syzbot

 sign-in | mailing list | source | docs
🐞 Open [681]
🐞 Fixed [69]
🐞 Invalid [841]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in __get_metapage

Status: upstream: reported C repro on 2024/10/23 03:58
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+5f8f8e6c75b01fb682cf@syzkaller.appspotmail.com
First crash: 180d, last: 1d03h
Bug presence (1)
Date Name Commit Repro Result
2024/11/01 upstream (ToT) c426456857fa C [report] INFO: task hung in lmLogClose
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 BUG: Bad page state in __get_metapage origin:upstream missing-backport C done 437 35m 180d 0/3 upstream: reported C repro on 2024/10/23 12:46

Sample crash report:
blkno = 5002c, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
BUG: Bad page state in process jfsCommit  pfn:79b08
page:ffffea0001e6c200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x24 pfn:0x79b08
flags: 0xfff00000002005(locked|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002005 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000024 ffff8880193fdd90 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0xc40(GFP_NOFS), pid 4170, ts 51721610674, free_ts 45728257132
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x3b78/0x3d40 mm/page_alloc.c:4192
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5465
 __page_cache_alloc+0xd4/0x4a0 mm/filemap.c:1022
 do_read_cache_page+0x1e5/0x1040 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x398/0x1070 fs/jfs/jfs_metapage.c:621
 diRead+0x707/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x88/0x3b0 fs/jfs/inode.c:35
 jfs_lookup+0x222/0x400 fs/jfs/namei.c:1467
 __lookup_slow+0x275/0x3d0 fs/namei.c:1663
 lookup_slow+0x53/0x70 fs/namei.c:1680
 walk_component+0x48c/0x610 fs/namei.c:1976
 lookup_last fs/namei.c:2431 [inline]
 path_lookupat+0x16f/0x450 fs/namei.c:2455
 filename_lookup+0x230/0x5c0 fs/namei.c:2484
 user_path_at_empty+0x40/0x180 fs/namei.c:2883
 user_path_at include/linux/namei.h:57 [inline]
 path_setxattr+0xae/0x2a0 fs/xattr.c:625
 __do_sys_lsetxattr fs/xattr.c:653 [inline]
 __se_sys_lsetxattr fs/xattr.c:649 [inline]
 __x64_sys_lsetxattr+0xb4/0xd0 fs/xattr.c:649
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page+0x95/0x2d0 mm/page_alloc.c:3396
 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline]
 pipe_read+0x6e4/0x12b0 fs/pipe.c:323
 call_read_iter include/linux/fs.h:2168 [inline]
 new_sync_read fs/read_write.c:404 [inline]
 vfs_read+0xa93/0xe10 fs/read_write.c:485
 ksys_read+0x1a2/0x2c0 fs/read_write.c:623
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
Modules linked in:
CPU: 1 PID: 276 Comm: jfsCommit Not tainted 5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x48d/0xcf0 mm/page_alloc.c:3317
 free_unref_page+0x95/0x2d0 mm/page_alloc.c:3396
 txUnlock+0x282/0xca0 fs/jfs/jfs_txnmgr.c:932
 txLazyCommit fs/jfs/jfs_txnmgr.c:2716 [inline]
 jfs_lazycommit+0x5cd/0xc30 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
page:ffffea0001e6c200 refcount:0 mapcount:0 mapping:0000000000000000 index:0x24 pfn:0x79b08
flags: 0xfff00000002005(locked|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002005 dead000000000100 dead000000000122 0000000000000000
raw: 0000000000000024 ffff8880193fdd90 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(((unsigned int) page_ref_count(page) + 127u <= 127u))
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0xc40(GFP_NOFS), pid 4170, ts 51721610674, free_ts 45728257132
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x3b78/0x3d40 mm/page_alloc.c:4192
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5465
 __page_cache_alloc+0xd4/0x4a0 mm/filemap.c:1022
 do_read_cache_page+0x1e5/0x1040 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x398/0x1070 fs/jfs/jfs_metapage.c:621
 diRead+0x707/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x88/0x3b0 fs/jfs/inode.c:35
 jfs_lookup+0x222/0x400 fs/jfs/namei.c:1467
 __lookup_slow+0x275/0x3d0 fs/namei.c:1663
 lookup_slow+0x53/0x70 fs/namei.c:1680
 walk_component+0x48c/0x610 fs/namei.c:1976
 lookup_last fs/namei.c:2431 [inline]
 path_lookupat+0x16f/0x450 fs/namei.c:2455
 filename_lookup+0x230/0x5c0 fs/namei.c:2484
 user_path_at_empty+0x40/0x180 fs/namei.c:2883
 user_path_at include/linux/namei.h:57 [inline]
 path_setxattr+0xae/0x2a0 fs/xattr.c:625
 __do_sys_lsetxattr fs/xattr.c:653 [inline]
 __se_sys_lsetxattr fs/xattr.c:649 [inline]
 __x64_sys_lsetxattr+0xb4/0xd0 fs/xattr.c:649
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page+0x95/0x2d0 mm/page_alloc.c:3396
 pipe_buf_release include/linux/pipe_fs_i.h:219 [inline]
 pipe_read+0x6e4/0x12b0 fs/pipe.c:323
 call_read_iter include/linux/fs.h:2168 [inline]
 new_sync_read fs/read_write.c:404 [inline]
 vfs_read+0xa93/0xe10 fs/read_write.c:485
 ksys_read+0x1a2/0x2c0 fs/read_write.c:623
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1213!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 276 Comm: jfsCommit Tainted: G    B             5.15.176-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:get_page include/linux/mm.h:1213 [inline]
RIP: 0010:put_metapage+0x283/0x290 fs/jfs/jfs_metapage.c:722
Code: 03 38 c1 0f 8c f8 fe ff ff 4c 89 ff e8 f6 24 db fe e9 eb fe ff ff e8 cc 3c 91 fe 4c 89 e7 48 c7 c6 20 51 e2 8a e8 cd 9e c7 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 57 41 56 41 55 41 54
RSP: 0018:ffffc90002d7fcc0 EFLAGS: 00010246
RAX: c61e5f343b72d500 RBX: 000000000000007f RCX: ffff88801e9c0000
RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
RBP: ffff8880193fdd90 R08: ffffffff81d12fb4 R09: ffffed10171e67a8
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffea0001e6c200
R13: ffff8880193fddb8 R14: 1ffff1100327fbb7 R15: ffffea0001e6c234
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f24fd403000 CR3: 000000007ea9a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 txUnlock+0x42f/0xca0 fs/jfs/jfs_txnmgr.c:947
 txLazyCommit fs/jfs/jfs_txnmgr.c:2716 [inline]
 jfs_lazycommit+0x5cd/0xc30 fs/jfs/jfs_txnmgr.c:2766
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
Modules linked in:
---[ end trace 59044f851a576513 ]---
RIP: 0010:get_page include/linux/mm.h:1213 [inline]
RIP: 0010:put_metapage+0x283/0x290 fs/jfs/jfs_metapage.c:722
Code: 03 38 c1 0f 8c f8 fe ff ff 4c 89 ff e8 f6 24 db fe e9 eb fe ff ff e8 cc 3c 91 fe 4c 89 e7 48 c7 c6 20 51 e2 8a e8 cd 9e c7 fe <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 57 41 56 41 55 41 54
RSP: 0018:ffffc90002d7fcc0 EFLAGS: 00010246
RAX: c61e5f343b72d500 RBX: 000000000000007f RCX: ffff88801e9c0000
RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
RBP: ffff8880193fdd90 R08: ffffffff81d12fb4 R09: ffffed10171e67a8
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffea0001e6c200
R13: ffff8880193fddb8 R14: 1ffff1100327fbb7 R15: ffffea0001e6c234
FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005613ce6c4078 CR3: 000000007ea9a000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (507):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/22 11:48 linux-5.15.y 4735586da88e da72ac06 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2024/11/16 13:34 linux-5.15.y d98fd109f827 cfe3a04a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2024/10/27 19:53 linux-5.15.y 74cdd62cb470 65e8686b .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/20 21:44 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/19 20:12 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/18 21:06 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/18 05:51 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/18 05:44 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/17 23:46 linux-5.15.y f7347f400572 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/17 10:18 linux-5.15.y f7347f400572 229db4cf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/15 00:41 linux-5.15.y f7347f400572 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/14 16:53 linux-5.15.y f7347f400572 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/14 09:44 linux-5.15.y f7347f400572 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/07 22:08 linux-5.15.y 0c935c049b5c a2ada0e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/05 07:12 linux-5.15.y 0c935c049b5c c53ea9c9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/04/02 11:50 linux-5.15.y 0c935c049b5c c799dfdd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/29 11:01 linux-5.15.y 0c935c049b5c cf25e2c2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/27 17:51 linux-5.15.y 0c935c049b5c 6c09fb82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/27 09:55 linux-5.15.y 0c935c049b5c 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/26 21:35 linux-5.15.y 0c935c049b5c 20510e88 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/26 09:39 linux-5.15.y 0c935c049b5c 89d30d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/26 05:19 linux-5.15.y 0c935c049b5c 89d30d73 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/25 02:43 linux-5.15.y 0c935c049b5c 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/23 17:58 linux-5.15.y 0c935c049b5c 4e8d3850 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/22 01:23 linux-5.15.y 0c935c049b5c c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/21 14:40 linux-5.15.y 0c935c049b5c 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/20 22:38 linux-5.15.y 0c935c049b5c 62330552 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/20 10:15 linux-5.15.y 0c935c049b5c 9209bc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/18 22:12 linux-5.15.y 0c935c049b5c 22a6c2b1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/17 05:18 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/16 20:43 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/16 10:48 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/15 10:48 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/15 02:31 linux-5.15.y 0c935c049b5c e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/12 03:44 linux-5.15.y c16c81c81336 ee70e6db .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/12 03:39 linux-5.15.y c16c81c81336 ee70e6db .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/09 02:51 linux-5.15.y c16c81c81336 163f510d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/08 17:54 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/08 04:43 linux-5.15.y c16c81c81336 7e3bd60d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/03/04 05:34 linux-5.15.y c16c81c81336 c3901742 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/27 12:55 linux-5.15.y c16c81c81336 6a8fcbc4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/26 11:36 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/26 07:57 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/23 22:25 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/23 13:35 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/23 12:14 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/23 10:56 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2025/02/23 10:50 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
2024/10/23 03:57 linux-5.15.y 74cdd62cb470 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state in __get_metapage
* Struck through repros no longer work on HEAD.