From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DFCAC36010 for ; Sun, 6 Apr 2025 00:16:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D20CE6B0006; Sat, 5 Apr 2025 20:16:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CCF506B0008; Sat, 5 Apr 2025 20:16:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B96776B000A; Sat, 5 Apr 2025 20:16:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 9C7F96B0006 for ; Sat, 5 Apr 2025 20:16:34 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E9076121777 for ; Sun, 6 Apr 2025 00:16:34 +0000 (UTC) X-FDA: 83301702708.01.C550BC5 Received: from mail-io1-f79.google.com (mail-io1-f79.google.com [209.85.166.79]) by imf01.hostedemail.com (Postfix) with ESMTP id 7169640007 for ; Sun, 6 Apr 2025 00:16:32 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=none; spf=pass (imf01.hostedemail.com: domain of 338fxZwkbAHwx34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.79 as permitted sender) smtp.mailfrom=338fxZwkbAHwx34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743898592; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=8fv3R+oS9w0q7qzp6DbGGfEsM+2K+8Plh5Y77NHX8tg=; b=spNM7jdI6WERdQx1UKX6y1Q/sVhWhn9HaDl3WtSoodVuFTKK8d0Zjeowwfl6Ygl2/LRB87 iBkj7bLOTMtcEtm14BqeWMg4IpyqgsADUkaZFf1bpB3dMvyjFkyYQHsOtCi3x3I0zJGMvm 9hT8WdPUt0bkuHPu2ytyKmXlcc0Kfbk= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=none; spf=pass (imf01.hostedemail.com: domain of 338fxZwkbAHwx34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.79 as permitted sender) smtp.mailfrom=338fxZwkbAHwx34pfqqjwfuuni.lttlqjzxjwhtsyjsy.htr@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743898592; a=rsa-sha256; cv=none; b=NKD0KTcQvXyAQWq8Ymn5Wy0mFrpdIlRJoTYxV1da3zra+vzB/jhxQA5/4k+n+6BbXJ1uNx JAE6VJ16+zWIVb5A4yvpLoO0f9gBXB8WNZIjlf9Zg9n2aE48xrUqzVwbd+sgKQHxCIgQGY tN25p5/nJ2urhpCippit+DUaC40ZfnI= Received: by mail-io1-f79.google.com with SMTP id ca18e2360f4ac-85e7f5129d5so283798039f.0 for ; Sat, 05 Apr 2025 17:16:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743898591; x=1744503391; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=8fv3R+oS9w0q7qzp6DbGGfEsM+2K+8Plh5Y77NHX8tg=; b=ak0MvoM7U/MVHVGfHDqGzgCCjWAvAA9u1zfu7mcay60ZRY9tEZgxpV3XSxYtLmcMmY ux+TooTx3EF4lhpFv7r6GGoZ6zpBW3dS3apy3Ohoz1eKVzw5iB9BYtrjPB2Ehw6Zoa+X znQRNEbUSLiJuyKjT9jECw1HY87eMnZEriL/GWh0Bub/RcZOMENA3KzEsK1718Xyc2xX NMPQk9Go4RZ+T46eE5OaFzTkEmUClLOK+tncoRvAw2qx8Ue88IKT3i/29ny9G8XZ/nhm qd5QoW/lsF6wvtAyfCRonXOzwz7U0dfEEOvpLNL/Wu9YLa/y/ox+7J/9M+e7+m6ZbfS2 GlZA== X-Forwarded-Encrypted: i=1; AJvYcCWldzofTG7bmgtvOvQeWm2zAwGlrZudVjJSLG6JFFw1VNj5JJMVSlHuvv1uFHAaXKtUKwMJtaYlcA==@kvack.org X-Gm-Message-State: AOJu0YwG1fxE3LGDRP7o4QY7+8C5xLMGmkIIdb/yziGGyr3OaPpUldJ0 8KmN8Jpu6M4SCWzk6NOlHN9Vk/assa2uGsuBF0bRpjMde/vFbXEDbXkttZYRaAAMXvX6RWJhYk+ S8hW6Lge8lfVTsOOlO42mFSqPAp/uGg+OKhz4wcqipN6/MJZkRCrmBwk= X-Google-Smtp-Source: AGHT+IFFm0SbyjxmrAZLwkahCEgaApSxPTNpIfZ7SqbpF/25/8dC12TaS1UbJsGPqE+XHJFbKdJC/xtU3GPABABhFHk5CISrZ9wb MIME-Version: 1.0 X-Received: by 2002:a05:6e02:154e:b0:3d4:6f9d:c0d0 with SMTP id e9e14a558f8ab-3d6e3f054bbmr82970655ab.8.1743898591486; Sat, 05 Apr 2025 17:16:31 -0700 (PDT) Date: Sat, 05 Apr 2025 17:16:31 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <67f1c7df.050a0220.0a13.0256.GAE@google.com> Subject: [syzbot] [mm?] general protection fault in mremap From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, liam.howlett@oracle.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 7169640007 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kwgpcadnbqh14u658cr96cbo5gn3srjq X-HE-Tag: 1743898592-858014 X-HE-Meta: U2FsdGVkX1/usWzykSyi/xhHbQTLn5NK3u9S0asgFQWsiOFn1KVJMUjDNj4CKvP2zP9DMof2rBoWss9tlyVYlUDNEqD4JzhOwnqp6B0vI6VKC8XLXH/jD2psxtTSMHRpPrtwG6bx98R34Dk1aN8f8vxCowp9XTUZEw6HbvKbevfWO9nmrd+J8xxxpQwbrOC/lmfvWbdCXby7SvtXM5fuWwT84jwqDKNdSiT42gkO8ZcHx/1d1vvTQxsr0qd+eJnhJ9qSjSrVGlzvTwkEaPi3L7rJGYEVuEaPPJr3HceitBOomXk6WZHD5Ih+wb8LONbVCWUgHMmn/eCmXecPjkxb0fvp5qtk/8NEHuUi8JvZRlULS72i8eN61lDQ1m4MxdeSk2xQCuDQTILZxe20HYSw2vT9tVoBeSN5dthYZBtfKtp5iMFAjpctZ9kmzwb/LX8TUwl+xdm8LfKeTLfSM/tjZYa04ymGVL7NvnURbnEZeSQV91DFB15P0FzutizWAOTCQ4cn1lI0j5LsLrpIDOOVCmv6RkG0joc8Dn4dVtm5Xd+JOz52pLvkkx369+ws4srR1iqPr9gH5HYiDcH+U3tvIph+9jko/kRvzQ04WIVV0Jwmk/twFCVqLOlC4hVM/NSv4LMEC/FJtYWz5o4GgbJRAfCI8VZJrbSFXcoxuHyPH0WX7ksxyDGyecGYLrcw4M+Lyv1X9h7PbBjvM+8gLWT4wLSnYm+Ho/78CFushL5UIU6t5jLjZGPbKgkc05GEx1lB8ZbV9Lomkki2thcrtup2qWj8kkbqCWZ87bCa9SfOhD914quiIUzAJkG7nNHT9fP7CMZOyytLL25zVvgnA7Grqgh2hR74xV3RR1W3WTQXBAo8mhIQXH/lP4WDKLFT+SJNJhQN9UIWPHv/26SVADdo5UQhKIEw0371+atmmlYsiQjoPRg0ILRYDR15xGGCLw/dWTFAyrctUHKdFP4nXyB H9jSJ9vz +V2VAGK7eQdOJC7waMRbJLnl0JuM0ql00ajccyMDXST1eZZl6s0yFTzpQsq1YLW3kpW6OcZBNg9wuW9z/QbnDE8qviHx+MZLlRzWBUYYaDt/D05kROC1bglYyg4yQRDWK5ENFyOu+e3jq71kR1UM1/4Wg7j7FDiHxFqxiSZr9clYiJ+wEq5FM5o5W+YzWv5n+ggv/DK2sJnU8KSeN7aqxMEOmc5klglfLGdhB/Kih1JpYBEUrewAehSW/uU0zHCWo4npLeM+lCi2jCBqH2KY9qRpmrXc3Hxu7YMupjXR57dY610FT0k1XVw8ywxb1R+rIglV0y6Uejo+BlBszkLSefa5wsmxfMF2wQ7H5wKf7KT9uZQmshoolL0EC9JesnWjh5iP6FG+Fxzc2nm6Z+Mz1QSGI5msuApIpT0pSvQBd4w+aWguCGa6W/y4oWZYfxvpXFfEzcNui5xCu6iuXE8jqDVkiP/Iwv6W2tCuXAkLpK0eYdZdNS9XZgCYTnHXhqmWj9TxwHNRSt14wMvsrPhyEU9rgpq0o8pJ4ZS+2qTnhl1DQvvy7kUKC57fBfKN4Nk4SiZuSEgM3ZzA/82lyhdDwZBw4OA48ZYsUAWwpCJpzupOutwFzTEie7lkE67ejZALe+GVVkmzeHr+xgGhpaueaxR0CReDbF5LUDu2F1DjZfGkGKF8reaCfPl+JoulqniaK556TwmJI+P+fpCe3HjxkoE2StyJN7nL34/Vej605eLNWVNl3OKaDOWn4rOz1CToJz6C5wIU7X/Xawjjds8X+b+90iqdlAjf5rz4rybdWZCcBpopLOdMhmN7ORDEFmOsiQCxHAMJKClwSwAWqZ7w9b+0U1Y0MsvHxsQOZbajm5fxdPbNXZZ79oHlvqyAtqJ9OUo7NXTA6ceK2d7NqcCCSdG7V7ccBZndm43EDwD0K9niZucneQzOUjAz+F2plJCTXoUpMZHV8vvDKNBLueEmyjqqiCFQl EHC2Oysi +4DPRA7BKb4AXS6p7DLk+CKD/EdD7JXfZXRgOWgbJsn9kv1AU4lcM0t+JjMKunACt4+a8hyFWQ52YfB+CtIU+2EVkcrAzlBZ6IB5KG81+4WkE+QUaP6gj0gLDzaamozG6q+yWskSpbXrrRofAJOmu+05fsO9HHS7qVKKEKTBUIBfK8EMGt1PIWGmr2S1NIwHRHsZ3Ui2AITBghPDJHgKGHmDHEFsT3ysI8nOY10cdVZenT1DprsDiLC08rBPJ7zO0I90piRTNeWv3wkI0G/lpqVuSRiyqsr/kV7gP6UqM6BXuWXlzhrljsH1tNemVTgzu0sSfLfn4eIV8uc47AL4UsU6gHRnT+S2ERz9fHbaa6/ILLCiIODA23GocTxzG9uF X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: a2cc6ff5ec8f Merge tag 'firewire-updates-6.15' of git://gi.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=11ab27cf980000 kernel config: https://syzkaller.appspot.com/x/.config?x=adffebefc9feb9d6 dashboard link: https://syzkaller.appspot.com/bug?extid=5250c4727db03e3436cc compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1693d404580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178ac94c580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/8ecd2318067e/disk-a2cc6ff5.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/05691b82062c/vmlinux-a2cc6ff5.xz kernel image: https://storage.googleapis.com/syzbot-assets/4698994e99d4/bzImage-a2cc6ff5.xz The issue was bisected to: commit d5c8aec0542e2d79b64de9089b88fabdebe05c1e Author: Lorenzo Stoakes Date: Mon Mar 10 20:50:37 2025 +0000 mm/mremap: initial refactor of move_vma() bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11ff2a74580000 final oops: https://syzkaller.appspot.com/x/report.txt?x=13ff2a74580000 console output: https://syzkaller.appspot.com/x/log.txt?x=15ff2a74580000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5250c4727db03e3436cc@syzkaller.appspotmail.com Fixes: d5c8aec0542e ("mm/mremap: initial refactor of move_vma()") Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff0b8738c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007fff0b8738d0 RCX: 00007f46ffb182e9 RDX: 0000000000003000 RSI: 0000000000001000 RDI: 0000200000ffc000 RBP: 0000000000000001 R08: 0000200000ffa000 R09: 00007f46ffb80031 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f46ffb83618 R13: 00007fff0b873aa8 R14: 0000000000000001 R15: 0000000000000001 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] CPU: 0 UID: 0 PID: 5820 Comm: syz-executor115 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:vrm_uncharge mm/mremap.c:964 [inline] RIP: 0010:expand_vma_in_place mm/mremap.c:1566 [inline] RIP: 0010:expand_vma mm/mremap.c:1621 [inline] RIP: 0010:mremap_at mm/mremap.c:1682 [inline] RIP: 0010:do_mremap