syzbot

 sign-in | mailing list | source | docs
🐞 Open [394]
🐞 Fixed [20]
🐞 Invalid [103]
Missing Backports [14]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in __get_metapage

Status: upstream: reported C repro on 2025/06/20 20:02
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+fc5f83474e77007a7759@syzkaller.appspotmail.com
First crash: 179d, last: 17h52m
Bug presence (1)
Date Name Commit Repro Result
2025/06/25 upstream (ToT) 7595b66ae9de C [report] INFO: task hung in lmLogClose
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in __get_metapage origin:upstream -1 C 994 2d04h 419d 0/3 upstream: reported C repro on 2024/10/23 03:58
linux-6.1 BUG: Bad page state in __get_metapage origin:upstream missing-backport -1 C done 963 2h33m 419d 0/3 upstream: reported C repro on 2024/10/23 12:46

Sample crash report:
ERROR: (device loop0): remounting filesystem as read-only
ERROR: (device loop0): txCommit: 
blkno = 8f7c0, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAllocNext: Corrupt dmap page
ialloc: diAlloc returned -5!
BUG: Bad page state in process syz.0.17  pfn:24cef
page:ffffea0000933bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x24cef
flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff0000000820c ffffea000092ff48 ffffea0000953f08 0000000000000000
raw: 000000000000000d ffff888023e361f0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5950, tgid 5950 (syz.0.17), ts 106177299687, free_ts 105931375002
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291
 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004
 do_read_cache_folio+0x36c/0x7e0 mm/filemap.c:3768
 do_read_cache_page+0x32/0x250 mm/filemap.c:3870
 read_mapping_page include/linux/pagemap.h:892 [inline]
 __get_metapage+0x31a/0xfa0 fs/jfs/jfs_metapage.c:620
 diReadSpecial+0x25b/0x710 fs/jfs/jfs_imap.c:447
 jfs_mount+0x3d1/0x860 fs/jfs/jfs_mount.c:166
 jfs_fill_super+0x4e2/0xac0 fs/jfs/super.c:556
 mount_bdev+0x22b/0x2d0 fs/super.c:1643
 legacy_get_tree+0xea/0x180 fs/fs_context.c:662
 vfs_get_tree+0x8c/0x280 fs/super.c:1764
 do_new_mount+0x24b/0xa40 fs/namespace.c:3386
 do_mount fs/namespace.c:3726 [inline]
 __do_sys_mount fs/namespace.c:3935 [inline]
 __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 kmem_cache_alloc_node+0x150/0x330 mm/slub.c:3540
 __alloc_skb+0x108/0x2c0 net/core/skbuff.c:643
 alloc_skb include/linux/skbuff.h:1284 [inline]
 nlmsg_new include/net/netlink.h:1010 [inline]
 inet6_netconf_notify_devconf+0x10f/0x1d0 net/ipv6/addrconf.c:582
 __addrconf_sysctl_unregister net/ipv6/addrconf.c:7216 [inline]
 addrconf_sysctl_unregister net/ipv6/addrconf.c:7240 [inline]
 addrconf_ifdown+0x1544/0x1880 net/ipv6/addrconf.c:3978
 addrconf_notify+0x6c6/0x1010 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x197/0x390 kernel/notifier.c:93
 call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
 call_netdevice_notifiers net/core/dev.c:2078 [inline]
 unregister_netdevice_many_notify+0xf36/0x1810 net/core/dev.c:11086
Modules linked in:
CPU: 0 PID: 5950 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:512
 free_page_is_bad mm/page_alloc.c:961 [inline]
 free_pages_prepare mm/page_alloc.c:1146 [inline]
 free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336
 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475
 release_pages+0x1fa0/0x2220 mm/swap.c:1022
 __folio_batch_release+0x71/0xe0 mm/swap.c:1042
 folio_batch_release include/linux/pagevec.h:83 [inline]
 truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:396
 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451
 reconfigure_super+0x21e/0x880 fs/super.c:1151
 do_remount fs/namespace.c:2927 [inline]
 path_mount+0xd19/0xfe0 fs/namespace.c:3705
 do_mount fs/namespace.c:3726 [inline]
 __do_sys_mount fs/namespace.c:3935 [inline]
 __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7d53f90eea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
 </TASK>

Crashes (382):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/29 02:08 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/10/03 06:56 linux-6.6.y f34f16e5c632 49379ee0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/23 15:50 linux-6.6.y 6282921b6825 d6cdfb8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/23 15:14 linux-6.6.y 6282921b6825 d6cdfb8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/29 00:52 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/16 09:45 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/15 02:19 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/13 08:55 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/13 03:24 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/09 16:46 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/09 12:24 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/07 02:41 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/06 08:33 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/04 17:55 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/04 06:37 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/03 04:19 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/01 16:16 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/01 14:15 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/01 08:23 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/30 14:55 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/30 08:43 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/30 00:09 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/29 21:17 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/28 04:27 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/27 14:11 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/26 15:38 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/25 20:08 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/25 19:48 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/25 03:17 linux-6.6.y 1e89a1be4fe9 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/24 14:30 linux-6.6.y 1e89a1be4fe9 bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/24 00:11 linux-6.6.y 0a805b6ea8cd 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/21 21:16 linux-6.6.y 0a805b6ea8cd 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/21 09:31 linux-6.6.y 0a805b6ea8cd 280ea308 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/21 09:31 linux-6.6.y 0a805b6ea8cd 280ea308 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/20 12:42 linux-6.6.y 0a805b6ea8cd 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/19 21:13 linux-6.6.y 0a805b6ea8cd 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/19 13:37 linux-6.6.y 0a805b6ea8cd 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/19 08:20 linux-6.6.y 0a805b6ea8cd ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/18 19:09 linux-6.6.y 0a805b6ea8cd ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/18 19:06 linux-6.6.y 0a805b6ea8cd ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/17 14:53 linux-6.6.y 0a805b6ea8cd ef766cd7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/17 01:11 linux-6.6.y 0a805b6ea8cd f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/16 07:04 linux-6.6.y 0a805b6ea8cd f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/14 16:10 linux-6.6.y 0a805b6ea8cd f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/12 15:54 linux-6.6.y 0a805b6ea8cd 07e030de .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/11 21:31 linux-6.6.y 0a805b6ea8cd 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/11 06:48 linux-6.6.y 0a805b6ea8cd 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/09 18:36 linux-6.6.y 0a805b6ea8cd 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/20 20:02 linux-6.6.y 6282921b6825 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
* Struck through repros no longer work on HEAD.