From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3907CC2D0EC for ; Tue, 7 Apr 2020 22:08:51 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D647120747 for ; Tue, 7 Apr 2020 22:08:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="TJpWr6e9" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D647120747 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 4166B8E0019; Tue, 7 Apr 2020 18:08:50 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3C72F8E0001; Tue, 7 Apr 2020 18:08:50 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2B61F8E0019; Tue, 7 Apr 2020 18:08:50 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0032.hostedemail.com [216.40.44.32]) by kanga.kvack.org (Postfix) with ESMTP id 135508E0001 for ; Tue, 7 Apr 2020 18:08:50 -0400 (EDT) Received: from smtpin03.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id C16D1180AD801 for ; Tue, 7 Apr 2020 22:08:49 +0000 (UTC) X-FDA: 76682449578.03.camp41_2fec12e5ce037 X-HE-Tag: camp41_2fec12e5ce037 X-Filterd-Recvd-Size: 9339 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by imf25.hostedemail.com (Postfix) with ESMTP for ; Tue, 7 Apr 2020 22:08:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1586297328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tWG9aEY3ersCi21p9c4u+YYevJMBCRP39D3LwMdCNz8=; b=TJpWr6e9keWY8jmtjBmKoANChN9C5fnukB4NFVVQDGansx1FO+B1mhVQiG8DkQvqovQzVL lpv8yoqkb7TaksTIqcXj3lA7vUumvwN2xUyskCFyHEZ4x+I6mNh/uCTAfhezXuqIRH1v8E MhzO+r1ioP5WWe5hoDOZuLTbyUBRpfs= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-39-R3EQ9oCpNjCF7fE3384TYw-1; Tue, 07 Apr 2020 18:08:43 -0400 X-MC-Unique: R3EQ9oCpNjCF7fE3384TYw-1 Received: by mail-wr1-f70.google.com with SMTP id 88so2942137wrq.4 for ; Tue, 07 Apr 2020 15:08:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TssMTWHxygIKNi11mIoil8mbiwzaSax2CgW48VSAyh0=; b=NkzgeRHwFoYBGs+E6DkyvTObrdTqpVnr5tt0+wvC46ZUWCDdPt/VMWE78hw5sg8L5F HaVaTTXmEuahiJFVaLxcDHnfIXof778LQB9xo+fYwZoXM3zeMoGOdjcmh4NoWalmcktH ItWqbk++z1vBPEoquncmgAZiVp8gDw+SEG2pbLbsV5naaGFp+xIkCVmLZlGhzu7Dif0U HE6cypMAVgHNiGvY92jZzFG/9Nc1qybtEfgFoFsqVVHMwEYtgCYaD970VDSHs9J2VCki dV4WEXdZ5O0ylS3uwZdF+0ExSSSn/qi/OHuVqpP0HGjZmZ/BpnK0jLacc8r0XrDAkq5p GwMQ== X-Gm-Message-State: AGi0PuYz8f6fw56qFQYtsnZLIhDNAxIWyfmgxG2l2k1XvcK2vE87ZIlM EnGtaK8WNj0mI43mW6dGN8L03DLivueB+qkrHHq6TOkbNgVrtS+op/HViyA1UvpwGn+PdNQn5kU 1+3++kKxBV8w= X-Received: by 2002:a5d:4305:: with SMTP id h5mr4695005wrq.69.1586297321501; Tue, 07 Apr 2020 15:08:41 -0700 (PDT) X-Google-Smtp-Source: APiQypKQy1KrIKKuFiITfqiBqf0sbYrIWOWJVSKMi3ArFHZ4ikwM9Y3iCrCtqPKvnaU6G3z5Y1UkEQ== X-Received: by 2002:a5d:4305:: with SMTP id h5mr4694976wrq.69.1586297321131; Tue, 07 Apr 2020 15:08:41 -0700 (PDT) Received: from xz-x1 ([2607:9880:19c0:32::3]) by smtp.gmail.com with ESMTPSA id q187sm3951406wma.41.2020.04.07.15.08.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Apr 2020 15:08:40 -0700 (PDT) Date: Tue, 7 Apr 2020 18:08:37 -0400 From: Peter Xu To: syzbot Cc: akpm@linux-foundation.org, bgeffon@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, torvalds@linux-foundation.org Subject: Re: BUG: unable to handle kernel paging request in get_pfnblock_flags_mask Message-ID: <20200407220837.GB66033@xz-x1> References: <00000000000018a92305a2ba57e0@google.com> MIME-Version: 1.0 In-Reply-To: <00000000000018a92305a2ba57e0@google.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Apr 07, 2020 at 02:48:12PM -0700, syzbot wrote: > Hello, >=20 > syzbot found the following crash on: >=20 > HEAD commit: bef7b2a7 Merge tag 'devicetree-for-5.7' of git://git.kern= e.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1685901be0000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D91b674b8f0368= e69 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D18638e81a805a2d= 96682 > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D11379efbe00= 000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D10172c5de0000= 0 >=20 > The bug was bisected to: >=20 > commit 4426e945df588f2878affddf88a51259200f7e29 > Author: Peter Xu > Date: Thu Apr 2 04:08:49 2020 +0000 >=20 > mm/gup: allow VM_FAULT_RETRY for multiple times >=20 > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D16122ac7e0= 0000 > final crash: https://syzkaller.appspot.com/x/report.txt?x=3D15122ac7e0= 