syzbot


BUG: Bad page state

Status: fixed on 2017/10/24 06:54
Fix commit: 263630e8d176 mm/madvise.c: fix freeing of locked page with MADV_FREE
First crash: 2440d, last: 2439d
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: Bad page state (3) usb C 3 2294d 2300d 4/26 fixed on 2018/02/02 04:39
linux-4.14 BUG: Bad page state C 9 423d 564d 0/1 upstream: reported C repro on 2022/10/03 07:33
upstream BUG: Bad page state (5) mm C 171 1879d 1892d 0/26 closed as invalid on 2019/02/27 20:53
linux-4.19 BUG: Bad page state 1 880d 880d 0/1 auto-closed as invalid on 2022/03/21 10:57
linux-4.19 BUG: Bad page state (2) 1 691d 691d 0/1 auto-obsoleted due to no activity on 2022/09/26 19:49
upstream BUG: Bad page state (7) mm 3 1329d 1385d 0/26 auto-closed as invalid on 2020/12/28 02:44
linux-6.1 BUG: Bad page state origin:upstream C 61 15d 328d 0/3 upstream: reported C repro on 2023/05/27 10:10
linux-4.19 BUG: Bad page state (3) C error 1 565d 565d 0/1 upstream: reported C repro on 2022/10/02 20:53
android-49 BUG: Bad page state 3 1661d 1685d 0/3 auto-closed as invalid on 2020/01/30 18:48
android-54 BUG: Bad page state C 9 1482d 1513d 0/2 auto-obsoleted due to no activity on 2022/08/26 22:10
upstream BUG: Bad page state (2) crypto 1 2336d 2332d 0/26 closed as invalid on 2017/12/06 12:57
upstream BUG: Bad page state (4) sound 1 2098d 2098d 0/26 closed as invalid on 2018/09/05 12:51
upstream BUG: Bad page state (6) mm C 2 1877d 1877d 0/26 closed as invalid on 2019/03/01 18:38
linux-5.15 BUG: Bad page state origin:upstream C error 32 3d21h 369d 0/3 upstream: reported C repro on 2023/04/16 11:16
upstream BUG: Bad page state (8) jfs mm C 7249 9m 1173d 1/26 upstream: reported C repro on 2021/02/01 10:07

Sample crash report:
page:ffffea0006f63580 count:0 mapcount:0 mapping:          (null) index:0x20ad6
flags: 0x200000000040019(locked|uptodate|dirty|swapbacked)
raw: 0200000000040019 0000000000000000 0000000000020ad6 00000000ffffffff
raw: ffffea0006f635a0 ffffea0006f635a0 0000000000000000 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags: 0x1(locked)
Modules linked in:
CPU: 0 PID: 13946 Comm: syzkaller249964 Not tainted 4.13.0-rc5+ #36
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 bad_page+0x230/0x2b0 mm/page_alloc.c:565
 free_pages_check_bad+0x1f0/0x2e0 mm/page_alloc.c:943
 free_pages_check mm/page_alloc.c:952 [inline]
 free_pages_prepare mm/page_alloc.c:1043 [inline]
 free_pcp_prepare mm/page_alloc.c:1068 [inline]
 free_hot_cold_page+0x8cf/0x12b0 mm/page_alloc.c:2584
 __put_single_page mm/swap.c:79 [inline]
 __put_page+0xfb/0x160 mm/swap.c:113
 put_page include/linux/mm.h:814 [inline]
 madvise_free_pte_range+0x137a/0x1ec0 mm/madvise.c:371
 walk_pmd_range mm/pagewalk.c:50 [inline]
 walk_pud_range mm/pagewalk.c:108 [inline]
 walk_p4d_range mm/pagewalk.c:134 [inline]
 walk_pgd_range mm/pagewalk.c:160 [inline]
 __walk_page_range+0xc3a/0x1450 mm/pagewalk.c:249
 walk_page_range+0x200/0x470 mm/pagewalk.c:326
 madvise_free_page_range.isra.9+0x17d/0x230 mm/madvise.c:444
 madvise_free_single_vma+0x353/0x580 mm/madvise.c:471
 madvise_dontneed_free mm/madvise.c:555 [inline]
 madvise_vma mm/madvise.c:664 [inline]
 SYSC_madvise mm/madvise.c:832 [inline]
 SyS_madvise+0x7d3/0x13c0 mm/madvise.c:760
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4462e9
RSP: 002b:00007febbc9a8d08 EFLAGS: 00000202 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004462e9
RDX: 0000010200000008 RSI: 0000000000012000 RDI: 0000000020ad6000
RBP: 0000000000000086 R08: 00007febbc9a9700 R09: 00007febbc9a9700
R10: 00007febbc9a9700 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffc37647b0f R14: 00007febbc9a99c0 R15: 0000000000000000

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/08/15 17:49 upstream fcd07350007b 6a0246bf .config console log report syz C ci-upstream-kasan-gce
2017/08/14 15:58 upstream ef954844c7ac 6a0246bf .config console log report syz C ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.