syzbot

 sign-in | mailing list | source | docs
🐞 Open [844]
🐞 Fixed [138]
🐞 Invalid [965]
Missing Backports [76]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/12/24 12:58
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8070a6cb99d47d0aeed0@syzkaller.appspotmail.com
First crash: 362d, last: 39d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/12/27 linux-6.1.y (ToT) 29f02ec58a94 C [report] BUG: Bad page state in corrupted
2024/12/27 upstream (ToT) d6ef8b40d075 C Didn't crash
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in corrupted origin:upstream -1 C error 6 1d20h 397d 0/3 upstream: reported C repro on 2024/11/19 11:50
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2025/09/28 04:51 2h07m fix candidate upstream OK (0) job log
2025/03/04 10:00 16m bisect fix linux-6.1.y error job log
2025/01/30 15:39 3h12m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
BUG: Bad page state in process syz-executor878  pfn:110c61
page:0000000004611903 refcount:0 mapcount:0 mapping:0000000000000000 index:0x5002c pfn:0x110c61
flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002006 fffffc00033991c8 ffff8000206d76e0 0000000000000000
raw: 000000000005002c ffff0000d24089b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4329 Comm: syz-executor878 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x62c/0xb18 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8ec mm/page_alloc.c:3525
 release_pages+0xd84/0xfac mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2a8/0xd20 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 jfs_remount+0x280/0x484 fs/jfs/super.c:451
 legacy_reconfigure+0xf8/0x110 fs/fs_context.c:655
 reconfigure_super+0x1d4/0x79c fs/super.c:977
 do_remount fs/namespace.c:2741 [inline]
 path_mount+0xbd4/0xe78 fs/namespace.c:3400
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount fs/namespace.c:3606 [inline]
 __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3606
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: Bad page state in process syz-executor878  pfn:10e647
page:0000000057fc9328 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1d pfn:0x10e647
flags: 0x5ffc00000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002046 fffffc000340a008 ffff8000206d76e0 0000000000000000
raw: 000000000000001d ffff0000d24087c0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4329 Comm: syz-executor878 Tainted: G    B              syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x62c/0xb18 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8ec mm/page_alloc.c:3525
 release_pages+0xd84/0xfac mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2a8/0xd20 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 jfs_remount+0x280/0x484 fs/jfs/super.c:451
 legacy_reconfigure+0xf8/0x110 fs/fs_context.c:655
 reconfigure_super+0x1d4/0x79c fs/super.c:977
 do_remount fs/namespace.c:2741 [inline]
 path_mount+0xbd4/0xe78 fs/namespace.c:3400
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount fs/namespace.c:3606 [inline]
 __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3606
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: Bad page state in process syz-executor878  pfn:110280
page:000000007be3fee7 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x110280
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc00034351c8 ffff8000206d76e0 0000000000000000
raw: 000000000000001c ffff0000d24086c8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 0 PID: 4329 Comm: syz-executor878 Tainted: G    B              syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x62c/0xb18 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8ec mm/page_alloc.c:3525
 release_pages+0xd84/0xfac mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2a8/0xd20 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 jfs_remount+0x280/0x484 fs/jfs/super.c:451
 legacy_reconfigure+0xf8/0x110 fs/fs_context.c:655
 reconfigure_super+0x1d4/0x79c fs/super.c:977
 do_remount fs/namespace.c:2741 [inline]
 path_mount+0xbd4/0xe78 fs/namespace.c:3400
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount fs/namespace.c:3606 [inline]
 __arm64_sys_mount+0x49c/0x584 fs/namespace.c:3606
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/12 03:49 linux-6.1.y f6e38ae624cf 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/10/05 08:10 linux-6.1.y 882efbdd9d34 49379ee0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/08/09 10:20 linux-6.1.y 3594f306da12 32a0e5ed .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 21:09 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 20:43 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/03/04 19:16 linux-6.1.y 3a8358583626 c3901742 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 13:34 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 12:57 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.