From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 202A0E7718B for ; Thu, 2 Jan 2025 10:26:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6C0CE6B00A5; Thu, 2 Jan 2025 05:26:09 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 64AD46B00A6; Thu, 2 Jan 2025 05:26:09 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 44E4C6B00A7; Thu, 2 Jan 2025 05:26:09 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 231B16B00A5 for ; Thu, 2 Jan 2025 05:26:09 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 996D0160EB3 for ; Thu, 2 Jan 2025 10:26:08 +0000 (UTC) X-FDA: 82962129684.07.DE35298 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf05.hostedemail.com (Postfix) with ESMTP id BD91E100019 for ; Thu, 2 Jan 2025 10:24:28 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=oTXwVbR0; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="MF0d/XiG"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf05.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735813506; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=piL1O+/B5z95lfUfSbJo1oIG6R5BhwVK0n7hArWv4hU=; b=K8wPzE95LPq/OwIp+jjPDOe5YE+117ddXlpaKTWBs/s8DX5mAv/T+rH86ldeQRP3MUpOFe Zl8P4Awr9KLVsW1QiuekmrQy4y5voq+TNjs2kOH7bG0RyXpo8Ll/lkT31R6Fcp3ep3h6s/ fUGsgwDFoidBOMik4Zzj47hVP6oSp+U= ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1735813506; a=rsa-sha256; cv=pass; b=xFq5i35M+0+/qVyxjQ8Ce9IzIJ3ImyQfKPGiHNMz182dBAcqQAdqDYS8MKLXV6S6vYWcB/ CwUwgIztjVXEhLt2pfhRMwl9NENSKert7AYZETyFz6aNSQGTbrbxGb6VpIlKfStg9oKrU5 kTDXa8le8dz4GacJt68ZnXs+Z+3IBXo= ARC-Authentication-Results: i=2; imf05.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=oTXwVbR0; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b="MF0d/XiG"; arc=pass ("microsoft.com:s=arcselector10001:i=1"); spf=pass (imf05.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; dmarc=pass (policy=reject) header.from=oracle.com Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5029ftE5002970; Thu, 2 Jan 2025 10:26:01 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=corp-2023-11-20; bh=piL1O+/B5z95lfUfSb Jo1oIG6R5BhwVK0n7hArWv4hU=; b=oTXwVbR0nw0OSNdddw8r1UsgKHRHzhfBta hOEDHGwCcgcy2rkvf/2ZN2ksni6SopFR9MwxbUUWFCmSNjmVLQKhS3RN5e6vSL5Z HPoY0eLaKu/HA0aLXviSQHPX1zEVBm/RCFFJjJBD8bSoimHTH9UQGaGxzOXAfmNg quo9xX9s2p1pOrjGnXGuWhL/qZBVp2oeDNeC03Va+vW05hXtPGailxec046dznjp 1Vj5ixG3aSug3rqv37T7SyBA66Ifur5eJ5TgpV+MsMrkmwaT1WRw57sFtGaeicCt 3z+nLD37Xh80wVBVQ8AYdeZAmrgHm5R+8lQCGHmWVAD6fXyelbOA== Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43wrb881jx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Jan 2025 10:26:01 +0000 (GMT) Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 5027oDla034084; Thu, 2 Jan 2025 10:25:59 GMT Received: from nam04-mw2-obe.outbound.protection.outlook.com (mail-mw2nam04lp2174.outbound.protection.outlook.com [104.47.73.174]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 43t7s864em-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Jan 2025 10:25:59 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZZmIBW6T0eJnOlE62MuZRYu78B3Y2ZNNZDVHqpxMJ/4gNekTsZNmoStUQ/je2eG6xSudM4Cpt1YH+jPL9e46/FSxeKYS8/PQ6o2BJ89fPgAl+uBKso2SKa0IrIhginJBgs3RVtt+7xKWuU21Y8v7W3PIIfzAXwHbBBH8ApGJvOV3YGSoKqUdqtrt5QbgiUdQNLsI/dK9uHx8v16JQShoYy5vMffAIVCM9UB2/KmW+ZfvRH3K7rp9B1PV7SL/ThUT2fCOadRz39Ahb03w1xZ9q41NfB81uAZTDLvY9ftMUW/WTvUex5iD3MewiBTn9JmHCKJ2FvtON2UCLsIf8JZF6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=piL1O+/B5z95lfUfSbJo1oIG6R5BhwVK0n7hArWv4hU=; b=EGDLSWm8PgNFwuF1UyOaafDx2J4TJHSch6Wef0dIwP6VdXNhVjN5ou9bSBUxl/4TwCiuwJ6BlACwNC7+piRefzEgyy+RQZtUXGdS0hCe+SyBFOeZZTnQbmHjgjTmOGGZwTRI07nVTX38j2Es0NOH4Ut0Vr54s9CrBnWtGU0Y0rIlQ1ZwojlonHQR2e7J9f97YiHuXqxLHhw0ZI0+QJtpOJ5At/0lfVEs7wju3gB+F+bRv5L7VwWErjnVU++FPBhYbJvddlEwa1rPLDQ8GOCY5WvlaSdJNhukqbje9klQgt4I+WCGjeG/cZJyumc2cciVK8y5soHDm93QF8EXZ7137w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=piL1O+/B5z95lfUfSbJo1oIG6R5BhwVK0n7hArWv4hU=; b=MF0d/XiGayPbIQrej2pEgGBiV/du1evtSBvVCprZwmcxVfI4c2lHt6BN7QcQJyokZdxdobcTj1XCs/LXLT55P8D9lgjIuzbvo3fGDyi3FaFMbwmAz3+gzRpwsY1BlR6BN1CkkrpLkwVNSYcA/uYv2j+rhaRLuMVmBA92nArGkAs= Received: from BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) by CH4PR10MB8027.namprd10.prod.outlook.com (2603:10b6:610:239::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8293.20; Thu, 2 Jan 2025 10:25:52 +0000 Received: from BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9]) by BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9%4]) with mapi id 15.20.8314.012; Thu, 2 Jan 2025 10:25:52 +0000 Date: Thu, 2 Jan 2025 10:25:49 +0000 From: Lorenzo Stoakes To: syzbot Cc: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Subject: Re: [syzbot] [mm?] WARNING in vma_merge_existing_range Message-ID: <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> References: <6774c98f.050a0220.25abdd.0991.GAE@google.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6774c98f.050a0220.25abdd.0991.GAE@google.com> X-ClientProxiedBy: LO2P123CA0083.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:138::16) To BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BYAPR10MB3366:EE_|CH4PR10MB8027:EE_ X-MS-Office365-Filtering-Correlation-Id: 4b39327a-e112-418a-8003-08dd2b17d59f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?zgjatVmCXMk3+YVUYxgVq2kIAuxC6Zw26gZW2A2bE9fWCvLcFE4+VmWMUecU?= =?us-ascii?Q?1OhQZHsTI+6X/CJ24wngSbv1ehqy2UaSUQ/g5GRNMdYRpaPNfO85NFZFN7ls?= =?us-ascii?Q?zYUa6rFcxupqgD92UChlthU96EVEARnqv0cZ3LpamezPXnIMifzjtq8rOG9e?= =?us-ascii?Q?A1MkIPTQ8+zkUFiCJF1c295UWrdwaAid+7N7qJwRWrVi/A9iXh4mdIPmCG8F?= =?us-ascii?Q?S0/TBZa97A8MSHBKdUob8NM0J7PieazEY0TJRAf5ydcQAF8/RDcGfYLWFCbW?= =?us-ascii?Q?lQWkhja01IAYV9fit0Fgp22OTb2zL8mY85kD++fREnPeQA0aW0/gQoYClQp4?= =?us-ascii?Q?MdRUkefBNAG7gV0vYOVt7KXUDVa8Pb7QC8bMlxNkgMxJo2Z4W7ClfDBHG6Oj?= =?us-ascii?Q?Fn2EJQi8qtKLsgs5MLO70dCGTeSXuskppFTb1lZ/ezQz528QmV9TQU0yqqoP?= =?us-ascii?Q?+Tpuu3VDHzRV95JBqQEhLO8LPJMJ8o5Xl+11sjeAnXWUtuQyF4cnD0GXV/Hs?= =?us-ascii?Q?hf0+75kpOd3EiX8CHTSsI0ZWC1I8/b0eeQDFCzsAdU5wCyUa3U8dh7qHZA1L?= =?us-ascii?Q?aIZ+oDRBKtzNcvuKluz9IN+CaVldiujs8RpZH7tEG4/5VhKeLzouPl2cyL/c?= =?us-ascii?Q?ye5wkuoF/IfZe20GiD+M0OETn6Wx1M1ghaPwzSAjBbA4chnFjxnAZiUfwD/7?= =?us-ascii?Q?PADRxoRi/+r5qBm17A72UpRlf1QbCezn5xxbPU3F1/GiVktdTKISDOVp8XVY?= =?us-ascii?Q?Z4dPCQDvaYpA1L876quXC4m6GGBVPgPAVlv5fvciNP9l6xLJgNLNiQS/S3tC?= =?us-ascii?Q?H1mQ4xrTe5kyP/yd9SS/85B67prklot85zp/sL7iGUWp6uNdkoTz3v6q1HEt?= =?us-ascii?Q?oJ+Lid1DETeScFXw6TrWefEMay6fYSq+mNxGjgjsFTQozaBaSWSfg4fJiwfZ?= =?us-ascii?Q?NNOokGnSJrGm97uaSNLUaArow/D3VMvoKbr4FocJgU0/qx0Bxk7XNp+AD3fQ?= =?us-ascii?Q?qdMlB2JmQkNvIzHkVOmjk45LlIu8ybHKZMxJ6p/lwFusNBidd/cXucq6MsZD?= =?us-ascii?Q?jgD3R+0MBMUKIWCFUU07ElbvOWLqqohKIiWgcMSexbIgxtLJV8/rXge8E67x?= =?us-ascii?Q?Vqezw6P54YQ4HJqwH35UR14DNVQOIPFQyc+WjeQ83SRwudsVhRBwZlCvzkSQ?= =?us-ascii?Q?9lz4XV8AYGthXjv5Z81XhtGoXxGPv2cJVyd3yOBTqIi4EnQTEtYnty7W0DRt?= =?us-ascii?Q?H70yYjaucTqDUvGTHSOfUj9FfrlcfAzPasFkTZQXKx/coPLA/ko5mXuGXwab?= =?us-ascii?Q?QHCXHFlRYXw9KEPpEJgMhGpZQbEAD0IRAAlqoWYTqBZmZQ=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3366.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(7053199007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?yM656x4TUU3EfDAM5YN7C7I4+kunGtWxmwBggIk7Pr3biu57T4IRdgzp8aWJ?= =?us-ascii?Q?DVpZepaDo2MDnhLOJ3gdhJW5Y18cwgBQVtsSC0ZJGWooHgtgiyO/b9ijtInE?= =?us-ascii?Q?vsKm7CgyUB2+2Bo9Q1xpV9ZPJp60BOOW6UyFxq2gxVwusGRmsyaMr0siLt+k?= =?us-ascii?Q?PMcHO9hnLAxJ1mqChDnw7newFLaA6NaPGC9nWYuxhzlVaypRWjkW7zqKTXvB?= =?us-ascii?Q?Nqmd4GQHZAHbDUEy4AkEsrd4OYAy+5/PwhdgSd3Fy1z2a/rf2xcs6w++zg3U?= =?us-ascii?Q?LeYkzJcGuh/FMxWGbvbUeLfL1drqHHBA2cCPVI0d69Z7THutARat8ePwTxNy?= =?us-ascii?Q?WNVnDs/UbwMg8itOzqxC18sy7goEgS/YNVXATWzhMP5hr7M33Z2NaDhgHIQk?= =?us-ascii?Q?MWf8UMaNFsBChL18OUG1nhd9iZnhedj1Swp+aLnVI5Lqhr1iXEKRgxRDwzLf?= =?us-ascii?Q?4oJ5hgl4lRf/bgCESHDcanDmONTSe0g+0tar0WhGgthI5NggoaLVvZSS8cjo?= =?us-ascii?Q?uRjpp6YgGThzhumkhMktYC/cXFbCQM/sJ7b5tsqJXxsBAekbF4qOUKGUkrIT?= =?us-ascii?Q?Mqhz/3xQv2OBeRG1eXRhOOh5t/e4US249JG1sMX9fYHIie6Z9h56ZxHtEnRn?= =?us-ascii?Q?E4dt2TySrZ4EsQJSv+Vc3AGpLtjWcpQDxXG/8mvxDnto5lybTOn67PhaMN1x?= =?us-ascii?Q?ri6SM0XYg7iBYILs8pSOe31VznQTlMPZ9ksK9Pu0hzR3Y2WoR230TYhL6O8D?= =?us-ascii?Q?uShIdpOekrXzAN+pjRgKXdYbjWRtkHgErOSg/Xv9x3XO3kWplEWZ5+8xrPn2?= =?us-ascii?Q?GbcM1SXM7RF8sABpbB8hmonr93+hv/8Uv8mMD+LbEkEU2adoCQ4nLSrO0rQi?= =?us-ascii?Q?27HB32nAedQBv0ceM9cKTNz+LPtD+cJNNb24GOMkJD++0IFusYxiYRsXVnJ2?