-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pkg/report: improve Bad page state parsing
Take a frame from the stack trace that is included in the bug report.
- Loading branch information
Showing
6 changed files
with
333 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
TITLE: BUG: Bad page state in __get_metapage | ||
|
||
[ 65.499023][ T5098] BUG: Bad page state in process syz-executor209 pfn:7deea | ||
[ 65.506426][ T5098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2e pfn:0x7deea | ||
[ 65.515426][ T5098] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff) | ||
[ 65.525041][ T5098] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000 | ||
[ 65.534267][ T5098] raw: 000000000000002e ffff88807a2723e0 00000000ffffffff 0000000000000000 | ||
[ 65.544378][ T5098] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set | ||
[ 65.552063][ T5098] page_owner tracks the page as allocated | ||
[ 65.557890][ T5098] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5096, tgid 5096 (syz-executor209), ts 64771645974, free_ts 55604629154 | ||
[ 65.575967][ T5098] post_alloc_hook+0x1f3/0x230 | ||
[ 65.581043][ T5098] get_page_from_freelist+0x2e4c/0x2f10 | ||
[ 65.586581][ T5098] __alloc_pages_noprof+0x256/0x6c0 | ||
[ 65.591814][ T5098] alloc_pages_mpol_noprof+0x3e8/0x680 | ||
[ 65.597377][ T5098] folio_alloc_noprof+0x128/0x180 | ||
[ 65.602555][ T5098] filemap_alloc_folio_noprof+0xdf/0x500 | ||
[ 65.608226][ T5098] __filemap_get_folio+0x44e/0xc10 | ||
[ 65.613415][ T5098] pagecache_get_page+0x2c/0x200 | ||
[ 65.618395][ T5098] __get_metapage+0x2b4/0x1050 | ||
[ 65.623241][ T5098] diNewExt+0xacf/0x37e0 | ||
[ 65.627506][ T5098] diAllocAG+0xbec/0x1e50 | ||
[ 65.631904][ T5098] diAlloc+0x1d3/0x1760 | ||
[ 65.636073][ T5098] ialloc+0x8f/0x900 | ||
[ 65.640305][ T5098] jfs_mkdir+0x1c5/0xba0 | ||
[ 65.644572][ T5098] vfs_mkdir+0x2f9/0x4f0 | ||
[ 65.649859][ T5098] do_mkdirat+0x264/0x3a0 | ||
[ 65.654284][ T5098] page last free pid 5083 tgid 5083 stack trace: | ||
[ 65.660639][ T5098] free_unref_page+0xd19/0xea0 | ||
[ 65.665445][ T5098] __folio_put+0x3b9/0x620 | ||
[ 65.669903][ T5098] pipe_read+0x6f2/0x13e0 | ||
[ 65.674239][ T5098] vfs_read+0x9bd/0xbc0 | ||
[ 65.678383][ T5098] ksys_read+0x1a0/0x2c0 | ||
[ 65.682755][ T5098] do_syscall_64+0xf3/0x230 | ||
[ 65.687248][ T5098] entry_SYSCALL_64_after_hwframe+0x77/0x7f | ||
[ 65.693191][ T5098] Modules linked in: | ||
[ 65.697091][ T5098] CPU: 1 PID: 5098 Comm: syz-executor209 Tainted: G B 6.10.0-syzkaller-11185-g2c9b3512402e #0 | ||
[ 65.708700][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 | ||
[ 65.718739][ T5098] Call Trace: | ||
[ 65.722087][ T5098] <TASK> | ||
[ 65.725017][ T5098] dump_stack_lvl+0x241/0x360 | ||
[ 65.729680][ T5098] ? __pfx_dump_stack_lvl+0x10/0x10 | ||
[ 65.734999][ T5098] ? __pfx_print_modules+0x10/0x10 | ||
[ 65.740186][ T5098] bad_page+0x14c/0x170 | ||
[ 65.744419][ T5098] free_unref_folios+0x1121/0x19c0 | ||
[ 65.749552][ T5098] folios_put_refs+0x93a/0xa60 | ||
[ 65.754346][ T5098] ? __pfx_folios_put_refs+0x10/0x10 | ||
[ 65.759645][ T5098] ? _raw_spin_unlock_irqrestore+0xdd/0x140 | ||
[ 65.765650][ T5098] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 | ||
[ 65.772192][ T5098] ? rcu_is_watching+0x15/0xb0 | ||
[ 65.776979][ T5098] ? lru_add_fn+0xbb6/0x1a20 | ||
[ 65.781579][ T5098] folio_batch_move_lru+0x5d7/0x690 | ||
[ 65.786782][ T5098] ? __pfx_lru_add_fn+0x10/0x10 | ||
[ 65.791629][ T5098] ? __pfx_folio_batch_move_lru+0x10/0x10 | ||
[ 65.797339][ T5098] ? folio_batch_add_and_move+0x98/0x2b0 | ||
[ 65.802960][ T5098] ? __pfx_lru_add_fn+0x10/0x10 | ||
[ 65.807805][ T5098] folio_add_lru+0x39c/0x9e0 | ||
[ 65.812384][ T5098] ? folio_add_lru+0x27b/0x9e0 | ||
[ 65.817222][ T5098] shmem_alloc_and_add_folio+0xa49/0xdb0 | ||
[ 65.822859][ T5098] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 | ||
[ 65.829010][ T5098] shmem_get_folio_gfp+0x82d/0x1f50 | ||
[ 65.834508][ T5098] ? __pfx_shmem_get_folio_gfp+0x10/0x10 | ||
[ 65.840231][ T5098] ? __pfx_reacquire_held_locks+0x10/0x10 | ||
[ 65.846142][ T5098] ? fault_in_readable+0x1a6/0x2b0 | ||
[ 65.851451][ T5098] shmem_write_begin+0x170/0x4d0 | ||
[ 65.856709][ T5098] ? __pfx_shmem_write_begin+0x10/0x10 | ||
[ 65.862359][ T5098] ? fault_in_iov_iter_readable+0x229/0x280 | ||
[ 65.868247][ T5098] generic_perform_write+0x399/0x840 | ||
[ 65.873536][ T5098] ? __pfx_generic_perform_write+0x10/0x10 | ||
[ 65.879333][ T5098] ? preempt_count_add+0x93/0x190 | ||
[ 65.884345][ T5098] ? mnt_put_write_access_file+0xbb/0x100 | ||
[ 65.890052][ T5098] ? file_update_time+0x3b8/0x430 | ||
[ 65.895067][ T5098] shmem_file_write_iter+0xfc/0x120 | ||
[ 65.900278][ T5098] vfs_write+0xa72/0xc90 | ||
[ 65.904612][ T5098] ? __pfx_shmem_file_write_iter+0x10/0x10 | ||
[ 65.910413][ T5098] ? __pfx_vfs_write+0x10/0x10 | ||
[ 65.915167][ T5098] ? lockdep_hardirqs_on+0x99/0x150 | ||
[ 65.920365][ T5098] ksys_write+0x1a0/0x2c0 | ||
[ 65.924692][ T5098] ? __pfx_ksys_write+0x10/0x10 | ||
[ 65.929622][ T5098] ? exc_page_fault+0x590/0x8c0 | ||
[ 65.934489][ T5098] do_syscall_64+0xf3/0x230 | ||
[ 65.939067][ T5098] ? clear_bhb_loop+0x35/0x90 | ||
[ 65.943734][ T5098] entry_SYSCALL_64_after_hwframe+0x77/0x7f | ||
[ 65.949988][ T5098] RIP: 0033:0x7f7b5710bee0 | ||
[ 65.954598][ T5098] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d c1 f1 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 | ||
[ 65.974381][ T5098] RSP: 002b:00007fffc1930558 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 | ||
[ 65.982795][ T5098] RAX: ffffffffffffffda RBX: 00007fffc1930570 RCX: 00007f7b5710bee0 | ||
[ 65.990759][ T5098] RDX: 0000000001000000 RSI: 00007f7b4ec00000 RDI: 0000000000000003 | ||
[ 65.998722][ T5098] RBP: 00007f7b4ec00000 R08: 0000000000005dd3 R09: 0000000000005dcf | ||
[ 66.006680][ T5098] R10: 0000000000000774 R11: 0000000000000202 R12: 00007fffc1930710 | ||
[ 66.014645][ T5098] R13: 00007fffc19305b0 R14: 0000000000000003 R15: 0000000001000000 | ||
[ 66.022611][ T5098] </TASK> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
TITLE: BUG: Bad page state in bpf_test_run_xdp_live | ||
EXECUTOR: proc=3, id=584 | ||
|
||
[ 360.589544][ T8978] BUG: Bad page state in process syz.3.584 pfn:7071f | ||
[ 360.597807][ T8978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f467f1e8 pfn:0x7071f | ||
[ 360.607825][ T8978] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) | ||
[ 360.615503][ T8978] raw: 00fff00000000000 dead000000000040 ffff888062a17000 0000000000000000 | ||
[ 360.624597][ T8978] raw: 00000007f467f1e8 0000000000000001 00000000ffffffff 0000000000000000 | ||
[ 360.633711][ T8978] page dumped because: page_pool leak | ||
[ 360.639671][ T8978] page_owner tracks the page as allocated | ||
[ 360.646064][ T8978] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 8978, tgid 8974 (syz.3.584), ts 360393802361, free_ts 357078876492 | ||
[ 360.665078][ T8978] post_alloc_hook+0x1f3/0x230 | ||
[ 360.670446][ T8978] get_page_from_freelist+0x2e4c/0x2f10 | ||
SYZFAIL: failed to recv rpc | ||
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) | ||
[ 360.676464][ T8978] __alloc_pages_noprof+0x256/0x6c0 | ||
[ 360.682165][ T8978] alloc_pages_bulk_noprof+0x729/0xd40 | ||
[ 360.687981][ T8978] __page_pool_alloc_pages_slow+0x138/0x690 | ||
[ 360.694427][ T8978] page_pool_alloc_pages+0xcb/0x150 | ||
[ 360.700249][ T8978] bpf_test_run_xdp_live+0x939/0x2110 | ||
[ 360.706140][ T8978] bpf_prog_test_run_xdp+0x80e/0x11b0 | ||
[ 360.711890][ T8978] bpf_prog_test_run+0x33a/0x3b0 | ||
[ 360.717211][ T8978] __sys_bpf+0x48d/0x810 | ||
[ 360.721880][ T8978] __x64_sys_bpf+0x7c/0x90 | ||
[ 360.726896][ T8978] do_syscall_64+0xf3/0x230 | ||
[ 360.731978][ T8978] entry_SYSCALL_64_after_hwframe+0x77/0x7f | ||
[ 360.738203][ T8978] page last free pid 8932 tgid 8930 stack trace: | ||
[ 360.744932][ T8978] free_unref_page+0xd22/0xea0 | ||
[ 360.750056][ T8978] vfree+0x186/0x2e0 | ||
[ 360.754447][ T8978] bpf_check+0x7daa/0x19630 | ||
[ 360.759581][ T8978] bpf_prog_load+0x1667/0x20f0 | ||
[ 360.764781][ T8978] __sys_bpf+0x4ee/0x810 | ||
[ 360.769481][ T8978] __x64_sys_bpf+0x7c/0x90 | ||
[ 360.774349][ T8978] do_syscall_64+0xf3/0x230 | ||
[ 360.779190][ T8978] entry_SYSCALL_64_after_hwframe+0x77/0x7f | ||
[ 360.785680][ T8978] Modules linked in: | ||
[ 360.790303][ T8978] CPU: 1 UID: 0 PID: 8978 Comm: syz.3.584 Not tainted 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0 | ||
[ 360.800948][ T8978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 | ||
[ 360.811056][ T8978] Call Trace: | ||
[ 360.814367][ T8978] <TASK> | ||
[ 360.817327][ T8978] dump_stack_lvl+0x241/0x360 | ||
[ 360.822051][ T8978] ? __pfx_dump_stack_lvl+0x10/0x10 | ||
[ 360.827292][ T8978] ? __pfx_print_modules+0x10/0x10 | ||
[ 360.832477][ T8978] bad_page+0x18e/0x200 | ||
[ 360.836687][ T8978] free_unref_page+0xe47/0xea0 | ||
[ 360.841504][ T8978] ? compound_order+0x1a/0x60 | ||
