syzbot

 sign-in | mailing list | source | docs
🐞 Open [442]
🐞 Fixed [20]
🐞 Invalid [121]
Missing Backports [17]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: Bad page state in __get_metapage

Status: upstream: reported C repro on 2025/06/20 20:02
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+fc5f83474e77007a7759@syzkaller.appspotmail.com
First crash: 205d, last: 9h11m
Bug presence (1)
Date Name Commit Repro Result
2025/06/25 upstream (ToT) 7595b66ae9de C [report] INFO: task hung in lmLogClose
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: Bad page state in __get_metapage origin:upstream -1 C 1079 1d01h 446d 0/3 upstream: reported C repro on 2024/10/23 03:58
linux-6.1 BUG: Bad page state in __get_metapage origin:upstream missing-backport -1 C done 1066 10h02m 445d 0/3 upstream: reported C repro on 2024/10/23 12:46

Sample crash report:
ERROR: (device loop0): remounting filesystem as read-only
ERROR: (device loop0): txCommit: 
blkno = 8f7c0, nblocks = 1
ERROR: (device loop0): dbUpdatePMap: blocks are outside the map
ERROR: (device loop0): dbAllocNext: Corrupt dmap page
ialloc: diAlloc returned -5!
BUG: Bad page state in process syz.0.17  pfn:24cef
page:ffffea0000933bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x24cef
flags: 0xfff0000000820c(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xffffffff()
raw: 00fff0000000820c ffffea000092ff48 ffffea0000953f08 0000000000000000
raw: 000000000000000d ffff888023e361f0 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 5950, tgid 5950 (syz.0.17), ts 106177299687, free_ts 105931375002
 set_page_owner include/linux/page_owner.h:31 [inline]
 post_alloc_hook+0x1cd/0x210 mm/page_alloc.c:1554
 prep_new_page mm/page_alloc.c:1561 [inline]
 get_page_from_freelist+0x195c/0x19f0 mm/page_alloc.c:3191
 __alloc_pages+0x1e3/0x460 mm/page_alloc.c:4457
 folio_alloc+0x1e/0x30 mm/mempolicy.c:2291
 filemap_alloc_folio+0xdf/0x470 mm/filemap.c:1004
 do_read_cache_folio+0x36c/0x7e0 mm/filemap.c:3768
 do_read_cache_page+0x32/0x250 mm/filemap.c:3870
 read_mapping_page include/linux/pagemap.h:892 [inline]
 __get_metapage+0x31a/0xfa0 fs/jfs/jfs_metapage.c:620
 diReadSpecial+0x25b/0x710 fs/jfs/jfs_imap.c:447
 jfs_mount+0x3d1/0x860 fs/jfs/jfs_mount.c:166
 jfs_fill_super+0x4e2/0xac0 fs/jfs/super.c:556
 mount_bdev+0x22b/0x2d0 fs/super.c:1643
 legacy_get_tree+0xea/0x180 fs/fs_context.c:662
 vfs_get_tree+0x8c/0x280 fs/super.c:1764
 do_new_mount+0x24b/0xa40 fs/namespace.c:3386
 do_mount fs/namespace.c:3726 [inline]
 __do_sys_mount fs/namespace.c:3935 [inline]
 __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 kmem_cache_alloc_node+0x150/0x330 mm/slub.c:3540
 __alloc_skb+0x108/0x2c0 net/core/skbuff.c:643
 alloc_skb include/linux/skbuff.h:1284 [inline]
 nlmsg_new include/net/netlink.h:1010 [inline]
 inet6_netconf_notify_devconf+0x10f/0x1d0 net/ipv6/addrconf.c:582
 __addrconf_sysctl_unregister net/ipv6/addrconf.c:7216 [inline]
 addrconf_sysctl_unregister net/ipv6/addrconf.c:7240 [inline]
 addrconf_ifdown+0x1544/0x1880 net/ipv6/addrconf.c:3978
 addrconf_notify+0x6c6/0x1010 net/ipv6/addrconf.c:-1
 notifier_call_chain+0x197/0x390 kernel/notifier.c:93
 call_netdevice_notifiers_extack net/core/dev.c:2064 [inline]
 call_netdevice_notifiers net/core/dev.c:2078 [inline]
 unregister_netdevice_many_notify+0xf36/0x1810 net/core/dev.c:11086
Modules linked in:
CPU: 0 PID: 5950 Comm: syz.0.17 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x16c/0x230 lib/dump_stack.c:106
 bad_page+0x14b/0x170 mm/page_alloc.c:512
 free_page_is_bad mm/page_alloc.c:961 [inline]
 free_pages_prepare mm/page_alloc.c:1146 [inline]
 free_unref_page_prepare+0x887/0x8e0 mm/page_alloc.c:2336
 free_unref_page_list+0xbe/0x860 mm/page_alloc.c:2475
 release_pages+0x1fa0/0x2220 mm/swap.c:1022
 __folio_batch_release+0x71/0xe0 mm/swap.c:1042
 folio_batch_release include/linux/pagevec.h:83 [inline]
 truncate_inode_pages_range+0x358/0xf00 mm/truncate.c:396
 jfs_remount+0x33b/0x5b0 fs/jfs/super.c:451
 reconfigure_super+0x21e/0x880 fs/super.c:1151
 do_remount fs/namespace.c:2927 [inline]
 path_mount+0xd19/0xfe0 fs/namespace.c:3705
 do_mount fs/namespace.c:3726 [inline]
 __do_sys_mount fs/namespace.c:3935 [inline]
 __se_sys_mount+0x2da/0x3c0 fs/namespace.c:3912
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7d53f90eea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc6f3f0878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc6f3f0900 RCX: 00007f7d53f90eea
RDX: 0000200000000f40 RSI: 0000200000000f00 RDI: 0000000000000000
RBP: 0000200000000f40 R08: 00007ffc6f3f0900 R09: 0000000001258438
R10: 0000000001258438 R11: 0000000000000246 R12: 0000200000000f00
R13: 00007ffc6f3f08c0 R14: 0000000000000000 R15: 0000200000000f80
 </TASK>

Crashes (450):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/29 02:08 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/10/03 06:56 linux-6.6.y f34f16e5c632 49379ee0 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/23 15:50 linux-6.6.y 6282921b6825 d6cdfb8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/23 15:14 linux-6.6.y 6282921b6825 d6cdfb8a .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/11/29 00:52 linux-6.6.y 1e89a1be4fe9 d6526ea3 .config console log report syz / log [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/11 19:22 linux-6.6.y c596736dadab d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/11 01:37 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/10 20:20 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/10 05:52 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/10 02:44 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/08 23:20 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/08 05:16 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/08 03:29 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/07 22:12 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/07 01:59 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/06 21:41 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/06 07:02 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/05 13:38 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/04 13:10 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/04 07:40 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/03 19:02 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/02 23:19 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2026/01/01 13:12 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/31 21:15 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/31 15:48 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/31 15:44 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/31 13:27 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/31 03:10 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/29 07:07 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/28 09:11 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/27 22:38 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/27 17:52 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/27 11:42 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/27 10:06 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/26 03:13 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/26 01:44 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/25 23:49 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/25 15:47 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/25 00:42 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/24 03:51 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/23 11:55 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/23 05:01 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/23 02:38 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/22 21:20 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/22 16:05 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/22 03:16 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/21 05:27 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/20 06:26 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/19 15:12 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/17 17:59 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/12/16 09:45 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
2025/06/20 20:02 linux-6.6.y 6282921b6825 804b3919 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan BUG: Bad page state in __get_metapage
* Struck through repros no longer work on HEAD.