On Wed, Mar 20, 2019 at 05:01:51PM -0700, Andrew Morton wrote: > > kcov_mmap()/kcov_fault_in_area() appear to have produced a pte which > confused _vm_normal_page(). Could someone please take a look? > > > Begin forwarded message: > > Date: Thu, 14 Mar 2019 15:06:47 +0000 > From: bugzilla-daemon@xxxxxxxxxxxxxxxxxxx > To: akpm@xxxxxxxxxxxxxxxxxxxx > Subject: [Bug 202919] New: Bad page map in process syz-executor.5 pte:9100000081 pmd:47c67067 > > > https://bugzilla.kernel.org/show_bug.cgi?id=202919 > > Bug ID: 202919 > Summary: Bad page map in process syz-executor.5 pte:9100000081 > pmd:47c67067 > Product: Memory Management > Version: 2.5 > Kernel Version: 5.0.2 > Hardware: All > OS: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Page Allocator > Assignee: akpm@xxxxxxxxxxxxxxxxxxxx > Reporter: zhanggen12@xxxxxxxxxxx > Regression: No > > Created attachment 281823 > --> https://bugzilla.kernel.org/attachment.cgi?id=281823&action=edit > bad page map > > BUG: Bad page map in process syz-executor.5 pte:9100000081 pmd:47c67067 > addr:00000000768464c8 vm_flags:100400fb anon_vma: (null) > mapping:000000009265a729 index:18f > file:kcov fault: (null) mmap:kcov_mmap readpage: (null) > CPU: 0 PID: 30290 Comm: syz-executor.5 Not tainted 5.0.2 #1 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0xca/0x13e lib/dump_stack.c:113 > print_bad_pte.cold.120+0x2c7/0x2f0 mm/memory.c:526 > _vm_normal_page+0x111/0x2b0 mm/memory.c:612 Hm. This is print_bad_pte() under 'if (IS_ENABLED(CONFIG_ARCH_HAS_PTE_SPECIAL))'. I don't see how would we get there since pte (0x9100000081) doesn't have special flag set (0x200). 'if (likely(!pte_special(pte)))' should not not allow us to get there. Very strange. -- Kirill A. Shutemov
