BUG: Bad page state in __get

Date	Name	Commit	Repro	Result
2025/06/25	upstream (ToT)	7595b66ae9de	C	[report] INFO: task hung in lmLogClose

Date

Name

Commit

Repro

Result

2025/06/25

upstream (ToT)

7595b66ae9de

[report] INFO: task hung in lmLogClose

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-5.15	BUG: Bad page state in __get_metapage origin:upstream	C			628	1h23m	251d	0/3	upstream: reported C repro on 2024/10/23 03:58
linux-6.1	BUG: Bad page state in __get_metapage origin:upstream missing-backport	C		done	754	15h43m	251d	0/3	upstream: reported C repro on 2024/10/23 12:46

syz-executor412[5767]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set loop0: detected capacity change from 0 to 32768 ERROR: (device loop0): duplicateIXtree: ERROR: (device loop0): remounting filesystem as read-only BUG: Bad page state in process syz-executor412 pfn:1f3f5 page:ffffea00007cfd40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x33 pfn:0x1f3f5 flags: 0xfff0000000800c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff0000000800c ffffea00007cfd08 ffffc900044af940 0000000000000000 raw: 0000000000000033 ffff88801f3f14d8 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5767, tgid 5767 (syz-executor412), ts 86370783825, free_ts 61215691603 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554 prep_new_page mm/page_alloc.c:1561 [inline] get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004 __filemap_get_folio+0x3ee/0xbc0 mm/filemap.c:1962 pagecache_get_page+0x2a/0x250 mm/folio-compat.c:99 find_or_create_page include/linux/pagemap.h:755 [inline] grab_cache_page include/linux/pagemap.h:877 [inline] __get_metapage+0x2a8/0xfa0 fs/jfs/jfs_metapage.c:613 diNewExt+0xa81/0x3120 fs/jfs/jfs_imap.c:2275 diAllocExt fs/jfs/jfs_imap.c:1952 [inline] diAllocAG+0xe7a/0x1de0 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d5/0x1660 fs/jfs/jfs_imap.c:1590 ialloc+0x8c/0x950 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x191/0xa30 fs/jfs/namei.c:225 vfs_mkdir+0x296/0x440 fs/namei.c:4113 do_mkdirat+0x1d4/0x440 fs/namei.c:4136 __do_sys_mkdir fs/namei.c:4156 [inline] __se_sys_mkdir fs/namei.c:4154 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4154 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1154 [inline] free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429 discard_slab mm/slub.c:2122 [inline] __unfreeze_partials+0x1cf/0x210 mm/slub.c:2662 put_cpu_partial+0x17c/0x250 mm/slub.c:2738 __slab_free+0x31d/0x410 mm/slub.c:3686 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767 slab_alloc_node mm/slub.c:3485 [inline] __kmem_cache_alloc_node+0x13e/0x260 mm/slub.c:3524 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:721 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x1104/0x1f10 security/tomoyo/audit.c:264 tomoyo_supervisor+0x32d/0x1080 security/tomoyo/common.c:2089 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x14a/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x1594/0x1a60 security/tomoyo/domain.c:881 tomoyo_bprm_check_security+0x116/0x170 security/tomoyo/tomoyo.c:101 Modules linked in: CPU: 1 PID: 5767 Comm: syz-executor412 Not tainted 6.6.94-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: <TASK> dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106 bad_page+0x14b/0x170 mm/page_alloc.c:512 free_page_is_bad mm/page_alloc.c:961 [inline] free_pages_prepare mm/page_alloc.c:1146 [inline] free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475 release_pages+0x1fa0/0x2220 mm/swap.c:1022 __folio_batch_release+0x71/0xe0 mm/swap.c:1042 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:371 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451 reconfigure_super+0x21e/0x880 fs/super.c:1151 do_remount fs/namespace.c:2900 [inline] path_mount+0xd19/0xfe0 fs/namespace.c:3685 do_mount fs/namespace.c:3706 [inline] __do_sys_mount fs/namespace.c:3915 [inline] __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3892 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f6c455d577a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd2a0b78f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c455d577a RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 RBP: 00002000000006c0 R08: 00007ffd2a0b7990 R09: 0000000000000000 R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 R13: 00007ffd2a0b7990 R14: 0000000000000000 R15: 0000200000000580 </TASK> BUG: Bad page state in process syz-executor412 pfn:1f3f4 page:ffffea00007cfd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x32 pfn:0x1f3f4 flags: 0xfff0000000800c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff0000000800c ffffea00007cfcc8 ffffc900044af940 0000000000000000 raw: 0000000000000032 ffff88801f3f13e0 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5767, tgid 5767 (syz-executor412), ts 86370730003, free_ts 61215691603 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554 prep_new_page mm/page_alloc.c:1561 [inline] get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004 __filemap_get_folio+0x3ee/0xbc0 mm/filemap.c:1962 pagecache_get_page+0x2a/0x250 mm/folio-compat.c:99 find_or_create_page include/linux/pagemap.h:755 [inline] grab_cache_page include/linux/pagemap.h:877 [inline] __get_metapage+0x2a8/0xfa0 fs/jfs/jfs_metapage.c:613 diNewExt+0xa81/0x3120 fs/jfs/jfs_imap.c:2275 diAllocExt fs/jfs/jfs_imap.c:1952 [inline] diAllocAG+0xe7a/0x1de0 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d5/0x1660 fs/jfs/jfs_imap.c:1590 ialloc+0x8c/0x950 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x191/0xa30 fs/jfs/namei.c:225 vfs_mkdir+0x296/0x440 fs/namei.c:4113 do_mkdirat+0x1d4/0x440 fs/namei.c:4136 __do_sys_mkdir fs/namei.c:4156 [inline] __se_sys_mkdir fs/namei.c:4154 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4154 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1154 [inline] free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429 discard_slab mm/slub.c:2122 [inline] __unfreeze_partials+0x1cf/0x210 mm/slub.c:2662 put_cpu_partial+0x17c/0x250 mm/slub.c:2738 __slab_free+0x31d/0x410 mm/slub.c:3686 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767 slab_alloc_node mm/slub.c:3485 [inline] __kmem_cache_alloc_node+0x13e/0x260 mm/slub.c:3524 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:721 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x1104/0x1f10 security/tomoyo/audit.c:264 tomoyo_supervisor+0x32d/0x1080 security/tomoyo/common.c:2089 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x14a/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x1594/0x1a60 security/tomoyo/domain.c:881 tomoyo_bprm_check_security+0x116/0x170 security/tomoyo/tomoyo.c:101 Modules linked in: CPU: 1 PID: 5767 Comm: syz-executor412 Tainted: G B 6.6.94-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: <TASK> dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106 bad_page+0x14b/0x170 mm/page_alloc.c:512 free_page_is_bad mm/page_alloc.c:961 [inline] free_pages_prepare mm/page_alloc.c:1146 [inline] free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475 release_pages+0x1fa0/0x2220 mm/swap.c:1022 __folio_batch_release+0x71/0xe0 mm/swap.c:1042 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:371 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451 reconfigure_super+0x21e/0x880 fs/super.c:1151 do_remount fs/namespace.c:2900 [inline] path_mount+0xd19/0xfe0 fs/namespace.c:3685 do_mount fs/namespace.c:3706 [inline] __do_sys_mount fs/namespace.c:3915 [inline] __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3892 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f6c455d577a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd2a0b78f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c455d577a RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 RBP: 00002000000006c0 R08: 00007ffd2a0b7990 R09: 0000000000000000 R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 R13: 00007ffd2a0b7990 R14: 0000000000000000 R15: 0000200000000580 </TASK> BUG: Bad page state in process syz-executor412 pfn:1f3f3 page:ffffea00007cfcc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x31 pfn:0x1f3f3 flags: 0xfff0000000800c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff0000000800c ffffea000077e1c8 ffffc900044af940 0000000000000000 raw: 0000000000000031 ffff88801f3f12e8 