Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __page_table_check_zero

RBP: 00007f6cf0ffe120 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000002
R13: 000000000000000b R14: 00007f6cf1d9bf80 R15: 00007ffc98ff0338
 </TASK>
==> if* vma_use_count 1
------------[ cut here ]------------
kernel BUG at mm/page_table_check.c:146!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5467 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-15859-g89cdf9d55601-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:__page_table_check_zero+0x2d5/0x4a0 mm/page_table_check.c:146
Code: 98 ff 48 ff cb e9 b5 fd ff ff e8 e6 9f 98 ff 48 ff cb e9 27 fe ff ff e8 d9 9f 98 ff 0f 0b e8 d2 9f 98 ff 0f 0b e8 cb 9f 98 ff <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 f4 a3 98
RSP: 0018:ffffc900049f7800 EFLAGS: 00010293
RAX: ffffffff81f620c5 RBX: dffffc0000000000 RCX: ffff8880263f1dc0
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880160ea044
RBP: ffff8880160ea044 R08: ffff8880160ea047 R09: 1ffff11002c1d408
R10: dffffc0000000000 R11: ffffed1002c1d409 R12: 0000000000000000
R13: 1ffffffff243299c R14: 000000000000000a R15: ffff8880160ea000
FS:  00007f6cf0ffe6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f9eb7b1680 CR3: 000000001d34c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 page_table_check_free include/linux/page_table_check.h:41 [inline]
 free_pages_prepare mm/page_alloc.c:1138 [inline]
 __free_pages_ok+0xc43/0xd70 mm/page_alloc.c:1267
 dec_usb_memory_use_count+0x259/0x350 drivers/usb/core/devio.c:198
 usbdev_mmap+0x89e/0x9d0
 call_mmap include/linux/fs.h:2025 [inline]
 mmap_region+0xef2/0x2240 mm/mmap.c:2851
 do_mmap+0x8d3/0xfa0 mm/mmap.c:1379
 vm_mmap_pgoff+0x1dc/0x410 mm/util.c:546
 ksys_mmap_pgoff+0x4ff/0x6d0 mm/mmap.c:1425
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f6cf1c7cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6cf0ffe0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f6cf1d9bf80 RCX: 00007f6cf1c7cae9
RDX: 0000000001000002 RSI: 0000000000400000 RDI: 0000000020000000
RBP: 00007f6cf0ffe120 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000011012 R11: 0000000000000246 R12: 0000000000000002
R13: 000000000000000b R14: 00007f6cf1d9bf80 R15: 00007ffc98ff0338
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__page_table_check_zero+0x2d5/0x4a0 mm/page_table_check.c:146
Code: 98 ff 48 ff cb e9 b5 fd ff ff e8 e6 9f 98 ff 48 ff cb e9 27 fe ff ff e8 d9 9f 98 ff 0f 0b e8 d2 9f 98 ff 0f 0b e8 cb 9f 98 ff <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 f4 a3 98
RSP: 0018:ffffc900049f7800 EFLAGS: 00010293
RAX: ffffffff81f620c5 RBX: dffffc0000000000 RCX: ffff8880263f1dc0
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880160ea044
RBP: ffff8880160ea044 R08: ffff8880160ea047 R09: 1ffff11002c1d408
R10: dffffc0000000000 R11: ffffed1002c1d409 R12: 0000000000000000
R13: 1ffffffff243299c R14: 000000000000000a R15: ffff8880160ea000
FS:  00007f6cf0ffe6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f9eb7b1680 CR3: 000000001d34c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


Tested on:

commit:         89cdf9d5 Merge tag 'net-6.7-rc1' of git://git.kernel.o..
git tree:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=107ab1c0e80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=97c84b399d02b00b
dashboard link: https://syzkaller.appspot.com/bug?extid=7a9bbb158a7a1071eb27
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=17f7a747680000

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

1] ==> offset = 64
[  364.855950][    T1] ==> offset = 64
[  364.855957][    T1] ==> offset = 64
[  364.855964][    T1] ==> offset = 64
[  364.855971][    T1] ==> offset = 64
[  364.855977][    T1] ==> offset = 64
[  364.862400][  T443] ==> offset = 8
[  364.866293][  T442] ==> offset = 8
[  364.869843][  T444] ==> offset = 8
[  364.873354][  T442] ==> offset = 64
[  364.877097][  T444] ==> offset = 64
[  364.880751][    T1] ==> offset = 64
[  364.884405][  T444] ==> offset = 64
[  364.888042][  T442] ==> offset = 8
[  364.891590][  T441] ==> offset = 64
[  364.895736][  T445] ==> offset = 8
[  364.898760][  T443] ==> offset = 64
[  364.902366][  T445] ==> offset = 8
[  364.902376][  T445] ==> offset = 8
[  364.906287][  T441] ==> offset = 64
[  364.906297][  T441] ==> offset = 64
[  364.906304][  T441] ==> offset = 64
[  364.910245][    T1] ==> offset = 8
[  364.913561][  T443] ==> offset = 8
[  364.917511][  T442] ==> offset = 64
[  364.920919][  T444] ==> offset = 64
[  364.924655][    T1] ==> offset = 8
[  364.924665][    T1] ==> offset = 8
[  364.928277][  T441] ==> offset = 8
[  364.931711][    T1] ==> offset = 8
[  364.935452][  T444] ==> offset = 64
[  364.938998][  T442] ==> offset = 8
[  364.942545][  T444] ==> offset = 8
[  364.946148][  T445] ==> offset = 8
[  364.949696][  T443] ==> offset = 64
[  364.953202][  T445] ==> offset = 8
[  364.956788][  T441] ==> offset = 64
[  364.960386][  T442] ==> offset = 64
[  364.964126][  T441] ==> offset = 8
[  364.967639][    T1] ==> offset = 64
[  364.971307][  T443] ==> offset = 8
[  364.975463][  T442] ==> offset = 8
[  364.979123][  T444] ==> offset = 64
[  364.982627][  T442] ==> offset = 64
[  364.986278][  T443] ==> offset = 64
[  364.986545][  T441] ==> offset = 64
[  364.990842][  T445] ==> offset = 8
[  364.994503][  T441] ==> offset = 8
[  365.005347][    T1] ==> offset = 64
[  365.005360][    T1] ==> offset = 64
[  365.005367][    T1] ==> offset = 64
[  365.005382][    T1] ==> offset = 8
[  365.009060][  T444] ==> offset = 8
[  365.012506][    T1] ==> offset = 8
[  365.026928][  T444] ==> offset = 64
[  365.027042][  T444] ==> offset = 8
[  365.030865][  T445] ==> offset = 8
[  365.034275][  T444] ==> offset = 64
[  365.037923][  T445] ==> offset = 8
[  365.037940][  T445] ==> offset = 64
[  365.037948][  T445] ==> offset = 64
[  365.037954][  T445] ==> offset = 64
[  365.037962][  T445] ==> offset = 64
[  365.041993][  T441] ==> offset = 64
[  365.045554][  T445] ==> offset = 64
[  365.045564][  T445] ==> offset = 64
[  365.045571][  T445] ==> offset = 64
[  365.045577][  T445] ==> offset = 64
[  365.045628][  T445] ==> offset = 8
[  365.045638][  T445] ==> offset = 64
[  365.045770][  T445] ==> offset = 8
[  365.049238][  T444] ==> offset = 8
[  365.052720][  T445] ==> offset = 64
[  365.056390][  T441] ==> offset = 8
[  365.060081][    T1] ==> offset = 8
[  365.063947][  T441] ==> offset = 64
[  365.067505][    T1] ==> offset = 8
[  365.071035][  T444] ==> offset = 64
[  365.074652][  T445] ==> offset = 8
[  365.078847][  T444] ==> offset = 8
[  365.082347][  T445] ==> offset = 64
[  365.086029][  T444] ==> offset = 64
[  365.089660][    T1] ==> offset = 64
[  365.093238][  T441] ==> offset = 8
[  365.096885][    T1] ==> offset = 64
[  365.096894][    T1] ==> offset = 64
[  365.096901][    T1] ==> offset = 64
[  365.096933][    T1] ==> offset = 8
[  365.100643][  T444] ==> offset = 8
[  365.104396][    T1] ==> offset = 8
[  365.108248][  T444] ==> offset = 64
[  365.112036][  T445] ==> offset = 8
[  365.115833][  T441] ==> offset = 64
[  365.119707][  T445] ==> offset = 64
[  365.123678][  T441] ==> offset = 64
[  365.127421][    T1] ==> offset = 8
[  365.131540][  T444] ==> offset = 64
[  365.135183][  T445] ==> offset = 8
[  365.139404][  T444] ==> offset = 64
[  365.142708][  T445] ==> offset = 64
[  365.157560][  T441] ==> offset = 64
[  365.160832][    T1] ==> offset = 8
[  365.164691][  T444] ==> offset = 8
[  365.168668][    T1] ==> offset = 64
[  365.172274][  T441] ==> offset = 8
[  365.175990][    T1] ==> offset = 64
[  365.179305][  T444] ==> offset = 64
[  365.182901][    T1] ==> offset = 64
[  365.182910][    T1] ==> offset = 64
[  365.186647][  T441] ==> offset = 64
[  365.197345][  T445] ==> offset = 8
[  365.200845][  T444] ==> offset = 8
[  365.208525][    T1] ==> offset = 8
[  365.211897][  T444] ==> offset = 64
[  365.215521][  T445] ==> offset = 64
[  365.215551][  T445] ==> offset = 64
[  365.215807][  T445] ==> offset = 64
[  365.219251][  T441] ==> offset = 8
[  365.222791][  T445] ==> offset = 8
[  365.226407][  T444] ==> offset = 8
[  365.229992][    T1] ==> offset = 64
[  365.233498][  T444] ==> offset = 64
[  365.237680][    T1] ==> offset = 8
[  365.240648][  T441] ==> offset = 64
[  365.244204][    T1] ==> offset = 64
[  365.247892][  T441] ==> offset = 8
[  365.247904][  T441] ==> offset = 64
[  365.247924][  T441] ==> offset = 8
[  365.251497][  T133] ==> offset = 8
[  365.255163][  T444] ==> offset = 8
[  365.258739][  T445] ==> offset = 64
[  365.262345][  T444] ==> offset = 64
[  365.266179][  T133] ==> offset = 8
[  365.270266][  T441] ==> offset = 64
[  365.273772][  T133] ==> offset = 8
[  365.278030][  T441] ==> offset = 8
[  365.281126][   T26] ==> offset = 8
[  365.284894][  T444] ==> offset = 8
[  365.288522][  T445] ==> offset = 8
[  365.292114][  T444] ==> offset = 64
[  365.295884][  T445] ==> offset = 64
[  365.299538][  T441] ==> offset = 64
[  365.302976][  T445] ==> offset = 8
[  365.307149][  T133] ==> offset = 8
[  365.310254][   T26] ==> offset = 8
[  365.313854][  T133] ==> offset = 8
[  365.313865][  T133] ==> offset = 8
[  365.324683][   T26] ==> offset = 8
[  365.324694][   T26] ==> offset = 8
[  365.324702][   T26] ==> offset = 8
[  365.328337][  T133] ==> offset = 8
[  365.331822][   T26] ==> offset = 8
[  365.331831][   T26] ==> offset = 8
[  365.339110][  T133] ==> offset = 8
[  365.342747][  T445] ==> offset = 64
[  365.346430][  T133] ==> offset = 64
[  365.350102][  T445] ==> offset = 8
[  365.353679][  T133] ==> offset = 64
[  365.353689][  T133] ==> offset = 64
[  365.357412][  T445] ==> offset = 64
[  365.361923][  T133] ==> offset = 64
[  365.365972][   T26] ==> offset = 8
[  365.365996][   T26] ==> offset = 64
[  365.366004][   T26] ==> offset = 64
[  365.366011][   T26] ==> offset = 64
[  365.369754][  T133] ==> offset = 64
[  365.373328][   T26] ==> offset = 64
[  365.377434][   T77] ==> offset = 8
[  365.381028][  T445] ==> offset = 8
[  365.384481][   T77] ==> offset = 64
[  365.388047][   T26] ==> offset = 64
[  365.388056][   T26] ==> offset = 64
[  365.388064][   T26] ==> offset = 64
[  365.391708][  T133] ==> offset = 64
[  365.395415][  T445] ==> offset = 64
[  365.395715][   T26] ==> offset = 64
[  365.399848][   T77] ==> offset = 8
[  365.404022][  T133] ==> offset = 64
[  365.407380][    T1] ==> offset = 8
[  365.410802][  T133] ==> offset = 64
[  365.414326][    T1] ==> offset = 8
[  365.418337][  T446] ==> offset = 8
[  365.425337][   T77] ==> offset = 64
[  365.428838][  T446] ==> offset = 64
[  365.428993][  T446] ==> offset = 8
[  365.436172][   T77] ==> offset = 8
[  365.436186][   T77] ==> offset = 64
[  365.439836][  T446] ==> offset = 64
[  365.443512][   T77] ==> offset = 8
[  365.447118][  T446] ==> offset = 8
[  365.450962][    T1] ==> offset = 8
[  365.454572][  T446] ==> offset = 64
[  365.461888][    T1] ==> offset = 8
[  365.465626][  T446] ==> offset = 8
[  365.469339][   T77] ==> offset = 64
[  365.472815][  T446] ==> offset = 64
[  365.476473][    T1] ==> offset = 8
[  365.480060][  T446] ==> offset = 8
[  365.483519][    T1] ==> offset = 8
[  365.487079][  T446] ==> offset = 64
[  365.487109][  T446] ==> offset = 64
[  365.487376][  T446] ==> offset = 64
[  365.490826][   T77] ==> offset = 8
[  365.494659][    T1] ==> offset = 8
[  365.498044][   T77] ==> offset = 64
[  365.501617][    T1] ==> offset = 8
[  365.505194][   T77] ==> offset = 8
[  365.508924][  T446] ==> offset = 8
[  365.512427][   T77] ==> offset = 64
[  365.516080][  T446] ==> offset = 64
[  365.516103][  T446] ==> offset = 8
[  365.519728][   T77] ==> offset = 8
[  365.523329][  T446] ==> offset = 64
[  365.527118][   T77] ==> offset = 64
[  365.530836][    T1] ==> offset = 64
[  365.534595][   T77] ==> offset = 8
[  365.538334][  T446] ==> offset = 8
[  365.541639][   T77] ==> offset = 64
[  365.545301][    T1] ==> offset = 64
[  365.545311][    T1] ==> offset = 64
[  365.545318][    T1] ==> offset = 64
[  365.545324][    T1] ==> offset = 64
[  365.545331][    T1] ==> offset = 64
[  365.545339][    T1] ==> offset = 64
[  365.545345][    T1] ==> offset = 64
[  365.545584][    T1] ==> offset = 8
[  365.549401][  T447] ==> offset = 8
[  365.552495][    T1] ==> offset = 64
[  365.556117][  T447] ==> offset = 64
[  365.556188][  T447] ==> offset = 8
[  365.559872][  T446] ==> offset = 64
[  365.563469][  T447] ==> offset = 64
[  365.567061][  T446] ==> offset = 8
[  365.570649][  T447] ==> offset = 8
[  365.574173][  T446] ==> offset = 64
[  365.585057][  T447] ==> offset = 64
[  365.585103][  T447] ==> offset = 8
[  365.589629][    T1] ==> offset = 8
[  365.595898][  T447] ==> offset = 64
[  365.595968][  T447] ==> offset = 8
[  365.595980][  T447] ==> offset = 64
[  365.596067][  T447] ==> offset = 8
[  365.599582][    T1] ==> offset = 8
[  365.603165][  T447] ==> offset = 64
[  365.607120][    T1] ==> offset = 8
[  365.617537][  T448] ==> offset = 8
[  365.621159][  T446] ==> offset = 8
[  365.628272][  T447] ==> offset = 64
[  365.631943][    T1] ==> offset = 8
[  365.635829][  T448] ==> offset = 8
[  365.639335][  T446] ==> offset = 64
[  365.642847][  T448] ==> offset = 8
[  365.646636][    T1] ==> offset = 8
[  365.650556][  T447] ==> offset = 64
[  365.653762][    T1] ==> offset = 8
[  365.657346][  T448] ==> offset = 8
[  365.661231][    T1] ==> offset = 8
[  365.664464][  T448] ==> offset = 8
[  365.668109][    T1] ==> offset = 8
[  365.668133][    T1] ==> offset = 64
[  365.668141][    T1] ==> offset = 64
[  365.671755][  T447] ==> offset = 8
[  365.675243][    T1] ==> offset = 64
[  365.678885][  T447] ==> offset = 64
[  365.682341][    T1] ==> offset = 64
[  365.686081][  T447] ==> offset = 8
[  365.689748][  T448] ==> offset = 8
[  365.693355][  T447] ==> offset = 64
[  365.697031][  T448] ==> offset = 8
[  365.700716][  T447] ==> offset = 8
[  365.704170][  T448] ==> offset = 8
[  365.707744][  T447] ==> offset = 64
[  365.707769][  T447] ==> offset = 8
[  365.711388][    T1] ==> offset = 64
[  365.714992][  T447] ==> offset = 64
[  365.718664][    T1] ==> offset = 64
[  365.722338][  T447] ==> offset = 8
[  365.725924][  T448] ==> offset = 64
[  365.725934][  T448] ==> offset = 64
[  365.729544][  T447] ==> offset = 64
[  365.733064][  T448] ==> offset = 64
[  365.733073][  T448] ==> offset = 64
[  365.747908][    T1] ==> offset = 64
[  365.751435][  T448] ==> offset = 64
[  365.755580][    T1] ==> offset = 64
[  365.759156][  T448] ==> offset = 64
[  365.763204][    T1] ==> offset = 8
[  365.766486][  T448] ==> offset = 64
[  365.766502][  T448] ==> offset = 64
[  365.766620][  T448] ==> offset = 8
[  365.777512][    T1] ==> offset = 64
[  365.781437][   T26] ==> offset = 8
[  365.784739][  T448] ==> offset = 64
[  365.784904][  T448] ==> offset = 8
[  365.788353][   T26] ==> offset = 8
[  365.792012][  T448] ==> offset = 64
[  365.795598][   T26] ==> offset = 64
[  365.795611][   T26] ==> offset = 64
[  365.795837][    T1] ==> offset = 8
[  365.799238][  T448] ==> offset = 8
[  365.802776][    T1] ==> offset = 8
[  365.806528][  T448] ==> offset = 64
[  365.806587][  T448] ==> offset = 8
[  365.810202][    T1] ==> offset = 8
[  365.813705][  T448] ==> offset = 64
[  365.817270][    T1] ==> offset = 8
[  365.817279][    T1] ==> offset = 8
[  365.817286][    T1] ==> offset = 8
[  365.817294][    T1] ==> offset = 8
[  365.820932][  T448] ==> offset = 8
[  365.824638][    T1] ==> offset = 8
[  365.824651][    T1] ==> offset = 64
[  365.824659][    T1] ==> offset = 64
[  365.828265][  T448] ==> offset = 64
[  365.831873][    T1] ==> offset = 64
[  365.835493][  T448] ==> offset = 64
[  365.839246][    T1] ==> offset = 64
[  365.843126][  T448] ==> offset = 64
[  365.846737][    T1] ==> offset = 64
[  365.850464][  T448] ==> offset = 8
[  365.853963][    T1] ==> offset = 64
[  365.857626][  T448] ==> offset = 64
[  365.861681][    T1] ==> offset = 64
[  365.865443][  T448] ==> offset = 8
[  365.869243][    T1] ==> offset = 64
[  365.872779][  T448] ==> offset = 64
[  365.876851][    T1] ==> offset = 8
[  365.879966][  T448] ==> offset = 8
[  365.883574][    T1] ==> offset = 64
[  365.887308][  T448] ==> offset = 64
[  365.890986][   T12] ==> offset = 8
[  365.901804][  T448] ==> offset = 8
[  365.906894][    T1] ==> offset = 8
[  365.909345][  T161] ==> offset = 8
[  365.912603][    T1] ==> offset = 64
[  365.916491][  T449] ==> offset = 8
[  365.919908][   T12] ==> offset = 64
[  365.923509][  T449] ==> offset = 64
[  365.

syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2453860011=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 65faba364
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"65faba36470e75a1339e6f79c8631c9578786b7b\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1623c347680000


Tested on:

commit:         89cdf9d5 Merge tag 'net-6.7-rc1' of git://git.kernel.o..
git tree:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config:  https://syzkaller.appspot.com/x/.config?x=97c84b399d02b00b
dashboard link: https://syzkaller.appspot.com/bug?extid=7a9bbb158a7a1071eb27
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1423c347680000

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

 T48] page_table_check: ===> fmap check_zero 0
[  362.170604][  T505] page_table_check: ===> fmap check_zero 0
[  362.170797][  T505] page_table_check: ===> anon check_zero 0
[  362.170809][  T505] page_table_check: ===> fmap check_zero 0
[  362.170818][  T505] page_table_check: ===> anon check_zero 0
[  362.170827][  T505] page_table_check: ===> fmap check_zero 0
[  362.171069][  T505] page_table_check: ===> anon check_zero 0
[  362.176794][  T504] page_table_check: ===> fmap check_zero 0
[  362.182799][    T1] page_table_check: ===> fmap check_zero 0
[  362.188866][  T504] page_table_check: ===> anon check_zero 0
[  362.201636][    T1] page_table_check: ===> anon check_zero 0
[  362.206696][  T506] page_table_check: ===> fmap check_zero 0
[  362.218333][  T505] page_table_check: ===> fmap check_zero 0
[  362.218375][  T505] page_table_check: ===> anon check_zero 0
[  362.224199][   T48] page_table_check: ===> anon check_zero 0
[  362.230061][    T1] page_table_check: ===> fmap check_zero 0
[  362.236027][   T48] page_table_check: ===> fmap check_zero 0
[  362.241852][  T505] page_table_check: ===> fmap check_zero 0
[  362.247788][  T504] page_table_check: ===> fmap check_zero 0
[  362.253929][  T136] page_table_check: ===> anon check_zero 0
[  362.259605][  T506] page_table_check: ===> anon check_zero 0
[  362.265348][  T136] page_table_check: ===> fmap check_zero 0
[  362.271393][   T48] page_table_check: ===> anon check_zero 0
[  362.277427][    T1] page_table_check: ===> anon check_zero 0
[  362.283007][  T504] page_table_check: ===> anon check_zero 0
[  362.289355][  T505] page_table_check: ===> anon check_zero 0
[  362.295354][  T506] page_table_check: ===> fmap check_zero 0
[  362.301332][  T136] page_table_check: ===> anon check_zero 0
[  362.307509][   T48] page_table_check: ===> fmap check_zero 0
[  362.313384][    T1] page_table_check: ===> fmap check_zero 0
[  362.319135][  T504] page_table_check: ===> fmap check_zero 0
[  362.319779][  T506] page_table_check: ===> anon check_zero 0
[  362.325036][  T505] page_table_check: ===> fmap check_zero 0
[  362.331050][   T48] page_table_check: ===> anon check_zero 0
[  362.336835][  T136] page_table_check: ===> fmap check_zero 0
[  362.343553][  T506] page_table_check: ===> fmap check_zero 0
[  362.349854][  T506] page_table_check: ===> anon check_zero 0
[  362.356354][  T505] page_table_check: ===> anon check_zero 0
[  362.374065][   T48] page_table_check: ===> fmap check_zero 0
[  362.374322][  T136] page_table_check: ===> anon check_zero 0
[  362.380577][    T1] page_table_check: ===> anon check_zero 0
[  362.386242][   T48] page_table_check: ===> anon check_zero 0
[  362.392397][  T507] page_table_check: ===> anon check_zero 0
[  362.404172][  T136] page_table_check: ===> fmap check_zero 0
[  362.404185][  T136] page_table_check: ===> anon check_zero 0
[  362.404193][  T136] page_table_check: ===> fmap check_zero 0
[  362.404202][  T136] page_table_check: ===> anon check_zero 0
[  362.410304][    T1] page_table_check: ===> fmap check_zero 0
[  362.416144][  T506] page_table_check: ===> fmap check_zero 0
[  362.422138][  T505] page_table_check: ===> fmap check_zero 0
[  362.428011][   T48] page_table_check: ===> fmap check_zero 0
[  362.434082][  T507] page_table_check: ===> fmap check_zero 0
[  362.440003][  T136] page_table_check: ===> fmap check_zero 0
[  362.445999][   T26] page_table_check: ===> anon check_zero 0
[  362.451679][  T506] page_table_check: ===> anon check_zero 0
[  362.457737][  T505] page_table_check: ===> anon check_zero 0
[  362.463592][   T48] page_table_check: ===> anon check_zero 0
[  362.469633][  T507] page_table_check: ===> anon check_zero 0
[  362.475448][  T506] page_table_check: ===> fmap check_zero 0
[  362.481510][   T26] page_table_check: ===> fmap check_zero 0
[  362.487421][  T136] page_table_check: ===> anon check_zero 0
