From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 498DDC61DA4
	for <linux-mm@archiver.kernel.org>; Thu,  9 Feb 2023 04:08:34 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B23676B0071; Wed,  8 Feb 2023 23:08:33 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AD3DA6B0072; Wed,  8 Feb 2023 23:08:33 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 99B586B0074; Wed,  8 Feb 2023 23:08:33 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 8822E6B0071
	for <linux-mm@kvack.org>; Wed,  8 Feb 2023 23:08:33 -0500 (EST)
Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 5BFC0C02E4
	for <linux-mm@kvack.org>; Thu,  9 Feb 2023 04:08:33 +0000 (UTC)
X-FDA: 80446421706.26.CE2D3C6
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by imf17.hostedemail.com (Postfix) with ESMTP id 990F94001A
	for <linux-mm@kvack.org>; Thu,  9 Feb 2023 04:08:30 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=fJmx7LmC;
	dmarc=none;
	spf=pass (imf17.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1675915710;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=C+Eg5ZCt4v1hOmmIQstIrfe2cD9kU4XCSTJyj9mZAik=;
	b=sWF/PMB3W11b2pag1cP6JsE+T+QqHyum2STtvCAiGAkO6KHUvowd3xE+7teX8dfxPkXVKO
	N80oFHtpToq2x6i+YENf68X0E40AFZ9oYtbWXDCUC+I5qIwZbiZHl+7BtaO6X7j7OdnsP9
	r/gVxN32k3/ZKClBo7gxyL6KMvhF8sw=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=korg header.b=fJmx7LmC;
	dmarc=none;
	spf=pass (imf17.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675915710; a=rsa-sha256;
	cv=none;
	b=PJR1znA1WfXFy6gor1qxC+ArhyZMjEIEMVw9ZDGBlFmdbnQlDICDHDBT8p5GUIiq6HiRJL
	aiRh/GQAkf9Qik+f5RelIeIvar6cSxSA3Dt5mIGJhn2UYsq6Azs5zqfY5D/e1YN3GztXNO
	+luLqflKDZmuhl4KCykxtnXhNNQhPI8=
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dfw.source.kernel.org (Postfix) with ESMTPS id 89D536187F;
	Thu,  9 Feb 2023 04:08:29 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90F6EC433EF;
	Thu,  9 Feb 2023 04:08:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1675915709;
	bh=pHJypjgeDSW+11z03k8Qy0ZiPxB15zj8h5OsUvUjIdM=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=fJmx7LmC3VIWvSWeCitVOw2zg8kbhehG3WbBeiLxT76ErH2PV7xjYLPH73d/cMjKS
	 IC6YYIWWKtqeZQ2G96J6GDd2i4dFLrw03Nsg/mDL8Mz2a26nH3jpR/aplnRZ38avrN
	 S1mZqAknZagGKwPw5s4Ip1c5Wnpt9X9PonuFX1Es=
Date: Wed, 8 Feb 2023 20:08:27 -0800
From: Andrew Morton <akpm@linux-foundation.org>
To: syzbot <syzbot+d632e24db18585d7b3c6@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, llvm@lists.linux.dev,
 mike.kravetz@oracle.com, muchun.song@linux.dev, nathan@kernel.org,
 ndesaulniers@google.com, syzkaller-bugs@googlegroups.com, trix@redhat.com
Subject: Re: [syzbot] BUG: unable to handle kernel paging request in
 folio_flags
Message-Id: <20230208200827.9b461dc5955770535aa2ec78@linux-foundation.org>
In-Reply-To: <000000000000a6b67d05f43a9854@google.com>
References: <000000000000cce8cd05f435fc77@google.com>
	<000000000000a6b67d05f43a9854@google.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 990F94001A
X-Stat-Signature: krtxzrum18b9nan7okr857t94k8pmhiz
X-HE-Tag: 1675915710-166092
X-HE-Meta: U2FsdGVkX18/PCCEeGGvvAtWxzJnxaMWHMwalqGzyHYkmkapOb8Wp0WL3eKHL4yZ2B3MIzgRzaMBPSOcddlr5308uFMkFhVF6nCuVf4IbqFedppv4FMlljQES43DX0rsQK3xOtQMdcVJwJEkHWCh6fzqr95x2DiZdwAY1JkF5rXPw1J5mp9FefjjeTZRpp7szkMxWBQz1sBki2MsyA1onrc3XendZ6L3WZiBIYrMr8QzBpvq4hb4Ls+8ZzAcXc+QnEEqdWMDOa7kymZvO8jX+gnxRjfEARm9Q342s8HDIbzYisHY/vF5PHPXzdSSmO9vzwayRawEENp6S0rGjIjtm7jI2+2m12+dtcSzasBrIwBbIfXxxCxV48Zc88q9bQW4/U7JM40dJev56xn6A++a/T14Wos5M4EXa/ezFknHTsRfltbcWLRgwpe+ocQl4aTvz8T14vYYEzzsUa+ZS4CZct+osZc+QfTRxe8bQG4XWBdyg/aJMbUmWiH7TVPPBjvNRcbG/rGdBQvFQLR91hYlHMg7pujDsRrdVRTib1ncvpCCZDioc9H4lnAekmBcIPYaayxQdDMFZYrE4AREHiGbiODjGCUqi4ap53fuUVX1Yb4BlJ4V8fiXZc+cTbwDwVpHYNrmyZWLv9ixDFte0RzzV4c075a5CS0fs0hGBMEwCnto0obcPzwaOdkyq3Gfku3pFEhkki2BfCCoErr3DN66o9fBgnoXkxiHeFph96EVAjQvhafQRyxU3pVwIm1bx+b5AEo8PlvpaWSEwgHX9jCb4DUjZRs1YHuwtDeNyCrdZ1vuE9yQELzaKPfbUzpjWBbOXugvZIMnHdlaaeaQI7+paBEOjS5jaHw4/PUGqfN0Y70I3Hw3oGbIluTGgt1FIE4ds0aUoRP0d39UT2531K0HKof0dFOzH7i55dIo0MlPU/44Jcc35IGba8XiANnxmSAbrq3Pf2qTeGWtbn2QXuN
 Y1G0a1tC
 aeHVvIwoflJeBJv715Y0Zo/xT8QfAvIbxEMqhzm9tltgeWq1NR4JHnVQyUVqnn3WSU9n2hZnB4h83DBNX4joVkJB3rSWgDz9/OXnpJKDo+RBgV53LABVwKEnrjyhepjT+iBLS3tLFP3lHwdCab+F2jdqChdqfpfcLM4uSoM6sEwOracggveU9MmuDMHsoxeBGNuKd/Jn/yxb/VATnPQCnH3sf+ndVENEQ7kmpXV2mxFw4fz8M1IIRG71t3FSqbnTXsjLLpCaWBSDL4KSsXAxwH0hszk3dZvXjPBA9sl6QJkgEK3OwuFsp48DzI5AGGX083Aqu4bjn4zPkjdRFBhfEvMMIgtAWtT6O50pJVOIbVr7NjUQzxC37Mfz1+m6eAYN/caY6YJ9bpqu21e45eCoyY7p9ySmQaVpOvZXP6512hGaN+0YODWKJMH81iTJhpv5u6iNXOFM8NO7gCRCZIkeBObkZa9mIUNHZfpXK6zU2qMBFYJW6Xa/LA/Dcjx8yCY/C0mBVWMhU32+FRlhYZbofReZMZtjfknWeA2yRzF8Q6jLpEHCQuBV1DJw4663Uk9dMI8l+KV6TSvdlDh8SGYmZg4JpFacTJJt2Rnl2uKn/5TVUctDC022TfAmVpbf5wHCKefibXDYpwKKvoVsqsB0YTnblrGeQ5OpWymE+p/vlDSCQ5VA0Fh+yRrJNd5tORK5G9dftawRiv4r6rVKNG882f9y21vQXMeMW7sBDOAk5VWaQldzIsN1K2MMIzXqsepgsuy8DObURlxwxPoqEmfCdrFUuUBBenmbIen5kfye9g0n7qeGGPVIaYO7u/pzipmMaYAqudLr4WLscfn6GPnaEGe8gf0gdcqzJnJuv731k47EGA6jY5lserXhlooSUULyMGCFuc9rcwRF9pjgtu2d2sBXb2OL0xEH/Q2yXqC1GIVt1oX2yi0b9fJq1Yi8/X5/aAhlyezyZxbwucJoCZh7IKKZItigh
 zwZfZSWc
 E5jw9JO4gfVcgUWpYHrBFMlF4zn6DeLLpuyCuw3CQBrQdx81DuKtVwXLT+VkI42N1RnfP/ImFcLYI3p/afRPN90lR8qLRgm2LttIfM+WvIqH6Eg2/qB6H8aTQuPlehdMdK6tzF/yVYxTPldZ4mAakSZMa4eX43ldi3xrG+y7Xu4Zsuf5X4sfwYFbBryXX66V+cdJPpaH3ehVqDr1n9UAHUZYmYE4tz5GuZ/qTOcr4MmrSUx7lf0lq0NbMx1hhg5PQen1i6dpu51fSDjA0nWdpgCC0wPKoXyvSkf/MR0MgM02/J35PtgpnLBj7L1UgaCiKVABOsCkoMs=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, 08 Feb 2023 17:49:49 -0800 syzbot <syzbot+d632e24db18585d7b3c6@syzkaller.appspotmail.com> wrote:

> syzbot has found a reproducer for the following issue on:
> 
> HEAD commit:    38d2b86a665b Add linux-next specific files for 20230208
> git tree:       linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=15f5e3a7480000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3691b32dd4410e01
> dashboard link: https://syzkaller.appspot.com/bug?extid=d632e24db18585d7b3c6
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1454ddf3480000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14a8431f480000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/0a9d60e90514/disk-38d2b86a.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/71311be5f1a1/vmlinux-38d2b86a.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/a242870cc8eb/bzImage-38d2b86a.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+d632e24db18585d7b3c6@syzkaller.appspotmail.com
> 
> memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor561'
> BUG: unable to handle page fault for address: ffffffffffffffed
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD c570067 P4D c570067 PUD c572067 PMD 0 
> Oops: 0000 [#1] PREEMPT SMP KASAN
> CPU: 1 PID: 5080 Comm: syz-executor561 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
> RIP: 0010:PageTail include/linux/page-flags.h:290 [inline]
> RIP: 0010:folio_flags.constprop.0+0x2c/0x150 include/linux/page-flags.h:317
> Code: 49 89 fc 55 53 e8 84 4e b7 ff 49 8d 7c 24 08 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f8 00 00 00 <49> 8b 5c 24 08 31 ff 83 e3 01 48 89 de e8 c2 4a b7 ff 48 85 db 0f
> RSP: 0018:ffffc90003cbfc08 EFLAGS: 00010246
> RAX: dffffc0000000000 RBX: ffffffffffffffe5 RCX: 0000000000000000
> RDX: 1ffffffffffffffd RSI: ffffffff81cd1f5c RDI: ffffffffffffffed
> RBP: ffffffffffffffe5 R08: 0000000000000005 R09: 0000000000000000
> R10: 00000000ffffffe5 R11: 0000000000000000 R12: ffffffffffffffe5
> R13: 000feffffff00000 R14: 0000000000000046 R15: 000feffffff00000
> FS:  0000555556e84300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffed CR3: 000000002bb37000 CR4: 00000000003506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <TASK>
>  folio_test_head include/linux/page-flags.h:781 [inline]
>  folio_test_large include/linux/page-flags.h:802 [inline]
>  PageHeadHuge+0x18/0xc0 mm/hugetlb.c:2060
>  folio_test_hugetlb include/linux/page-flags.h:830 [inline]
>  folio_file_page include/linux/pagemap.h:702 [inline]
>  shmem_read_mapping_page_gfp+0x34/0x100 mm/shmem.c:4366
>  shmem_read_mapping_page include/linux/shmem_fs.h:124 [inline]
>  udmabuf_create+0x93b/0x1440 drivers/dma-buf/udmabuf.c:286
>  udmabuf_ioctl_create drivers/dma-buf/udmabuf.c:346 [inline]
>  udmabuf_ioctl+0x156/0x2c0 drivers/dma-buf/udmabuf.c:377

Thanks, I expect Matthew just fixed this.


From: Andrew Morton <akpm@linux-foundation.org>
Subject: shmem-add-shmem_read_folio-and-shmem_read_folio_gfp-fix
Date: Wed Feb  8 07:54:45 PM PST 2023

fix shmem_read_mapping_page_gfp(), per Matthew

Link: https://lkml.kernel.org/r/Y+QdJTuzxeBYejw2@casper.infradead.org
Cc: Charan Teja Kalla <quic_charante@quicinc.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Mark Hemment <markhemm@googlemail.com>
Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Pavankumar Kondeti <quic_pkondeti@quicinc.com>
Cc: Shakeel Butt <shakeelb@google.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---


--- a/mm/shmem.c~shmem-add-shmem_read_folio-and-shmem_read_folio_gfp-fix
+++ a/mm/shmem.c
@@ -4354,8 +4354,12 @@ struct page *shmem_read_mapping_page_gfp
 					 pgoff_t index, gfp_t gfp)
 {
 	struct folio *folio = shmem_read_folio_gfp(mapping, index, gfp);
-	struct page *page = folio_file_page(folio, index);
+	struct page *page;
 
+	if (IS_ERR(folio))
+		return &folio->page;
+
+	page = folio_file_page(folio, index);
 	if (PageHWPoison(page)) {
 		folio_put(folio);
 		return ERR_PTR(-EIO);
_