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5767, tgid 5767 (syz-executor412), ts 86370675274, free_ts 61215691603 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554 prep_new_page mm/page_alloc.c:1561 [inline] get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004 __filemap_get_folio+0x3ee/0xbc0 mm/filemap.c:1962 pagecache_get_page+0x2a/0x250 mm/folio-compat.c:99 find_or_create_page include/linux/pagemap.h:755 [inline] grab_cache_page include/linux/pagemap.h:877 [inline] __get_metapage+0x2a8/0xfa0 fs/jfs/jfs_metapage.c:613 diNewExt+0xa81/0x3120 fs/jfs/jfs_imap.c:2275 diAllocExt fs/jfs/jfs_imap.c:1952 [inline] diAllocAG+0xe7a/0x1de0 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d5/0x1660 fs/jfs/jfs_imap.c:1590 ialloc+0x8c/0x950 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x191/0xa30 fs/jfs/namei.c:225 vfs_mkdir+0x296/0x440 fs/namei.c:4113 do_mkdirat+0x1d4/0x440 fs/namei.c:4136 __do_sys_mkdir fs/namei.c:4156 [inline] __se_sys_mkdir fs/namei.c:4154 [inline] __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4154 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1154 [inline] free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429 discard_slab mm/slub.c:2122 [inline] __unfreeze_partials+0x1cf/0x210 mm/slub.c:2662 put_cpu_partial+0x17c/0x250 mm/slub.c:2738 __slab_free+0x31d/0x410 mm/slub.c:3686 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767 slab_alloc_node mm/slub.c:3485 [inline] __kmem_cache_alloc_node+0x13e/0x260 mm/slub.c:3524 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:721 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x1104/0x1f10 security/tomoyo/audit.c:264 tomoyo_supervisor+0x32d/0x1080 security/tomoyo/common.c:2089 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x14a/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x1594/0x1a60 security/tomoyo/domain.c:881 tomoyo_bprm_check_security+0x116/0x170 security/tomoyo/tomoyo.c:101 Modules linked in: CPU: 0 PID: 5767 Comm: syz-executor412 Tainted: G B 6.6.94-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: <TASK> dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106 bad_page+0x14b/0x170 mm/page_alloc.c:512 free_page_is_bad mm/page_alloc.c:961 [inline] free_pages_prepare mm/page_alloc.c:1146 [inline] free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475 release_pages+0x1fa0/0x2220 mm/swap.c:1022 __folio_batch_release+0x71/0xe0 mm/swap.c:1042 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:371 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451 reconfigure_super+0x21e/0x880 fs/super.c:1151 do_remount fs/namespace.c:2900 [inline] path_mount+0xd19/0xfe0 fs/namespace.c:3685 do_mount fs/namespace.c:3706 [inline] __do_sys_mount fs/namespace.c:3915 [inline] __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3892 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f6c455d577a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd2a0b78f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c455d577a RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 RBP: 00002000000006c0 R08: 00007ffd2a0b7990 R09: 0000000000000000 R10: 0000000001a4243c R11: 0000000000000286 R12: 0000200000000180 R13: 00007ffd2a0b7990 R14: 0000000000000000 R15: 0000200000000580 </TASK> BUG: Bad page state in process syz-executor412 pfn:1f3d0 page:ffffea00007cf400 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x1f3d0 flags: 0xfff0800000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff0800000820c ffffea00007ecc88 ffffea00007ecd88 0000000000000000 raw: 000000000000000d ffff88801fb33e88 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5767, tgid 5767 (syz-executor412), ts 86334106478, free_ts 61215883834 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554 prep_new_page mm/page_alloc.c:1561 [inline] get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004 do_read_cache_folio+0x36c/0x7e0 mm/filemap.c:3753 do_read_cache_page+0x32/0x250 mm/filemap.c:3855 read_mapping_page include/linux/pagemap.h:892 [inline] __get_metapage+0x31a/0xfa0 fs/jfs/jfs_metapage.c:620 diReadSpecial+0x25b/0x6f0 fs/jfs/jfs_imap.c:447 jfs_mount+0x3d1/0x860 