syzbot

 sign-in | mailing list | source | docs
🐞 Open [723]
🐞 Fixed [119]
🐞 Invalid [750]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in __get_metapage

Status: upstream: reported C repro on 2024/10/23 12:46
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+5ef7590632a6b42d2b6c@syzkaller.appspotmail.com
First crash: 205d, last: 1h45m
Fix commit to backport (bisect log) :
tree: upstream
commit 9346476d211611f3c0d512cb6e942ab76f5376d8
Author: Matthew Wilcox (Oracle) <willy@infradead.org>
Date: Wed Apr 17 17:56:48 2024 +0000

  jfs: Convert insert_metapage() to take a folio

  
Bug presence (3)
Date Name Commit Repro Result
2024/12/16 linux-6.1.y (ToT) 52f863f820fd C [report] BUG: Bad page state in __get_metapage
2024/10/28 upstream (ToT) 819837584309 C [report] INFO: task hung in lmLogClose
2024/12/16 upstream (ToT) 78d4f34e2115 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in __get_metapage origin:upstream C 524 1d03h 205d 0/3 upstream: reported C repro on 2024/10/23 03:58
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/02/03 18:07 5h54m fix candidate upstream OK (1) job log

Sample crash report:
BUG: Bad page state in process jfsCommit  pfn:799d7
page:ffffea0001e675c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x799d7
flags: 0xfff00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff8880290949b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 4246, tgid 4246 (syz-executor110), ts 81625670049, free_ts 72067259651
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x18d/0x1b0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x3731/0x38d0 mm/page_alloc.c:4328
 __alloc_pages+0x28d/0x770 mm/page_alloc.c:5606
 folio_alloc+0x1a/0x50 mm/mempolicy.c:2292
 filemap_alloc_folio+0xda/0x4f0 mm/filemap.c:999
 do_read_cache_folio+0x2a7/0x810 mm/filemap.c:3590
 do_read_cache_page+0x32/0x220 mm/filemap.c:3668
 read_mapping_page include/linux/pagemap.h:791 [inline]
 __get_metapage+0x32c/0x1040 fs/jfs/jfs_metapage.c:620
 diRead+0x707/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x88/0x3b0 fs/jfs/inode.c:35
 jfs_fill_super+0x804/0xc40 fs/jfs/super.c:580
 mount_bdev+0x2c9/0x3f0 fs/super.c:1443
 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632
 vfs_get_tree+0x88/0x270 fs/super.c:1573
 do_new_mount+0x2ba/0xb40 fs/namespace.c:3056
 do_mount fs/namespace.c:3399 [inline]
 __do_sys_mount fs/namespace.c:3607 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3584
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x12a6/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 pipe_buf_release include/linux/pipe_fs_i.h:199 [inline]
 pipe_read+0x6e1/0x12a0 fs/pipe.c:324
 call_read_iter include/linux/fs.h:2259 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x88d/0xbf0 fs/read_write.c:470
 ksys_read+0x19c/0x2c0 fs/read_write.c:613
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
Modules linked in:
CPU: 1 PID: 108 Comm: jfsCommit Not tainted 6.1.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:699
 free_page_is_bad_report mm/page_alloc.c:1281 [inline]
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x60f/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 txUnlock+0x282/0xca0 fs/jfs/jfs_txnmgr.c:932
 txLazyCommit fs/jfs/jfs_txnmgr.c:2682 [inline]
 jfs_lazycommit+0x5d0/0xb60 fs/jfs/jfs_txnmgr.c:2732
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
page:ffffea0001e675c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x799d7
flags: 0xfff00000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff8880290949b0 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 4246, tgid 4246 (syz-executor110), ts 81625670049, free_ts 72067259651
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x18d/0x1b0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x3731/0x38d0 mm/page_alloc.c:4328
 __alloc_pages+0x28d/0x770 mm/page_alloc.c:5606
 folio_alloc+0x1a/0x50 mm/mempolicy.c:2292
 filemap_alloc_folio+0xda/0x4f0 mm/filemap.c:999
 do_read_cache_folio+0x2a7/0x810 mm/filemap.c:3590
 do_read_cache_page+0x32/0x220 mm/filemap.c:3668
 read_mapping_page include/linux/pagemap.h:791 [inline]
 __get_metapage+0x32c/0x1040 fs/jfs/jfs_metapage.c:620
 diRead+0x707/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x88/0x3b0 fs/jfs/inode.c:35
 jfs_fill_super+0x804/0xc40 fs/jfs/super.c:580
 mount_bdev+0x2c9/0x3f0 fs/super.c:1443
 legacy_get_tree+0xeb/0x180 fs/fs_context.c:632
 vfs_get_tree+0x88/0x270 fs/super.c:1573
 do_new_mount+0x2ba/0xb40 fs/namespace.c:3056
 do_mount fs/namespace.c:3399 [inline]
 __do_sys_mount fs/namespace.c:3607 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3584
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x12a6/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 pipe_buf_release include/linux/pipe_fs_i.h:199 [inline]
 pipe_read+0x6e1/0x12a0 fs/pipe.c:324
 call_read_iter include/linux/fs.h:2259 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x88d/0xbf0 fs/read_write.c:470
 ksys_read+0x19c/0x2c0 fs/read_write.c:613
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1135!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 108 Comm: jfsCommit Tainted: G    B              6.1.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:folio_get include/linux/mm.h:1135 [inline]
RIP: 0010:get_page include/linux/mm.h:1141 [inline]
RIP: 0010:put_metapage+0x25c/0x300 fs/jfs/jfs_metapage.c:721
Code: 2c 24 49 81 e5 ff 0f 00 00 74 21 e8 6e 63 77 fe e9 a0 00 00 00 e8 64 63 77 fe 48 8b 3c 24 48 c7 c6 00 83 46 8b e8 34 f1 b6 fe <0f> 0b 48 8b 1c 24 48 89 df be 08 00 00 00 e8 b1 c6 ce fe 48 c1 eb
RSP: 0018:ffffc90002d27cb8 EFLAGS: 00010246
RAX: 29d17500b77cae00 RBX: 000000000000007f RCX: ffffffff816adbb7
RDX: 0000000000000000 RSI: ffffffff8b5f7340 RDI: ffffffff8b5f7300
RBP: ffff8880290949b0 R08: dffffc0000000000 R09: fffffbfff1d417ce
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffffea0001e675f4 R14: 1ffff1100521293b R15: ffff8880290949d8
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ce8a7f3f58 CR3: 0000000018a47000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 txUnlock+0x42f/0xca0 fs/jfs/jfs_txnmgr.c:947
 txLazyCommit fs/jfs/jfs_txnmgr.c:2682 [inline]
 jfs_lazycommit+0x5d0/0xb60 fs/jfs/jfs_txnmgr.c:2732
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folio_get include/linux/mm.h:1135 [inline]
RIP: 0010:get_page include/linux/mm.h:1141 [inline]
RIP: 0010:put_metapage+0x25c/0x300 fs/jfs/jfs_metapage.c:721
Code: 2c 24 49 81 e5 ff 0f 00 00 74 21 e8 6e 63 77 fe e9 a0 00 00 00 e8 64 63 77 fe 48 8b 3c 24 48 c7 c6 00 83 46 8b e8 34 f1 b6 fe <0f> 0b 48 8b 1c 24 48 89 df be 08 00 00 00 e8 b1 c6 ce fe 48 c1 eb
RSP: 0018:ffffc90002d27cb8 EFLAGS: 00010246
RAX: 29d17500b77cae00 RBX: 000000000000007f RCX: ffffffff816adbb7
RDX: 0000000000000000 RSI: ffffffff8b5f7340 RDI: ffffffff8b5f7300
RBP: ffff8880290949b0 R08: dffffc0000000000 R09: fffffbfff1d417ce
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffffea0001e675f4 R14: 1ffff1100521293b R15: ffff8880290949d8
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ce8a7f3f58 CR3: 0000000018a47000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (503):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/12 06:34 linux-6.1.y 420102835862 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/01/01 11:24 linux-6.1.y 563edd786f0a d3ccff63 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/11/12 19:14 linux-6.1.y d7039b844a1c 75bb1b32 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/10/27 12:30 linux-6.1.y 7ec6f9fa3d97 65e8686b .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/17 00:48 linux-6.1.y 02b72ccb5f9d f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/16 02:46 linux-6.1.y 02b72ccb5f9d cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/15 18:08 linux-6.1.y 02b72ccb5f9d cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/15 03:17 linux-6.1.y 02b72ccb5f9d d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/14 15:44 linux-6.1.y 02b72ccb5f9d a4fa04ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/12 19:14 linux-6.1.y 02b72ccb5f9d f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/10 23:18 linux-6.1.y 02b72ccb5f9d 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/09 22:50 linux-6.1.y 02b72ccb5f9d 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/09 21:11 linux-6.1.y 02b72ccb5f9d 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/09 17:16 linux-6.1.y 02b72ccb5f9d 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/09 12:15 linux-6.1.y 02b72ccb5f9d bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/09 03:59 linux-6.1.y ac7079a42ea5 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/08 21:29 linux-6.1.y ac7079a42ea5 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/07 19:03 linux-6.1.y ac7079a42ea5 dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/06 20:50 linux-6.1.y ac7079a42ea5 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/06 04:17 linux-6.1.y ac7079a42ea5 ae98e6b9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/05 15:59 linux-6.1.y ac7079a42ea5 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/05 13:30 linux-6.1.y ac7079a42ea5 6ca47dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/02 18:32 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/02 11:22 linux-6.1.y b6736e03756f d7f099d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/02 09:20 linux-6.1.y b6736e03756f d7f099d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/01 15:20 linux-6.1.y 535ec20c5027 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/05/01 13:48 linux-6.1.y 535ec20c5027 51b137cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/30 23:56 linux-6.1.y 535ec20c5027 ce7952f4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/29 22:24 linux-6.1.y 535ec20c5027 85a5a23f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/28 22:25 linux-6.1.y 535ec20c5027 aeb6ec69 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/28 18:38 linux-6.1.y 535ec20c5027 c6b4fb39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/25 12:55 linux-6.1.y 535ec20c5027 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/25 12:54 linux-6.1.y 535ec20c5027 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/25 07:33 linux-6.1.y 420102835862 e3715315 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/23 20:51 linux-6.1.y 420102835862 73a168d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/23 03:33 linux-6.1.y 420102835862 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/22 23:06 linux-6.1.y 420102835862 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/22 20:52 linux-6.1.y 420102835862 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/22 04:01 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/22 01:12 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/22 00:08 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/21 18:54 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/19 18:48 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/18 21:35 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/18 06:34 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/18 00:11 linux-6.1.y 420102835862 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/17 12:40 linux-6.1.y 420102835862 229db4cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/10/23 12:46 linux-6.1.y 7ec6f9fa3d97 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
* Struck through repros no longer work on HEAD.