pkg/report: improve Bad page state parsing

pkg/report/linux.go

@@ -1330,6 +1330,7 @@ var linuxStackParams = &stackParams{
 		"__fortify_report",
 		"cleanup_srcu_struct",
 		"rhashtable_lookup",
+		"extract_(user|iter)_to_sg",
 	},
 	corruptedLines: []*regexp.Regexp{
 		// Fault injection stacks are frequently intermixed with crash reports.
@@ -1634,8 +1635,21 @@ var linuxOopses = append([]*oops{
 				alt:    []string{"BUG: Dentry still in use [%[1]v of %[2]v]"},
 			},
 			{
-				title: compile("BUG: Bad page state"),
-				fmt:   "BUG: Bad page state",
+				title: compile("BUG: Bad page (state|cache)"),
+				fmt:   "BUG: Bad page %[1]v in %[2]v",
+				stack: &stackFmt{
+					// TODO: on arm64, for some reason we don't see the page origin backtrace.
+					// We see the stack trace where the bug was detected, but we consider it to be
+					// not sufficient to reliably group crashes.
+					// So Bad page reports on arm64 for now will end up marked as corrupted.
+					parts: []*regexp.Regexp{
+						compile(`page last allocated`),
+						parseStackTrace,
+					},
+					skip: []string{"(free|put|get|update|release)_page",
+						"free_unref", "^_*folio", "truncate_inode_pages",
+						"page_frag_free", "alloc", "vmap"},
+				},
 			},
 			{
 				title: compile("BUG: Bad page map"),

pkg/report/testdata/linux/report/725

@@ -0,0 +1,91 @@
+TITLE: BUG: Bad page state in __get_metapage
+
+[   65.499023][ T5098] BUG: Bad page state in process syz-executor209  pfn:7deea
+[   65.506426][ T5098] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2e pfn:0x7deea
+[   65.515426][ T5098] flags: 0xfff0000000400c(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
+[   65.525041][ T5098] raw: 00fff0000000400c dead000000000100 dead000000000122 0000000000000000
+[   65.534267][ T5098] raw: 000000000000002e ffff88807a2723e0 00000000ffffffff 0000000000000000
+[   65.544378][ T5098] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
+[   65.552063][ T5098] page_owner tracks the page as allocated
+[   65.557890][ T5098] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 5096, tgid 5096 (syz-executor209), ts 64771645974, free_ts 55604629154
+[   65.575967][ T5098]  post_alloc_hook+0x1f3/0x230
+[   65.581043][ T5098]  get_page_from_freelist+0x2e4c/0x2f10
+[   65.586581][ T5098]  __alloc_pages_noprof+0x256/0x6c0
+[   65.591814][ T5098]  alloc_pages_mpol_noprof+0x3e8/0x680
+[   65.597377][ T5098]  folio_alloc_noprof+0x128/0x180
+[   65.602555][ T5098]  filemap_alloc_folio_noprof+0xdf/0x500
+[   65.608226][ T5098]  __filemap_get_folio+0x44e/0xc10
+[   65.613415][ T5098]  pagecache_get_page+0x2c/0x200
+[   65.618395][ T5098]  __get_metapage+0x2b4/0x1050
+[   65.623241][ T5098]  diNewExt+0xacf/0x37e0
+[   65.627506][ T5098]  diAllocAG+0xbec/0x1e50
+[   65.631904][ T5098]  diAlloc+0x1d3/0x1760
+[   65.636073][ T5098]  ialloc+0x8f/0x900
+[   65.640305][ T5098]  jfs_mkdir+0x1c5/0xba0
+[   65.644572][ T5098]  vfs_mkdir+0x2f9/0x4f0
+[   65.649859][ T5098]  do_mkdirat+0x264/0x3a0
+[   65.654284][ T5098] page last free pid 5083 tgid 5083 stack trace:
+[   65.660639][ T5098]  free_unref_page+0xd19/0xea0
+[   65.665445][ T5098]  __folio_put+0x3b9/0x620
+[   65.669903][ T5098]  pipe_read+0x6f2/0x13e0
+[   65.674239][ T5098]  vfs_read+0x9bd/0xbc0
+[   65.678383][ T5098]  ksys_read+0x1a0/0x2c0
+[   65.682755][ T5098]  do_syscall_64+0xf3/0x230
+[   65.687248][ T5098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
+[   65.693191][ T5098] Modules linked in:
+[   65.697091][ T5098] CPU: 1 PID: 5098 Comm: syz-executor209 Tainted: G    B              6.10.0-syzkaller-11185-g2c9b3512402e #0
+[   65.708700][ T5098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
+[   65.718739][ T5098] Call Trace:
+[   65.722087][ T5098]  <TASK>
+[   65.725017][ T5098]  dump_stack_lvl+0x241/0x360
+[   65.729680][ T5098]  ? __pfx_dump_stack_lvl+0x10/0x10
+[   65.734999][ T5098]  ? __pfx_print_modules+0x10/0x10
+[   65.740186][ T5098]  bad_page+0x14c/0x170
+[   65.744419][ T5098]  free_unref_folios+0x1121/0x19c0
+[   65.749552][ T5098]  folios_put_refs+0x93a/0xa60
+[   65.754346][ T5098]  ? __pfx_folios_put_refs+0x10/0x10
+[   65.759645][ T5098]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
+[   65.765650][ T5098]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
+[   65.772192][ T5098]  ? rcu_is_watching+0x15/0xb0
+[   65.776979][ T5098]  ? lru_add_fn+0xbb6/0x1a20
+[   65.781579][ T5098]  folio_batch_move_lru+0x5d7/0x690
+[   65.786782][ T5098]  ? __pfx_lru_add_fn+0x10/0x10
+[   65.791629][ T5098]  ? __pfx_folio_batch_move_lru+0x10/0x10
+[   65.797339][ T5098]  ? folio_batch_add_and_move+0x98/0x2b0
+[   65.802960][ T5098]  ? __pfx_lru_add_fn+0x10/0x10
+[   65.807805][ T5098]  folio_add_lru+0x39c/0x9e0
+[   65.812384][ T5098]  ? folio_add_lru+0x27b/0x9e0
+[   65.817222][ T5098]  shmem_alloc_and_add_folio+0xa49/0xdb0
+[   65.822859][ T5098]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
+[   65.829010][ T5098]  shmem_get_folio_gfp+0x82d/0x1f50
+[   65.834508][ T5098]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
+[   65.840231][ T5098]  ? __pfx_reacquire_held_locks+0x10/0x10
+[   65.846142][ T5098]  ? fault_in_readable+0x1a6/0x2b0
+[   65.851451][ T5098]  shmem_write_begin+0x170/0x4d0
+[   65.856709][ T5098]  ? __pfx_shmem_write_begin+0x10/0x10
+[   65.862359][ T5098]  ? fault_in_iov_iter_readable+0x229/0x280
+[   65.868247][ T5098]  generic_perform_write+0x399/0x840
+[   65.873536][ T5098]  ? __pfx_generic_perform_write+0x10/0x10
+[   65.879333][ T5098]  ? preempt_count_add+0x93/0x190
+[   65.884345][ T5098]  ? mnt_put_write_access_file+0xbb/0x100
+[   65.890052][ T5098]  ? file_update_time+0x3b8/0x430
+[   65.895067][ T5098]  shmem_file_write_iter+0xfc/0x120
+[   65.900278][ T5098]  vfs_write+0xa72/0xc90
+[   65.904612][ T5098]  ? __pfx_shmem_file_write_iter+0x10/0x10
+[   65.910413][ T5098]  ? __pfx_vfs_write+0x10/0x10
+[   65.915167][ T5098]  ? lockdep_hardirqs_on+0x99/0x150
+[   65.920365][ T5098]  ksys_write+0x1a0/0x2c0
+[   65.924692][ T5098]  ? __pfx_ksys_write+0x10/0x10
+[   65.929622][ T5098]  ? exc_page_fault+0x590/0x8c0
+[   65.934489][ T5098]  do_syscall_64+0xf3/0x230
+[   65.939067][ T5098]  ? clear_bhb_loop+0x35/0x90
+[   65.943734][ T5098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
+[   65.949988][ T5098] RIP: 0033:0x7f7b5710bee0
+[   65.954598][ T5098] Code: 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d c1 f1 07 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89
+[   65.974381][ T5098] RSP: 002b:00007fffc1930558 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
+[   65.982795][ T5098] RAX: ffffffffffffffda RBX: 00007fffc1930570 RCX: 00007f7b5710bee0
+[   65.990759][ T5098] RDX: 0000000001000000 RSI: 00007f7b4ec00000 RDI: 0000000000000003
+[   65.998722][ T5098] RBP: 00007f7b4ec00000 R08: 0000000000005dd3 R09: 0000000000005dcf
+[   66.006680][ T5098] R10: 0000000000000774 R11: 0000000000000202 R12: 00007fffc1930710
+[   66.014645][ T5098] R13: 00007fffc19305b0 R14: 0000000000000003 R15: 0000000001000000
+[   66.022611][ T5098]  </TASK>

pkg/report/testdata/linux/report/726

@@ -0,0 +1,102 @@
+TITLE: BUG: Bad page state in bpf_test_run_xdp_live
+EXECUTOR: proc=3, id=584
+
+[  360.589544][ T8978] BUG: Bad page state in process syz.3.584  pfn:7071f
+[  360.597807][ T8978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7f467f1e8 pfn:0x7071f
+[  360.607825][ T8978] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
+[  360.615503][ T8978] raw: 00fff00000000000 dead000000000040 ffff888062a17000 0000000000000000
+[  360.624597][ T8978] raw: 00000007f467f1e8 0000000000000001 00000000ffffffff 0000000000000000
+[  360.633711][ T8978] page dumped because: page_pool leak
+[  360.639671][ T8978] page_owner tracks the page as allocated
+[  360.646064][ T8978] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 8978, tgid 8974 (syz.3.584), ts 360393802361, free_ts 357078876492
+[  360.665078][ T8978]  post_alloc_hook+0x1f3/0x230
+[  360.670446][ T8978]  get_page_from_freelist+0x2e4c/0x2f10
+SYZFAIL: failed to recv rpc
+fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
+[  360.676464][ T8978]  __alloc_pages_noprof+0x256/0x6c0
+[  360.682165][ T8978]  alloc_pages_bulk_noprof+0x729/0xd40
+[  360.687981][ T8978]  __page_pool_alloc_pages_slow+0x138/0x690
+[  360.694427][ T8978]  page_pool_alloc_pages+0xcb/0x150
+[  360.700249][ T8978]  bpf_test_run_xdp_live+0x939/0x2110
+[  360.706140][ T8978]  bpf_prog_test_run_xdp+0x80e/0x11b0
+[  360.711890][ T8978]  bpf_prog_test_run+0x33a/0x3b0
+[  360.717211][ T8978]  __sys_bpf+0x48d/0x810
+[  360.721880][ T8978]  __x64_sys_bpf+0x7c/0x90
+[  360.726896][ T8978]  do_syscall_64+0xf3/0x230
+[  360.731978][ T8978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
+[  360.738203][ T8978] page last free pid 8932 tgid 8930 stack trace:
+[  360.744932][ T8978]  free_unref_page+0xd22/0xea0
+[  360.750056][ T8978]  vfree+0x186/0x2e0
+[  360.754447][ T8978]  bpf_check+0x7daa/0x19630
+[  360.759581][ T8978]  bpf_prog_load+0x1667/0x20f0
+[  360.764781][ T8978]  __sys_bpf+0x4ee/0x810
+[  360.769481][ T8978]  __x64_sys_bpf+0x7c/0x90
+[  360.774349][ T8978]  do_syscall_64+0xf3/0x230
+[  360.779190][ T8978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
+[  360.785680][ T8978] Modules linked in:
+[  360.790303][ T8978] CPU: 1 UID: 0 PID: 8978 Comm: syz.3.584 Not tainted 6.11.0-rc6-syzkaller-00183-gb831f83e40a2 #0
+[  360.800948][ T8978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
+[  360.811056][ T8978] Call Trace:
+[  360.814367][ T8978]  <TASK>
+[  360.817327][ T8978]  dump_stack_lvl+0x241/0x360
+[  360.822051][ T8978]  ? __pfx_dump_stack_lvl+0x10/0x10
+[  360.827292][ T8978]  ? __pfx_print_modules+0x10/0x10
+[  360.832477][ T8978]  bad_page+0x18e/0x200
+[  360.836687][ T8978]  free_unref_page+0xe47/0xea0
+[  360.841504][ T8978]  ? compound_order+0x1a/0x60
+[  360.846238][ T8978]  skb_release_data+0x6b2/0x880
+[  360.851155][ T8978]  sk_skb_reason_drop+0x1a5/0x3d0
+[  360.856235][ T8978]  __netif_receive_skb_core+0x3edd/0x4570
+[  360.862030][ T8978]  ? trace_call_bpf+0x613/0x8a0
+[  360.866928][ T8978]  ? trace_call_bpf+0x613/0x8a0
+[  360.871832][ T8978]  ? __pfx___netif_receive_skb_core+0x10/0x10
+[  360.877954][ T8978]  ? __pfx_trace_call_bpf+0x10/0x10
+[  360.883200][ T8978]  ? __pfx_trace_call_bpf+0x10/0x10
+[  360.888548][ T8978]  ? mark_lock+0x9a/0x350
+[  360.892935][ T8978]  ? perf_trace_run_bpf_submit+0x10b/0x180
+[  360.898792][ T8978]  ? perf_trace_preemptirq_template+0x2d2/0x3f0
+[  360.905089][ T8978]  ? irqentry_enter+0x39/0x60
+[  360.909829][ T8978]  __netif_receive_skb_list_core+0x2b7/0x980
+[  360.916050][ T8978]  ? lockdep_hardirqs_on+0x99/0x150
+[  360.921285][ T8978]  ? __pfx___netif_receive_skb_list_core+0x10/0x10
+[  360.927908][ T8978]  ? netif_receive_skb_list_internal+0x970/0xe30
+[  360.934260][ T8978]  ? netif_receive_skb_list_internal+0x4e8/0xe30
+[  360.940714][ T8978]  netif_receive_skb_list_internal+0xa51/0xe30
+[  360.946925][ T8978]  ? netif_receive_skb_list_internal+0x4e8/0xe30
+[  360.953322][ T8978]  ? __pfx_netif_receive_skb_list_internal+0x10/0x10
+[  360.960049][ T8978]  ? __pfx_eth_type_trans+0x10/0x10
+[  360.965352][ T8978]  ? __phys_addr+0xba/0x170
+[  360.969866][ T8978]  ? build_skb_around+0x111/0x260
+[  360.974911][ T8978]  ? __xdp_build_skb_from_frame+0x338/0x650
+[  360.980856][ T8978]  netif_receive_skb_list+0x55/0x4b0
+[  360.986167][ T8978]  bpf_test_run_xdp_live+0x1af6/0x2110
+[  360.991638][ T8978]  ? bpf_dispatcher_change_prog+0xd8b/0xf10
+[  360.997569][ T8978]  ? bpf_test_run_xdp_live+0x5bf/0x2110
+[  361.003126][ T8978]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
+[  361.008944][ T8978]  ? synchronize_rcu+0x11b/0x360
+[  361.013919][ T8978]  ? __pfx_synchronize_rcu+0x10/0x10
+[  361.019246][ T8978]  ? __pfx_bpf_dispatcher_change_prog+0x10/0x10
+[  361.025607][ T8978]  ? __pfx_xdp_test_run_init_page+0x10/0x10
+[  361.031528][ T8978]  ? bpf_prog_test_run_xdp+0x746/0x11b0
+[  361.037260][ T8978]  ? bpf_prog_change_xdp+0x12/0x30
+[  361.042399][ T8978]  bpf_prog_test_run_xdp+0x80e/0x11b0
+[  361.047821][ T8978]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
+[  361.053692][ T8978]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
+[  361.059702][ T8978]  bpf_prog_test_run+0x33a/0x3b0
+[  361.064663][ T8978]  __sys_bpf+0x48d/0x810
+[  361.068922][ T8978]  ? __pfx___sys_bpf+0x10/0x10
+[  361.073696][ T8978]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
+[  361.079816][ T8978]  __x64_sys_bpf+0x7c/0x90
+[  361.084250][ T8978]  do_syscall_64+0xf3/0x230
+[  361.088855][ T8978]  ? clear_bhb_loop+0x35/0x90
+[  361.093554][ T8978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
+[  361.099477][ T8978] RIP: 0033:0x7f90d937def9
+[  361.103911][ T8978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
+[  361.123535][ T8978] RSP: 002b:00007f90da180038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
+[  361.132052][ T8978] RAX: ffffffffffffffda RBX: 00007f90d9536058 RCX: 00007f90d937def9
+[  361.140056][ T8978] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
+[  361.148036][ T8978] RBP: 00007f90d93f0b76 R08: 0000000000000000 R09: 0000000000000000
+[  361.156015][ T8978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+[  361.164079][ T8978] R13: 0000000000000000 R14: 00007f90d9536058 R15: 00007fff89b68ce8
+[  361.172081][ T8978]  </TASK>
+[  361.175540][ T8978] Disabling lock debugging due to kernel taint

pkg/report/testdata/linux/report/727

@@ -0,0 +1,36 @@
+TITLE: BUG: Bad page state in corrupted
+CORRUPTED: Y
+
+[   35.932064][ T5991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
+[   35.995178][ T6018] BUG: Bad page state in process syz-executor.0  pfn:1b317b
+[   35.997385][ T6018] page:00000000b430fc6f refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1b317b
+[   36.000175][ T6018] flags: 0x5ffc00000001000(reserved|node=0|zone=2|lastcpupid=0x7ff)
+[   36.002273][ T6018] page_type: 0xffffffff()
+[   36.003460][ T6018] raw: 05ffc00000001000 fffffc0005cc5ec8 fffffc0005cc5ec8 0000000000000000
+[   36.007695][ T6018] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
+[   36.010002][ T6018] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
+[   36.011953][ T6018] Modules linked in:
+[   36.012969][ T6018] CPU: 0 PID: 6018 Comm: syz-executor.0 Not tainted 6.5.0-rc5-syzkaller-g6f09e57d8cf6 #0
+[   36.015567][ T6018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023
+[   36.018153][ T6018] Call trace:
+[   36.018992][ T6018]  dump_backtrace+0x1b8/0x1e4
+[   36.020256][ T6018]  show_stack+0x2c/0x44
+[   36.021336][ T6018]  dump_stack_lvl+0xd0/0x124
+[   36.022575][ T6018]  dump_stack+0x1c/0x28
+[   36.023621][ T6018]  bad_page+0x1a4/0x1c4
+[   36.024713][ T6018]  free_page_is_bad_report+0xf4/0x16c
+[   36.026129][ T6018]  free_unref_page_prepare+0x988/0xadc
+[   36.027548][ T6018]  free_unref_page+0x80/0x3dc
+[   36.028762][ T6018]  __folio_put+0xd0/0x12c
+[   36.029926][ T6018]  extract_iter_to_sg+0xb94/0x1c08
+[   36.031259][ T6018]  hash_sendmsg+0x480/0xe84
+[   36.032439][ T6018]  ____sys_sendmsg+0x56c/0x840
+[   36.033674][ T6018]  __sys_sendmmsg+0x318/0x7d8
+[   36.034854][ T6018]  __arm64_sys_sendmmsg+0xa0/0xbc
+[   36.036158][ T6018]  invoke_syscall+0x98/0x2b8
+[   36.037379][ T6018]  el0_svc_common+0x130/0x23c
+[   36.038638][ T6018]  do_el0_svc+0x48/0x58
+[   36.039718][ T6018]  el0_svc+0x58/0x16c
+[   36.040787][ T6018]  el0t_64_sync_handler+0x84/0xfc
+[   36.042086][ T6018]  el0t_64_sync+0x190/0x194
+[   36.045588][ T6018] Disabling lock debugging due to kernel taint

pkg/report/testdata/linux/report/89

@@ -1,4 +1,4 @@
-TITLE: BUG: Bad page state
+TITLE: BUG: Bad page state in corrupted
 CORRUPTED: Y
 
 [ 1722.511384] BUG: Bad page state in process syz-executor9  pfn:199e00