[  362.493500][  T505] page_table_check: ===> fmap check_zero 0
[  362.499315][   T48] page_table_check: ===> fmap check_zero 0
[  362.505100][   T26] page_table_check: ===> anon check_zero 0
[  362.510969][  T506] page_table_check: ===> anon check_zero 0
[  362.516841][  T507] page_table_check: ===> fmap check_zero 0
[  362.522638][  T136] page_table_check: ===> fmap check_zero 0
[  362.528771][   T26] page_table_check: ===> fmap check_zero 0
[  362.540632][   T48] page_table_check: ===> anon check_zero 0
[  362.540658][   T48] page_table_check: ===> fmap check_zero 0
[  362.546730][  T507] page_table_check: ===> anon check_zero 0
[  362.558342][  T506] page_table_check: ===> fmap check_zero 0
[  362.564168][   T26] page_table_check: ===> anon check_zero 0
[  362.570010][  T136] page_table_check: ===> anon check_zero 0
[  362.581609][   T26] page_table_check: ===> fmap check_zero 0
[  362.581624][   T26] page_table_check: ===> anon check_zero 0
[  362.581633][   T26] page_table_check: ===> fmap check_zero 0
[  362.581641][   T26] page_table_check: ===> anon check_zero 0
[  362.587428][   T48] page_table_check: ===> anon check_zero 0
[  362.593394][  T507] page_table_check: ===> fmap check_zero 0
[  362.599226][  T506] page_table_check: ===> anon check_zero 0
[  362.604935][  T507] page_table_check: ===> anon check_zero 0
[  362.610759][  T136] page_table_check: ===> fmap check_zero 0
[  362.610770][  T136] page_table_check: ===> anon check_zero 0
[  362.610778][  T136] page_table_check: ===> fmap check_zero 0
[  362.611101][   T48] page_table_check: ===> fmap check_zero 0
[  362.622499][   T26] page_table_check: ===> fmap check_zero 0
[  362.622518][   T26] page_table_check: ===> anon check_zero 0
[  362.622527][   T26] page_table_check: ===> fmap check_zero 0
[  362.622536][   T26] page_table_check: ===> anon check_zero 0
[  362.622544][   T26] page_table_check: ===> fmap check_zero 0
[  362.622553][   T26] page_table_check: ===> anon check_zero 0
[  362.622561][   T26] page_table_check: ===> fmap check_zero 0
[  362.622974][    T1] page_table_check: ===> anon check_zero 0
[  362.629089][  T508] page_table_check: ===> anon check_zero 0
[  362.634902][  T507] page_table_check: ===> fmap check_zero 0
[  362.641106][  T506] page_table_check: ===> fmap check_zero 0
[  362.647132][    T1] page_table_check: ===> fmap check_zero 0
[  362.653063][  T508] page_table_check: ===> fmap check_zero 0
[  362.653224][  T508] page_table_check: ===> anon check_zero 0
[  362.659026][  T507] page_table_check: ===> anon check_zero 0
[  362.665107][   T48] page_table_check: ===> anon check_zero 0
[  362.670977][    T1] page_table_check: ===> anon check_zero 0
[  362.676923][  T508] page_table_check: ===> fmap check_zero 0
[  362.683091][  T507] page_table_check: ===> fmap check_zero 0
[  362.689007][   T48] page_table_check: ===> fmap check_zero 0
[  362.694822][    T1] page_table_check: ===> fmap check_zero 0
[  362.700692][  T508] page_table_check: ===> anon check_zero 0
[  362.706504][    T1] page_table_check: ===> anon check_zero 0
[  362.712313][   T48] page_table_check: ===> anon check_zero 0
[  362.718102][  T507] page_table_check: ===> anon check_zero 0
[  362.724005][  T508] page_table_check: ===> fmap check_zero 0
[  362.724084][  T508] page_table_check: ===> anon check_zero 0
[  362.730443][    T1] page_table_check: ===> fmap check_zero 0
[  362.742125][   T48] page_table_check: ===> fmap check_zero 0
[  362.742140][   T48] page_table_check: ===> anon check_zero 0
[  362.742149][   T48] page_table_check: ===> fmap check_zero 0
[  362.747966][  T507] page_table_check: ===> fmap check_zero 0
[  362.754060][  T508] page_table_check: ===> fmap check_zero 0
[  362.760256][  T507] page_table_check: ===> anon check_zero 0
[  362.766035][  T508] page_table_check: ===> anon check_zero 0
[  362.771928][    T1] page_table_check: ===> anon check_zero 0
[  362.789904][   T48] page_table_check: ===> anon check_zero 0
[  362.795796][  T507] page_table_check: ===> fmap check_zero 0
[  362.801593][  T508] page_table_check: ===> fmap check_zero 0
[  362.807727][    T1] page_table_check: ===> fmap check_zero 0
[  362.813956][   T48] page_table_check: ===> fmap check_zero 0
[  362.814626][  T508] page_table_check: ===> anon check_zero 0
[  362.820477][  T507] page_table_check: ===> anon check_zero 0
[  362.826233][  T508] page_table_check: ===> fmap check_zero 0
[  362.832257][  T509] page_table_check: ===> anon check_zero 0
[  362.838122][  T508] page_table_check: ===> anon check_zero 0
[  362.844115][    T1] page_table_check: ===> anon check_zero 0
[  362.849969][  T508] page_table_check: ===> fmap check_zero 0
