syzbot

 sign-in | mailing list | source | docs
🐞 Open [681]
🐞 Fixed [69]
🐞 Invalid [841]
Missing Backports [102]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/11/19 11:50
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+e1a8e77a8ed92160d3de@syzkaller.appspotmail.com
First crash: 153d, last: 2d08h
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2024/11/19 upstream (ToT) 158f238aa69d C [report] INFO: task hung in lmLogClose
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 BUG: Bad page state in corrupted origin:lts-only C error 3 48d 118d 0/3 upstream: reported C repro on 2024/12/24 12:58
Last patch testing requests (4)
Created Duration User Patch Repo Result
2025/03/28 04:16 13m retest repro linux-5.15.y report log
2025/02/08 18:18 17m retest repro linux-5.15.y report log
2025/02/08 18:18 12m retest repro linux-5.15.y report log
2024/12/03 12:04 16m retest repro linux-5.15.y report log

Sample crash report:
WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
BUG: Bad page state in process syz-executor117  pfn:108198
page:00000000eac8396b refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x108198
flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002006 fffffc0003250248 ffff80001fd275a0 0000000000000000
raw: 0000000000000004 ffff0000c9e32ba0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 0 PID: 4020 Comm: syz-executor117 Not tainted 5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 bad_page+0x1a4/0x1c4 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x4ec/0xe30 mm/page_alloc.c:3317
 free_unref_page_list+0xe4/0x7a8 mm/page_alloc.c:3433
 release_pages+0x1770/0x1a88 mm/swap.c:963
 __pagevec_release+0x94/0x10c mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x3ac/0xbe0 mm/truncate.c:329
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:425
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:275
 jfs_umount+0x1cc/0x338 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x2f0 fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1427
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x670/0x20bc kernel/exit.c:874
 do_group_exit+0x110/0x268 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1005
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
BUG: Bad page state in process syz-executor117  pfn:109409
page:00000000c58d3258 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x109409
flags: 0x5ffc00000002006(referenced|uptodate|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000002006 fffffc00034964c8 ffff80001fd275a0 0000000000000000
raw: 0000000000000003 ffff0000c9e32c98 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4020 Comm: syz-executor117 Tainted: G    B             5.15.180-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 bad_page+0x1a4/0x1c4 mm/page_alloc.c:652
 check_free_page_bad mm/page_alloc.c:1199 [inline]
 check_free_page mm/page_alloc.c:1209 [inline]
 free_pages_prepare mm/page_alloc.c:1334 [inline]
 free_pcp_prepare mm/page_alloc.c:1391 [inline]
 free_unref_page_prepare+0x4ec/0xe30 mm/page_alloc.c:3317
 free_unref_page_list+0xe4/0x7a8 mm/page_alloc.c:3433
 release_pages+0x1770/0x1a88 mm/swap.c:963
 __pagevec_release+0x94/0x10c mm/swap.c:983
 pagevec_release include/linux/pagevec.h:81 [inline]
 truncate_inode_pages_range+0x3ac/0xbe0 mm/truncate.c:329
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:425
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:275
 jfs_umount+0x1cc/0x338 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x2f0 fs/super.c:475
 kill_block_super+0x70/0xdc fs/super.c:1427
 deactivate_locked_super+0xb8/0x13c fs/super.c:335
 deactivate_super+0x108/0x128 fs/super.c:366
 cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1150
 task_work_run+0x130/0x1e4 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x670/0x20bc kernel/exit.c:874
 do_group_exit+0x110/0x268 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1005
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/04/19 16:06 linux-5.15.y f7347f400572 2a20f901 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2025/01/25 14:54 linux-5.15.y 003148680b79 9fbd772e .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2025/01/25 14:17 linux-5.15.y 003148680b79 9fbd772e .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
2024/11/19 11:49 linux-5.15.y 0a51d2d4527b 571351cb .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.