Re: [syzbot ci] Re: add and use vma_assert_stabilised() helper

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
To: syzbot ci <syzbot+ci80398e89ae0989e0@syzkaller.appspotmail.com>
Cc: akpm@linux-foundation.org, david@kernel.org, jannh@google.com,
	liam.howlett@oracle.com, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, mhocko@suse.com, rppt@kernel.org,
	shakeel.butt@linux.dev, surenb@google.com, vbabka@suse.cz,
	syzbot@lists.linux.dev, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot ci] Re: add and use vma_assert_stabilised() helper
Date: Fri, 16 Jan 2026 14:03:04 +0000	[thread overview]
Message-ID: <1dd32f21-4bdc-49e6-ad21-5d27c08ab255@lucifer.local> (raw)
In-Reply-To: <696a4245.050a0220.58bed.004e.GAE@google.com>

Please ignore, this whole series has been resent at [0].

Cheers, Lorenzo

[0]: https://lore.kernel.org/linux-mm/cover.1768569863.git.lorenzo.stoakes@oracle.com/

On Fri, Jan 16, 2026 at 05:51:01AM -0800, syzbot ci wrote:
> syzbot ci has tested the following series
>
> [v1] add and use vma_assert_stabilised() helper
> https://lore.kernel.org/all/cover.1768558900.git.lorenzo.stoakes@oracle.com
> * [PATCH 1/2] mm/vma: add vma_is_*_locked() helpers
> * [PATCH 2/2] mm: add + use vma_is_stabilised(), vma_assert_stabilised() helpers
>
> and found the following issue:
> kernel BUG in anon_vma_name
>
> Full report is available here:
> https://ci.syzbot.org/series/a3867085-bae4-4416-9704-3b23ef9c6006
>
> ***
>
> kernel BUG in anon_vma_name
>
> tree:      mm-new
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
> base:      eeb33083cc4749bdb61582eaeb5c200702607703
> arch:      amd64
> compiler:  Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> config:    https://ci.syzbot.org/builds/2e5b4d7e-a1a9-48c8-ae3b-654d3ac32e5c/config
>
> Loaded X.509 cert 'Build time autogenerated kernel key: 65176d093d4baf94ab1e788ee9f46804766f83ba'
> ima: Allocated hash algorithm: sha256
> ima: No architecture policies found
> evm: Initialising EVM extended attributes:
> evm: security.selinux (disabled)
> evm: security.SMACK64 (disabled)
> evm: security.SMACK64EXEC (disabled)
> evm: security.SMACK64TRANSMUTE (disabled)
> evm: security.SMACK64MMAP (disabled)
> evm: security.apparmor
> evm: security.ima
> evm: security.capability
> evm: HMAC attrs: 0x1
> PM:   Magic number: 10:472:582
> tty ptyc0: hash matches
> netconsole: network logging started
> gtp: GTP module loaded (pdp ctx size 128 bytes)
> rdma_rxe: loaded
> cfg80211: Loading compiled-in X.509 certificates for regulatory database
> Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
> clk: Disabling unused clocks
> ALSA device list:
>   #0: Dummy 1
>   #1: Loopback 1
>   #2: Virtual MIDI Card 1
> check access for rdinit=/init failed: -2, ignoring
> md: Waiting for all devices to be available before autodetect
> md: If you don't use raid, use raid=noautodetect
> md: Autodetecting RAID arrays.
> md: autorun ...
> md: ... autorun DONE.
> EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
> VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
> devtmpfs: mounted
> Freeing unused kernel image (initmem) memory: 26044K
> Write protecting the kernel read-only data: 212992k
> Freeing unused kernel image (text/rodata gap) memory: 388K
> Freeing unused kernel image (rodata/data gap) memory: 1776K
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> x86/mm: Checking user space page tables
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
> Run /sbin/init as init process
> vma ffff888175272d80 start 00007fffffffe000 end 00007ffffffff000 mm ffff888100079880
> prot 8000000000000025 anon_vma ffff888110bf8000 vm_ops 0000000000000000
> pgoff 7fffffffe file 0000000000000000 private_data 0000000000000000
> refcnt 1
> flags: 0x8118173(read|write|mayread|maywrite|mayexec|growsdown|seqread|randread|account|softdirty)
> ------------[ cut here ]------------
> kernel BUG at ./include/linux/mmap_lock.h:476!
> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> CPU: 0 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> RIP: 0010:anon_vma_name+0x253/0x260
> Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
> RSP: 0000:ffffc90000067550 EFLAGS: 00010286
> RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
> RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
> R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
> R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
> FS:  0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  vma_modify_flags+0x203/0x330
>  mprotect_fixup+0x46a/0xa50
>  setup_arg_pages+0x565/0xae0
>  load_elf_binary+0xc5e/0x2980
>  bprm_execve+0x93d/0x1410
>  kernel_execve+0x8ef/0x9e0
>  try_to_run_init_process+0x13/0x60
>  kernel_init+0xad/0x1d0
>  ret_from_fork+0x51b/0xa40
>  ret_from_fork_asm+0x1a/0x30
>  </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:anon_vma_name+0x253/0x260
> Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
> RSP: 0000:ffffc90000067550 EFLAGS: 00010286
> RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
> RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
> R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
> R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
> FS:  0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
>
>
> ***
>
> If these findings have caused you to resend the series or submit a
> separate fix, please add the following tag to your commit message:
>   Tested-by: syzbot@syzkaller.appspotmail.com
>
> ---
> This report is generated by a bot. It may contain errors.
> syzbot ci engineers can be reached at syzkaller@googlegroups.com.

     prev parent reply	other threads:[~2026-01-16 14:03 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-16 10:27 [PATCH 0/2] " Lorenzo Stoakes
2026-01-16 10:27 ` [PATCH 1/2] mm/vma: add vma_is_*_locked() helpers Lorenzo Stoakes
2026-01-16 10:27 ` [PATCH 2/2] mm: add + use vma_is_stabilised(), vma_assert_stabilised() helpers Lorenzo Stoakes
2026-01-16 10:33   ` Lorenzo Stoakes
2026-01-16 10:46 ` [PATCH 0/2] add and use vma_assert_stabilised() helper Lorenzo Stoakes
2026-01-16 13:51 ` [syzbot ci] " syzbot ci
2026-01-16 14:03   ` Lorenzo Stoakes [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1dd32f21-4bdc-49e6-ad21-5d27c08ab255@lucifer.local \
    --to=lorenzo.stoakes@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=david@kernel.org \
    --cc=jannh@google.com \
    --cc=liam.howlett@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mhocko@suse.com \
    --cc=rppt@kernel.org \
    --cc=shakeel.butt@linux.dev \
    --cc=surenb@google.com \
    --cc=syzbot+ci80398e89ae0989e0@syzkaller.appspotmail.com \
    --cc=syzbot@lists.linux.dev \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox