BUG: Bad page state in process syz-executor  pfn:114206
page:00000000bca9dc9f refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x114206
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc0003d82208 ffff8000209b7540 0000000000000000
raw: 0000000000000004 ffff0000f25283e0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4331 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x620/0xaf0 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8c8 mm/page_alloc.c:3525
 release_pages+0xd84/0xfb4 mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2d4/0xd68 mm/truncate.c:397
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:476
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x120 fs/super.c:332
 deactivate_super+0xe4/0x104 fs/super.c:363
 cleanup_mnt+0x390/0x418 fs/namespace.c:1191
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1198
 task_work_run+0x1ec/0x278 kernel/task_work.c:203
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x1fa0/0x2aa4 arch/arm64/kernel/signal.c:1137
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 el0_svc+0x98/0x128 arch/arm64/kernel/entry-common.c:638
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585