syzbot

 sign-in | mailing list | source | docs
🐞 Open [745]
🐞 Fixed [120]
🐞 Invalid [783]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/12/24 12:58
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8070a6cb99d47d0aeed0@syzkaller.appspotmail.com
First crash: 179d, last: 109d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/12/27 linux-6.1.y (ToT) 29f02ec58a94 C [report] BUG: Bad page state in corrupted
2024/12/27 upstream (ToT) d6ef8b40d075 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in corrupted origin:upstream C error 5 16d 215d 0/3 upstream: reported C repro on 2024/11/19 11:50
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/03/04 10:00 16m bisect fix linux-6.1.y error job log
2025/01/30 15:39 3h12m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
BUG: Bad page state in process syz-executor413  pfn:1144af
page:0000000059656dab refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1144af
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc00034c1848 ffff8000212a7560 0000000000000000
raw: 0000000000000004 ffff0000c9bfaba0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 0 PID: 4292 Comm: syz-executor413 Not tainted 6.1.129-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 bad_page+0x1a4/0x1c4 mm/page_alloc.c:699
 free_page_is_bad_report mm/page_alloc.c:1281 [inline]
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x3a0/0x1330 mm/page_alloc.c:3384
 free_unref_page_list+0xec/0x9c0 mm/page_alloc.c:3525
 release_pages+0x11c0/0x1418 mm/swap.c:1035
 __pagevec_release+0x94/0x10c mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x388/0xf10 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:275
 jfs_umount+0x1cc/0x338 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x328 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xf0/0x110 fs/super.c:363
 cleanup_mnt+0x394/0x41c fs/namespace.c:1186
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193
 task_work_run+0x240/0x2f0 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x550/0x1a84 kernel/exit.c:871
 do_group_exit+0x194/0x22c kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1030
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: Bad page state in process syz-executor413  pfn:113061
page:00000000e1bc6a91 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x113061
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc0003515a08 ffff8000212a7560 0000000000000000
raw: 0000000000000003 ffff0000c9bfac98 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4292 Comm: syz-executor413 Tainted: G    B              6.1.129-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 bad_page+0x1a4/0x1c4 mm/page_alloc.c:699
 free_page_is_bad_report mm/page_alloc.c:1281 [inline]
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x3a0/0x1330 mm/page_alloc.c:3384
 free_unref_page_list+0xec/0x9c0 mm/page_alloc.c:3525
 release_pages+0x11c0/0x1418 mm/swap.c:1035
 __pagevec_release+0x94/0x10c mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x388/0xf10 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:275
 jfs_umount+0x1cc/0x338 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x328 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xf0/0x110 fs/super.c:363
 cleanup_mnt+0x394/0x41c fs/namespace.c:1186
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193
 task_work_run+0x240/0x2f0 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x550/0x1a84 kernel/exit.c:871
 do_group_exit+0x194/0x22c kernel/exit.c:1021
 __do_sys_exit_group kernel/exit.c:1032 [inline]
 __se_sys_exit_group kernel/exit.c:1030 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1030
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/04 19:16 linux-6.1.y 3a8358583626 c3901742 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 13:34 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 12:57 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.