From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9C4C6D36108 for ; Tue, 5 Nov 2024 19:02:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 35CE66B0088; Tue, 5 Nov 2024 14:02:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 30DBA6B0096; Tue, 5 Nov 2024 14:02:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1FC096B0098; Tue, 5 Nov 2024 14:02:44 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 027426B0088 for ; Tue, 5 Nov 2024 14:02:43 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 95B8AC016A for ; Tue, 5 Nov 2024 19:02:40 +0000 (UTC) X-FDA: 82752962292.11.504FD58 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf16.hostedemail.com (Postfix) with ESMTP id 9A80518000F for ; Tue, 5 Nov 2024 19:02:05 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=u45KSegv; spf=pass (imf16.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730833136; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0qKZfHCGm3Q4bHRxIn1VIg6Itte60Z/tObWJqqAvLZI=; b=PX40MH5vKglVwe9W9Pxp+kfYPuaRl+jM3M4qIyyZ7wjJn+nUQHLmctZ2rjUTzJ/MZm6ode gZT8KIyFV+22Fm3Vlovz6I08NxKDTBzM1PJkcsplNUXOnFAMcH0wEIFG8ACBWbymCu8cHj lNDvRTdlu+Oc+Sn0Ia/A99qsoBi5ETk= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=u45KSegv; spf=pass (imf16.hostedemail.com: domain of akpm@linux-foundation.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730833136; a=rsa-sha256; cv=none; b=R/FNKxNre3746+swcwamJZ6huGE/WgF7Ja19h/nfSsWd+Pz5mIktx4rY6IEzNi8T7fFUef j+fUx7SpjHOzmy9E+txVplTp8qhnG3ltRsA/UQ2fcoAZHRyLtkQO33afO8lc5CdlecemXN qF4RHHf6hdJ8inbW1UK2k563dxPmbjs= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 060C9A43982; Tue, 5 Nov 2024 19:00:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7BC8CC4CECF; Tue, 5 Nov 2024 19:02:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1730833357; bh=0v2wd5Jz2p/5neJZXwXEwg2oCHX8NYIqBryaYbkegO4=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=u45KSegvLAB++aXRZIEOAQspDt2aA0GeT3ZGnC5e2Wr04NqxivocP+tYmSzgaokOx +F04RWJxRaZFRR4mqb1JNq1jal7x1b2b1jBKf/+MzbPgmDCgV9EDccmUV/zBLer9k+ Z2NPK5+u/zJU5YCtwIKBf7cZo38HerCzRXfYbIoA= Date: Tue, 5 Nov 2024 11:02:36 -0800 From: Andrew Morton To: Alan Stern Cc: syzbot , linux-kernel@vger.kernel.org, linux-mm@kvack.org, pasha.tatashin@soleen.com, syzkaller-bugs@googlegroups.com, linux-usb@vger.kernel.org Subject: Re: [syzbot] [mm?] kernel BUG in __page_table_check_zero (2) Message-Id: <20241105110236.40819b7effad3f44de73dddf@linux-foundation.org> In-Reply-To: References: <67230d7e.050a0220.529b6.0005.GAE@google.com> <20241104200007.dc8d0f018cc536a4957a1cd0@linux-foundation.org> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 9A80518000F X-Stat-Signature: tormnxu5i1q5bs6e7qxdhfomcmpggkbk X-Rspam-User: X-HE-Tag: 1730833325-110273 X-HE-Meta: U2FsdGVkX19rXEb3nf0hwJCRUw0We05WHFfbclIgpKVGuxAGa336F2rkD9y+sZ6O7Gdcn0ovyp3BlIeGx7Odc8Yve+SURhUX5CorHQi6CzsD+BGvf/9VwCfPuRnNviFgHxm+rT4vdBfh/W+EGXWu8fbTos52D8v9dEm3FPByVfOPMXwaM/ODBR0i8wzfk8sPoqpK/uMYClY4BsWW8xGgdhNt9A1XppsdG3oIt/cPSPvR3X4ZxamUhl6LnYs9/k06ZDJiF7opHYbbV3ZR0qviKcoFSv/tyCH3qa1bVo5tH6F4ue2ifETBcIJpdapb1BJ60P3tuqsTCS0eqfVaf913Mo/R+LmtT8nABXkOssr9ZjQoEYZrWvGgx0NyGwoX70iKV5s+yHJ0t5D1G47bZx6IpnxGk6lMP/ofoe2CAqrmUtuCqQ6rMI+VPi6/4dbSQaCCCjXCwtEUJEo0JZtIoH/fWatwfLcCf2+q8WXhXCl2KgY8m7+tPwLZCwgIdyJ0dm2im1tvHln0vr25UNpEHqQqoq8Yf2VAxEh2vFedC83LhPHYnrSQFkXYv0CcS5T0YjyDYWLj8IVmYWcKE7nzJzQ2M7ZznLwdX9+sDYJG/6GhbzScjP8p9PQxXW5d27Il6srY+aRx6svQB3BtMeVz4FWgYdIvn1myIT5u6xpmUT0hK50qPCakD0D8sm2i5L6Jv3+9m52VzSw/4kQHlyCxktJW0seRbuO73RqryWuqBhL1OEP/PeKsqUqWQe4rpIJvC7dG0V0dvQf4Qh2VoTf0Q+kB6joQhOc5G7LeOSJl4uQlFA70m6BPRVZvUFpgxOAXpkyz1ZsX6tm9JssuSv2ie1HTcDhLuQwm2FPHRVEO5LVg/RBLMMToan2VXcL/74FpOd0i3o0b3ft36t0b2Ie5jlb9MA8Sni95265+5FTtJqco0M5A6JmWCXMiXHGixu1oLU4LxGGh0g88ayyVLE4PFp1 YhAouA+2 yAHwvHEn96uLN6T3Q5oGpVGxCZzNzBlss9cM2HU2jux3oEPd1CTVV2d4BTxC3LKBWfYzifhLEBKDRwQblhRNJN8/f2ln7z6DLnVflV58ErMAHTBMuSEUVihJoaPBveBcZzP/YYfKrwHUfKm5OGgX7Jsy+3SsPndsRJG6UoyNIqi2HPBZ8qFLc9x1nkv7Y5TzC3InL2BlM4+rGZbl+w06Poxnhdod58zaE9BjTALcCAtDvO7uNmhsg96WnJ3jc9+ZSIG3gay9C2U/kuiUGVWlikPq3i0kFaxZaBujsVLnk3JWHv8n2oyfZiGNo49OO7CS5cDzdcurcyT0Ocyd/QVRmYYfcuql5y744SuJmOpm1BAHGTBt9k7SHFO/Z2wCu70zMCeoBYKDLoHwheV4TfQpZLLfeIDzyezHRYTAno6swdloJxhPm93HJn+tTMo+XO33BCei7XmmPnDNJv3bvLatWVTQ9Yrybw3aFI7x/9aODKGL00DAayKBmQGvFlMeFABLHCqlwByv9aX5S3MaMNy4QPHeI8w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 5 Nov 2024 11:39:59 -0500 Alan Stern wrote: > On Mon, Nov 04, 2024 at 08:00:07PM -0800, Andrew Morton wrote: > > On Wed, 30 Oct 2024 21:54:22 -0700 syzbot wrote: > > > > > Hello, > > > > > > syzbot found the following issue on: > > > > Thanks. I'm suspecting some USB issue - fault injection was used to > > trigger a memory allocation failure and dec_usb_memory_use_count() ended > > up freeing an in-use page. Could USB folks please have a look? > > Andrew, I'm not sure what to look for. Thanks for looking. > Can you read through > usbdev_mmap() in drivers/usb/core/devio.c, along with the four short > routines preceding it, and let us know if anything seems obviously > wrong? All I see is lots of USB code which I don't understand ;) It seems odd that usbdev_mmap() calls dec_usb_memory_use_count() on some error paths, but goes direct to usbfs_decrease_memory_usage() on others. Did you try running the "C reproducer"?