mm/mremap.c:1727 [inline] RIP: 0010:__do_sys_mremap+0x1392/0x15c0 mm/mremap.c:1784 Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 18 34 af ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00 RSP: 0018:ffffc900039dfd20 EFLAGS: 00010293 RAX: dffffc0000000004 RBX: ffff88802b765a00 RCX: ffffffff821183c6 RDX: ffff88805c7b8000 RSI: ffffffff820c0cb8 RDI: 0000000000000005 RBP: ffff8880341fb780 R08: 0000000000000005 R09: 0000000000000000 R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000002000 R13: 1ffff9200073bfaa R14: 0000200000ffc000 R15: ffff88802b765b70 FS: 00005555814db380(0000) GS:ffff8881249b8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff0b8728e0 CR3: 000000007802e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f46ffb182e9 Code: 48 83 c4 28 c3 e8 17 1a 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff0b8738c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 RAX: ffffffffffffffda RBX: 00007fff0b8738d0 RCX: 00007f46ffb182e9 RDX: 0000000000003000 RSI: 0000000000001000 RDI: 0000200000ffc000 RBP: 0000000000000001 R08: 0000200000ffa000 R09: 00007f46ffb80031 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f46ffb83618 R13: 00007fff0b873aa8 R14: 0000000000000001 R15: 0000000000000001 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:vrm_uncharge mm/mremap.c:964 [inline] RIP: 0010:expand_vma_in_place mm/mremap.c:1566 [inline] RIP: 0010:expand_vma mm/mremap.c:1621 [inline] RIP: 0010:mremap_at mm/mremap.c:1682 [inline] RIP: 0010:do_mremap mm/mremap.c:1727 [inline] RIP: 0010:__do_sys_mremap+0x1392/0x15c0 mm/mremap.c:1784 Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 18 34 af ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00 RSP: 0018:ffffc900039dfd20 EFLAGS: 00010293 RAX: dffffc0000000004 RBX: ffff88802b765a00 RCX: ffffffff821183c6 RDX: ffff88805c7b8000 RSI: ffffffff820c0cb8 RDI: 0000000000000005 RBP: ffff8880341fb780 R08: 0000000000000005 R09: 0000000000000000 R10: 00000000fffffff4 R11: 0000000000000001 R12: 0000000000002000 R13: 1ffff9200073bfaa R14: 0000200000ffc000 R15: ffff88802b765b70 FS: 00005555814db380(0000) GS:ffff8881249b8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff0b8728e0 CR3: 000000007802e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 48 83 c4 28 add $0x28,%rsp 4: c3 ret 5: e8 17 1a 00 00 call 0x1a21 a: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 11: 48 89 f8 mov %rdi,%rax 14: 48 89 f7 mov %rsi,%rdi 17: 48 89 d6 mov %rdx,%rsi 1a: 48 89 ca mov %rcx,%rdx 1d: 4d 89 c2 mov %r8,%r10 20: 4d 89 c8 mov %r9,%r8 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 28: 0f 05 syscall * 2a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup