From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=IPtv=5W=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.9 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 891ECC2BA2B
	for <linux-mm@archiver.kernel.org>; Mon,  6 Apr 2020 23:21:21 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 3C9DB20787
	for <linux-mm@archiver.kernel.org>; Mon,  6 Apr 2020 23:21:21 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="BtcbEpOg"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3C9DB20787
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id DC30F8E0005; Mon,  6 Apr 2020 19:21:20 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D72A18E0001; Mon,  6 Apr 2020 19:21:20 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C878B8E0005; Mon,  6 Apr 2020 19:21:20 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0091.hostedemail.com [216.40.44.91])
	by kanga.kvack.org (Postfix) with ESMTP id ABD148E0001
	for <linux-mm@kvack.org>; Mon,  6 Apr 2020 19:21:20 -0400 (EDT)
Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 6E6A04DC7
	for <linux-mm@kvack.org>; Mon,  6 Apr 2020 23:21:20 +0000 (UTC)
X-FDA: 76679003520.02.tray10_28c2d76fe0155
X-HE-Tag: tray10_28c2d76fe0155
X-Filterd-Recvd-Size: 3185
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by imf37.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon,  6 Apr 2020 23:21:19 +0000 (UTC)
Received: from localhost.localdomain (c-73-231-172-41.hsd1.ca.comcast.net [73.231.172.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPSA id BD3222078A;
	Mon,  6 Apr 2020 23:21:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=default; t=1586215279;
	bh=7Ms6k7vtj1LGpAsupPTDHj5cgP4OjIyU8/7ZqN55Tv0=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=BtcbEpOg2S7UQrlZkniHtdpdYViLO04qm5l7mcnwA9YIYgNIs1O6CuYU9D13XWHeN
	 YXuxhQt2K9UcLXVEGCbTfy4Gbq7Tyh/K/QKBaa5Ayte7V6LM1k0Tq0QuRUMLKVGO+z
	 i4kJJOeSewsoOmEYuX85HsoEUR9LZFU6DUhBzjwE=
Date: Mon, 6 Apr 2020 16:21:18 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: syzbot <syzbot+b4501d3e966ff59f6090@syzkaller.appspotmail.com>
Cc: bgeffon@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
 peterx@redhat.com, syzkaller-bugs@googlegroups.com,
 torvalds@linux-foundation.org
Subject: Re: KASAN: user-memory-access Read in put_page
Message-Id: <20200406162118.4a91d61e8f506a9e728339f4@linux-foundation.org>
In-Reply-To: <00000000000021008f05a2a34336@google.com>
References: <00000000000021008f05a2a34336@google.com>
X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, 06 Apr 2020 11:16:13 -0700 syzbot <syzbot+b4501d3e966ff59f6090@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    bef7b2a7 Merge tag 'devicetree-for-5.7' of git://git.kerne..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=16940efbe00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=f72ba8a207627d60
> dashboard link: https://syzkaller.appspot.com/bug?extid=b4501d3e966ff59f6090
> compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15d79efbe00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1705901be00000
> 
> The bug was bisected to:
> 
> commit 4426e945df588f2878affddf88a51259200f7e29
> Author: Peter Xu <peterx@redhat.com>
> Date:   Thu Apr 2 04:08:49 2020 +0000
> 
>     mm/gup: allow VM_FAULT_RETRY for multiple times
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1441b1fbe00000
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=1641b1fbe00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1241b1fbe00000

Thanks.  This looks like a duplicate of your report
syzbot+693dc11fcb53120b5559@syzkaller.appspotmail.com ("BUG: unable to
handle kernel paging request in kernel_get_mempolicy").

The bisection is believable but I can't spot why 4426e945df58 would
have messed up get_user_pages_locked() in this fashion - I've asked
Peter to take a look.