From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C842C25B76 for ; Wed, 5 Jun 2024 03:23:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 065DC6B008A; Tue, 4 Jun 2024 23:23:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 017826B008C; Tue, 4 Jun 2024 23:23:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E46D56B0092; Tue, 4 Jun 2024 23:23:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C715E6B008A for ; Tue, 4 Jun 2024 23:23:36 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 7AC3A1401B6 for ; Wed, 5 Jun 2024 03:23:36 +0000 (UTC) X-FDA: 82195390032.02.812F276 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf13.hostedemail.com (Postfix) with ESMTP id 25C7520003 for ; Wed, 5 Jun 2024 03:23:32 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=2JFmtiDM; spf=pass (imf13.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717557813; a=rsa-sha256; cv=none; b=2QB4D+/0eJ4DuFaFM3TG0lVa2SiZZY/cSRZ30/Q0D7pCCT2PXY5TSLdcrC9mM9lFcsZ6GD X+i6Emp5fVM7/wI9QgDHJUzVJs5CztUqZdMNTUlKiA0/hXRU+9btUdM7RnXBJwV1WCvrWd jGvr8y5KYuG7RUq39rQw5biSUYJF26U= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=2JFmtiDM; spf=pass (imf13.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717557813; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dbrnJhu/n7SYvoasNoQnxUfmLqDc0xf342zK7Z5uB8s=; b=svmgTXLpCapRxSXdyD/YqfGEj6te/S0HVG+nkH8kAztLYuzA/G3WzJUYdr7HO2jachd6sG Trg/XoZdwGEl2m3uv454eV8+lISTJWdpLronhV9BtP+DtEJnprURF3hCwI/9Qyf4GjId4T YZk57CokrgKQOD5L5+LZuvHvtDJFvX8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 07BBDCE1391; Wed, 5 Jun 2024 03:23:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1289CC32781; Wed, 5 Jun 2024 03:23:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1717557808; bh=7H29Oal966I5Bv2EA8I2x/Oc47qcILF4gRXbga2Kdpc=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=2JFmtiDM9CqyfXTG8mjJAXb19GitD/mRvzoOT17vELhUw8cE51CIau50K9vffSjk/ L0gJBg7Cuh6bMx+0YAACcnhGMY4h8fzRsfop+HQSXf47qDds9yQWXv5JTVfiwTlcgs LuYN5B+feAR2fL4Y31XcuaGLY3UaFilN8mf0qifI= Date: Tue, 4 Jun 2024 20:23:27 -0700 From: Andrew Morton To: syzbot Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Lance Yang , Hillf Danton Subject: Re: [syzbot] [mm?] kernel panic: corrupted stack end in userfaultfd_ioctl Message-Id: <20240604202327.37b6ff1ec94fe6c0a212c9f7@linux-foundation.org> In-Reply-To: <000000000000109e6b0619fbfd44@google.com> References: <000000000000109e6b0619fbfd44@google.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 25C7520003 X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: qk7cawaz47qs5buc31dxkxiww5q6xgko X-HE-Tag: 1717557812-215668 X-HE-Meta: U2FsdGVkX19dU9hw82ixIVobmm/JqPPMS38RTfXYkodmrQbKLdpEorLQlhcMnbwLQtC+rDH+HtRn9/fJx0BW6I6Y5JhIa1JnAq37kNhEfoj7oYz/oqN369dq9vACez24ID5d6TDEJjpeHhuCcqeWnUBLoRrRfo7WgH54N/6ydq/PvOZe9SQDnSxMUebT3DCdPJFxnOsww/r8hXCqkicpBHR/cwGKcDifw9LHpJnuMIDnaHRRcpJVKK9RfPU49TBCNtWNetd/1zVhKlGrBdC3EpVxhKCRUSb9TsnBNbx3Oz8qlu5ZZe0eAX2OBlrUVCwTA9kBrczM6KdOWar/6LxvRCxTyNvVxlGParfHVK6Ng6iSzZTNSMchmEFmDCOEMXrv1QiWkWt8Bc9OJJ4BjEkJ+naA4M4UbOyZFzL75l+AT+UFHu8LSFi1P87TfzQ55rgRAsR9DHyVOjmsgsSBvax7mwhGpeInvYUNAPzPWSgffmjzX5utyqyFvK+N5OTLs0epkfXjghRvHI+S6PbsVSqf004o35E2O53gXsYk3c0w3ejyi0PMDOx+NB55uMXFVOfs3HRRq98E21u6A1ok0uJnVYEhGunyJt6DifeRO8H9Wj2RPIXl4wA0g/VF7IzupAVYJMxHPxrMq2mAISUFeqWgMx5EAgcOUjDzX43leM70ovMzYgShNzMENwIHMnuxXm/Ashhuxb/MDDT8+duFjHLku4bPrRBEdK4JZ+sxYZ76C25RQLMMzbOilK1OmZ1b75yI2YUeT9ANCExuXsJXCl9pv0Bk9W5rLdkfW5eDMsGcRW2LIqYK+8Xs8qVXwEw29p4ZiRgH1GZBkQejJbV1elYGedcRyobyH89d/AByqNBtMtd+3zt5gL+e0Y6a5RkMYB9ljuALG4acl9IuotRS82UTaIP3mll8bnyUKDkrAd2dX31inWA516Sy5ktfIVL1Tpsxz0EgQsoEuZ8nwQj1NsY DOk4Lju1 