fs/jfs/jfs_mount.c:166 jfs_fill_super+0x4e2/0xac0 fs/jfs/super.c:556 mount_bdev+0x22b/0x2d0 fs/super.c:1643 legacy_get_tree+0xea/0x180 fs/fs_context.c:662 vfs_get_tree+0x8c/0x280 fs/super.c:1764 do_new_mount+0x24b/0xa40 fs/namespace.c:3366 do_mount fs/namespace.c:3706 [inline] __do_sys_mount fs/namespace.c:3915 [inline] __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3892 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1154 [inline] free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429 discard_slab mm/slub.c:2122 [inline] __unfreeze_partials+0x1cf/0x210 mm/slub.c:2662 put_cpu_partial+0x17c/0x250 mm/slub.c:2738 __slab_free+0x31d/0x410 mm/slub.c:3686 qlink_free mm/kasan/quarantine.c:166 [inline] qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767 slab_alloc_node mm/slub.c:3485 [inline] __kmem_cache_alloc_node+0x13e/0x260 mm/slub.c:3524 kmalloc_trace+0x2a/0xe0 mm/slab_common.c:1098 kmalloc include/linux/slab.h:600 [inline] kzalloc include/linux/slab.h:721 [inline] tomoyo_print_bprm security/tomoyo/audit.c:26 [inline] tomoyo_init_log+0x1104/0x1f10 security/tomoyo/audit.c:264 tomoyo_supervisor+0x32d/0x1080 security/tomoyo/common.c:2089 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline] tomoyo_env_perm+0x14a/0x1e0 security/tomoyo/environ.c:63 tomoyo_environ security/tomoyo/domain.c:672 [inline] tomoyo_find_next_domain+0x1594/0x1a60 security/tomoyo/domain.c:881 tomoyo_bprm_check_security+0x116/0x170 security/tomoyo/tomoyo.c:101 Modules linked in: CPU: 0 PID: 5767 Comm: syz-executor412 Tainted: G B 6.6.94-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 Call Trace: <TASK> dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106 bad_page+0x14b/0x170 mm/page_alloc.c:512 free_page_is_bad mm/page_alloc.c:961 [inline] free_pages_prepare mm/page_alloc.c:1146 [inline] free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475 release_pages+0x1fa0/0x2220 mm/swap.c:1022 __folio_batch_release+0x71/0xe0 mm/swap.c:1042 folio_batch_release include/linux/pagevec.h:83 [inline] truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:371 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451 reconfigure_super+0x21e/0x880 fs/super.c:1151 do_remount fs/namespace.c:2900 [inline] path_mount+0xd19/0xfe0 fs/namespace.c:3685 do_mount fs/namespace.c:3706 [inline] __do_sys_mount fs/namespace.c:3915 [inline] __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3892 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f6c455d577a Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd2a0b78f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c455d577a RDX: 0000200000000180 RSI: 00002000000006c0 RDI: 0000000000000000 RBP: 000020000000

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/06/23 15:50	linux-6.6.y	6282921b6825	d6cdfb8a	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/23 15:14	linux-6.6.y	6282921b6825	d6cdfb8a	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/07/01 01:50	linux-6.6.y	3f5b4c104b7d	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/07/01 01:48	linux-6.6.y	3f5b4c104b7d	6e83b42d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/28 01:41	linux-6.6.y	3f5b4c104b7d	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/28 01:39	linux-6.6.y	3f5b4c104b7d	fc9d8ee5	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/27 09:30	linux-6.6.y	6282921b6825	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/27 09:30	linux-6.6.y	6282921b6825	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/27 09:16	linux-6.6.y	6282921b6825	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/27 09:16	linux-6.6.y	6282921b6825	803ce19b	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/24 08:33	linux-6.6.y	6282921b6825	e2f27c35	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/24 08:32	linux-6.6.y	6282921b6825	e2f27c35	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/20 20:02	linux-6.6.y	6282921b6825	804b3919	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage
2025/06/20 20:02	linux-6.6.y	6282921b6825	804b3919	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-6-kasan	BUG: Bad page state in __get_metapage