syzbot

 sign-in | mailing list | source | docs
🐞 Open [860]
🐞 Fixed [141]
🐞 Invalid [980]
Missing Backports [74]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in __get_metapage

Status: upstream: reported C repro on 2024/10/23 12:46
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+5ef7590632a6b42d2b6c@syzkaller.appspotmail.com
First crash: 445d, last: 6h19m
Fix commit to backport (bisect log) :
tree: upstream
commit 9346476d211611f3c0d512cb6e942ab76f5376d8
Author: Matthew Wilcox (Oracle) <willy@infradead.org>
Date: Wed Apr 17 17:56:48 2024 +0000

  jfs: Convert insert_metapage() to take a folio

  
Bug presence (3)
Date Name Commit Repro Result
2024/12/16 linux-6.1.y (ToT) 52f863f820fd C [report] BUG: Bad page state in __get_metapage
2024/10/28 upstream (ToT) 819837584309 C [report] INFO: task hung in lmLogClose
2024/12/16 upstream (ToT) 78d4f34e2115 C Didn't crash
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in __get_metapage origin:upstream -1 C 1079 21h43m 445d 0/3 upstream: reported C repro on 2024/10/23 03:58
linux-6.6 BUG: Bad page state in __get_metapage origin:upstream -1 C 450 5h29m 205d 0/2 upstream: reported C repro on 2025/06/20 20:02
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/02/03 18:07 5h54m fix candidate upstream OK (1) job log

Sample crash report:
BUG: Bad page state in process jfsCommit  pfn:6ef34
page:ffffea0001bbcd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x6ef34
flags: 0xfff08000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff08000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff888072e7b4d8 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 4423, tgid 4423 (syz.0.17), ts 94959716311, free_ts 94711802651
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x1a26/0x1ac0 mm/page_alloc.c:4328
 __alloc_pages+0x1df/0x4e0 mm/page_alloc.c:5614
 folio_alloc+0x1c/0x60 mm/mempolicy.c:2292
 filemap_alloc_folio+0xdb/0x460 mm/filemap.c:999
 do_read_cache_folio+0x1bb/0x760 mm/filemap.c:3623
 do_read_cache_page+0x32/0x220 mm/filemap.c:3701
 read_mapping_page include/linux/pagemap.h:793 [inline]
 __get_metapage+0x316/0xfa0 fs/jfs/jfs_metapage.c:620
 diRead+0x6f7/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x89/0x3f0 fs/jfs/inode.c:35
 jfs_fill_super+0x708/0xac0 fs/jfs/super.c:580
 mount_bdev+0x287/0x3c0 fs/super.c:1443
 legacy_get_tree+0xe6/0x180 fs/fs_context.c:632
 vfs_get_tree+0x88/0x270 fs/super.c:1573
 do_new_mount+0x24a/0xa40 fs/namespace.c:3078
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3606
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x8b4/0x9a0 mm/page_alloc.c:3384
 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3479
 free_slab mm/slub.c:2036 [inline]
 discard_slab mm/slub.c:2042 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2591
 put_cpu_partial+0x17c/0x250 mm/slub.c:2667
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x144/0x160 mm/kasan/quarantine.c:294
 ____kasan_kmalloc mm/kasan/common.c:340 [inline]
 __kasan_kmalloc+0x1e/0xa0 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:936 [inline]
 __kmalloc+0xb0/0x240 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 kernfs_fop_write_iter+0x155/0x520 fs/kernfs/file.c:329
 call_write_iter include/linux/fs.h:2265 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x44c/0x960 fs/read_write.c:584
 ksys_write+0x143/0x240 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
Modules linked in:
CPU: 1 PID: 108 Comm: jfsCommit Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:699
 free_page_is_bad mm/page_alloc.c:1291 [inline]
 free_pages_prepare mm/page_alloc.c:1452 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x42a/0x9a0 mm/page_alloc.c:3384
 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3479
 txUnlock+0x27e/0xcb0 fs/jfs/jfs_txnmgr.c:933
 txLazyCommit fs/jfs/jfs_txnmgr.c:2683 [inline]
 jfs_lazycommit+0x56c/0xa50 fs/jfs/jfs_txnmgr.c:2733
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
page:ffffea0001bbcd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1c pfn:0x6ef34
flags: 0xfff08000002047(locked|referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff08000002047 dead000000000100 dead000000000122 0000000000000000
raw: 000000000000001c ffff888072e7b4d8 00000000ffffffff 0000000000000000
page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 4423, tgid 4423 (syz.0.17), ts 94959716311, free_ts 94711802651
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2532
 prep_new_page mm/page_alloc.c:2539 [inline]
 get_page_from_freelist+0x1a26/0x1ac0 mm/page_alloc.c:4328
 __alloc_pages+0x1df/0x4e0 mm/page_alloc.c:5614
 folio_alloc+0x1c/0x60 mm/mempolicy.c:2292
 filemap_alloc_folio+0xdb/0x460 mm/filemap.c:999
 do_read_cache_folio+0x1bb/0x760 mm/filemap.c:3623
 do_read_cache_page+0x32/0x220 mm/filemap.c:3701
 read_mapping_page include/linux/pagemap.h:793 [inline]
 __get_metapage+0x316/0xfa0 fs/jfs/jfs_metapage.c:620
 diRead+0x6f7/0xbb0 fs/jfs/jfs_imap.c:367
 jfs_iget+0x89/0x3f0 fs/jfs/inode.c:35
 jfs_fill_super+0x708/0xac0 fs/jfs/super.c:580
 mount_bdev+0x287/0x3c0 fs/super.c:1443
 legacy_get_tree+0xe6/0x180 fs/fs_context.c:632
 vfs_get_tree+0x88/0x270 fs/super.c:1573
 do_new_mount+0x24a/0xa40 fs/namespace.c:3078
 do_mount fs/namespace.c:3421 [inline]
 __do_sys_mount fs/namespace.c:3629 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3606
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x8b4/0x9a0 mm/page_alloc.c:3384
 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3479
 free_slab mm/slub.c:2036 [inline]
 discard_slab mm/slub.c:2042 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2591
 put_cpu_partial+0x17c/0x250 mm/slub.c:2667
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x144/0x160 mm/kasan/quarantine.c:294
 ____kasan_kmalloc mm/kasan/common.c:340 [inline]
 __kasan_kmalloc+0x1e/0xa0 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slab_common.c:936 [inline]
 __kmalloc+0xb0/0x240 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 kernfs_fop_write_iter+0x155/0x520 fs/kernfs/file.c:329
 call_write_iter include/linux/fs.h:2265 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x44c/0x960 fs/read_write.c:584
 ksys_write+0x143/0x240 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:1146!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 108 Comm: jfsCommit Tainted: G    B              syzkaller #0
Hardware name: Google Google Compute Engine/Goog

Crashes (1066):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/17 01:04 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/11/13 07:43 linux-6.1.y f6e38ae624cf 07e030de .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/11/13 06:10 linux-6.1.y f6e38ae624cf 07e030de .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/09/15 11:06 linux-6.1.y 3db754f56897 e2beed91 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/07/23 21:33 linux-6.1.y 3369c6df2fae e1dd4f22 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/04/12 06:34 linux-6.1.y 420102835862 0bd6db41 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/01/01 11:24 linux-6.1.y 563edd786f0a d3ccff63 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/11/12 19:14 linux-6.1.y d7039b844a1c 75bb1b32 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/10/27 12:30 linux-6.1.y 7ec6f9fa3d97 65e8686b .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/11 18:33 linux-6.1.y bec0e10ee67e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/11 09:22 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/10 23:28 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/10 02:51 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/09 07:53 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/09 02:44 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/08 11:58 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/08 08:05 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/08 05:19 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/07 03:16 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/06 23:20 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/05 20:00 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/05 16:40 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/05 07:04 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/05 00:01 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/04 03:08 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/03 07:43 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/03 05:19 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/02 23:30 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/02 11:57 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/02 05:06 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2026/01/01 21:08 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/31 07:00 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/30 23:10 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/30 12:31 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/30 00:20 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/29 14:00 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/29 09:48 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/29 09:45 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/28 00:04 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/27 21:41 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/27 18:34 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/27 13:47 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/27 05:33 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/26 21:21 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/26 16:35 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/26 08:59 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/26 00:06 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/25 09:49 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/25 04:36 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/25 02:35 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/24 08:07 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/24 06:59 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2025/12/24 01:46 linux-6.1.y 50cbba13faa2 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
2024/10/23 12:46 linux-6.1.y 7ec6f9fa3d97 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan BUG: Bad page state in __get_metapage
* Struck through repros no longer work on HEAD.