= =?us-ascii?Q?CgnQDc8wPYHxecj5wahu96fIho53F5cPagyQmhHsfqCc4baeGx8uMlwP3TEd?= =?us-ascii?Q?WsES2E0gaqumaSBT/jnSM6fGg+nZf/mdZE4FW9/l45wfSmRaJr7UJPWyEkNw?= =?us-ascii?Q?Vj+41tGbRcCTBpoRhYzXoIRItCUOHf3QSPzAKVrdN7swiR8nXzGS8Sxo4NUP?= =?us-ascii?Q?Z1MNwfhcc3e65jA2IDDBx1djQtKrt0zarywv6ZIjU3TbeKGcRflb2TAG53KS?= =?us-ascii?Q?1sPkeuI1yQ6NE9AqxzIc7ZskzTM8ocOpqshVkEmMpfy2jvuljACvb8SYTe1g?= =?us-ascii?Q?SMuJDdDUbRNjcEyaA/RaUHy7JLmklEkY60tkF2z/Vb7fcZ0UBsryWsesGkBu?= =?us-ascii?Q?JMGv77TzHwKoFJE3h8zBUpO3+Igbv+Aa3OUX5zojcpEQttm16oTgWki+pfvB?= =?us-ascii?Q?fPDW3oZpJ97kG8g63EWtVuf0OC/wMFGnJMEIQe3oBfOAvTwCdvtfNGvUXZrH?= =?us-ascii?Q?iLLjtqayuntPwNNtC7tA+Xl8T2kU2gTM/Y8WItk2a+tv2Ic9tJ4ny1Lp0e2m?= =?us-ascii?Q?3aAb+Bh49dz+pRw74hJfFfglvJS/eeXWVa++pt+HgTDl8N8PcZ3nw3YojphG?= =?us-ascii?Q?O+PmFkjqKPA3qmoXXu0bi9LhpkZF+FcA5KSBlUOizPD4XabIjFNr/fq5hddV?= =?us-ascii?Q?Tg=3D=3D?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: 2usFNgyl631DTmSY7tNFeZX45y4LqDwcQF1UfDByBCACF0YnhBt7CIwYjCyddmo4B6jZf8wignYG+ISzm/Y4WhmpUTKQd69Mt2ww8UvAOdBUK9wKPFZtkQkas8ASLr9l00wUI4K2JMN/V8pVCWdLZyup3JHyTyXB58JAreczz/AGpLVcB52g0UN8AfHPWw5zn2R0SV3vcz5QxZlnNwYEh/dIXsdiz014rhvyx/h0O8IqbBVSpqggvH4aCcJTausive8SqKf2VVbWp7xQAbzhIZwc1dDEDQvNXzqX+rYZTXQQoslPoxfOeF8/F4L/SiS8jzoRKCh81ORc0FzKlxbyqCyprqktejuxtc2ntiIY956ZRK0XRQpU8B4gtIgGGDRu+f9lpv+ZD6VuwGOIpAZFG+8VceRzyz/h7wF7WvCxgCqHijCgyzHzAIReBjHFX7RA+KskyOLxbwzork4/3umkxitFkpwQEvppagV9rSXv3/H3LZLjNhgDqOdSmg02suxJT4xe79czaL0HRd0gC8z6eK9gvSXIL8Q1At2ZFOGDHGrFyAeWfCE7glnFnSiAtKlfkyNzpWWhTLkhDI7RYMbVLFjFNOAIfTJEt360g1eBQRs= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4b39327a-e112-418a-8003-08dd2b17d59f X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3366.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2025 10:25:52.7158 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: sMeVVGKQ3+96whc2znmDrh3wJ6AKBx5gW0AqhJFYvo5GUggwKSuKxdTTasRd+wkLyYsiTtHxZN8NjucQGkNjdWl/IV5K8k1p+zyrNbU4EzI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH4PR10MB8027 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 mlxscore=0 adultscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2501020089 X-Proofpoint-GUID: TVwgdo8PXyKADuv0Q7DosrmJBytd50sn X-Proofpoint-ORIG-GUID: TVwgdo8PXyKADuv0Q7DosrmJBytd50sn X-Rspamd-Queue-Id: BD91E100019 X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: ccqu7bffjauejk4539iota31i6ehq6ay X-HE-Tag: 1735813468-172431 X-HE-Meta: U2FsdGVkX1+SLyYVgJSVCIHcBCNRQGTK0sbB18KCE6u2HHhzyy2BiHu0mM6yCWsg4cNdzLja7+x/54IMdEUyo59iNb3YkQdhCLfliaV6xqI3ES+pKDxAFK97oX9KAXMSt5arPQpjeWFglxYmXlxREAGQjzPParfl6X/6xuit7+Pj79O7wqaIKc9lTywoy2VKawMXRLnAFtbJgvaZzGaZeJER9l9kuPmp7siqufSI8Dfgd3wYq2Fqc9N4bxDWh/32uzac/48Ofs5n0e7GpXV8APPzvAroEKJNJkujzYuOh/SIP2d6zWrk8hRi05rqev1n67/7DdEYL4eJxm/BQAIm9jhELFRC8rBzGjzd9lqADxy+ot/oUKCiib3O9W1qm0ijEF+cKzKr/DwOIlYDsxY9UYH6YVnKapjfEtKG5hJvlBnw/ezJzPl0aP7NUv40yaC/jq/3IbwgDXw5d116GDIRzp74ezCm4moop4Vh5Ftohk94UOzlBcoLtGdiaLwtp39oENjrLemhxT5pE7g+6Pkec1YRt6Zjaxk028EcPlFstIxCp3hpuo4SsMeqbcbBQU+EIslenzx98VC36G/dphNq6qUf4LtxxpXZ8PlPkD9vsHyBtxdxuvFSJr2i9QSzwTR5DmWrubFySSVNoftZ2R7oLzYNt1iuJCuwzbv45oAVSOxeb/RIIY1I863PnBOB3A4lP0g0wwupbw8vYvYZcy5MMHXstmN6Ua0PMXTW6JmA/YMoIeAdy8CG++qk6AAKWYh+EPN7jJ0M4ZkMvci8H+xEHLW9u0NJqUyC8iZirF0otHsCgxHBaeNxv8/Y15XZTP2EGuYfu58HeYiHzVXWW/8PlTU1DjompUvKLPwSC/LwmBPw6lChDvsswMMi4ODuKpezZ81y30cVFaIWvTVc0wrNd/XrYcHnBtVjm+w3lcxD+o/RRlYqesSflhAr7nv6GjEkEWeqI1Ma9bjNyfQTqme nw4qH7os vtdZK3QNvSqrljQJZVQhybmfC726mGivVXgplM10a/efUYTcX4Fq2D2fuWts//zFa5nydvIFfX2JDadXuAEIgn48oqBB1uShiE/cS/FAxDtkTq8yFG9LvIyUU3wJD2KHYH3+Hp44puDjcByq/gCIx2UXbXm4gYYPfH7wULN+AfqwK9TmML6iF5Xq+RCmuGRqdC0b496pZEisA277Lj/Vkm+nKYSHO6Az+aoG9tB0OXdjEcUmC/LZDvq8p3nETxZUXP1Z65OGOjarvVRsmmqvEF7vTkDBoQdMt/CjmmtCTakDyuespiFfoAa5xx2kzYhrWb1leYHN8b0UFQjljPUM8BPp6jf+LeBur4fUymdRnWpUTEEjC5Crw38ldP8CFW+9xRTdeD/yxeL+ZtgHftUVrQVjPVeNLaHb++i9S69Z6yCfITxpBzaJENmVQe46Vc2CydSfA91MDFVHjNfBZqc3Px0B6V3+QFUDFmZvbFZ1cT7AwPfoG4g73CZuxTomV5mBgWE4lY2dhJEvnq+WrhIJnNTbsticaItcf0dMGOOMha17Uh1oKzpZ5aLEyZHDKL/tKy/STFvKYoJxWjm/HB66CUJ6mvQMHWWQCShBwepHDHDqG38ZZWyDsJc4nFtjJwnr5mywwut1trbvpLVeeiMGeMmin9VmgxfbE4HpCrY+iax/2gutlaTrOTrpG08fcXy+5+rfWMSzNdqLjNL864x9N1fTpzvth81zYKgp7/pQNSMiaZ2/eOREdR9QLhcfH1eWTxiS0pVrnu00Hy/AAmL8pdBr0Y6fQN/mfUfyyHoxcExLCvx/+aqWnX8lMqNuhDZYGmfW5rzy67sdpQ+0e8DdLvNPs/Wffn1AhLFErial5TbJebrp5aTBhhwnVSWt+p3olwcunhOImh4tmS7tcrUvnKBn+qLUi90mxOxyNWIIj+ZMQ1P2++Xdv36eY/V1Db5AFI3XjV47tC7Drfl4NCh4b818P63kV p/FisEKM pMYQDugyIqqE0veQ32uuwa+67UW7NnOy1DIwkQOWt8cunh3LmF7ee7lxaXePVvLm7LWSqRyLwk5vNivZxxRjC+ZG1E7Q0YcMaoBnKoCehluW6kBiYV4e79cO19epBP0cNqC+HpErEiiWhWq0JFS+MlhfQuczrFDJ5A/EwkZQZ0DX5AsHChaxcuFH36VgscAF+1uFPUlOmpQbzX2gTOn/bB+nh3/Vuwk6ad8TDyA3L3dN7syjp+Gyw8JSv03YlJ6G2qlT53pEyveigpqJ6uKmPKtgBPYUZaxaKvmTL0VGZl1ihJI37N1reQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Happy new year! On Tue, Dec 31, 2024 at 08:50:23PM -0800, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 8379578b11d5 Merge tag 'for-v6.13-rc' of git://git.kernel... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=16113018580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d269ef41b9262400 > dashboard link: https://syzkaller.appspot.com/bug?extid=46423ed8fa1f1148c6e4 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > userspace arch: i386 Hmmmm 32-bit? But kernel reports give 64-bit registers? So I guess 32-bit userland, 64-bit kernel? > > Unfortunately, I don't have any reproducer for this issue yet. Hmm. Racey thing? > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/86d2e3352aff/disk-8379578b.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/345570cd3573/vmlinux-8379578b.xz > kernel image: https://storage.googleapis.com/syzbot-assets/01da37a51505/bzImage-8379578b.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+46423ed8fa1f1148c6e4@syzkaller.appspotmail.com > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > ------------[ cut here ]------------ > WARNING: CPU: 1 PID: 20504 at mm/vma.c:734 vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 It'd be nice if syzbot could actually print the code that generates the warning :) a nice-to-have perhaps. This is: VM_WARN_ON(start >= end); I suspect start == end, because start > end would be some drastic and god-awful bug. > Modules linked in: > CPU: 1 UID: 0 PID: 20504 Comm: syz.6.5485 Not tainted 6.13.0-rc4-syzkaller-00069-g8379578b11d5 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > RIP: 0010:vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > Code: e8 20 24 0f 00 4d 2b 7d 00 4d 89 ec 48 8b 7c 24 38 e9 7f 01 00 00 e8 3a bc a8 ff 90 0f 0b 90 e9 a8 f1 ff ff e8 2c bc a8 ff 90 <0f> 0b 90 e9 0e f2 ff ff e8 1e bc a8 ff 90 0f 0b 90 4d 85 ed 0f 85 Be useful to get the kernel disassembly too :) Best guess wranging a python script and objdump: 0: e8 20 24 0f 00 call 0xf2425 5: 4d 2b 7d 00 sub 0x0(%r13),%r15 9: 4d 89 ec mov %r13,%r12 c: 48 8b 7c 24 38 mov 0x38(%rsp),%rdi 11: e9 7f 01 00 00 jmp 0x195 16: e8 3a bc a8 ff call 0xffffffffffa8bc55 1b: 90 nop 1c: 0f 0b ud2 1e: 90 nop 1f: e9 a8 f1 ff ff jmp 0xfffffffffffff1cc 24: e8 2c bc a8 ff call 0xffffffffffa8bc55 29: 90 nop 2a: <0f> 0b ud2 <-- presumably here? This is an undefined instruction... 2c: 90 nop 2d: e9 0e f2 ff ff jmp 0xfffffffffffff240 32: e8 1e bc a8 ff call 0xffffffffffa8bc55 37: 90 nop 38: 0f 0b ud2 3a: 90 nop 3b: 4d 85 ed test %r13,%r13 3e: 0f .byte 0xf 3f: 85 .byte 0x85 Yeah this might be a mix of data and code somehow or just garbage? Not sure there's anything discernable there unfortunately. > RSP: 0018:ffffc9000ba274a0 EFLAGS: 00010293 > RAX: ffffffff81f6b804 RBX: 0000000020c25000 RCX: ffff888060ad1e00 > RDX: 0000000000000000 RSI: 0000000020c25000 RDI: 0000000020c25000 > RBP: ffffc9000ba275f8 R08: ffffffff81f6aa0d R09: 00000000280000fa > R10: ffffc9000ba27810 R11: fffff52001744f07 R12: 0000000020c25000 > R13: ffff888069b666c8 R14: ffffc9000ba276a0 R15: ffff888068d0b1f0 > FS: 0000000000000000(0000) GS:ffff8880b8700000(0063) knlGS:00000000f5116b40 > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 > CR2: 00007fa9de2c0018 CR3: 000000006b562000 CR4: 00000000003526f0 > Call Trace: > > vma_modify+0x41/0x330 mm/vma.c:1514 Just passes through start, end (in vmg). > vma_modify_flags_name+0x3a6/0x430 mm/vma.c:1563 Just passes through start, end. > madvise_update_vma+0x2fe/0xc10 mm/madvise.c:159 Just passes through start, end. This means it was one of MADV_NORMAL, MADV_RANDOM, MADV_DONTFORK, MADV_DOFORK, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_DONTDUMP, MADV_DODUMP, MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE. Yeah we need better error handling here, because this report is just giving us very little to go on especially for a non-repro. Will add to TODO. > madvise_vma_behavior mm/madvise.c:1325 [inline] Just passes through start, end. > madvise_walk_vmas mm/madvise.c:1497 [inline] OK here we find VMAs and walk them. We explicitly check for start >= send if start < vma->vm_start. I wonder if the visit() call is splitting the VMA which confuses the logic here. s e | | v v |-------------| | | |-------------| Split: s e | | v v |--------|----| | | | |--------|----| prev = this VMA. if (prev && start < prev->vm_end) start = prev->vm_end; So we end up with: s,e | v |--------|----| | | | |--------|----| tmp = vma->vm_end; if (end < tmp) tmp = end; That tmp assignment will reinstate the broken end And... boom. Let me check this out and see if I can trigger it. I may be missing some safeguard that prevents this... > do_madvise+0x1e64/0x4d10 mm/madvise.c:1684 Here we explicitly check for start >= end: end = start + len; if (end < start) return -EINVAL; if (end == start) return 0; So overflow is accounted for also. But since this is a 64-bit kernel not really a concern. > __do_sys_madvise mm/madvise.c:1700 [inline] > __se_sys_madvise mm/madvise.c:1698 [inline] > __ia32_sys_madvise+0xa6/0xc0 mm/madvise.c:1698 > do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] > __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 > do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 > entry_SYSENTER_compat_after_hwframe+0x84/0x8e > RIP: 0023:0xf7fc2579 > Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 00000000000000db > RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 0000000000400000 > RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > ---------------- > Code disassembly (best guess), 2 bytes skipped: > 0: 10 06 adc %al,(%rsi) > 2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi > 6: 10 07 adc %al,(%rdi) > 8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi > c: 10 08 adc %cl,(%rax) > e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi > 1e: 00 51 52 add %dl,0x52(%rcx) > 21: 55 push %rbp > 22: 89 e5 mov %esp,%ebp > 24: 0f 34 sysenter > 26: cd 80 int $0x80 > * 28: 5d pop %rbp <-- trapping instruction > 29: 5a pop %rdx > 2a: 59 pop %rcx > 2b: c3 ret > 2c: 90 nop > 2d: 90 nop > 2e: 90 nop > 2f: 90 nop > 30: 90 nop > 31: 90 nop > 32: 90 nop > 33: 90 nop > 34: 90 nop > 35: 90 nop > 36: 90 nop > 37: 90 nop > 38: 90 nop > 39: 90 nop > 3a: 90 nop > 3b: 90 nop > 3c: 90 nop > 3d: 90 nop > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup