syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1340]
Subsystems
🐞 Fixed [7118]
🐞 Invalid [18801]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

WARNING in page_add_anon_rmap

Status: upstream: reported C repro on 2023/09/18 03:57
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+6e4f59235036c3c2e296@syzkaller.appspotmail.com
Fix commit: mm-rmap-simplify-pageanonexclusive-sanity-checks-when-adding-anon-rmap-fix
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 985d, last: 980d
Cause bisection: introduced by (bisect log) :
commit b8575fa4abaa1dee1a61f1f27a86a02757310a7e
Author: David Hildenbrand <david@redhat.com>
Date: Wed Sep 13 12:51:12 2023 +0000

  mm/rmap: simplify PageAnonExclusive sanity checks when adding anon rmap

Crash: WARNING in page_add_anon_rmap (log)
Repro: C syz .config
  
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
508b43a7-3917-4ebe-8476-ec769820fc59 assessment-security 💥 WARNING in page_add_anon_rmap 2026/05/21 19:54 2026/05/21 19:54 2026/05/21 20:16 d57425845dbe663f86e1e54a4997e95bd557b624 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/7dad0f3d23db2e0a4bd76cf42bb420ffbdeb7834" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: include/linux/thread_info.h:244:4: error: call to '__bad_copy_from' declared with 'error' attribute: copy source size is too small * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF typeinfo (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FORCE_WEAK_PER_CPU) [N/y/?] n In file included from /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/arch/x86/kernel/asm-offsets.c:14: In file included from /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/include/linux/suspend.h:5: In file included from /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/include/linux/swap.h:9: In file included from /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/include/linux/memcontrol.h:20: In file included from /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/include/linux/mm.h:2168: /app/workdir/cache/src/0f15f6c009a246cd58184e39086c0fbec8c8ca1d/include/linux/vmstat.h:500:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion] 500 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS + |
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] [mm?] WARNING in page_add_anon_rmap 4 (7) 2023/09/18 13:14
Re: [PATCH v1 5/6] mm/rmap: simplify PageAnonExclusive sanity checks when adding anon rmap 1 (1) 2023/09/18 09:59
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/09/18 12:53 19m david@redhat.com patch linux-next OK log
2023/09/18 12:32 1m willy@infradead.org patch linux-next error

Sample crash report:
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
page last free stack trace:
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1138 [inline]
 free_unref_page+0x554/0xd70 mm/page_alloc.c:2460
 free_contig_range+0xb6/0x190 mm/page_alloc.c:6396
 destroy_args+0x768/0x990 mm/debug_vm_pgtable.c:1028
 debug_vm_pgtable+0x1d79/0x3df0 mm/debug_vm_pgtable.c:1408
 do_one_initcall+0x117/0x630 init/main.c:1232
 do_initcall_level init/main.c:1294 [inline]
 do_initcalls init/main.c:1310 [inline]
 do_basic_setup init/main.c:1329 [inline]
 kernel_init_freeable+0x5c2/0x8f0 init/main.c:1547
 kernel_init+0x1c/0x2a0 init/main.c:1437
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5044 at mm/rmap.c:1252 page_add_anon_rmap+0xc33/0x1a70 mm/rmap.c:1252
Modules linked in:
CPU: 0 PID: 5044 Comm: syz-executor328 Not tainted 6.6.0-rc1-next-20230915-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
RIP: 0010:page_add_anon_rmap+0xc33/0x1a70 mm/rmap.c:1252
Code: 48 c1 eb 11 83 e3 01 89 de e8 b9 d7 b8 ff 84 db 0f 84 36 fb ff ff e8 7c dc b8 ff 48 c7 c6 00 83 99 8a 4c 89 e7 e8 dd 02 f7 ff <0f> 0b e9 1b fb ff ff e8 61 dc b8 ff 49 89 dd 31 ff 41 81 e5 ff 0f
RSP: 0018:ffffc90003b2f6d8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88807daf8000 RSI: ffffffff81cf09f3 RDI: ffffffff8ae93c60
RBP: ffff88801e872200 R08: 0000000000000000 R09: fffffbfff1d9cd5a
R10: ffffffff8ece6ad7 R11: 0000000000000001 R12: ffffea0001c90000
R13: 00fff800000a0078 R14: 0000000000000000 R15: ffffea0001ca8008
FS:  0000555555bbd380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020123008 CR3: 0000000075b7b000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __split_huge_pmd_locked mm/huge_memory.c:2276 [inline]
 __split_huge_pmd+0x17d5/0x31e0 mm/huge_memory.c:2320
 split_huge_pmd_address mm/huge_memory.c:2336 [inline]
 split_huge_pmd_if_needed mm/huge_memory.c:2348 [inline]
 split_huge_pmd_if_needed mm/huge_memory.c:2339 [inline]
 vma_adjust_trans_huge+0x2da/0x560 mm/huge_memory.c:2360
 __split_vma+0xba3/0x1070 mm/mmap.c:2376
 do_vmi_align_munmap+0x2c3/0x15f0 mm/mmap.c:2462
 do_vmi_munmap+0x20e/0x450 mm/mmap.c:2621
 do_munmap+0xb1/0xf0 mm/mmap.c:2637
 mremap_to mm/mremap.c:906 [inline]
 __do_sys_mremap+0x13ff/0x1730 mm/mremap.c:1058
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3fcf93b329
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff59b1f0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
RAX: ffffffffffffffda RBX: 00007fff59b1f2a8 RCX: 00007f3fcf93b329
RDX: 0000000000004000 RSI: 0000000000001000 RDI: 0000000020f18000
RBP: 00007f3fcf9ae610 R08: 000000002052f000 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff59b1f298 R14: 0000000000000001 R15: 0000000000000001
 </TASK>

Crashes (1041):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/09/15 23:41 linux-next dfa449a58323 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/14 11:45 linux-next 98897dc735cf 0b6a67ac .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 06:24 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 05:56 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 04:48 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 03:45 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 02:20 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 02:16 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/19 01:09 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 23:35 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 22:25 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 22:03 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 21:03 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 19:52 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 18:34 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 18:22 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 16:50 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 15:20 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 14:15 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 13:14 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 13:02 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 11:58 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 11:15 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 10:19 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 09:53 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 08:52 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 08:30 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 07:29 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 06:43 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 06:23 linux-next 7fc7222d9680 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 04:18 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 03:06 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 02:04 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/18 00:32 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 23:26 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 22:25 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 21:17 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 20:54 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 19:44 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 18:36 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 17:26 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 16:40 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 15:19 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
2023/09/17 14:03 linux-next dfa449a58323 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in page_add_anon_rmap
* Struck through repros no longer work on HEAD.