From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FBE9C28B30 for ; Sun, 23 Mar 2025 16:49:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C66E1280002; Sun, 23 Mar 2025 12:49:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C14CA280001; Sun, 23 Mar 2025 12:49:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B03B3280002; Sun, 23 Mar 2025 12:49:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 91D77280001 for ; Sun, 23 Mar 2025 12:49:26 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 2694514034D for ; Sun, 23 Mar 2025 16:49:27 +0000 (UTC) X-FDA: 83253401574.09.635CA24 Received: from mail-il1-f207.google.com (mail-il1-f207.google.com [209.85.166.207]) by imf13.hostedemail.com (Postfix) with ESMTP id 48E1220006 for ; Sun, 23 Mar 2025 16:49:25 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf13.hostedemail.com: domain of 3lDvgZwkbANEFLM7x881ExCC50.3BB381HF1EzBAG1AG.zB9@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.207 as permitted sender) smtp.mailfrom=3lDvgZwkbANEFLM7x881ExCC50.3BB381HF1EzBAG1AG.zB9@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1742748565; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references; bh=r1K/68S4OqioDylsGfQbj1ArMhhEArjI36Bsf8QVhEk=; b=IY31ssGHcm8pqQ7QuiHnwqsPJcahaoX6+v/Le1vOJjsWueeOGJvLYTtTvm5lE3WjXd+iDm RoKbuz6k9eKSuy+Gw2HWuVhlcorW5pdwYdv+80qAd9WGf6IHCWgmi84MrXTVCt8kkD4+VA LaneYBE8mQcYjK8zVqI9qGEHdEHO63M= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf13.hostedemail.com: domain of 3lDvgZwkbANEFLM7x881ExCC50.3BB381HF1EzBAG1AG.zB9@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.207 as permitted sender) smtp.mailfrom=3lDvgZwkbANEFLM7x881ExCC50.3BB381HF1EzBAG1AG.zB9@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1742748565; a=rsa-sha256; cv=none; b=4Sqj72koUEsO/Tcg5JztXgWKgDMp2XCd3tEFKvxSBOhl6RQH6nZuWEmZYOxTXvFeUvSbcb jV5UiOSdiK/bGACwIHY6MuhheaDHs7jBhtqwQNtvpss0EPlGmGyx9KXjgzOWGNuKmalpvu 96Jgd7k9xr317CTsed0kw9YCfoeBNfs= Received: by mail-il1-f207.google.com with SMTP id e9e14a558f8ab-3d43d1df18bso35963735ab.0 for ; Sun, 23 Mar 2025 09:49:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742748564; x=1743353364; h=to:from:subject:message-id:in-reply-to:date:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=r1K/68S4OqioDylsGfQbj1ArMhhEArjI36Bsf8QVhEk=; b=bMn2IL+hLSbHHKJKWm1/KGMheBZKfHKMoxUxhf5WzokiobcshO37ASEPgyW2qQ/shk FwQgxegm+SXS0/oAwgKxHNoZCgUvKSV5b/gfMVDGOkIEayJkvOuBPDNIkdZD2Np3AWR4 kotRmNja0uGNOkojUh2wCnf7csYtl/cCcpKFbTiGOSd9JBnWRboBgmhbs+vbaZ7gS4uP SUQ6GGn0t/ZrWlepOkXX58Gj5eE9gEMD9/0hy0nSb8p8rC495PKiG1AhYNM+11eAogMb 6teRwUJ14N9AjYxoOWaj5G4YaDt9l+gTcBxOZTOAlSGRju6N23ZfPchOXmA2ggopVTr4 OCzg== X-Forwarded-Encrypted: i=1; AJvYcCWVSqNgbldUmHo+kApvBJf347Xrw+wAkUEodSM/K/fX61u+wSWJZq+Af8rOB6kzwQXl31cmROIPRg==@kvack.org X-Gm-Message-State: AOJu0YxC1zaYwPjOu4VZwGxLm80TbB6tWruNy9gQXKYGn0PIpHh4zPgC nbuKpsRO3iEXysinzYfHrsZu5bOhmumiByjA3maRTqudw1QRg4lKX2R3ln22CMD2mRkbn6K4fXt eTNgmNLxAu1KwGxzYHyMbxaFIBaf9FO7vlDqKOr7dOsnrsyO24DglfgU= X-Google-Smtp-Source: AGHT+IEgm/UDkvAHeiJntjWmyHAaiY4bPxTPEsPq5BclJIAfecGG+wxA+hvJ52EYob3UYEBcxZOUKD+4WnWBzPPHFY7BV3GbhdKR MIME-Version: 1.0 X-Received: by 2002:a05:6e02:18cf:b0:3d4:2362:98d8 with SMTP id e9e14a558f8ab-3d5960cd0dcmr100813435ab.2.1742748564374; Sun, 23 Mar 2025 09:49:24 -0700 (PDT) Date: Sun, 23 Mar 2025 09:49:24 -0700 In-Reply-To: <67dc67f0.050a0220.25ae54.001e.GAE@google.com> X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <67e03b94.050a0220.31a16b.0061.GAE@google.com> Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in vma_merge_existing_range From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, liam.howlett@oracle.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, pfalcato@suse.de, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 48E1220006 X-Stat-Signature: wmthx9rosy8g39zzs5ghqwwxuywxudq6 X-HE-Tag: 1742748565-488646 X-HE-Meta: U2FsdGVkX1/PxoeLLUuZzRYD3uWu3i/l7CPjD4wudwlkbDr4GeKI3ACQreOXg2im555evSv/PyL8/J3iLm2cRTiNp8cFmMPKG2KSG1bAuqsdZ8beaKFsJaPHbaqsLuAWFAxjjMuWC2gV3WdFBwm50kiJGFjHY9b0sD3LVrGydg0cmiSDaF/hlvViQ33sJtcd5IsLafKkt9WaqfonPq6xNyjactum6PzZmdIsDDQ1uLxDBG82gnAPINx1t9U28qTUbGid4YmhIjlQ276DOFGAQEb29xZs2ZoQH/IF3/JnMDJE0i+4cd5KDKHJCISHSTvP3WoUHRIKIlb9YKUkIzB4/9Gf+a8W5AmEi4JpGH97M0nQ86o6G543TZ/NibR2eCr+myrwlxTtc3JFsA0x8sN5GCopiYcVE4j1vnSYaNiFnmapGl21Alf7GDDmvU8ToNEE6qG6EzO5GSqEkfy+DyVHUdL3tXG3IvafgQc2ZPRM5hXmCUAElHY68PYNiOOui3K0CO60W8g23HjqJyJ1U9oekUsk0KotmD+I14LpX8LHzPLZRjk4LAMjYcDaJDIW+bLRD/y7L36EzzsslYkqWjPj7S6xEA6ytsYNNWfzIgS45ddY6xloRyY0G/KgKV3YjRKvL2pcvkwDhRfGcL6WqaIs5BL/spkuUNkpRIHVWhmI6MrcfvqmsCA429J0NNh7QWIGwKCXhKd0H4P6wkUDPcbVFXCgXZoidAFcH/GvZCPOVsgFvPp3VcEuDn2rMQ5HwzKlKHGXwenAVtPmGToOZNmSJlXn1p0yiUNDM0wWy/CsKNOhShYW1q1mCSFxeaUxTgIGVIKobosOEdGUVJogU1H3eXVpBFht1qoknoftZ8bmRjwNUV6u8lVknT5dlGTeW5WyhvJDjkrmHmeoPiVVR2A5sjq9CbW3GoODtXM2Y5CJPyCVlqvfmPBXw+GXuZvsy9LCBvQa/VyOfxL9JHI0k/O OXUfyZ1E NWb+GivGoLPt57mG41r1SkHSkDIeoOlGlaGFSiCzbVHdxBnVwdnqxXlRAiXzVRmfEoq86aTf1Q1a//G3M6GPxssJ50mB9+tvyNqvY5wj/+zQ3HiHeixYXoyxzpvtSL1pSPYqxoxYmijOdIx0e98r6GNo4XeEmiMW0jlXO4pDYFulCiehx4WnERezaAxQjsWU8J9hpSrei+jC6Oba0SYfjC1i8fWw+t8SIS39w4jOpeCv8W/7G0GIZPmzlNtvDFniN4lahNNXavucx4QWIyV2G/2VbdFSVfhVcHVswDtKTIkFh0PwwmVTaM6WF1/a3JQsNvFxViwNSq57sg8rKNK5ZUJ/MkcXDVSA6N8CWfYwMxB43BxAYR/lHutltbdgd0De3mKMLLV4oLHRNmE9Up83MerCX+kVhZ6BtcyH0StMI710Yq0/FuEQOS4zTqSQDgDaTfxRoiNhiMhVdvwN/vGIMkwU6UIuMPGmtHsUDzdhgFr6vu4g0ksJaG8U9N2k32MVma2ioqbEC32W6WN/Nr787icGDaBL9oMNztiYIIV7Mx/DbHiggqDjJrkIDj1s86plU0LqCdRUT2Hh+dViUFI+zYUC2NxWoWAoz5IMVUrHtiaXbYSygnYpmqN/nkv8Sn/4WpyXKnnCCvaOMxJtbmX2WiWRdB/r5wywlXtiiqnww6PS1z91/aQJEkvrSr/jhBgRE5TCcbg89je2KwK1DG7kbhDA/v+GEnLMY5TGGHZGxQ/B0QPtg5X5tGRfJYupSqqePy/+Y1a7uiTLa+kVD2j6yCHyWHKf+Vj1h4ni5eLnZdsCYtF4aSDVV0t+AkVijHbFjzr+pWBPqzp7Xk3RwSDoesmCDjT/Lst4mGyY7Sbmfb8nEHQs80QOnNdxQ8NZMNFLyu1ZiO/HEVa8e10DkirX5NjfboJSN3R+X30TOuTWgNXsScIUv8nJbJ7ti/Hdts7xojIy7XRN2hFk5+agfhWRD3nVMo83i w2Bq4WXT nxs0s0tc8Cen/jcZAzbynQwsqKbaTo4iVISA/4BQyw5j1oVM8JpRZSuAyK4B0miT6x/3wO6xhRaVbS35klNmuaGnuHbISlQLPGwEEty4iwIGNKerNxDB0wEp0g7IRCLk+C6MInRvA8aQczK/a1L5cwaXy5UxtK1sIGFU5CNKKINqtRxH9QWjtKQgX8P8HE2R4sSBZ7Bh4F/M+So18XMV2bBPbGEKgTS/ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: syzbot has found a reproducer for the following issue on: HEAD commit: 586de92313fc Merge tag 'i2c-for-6.14-rc8' of git://git.ker.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=162b7e98580000 kernel config: https://syzkaller.appspot.com/x/.config?x=2e330e9768b5b8ff dashboard link: https://syzkaller.appspot.com/bug?extid=20ed41006cf9d842c2b5 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1196f3b0580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d3dc4c580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/3cb302fb058e/disk-586de923.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/6d42da95fefe/vmlinux-586de923.xz kernel image: https://storage.googleapis.com/syzbot-assets/5a9e686ee97d/bzImage-586de923.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+20ed41006cf9d842c2b5@syzkaller.appspotmail.com RSP: 002b:00007fb22df1c208 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: 0000000000000020 RBX: 00007fb22dfeb3c8 RCX: 00007fb22df69099 RDX: 0000000000000006 RSI: 0000200000000240 RDI: 0000000000000003 RBP: 00007fb22dfeb3c0 R08: 00007fb22df1bfa7 R09: 0000000000000033 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb22dfb8284 R13: 00007fb22df1c210 R14: 0000000000000001 R15: 0000200000000240 BUG: unable to handle page fault for address: fffffffffffffff4 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD df84067 P4D df84067 PUD df86067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5822 Comm: syz-executor515 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:vma_merge_existing_range+0x266/0x2070 mm/vma.c:734 Code: e8 0f 47 ac ff 48 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1c 19 00 00 48 8b 04 24 48 8b 74 24 08 <4c> 8b 38 4c 89 ff e8 4f 41 ac ff 48 8b 44 24 08 49 39 c7 0f 83 db RSP: 0018:ffffc900034d7950 EFLAGS: 00010246 RAX: fffffffffffffff4 RBX: ffffc900034d7ab0 RCX: ffffffff820db0e5 RDX: 1ffffffffffffffe RSI: 0000200000807000 RDI: 0000000000000005 RBP: 0000200000ce2000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 R13: ffffc900034d7ad0 R14: ffff8880349961f0 R15: ffff8880122a6e00 FS: 00007fb22df1c6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffff4 CR3: 000000007d69e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vma_modify.constprop.0+0x87/0x410 mm/vma.c:1517 vma_modify_flags_uffd+0x241/0x2e0 mm/vma.c:1598 userfaultfd_clear_vma+0x91/0x130 mm/userfaultfd.c:1906 userfaultfd_release_all+0x2ae/0x4c0 mm/userfaultfd.c:2024 userfaultfd_release+0xf4/0x1c0 fs/userfaultfd.c:865 __fput+0x3ff/0xb70 fs/file_table.c:464 task_work_run+0x14e/0x250 kernel/task_work.c:227 ptrace_notify+0x10e/0x130 kernel/signal.c:2522 ptrace_report_syscall include/linux/ptrace.h:415 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline] syscall_exit_work kernel/entry/common.c:173 [inline] syscall_exit_to_user_mode_prepare+0x126/0x290 kernel/entry/common.c:200 __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline] syscall_exit_to_user_mode+0x11/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fb22df69099 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb22df1c208 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 RAX: 0000000000000020 RBX: 00007fb22dfeb3c8 RCX: 00007fb22df69099 RDX: 0000000000000006 RSI: 0000200000000240 RDI: 0000000000000003 RBP: 00007fb22dfeb3c0 R08: 00007fb22df1bfa7 R09: 0000000000000033 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb22dfb8284 R13: 00007fb22df1c210 R14: 0000000000000001 R15: 0000200000000240 Modules linked in: CR2: fffffffffffffff4 ---[ end trace 0000000000000000 ]--- RIP: 0010:vma_merge_existing_range+0x266/0x2070 mm/vma.c:734 Code: e8 0f 47 ac ff 48 8b 14 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 1c 19 00 00 48 8b 04 24 48 8b 74 24 08 <4c> 8b 38 4c 89 ff e8 4f 41 ac ff 48 8b 44 24 08 49 39 c7 0f 83 db RSP: 0018:ffffc900034d7950 EFLAGS: 00010246 RAX: fffffffffffffff4 RBX: ffffc900034d7ab0 RCX: ffffffff820db0e5 RDX: 1ffffffffffffffe RSI: 0000200000807000 RDI: 0000000000000005 RBP: 0000200000ce2000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 R13: ffffc900034d7ad0 R14: ffff8880349961f0 R15: ffff8880122a6e00 FS: 00007fb22df1c6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffff4 CR3: 000000007d69e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: e8 0f 47 ac ff call 0xffac4714 5: 48 8b 14 24 mov (%rsp),%rdx 9: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 10: fc ff df 13: 48 c1 ea 03 shr $0x3,%rdx 17: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 1b: 0f 85 1c 19 00 00 jne 0x193d 21: 48 8b 04 24 mov (%rsp),%rax 25: 48 8b 74 24 08 mov 0x8(%rsp),%rsi * 2a: 4c 8b 38 mov (%rax),%r15 <-- trapping instruction 2d: 4c 89 ff mov %r15,%rdi 30: e8 4f 41 ac ff call 0xffac4184 35: 48 8b 44 24 08 mov 0x8(%rsp),%rax 3a: 49 39 c7 cmp %rax,%r15 3d: 0f .byte 0xf 3e: 83 .byte 0x83 3f: db .byte 0xdb --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.