[  362.855798][  T509] page_table_check: ===> fmap check_zero 0
[  362.861974][  T508] page_table_check: ===> anon check_zero 0
[  362.867839][  T507] page_table_check: ===> fmap check_zero 0
[  362.873941][  T508] page_table_check: ===> fmap check_zero 0
[  362.873974][  T508] page_table_check: ===> anon check_zero 0
[  362.879897][    T1] page_table_check: ===> fmap check_zero 0
[  362.885647][  T508] page_table_check: ===> fmap check_zero 0
[  362.891568][  T509] page_table_check: ===> anon check_zero 0
[  362.897508][  T508] page_table_check: ===> anon check_zero 0
[  362.903417][    T1] page_table_check: ===> anon check_zero 0
[  362.909588][  T507] page_table_check: ===> anon check_zero 0
[  362.915670][  T509] page_table_check: ===> fmap check_zero 0
[  362.922010][  T508] page_table_check: ===> fmap check_zero 0
[  362.922268][  T507] page_table_check: ===> fmap check_zero 0
[  362.928273][    T1] page_table_check: ===> fmap check_zero 0
[  362.946173][  T507] page_table_check: ===> anon check_zero 0
[  362.951968][  T509] page_table_check: ===> anon check_zero 0
[  362.957659][  T507] page_table_check: ===> fmap check_zero 0
[  362.963596][  T509] page_table_check: ===> fmap check_zero 0
[  362.969542][  T507] page_table_check: ===> anon check_zero 0
[  362.975535][    T1] page_table_check: ===> anon check_zero 0
[  362.981655][  T507] page_table_check: ===> fmap check_zero 0
[  362.981703][  T507] page_table_check: ===> anon check_zero 0
[  362.987766][  T509] page_table_check: ===> anon check_zero 0
[  362.993978][  T507] page_table_check: ===> fmap check_zero 0
[  363.000193][  T509] page_table_check: ===> fmap check_zero 0
[  363.006135][    T1] page_table_check: ===> fmap check_zero 0
[  363.012006][  T509] page_table_check: ===> anon check_zero 0
[  363.017866][  T507] page_table_check: ===> anon check_zero 0
[  363.023838][  T509] page_table_check: ===> fmap check_zero 0
[  363.029621][    T1] page_table_check: ===> anon check_zero 0
[  363.035479][  T509] page_table_check: ===> anon check_zero 0
[  363.041486][  T507] page_table_check: ===> fmap check_zero 0
[  363.041576][  T507] page_table_check: ===> anon check_zero 0
[  363.047346][  T509] page_table_check: ===> fmap check_zero 0
[  363.053325][    T1] page_table_check: ===> fmap check_zero 0
[  363.059270][  T509] page_table_check: ===> anon check_zero 0
[  363.070877][  T507] page_table_check: ===> fmap check_zero 0
[  363.071265][  T507] page_table_check: ===> anon check_zero 0
[  363.076930][  T509] page_table_check: ===> fmap check_zero 0
[  363.100683][  T507] page_table_check: ===> fmap check_zero 0
[  363.100729][  T507] page_table_check: ===> anon check_zero 0
[  363.106822][    T1] page_table_check: ===> anon check_zero 0
[  363.112756][  T510] page_table_check: ===> anon check_zero 0
[  363.118393][    T1] page_table_check: ===> fmap check_zero 0
[  363.124401][  T507] page_table_check: ===> fmap check_zero 0
[  363.130450][  T509] page_table_check: ===> anon check_zero 0
[  363.136428][  T510] page_table_check: ===> fmap check_zero 0
[  363.142284][    T1] page_table_check: ===> anon check_zero 0
[  363.142295][    T1] page_table_check: ===> fmap check_zero 0
[  363.148284][  T507] page_table_check: ===> anon check_zero 0
[  363.154130][  T509] page_table_check: ===> fmap check_zero 0
[  363.160012][  T510] page_table_check: ===> anon check_zero 0
[  363.165742][    T1] page_table_check: ===> anon check_zero 0
[  363.171650][  T507] page_table_check: ===> fmap check_zero 0
[  363.177554][  T509] page_table_check: ===> anon check_zero 0
[  363.183343][  T510] page_table_check: ===> fmap check_zero 0
[  363.183392][  T510] page_table_check: ===> anon check_zero 0
[  363.189568][    T1] page_table_check: ===> fmap check_zero 0
[  363.195613][  T507] page_table_check: ===> anon check_zero 0
[  363.201594][  T509] page_table_check: ===> fmap check_zero 0
[  363.207478][  T510] page_table_check: ===> fmap check_zero 0
[  363.213522][    T1] page_table_check: ===> anon check_zero 0
[  363.231108][  T507] page_table_check: ===> fmap check_zero 0
[  363.231194][  T507] page_table_check: ===> anon check_zero 0
[  363.237079][  T509] page_table_check: ===> anon check_zero 0
[  363.242929][  T510] page_table_check: ===> anon check_zero 0
[  363.248848][  T509] page_table_check: ===> fmap check_zero 0
[  363.254710][  T510] page_table_check: ===> fmap check_zero 0
[  363.272200][    T1] page_table_check: ===> fmap check_zero 0
[  363.273342][    T1] page_table_check: ===> anon check_zero 0
[  363.278222][  T507] page_table_check: =

syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1863032191=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 65faba364
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=65faba36470e75a1339e6f79c8631c9578786b7b -X 'github.com/google/syzkaller/prog.gitRevisionDate=20231002-164030'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"65faba36470e75a1339e6f79c8631c9578786b7b\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=16dc951f680000


Tested on:

commit:         89cdf9d5 Merge tag 'net-6.7-rc1' of git://git.kernel.o..
git tree:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config:  https://syzkaller.appspot.com/x/.config?x=97c84b399d02b00b
dashboard link: https://syzkaller.appspot.com/bug?extid=7a9bbb158a7a1071eb27
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1313b4b7680000

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[syzbot]

syzbot suspects this issue was fixed by commit:

commit 79a61cc3fc0466ad2b7b89618a6157785f0293b3
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu Sep 12 00:11:23 2024 +0000

    mm: avoid leaving partial pfn mappings around in error case

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11f76c87980000
start commit:   cbf3a2cb156a Merge tag 'nfs-for-6.6-3' of git://git.linux-..
git tree:       upstream
kernel config:  https://syzkaller.appspot.com/x/.config?x=57da1ac039c4c78a
dashboard link: https://syzkaller.appspot.com/bug?extid=7a9bbb158a7a1071eb27
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15394721680000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=152b7af6680000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: mm: avoid leaving partial pfn mappings around in error case

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[Linus Torvalds]

#syz fix: mm: avoid leaving partial pfn mappings around in error case

Because even if I wasn't aware of the syzbot report, it does look like
a match for what the commit was meant to fix (and may have been the
source of Jann's report).

             Linus

On Sun, 20 Oct 2024 at 11:12, syzbot
<syzbot+7a9bbb158a7a1071eb27@syzkaller.appspotmail.com> wrote:
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: mm: avoid leaving partial pfn mappings around in error case

Re: [syzbot] [usb] kernel BUG in __page_table_check_zero

[Jann Horn]

On Sun, Oct 20, 2024 at 10:32 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> Because even if I wasn't aware of the syzbot report, it does look like
> a match for what the commit was meant to fix (and may have been the
> source of Jann's report).

Huh, I had no idea syzkaller had already found this one... neat.