From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0802AC36010 for ; Wed, 2 Apr 2025 00:00:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 85A7A280002; Tue, 1 Apr 2025 20:00:21 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 80752280001; Tue, 1 Apr 2025 20:00:21 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6F5FD280002; Tue, 1 Apr 2025 20:00:21 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 4F8AD280001 for ; Tue, 1 Apr 2025 20:00:21 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id CFD5A160A16 for ; Wed, 2 Apr 2025 00:00:22 +0000 (UTC) X-FDA: 83287146684.12.6809A49 Received: from mail-il1-f208.google.com (mail-il1-f208.google.com [209.85.166.208]) by imf23.hostedemail.com (Postfix) with ESMTP id 298FE14000E for ; Wed, 2 Apr 2025 00:00:20 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf23.hostedemail.com: domain of 3FH7sZwkbAAk178tjuun0jyyrm.pxxpun31n0lxw2nw2.lxv@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.208 as permitted sender) smtp.mailfrom=3FH7sZwkbAAk178tjuun0jyyrm.pxxpun31n0lxw2nw2.lxv@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743552021; a=rsa-sha256; cv=none; b=t3qQQV/Z/fu51DR/aNDTP5+IPG5PNVPpaduW+omv/HQ3ZuCNDjDI8nuvCWyasL1Xk5Wl8r +X2P7i5UY4H5jYIdTrS67Nx5pxEQKbTdjtvpLAzcep0d4Ne2gDgAB+EFObKmK+RFAegrPR dnftXFNGm6ZNpmHSIPFWCupwlpDPeuQ= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf23.hostedemail.com: domain of 3FH7sZwkbAAk178tjuun0jyyrm.pxxpun31n0lxw2nw2.lxv@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.208 as permitted sender) smtp.mailfrom=3FH7sZwkbAAk178tjuun0jyyrm.pxxpun31n0lxw2nw2.lxv@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743552021; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=yMAfIYcFj1qjq2nRYNfobHVPBwq21ej/2TORAiiD/+s=; b=ElcZRrmr2xKHL6+ifSJN6Hp5KOK92I8Q0n7tydMPrzaiOSD4o+bdJBKUi954ny6CLpPHBs 1l18Z/6r+4PCFsuJ4TMwhesPPkbvpbmeKsZyGkQAWl9RoO12nP1xbVwo34NAOQZ5DhjM0F NYDhaxxGwxFnVQioabuw8Yg5wxsSxXU= Received: by mail-il1-f208.google.com with SMTP id e9e14a558f8ab-3d451ad5b2dso4634145ab.0 for ; Tue, 01 Apr 2025 17:00:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743552020; x=1744156820; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=yMAfIYcFj1qjq2nRYNfobHVPBwq21ej/2TORAiiD/+s=; b=V3IpIF2A28t7lvzKX6/oWmkc9FdkwToEDcJSNj4kTWO0d4NPkApPH2TlNGMP7fIqPj uP7HjtkKbA3PJJfPuSk3yUTtlODDQUFrcl8mWU64wk3c0hWVN3HNF9gMZtsq/0TDnfII wOtrbUjj4cvjdDr8gKgLZHZqjfkCo/RBuwiXXsrN4s+BCs/mI2ZiXK3SjRDGOlBTl+YF AjGCiuOQhpm0AbfUxFggZ6dWV20947PUNoo73lD2mUQ4CPWjGgk2SSxK5lZpjUYiwnNW