ T5078] bad_page+0x14c/0x170
[ 68.170663][ T5078] free_unref_folios+0x1121/0x19c0
[ 68.175767][ T5078] folios_put_refs+0x93a/0xa60
[ 68.180520][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 68.185814][ T5078] ? mlock_drain_local+0x79/0x490
[ 68.190829][ T5078] ? mlock_drain_local+0x79/0x490
[ 68.195841][ T5078] ? mlock_drain_local+0x28d/0x490
[ 68.200942][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 68.206653][ T5078] ? kasan_save_stack+0x4f/0x60
[ 68.211579][ T5078] ? kasan_save_stack+0x3f/0x60
[ 68.216417][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 68.221946][ T5078] ? call_rcu+0x167/0xa70
[ 68.226262][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 68.232486][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 68.238040][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 68.242710][ T5078] ? evict+0x577/0x630
[ 68.246765][ T5078] dbUnmount+0x115/0x190
[ 68.251015][ T5078] jfs_umount+0x238/0x3a0
[ 68.255338][ T5078] jfs_put_super+0x8a/0x190
[ 68.259843][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 68.265024][ T5078] generic_shutdown_super+0x136/0x2d0
[ 68.270394][ T5078] kill_block_super+0x44/0x90
[ 68.275068][ T5078] deactivate_locked_super+0xc4/0x130
[ 68.280453][ T5078] cleanup_mnt+0x41f/0x4b0
[ 68.284871][ T5078] task_work_run+0x24f/0x310
[ 68.289464][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 68.294778][ T5078] ? path_umount+0x284/0xf70
[ 68.299361][ T5078] ptrace_notify+0x2d2/0x380
[ 68.303942][ T5078] ? __pfx_path_umount+0x10/0x10
[ 68.308864][ T5078] ? user_path_at_empty+0x4c/0x60
[ 68.313876][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 68.318978][ T5078] ? __x64_sys_umount+0x126/0x170
[ 68.323987][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 68.329434][ T5078] syscall_exit_work+0xc6/0x190
[ 68.334273][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 68.339891][ T5078] do_syscall_64+0x100/0x230
[ 68.344468][ T5078] ? clear_bhb_loop+0x35/0x90
[ 68.349157][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.355037][ T5078] RIP: 0033:0x7fd7647654c7
[ 68.359525][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 68.379204][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 68.387602][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 68.395556][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 68.403515][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 68.411470][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 68.419425][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 68.427403][ T5078]
[ 68.430513][ T5078] BUG: Bad page state in process syz-executor339 pfn:234fa
[ 68.437858][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x234fa
[ 68.446868][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 68.456626][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 68.465263][ T5078] raw: 0000000000000004 ffff88801151c9b0 00000000ffffffff 0000000000000000
[ 68.473876][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 68.481153][ T5078] page_owner tracks the page as allocated
[ 68.487005][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5085, tgid 5085 (syz-executor339), ts 67845289695, free_ts 67843478213
[ 68.504057][ T5078] post_alloc_hook+0x1f3/0x230
[ 68.508814][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 68.514383][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 68.519579][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 68.525086][ T5078] folio_alloc_noprof+0x128/0x180
[ 68.530135][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 68.535805][ T5078] do_read_cache_folio+0xed/0x820
[ 68.540828][ T5078] do_read_cache_page+0x30/0x200
[ 68.545794][ T5078] __get_metapage+0x330/0x1050
[ 68.550554][ T5078] dbAllocCtl+0xd5/0x920
[ 68.554827][ T5078] dbAllocAG+0x28f/0x10b0
[ 68.559165][ T5078] dbDiscardAG+0x352/0xa10
[ 68.563671][ T5078] jfs_ioc_trim+0x433/0x670
[ 68.568178][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 68.572396][ T5078] __se_sys_ioctl+0xfc/0x170
[ 68.577055][ T5078] do_syscall_64+0xf3/0x230
[ 68.581559][ T5078] page last free pid 0 tgid 0 stack trace:
[ 68.587404][ T5078] free_unref_page+0xd19/0xea0
[ 68.592187][ T5078] rcu_core+0xafd/0x1830
[ 68.596488][ T5078] handle_softirqs+0x2c4/0x970
[ 68.601262][ T5078] __irq_exit_rcu+0xf4/0x1c0
[ 68.605881][ T5078] irq_exit_rcu+0x9/0x30
[ 68.610138][ T5078] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 68.615787][ T5078] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 68.621769][ T5078] Modules linked in:
[ 68.625693][ T5078] CPU: 1 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 68.637663][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 68.647707][ T5078] Call Trace:
[ 68.650983][ T5078]
[ 68.653896][ T5078] dump_stack_lvl+0x241/0x360
[ 68.658558][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.663736][ T5078] ? __pfx_print_modules+0x10/0x10
[ 68.668843][ T5078] ? page_ext_get+0x20/0x2a0
[ 68.673422][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 68.678352][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 68.683009][ T5078] bad_page+0x14c/0x170
[ 68.687156][ T5078] free_unref_folios+0x1121/0x19c0
[ 68.692263][ T5078] folios_put_refs+0x93a/0xa60
[ 68.697015][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 68.702286][ T5078] ? mlock_drain_local+0x79/0x490
[ 68.707576][ T5078] ? mlock_drain_local+0x79/0x490
[ 68.712626][ T5078] ? mlock_drain_local+0x28d/0x490
[ 68.717728][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 68.723438][ T5078] ? kasan_save_stack+0x4f/0x60
[ 68.728276][ T5078] ? kasan_save_stack+0x3f/0x60
[ 68.733116][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 68.738647][ T5078] ? call_rcu+0x167/0xa70
[ 68.742975][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 68.749204][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 68.754759][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 68.759526][ T5078] ? evict+0x577/0x630
[ 68.763609][ T5078] dbUnmount+0x115/0x190
[ 68.767858][ T5078] jfs_umount+0x238/0x3a0
[ 68.772207][ T5078] jfs_put_super+0x8a/0x190
[ 68.776701][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 68.781798][ T5078] generic_shutdown_super+0x136/0x2d0
[ 68.787167][ T5078] kill_block_super+0x44/0x90
[ 68.791829][ T5078] deactivate_locked_super+0xc4/0x130
[ 68.797276][ T5078] cleanup_mnt+0x41f/0x4b0
[ 68.801689][ T5078] task_work_run+0x24f/0x310
[ 68.806267][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 68.811364][ T5078] ? path_umount+0x284/0xf70
[ 68.815942][ T5078] ptrace_notify+0x2d2/0x380
[ 68.820609][ T5078] ? __pfx_path_umount+0x10/0x10
[ 68.825533][ T5078] ? user_path_at_empty+0x4c/0x60
[ 68.830544][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 68.835646][ T5078] ? __x64_sys_umount+0x126/0x170
[ 68.840682][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 68.846045][ T5078] syscall_exit_work+0xc6/0x190
[ 68.850884][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 68.856507][ T5078] do_syscall_64+0x100/0x230
[ 68.861083][ T5078] ? clear_bhb_loop+0x35/0x90
[ 68.865745][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.871621][ T5078] RIP: 0033:0x7fd7647654c7
[ 68.876027][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 68.895632][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 68.904038][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
[ 68.912084][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 68.920135][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 68.928190][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 68.936146][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 68.944108][ T5078]
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x555570a856f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = 0
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached
, child_tidptr=0x555570a84650) = 5086
[pid 5086] set_robust_list(0x555570a84660, 24) = 0
[pid 5086] chdir("./6") = 0
[pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5086] setpgid(0, 0) = 0
[pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5086] write(3, "1000", 4) = 4
[pid 5086] close(3) = 0
[pid 5086] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5086] write(1, "executing program\n", 18executing program
) = 18
[pid 5086] memfd_create("syzkaller", 0) = 3
[pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd75c200000
[pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5086] munmap(0x7fd75c200000, 138412032) = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5086] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5086] close(3) = 0
[pid 5086] close(4) = 0
[pid 5086] mkdir("./file0", 0777) = 0
[pid 5086] mount("/dev/loop0", "./file0", "jfs", 0, "resize=0x000000000000") = 0
[pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5086] chdir("./file0") = 0
[pid 5086] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy)
[pid 5086] openat(AT_FDCWD, ".", O_RDONLY) = 4
[pid 5086] fspick(AT_FDCWD, ".", 0) = 5
[pid 5086] fsconfig(5, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0
[pid 5086] fsconfig(5, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[ 69.298384][ T5086] loop0: detected capacity change from 0 to 32768
[pid 5086] ioctl(4, FITRIM, {start=0x1, len=1783039598661162467, minlen=0}) = 0
[pid 5086] exit_group(0) = ?
[pid 5086] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5086, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=5 /* 0.05 s */} ---
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555570a856f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 69.396972][ T5078] BUG: Bad page state in process syz-executor339 pfn:24f75
[ 69.404444][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x24f75
[ 69.413197][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 69.422803][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 69.431446][ T5078] raw: 0000000000000003 ffff88802d484c98 00000000ffffffff 0000000000000000
[ 69.440086][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 69.447574][ T5078] page_owner tracks the page as allocated
[ 69.453328][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5086, tgid 5086 (syz-executor339), ts 69347570402, free_ts 69346489860
[ 69.470375][ T5078] post_alloc_hook+0x1f3/0x230
[ 69.475197][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 69.480737][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 69.485941][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 69.491397][ T5078] folio_alloc_noprof+0x128/0x180
[ 69.496440][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 69.502076][ T5078] do_read_cache_folio+0xed/0x820
[ 69.507116][ T5078] do_read_cache_page+0x30/0x200
[ 69.512051][ T5078] __get_metapage+0x330/0x1050
[ 69.516834][ T5078] dbAdjCtl+0x138/0x9c0
[ 69.520987][ T5078] dbAllocDmapLev+0x29c/0x4a0
[ 69.525694][ T5078] dbAllocCtl+0x113/0x920
[ 69.530039][ T5078] dbAllocAG+0x28f/0x10b0
[ 69.534418][ T5078] dbDiscardAG+0x352/0xa10
[ 69.538837][ T5078] jfs_ioc_trim+0x433/0x670
[ 69.543321][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 69.547598][ T5078] page last free pid 5086 tgid 5086 stack trace:
[ 69.554011][ T5078] free_unref_folios+0xf12/0x19c0
[ 69.559057][ T5078] folios_put_refs+0x93a/0xa60
[ 69.563883][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 69.569261][ T5078] reconfigure_super+0x5dd/0x880
[ 69.574228][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 69.579188][ T5078] do_syscall_64+0xf3/0x230
[ 69.583711][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.589614][ T5078] Modules linked in:
[ 69.593561][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 69.605533][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 69.615567][ T5078] Call Trace:
[ 69.618828][ T5078]
[ 69.621736][ T5078] dump_stack_lvl+0x241/0x360
[ 69.626409][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.631583][ T5078] ? __pfx_print_modules+0x10/0x10
[ 69.636689][ T5078] ? page_ext_get+0x20/0x2a0
[ 69.641295][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 69.646225][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 69.650897][ T5078] bad_page+0x14c/0x170
[ 69.655067][ T5078] free_unref_folios+0x1121/0x19c0
[ 69.660179][ T5078] folios_put_refs+0x93a/0xa60
[ 69.665012][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 69.670282][ T5078] ? mlock_drain_local+0x79/0x490
[ 69.675314][ T5078] ? mlock_drain_local+0x79/0x490
[ 69.680420][ T5078] ? mlock_drain_local+0x28d/0x490
[ 69.685523][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 69.691249][ T5078] ? kasan_save_stack+0x4f/0x60
[ 69.696089][ T5078] ? kasan_save_stack+0x3f/0x60
[ 69.700919][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 69.706460][ T5078] ? call_rcu+0x167/0xa70
[ 69.710769][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 69.716993][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 69.722536][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 69.727195][ T5078] ? evict+0x577/0x630
[ 69.731243][ T5078] dbUnmount+0x115/0x190
[ 69.735470][ T5078] jfs_umount+0x238/0x3a0
[ 69.739797][ T5078] jfs_put_super+0x8a/0x190
[ 69.744307][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 69.749407][ T5078] generic_shutdown_super+0x136/0x2d0
[ 69.754766][ T5078] kill_block_super+0x44/0x90
[ 69.759419][ T5078] deactivate_locked_super+0xc4/0x130
[ 69.764783][ T5078] cleanup_mnt+0x41f/0x4b0
[ 69.769208][ T5078] task_work_run+0x24f/0x310
[ 69.773805][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 69.778897][ T5078] ? path_umount+0x284/0xf70
[ 69.783472][ T5078] ptrace_notify+0x2d2/0x380
[ 69.788043][ T5078] ? __pfx_path_umount+0x10/0x10
[ 69.792957][ T5078] ? user_path_at_empty+0x4c/0x60
[ 69.797971][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 69.803083][ T5078] ? __x64_sys_umount+0x126/0x170
[ 69.808084][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 69.813432][ T5078] syscall_exit_work+0xc6/0x190
[ 69.818261][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 69.823871][ T5078] do_syscall_64+0x100/0x230
[ 69.828438][ T5078] ? clear_bhb_loop+0x35/0x90
[ 69.833090][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.838959][ T5078] RIP: 0033:0x7fd7647654c7
[ 69.843380][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 69.862967][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 69.871360][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
[ 69.879393][ T5078] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff46e01150
[ 69.887338][ T5078] RBP: 00007fff46e01150 R08: 0000000000000000 R09: 0000000000000000
[ 69.895282][ T5078] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007fff46e021c0
[ 69.903226][ T5078] R13: 0000555570a856c0 R14: 431bde82d7b634db R15: 00007fff46e021e0
[ 69.911195][ T5078]
[ 69.914462][ T5078] BUG: Bad page state in process syz-executor339 pfn:1bab6
[ 69.921741][ T5078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1bab6
[ 69.930843][ T5078] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[ 69.940475][ T5078] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
[ 69.949100][ T5078] raw: 0000000000000004 ffff88802d484ba0 00000000ffffffff 0000000000000000
[ 69.957733][ T5078] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 69.965075][ T5078] page_owner tracks the page as allocated
[ 69.970778][ T5078] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5086, tgid 5086 (syz-executor339), ts 69347299993, free_ts 69346498294
[ 69.987856][ T5078] post_alloc_hook+0x1f3/0x230
[ 69.992652][ T5078] get_page_from_freelist+0x2e2d/0x2ee0
[ 69.998227][ T5078] __alloc_pages_noprof+0x256/0x6c0
[ 70.003455][ T5078] alloc_pages_mpol_noprof+0x3e8/0x680
[ 70.008902][ T5078] folio_alloc_noprof+0x128/0x180
[ 70.013987][ T5078] filemap_alloc_folio_noprof+0xdf/0x500
[ 70.019640][ T5078] do_read_cache_folio+0xed/0x820
[ 70.024717][ T5078] do_read_cache_page+0x30/0x200
[ 70.029662][ T5078] __get_metapage+0x330/0x1050
[ 70.034454][ T5078] dbAllocCtl+0xd5/0x920
[ 70.038718][ T5078] dbAllocAG+0x28f/0x10b0
[ 70.043033][ T5078] dbDiscardAG+0x352/0xa10
[ 70.047476][ T5078] jfs_ioc_trim+0x433/0x670
[ 70.051981][ T5078] jfs_ioctl+0x2d0/0x3e0
[ 70.056264][ T5078] __se_sys_ioctl+0xfc/0x170
[ 70.060861][ T5078] do_syscall_64+0xf3/0x230
[ 70.065387][ T5078] page last free pid 5086 tgid 5086 stack trace:
[ 70.071710][ T5078] free_unref_folios+0xf12/0x19c0
[ 70.076782][ T5078] folios_put_refs+0x93a/0xa60
[ 70.081543][ T5078] mapping_try_invalidate+0x4d4/0x620
[ 70.086931][ T5078] reconfigure_super+0x5dd/0x880
[ 70.091892][ T5078] __se_sys_fsconfig+0xab5/0xec0
[ 70.096844][ T5078] do_syscall_64+0xf3/0x230
[ 70.101350][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.107272][ T5078] Modules linked in:
[ 70.111164][ T5078] CPU: 0 PID: 5078 Comm: syz-executor339 Tainted: G B 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 70.123115][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 70.133154][ T5078] Call Trace:
[ 70.136419][ T5078]
[ 70.139347][ T5078] dump_stack_lvl+0x241/0x360
[ 70.144013][ T5078] ? __pfx_dump_stack_lvl+0x10/0x10
[ 70.149191][ T5078] ? __pfx_print_modules+0x10/0x10
[ 70.154280][ T5078] ? page_ext_get+0x20/0x2a0
[ 70.158847][ T5078] ? rcu_read_lock_held+0xa/0x50
[ 70.163781][ T5078] ? page_ext_get+0x1d6/0x2a0
[ 70.168436][ T5078] bad_page+0x14c/0x170
[ 70.172570][ T5078] free_unref_folios+0x1121/0x19c0
[ 70.177661][ T5078] folios_put_refs+0x93a/0xa60
[ 70.182401][ T5078] ? __pfx_folios_put_refs+0x10/0x10
[ 70.187661][ T5078] ? mlock_drain_local+0x79/0x490
[ 70.192664][ T5078] ? mlock_drain_local+0x79/0x490
[ 70.197668][ T5078] ? mlock_drain_local+0x28d/0x490
[ 70.202761][ T5078] truncate_inode_pages_range+0x47b/0xfc0
[ 70.208465][ T5078] ? kasan_save_stack+0x4f/0x60
[ 70.213293][ T5078] ? kasan_save_stack+0x3f/0x60
[ 70.218127][ T5078] ? __kasan_record_aux_stack+0xac/0xc0
[ 70.223661][ T5078] ? call_rcu+0x167/0xa70
[ 70.227977][ T5078] ? __pfx_truncate_inode_pages_range+0x10/0x10
[ 70.234203][ T5078] ? deactivate_locked_super+0xc4/0x130
[ 70.239757][ T5078] ? __pfx_call_rcu+0x10/0x10
[ 70.244421][ T5078] ? evict+0x577/0x630
[ 70.248477][ T5078] dbUnmount+0x115/0x190
[ 70.252711][ T5078] jfs_umount+0x238/0x3a0
[ 70.257028][ T5078] jfs_put_super+0x8a/0x190
[ 70.261516][ T5078] ? __pfx_jfs_put_super+0x10/0x10
[ 70.266610][ T5078] generic_shutdown_super+0x136/0x2d0
[ 70.271973][ T5078] kill_block_super+0x44/0x90
[ 70.276632][ T5078] deactivate_locked_super+0xc4/0x130
[ 70.281992][ T5078] cleanup_mnt+0x41f/0x4b0
[ 70.286396][ T5078] task_work_run+0x24f/0x310
[ 70.290977][ T5078] ? __pfx_task_work_run+0x10/0x10
[ 70.296074][ T5078] ? path_umount+0x284/0xf70
[ 70.300651][ T5078] ptrace_notify+0x2d2/0x380
[ 70.305231][ T5078] ? __pfx_path_umount+0x10/0x10
[ 70.310156][ T5078] ? user_path_at_empty+0x4c/0x60
[ 70.315170][ T5078] ? __pfx_ptrace_notify+0x10/0x10
[ 70.320270][ T5078] ? __x64_sys_umount+0x126/0x170
[ 70.325281][ T5078] ? __pfx___x64_sys_umount+0x10/0x10
[ 70.330641][ T5078] syscall_exit_work+0xc6/0x190
[ 70.335479][ T5078] syscall_exit_to_user_mode+0x273/0x370
[ 70.341099][ T5078] do_syscall_64+0x100/0x230
[ 70.345676][ T5078] ? clear_bhb_loop+0x35/0x90
[ 70.350339][ T5078] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 70.356218][ T5078] RIP: 0033:0x7fd7647654c7
[ 70.360619][ T5078] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 70.380208][ T5078] RSP: 002b:00007fff46e01098 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 70.388611][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fd7647654c7
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x555570a8d730 /* 2 entries */, 32768) = 48
getdents64(4, 0x555570a8d730 /* 0 entries */, 32768) = 0