DPb/hTdsK5jvIwmCenOYTG6q829DBXpykan4Jd07u4UyeiZqGM6XBvQ0kXufEnlUBrOskVNDEsRuTIF/xQft6RNMwFaZN4cdeBoIcU4KJ5Bnpwu03RjDuMt2KdH/4rtyizUiEyQpQb+8C4RvQfAx/YOXaDzxdOj5fZ+TZZbM0jxG4p5sQzPQNaqfY3njWSXPf/A571F6UBxz5bz1DoAsO4u5YB7yp+8qIqFfvO3QyaGAM4DQn+n6dNamg9YUQCKu2BnVbtrTYnOVM52vGluIsrnigStA6KFroPl4exuKtjZ1y/tMW12FWCmAQI+ugu+GocTvnTfT4Wa0E9BaDCgoaFWv0/XGWdpQ5ehs1B9+IHQUKPSPRBDaCxPVWvpXN2gBDF9v7JSEa9UR26NTU0q5PNT4AF60ZB7jeDx2ton8w1+z0HbZE7wlskPZ8WqaWPY8LY6j2FDkdWPm8zhOPT4z50Gs2BCdEZCRu8iuOjyiBAR3c6JdZt4nLrLuinxC6yTW8l2suvbRQl713OzeXcxARANNotaqyInSNIdfB/Xt1duEy2ivHlN6l9znP8sFLbIUoA9m6pL6kkGqr59iIpHMvXaAsQVoISc0GPKh2XghJtc7GmxhvdNP+eGPvixTlqzXvoJi+GKWey8Ydpoymnl1HU7jYVj9ZFPVIGAXzohL1ZxTNe5Nz1jTTyiqSDPAwxlfCIAhOHfPvrUvy9VDgqDVT/GrLVM00RVdwHStIYJc5iVUM97b8qSayd8FzRoeyGYW2ehZ5gMauTKofRWeFZLsKWtjtMRGyslY0Htr97IZwDTT7iEmLZMVnLmkdAPz1jjmhfpLg9DgRmHPiikZrzgNEUvIkc902HkqAwCgvzLJimxgG9gpUkOC5DdUXOUbeI77VIun3/jKOLRmQU47/n+gf6tGNOTLGgvskYAm7e/8UNeb+eh3XRKDPH6p45uTQ2LeAdkFc7J+BAHy4d6WLp0l92TWFFXAE zFfV/40D rCs3RiBOb2Vs2zgTx+dQnoQ5BGVLwbPD+mGfhOHVpPzQI0G0Tsvfhg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: For some reason this thread doesn't appear in my linux-mm archive. Lance, please take a look? On Mon, 03 Jun 2024 06:05:33 -0700 syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=104284f2980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c > dashboard link: https://syzkaller.appspot.com/bug?extid=5a1cb2c00e895afca87e > compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > userspace arch: arm64 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124e1664980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15683162980000 > > Downloadable assets: > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz > kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+5a1cb2c00e895afca87e@syzkaller.appspotmail.com > > Kernel panic - not syncing: corrupted stack end detected inside scheduler > CPU: 1 PID: 3188 Comm: syz-executor396 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0 > Hardware name: linux,dummy-virt (DT) > Call trace: > dump_backtrace+0x94/0xec arch/arm64/kernel/stacktrace.c:317 > show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324 > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0x38/0x90 lib/dump_stack.c:114 > dump_stack+0x18/0x24 lib/dump_stack.c:123 > panic+0x39c/0x3d0 kernel/panic.c:347 > schedule_debug kernel/sched/core.c:5962 [inline] > schedule+0x0/0x104 kernel/sched/core.c:6628 > preempt_schedule_irq+0x3c/0x80 kernel/sched/core.c:7067 > arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:301 [inline] > __el1_irq arch/arm64/kernel/entry-common.c:539 [inline] > el1_interrupt+0x4c/0x64 arch/arm64/kernel/entry-common.c:551 > el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556 > el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594 > __rcu_read_lock+0x0/0x14 kernel/rcu/tree_stall.h:125 > pte_offset_map_nolock+0x38/0xb0 mm/pgtable-generic.c:314 > move_pages_pte mm/userfaultfd.c:1160 [inline] > move_pages+0x330/0x13a4 mm/userfaultfd.c:1733 > userfaultfd_move fs/userfaultfd.c:2016 [inline] > userfaultfd_ioctl+0x6f4/0x1ed8 fs/userfaultfd.c:2134 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:907 [inline] > __se_sys_ioctl fs/ioctl.c:893 [inline] > __arm64_sys_ioctl+0xac/0xf0 fs/ioctl.c:893 > __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] > invoke_syscall+0x48/0x118 arch/arm64/kernel/syscall.c:48 > el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:133 > do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:152 > el0_svc+0x34/0xf8 arch/arm64/kernel/entry-common.c:712 > el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730 > el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598 > SMP: stopping secondary CPUs > Kernel Offset: disabled > CPU features: 0x00,00000006,8f17bd7c,1767f6bf > Memory Limit: none > Rebooting in 86400 seconds.. > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup