syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [73]
🐞 Invalid [882]
Missing Backports [114]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/11/19 11:50
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+e1a8e77a8ed92160d3de@syzkaller.appspotmail.com
First crash: 199d, last: 1d03h
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2024/11/19 upstream (ToT) 158f238aa69d C [report] INFO: task hung in lmLogClose
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 BUG: Bad page state in corrupted origin:lts-only C error 3 94d 164d 0/3 upstream: reported C repro on 2024/12/24 12:58
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/06/06 04:47 11m retest repro linux-5.15.y report log
2025/05/19 23:09 11m retest repro linux-5.15.y report log
2025/05/03 19:33 26m retest repro linux-5.15.y report log
2025/05/03 19:33 1h32m retest repro linux-5.15.y report log
2025/05/03 19:33 13m retest repro linux-5.15.y report log
2025/03/28 04:16 13m retest repro linux-5.15.y report log

Sample crash report:
loop0: detected capacity change from 0 to 32768
BUG: Bad page state in process syz-executor174  pfn:109a27
page:00000000848929b0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x109a27
flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002006 fffffc000327f1c8 ffff80001f0b75e0 0000000000000000
raw: 0000000000000004 ffff0000c9fc6000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4021 Comm: syz-executor174 Not tainted 5.15.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Call trace:
 dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:652
 check_free_page_bad+0xf4/0x16c mm/page_alloc.c:1199
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x744/0xaa0 mm/page_alloc.c:3317
 free_unref_page_list+0xdc/0x754 mm/page_alloc.c:3433
 release_pages+0x13c8/0x16e0 mm/swap.c:963
 __pagevec_release+0x84/0xf8 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x29c/0x9b8 mm/truncate.c:329
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:425
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x2f0 fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1427
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0xf8/0x118 fs/super.c:366
 cleanup_mnt+0x3a4/0x458 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x12c/0x1e0 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x67c/0x1f58 kernel/exit.c:874
 do_group_exit+0x100/0x268 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1005
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
BUG: Bad page state in process syz-executor174  pfn:109fc7
page:0000000034059361 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x109fc7
flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002006 fffffc000369af48 ffff80001f0b75e0 0000000000000000
raw: 0000000000000003 ffff0000c9fc60f8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4021 Comm: syz-executor174 Tainted: G    B             5.15.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
Call trace:
 dump_backtrace+0x0/0x43c arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf8/0x160 lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:652
 check_free_page_bad+0xf4/0x16c mm/page_alloc.c:1199
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x744/0xaa0 mm/page_alloc.c:3317
 free_unref_page_list+0xdc/0x754 mm/page_alloc.c:3433
 release_pages+0x13c8/0x16e0 mm/swap.c:963
 __pagevec_release+0x84/0xf8 mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x29c/0x9b8 mm/truncate.c:329
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:425
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:279
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x2f0 fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1427
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0xf8/0x118 fs/super.c:366
 cleanup_mnt+0x3a4/0x458 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x12c/0x1e0 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x67c/0x1f58 kernel/exit.c:874
 do_group_exit+0x100/0x268 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1005
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/03 19:39 linux-5.15.y 16fdf2c7111b b0714e37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2025/04/19 16:06 linux-5.15.y f7347f400572 2a20f901 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2025/01/25 14:54 linux-5.15.y 003148680b79 9fbd772e .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2025/01/25 14:17 linux-5.15.y 003148680b79 9fbd772e .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2024/11/19 11:49 linux-5.15.y 0a51d2d4527b 571351cb .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.