syzbot


BUG: Bad page state

Status: upstream: reported C repro on 2023/04/16 11:16
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+d0394eeeb4816974b389@syzkaller.appspotmail.com
First crash: 405d, last: 3d19h
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2023/05/26 upstream (ToT) 0d85b27b0cc6 C [report] BUG: Bad page state
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Bad page state (3) usb C 3 2329d 2336d 4/26 fixed on 2018/02/02 04:39
linux-4.14 BUG: Bad page state C 9 458d 600d 0/1 upstream: reported C repro on 2022/10/03 07:33
upstream BUG: Bad page state (5) mm C 171 1914d 1927d 0/26 closed as invalid on 2019/02/27 20:53
linux-4.19 BUG: Bad page state 1 916d 916d 0/1 auto-closed as invalid on 2022/03/21 10:57
linux-4.19 BUG: Bad page state (2) 1 726d 726d 0/1 auto-obsoleted due to no activity on 2022/09/26 19:49
upstream BUG: Bad page state (7) mm 3 1364d 1421d 0/26 auto-closed as invalid on 2020/12/28 02:44
linux-6.1 BUG: Bad page state origin:upstream C 174 22d 364d 0/3 upstream: reported C repro on 2023/05/27 10:10
linux-4.19 BUG: Bad page state (3) C error 1 600d 600d 0/1 upstream: reported C repro on 2022/10/02 20:53
android-49 BUG: Bad page state 3 1696d 1720d 0/3 auto-closed as invalid on 2020/01/30 18:48
android-54 BUG: Bad page state C 9 1517d 1548d 0/2 auto-obsoleted due to no activity on 2022/08/26 22:10
upstream BUG: Bad page state (2) crypto 1 2371d 2367d 0/26 closed as invalid on 2017/12/06 12:57
upstream BUG: Bad page state (4) sound 1 2133d 2133d 0/26 closed as invalid on 2018/09/05 12:51
upstream BUG: Bad page state (6) mm C 2 1913d 1913d 0/26 closed as invalid on 2019/03/01 18:38
upstream BUG: Bad page state C 2 2474d 2475d 3/26 fixed on 2017/10/24 06:54
upstream BUG: Bad page state (8) jfs mm C 8567 1h37m 1209d 1/26 upstream: reported C repro on 2021/02/01 10:07
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2023/12/31 04:47 0m bisect fix linux-5.15.y error job log (0)
2023/12/01 01:03 1h46m bisect fix linux-5.15.y job log (0) log
2023/09/08 23:14 1h12m bisect fix linux-5.15.y job log (0) log
2023/06/27 01:23 1h02m bisect fix linux-5.15.y job log (0) log

Sample crash report:
JFS: sb_issue_discard(ffff8880790c6000, 2251799813686272, 1024, GFP_NOFS, 0) = -5 => failed!
blkno = 8000000000400, nblocks = 400
ERROR: (device loop0): dbFree: block to be freed is outside the map
BUG: Bad page state in process syz-executor307  pfn:1df21
page:ffffea000077c840 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x1df21
flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000002006 ffffea0001f79b48 ffffc90002207880 0000000000000000
raw: 0000000000000004 ffff88801e6159b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0xc40(GFP_NOFS), pid 3502, ts 41390766766, free_ts 41389671136
 prep_new_page mm/page_alloc.c:2426 [inline]
 get_page_from_freelist+0x322a/0x33c0 mm/page_alloc.c:4159
 __alloc_pages+0x272/0x700 mm/page_alloc.c:5421
 __page_cache_alloc+0xd4/0x4a0 mm/filemap.c:1022
 do_read_cache_page+0x1e5/0x1040 mm/filemap.c:3457
 read_mapping_page include/linux/pagemap.h:515 [inline]
 __get_metapage+0x398/0x1070 fs/jfs/jfs_metapage.c:621
 dbAllocCtl+0xd5/0x920 fs/jfs/jfs_dmap.c:1884
 dbAllocAG+0x28b/0x10b0 fs/jfs/jfs_dmap.c:1432
 dbDiscardAG+0x34e/0xa10 fs/jfs/jfs_dmap.c:1681
 jfs_ioc_trim+0x42f/0x660 fs/jfs/jfs_discard.c:100
 jfs_ioctl+0x2ac/0x3a0 fs/jfs/ioctl.c:132
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:874 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:860
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1340 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0xc34/0xcf0 mm/page_alloc.c:3317
 free_unref_page+0x95/0x2d0 mm/page_alloc.c:3396
 do_slab_free mm/slub.c:3487 [inline]
 ___cache_free+0xe3/0x100 mm/slub.c:3506
 qlist_free_all+0x36/0x90 mm/kasan/quarantine.c:176
 kasan_quarantine_reduce+0x162/0x180 mm/kasan/quarantine.c:283
 __kasan_slab_alloc+0x2f/0xc0 mm/kasan/common.c:444
 kasan_slab_alloc include/linux/kasan.h:254 [inline]
 slab_post_alloc_hook+0x53/0x380 mm/slab.h:519
 slab_alloc_node mm/slub.c:3220 [inline]
 slab_alloc mm/slub.c:3228 [inline]
 kmem_cache_alloc+0xf3/0x280 mm/slub.c:3233
 getname_flags+0xb8/0x4e0 fs/namei.c:138
 do_sys_openat2+0xd2/0x500 fs/open.c:1205
 do_sys_open fs/open.c:1227 [inline]
 __do_sys_openat fs/open.c:1243 [inline]
 __se_sys_openat fs/open.c:1238 [inline]
 __x64_sys_openat+0x243/0x290 fs/open.c:1238
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
Modules linked in:
CPU: 0 PID: 3502 Comm: syz-executor307 Not tainted 5.15.152-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x48d/0xcf0 mm/page_alloc.c:3317
 free_unref_page_list+0x1f7/0x8e0 mm/page_alloc.c:3433
 release_pages+0x1bb9/0x1f40 mm/swap.c:963
 __pagevec_release+0x80/0xf0 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x48b/0x1290 mm/truncate.c:329
 dbUnmount+0x111/0x180 fs/jfs/jfs_dmap.c:275
 jfs_umount+0x1fe/0x370 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x86/0x180 fs/jfs/super.c:194
 generic_shutdown_super+0x136/0x2c0 fs/super.c:475
 kill_block_super+0x7a/0xe0 fs/super.c:1414
 deactivate_locked_super+0xa0/0x110 fs/super.c:335
 cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
 task_work_run+0x129/0x1a0 kernel/task_work.c:164
 exit_task_work include/linux/task_work.h:32 [inline]
 do_exit+0x6a3/0x2480 kernel/exit.c:872
 do_group_exit+0x144/0x310 kernel/exit.c:994
 __do_sys_exit_group kernel/exit.c:1005 [inline]
 __se_sys_exit_group kernel/exit.c:1003 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1003
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fe98631a7c9
Code: Unable to access opcode bytes at RIP 0x7fe98631a79f.
RSP: 002b:00007ffd9cc60178 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fe98631a7c9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007fe98639b2d0 R08: ffffffffffffffb8 R09: 00007ffd9cc60250
R10: 0000000000005e8b R11: 0000000000000246 R12: 00007fe98639b2d0
R13: 0000000000000000 R14: 00007fe98639c040 R15: 00007fe9862e8d00
 </TASK>

