syzbot

 sign-in | mailing list | source | docs
🐞 Open [1433]
Subsystems
🐞 Fixed [6773]
🐞 Invalid [17475]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in __page_table_check_ptes_set (3)

Status: upstream: reported on 2025/11/13 16:44
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+18d274a59b87cf80e86d@syzkaller.appspotmail.com
First crash: 24d, last: 1d20h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] WARNING in __page_table_check_ptes_set (3) 0 (1) 2025/11/13 16:44
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __page_table_check_ptes_set mm -1 C 2 595d 591d 25/29 fixed on 2024/06/05 13:52
upstream WARNING in __page_table_check_ptes_set (2) mm -1 C done inconclusive 120 324d 539d 0/29 auto-obsoleted due to no activity on 2025/04/24 07:01

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 30222 at mm/page_table_check.c:191 page_table_check_pte_flags mm/page_table_check.c:191 [inline]
WARNING: CPU: 0 PID: 30222 at mm/page_table_check.c:191 __page_table_check_ptes_set+0x13e/0x2f0 mm/page_table_check.c:204
Modules linked in:
CPU: 0 UID: 0 PID: 30222 Comm: syz.0.6780 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:page_table_check_pte_flags mm/page_table_check.c:191 [inline]
RIP: 0010:__page_table_check_ptes_set+0x13e/0x2f0 mm/page_table_check.c:204
Code: b8 00 00 00 00 00 00 00 70 49 39 c7 74 21 48 b8 00 00 00 00 00 00 00 6c 49 39 c7 75 1d e8 fa 0b 8f ff eb 10 e8 f3 0b 8f ff 90 <0f> 0b 90 eb 10 e8 e8 0b 8f ff 90 0f 0b 90 eb 05 e8 dd 0b 8f ff 31
RSP: 0000:ffffc900048d7990 EFLAGS: 00010287
RAX: ffffffff8231715d RBX: 000000006ad31c67 RCX: 0000000000080000
RDX: ffffc9000e630000 RSI: 00000000000041bf RDI: 00000000000041c0
RBP: 0000000000000001 R08: ffffea0001ab4c47 R09: 1ffffd4000356988
R10: dffffc0000000000 R11: fffff94000356989 R12: 00000000000001d7
R13: 000000006ad31c67 R14: ffff88805f630ff0 R15: ffff88802384ab00
FS:  0000000000000000(0000) GS:ffff88812612d000(0063) knlGS:00000000f5426b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000080ffe000 CR3: 0000000062c72000 CR4: 00000000003526f0
DR0: ffffffffffffffff DR1: 00000040000001f8 DR2: 0000000000000083
DR3: ffffffffeff7ff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
 set_ptes include/linux/pgtable.h:292 [inline]
 do_swap_page+0x5248/0x5b20 mm/memory.c:4971
 handle_pte_fault mm/memory.c:6198 [inline]
 __handle_mm_fault+0xe55/0x5400 mm/memory.c:6336
 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6505
 do_user_addr_fault+0xa7c/0x1380 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x82/0x100 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0023:0xf704f1f0
Code: 50 6a 00 e8 c2 10 14 00 8b 5c 24 2c 8b 4c 24 28 83 c4 20 8b 55 40 89 03 03 11 85 f6 74 18 31 c0 8d b4 26 00 00 00 00 8d 76 00 <89> 02 83 c0 01 83 c2 04 39 c6 75 f4 83 c4 1c 89 f8 5b 5e 5f 5d c3
RSP: 002b:00000000f5426540 EFLAGS: 00010202
RAX: 0000000000000800 RBX: 00000000800000c0 RCX: 0000000080000000
RDX: 0000000080ffdfff RSI: 0000000000000efe RDI: 000000000000000a
RBP: 0000000080000140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
----------------
Code disassembly (best guess):
   0:	50                   	push   %rax
   1:	6a 00                	push   $0x0
   3:	e8 c2 10 14 00       	call   0x1410ca
   8:	8b 5c 24 2c          	mov    0x2c(%rsp),%ebx
   c:	8b 4c 24 28          	mov    0x28(%rsp),%ecx
  10:	83 c4 20             	add    $0x20,%esp
  13:	8b 55 40             	mov    0x40(%rbp),%edx
  16:	89 03                	mov    %eax,(%rbx)
  18:	03 11                	add    (%rcx),%edx
  1a:	85 f6                	test   %esi,%esi
  1c:	74 18                	je     0x36
  1e:	31 c0                	xor    %eax,%eax
  20:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  27:	8d 76 00             	lea    0x0(%rsi),%esi
* 2a:	89 02                	mov    %eax,(%rdx) <-- trapping instruction
  2c:	83 c0 01             	add    $0x1,%eax
  2f:	83 c2 04             	add    $0x4,%edx
  32:	39 c6                	cmp    %eax,%esi
  34:	75 f4                	jne    0x2a
  36:	83 c4 1c             	add    $0x1c,%esp
  39:	89 f8                	mov    %edi,%eax
  3b:	5b                   	pop    %rbx
  3c:	5e                   	pop    %rsi
  3d:	5f                   	pop    %rdi
  3e:	5d                   	pop    %rbp
  3f:	c3                   	ret

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/12/02 07:01 upstream 1d18101a644e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in __page_table_check_ptes_set
2025/11/25 09:22 upstream ac3fd01e4c1e 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in __page_table_check_ptes_set
2025/11/09 16:36 upstream 439fc29dfd3b 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 WARNING in __page_table_check_ptes_set
* Struck through repros no longer work on HEAD.