[ 360.846238][ T8978] skb_release_data+0x6b2/0x880 | ||
[ 360.851155][ T8978] sk_skb_reason_drop+0x1a5/0x3d0 | ||
[ 360.856235][ T8978] __netif_receive_skb_core+0x3edd/0x4570 | ||
[ 360.862030][ T8978] ? trace_call_bpf+0x613/0x8a0 | ||
[ 360.866928][ T8978] ? trace_call_bpf+0x613/0x8a0 | ||
[ 360.871832][ T8978] ? __pfx___netif_receive_skb_core+0x10/0x10 | ||
[ 360.877954][ T8978] ? __pfx_trace_call_bpf+0x10/0x10 | ||
[ 360.883200][ T8978] ? __pfx_trace_call_bpf+0x10/0x10 | ||
[ 360.888548][ T8978] ? mark_lock+0x9a/0x350 | ||
[ 360.892935][ T8978] ? perf_trace_run_bpf_submit+0x10b/0x180 | ||
[ 360.898792][ T8978] ? perf_trace_preemptirq_template+0x2d2/0x3f0 | ||
[ 360.905089][ T8978] ? irqentry_enter+0x39/0x60 | ||
[ 360.909829][ T8978] __netif_receive_skb_list_core+0x2b7/0x980 | ||
[ 360.916050][ T8978] ? lockdep_hardirqs_on+0x99/0x150 | ||
[ 360.921285][ T8978] ? __pfx___netif_receive_skb_list_core+0x10/0x10 | ||
[ 360.927908][ T8978] ? netif_receive_skb_list_internal+0x970/0xe30 | ||
[ 360.934260][ T8978] ? netif_receive_skb_list_internal+0x4e8/0xe30 | ||
[ 360.940714][ T8978] netif_receive_skb_list_internal+0xa51/0xe30 | ||
[ 360.946925][ T8978] ? netif_receive_skb_list_internal+0x4e8/0xe30 | ||
[ 360.953322][ T8978] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 | ||
[ 360.960049][ T8978] ? __pfx_eth_type_trans+0x10/0x10 | ||
[ 360.965352][ T8978] ? __phys_addr+0xba/0x170 | ||
[ 360.969866][ T8978] ? build_skb_around+0x111/0x260 | ||
[ 360.974911][ T8978] ? __xdp_build_skb_from_frame+0x338/0x650 | ||
[ 360.980856][ T8978] netif_receive_skb_list+0x55/0x4b0 | ||
[ 360.986167][ T8978] bpf_test_run_xdp_live+0x1af6/0x2110 | ||
[ 360.991638][ T8978] ? bpf_dispatcher_change_prog+0xd8b/0xf10 | ||
[ 360.997569][ T8978] ? bpf_test_run_xdp_live+0x5bf/0x2110 | ||
[ 361.003126][ T8978] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 | ||
[ 361.008944][ T8978] ? synchronize_rcu+0x11b/0x360 | ||
[ 361.013919][ T8978] ? __pfx_synchronize_rcu+0x10/0x10 | ||
[ 361.019246][ T8978] ? __pfx_bpf_dispatcher_change_prog+0x10/0x10 | ||
[ 361.025607][ T8978] ? __pfx_xdp_test_run_init_page+0x10/0x10 | ||
[ 361.031528][ T8978] ? bpf_prog_test_run_xdp+0x746/0x11b0 | ||
[ 361.037260][ T8978] ? bpf_prog_change_xdp+0x12/0x30 | ||
[ 361.042399][ T8978] bpf_prog_test_run_xdp+0x80e/0x11b0 | ||
[ 361.047821][ T8978] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 | ||
[ 361.053692][ T8978] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 | ||
[ 361.059702][ T8978] bpf_prog_test_run+0x33a/0x3b0 | ||
[ 361.064663][ T8978] __sys_bpf+0x48d/0x810 | ||
[ 361.068922][ T8978] ? __pfx___sys_bpf+0x10/0x10 | ||
[ 361.073696][ T8978] ? lockdep_hardirqs_on_prepare+0x43d/0x780 | ||
[ 361.079816][ T8978] __x64_sys_bpf+0x7c/0x90 | ||
[ 361.084250][ T8978] do_syscall_64+0xf3/0x230 | ||
[ 361.088855][ T8978] ? clear_bhb_loop+0x35/0x90 | ||
[ 361.093554][ T8978] entry_SYSCALL_64_after_hwframe+0x77/0x7f | ||
[ 361.099477][ T8978] RIP: 0033:0x7f90d937def9 | ||
[ 361.103911][ T8978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 | ||
[ 361.123535][ T8978] RSP: 002b:00007f90da180038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 | ||
[ 361.132052][ T8978] RAX: ffffffffffffffda RBX: 00007f90d9536058 RCX: 00007f90d937def9 | ||
[ 361.140056][ T8978] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a | ||
[ 361.148036][ T8978] RBP: 00007f90d93f0b76 R08: 0000000000000000 R09: 0000000000000000 | ||
[ 361.156015][ T8978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 | ||
[ 361.164079][ T8978] R13: 0000000000000000 R14: 00007f90d9536058 R15: 00007fff89b68ce8 | ||
[ 361.172081][ T8978] </TASK> | ||
[ 361.175540][ T8978] Disabling lock debugging due to kernel taint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
TITLE: BUG: Bad page state in hash_sendmsg | ||
|
||
[ 35.932064][ T5991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 | ||
[ 35.995178][ T6018] BUG: Bad page state in process syz-executor.0 pfn:1b317b | ||
[ 35.997385][ T6018] page:00000000b430fc6f refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b317b | ||
[ 36.000175][ T6018] flags: 0x5ffc00000001000(reserved|node=0|zone=2|lastcpupid=0x7ff) | ||
[ 36.002273][ T6018] page_type: 0xffffffff() | ||
[ 36.003460][ T6018] raw: 05ffc00000001000 fffffc0005cc5ec8 fffffc0005cc5ec8 0000000000000000 | ||
[ 36.007695][ T6018] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 | ||
[ 36.010002][ T6018] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set | ||
[ 36.011953][ T6018] Modules linked in: | ||
[ 36.012969][ T6018] CPU: 0 PID: 6018 Comm: syz-executor.0 Not tainted 6.5.0-rc5-syzkaller-g6f09e57d8cf6 #0 | ||
[ 36.015567][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 | ||
[ 36.018153][ T6018] Call trace: | ||
[ 36.018992][ T6018] dump_backtrace+0x1b8/0x1e4 | ||
[ 36.020256][ T6018] show_stack+0x2c/0x44 | ||
[ 36.021336][ T6018] dump_stack_lvl+0xd0/0x124 | ||
[ 36.022575][ T6018] dump_stack+0x1c/0x28 | ||
[ 36.023621][ T6018] bad_page+0x1a4/0x1c4 | ||
[ 36.024713][ T6018] free_page_is_bad_report+0xf4/0x16c | ||
[ 36.026129][ T6018] free_unref_page_prepare+0x988/0xadc | ||
[ 36.027548][ T6018] free_unref_page+0x80/0x3dc | ||
[ 36.028762][ T6018] __folio_put+0xd0/0x12c | ||
[ 36.029926][ T6018] extract_iter_to_sg+0xb94/0x1c08 | ||
[ 36.031259][ T6018] hash_sendmsg+0x480/0xe84 | ||
[ 36.032439][ T6018] ____sys_sendmsg+0x56c/0x840 | ||
[ 36.033674][ T6018] __sys_sendmmsg+0x318/0x7d8 | ||
[ 36.034854][ T6018] __arm64_sys_sendmmsg+0xa0/0xbc | ||
[ 36.036158][ T6018] invoke_syscall+0x98/0x2b8 | ||
[ 36.037379][ T6018] el0_svc_common+0x130/0x23c | ||
[ 36.038638][ T6018] do_el0_svc+0x48/0x58 | ||
[ 36.039718][ T6018] el0_svc+0x58/0x16c | ||
[ 36.040787][ T6018] el0t_64_sync_handler+0x84/0xfc | ||
[ 36.042086][ T6018] el0t_64_sync+0x190/0x194 | ||
[ 36.045588][ T6018] Disabling lock debugging due to kernel taint |
Oops, something went wrong.