0000 > console output: https://syzkaller.appspot.com/x/log.txt?x=3D11122ac7e0000= 0 >=20 > IMPORTANT: if you fix the bug, please add the following tag to the commit= : > Reported-by: syzbot+18638e81a805a2d96682@syzkaller.appspotmail.com > Fixes: 4426e945df58 ("mm/gup: allow VM_FAULT_RETRY for multiple times") >=20 > BUG: unable to handle page fault for address: fffff11043f9c809 > #PF: supervisor read access in kernel mode > #PF: error_code(0x0000) - not-present page > PGD 0 P4D 0=20 > Oops: 0000 [#1] PREEMPT SMP KASAN > CPU: 0 PID: 7170 Comm: syz-executor720 Not tainted 5.6.0-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 01/01/2011 > RIP: 0010:__nr_to_section include/linux/mmzone.h:1256 [inline] > RIP: 0010:__pfn_to_section include/linux/mmzone.h:1335 [inline] > RIP: 0010:get_pageblock_bitmap mm/page_alloc.c:452 [inline] > RIP: 0010:__get_pfnblock_flags_mask mm/page_alloc.c:487 [inline] > RIP: 0010:get_pfnblock_flags_mask+0x5b/0x190 mm/page_alloc.c:501 > Code: 0d ea e0 be 0a 48 85 c9 0f 84 aa 00 00 00 48 89 f7 48 c1 ef 16 48 8= d 2c f9 48 b9 00 00 00 00 00 fc ff df 49 89 e8 49 c1 e8 03 <41> 80 3c 08 00= 0f 85 87 00 00 00 48 8b 7d 00 48 85 ff 74 7a 83 e3 > RSP: 0000:ffffc90001697d40 EFLAGS: 00010a06 > RAX: 0000000000000007 RBX: 0001fffffcf404f2 RCX: dffffc0000000000 > RDX: 0000000000000002 RSI: fffffe7a02793d05 RDI: 000003fffff9e809 > RBP: ffffa8821fce4048 R08: 1ffff51043f9c809 R09: ffffed1013c9e829 > R10: ffff88809e4f4147 R11: ffffed1013c9e828 R12: ffff88809e4f4140 > R13: ffff88809e4f4148 R14: 0000000000000000 R15: ffff88809e4f4140 > FS: 000000000268a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: fffff11043f9c809 CR3: 000000009f94c000 CR4: 00000000001406f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > __dump_page+0x122/0x1a40 mm/debug.c:57 > put_page_testzero include/linux/mm.h:675 [inline] > put_page include/linux/mm.h:1136 [inline] > lookup_node mm/mempolicy.c:907 [inline] > do_get_mempolicy mm/mempolicy.c:970 [inline] > kernel_get_mempolicy+0xe3f/0xfb0 mm/mempolicy.c:1615 > __do_sys_get_mempolicy mm/mempolicy.c:1633 [inline] > __se_sys_get_mempolicy mm/mempolicy.c:1629 [inline] > __x64_sys_get_mempolicy+0xba/0x150 mm/mempolicy.c:1629 > do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 > entry_SYSCALL_64_after_hwframe+0x49/0xb3 > RIP: 0033:0x441789 > Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f= 7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff= ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 > RSP: 002b:00007ffe6d5ec848 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441789 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > RBP: 0000000000021c9b R08: 0000000000000003 R09: 0000000000402590 > R10: 000000002073b000 R11: 0000000000000246 R12: 0000000000402500 > R13: 0000000000402590 R14: 0000000000000000 R15: 0000000000000000 > Modules linked in: > CR2: fffff11043f9c809 > ---[ end trace bdfbd15c6d2a525e ]--- > RIP: 0010:__nr_to_section include/linux/mmzone.h:1256 [inline] > RIP: 0010:__pfn_to_section include/linux/mmzone.h:1335 [inline] > RIP: 0010:get_pageblock_bitmap mm/page_alloc.c:452 [inline] > RIP: 0010:__get_pfnblock_flags_mask mm/page_alloc.c:487 [inline] > RIP: 0010:get_pfnblock_flags_mask+0x5b/0x190 mm/page_alloc.c:501 > Code: 0d ea e0 be 0a 48 85 c9 0f 84 aa 00 00 00 48 89 f7 48 c1 ef 16 48 8= d 2c f9 48 b9 00 00 00 00 00 fc ff df 49 89 e8 49 c1 e8 03 <41> 80 3c 08 00= 0f 85 87 00 00 00 48 8b 7d 00 48 85 ff 74 7a 83 e3 > RSP: 0000:ffffc90001697d40 EFLAGS: 00010a06 > RAX: 0000000000000007 RBX: 0001fffffcf404f2 RCX: dffffc0000000000 > RDX: 0000000000000002 RSI: fffffe7a02793d05 RDI: 000003fffff9e809 > RBP: ffffa8821fce4048 R08: 1ffff51043f9c809 R09: ffffed1013c9e829 > R10: ffff88809e4f4147 R11: ffffed1013c9e828 R12: ffff88809e4f4140 > R13: ffff88809e4f4148 R14: 0000000000000000 R15: ffff88809e4f4140 > FS: 000000000268a940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: fffff11043f9c809 CR3: 000000009f94c000 CR4: 00000000001406f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Thanks; I think this is a dup of previous one too: https://lore.kernel.org/lkml/0000000000002b25f105a2a3434d@google.com/ #syz dup: BUG: unable to handle kernel paging request in kernel_get_mempoli= cy --=20 Peter Xu