CSn4j9lc1x9ebIkHLCQCYFMM/EGWptXGGEmFHA6V4406Yci13kHJeRaJBEGpzvU16vdj Z/mg== X-Forwarded-Encrypted: i=1; AJvYcCWJLDzJ5X9I5pzHU9j+q4lZgZ5CC+FeGGRdwUb4Fi/YEjdQALoj7ENKSJG64FFt5ZFMTxtxVxx7Wg==@kvack.org X-Gm-Message-State: AOJu0YzJFB83ammg/pqczkiwaibl//J8JatQoHTSVlEAkOqOFp4gQ4ha plrQRQQw6S87/xF24ja/YCvqlakQCOOG3fZNitu9bxYVErtLrLQkcH6xJpT0D36J0UdLTHhXH5d KxBd9E7ucE2HpWbqNaJUukowlRqNw3930M8uZt5NWvz0m1I7fJq2NZ3o= X-Google-Smtp-Source: AGHT+IF+QsByIZQoylrcRV90u6uZIfirICTRvZm4Iz5qF99s6r7+2pxjlr1qAsH+QT0M3ZuZlyRjbUWUej2MmMfjNh8MMSzP89N/ MIME-Version: 1.0 X-Received: by 2002:a05:6e02:3498:b0:3d3:f15e:8e23 with SMTP id e9e14a558f8ab-3d6d6884cc7mr108795ab.10.1743552020298; Tue, 01 Apr 2025 17:00:20 -0700 (PDT) Date: Tue, 01 Apr 2025 17:00:20 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <67ec7e14.050a0220.31979b.0030.GAE@google.com> Subject: [syzbot] [mm?] general protection fault in sys_mremap From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 298FE14000E X-Stat-Signature: b5m9d6hsmu6hm4aumsk3948mndh1rs1m X-Rspam-User: X-Rspamd-Server: rspam06 X-HE-Tag: 1743552020-726182 X-HE-Meta: U2FsdGVkX1/sbOlSSlZbmvGkXR7hbPe3QirqUQmPV5VnW8/HB/BAMrFQCJB7o5keKNs/dIfKV1qMh0epHwbnPzZyIKVpuGz0i+QVx17g5UQxec3lJfcVRtpoQkgqszCxfBWR5l+thW2VLoga0EWRCQ8VYLCmCtt46QGoH3ixFn+ikx4yRexDV7SGB5zSiZrYQLCY/ifLz7cbejcldrkbyvACvIFW10zCCxqyD3r2z4jc6/z4mCbTlGhCB5PRn5Zh+wLTE4H0fvDXFEgUp/zfvnUx5Q4CEBpQx4VjpumXJAVt3eYDRkzH8qHlq6C1E8tKENc+n+lQsGdoAzrXRhAObMbsMqmZy3zXRO0vvkQ3WWU4zEipx/Vq4d9TRp7mU7K72yktLl5WJxr4Z+aRxAbVzKH8DOQSw6PO73Vi/kDb2Rkw7KtAYXbDuRzl7Tcb4dyscsZ9WMVwG3dcQn+MNgMxbzisbEXv0ivZqHEb1bNZqo90KN5Ch+QFesh6du65TMQIGF7VKdX25IUHt/FF1D6XWZzpgrI4uyszkJirVgPA1FSxvasNOB8vS3gpvoG2+6olVFpQasYlWYDm4b5lXp/dJFEYqxcSVLYTwZFGSKz+5dq7Ug1i2a27BH7ZPvMgAQcuSfeTDEUExwLHZx/9C8jfpn/PF+muXhmKXkGGpml5WtpJPTP/oVhbCBmt6LH93dRqGypcJSwK3CtNDW/BsGFumQj5FbXUywt2fq7m855zmRUWwcImUNV+9gALsUzDwoNkn2Kn+jUs+OD/aj3bxN5yMLXbhzTfO+Ay85L2fkXcWwnkOBQmAV1fCk39tTss0jYmJNPaW8fE4T4nMr2myriqua2MJUdrVKsgGH9aGUqrnzf+fYlGstVOJhj+W+ioAsKTKr2/xOh4OI40QZVg5ZO7rWDDX9zGPJfp+g96KWu6ywsyhy9wcCz98erAVzzhpHF1pEyBsJOdzAeEpxIkmv/ 2pdTH1T3 EId7iEIfxuR0q8ieN9Ridct188cezrmLw263yHQm0Ex33lJClF3bud5ouW/hTQMl9u1TGpXy3wXrZXYTR9NiKB7Jv9in+iV2YjnCaA+Uc/EkkaCN3VPT4uEDQtyWuAKbWqfMcJVjQDriluw/YU7uwlwQFIggpnR2eKIHGSpcnV8j3cEEStoOGSU2Z0jsb1paUvMl4ht8rnq5s4BtlVb2x6j3b1yk//R84JgzmtfX0R7NOMGy1Fq5fa3VMJFx7dyJMdEvTic89EoZAYAQd+mHQCpPGcdwc2pbHEuLo3hWKVzeTZ0GO8+mCSbPJ0h3gRi7/zfDP4Bd2HOy0oId8aiyHJQ409Tq3nKRadnggbni3yKL/MyT9zqH06CPfgP24vOVR3U/OILngz7BWJQuUuRBQNVUk98cs6sXSoeGoRs1hsa5hhUHNHY+5q11VAS3mQ8aGYpOKQXAYl7mUruyXd6q+pj+mXGVO417KhQVjG1OmBQBoQy50KKp4QSk6kaua+orMdOoAjhBOItgtm4mHU72harI4ME34vdWFphbMD1OMC0lF13x++IJUsEvHLpV5i11oeyRz9xPYzCZztCYS4jiI6tZ4CTQMrLvESj4Do409UdEwIKd3ohgPXBhqt7vn20OAjRVUZ5bHlVZiWzXX0wsxE4j0jBfLvQVPJk/iUzUKFL8FFhGAfMZCrRjqUGeBsmF4vjhazwZOi3rYoNRWhwbpms1xCq414Lno21YGM0DkA94TdW88P7T7ndNz89adtwHFoxDg/RQI9u8YTO3smIgkHzKEbCfkquzQT6jcUD4A8H8B7VZLJDRJ4zeqbGvSsUB8qeNAPCIfdYe6kTUdcWktEen3RLnHz3rdV3ZlAhXXwCnAxrSEqjZlzyaZXlFv7FTVU1+kXXY6foz0ob731j1L/QrOjfw7df0EiilILdOtLtpudWZwJzVtp7Ydo09Y3D+XB9WumSoZKX7ddrL40DyliOkCQxZA jvO1oug1 1+XnIVKB3bxuo8C/eRff5glX6BSDGnQkpzuzzISwhw3Yn4RNAa5Dmz+HA3GqKQzSBNIVT/l05mFfMVQtGjB95rSFBBa1MGjgQ1N8TkY3NxJqtRMSXf7R7ZKWvAXkJjCyVYNMcrBcLbZWnVMe52fGWEMrSz8Z4OgM8CyTaKO7GVFaQSJbxuhpb5dhA7hG1GmBF8Ptonu01yjpyrMlS8rtJlMr+8JKfeQU9SjKKxsdHOVOg3mJCJIuvogAASJbMSNStQcopKYgEz5Pwd2uuOlRFqPbGXKqI7yElXis4/fCNHcZVwVbRgz4jjW/+lgISpoBJV90aeB1+3hpkskHGfO7gsppER1DproP0XAxlG9/yX/AC4pQ+53fa1CIcbWNYhl8P5EhnllgXou7kqX3GPPNYy6f9aBlcqqx X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: 405e2241def8 Add linux-next specific files for 20250331 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=164c9bcf980000 kernel config: https://syzkaller.appspot.com/x/.config?x=f2054704dd53fb80 dashboard link: https://syzkaller.appspot.com/bug?extid=e3385f43b2897a19be24 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/7f800beaa14a/disk-405e2241.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a573ae9a8887/vmlinux-405e2241.xz kernel image: https://storage.googleapis.com/syzbot-assets/f4f732eedbc9/bzImage-405e2241.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+e3385f43b2897a19be24@syzkaller.appspotmail.com Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 UID: 0 PID: 6953 Comm: syz.1.290 Not tainted 6.14.0-next-20250331-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:vrm_uncharge mm/mremap.c:964 [inline] RIP: 0010:expand_vma_in_place mm/mremap.c:1566 [inline] RIP: 0010:expand_vma mm/mremap.c:1621 [inline] RIP: 0010:mremap_at mm/mremap.c:1682 [inline] RIP: 0010:do_mremap mm/mremap.c:1727 [inline] RIP: 0010:__do_sys_mremap mm/mremap.c:1784 [inline] RIP: 0010:__se_sys_mremap+0x25fa/0x2c00 mm/mremap.c:1752 Code: c0 0f 85 0e 05 00 00 0f b6 9c 24 20 03 00 00 31 ff 89 de e8 c8 16 ab ff 85 db 0f 84 7b 01 00 00 e8 bb 13 ab ff e9 9e 00 00 00 <80> 78 04 00 74 0a bf 20 00 00 00 e8 c6 2d 15 00 4c 8b 34 25 20 00 RSP: 0018:ffffc9001c347b40 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff92003868fca RDX: ffffc9000d093000 RSI: 00000000000000e0 RDI: 00000000000000e1 RBP: ffffc9001c347f00 R08: ffffffff821d1414 R09: ffffffff8c2734a7 R10: 0000000000000004 R11: ffff888026f55a00 R12: 0000200000ff8000 R13: ffff888034282000 R14: 0000000018000098 R15: ffffc9001c347cd0 FS: 00007f975bfad6c0(0000) GS:ffff888124f95000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f975bf8bf98 CR3: 000000005c0a6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f975b18d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f975bfad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007f975b3a6080 RCX: 00007f975b18d169 RDX: 0000000000002000 RSI: 0000000000001000 RDI: 0000200000ff8000 RBP: 00007f975b20e2a0 R08: 0000200000ff8000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f975b3a6080 R15: 00007ffe4ecc7008 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:vrm_uncharge mm/mremap.c:964 [inline] RIP: 0010:expand_vma_in_place mm/mremap.c:1566 [inline] RIP: 0010:expand_vma mm/mremap.c:1621 [inline] RIP: 0010:mremap_at mm/mremap.c:1682 [inline] RIP: 0010:do_mremap mm/mremap.c:1727 [inline] RIP: 0010:__do_sys_mremap mm/mremap.c:1784 [inline] RIP: 0010:__se_sys_mremap+0x25fa/0x2c00 mm/mremap.c:1752 Code: c0 0f 85 0e 05 00 00 0f b6 9c 24 20 03 00 00 31 ff 89 de e8 c8 16 ab ff 85 db 0f 84 7b 01 00 00 e8 bb 13 ab ff e9 9e 00 00 00 <80> 78 04 00 74 0a bf 20 00 00 00 e8 c6 2d 15 00 4c 8b 34 25 20 00 RSP: 0018:ffffc9001c347b40 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff92003868fca RDX: ffffc9000d093000 RSI: 00000000000000e0 RDI: 00000000000000e1 RBP: ffffc9001c347f00 R08: ffffffff821d1414 R09: ffffffff8c2734a7 R10: 0000000000000004 R11: ffff888026f55a00 R12: 0000200000ff8000 R13: ffff888034282000 R14: 0000000018000098 R15: ffffc9001c347cd0 FS: 00007f975bfad6c0(0000) GS:ffff888124f95000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f74d4f78ab8 CR3: 000000005c0a6000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 0f 85 0e 05 00 00 jne 0x514 6: 0f b6 9c 24 20 03 00 movzbl 0x320(%rsp),%ebx d: 00 e: 31 ff xor %edi,%edi 10: 89 de mov %ebx,%esi 12: e8 c8 16 ab ff call 0xffab16df 17: 85 db test %ebx,%ebx 19: 0f 84 7b 01 00 00 je 0x19a 1f: e8 bb 13 ab ff call 0xffab13df 24: e9 9e 00 00 00 jmp 0xc7 * 29: 80 78 04 00 cmpb $0x0,0x4(%rax) <-- trapping instruction 2d: 74 0a je 0x39 2f: bf 20 00 00 00 mov $0x20,%edi 34: e8 c6 2d 15 00 call 0x152dff 39: 4c rex.WR 3a: 8b .byte 0x8b 3b: 34 25 xor $0x25,%al 3d: 20 00 and %al,(%rax) --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup