syzbot

 sign-in | mailing list | source | docs
🐞 Open [779]
🐞 Fixed [131]
🐞 Invalid [869]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/12/24 12:58
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8070a6cb99d47d0aeed0@syzkaller.appspotmail.com
First crash: 262d, last: 34d
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/12/27 linux-6.1.y (ToT) 29f02ec58a94 C [report] BUG: Bad page state in corrupted
2024/12/27 upstream (ToT) d6ef8b40d075 C Didn't crash
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in corrupted origin:upstream -1 C error 6 2d01h 297d 0/3 upstream: reported C repro on 2024/11/19 11:50
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2025/03/04 10:00 16m bisect fix linux-6.1.y error job log
2025/01/30 15:39 3h12m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
BUG: Bad page state in process syz-executor332  pfn:10fcf8
page:00000000442a13a5 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x10fcf8
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc000332a088 ffff800020c07560 0000000000000000
raw: 0000000000000004 ffff0000cca83000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 0 PID: 4319 Comm: syz-executor332 Not tainted 6.1.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x62c/0xb18 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8ec mm/page_alloc.c:3525
 release_pages+0xd84/0xfac mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2a8/0xd20 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xe8/0x108 fs/super.c:363
 cleanup_mnt+0x37c/0x404 fs/namespace.c:1182
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1189
 task_work_run+0x1ec/0x270 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x54c/0x19a8 kernel/exit.c:880
 do_group_exit+0x194/0x22c kernel/exit.c:1022
 __do_sys_exit_group kernel/exit.c:1033 [inline]
 __se_sys_exit_group kernel/exit.c:1031 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1031
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: Bad page state in process syz-executor332  pfn:10ca82
page:00000000c0636343 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x10ca82
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc00036d0708 ffff800020c07560 0000000000000000
raw: 0000000000000003 ffff0000cca830f8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 0 PID: 4319 Comm: syz-executor332 Tainted: G    B              6.1.147-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/18/2025
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x62c/0xb18 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8ec mm/page_alloc.c:3525
 release_pages+0xd84/0xfac mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2a8/0xd20 mm/truncate.c:372
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:451
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x124 fs/super.c:332
 deactivate_super+0xe8/0x108 fs/super.c:363
 cleanup_mnt+0x37c/0x404 fs/namespace.c:1182
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1189
 task_work_run+0x1ec/0x270 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x54c/0x19a8 kernel/exit.c:880
 do_group_exit+0x194/0x22c kernel/exit.c:1022
 __do_sys_exit_group kernel/exit.c:1033 [inline]
 __se_sys_exit_group kernel/exit.c:1031 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1031
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Crashes (6):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/09 10:20 linux-6.1.y 3594f306da12 32a0e5ed .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 21:09 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 20:43 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/03/04 19:16 linux-6.1.y 3a8358583626 c3901742 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 13:34 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 12:57 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.