syzbot


BUG: Bad page state (5)

Status: closed as invalid on 2019/02/27 20:53
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+2cd2887ea471ed6e6995@syzkaller.appspotmail.com
First crash: 1860d, last: 1847d
Discussions (1)
Title Replies (including bot) Last reply
BUG: Bad page state (5) 7 (8) 2019/02/28 18:27
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Bad page state (3) usb C 3 2262d 2269d 4/26 fixed on 2018/02/02 04:39
linux-4.14 BUG: Bad page state C 9 391d 533d 0/1 upstream: reported C repro on 2022/10/03 07:33
linux-4.19 BUG: Bad page state 1 848d 848d 0/1 auto-closed as invalid on 2022/03/21 10:57
linux-4.19 BUG: Bad page state (2) 1 659d 659d 0/1 auto-obsoleted due to no activity on 2022/09/26 19:49
upstream BUG: Bad page state (7) mm 3 1297d 1354d 0/26 auto-closed as invalid on 2020/12/28 02:44
linux-6.1 BUG: Bad page state origin:upstream C 7 6d19h 296d 0/3 upstream: reported C repro on 2023/05/27 10:10
linux-4.19 BUG: Bad page state (3) C error 1 533d 533d 0/1 upstream: reported C repro on 2022/10/02 20:53
android-49 BUG: Bad page state 3 1629d 1653d 0/3 auto-closed as invalid on 2020/01/30 18:48
android-54 BUG: Bad page state C 9 1450d 1481d 0/2 auto-obsoleted due to no activity on 2022/08/26 22:10
upstream BUG: Bad page state (2) crypto 1 2304d 2300d 0/26 closed as invalid on 2017/12/06 12:57
upstream BUG: Bad page state (4) sound 1 2066d 2066d 0/26 closed as invalid on 2018/09/05 12:51
upstream BUG: Bad page state (6) mm C 2 1845d 1845d 0/26 closed as invalid on 2019/03/01 18:38
upstream BUG: Bad page state C 2 2407d 2408d 3/26 fixed on 2017/10/24 06:54
linux-5.15 BUG: Bad page state origin:upstream C error 8 109d 337d 0/3 upstream: reported C repro on 2023/04/16 11:16
upstream BUG: Bad page state (8) mm C 7145 7h59m 1141d 1/26 upstream: reported C repro on 2021/02/01 10:07

Sample crash report:
BUG: Bad page state in process udevd  pfn:472f0
name:"memfd:" 
page:ffffea00011cbc00 count:0 mapcount:0 mapping:ffff88800df2ad40 index:0xf
shmem_aops 
flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
raw: 01fffc000008000c ffffea0000ac4f08 ffff8880a85af890 ffff88800df2ad40
raw: 000000000000000f 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: non-NULL mapping
Modules linked in:
CPU: 1 PID: 7586 Comm: udevd Not tainted 5.0.0-rc6-next-20190213 #34
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 bad_page.cold+0xda/0xff mm/page_alloc.c:586
 free_pages_check_bad+0x142/0x1a0 mm/page_alloc.c:1014
 free_pages_check mm/page_alloc.c:1023 [inline]
 free_pages_prepare mm/page_alloc.c:1113 [inline]
 free_pcp_prepare mm/page_alloc.c:1138 [inline]
 free_unref_page_prepare mm/page_alloc.c:2991 [inline]
 free_unref_page_list+0x31d/0xc40 mm/page_alloc.c:3060
name:"memfd:" 
 release_pages+0x60d/0x1940 mm/swap.c:791
 pagevec_lru_move_fn+0x218/0x2a0 mm/swap.c:213
 __pagevec_lru_add mm/swap.c:917 [inline]
 lru_add_drain_cpu+0x2f7/0x520 mm/swap.c:581
 lru_add_drain+0x20/0x60 mm/swap.c:652
 exit_mmap+0x290/0x530 mm/mmap.c:3134
 __mmput kernel/fork.c:1047 [inline]
 mmput+0x15f/0x4c0 kernel/fork.c:1068
 exec_mmap fs/exec.c:1046 [inline]
 flush_old_exec+0x8d9/0x1c20 fs/exec.c:1279
 load_elf_binary+0x9bc/0x53f0 fs/binfmt_elf.c:864
 search_binary_handler fs/exec.c:1656 [inline]
 search_binary_handler+0x17f/0x570 fs/exec.c:1634
 exec_binprm fs/exec.c:1698 [inline]
 __do_execve_file.isra.0+0x1394/0x23f0 fs/exec.c:1818
 do_execveat_common fs/exec.c:1865 [inline]
 do_execve fs/exec.c:1882 [inline]
 __do_sys_execve fs/exec.c:1958 [inline]
 __se_sys_execve fs/exec.c:1953 [inline]
 __x64_sys_execve+0x8f/0xc0 fs/exec.c:1953
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fc7001ba207
Code: Bad RIP value.
RSP: 002b:00007ffe06aa13b8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fc7001ba207
RDX: 0000000001fd5fd0 RSI: 00007ffe06aa14b0 RDI: 00007ffe06aa24c0
RBP: 0000000000625500 R08: 0000000000001c49 R09: 0000000000001c49
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001fd5fd0
R13: 0000000000000007 R14: 0000000001fc6250 R15: 0000000000000005
BUG: Bad page state in process udevd  pfn:2b13c
page:ffffea0000ac4f00 count:0 mapcount:0 mapping:ffff88800df2ad40 index:0xe
shmem_aops 
flags: 0x1fffc000008000c(uptodate|dirty|swapbacked)
raw: 01fffc000008000c ffff8880a85af890 ffff8880a85af890 ffff88800df2ad40
raw: 000000000000000e 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: non-NULL mapping
Modules linked in:
CPU: 1 PID: 7586 Comm: udevd Tainted: G    B             5.0.0-rc6-next-20190213 #34
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 bad_page.cold+0xda/0xff mm/page_alloc.c:586
name:"memfd:" 
 free_pages_check_bad+0x142/0x1a0 mm/page_alloc.c:1014
 free_pages_check mm/page_alloc.c:1023 [inline]
 free_pages_prepare mm/page_alloc.c:1113 [inline]
 free_pcp_prepare mm/page_alloc.c:1138 [inline]
 free_unref_page_prepare mm/page_alloc.c:2991 [inline]
 free_unref_page_list+0x31d/0xc40 mm/page_alloc.c:3060
 release_pages+0x60d/0x1940 mm/swap.c:791
 pagevec_lru_move_fn+0x218/0x2a0 mm/swap.c:213
 __pagevec_lru_add mm/swap.c:917 [inline]
 lru_add_drain_cpu+0x2f7/0x520 mm/swap.c:581
 lru_add_drain+0x20/0x60 mm/swap.c:652
 exit_mmap+0x290/0x530 mm/mmap.c:3134
 __mmput kernel/fork.c:1047 [inline]
 mmput+0x15f/0x4c0 kernel/fork.c:1068
 exec_mmap fs/exec.c:1046 [inline]
 flush_old_exec+0x8d9/0x1c20 fs/exec.c:1279
 load_elf_binary+0x9bc/0x53f0 fs/binfmt_elf.c:864
 search_binary_handler fs/exec.c:1656 [inline]
 search_binary_handler+0x17f/0x570 fs/exec.c:1634
 exec_binprm fs/exec.c:1698 [inline]
 __do_execve_file.isra.0+0x1394/0x23f0 fs/exec.c:1818
 do_execveat_common fs/exec.c:1865 [inline]
 do_execve fs/exec.c:1882 [inline]
 __do_sys_execve fs/exec.c:1958 [inline]
 __se_sys_execve fs/exec.c:1953 [inline]
 __x64_sys_execve+0x8f/0xc0 fs/exec.c:1953
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fc7001ba207
Code: Bad RIP value.
RSP: 002b:00007ffe06aa13b8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fc7001ba207
RDX: 0000000001fd5fd0 RSI: 00007ffe06aa14b0 RDI: 00007ffe06aa24c0
RBP: 0000000000625500 R08: 0000000000001c49 R09: 0000000000001c49
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000001fd5fd0
R13: 0000000000000007 R14: 0000000001fc6250 R15: 0000000000000005

Crashes (171):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/13 10:22 linux-next c4f3ef3eb53f 1eedba36 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/02/27 02:04 linux-next 8e7f81e2ebc4 f2468c12 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/27 00:35 linux-next 8e7f81e2ebc4 f2468c12 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 21:35 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 15:15 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 13:27 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 11:04 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 07:18 linux-next 2b46440ea715 8022bafd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/26 04:24 linux-next 2b46440ea715 8022bafd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 23:50 linux-next 2b46440ea715 8022bafd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 20:46 linux-next 2b46440ea715 8022bafd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 15:29 linux-next 2b46440ea715 a70141bf .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 10:42 linux-next 2b46440ea715 a70141bf .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 09:34 linux-next 2b46440ea715 a70141bf .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/25 07:49 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/24 16:52 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 22:37 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 20:59 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 20:58 linux-next 94a47529a645 7a06e792 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 18:23 linux-next 94a47529a645 18107ce0 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 15:56 linux-next 94a47529a645 18107ce0 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/23 11:10 linux-next 94a47529a645 18107ce0 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/22 20:06 linux-next 94a47529a645 6a5fcca4 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/22 15:31 linux-next 94a47529a645 6a5fcca4 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/22 01:01 linux-next 550f4769c7c4 7ff74a98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 23:43 linux-next 550f4769c7c4 7ff74a98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 23:01 linux-next 550f4769c7c4 7ff74a98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 21:52 linux-next 550f4769c7c4 7ff74a98 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 20:15 linux-next 550f4769c7c4 3133098b .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 17:20 linux-next 550f4769c7c4 3133098b .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 12:29 linux-next 550f4769c7c4 3133098b .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 11:03 linux-next 550f4769c7c4 3133098b .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 07:35 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/21 04:16 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 23:15 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 17:56 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 17:50 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 14:38 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 11:55 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 10:50 linux-next abf446c90405 c95f0707 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 02:52 linux-next 43dc36c945ef 4df543c9 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/20 01:05 linux-next 43dc36c945ef 4df543c9 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/13 08:32 linux-next c4f3ef3eb53f 1eedba36 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.