Crashes (53):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/20 07:52 linux-5.15.y b95c01af2113 a485f239 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state
2023/09/30 13:34 linux-5.15.y b911329317b4 8e26a358 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state
2023/05/26 03:03 linux-5.15.y 1fe619a7d252 0513b3e6 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan BUG: Bad page state
2024/03/20 07:59 linux-5.15.y b95c01af2113 a485f239 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2023/05/27 22:36 linux-5.15.y 1fe619a7d252 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/05/21 20:27 linux-5.15.y 83655231580b 4c0d3ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/05/05 17:40 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/05/05 15:31 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/05/05 06:29 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/26 21:21 linux-5.15.y c52b9710c83d 059e9963 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/26 19:02 linux-5.15.y c52b9710c83d 059e9963 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/26 19:01 linux-5.15.y c52b9710c83d 059e9963 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/23 13:39 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/23 13:36 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/23 12:52 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/23 12:52 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/23 11:57 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/22 00:01 linux-5.15.y c52b9710c83d af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/16 07:38 linux-5.15.y fa3df276cd36 0d592ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/07 15:27 linux-5.15.y 9465fef4ae35 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/07 15:27 linux-5.15.y 9465fef4ae35 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/04/01 08:47 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/03/31 01:19 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/03/20 07:19 linux-5.15.y b95c01af2113 a485f239 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2023/10/30 22:58 linux-5.15.y 12952a23a5da b5729d82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2023/09/30 12:42 linux-5.15.y b911329317b4 8e26a358 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2024/05/15 08:15 linux-5.15.y 284087d4f7d5 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/05/13 05:56 linux-5.15.y 284087d4f7d5 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/05/06 02:48 linux-5.15.y 284087d4f7d5 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/04/27 10:01 linux-5.15.y c52b9710c83d 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/04/23 13:44 linux-5.15.y c52b9710c83d 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/04/15 02:32 linux-5.15.y fa3df276cd36 c8349e48 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/04/02 16:07 linux-5.15.y 9465fef4ae35 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/04/02 15:15 linux-5.15.y 9465fef4ae35 eb2966c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/31 01:17 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/31 01:12 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/31 01:05 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/30 19:15 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/30 19:15 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/30 19:15 linux-5.15.y 9465fef4ae35 6baf5069 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/29 11:57 linux-5.15.y 9465fef4ae35 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/29 11:57 linux-5.15.y 9465fef4ae35 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/29 11:57 linux-5.15.y 9465fef4ae35 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/21 06:52 linux-5.15.y b95c01af2113 6753db5c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/20 17:21 linux-5.15.y b95c01af2113 5b7d42ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/20 16:10 linux-5.15.y b95c01af2113 5b7d42ae .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2024/03/20 07:38 linux-5.15.y b95c01af2113 a485f239 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2023/05/26 00:11 linux-5.15.y 1fe619a7d252 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan BUG: Bad page state
2023/04/16 14:28 linux-5.15.y 4fdad925aa1a ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
2023/04/16 11:16 linux-5.15.y 4fdad925aa1a ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: Bad page state
* Struck through repros no longer work on HEAD.