From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3586E7718B for ; Thu, 2 Jan 2025 11:34:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 60A086B00AD; Thu, 2 Jan 2025 06:34:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 5B9556B00AE; Thu, 2 Jan 2025 06:34:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 40DD46B00AF; Thu, 2 Jan 2025 06:34:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 1CE276B00AD for ; Thu, 2 Jan 2025 06:34:30 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A5939C15B1 for ; Thu, 2 Jan 2025 11:34:29 +0000 (UTC) X-FDA: 82962302304.10.F926BAE Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf09.hostedemail.com (Postfix) with ESMTP id 01F8214000C for ; Thu, 2 Jan 2025 11:33:51 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=gQo9AHi1; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=FDe44AaY; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf09.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1735817619; a=rsa-sha256; cv=pass; b=sgbcXahq4k0ZSaARda3oQKQHTxTetfvB4/9/y5cgf1QBDyL8mYbFCMAyvzz/tqFSFfltTR p2iEjmqGI6R554jgBJKG7xDvbgdXMwQhlmSjoDOp5tzZbhVHzFwUcbBgFok2rtu0lCrlrr vxDihHtG9n0/1cCR4agm5/1geUOwdNk= ARC-Authentication-Results: i=2; imf09.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=gQo9AHi1; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=FDe44AaY; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf09.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735817619; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jJxbhcLJkKyfW4kCy65Bdq77uwPdmfncrDbKTb/0Pvk=; b=RtKaKpRy3fZ7v4bSZ9YgYoN3h5RBhnvIhlyiUumACd4a5XAOEAKbjLGJbO36TgdiE/hT+p +3a1G96+J9Le+dKVh/400M849Plz6TiFG/b6HtHnxQC49y7++1Ht65l47rsOopRug+AlCs Zbt4pCdHhFGTfMI/HWkVkttLnBKn02Q= Received: from pps.filterd (m0246631.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 5029fnMd014097; Thu, 2 Jan 2025 11:34:23 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=corp-2023-11-20; bh=jJxbhcLJkKyfW4kCy6 5Bdq77uwPdmfncrDbKTb/0Pvk=; b=gQo9AHi14M7n0H70gwFAMvZdc1U6dxIbRl 9dbhBXnOZg8BlHO7UKp9xZ5Q4Cga7ZQ481AQG7sjtAoMD+YYPup4kAJq4J7EgxNv hwp8Ivg4mb5B+l1jzR4QUGFPJgAxlEgJFVvkk+RwIgB6zJaQ2q3SNUUNn1wHMITs 1Ax+YYHm1beA6e1BtQn2iPrPvfQVbI5PrFld1FqcmL1DGwyqJtjXrqJSBGoAHivI EHpTNT17bcyBnBQVIMdaolER04jXd5kol49Bc6/G9BgSa285Jd7BDmshwLhfgr7R dSHPp+Y7DQ3HDDEQ5Qslec4pvGO9bbrR4uhO7tqOYOHCU4ebMv7w== Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43t841w8be-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Jan 2025 11:34:22 +0000 (GMT) Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 502BOOfL011804; Thu, 2 Jan 2025 11:34:22 GMT Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2041.outbound.protection.outlook.com [104.47.56.41]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 43t7s8g5s0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Jan 2025 11:34:21 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hJRtFYLXJtX8AipOdPzktwuTBHWQ8wuOXCER6ShdOMsGpuoQbyZJfFwNo5V3DMgXowe+nDMuLIVh/A4am/XE5WcnApncZpUmAH1cD5ymYQc2ypw2T8+PtnCDfBYBry02ibBWHqwxU7gSNJcjtHIFaBCY5GLLjb83WSVK+DcB0DMILQagW1InyFbc1i9CP3iCTT1oUxBMqiip5tXOtCIs0epV2FJq/EoOukNav2CHracv/6O6448oSZ9SHu0eHE6sLXifCkReblrNs1Aomx+TQCbdpIBTy5Hvk+UstBAaImNREab4EDbW2PUFgKwqOSmBCnF/hw05szLCSuzvUPIAKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jJxbhcLJkKyfW4kCy65Bdq77uwPdmfncrDbKTb/0Pvk=; b=nCOH7EMAc4FP3SplsOBbpfM2BAHw7llJSdjtQiTV5EeJqbdqRptevZEvFeaW/lvGluVLOdrpcZaWe5BB3NSR4PuDjjowcOcipjtxRTawza1rjDl57h40AcWsvoAtcJJUefPRM09rQPEmb0u4v+44pPwGf6S3LRXxOq98ANkM/kPiHXZ0NWtqlJiAhj4gDqrZjqbQ45O3vncwGbILppH5e6sKFK5WjAaFxAYzZ/VmIuW7Z2Xxk9tsclnC29HdnqeI0sZh67ebYK8QBjsQI65YwagKLVyLE89UjxVYbsFS9SaCFL5w4SRyMAXpKKXnkI7DFrc/3qFAZH9Fu7oeQq24dA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jJxbhcLJkKyfW4kCy65Bdq77uwPdmfncrDbKTb/0Pvk=; b=FDe44AaYK5+PyyG6aZ7lwKl+j+mlFycd1+AqNNjgM9vRcEGWFeWXHePtze2H3r/Kd0EcWVMtL8nhOigKs2DlBpkuoCFbvS0ZnzVfllfcCzsAiO0ibM+v0b+AJrFCaAm0uPLaaJKWypJ7UO2yAXhiMwzWVyC7pR9sAP4HQusFeOA= Received: from BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) by SA2PR10MB4521.namprd10.prod.outlook.com (2603:10b6:806:117::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.13; Thu, 2 Jan 2025 11:34:15 +0000 Received: from BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9]) by BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9%4]) with mapi id 15.20.8314.012; Thu, 2 Jan 2025 11:34:15 +0000 Date: Thu, 2 Jan 2025 11:34:11 +0000 From: Lorenzo Stoakes To: syzbot Cc: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Subject: Re: [syzbot] [mm?] WARNING in vma_merge_existing_range Message-ID: <62358653-f20e-4686-a14a-7c717d6488c3@lucifer.local> References: <6774c98f.050a0220.25abdd.0991.GAE@google.com> <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> X-ClientProxiedBy: LO2P265CA0480.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a2::36) To BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BYAPR10MB3366:EE_|SA2PR10MB4521:EE_ X-MS-Office365-Filtering-Correlation-Id: d35d2c16-e2cd-4b1e-4d3a-08dd2b2162cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016|7053199007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?k7u0LtaL8j4hPAX22GMO8NQ8IjDM5VDorireofYS6EkfMeCgg2TT4+O+kGin?= =?us-ascii?Q?HjiBrGwuWyieJEgVe3PHLYOmLnUr0+FOEftpU6Db1saifp6Djiz6InK6zepU?= =?us-ascii?Q?kVwpGUBZwYmn/5OuczsXVGmbh6LPqBMJbZt9N+SpWv/RvC1PEMkmO22LHccX?= =?us-ascii?Q?p0LmcX1Md+objLnOYyl2VvQ05G43XPdk93O88EuhBKIH6KjvGGNUdy9gkhBy?= =?us-ascii?Q?ykVhFjuUPR2sz6Qsi8yYqnq+XBlEi+Cr//iyEDmixYgovf7Au43hglMEYk8p?= =?us-ascii?Q?0eQi5MhV+1HjM3+1KA3255T+HDpGc+VUEZ0u44QmK9d49q7Wiym9nfQ6LPhf?= =?us-ascii?Q?GjEm84kv0OpmSoXZa8Hs/PerekttdKEUKnRm7plN3+aSfl7Ecczs3oyPQXFP?= =?us-ascii?Q?LeZF+OOlEn1+DiCP51JPbZ0n3Wek/5DL+0IVGdmlzT0benppVH0OlQ5igrJb?= =?us-ascii?Q?cCh1bOLPzQwAtw07Rk29sYxcaPMXY5u8yyPjSQiWo0FnlpZPp/N1Y5jeOrwL?= =?us-ascii?Q?fgpfZuEl5ST+lrlVkhMskyzqU5ctkx/1cl6TMrIvq/6qLkYpE0n6JVGB2hVn?= =?us-ascii?Q?y7ACpBHymM3k+SEnMrARLlzQUOe+7SvfvC5yj+gbmsBu9PSKyzN019+q/dNC?= =?us-ascii?Q?chDhd9Ds4EpKtKlkWyPZdISqt4xA8sCRAbys7a36ifMAoL2s2Rx3bjvZ2PlZ?= =?us-ascii?Q?LyDZPZGqhhes1gD3n6xqhQxUPN6onXEl+4mmyyI7h2+c3LU9rSk3bgscMQ2t?= =?us-ascii?Q?4QY2HaSGBpLb63uIPcHLJ8qx0dNS5+q2kDOCuMw07pqfkJdm9yqfmpFDyg9J?= =?us-ascii?Q?nXUjh4MRRDh0lRYivAnxdtOXrPPzwR33ToZ1sWHjIvNxhTUrDrJqgFT7KGEN?= =?us-ascii?Q?IYNsvFe3J7VfwPmKTllguz83x3LUz/LkW0bMqMShdQuvh2y50Mjwjs7euKxn?= =?us-ascii?Q?zodFGNuc0hOIoCYEB1txniDtaCFPU1g3AypbMgVijZ/yTdgRcwRLIt5XXKDY?= =?us-ascii?Q?0cS0B5CQWFyIHXF2UpdLLTlDmdRv/TeBC+Hb0UmW3n0ksbbf3PNwRUjtMMwX?= =?us-ascii?Q?JpAALBGrLmwXI1y2I7IY8rLJVhm68YavfYgkBbTe/beMRB0zIQNqOa6nML4M?= =?us-ascii?Q?6siqvjHq3uG7polXMi4g28yJyOt8sxAgO1YEL4NgpHkthTL9YrxSkp/qtLbU?= =?us-ascii?Q?+iUuOZYS61du/neryEcTnUrlVGzGkBD5GwFUX629Kir1BDRv28Xm/uzNsyku?= =?us-ascii?Q?7ATjm40DH5bAKrelNK5xjPk/8ALWRM8QR3FaH4MmlhEBQ0GIp5CoZqmM/KF+?= =?us-ascii?Q?n+zEzomlwc/cZ6jCqZTcXGXhzm6qgWMG5CmR/E1qzGLq/w=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3366.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016)(7053199007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?flCmciyLH21bIDHG0L9TGBG4SAHLD7N5OxTp/t18LgDKuQoGld9mFLFVQxmT?= =?us-ascii?Q?n1Qvb+QT+uFrMIY0UHLW0HLpFUg/mscMRxG25xDENWJ7tUnJYKziImEgons1?= =?us-ascii?Q?ffKhcxqZtqrSXp1aajHg33+a+uETL1V0vQgYqps8qz5+qc4nPWevm8+xArzE?= =?us-ascii?Q?5JTemT4TZa5KchGL9kagUDbmLO0oxIldoXv5VCBk8f9TS4eSM/GWYXWAxwVU?= =?us-ascii?Q?bV3yWBrEhtwI6RuweI/bCqDH5yzVddqH4ssvrdOrL/HkWvFidvAuXIubHmP4?= =?us-ascii?Q?i0bhfd2Wi48BAPgGTuGx6gMv6iacK4XU+iMxDcMHIWwk2mAPxKmiwIbpwDLR?= =?us-ascii?Q?9uZ4xMMSo2X4F9mgc13MtWj9Znfoy+jtk8EYQVGo7uesI3pSIttkk1FR1dPv?= =?us-ascii?Q?RKcaOA4aaUGT08Lp8RvHZcX4v44HaxheoB8WOonGxU2tpAsms/bVCSp+r0W8?= =?us-ascii?Q?4H6SaWwF6HQr+RMS1oP32nh6WLMDQNExVhTsKYxP869mMYu7VkzKSflW3br3?= =?us-ascii?Q?vSiqojLFktg1nJl5dGWGV8cMh2j9dPlvO4aQ2FQGtCoKgr46YhMwI7CM2psA?= =?us-ascii?Q?YPVBkOyNGt0j7cD29LQ91/F7NrIpL3m2t1eX5EpJKMK6uzBa4B2/fq5ILab8?= =?us-ascii?Q?VN70dFIM7dV8C5tD+YHA/lyp64ELiaPAIrsHzASR/sGKB4I+vbP0cQ+md0r+?= =?us-ascii?Q?N8UNX5DXTfiZVAvVCgWk+5n207ho8fBRBMX65ri6fFk3Nd7g/oQ1Musvml2k?= =?us-ascii?Q?YY8OKvQH6Lk1KqrUAqewLSNCGO6ix2/kplIMkj/lEn3khfiI0KE0oXKj2T0Z?= =?us-ascii?Q?sxRDDTD3Flp2ROXGnOXtu1VJekyYniUemC6cJa4VrT/Rh71NiqfarIw2yBmg?= =?us-ascii?Q?qEwYHDHQwmnx8cjXMC8JjS1KRRn2Mu/obed6ZV8Yezm6piM7uz0h6NZrLa46?= =?us-ascii?Q?teRN0jHqSt4cJHbeJX83Bo4T/bU0cvNSBnADARK2W6pw/N7kfZsLMPKEOXgz?= =?us-ascii?Q?dA8P8a5iNYB3EbW4eF8/XHVmWxrHx2vEqEPX1W2HRylvrKBwAuuTFHbKDAor?= =?us-ascii?Q?c9Br8xnBMfHbqv8wZNqxmEvOzknRSHJbWku5vAlCqGSFTCaJJeo20cnVREOx?= =?us-ascii?Q?P1Qu511lACAWL2CBUPs2QE5lpcO7cmyjeZOyJ9Ln8BthAFvB8WeQMeysJGoK?= =?us-ascii?Q?gW+cT7Dvz4t4KgQKPndTiOyG56wpoMBkT0Nj56xfdzoeyCE35DQ9iOtCAyWG?= =?us-ascii?Q?u+DwuxgP9WxIiDKFJWJh/W9H2+lVRZTM5rToZFpM7S/iPXTxcbdzxgPOmQ0j?= =?us-ascii?Q?xkPytXDtsq+DPWkJ2o5HieKUL/ibzEORsc+hO/8w12nOvdKAsHpgpTtZua88?= =?us-ascii?Q?l8h2xtheeRLm+w4LzU0sWTOJDqQsX4lqurqPhiiGxK06yZyk4x7WvJbI9Q3R?= =?us-ascii?Q?y49uH4TlhoeFKSA4PVpkHJ2MS4Ln7oJ1AtjvTjChqg8PS7gI/5e1cn0ACOVl?= =?us-ascii?Q?yY1q9ZJr5Pci8wxJQu3kg0D3FqD94INSTWsG3lLoobZyagecJIedoto8L9wH?= =?us-ascii?Q?THlM0XDGJgvu+HijoNK4TIhf/657P4QsM1I/iQizR3oBYs6CxYCeZZwUGdt6?= =?us-ascii?Q?lQ=3D=3D?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: VSaISTGUh9NdVUK4JXMKw+HnNqQjplG6ssDieZJvzcPZGo6YDoiLF4ytE2b29e4WAetAGlc0SJGoy9zwehXljU7/o67DupxdCcEmgj0dL7ixpb8y/Bh+O5JevYaBipd/GdOlhi8EKAlLywA+2LLRPnqPBtzPcci/Qghgcvchg4F98wdql3jEo2AmYZB/I5FUKvgh+1y3gDNdbBtYHwdjBDZ332NdG1X1hQsDsSa016sces0G/2jZsgyMloGQwcv6TFIpIQfirNN68juAEDkO/SF2TVYT62S05I8jBGDQ49mrxBz3H8sCDa3fXbzLQ8UdMwyY5KLDhYoxtVMo0ZEcLeHET3+PBE7SDCMJtZsWEC7KxAdOvSxN3jkgB/FC31VOnlZQ0FLvqqumSEJvDyH+yapRLs6pmNIhB0Bxe3RbTpA5jIugxNBEEnvNW7kJbG19xoEg5kT2EN/KEGfNFR6Tsk1HUra79zXSvZmVqm82km/pFPhVhrwhrazTNv/1+kz80nIhXyKiKSIQIw98X6JTpxLFVNiSKx3coAZQj4QT1ij/rUVVZic4YuqCFldLQsNijDqTQ4MWMCA3ZdJW34vD0+bmi+OXK9fiLgOC97WV7nc= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: d35d2c16-e2cd-4b1e-4d3a-08dd2b2162cc X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3366.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2025 11:34:15.3391 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MM8JwPpti/f2WHMtlWOTFfM6buce/5sKljMC0YLJ9fohSyKDuG9UyeG5ccjxIFMHY/rhhykVn5jmNfHU+XZGETPyzG5Um9FQ0VzvGKKsjyU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR10MB4521 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 phishscore=0 spamscore=0 malwarescore=0 suspectscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2501020100 X-Proofpoint-ORIG-GUID: f7vrGwxYrZz3pHo6zHA84tjB7ilCw1-2 X-Proofpoint-GUID: f7vrGwxYrZz3pHo6zHA84tjB7ilCw1-2 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 01F8214000C X-Stat-Signature: udfkc95xhuxj7hag5igqysqzas5eyz6a X-Rspam-User: X-HE-Tag: 1735817631-671820 X-HE-Meta: U2FsdGVkX1+B1t48e+hkqm9zO1+X2lTcDk232nVxbY/I05s/Ke8tCqj0jevU7jEcgcY6C1UsIWJ8MHTCRElaHbhVv8c/kFBAsPlXF3gYuhk+6I8l/YtneYk6yZioN6USlw4RlFFmz05A8BRKkCDwI6FhAGUOfBJSuuyJ7CWwbXal4jaF9gjupdsXZdQcs50xw58R24sGVvH+YU1OKQYqZmXr5ElW/kwyGXSi6T6ylBDMVUrqtbYInBzfzFRTkafXBX/7hrynC6ju/EOW0D6vwErSVAhxxip+RbJDOiZ+BvZOg6wNskeChewqs9wLilVjKaBU0esf5534cVOhxjm4n1P1PG35KlqwnSt625nk4LZvSa5/GAgYQwSQPflgmkZN4W8jBN+AYCMqbUOFHY6TpO5FfqWlzy06oTI4rWLXOE+q1iZzrvdzpOk9/GK7qI5waNmedcN41zDTSjbeRileAluePJkGw67wpK6s51gZZ6Fs/jZflGnjVmMZE4K182utNC4a3YkMo/ImGxDVG/CJ2A2rpcut6IB965xEuVVQhWynRBqd+70Hczh35D8nNanGOGiMf1EsUm3JKi7OAmWalAdhKkZYRlVBjrmWop75yd345MExX08I+BZi1gQj5vkpfvGv+pRknNDVEpMLd12sNSeHR2AcfNcGTEGCtPZsMmW7EyHvtAE/VFX0EY6KfAl9sKgUx63iBfxdRZFWgfDVhpnu4kNhUmy4YBA1pjzCVDFokWN0yvbj1nbUuD+JALV/dbqdqrfC5WoDLy33N/tZVLdoFmb0GqbIYq8L3o3GirYk0DKpX3n/SC/ZDalCbyMxdcEdTRIa+lG0gW7g7HQjCEJbYRgJUw0YNm3rTWpM4Lz/jr7d2DWoBjjZdbXeGQ0T3DyLaXn26ajw+mDV02Ms3JvPsWoCvK3+lerI8ZKovQhLgi1kGdL2bY+OhXmre8CBpSmuUvdtZaQm0pnz74l T60uMTB7 z4ZytgIlbLZ2kIsmgeeQJW8SFP9eO4h+UBL5DJYwG5YTQJ6mztKPILPi2+nteNcGXkgw68WfRZ/qxwnYWvmrUURKFl0PJddqa3UODw7cfLosDqzjPtFTX4sQAT4TMAhOUE2Y7S/L56Y6g/TxRyG6+XxLgRaC+PU4c01QwyH+yG/Y45066pHn8yrOnL2dl6NdwT+BeAsbaFE5Fp3LbgUUPA8/BSLXezpDKHNkWe2LmoBlXPjy+h2jAaUO9DmJJUFkIuurrY7HQjW5ylgvfoVeF8W5a48meGRdjA6P5KFwQBgL15Ee1YChI3+4gNUQG6u1g2ufAeaCOXNZTMTYDsV1w63hufR6d2L9UPVlmeSPYqa+UfQDopdXH3DyItnsZEx3TF53eGfNcrvUYaKdI1sekv051jOZ4XduMQfVi3n8KcWVp2W8TuptSQzlqd9hevSeNxF8YTWfLpNOBL3JC9hbB2Vzku87a7yf1uq/q75q7Itptf1GlDFPd3PXTK5X1UUY+ANOZfb5478H7iYB9gfmHPr1XMpzp/0nWbDrV6A4BU35VrgbYXzUbEteD4MUUUrlcDE5cinl/qlsLjVrpxfGdlfRuzJeRDjZ905Z/5dhmZ16bYn0uzTKxZjI2fizYmt/AWAzEknFww1UCB4YYEAgZYCfkNLft/2WjRA0F8Neapulecd5/eBbxnj12HJcyUan+fGld5Z9NQX2//icr1zxaw7DzjIj2B+BMAcDi93X8Mrid8KuDrK2laK2pW82EVLc6f3Tm4IzKWrAxTSxvsHciHrlNtOs7dRx8Bp3vN6vgmcavmeMfKEN6WH19ufMSztyIvf+Cw+YnT1Rlbxhn+GdnyC4V+X/XN/vFrhe87464atTR2DESGj5cpbSYyMo9zkOzfO7uSuCINB2oS7WGi0jzwu7fHQ/Fs/wlYsXuE05TiqL/7uoXpFZlibbZaVqnumH+Wx/NiZ887wsCMewvekswaOBXxQ1R a3K3sGRU DI86/ARbhdCQyYn6av74gsEkiecX52/HN832kQaxo3Ar8NI2AMB4EXBZ9RURSK0wkr3DHbFLkgHkxTjfX7T+va4n55uyC50lZRafEYjzzBvVwhMYPHVO1/AI7AHeHP1BSETGw1Ml2ME33ZyrEQ1nqMnk37GOmroG5+TRb32WRF3TyXGm1gv9hS2BlBtzeBZ5wHIN2NOYrxdjkGuLbOFMN30p1jMaySa/FnjA3mzz901QfVopSRyZqoUBEgK1SSI1uUinn+jnE15OkY8YBlUuRYWTcp9w+P0Q6/f9YRedHd7gc0/sv8oNEw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: TL;DR: There's not enough to go on in this report as far as I can tell. I will do what I can writing some general tests to explore edge cases but this is really, really odd + fact it doesn't repro is odder. And this report just doesn't have enough data (I will work on seeing if we can provide more...). On Thu, Jan 02, 2025 at 10:25:49AM +0000, Lorenzo Stoakes wrote: > Happy new year! > > On Tue, Dec 31, 2024 at 08:50:23PM -0800, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 8379578b11d5 Merge tag 'for-v6.13-rc' of git://git.kernel... > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=16113018580000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=d269ef41b9262400 > > dashboard link: https://syzkaller.appspot.com/bug?extid=46423ed8fa1f1148c6e4 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > userspace arch: i386 > > Hmmmm 32-bit? But kernel reports give 64-bit registers? So I guess 32-bit > userland, 64-bit kernel? > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > Hmm. Racey thing? > > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/86d2e3352aff/disk-8379578b.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/345570cd3573/vmlinux-8379578b.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/01da37a51505/bzImage-8379578b.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+46423ed8fa1f1148c6e4@syzkaller.appspotmail.com > > > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > ------------[ cut here ]------------ > > WARNING: CPU: 1 PID: 20504 at mm/vma.c:734 vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > > It'd be nice if syzbot could actually print the code that generates the > warning :) a nice-to-have perhaps. > > This is: > > VM_WARN_ON(start >= end); > > I suspect start == end, because start > end would be some drastic and > god-awful bug. > > > Modules linked in: > > CPU: 1 UID: 0 PID: 20504 Comm: syz.6.5485 Not tainted 6.13.0-rc4-syzkaller-00069-g8379578b11d5 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > > RIP: 0010:vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > > Code: e8 20 24 0f 00 4d 2b 7d 00 4d 89 ec 48 8b 7c 24 38 e9 7f 01 00 00 e8 3a bc a8 ff 90 0f 0b 90 e9 a8 f1 ff ff e8 2c bc a8 ff 90 <0f> 0b 90 e9 0e f2 ff ff e8 1e bc a8 ff 90 0f 0b 90 4d 85 ed 0f 85 > > Be useful to get the kernel disassembly too :) > > Best guess wranging a python script and objdump: > > 0: e8 20 24 0f 00 call 0xf2425 > 5: 4d 2b 7d 00 sub 0x0(%r13),%r15 > 9: 4d 89 ec mov %r13,%r12 > c: 48 8b 7c 24 38 mov 0x38(%rsp),%rdi > 11: e9 7f 01 00 00 jmp 0x195 > 16: e8 3a bc a8 ff call 0xffffffffffa8bc55 > 1b: 90 nop > 1c: 0f 0b ud2 > 1e: 90 nop > 1f: e9 a8 f1 ff ff jmp 0xfffffffffffff1cc > 24: e8 2c bc a8 ff call 0xffffffffffa8bc55 > 29: 90 nop > 2a: <0f> 0b ud2 <-- presumably here? This is an undefined instruction... > 2c: 90 nop > 2d: e9 0e f2 ff ff jmp 0xfffffffffffff240 > 32: e8 1e bc a8 ff call 0xffffffffffa8bc55 > 37: 90 nop > 38: 0f 0b ud2 > 3a: 90 nop > 3b: 4d 85 ed test %r13,%r13 > 3e: 0f .byte 0xf > 3f: 85 .byte 0x85 > > Yeah this might be a mix of data and code somehow or just garbage? Not sure > there's anything discernable there unfortunately. > > > RSP: 0018:ffffc9000ba274a0 EFLAGS: 00010293 > > RAX: ffffffff81f6b804 RBX: 0000000020c25000 RCX: ffff888060ad1e00 > > RDX: 0000000000000000 RSI: 0000000020c25000 RDI: 0000000020c25000 > > RBP: ffffc9000ba275f8 R08: ffffffff81f6aa0d R09: 00000000280000fa > > R10: ffffc9000ba27810 R11: fffff52001744f07 R12: 0000000020c25000 > > R13: ffff888069b666c8 R14: ffffc9000ba276a0 R15: ffff888068d0b1f0 > > FS: 0000000000000000(0000) GS:ffff8880b8700000(0063) knlGS:00000000f5116b40 > > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 > > CR2: 00007fa9de2c0018 CR3: 000000006b562000 CR4: 00000000003526f0 > > > Call Trace: > > > > vma_modify+0x41/0x330 mm/vma.c:1514 > > Just passes through start, end (in vmg). > > > vma_modify_flags_name+0x3a6/0x430 mm/vma.c:1563 > > Just passes through start, end. > > > madvise_update_vma+0x2fe/0xc10 mm/madvise.c:159 > > Just passes through start, end. > > This means it was one of MADV_NORMAL, MADV_RANDOM, MADV_DONTFORK, > MADV_DOFORK, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_DONTDUMP, MADV_DODUMP, > MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE. Actually could also be called via... incredibly... prctl_set_vma() which invokes madvise_set_anon_name()... > > Yeah we need better error handling here, because this report is just giving > us very little to go on especially for a non-repro. Will add to TODO. > > > madvise_vma_behavior mm/madvise.c:1325 [inline] > > Just passes through start, end. > > > madvise_walk_vmas mm/madvise.c:1497 [inline] > > OK here we find VMAs and walk them. > > We explicitly check for start >= send if start < vma->vm_start. > > I wonder if the visit() call is splitting the VMA which confuses the logic > here. > > s e > | | > v v > |-------------| > | | > |-------------| > > Split: > > s e > | | > v v > |--------|----| > | | | > |--------|----| > > prev = this VMA. > > if (prev && start < prev->vm_end) > start = prev->vm_end; > > So we end up with: > > > s,e > | > v > |--------|----| > | | | > |--------|----| > > tmp = vma->vm_end; > if (end < tmp) > tmp = end; > > That tmp assignment will reinstate the broken end > > And... boom. > > Let me check this out and see if I can trigger it. > > I may be missing some safeguard that prevents this... OK so this case wouldn't happen as we check start >= end at this point. I will look at adding some test cases around this to see if I can figure out broken scenarios. But actually, if this was some structural thing like this, a repro would be trivial. There are cases where the mmap lock can be dropped, but none should be invoking madvise_update_vma(). OK this is really really odd. The fact there's not a repro suggests something is racing but we hold the mmap lock so I really can't see how that's possible. This report is just insufficient to go on really. I will work on: a. tests that explore odd scenarios in madvise_walk_vmas(). b. getting better debug data on these asserts. c. refactoring some of this HIDEOUS madvise() code. But for now unless we can get a repro not sure there's much we can do. > > > > do_madvise+0x1e64/0x4d10 mm/madvise.c:1684 > > Here we explicitly check for start >= end: > > end = start + len; > if (end < start) > return -EINVAL; > > if (end == start) > return 0; > > So overflow is accounted for also. But since this is a 64-bit kernel not > really a concern. > > > __do_sys_madvise mm/madvise.c:1700 [inline] > > __se_sys_madvise mm/madvise.c:1698 [inline] > > __ia32_sys_madvise+0xa6/0xc0 mm/madvise.c:1698 > > do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] > > __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 > > do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 > > entry_SYSENTER_compat_after_hwframe+0x84/0x8e > > RIP: 0023:0xf7fc2579 > > Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > > RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 00000000000000db > > RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 0000000000400000 > > RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > ---------------- > > Code disassembly (best guess), 2 bytes skipped: > > 0: 10 06 adc %al,(%rsi) > > 2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi > > 6: 10 07 adc %al,(%rdi) > > 8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi > > c: 10 08 adc %cl,(%rax) > > e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi > > 1e: 00 51 52 add %dl,0x52(%rcx) > > 21: 55 push %rbp > > 22: 89 e5 mov %esp,%ebp > > 24: 0f 34 sysenter > > 26: cd 80 int $0x80 > > * 28: 5d pop %rbp <-- trapping instruction > > 29: 5a pop %rdx > > 2a: 59 pop %rcx > > 2b: c3 ret > > 2c: 90 nop > > 2d: 90 nop > > 2e: 90 nop > > 2f: 90 nop > > 30: 90 nop > > 31: 90 nop > > 32: 90 nop > > 33: 90 nop > > 34: 90 nop > > 35: 90 nop > > 36: 90 nop > > 37: 90 nop > > 38: 90 nop > > 39: 90 nop > > 3a: 90 nop > > 3b: 90 nop > > 3c: 90 nop > > 3d: 90 nop > > > > > > --- > > This report is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this issue. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > If the report is already addressed, let syzbot know by replying with: > > #syz fix: exact-commit-title > > > > If you want to overwrite report's subsystems, reply with: > > #syz set subsystems: new-subsystem > > (See the list of subsystem names on the web dashboard) > > > > If the report is a duplicate of another one, reply with: > > #syz dup: exact-subject-of-another-report > > > > If you want to undo deduplication, reply with: > > #syz undup >