From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F351DEB64DD for ; Wed, 5 Jul 2023 20:37:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 734EB8D0002; Wed, 5 Jul 2023 16:37:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6BD9C8D0001; Wed, 5 Jul 2023 16:37:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 585668D0002; Wed, 5 Jul 2023 16:37:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 42F688D0001 for ; Wed, 5 Jul 2023 16:37:56 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 0B179B05D4 for ; Wed, 5 Jul 2023 20:37:56 +0000 (UTC) X-FDA: 80978719752.07.99B4BB8 Received: from mail-pf1-f208.google.com (mail-pf1-f208.google.com [209.85.210.208]) by imf21.hostedemail.com (Postfix) with ESMTP id 385ED1C0010 for ; Wed, 5 Jul 2023 20:37:53 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of 3oNSlZAkbAA05BCxnyyr4n22vq.t11tyr75r4p106r06.p1z@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.208 as permitted sender) smtp.mailfrom=3oNSlZAkbAA05BCxnyyr4n22vq.t11tyr75r4p106r06.p1z@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688589474; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=9XLjkf8Ikb/Rx4SZu/rmBOTBowd8bPT1mCgve+haets=; b=6E9RJPNpgr60CqtZIfvsiF6YjyJPyzoZPk4/BI8cSStJ3jgRrkjufaOcjG9RQc7xGEC4QA +BI623ZcMnDOIdS3D10mWz9pRT6neNZL8TyUP4oZkWxiyQ0ur9INWlFBRF8mYs7MqC2Edw ezDpocZmA6+eVNm06MkCmzmVz+vWTiI= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=none; spf=pass (imf21.hostedemail.com: domain of 3oNSlZAkbAA05BCxnyyr4n22vq.t11tyr75r4p106r06.p1z@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.208 as permitted sender) smtp.mailfrom=3oNSlZAkbAA05BCxnyyr4n22vq.t11tyr75r4p106r06.p1z@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688589474; a=rsa-sha256; cv=none; b=KEifTeJFz0Te4q+IM9fIbQTutIyyufMQhNZlqo9wCLMgp2S2KCHZy9xFXz2r76LpfdcX7I Eb05yekbZUAtntY43iNaRMK0I1U++7Jav/BZQjLVF/ZNaYjnkxgq3liXs5wHLHVZpy4o36 NMS6+2hcjskA2Ke8KCBS8O1gDxD/lpo= Received: by mail-pf1-f208.google.com with SMTP id d2e1a72fcca58-666e3dad70aso132688b3a.0 for ; Wed, 05 Jul 2023 13:37:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688589473; x=1691181473; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=9XLjkf8Ikb/Rx4SZu/rmBOTBowd8bPT1mCgve+haets=; b=VMnFVUFnLBtURB8YaIbvpm/E623zTy7V94uCGwijQcAhrHZSehtVDkFwK/AVVzx6lt 7Am4Bm11h5THHLNId2/eM0vIPf6sYaASBc97D69M0cN9stL7BkHJVXH7uFBZ8xbKvnHV ZgvPBf988L0PgDfF5B786xyaz92Q8Nek+qAUKkiquMtBX2id0w3O9EPM+LnnS+XS1y6d X2yH+kuSZl6erXAPxtP4ovaOPtzzw6q/cKvbHX5Ov1l+FlGIKY+83tKr25zu/DKE9lCT qKfo7M7Ak0Bno9R5rxoHFSGHIWRvarINkvp/0Obsis12sbz+F/Y1e+0Guw8IfmfpTdiR P1vg== X-Gm-Message-State: ABy/qLaSHR0eZxl0jc+RApqEwNQHz+R7FlXO3Sh6agH+3wmgp2UsKaFA PvBaJAlwX9+Y96eplNS6gFmLSJd8YLwNocWOtpuCdguoZU1O X-Google-Smtp-Source: APBJJlH0P+oE4qXXd4ST8GMu3SMM1UTJRDnFbONZzlcOl5ebvG/U1ruHsI4qH4pgLVFiIBjLm1Aa+Z5HVNBx2nRJ6DZSqWwufNVh MIME-Version: 1.0 X-Received: by 2002:a05:6a00:1404:b0:682:5630:4b11 with SMTP id l4-20020a056a00140400b0068256304b11mr46075pfu.0.1688589472848; Wed, 05 Jul 2023 13:37:52 -0700 (PDT) Date: Wed, 05 Jul 2023 13:37:52 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <000000000000b35ea205ffc35fe1@google.com> Subject: [syzbot] [mm?] kernel BUG in validate_mm (2) From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 385ED1C0010 X-Rspam-User: X-Stat-Signature: pdzcgx9ophkbfpikndgmsck9esizykac X-Rspamd-Server: rspam01 X-HE-Tag: 1688589473-934201 X-HE-Meta: U2FsdGVkX1+qrug//PJtZSab2ihrTku65gMhS5eDg6STZh+INDaDRWgfrdytAxtd4R0D+ZOZwweaIHaJVsJuDHW5Jw+elQnwMFQ6EaZqFDs6xqhXkvCGmr/pwfU90tExyq/+fHojpYE51Tt5d9v+5+KrjE8WW+Ijx9JvW45iq8Z9CrOUwxUQyBLLU/bu/OZy9ukb0/xpQhntNPiTPUEXrwpXYaapz1OwFkIpTjFHTmtKLLnfYK2HZvw3POZIKwI8IgFUDe6/J8zDkzdhiwNsVbVOI2h290AyOQ59X0cb70Tt9UW36ZTWo0sLGbYx+I3wWSsR7q0taFD3GeSvtnpG/ow3l+6yg7kAyvUpJCBUR3bln2iG6MhPTpj+vNkTuHKKPZxMYpFvKDf3p9BoenBNtrKtKqClmTn7mLBB27ENFiGwiuvCKSawbBtzt3V+82zhdACEzYLMOKbYDAYEdWiZekhDddwogfrLyOIuTbb2raODmpai2Q2cDE7/Y1KplzRUqC/HDMxd4nj2M1NQQDhgEKyG9GCmKpoN04jXNzJyxuVS8RJdvJSo+Xl2bxtK6T7ktnETk6bFvBQUhiNK7/KnLFV+hPY4UCin0dXejAZb2e11eiRQBKjqEULcQBi85tGQLt8k0ksuvl2DZa2F4eS0BtCu9cls3npXPUkfbXJMyek5PPlEh9gswDQSF1uuLd3bB/0JXXuxEchES97QbBbCNw7/Q70L7rZElMFIqv8+WHFRCKrcpgT9YUtQuWIPjN/krGOmqhgcrWDnvbXNjj0OQxxolLQ2LMJxscnYP6nnnAnd0V/NsvW58UWomIXMjNxxrRDCcATDMLaSSAwbm1ttkLXfk75fg0tOediNyaumsVTG7srBoj0BhEEKmqRRBYSz7CeCu17ZBndBbyXYb1XBcvbFLBrxvtLFag8RSc735vbdnz1Ka7DwZYIdUOtHMpctNFJwnq5fqLTtjXzOCHN 1tah0XlO 8znS7d0P/xmR/cYZgu/PQpJ7AtI9hddT0jJk8DKRshCSUN/LAgqigfiaDqq7sLo23a0WX+NaAuVrWgPZQHolggXnkfYJjrDFmsC/Vln5wBenZmr2uIh6Hu7NgLQe999zqxIHiLmPSrjTCbpCBZOWdV0QoevKilspuTGopRrOo2BmX9221v+SVC2GIxsQioabEbu4QccI+4rxXtWmgABdFIVVT5hqadSIQayWA/bTuG0pNhtI3RBhh5HTTd0rfSWBmNSzzBKGwi1b/2/qqvilEI51XBTewDW9WxI8x3KljSrgobGo9G5aFDJDe1fLgF8t+te+TtcdocL5rLVkPLKRHGTO1/RSIKKHtx5gYCPsiAzeX+b1fCa4KI3PgpkOPoIsYWOZtVzPgB4ZL1QmLJbC0n/c1oWuUDG6YMDlahbKVS3rH52ImwOwCapJXKDpo792wRgnsPkCFzOyIcNUuuo5kEPg6m4lhiDDjZmFCm+iqQ5P2yiKC5T4oh9Ztm6rlSgNSa5N16hQzozLBmZehmzXO7okhM3SM3KnyJzgdYbzgLwwcW5VYx9FxgTdyhVkVBtvRurSQXYzGHJNvO2De9HhJaSJlxsRcpooAxk5kPrs055DK1L0C4M7VSLHbs2TVBTJv0btJlCHbYIFOypHVDya6CmT1UsUJdxmhVJNtyJpJuTShEyWnqEX6zxUMYZRew3+jJYq9OMVRGtt5GCKAL4xQonZKLG7c1zgOrvvxEb59Z4cyw1mIowVx0+ESwHHzulNfeH8gIdam8MJ6Zhy6JdLBsYvEqlR2KPl3e9Mc93eGyOgrE65USYu7qxZzxJZkIsFGHWpfSUKJqzc0lCIpiXPXxcevwdKBxcbl27ldf8GuBuwsJQApCQURIVjmSMAmAnRy/edLq0JQqo7kPyW0ecFZ3wikRgr/8p0ct7J/LfL9NzjYkAmI72/kq329WGpd4FNWPGVDOjeIU+mx7kzN2ggw1BY+aGvQ Bp09i/bp sYzl2jW8F0Gdxv8EUU/rRmWWkJVH7wYC344xc6lcnfWarZceLpiEfarb1vt/xBQwXyeDKarz3sZCEsI8x2VSvssr5gQYtE3Mlg3V/5FEa+Vu9mpcOIm5cSQ+6uYejpOvlIWm4knk0i+beMBlGm/8oIViPn0Li8r226ohmr2qxHkUxYto3Sesv9Wo8XFJRwb1ThGYkEVY2WEjhxabYV7Kdt9Gpsg4YICSJKvNght6g2JFIWEfNQMHFC8GWEVDvIAFBd3uMqxF3GcpHMKkA7kR4+0+ir7fkcu4q4diR22OiVcUZnvsRzQ4o6GUlE4/jGwx5l4oxqfa1xXbUM1J6lWGWcgc++nfE314jxjWJelJBds= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hello, syzbot found the following issue on: HEAD commit: a901a3568fd2 Merge tag 'iomap-6.5-merge-1' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=179c302ca80000 kernel config: https://syzkaller.appspot.com/x/.config?x=f5e1158c5b2f83bb dashboard link: https://syzkaller.appspot.com/bug?extid=70b97abe3e253d1c3f8e compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1511d490a80000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=130e5cfb280000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/07a995e5618a/disk-a901a356.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ad2efb29f1e0/vmlinux-a901a356.xz kernel image: https://storage.googleapis.com/syzbot-assets/74fa7ac85d25/bzImage-a901a356.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/77e05f49bdce/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+70b97abe3e253d1c3f8e@syzkaller.appspotmail.com start_code 7f8413e4b000 end_code 7f8413ee5b31 start_data 7f8413f13e50 end_data 7f8413f193b0 start_brk 5555561bf000 brk 5555561e1000 start_stack 7fffb37e2480 arg_start 7fffb37e2efb arg_end 7fffb37e2f14 env_start 7fffb37e2f14 env_end 7fffb37e2fdf binfmt ffffffff8cba2c20 flags 7fd ioctx_table 0000000000000000 owner ffff88802a200000 exe_file ffff88802a0d0a00 notifier_subscriptions 0000000000000000 numa_next_scan 4294941906 numa_scan_offset 0 numa_scan_seq 0 tlb_flush_pending 0 def_flags: 0x0() ------------[ cut here ]------------ kernel BUG at mm/mmap.c:340! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 6821 Comm: syz-executor191 Not tainted 6.4.0-syzkaller-10173-ga901a3568fd2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 RIP: 0010:validate_mm+0x3a0/0x470 mm/mmap.c:340 Code: 24 48 e8 93 39 fb ff e9 fc fd ff ff e8 09 e1 be ff 44 89 fa 89 ee 48 c7 c7 a0 d3 78 8a e8 88 89 a2 ff 48 89 df e8 a0 17 fb ff <0f> 0b e8 e9 e0 be ff 48 8b 7c 24 18 e8 8f 17 fb ff c6 05 34 fa cd RSP: 0018:ffffc9000c297aa0 EFLAGS: 00010282 RAX: 000000000000032f RBX: ffff888078fa0000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8169097c RDI: 0000000000000005 RBP: 0000000000000013 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000001 R12: 00007fffb37f9000 R13: 0000000000000000 R14: 00007fffb37fafff R15: 0000000000000012 FS: 00007f8413e41700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f840b9ff718 CR3: 000000001bb00000 CR4: 0000000000350ee0 Call Trace: do_vmi_align_munmap+0x1199/0x1680 mm/mmap.c:2561 do_vmi_munmap+0x266/0x430 mm/mmap.c:2619 __vm_munmap+0x137/0x380 mm/mmap.c:2899 __do_sys_munmap mm/mmap.c:2916 [inline] __se_sys_munmap mm/mmap.c:2913 [inline] __x64_sys_munmap+0x62/0x80 mm/mmap.c:2913 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f8413e94f97 Code: 00 00 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb 85 66 2e 0f 1f 84 00 00 00 00 00 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f8413e41168 EFLAGS: 00000246 ORIG_RAX: 000000000000000b RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8413e94f97 RDX: 0000000000010000 RSI: 0000000000010000 RDI: 00007f840ba00000 RBP: 00007f840ba00000 R08: 0000000000000000 R09: 000000000000028b R10: 0000000000010000 R11: 0000000000000246 R12: 00007f8413e416b8 R13: 00007f8413e41180 R14: 00007f8413e411c0 R15: 00007f8413f196e8 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:validate_mm+0x3a0/0x470 mm/mmap.c:340 Code: 24 48 e8 93 39 fb ff e9 fc fd ff ff e8 09 e1 be ff 44 89 fa 89 ee 48 c7 c7 a0 d3 78 8a e8 88 89 a2 ff 48 89 df e8 a0 17 fb ff <0f> 0b e8 e9 e0 be ff 48 8b 7c 24 18 e8 8f 17 fb ff c6 05 34 fa cd RSP: 0018:ffffc9000c297aa0 EFLAGS: 00010282 RAX: 000000000000032f RBX: ffff888078fa0000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8169097c RDI: 0000000000000005 RBP: 0000000000000013 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000001 R12: 00007fffb37f9000 R13: 0000000000000000 R14: 00007fffb37fafff R15: 0000000000000012 FS: 00007f8413e41700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fffb37e2238 CR3: 000000001bb00000 CR4: 0000000000350ee0 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup