syzbot

 sign-in | mailing list | source | docs
🐞 Open [868]
🐞 Fixed [141]
🐞 Invalid [997]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in corrupted

Status: upstream: reported C repro on 2024/12/24 12:58
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+8070a6cb99d47d0aeed0@syzkaller.appspotmail.com
First crash: 401d, last: 4d13h
Fix bisection: failed (error log, bisect log)
  
Bug presence (2)
Date Name Commit Repro Result
2024/12/27 linux-6.1.y (ToT) 29f02ec58a94 C [report] BUG: Bad page state in corrupted
2024/12/27 upstream (ToT) d6ef8b40d075 C Didn't crash
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in corrupted origin:upstream -1 C error 6 26d 436d 0/3 upstream: reported C repro on 2024/11/19 11:50
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2025/09/28 04:51 2h07m fix candidate upstream OK (0) job log
2025/03/04 10:00 16m bisect fix linux-6.1.y error job log
2025/01/30 15:39 3h12m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
BUG: Bad page state in process syz-executor931  pfn:10bb1e
page:000000004145a7ed refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x10bb1e
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc0003609f08 ffff800020d77560 0000000000000000
raw: 0000000000000004 ffff0000d134b9b0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4317 Comm: syz-executor931 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x620/0xaf0 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8c8 mm/page_alloc.c:3525
 release_pages+0xd84/0xfb4 mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2d4/0xd68 mm/truncate.c:397
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:476
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x120 fs/super.c:332
 deactivate_super+0xe4/0x104 fs/super.c:363
 cleanup_mnt+0x390/0x418 fs/namespace.c:1191
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1198
 task_work_run+0x1ec/0x278 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x550/0x19b0 kernel/exit.c:880
 do_group_exit+0x194/0x22c kernel/exit.c:1022
 __do_sys_exit_group kernel/exit.c:1033 [inline]
 __se_sys_exit_group kernel/exit.c:1031 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1031
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
BUG: Bad page state in process syz-executor931  pfn:11827c
page:00000000a99015e1 refcount:0 mapcount:0 mapping:0000000000000000 index:0x3 pfn:0x11827c
flags: 0x5ffc60000002046(referenced|uptodate|workingset|private|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc60000002046 fffffc00033f2508 ffff800020d77560 0000000000000000
raw: 0000000000000003 ffff0000d134baa8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
Modules linked in:
CPU: 1 PID: 4317 Comm: syz-executor931 Tainted: G    B              syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
Call trace:
 dump_backtrace+0x1c0/0x1ec arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack+0x30/0x40 lib/dump_stack.c:88
 dump_stack_lvl+0xf4/0x15c lib/dump_stack.c:106
 dump_stack+0x1c/0x5c lib/dump_stack.c:113
 bad_page+0x188/0x1a8 mm/page_alloc.c:699
 free_page_is_bad_report+0xf8/0x170 mm/page_alloc.c:1281
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x620/0xaf0 mm/page_alloc.c:3384
 free_unref_page_list+0xd8/0x8c8 mm/page_alloc.c:3525
 release_pages+0xd84/0xfb4 mm/swap.c:1035
 __pagevec_release+0x84/0xf8 mm/swap.c:1055
 pagevec_release include/linux/pagevec.h:71 [inline]
 folio_batch_release include/linux/pagevec.h:135 [inline]
 truncate_inode_pages_range+0x2d4/0xd68 mm/truncate.c:397
 truncate_inode_pages+0x2c/0x3c mm/truncate.c:476
 dbUnmount+0xf4/0x168 fs/jfs/jfs_dmap.c:264
 jfs_umount+0x1c4/0x328 fs/jfs/jfs_umount.c:89
 jfs_put_super+0x90/0x188 fs/jfs/super.c:194
 generic_shutdown_super+0x130/0x324 fs/super.c:501
 kill_block_super+0x70/0xdc fs/super.c:1470
 deactivate_locked_super+0xac/0x120 fs/super.c:332
 deactivate_super+0xe4/0x104 fs/super.c:363
 cleanup_mnt+0x390/0x418 fs/namespace.c:1191
 __cleanup_mnt+0x20/0x30 fs/namespace.c:1198
 task_work_run+0x1ec/0x278 kernel/task_work.c:203
 exit_task_work include/linux/task_work.h:39 [inline]
 do_exit+0x550/0x19b0 kernel/exit.c:880
 do_group_exit+0x194/0x22c kernel/exit.c:1022
 __do_sys_exit_group kernel/exit.c:1033 [inline]
 __se_sys_exit_group kernel/exit.c:1031 [inline]
 __wake_up_parent+0x0/0x60 kernel/exit.c:1031
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b4 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x58/0x130 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x128 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/25 11:53 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2026/01/25 10:13 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2026/01/25 09:24 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2026/01/25 01:14 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2026/01/24 22:03 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2026/01/24 21:53 linux-6.1.y cd9b81672742 40acda8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/12/24 07:54 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/11/12 03:49 linux-6.1.y f6e38ae624cf 4e1406b4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/10/05 08:10 linux-6.1.y 882efbdd9d34 49379ee0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/08/09 10:20 linux-6.1.y 3594f306da12 32a0e5ed .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 21:09 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/06/25 20:43 linux-6.1.y 58485ff1a74f 26d77996 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2025/03/04 19:16 linux-6.1.y 3a8358583626 c3901742 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 13:34 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
2024/12/24 12:57 linux-6.1.y 29f02ec58a94 444551c4 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 BUG: Bad page state in corrupted
* Struck through repros no longer work on HEAD.