syzbot


BUG: Bad page map (5)

Status: fixed on 2023/02/24 13:50
Subsystems: mm io-uring
[Documentation on labels]
Reported-by: syzbot+915f3e317adb0e85835f@syzkaller.appspotmail.com
Fix commit: 4d24de9425f7 mm: MADV_COLLAPSE: refetch vm_end after reacquiring mmap_lock
First crash: 772d, last: 490d
Discussions (2)
Title Replies (including bot) Last reply
[mm-unstable PATCH] mm: MADV_COLLAPSE: refetch vm_end after reacquiring mmap_lock 1 (1) 2022/09/14 16:22
[syzbot] BUG: Bad page map (5) 4 (6) 2022/09/14 16:01
Similar bugs (17)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: Bad page map 1 438d 438d 0/2 auto-obsoleted due to no activity on 2023/06/05 15:46
linux-4.19 BUG: Bad page map (3) 1 669d 669d 0/1 auto-obsoleted due to no activity on 2022/11/15 21:40
linux-4.19 BUG: Bad page map (2) 10 856d 1036d 0/1 auto-closed as invalid on 2022/05/13 11:22
upstream BUG: Bad page map (2) mm syz 127 2082d 2138d 0/26 closed as invalid on 2018/09/05 12:51
android-5-10 BUG: Bad page map (2) 1 219d 219d 0/2 auto-obsoleted due to no activity on 2024/01/10 02:50
upstream BUG: Bad page map mm 1 2141d 2141d 0/26 closed as invalid on 2018/07/08 13:28
upstream BUG: Bad page map (3) kernel 4 1951d 2077d 0/26 auto-closed as invalid on 2019/07/13 00:02
linux-4.19 BUG: Bad page map 2 1353d 1411d 0/1 auto-closed as invalid on 2021/01/01 08:20
upstream BUG: Bad page map (7) mm C done 19 230d 252d 25/26 fixed on 2023/12/21 03:45
android-54 BUG: Bad page map (2) 7 218d 337d 0/2 auto-obsoleted due to no activity on 2024/01/10 18:32
upstream BUG: Bad page map (4) mm 39 897d 1534d 0/26 auto-closed as invalid on 2022/04/02 04:25
linux-4.14 BUG: Bad page map 1 1399d 1399d 0/1 auto-closed as invalid on 2020/11/16 16:05
upstream BUG: Bad page map (6) mm 1 404d 400d 0/26 auto-obsoleted due to no activity on 2023/07/09 13:20
android-54 BUG: Bad page map 1 632d 632d 0/2 auto-obsoleted due to no activity on 2022/12/23 04:05
upstream KASAN: use-after-free Read in unmap_page_range (2) mm C unreliable 4 912d 930d 20/26 fixed on 2022/03/08 16:11
linux-4.19 general protection fault in unmap_page_range 2 881d 924d 0/1 auto-closed as invalid on 2022/04/18 12:45
upstream KASAN: use-after-free Read in unmap_page_range 1 2466d 2391d 0/26 closed as invalid on 2017/10/30 19:42

Sample crash report:
BUG: Bad page map in process syz-executor198  pte:8000000071c00227 pmd:74b30067
addr:0000000020563000 vm_flags:08100077 anon_vma:ffff8880547d2200 mapping:0000000000000000 index:20563
file:(null) fault:0x0 mmap:0x0 read_folio:0x0
CPU: 1 PID: 3614 Comm: syz-executor198 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_bad_pte.cold+0x2a7/0x2d0 mm/memory.c:565
 vm_normal_page+0x10c/0x2a0 mm/memory.c:636
 hpage_collapse_scan_pmd+0x729/0x1da0 mm/khugepaged.c:1199
 madvise_collapse+0x481/0x910 mm/khugepaged.c:2433
 madvise_vma_behavior+0xd0a/0x1cc0 mm/madvise.c:1062
 madvise_walk_vmas+0x1c7/0x2b0 mm/madvise.c:1236
 do_madvise.part.0+0x24a/0x340 mm/madvise.c:1415
 do_madvise mm/madvise.c:1428 [inline]
 __do_sys_madvise mm/madvise.c:1428 [inline]
 __se_sys_madvise mm/madvise.c:1426 [inline]
 __x64_sys_madvise+0x113/0x150 mm/madvise.c:1426
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f770ba87929
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f770ba18308 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f770bb0f3f8 RCX: 00007f770ba87929
RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000000020000000
RBP: 00007f770bb0f3f0 R08: 00007f770ba18700 R09: 0000000000000000
R10: 00007f770ba18700 R11: 0000000000000246 R12: 00007f770bb0f3fc
R13: 00007ffc2d8b62ef R14: 00007f770ba18400 R15: 0000000000022000
 </TASK>

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/12 04:26 linux-next e47eb90a0a9a 356d8217 .config strace log report syz C ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2022/11/19 21:59 upstream fe24a97cf254 5bb70014 .config console log report info ci-upstream-kasan-gce BUG: Bad page map
2022/09/12 04:13 linux-next e47eb90a0a9a 356d8217 .config console log report info ci-upstream-linux-next-kasan-gce-root BUG: Bad page map
2023/01/14 09:18 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d a63719e7 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/12/27 17:19 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 44712fbc .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/12/23 01:50 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 9da18ae8 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/12/21 02:01 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d d3e76707 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/12/16 23:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 05494336 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/11/21 18:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 1c576c23 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: Bad page map
2022/11/09 21:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d bebca8b7 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/10/14 05:40 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 4954e4b2 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/10/06 23:33 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 8a212197 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/28 00:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 75c78242 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/22 15:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 0042f2b4 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/16 22:24 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d dd9a85ff .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/14 05:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d b884348d .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/07 22:03 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d c5b7bc57 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/09/04 19:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 28811d0a .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/08/25 15:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e5fb9cf5 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/08/25 15:00 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d e5fb9cf5 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/08/18 20:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 26a13b38 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/07/27 10:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d da9d0366 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/07/11 15:11 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d f3f217ff .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/06/05 00:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d c8857892 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/06/03 08:10 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d eee80d3c .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/06/02 14:46 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 5783034f .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/05/21 11:58 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 7268fa62 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/05/19 02:06 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 50c53f39 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/05/01 10:57 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2df221f6 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/05/01 09:02 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2df221f6 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/04/22 18:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 131df97d .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/04/22 01:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 2738b391 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/04/20 07:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 7d7bc738 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/04/07 12:30 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0966d385830d 53c67432 .config console log report info ci-qemu2-riscv64 BUG: Bad page map
2022/12/01 06:27 upstream 04aa64375f48 4c2a66e8 .config console log report info ci-upstream-kasan-gce KASAN: use-after-free Read in unmap_page_range
* Struck through repros no longer work on HEAD.