From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
To: Andrew Morton <akpm@linux-foundation.org>,
syzbot <syzbot+49a796ed2c9709652f1e@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
pasha.tatashin@soleen.com, syzkaller-bugs@googlegroups.com,
Andrew Donnellan <ajd@linux.ibm.com>
Subject: Re: [syzbot] [mm?] kernel BUG in page_table_check_set
Date: Sat, 23 Aug 2025 08:53:28 +0530 [thread overview]
Message-ID: <875xeeafgv.fsf@gmail.com> (raw)
In-Reply-To: <20250822181653.cd2024360870ef94cdb7db07@linux-foundation.org>
Andrew Morton <akpm@linux-foundation.org> writes:
> On Thu, 21 Aug 2025 21:16:32 -0700 syzbot <syzbot+49a796ed2c9709652f1e@syzkaller.appspotmail.com> wrote:
>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: 8f5ae30d69d7 Linux 6.17-rc1
>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> console output: https://syzkaller.appspot.com/x/log.txt?x=15f926f0580000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=8c5ac3d8b8abfcb
>> dashboard link: https://syzkaller.appspot.com/bug?extid=49a796ed2c9709652f1e
>> compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
>> userspace arch: arm64
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15faa7a2580000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=144143bc580000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/18a2e4bd0c4a/disk-8f5ae30d.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/3b5395881b25/vmlinux-8f5ae30d.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/e875f4e3b7ff/Image-8f5ae30d.gz.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+49a796ed2c9709652f1e@syzkaller.appspotmail.com
>>
>> ------------[ cut here ]------------
>> kernel BUG at mm/page_table_check.c:118!
>
> Thanks.
>
> Presumably due to the series "Support page table check on PowerPC".
The syzbot triggered this on:
HEAD commit: 8f5ae30d69d7 Linux 6.17-rc1
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
This tree does not have "Support page table check on PowerPC", correct?
Also, I guess Dev's change fixes this reported problem which could happen in
this path: commit_anon_folio_batch() -> change_pte_range() ...
[1]: https://lore.kernel.org/all/20250812060124.C9344C4CEF0@smtp.kernel.org/
[2]: https://lore.kernel.org/all/68a80cc6.050a0220.3809a8.0002.GAE@google.com/
-ritesh
> Andrew, could you please take a look?
>
> The series has been in mm.git for a week so I guess the impact of this
> is small. I won't drop it at this time, but prompt attention would be
> appreciated.
>
>> Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
>> Modules linked in:
>> CPU: 1 UID: 0 PID: 6740 Comm: syz.0.17 Not tainted 6.17.0-rc1-syzkaller-g8f5ae30d69d7 #0 PREEMPT
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
>> pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
>> pc : page_table_check_set+0x584/0x590 mm/page_table_check.c:118
>> lr : page_table_check_set+0x584/0x590 mm/page_table_check.c:118
>> sp : ffff80009c9674c0
>> x29: ffff80009c9674d0 x28: ffff80008fae0000 x27: 0000000000000002
>> x26: ffff0000c079ca80 x25: 0000000000000001 x24: 0000000000000001
>> x23: ffff0000c079ca80 x22: 000000000012b950 x21: 0000000000000001
>> x20: 0000000000000003 x19: 1ffff00012eb65b0 x18: 0000000000000000
>> x17: 0000000000000000 x16: ffff800080528a28 x15: 0000000000000001
>> x14: 1fffe000180f3950 x13: 0000000000000000 x12: 0000000000000000
>> x11: ffff6000180f3951 x10: 0000000000ff0100 x9 : 0000000000000000
>> x8 : ffff0000cdb05b80 x7 : ffff800080d16554 x6 : 0000000000000000
>> x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080d15b5c
>> x2 : 0000000000000001 x1 : 0000000000000002 x0 : 0000000000000001
>> Call trace:
>> page_table_check_set+0x584/0x590 mm/page_table_check.c:118 (P)
>> __page_table_check_ptes_set+0x2a8/0x2e0 mm/page_table_check.c:209
>> page_table_check_ptes_set include/linux/page_table_check.h:76 [inline]
>> __set_ptes_anysz arch/arm64/include/asm/pgtable.h:709 [inline]
>> __set_ptes+0x4a0/0x504 arch/arm64/include/asm/pgtable.h:741
>> contpte_set_ptes+0x120/0x188 arch/arm64/mm/contpte.c:464
>> set_ptes arch/arm64/include/asm/pgtable.h:1794 [inline]
>> modify_prot_commit_ptes+0x4e4/0x694 arch/arm64/mm/mmu.c:1556
>> prot_commit_flush_ptes mm/mprotect.c:197 [inline]
>> commit_anon_folio_batch mm/mprotect.c:246 [inline]
>> set_write_prot_commit_flush_ptes mm/mprotect.c:273 [inline]
>> change_pte_range mm/mprotect.c:354 [inline]
>> change_pmd_range mm/mprotect.c:570 [inline]
>> change_pud_range mm/mprotect.c:633 [inline]
>> change_p4d_range mm/mprotect.c:659 [inline]
>> change_protection_range mm/mprotect.c:687 [inline]
>> change_protection+0x1e84/0x3ff0 mm/mprotect.c:721
>> mprotect_fixup+0x504/0x744 mm/mprotect.c:837
>> do_mprotect_pkey+0x864/0xb30 mm/mprotect.c:993
>> __do_sys_mprotect mm/mprotect.c:1014 [inline]
>> __se_sys_mprotect mm/mprotect.c:1011 [inline]
>> __arm64_sys_mprotect+0x80/0x98 mm/mprotect.c:1011
>> __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
>> invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
>> el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
>> do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
>> el0_svc+0x58/0x180 arch/arm64/kernel/entry-common.c:879
>> el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:898
>> el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596
>> Code: d4210000 97e865fd d4210000 97e865fb (d4210000)
>> ---[ end trace 0000000000000000 ]---
>>
>>
>> ---
>> This report is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this issue. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>>
>> If the report is already addressed, let syzbot know by replying with:
>> #syz fix: exact-commit-title
>>
>> If you want syzbot to run the reproducer, reply with:
>> #syz test: git://repo/address.git branch-or-commit-hash
>> If you attach or paste a git patch, syzbot will apply it before testing.
>>
>> If you want to overwrite report's subsystems, reply with:
>> #syz set subsystems: new-subsystem
>> (See the list of subsystem names on the web dashboard)
>>
>> If the report is a duplicate of another one, reply with:
>> #syz dup: exact-subject-of-another-report
>>
>> If you want to undo deduplication, reply with:
>> #syz undup
next prev parent reply other threads:[~2025-08-23 3:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 4:16 [syzbot] [mm?] kernel BUG in page_table_check_set syzbot
2025-08-22 5:32 ` Dev Jain
2025-08-22 6:23 ` syzbot
2025-08-23 1:16 ` Andrew Morton
2025-08-23 1:45 ` Pasha Tatashin
2025-08-23 3:23 ` Ritesh Harjani [this message]
2025-08-23 17:07 ` Andrew Morton
2025-08-23 18:18 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875xeeafgv.fsf@gmail.com \
--to=ritesh.list@gmail.com \
--cc=ajd@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=pasha.tatashin@soleen.com \
--cc=syzbot+49a796ed2c9709652f1e@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.