From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDF1EC83F0A for ; Tue, 8 Jul 2025 17:52:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DC9BC6B009B; Tue, 8 Jul 2025 13:52:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D7A486B009C; Tue, 8 Jul 2025 13:52:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CB79F6B009D; Tue, 8 Jul 2025 13:52:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id AD4506B009C for ; Tue, 8 Jul 2025 13:52:30 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 7D58D80138 for ; Tue, 8 Jul 2025 17:52:30 +0000 (UTC) X-FDA: 83641842060.01.D1B1B2F Received: from mail-il1-f205.google.com (mail-il1-f205.google.com [209.85.166.205]) by imf27.hostedemail.com (Postfix) with ESMTP id CF55440014 for ; Tue, 8 Jul 2025 17:52:28 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf27.hostedemail.com: domain of 321ptaAkbAJACIJ4u55yBu992x.08805yECyBw87Dy7D.w86@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=321ptaAkbAJACIJ4u55yBu992x.08805yECyBw87Dy7D.w86@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751997148; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=gWnidTTeSra3WF98GI4dV5FN+0aF0vTBcFMmeL1ZvCk=; b=t5iF8kCAw5qR2AqLmiHzyX+UvFevtdBB4xnWwgKfs1bvoyctdPGKfWJZpf/mGTWfSQVoVS wjX850uhLYrKTbSvy52dBMsFKS9/R/6KVtutJMorUEVPuWdeul3Tw4vfcEO4bxq+nG5Hh2 MUqXm37Sqf8VWRZIPkNHRB3G3j0NWQY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751997148; a=rsa-sha256; cv=none; b=wmsPNWehDPGUKTDE24YvKaXRg4lf4Mnu/pZhAdRNIT57J7WaWts5oQbexyfpVwmilg/Ozx dQa1KLaAXAtJqjFPyqp5TzCsL9CnCNwMw/C0xNBFoyNP2qcMHUy79ZpG985WvGPwZa9owa M7Xtl7dXDmsHPSwRVM368GraTswKDv4= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf27.hostedemail.com: domain of 321ptaAkbAJACIJ4u55yBu992x.08805yECyBw87Dy7D.w86@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.205 as permitted sender) smtp.mailfrom=321ptaAkbAJACIJ4u55yBu992x.08805yECyBw87Dy7D.w86@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com Received: by mail-il1-f205.google.com with SMTP id e9e14a558f8ab-3ddc0a6d4bdso46232155ab.0 for ; Tue, 08 Jul 2025 10:52:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751997148; x=1752601948; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=gWnidTTeSra3WF98GI4dV5FN+0aF0vTBcFMmeL1ZvCk=; b=e5Dil9Zd58lwW8Y/Icg8ugX3O/rS6KSc9jzjzpkvUTSjYcwZBp0U+qg9gK8L4QiZES E3Pctwjt3WlGM+4hj0Uw5UwFWO2JVqFiLJKYaiVtzw/lSBXqFKTCxzoLiWKSM6l8Slbu xUFOAX4vHWyePsdLP77p5qYFgq6H7/AttSHwxuScMKxWUw85XgdfhyadCCRvCydiQBjK 28HmzusRvJ/GrEs62l65tQ1dtTxw6JYJg+Kq95nrhDa1VGDInplIRcVCH+apsYootZuH L27X9IHgz6x7mL88Z4I3psmMMgTB4Jsyz7fwJjV4AcSDaLBMCT/+kOLu92mWsPn/Vhj6 8E4g== X-Forwarded-Encrypted: i=1; AJvYcCVGvXVERL+MN8ERXOJaudv56iTGIKOX/eksEXBOlVK9+BEk/SIpEBNKQC8mW8KdLlt/P40CQzTNfA==@kvack.org X-Gm-Message-State: AOJu0YwG0gHINXMnIvLkKmEgvuoczyuOo2ybFNqHyHaAppC71VnBN3WA FdjnL8YMlptitRYU7XO5YE70kYoOSyDc7lwoKalw3CtOYEQJw02rqicC8LHFKOWvcAB8a/ghKJf 5NhFjPieyJ73IwPz/AC7Gh7aLnibmSsW0EkAVZ2YWzgjEvaFu+W+5pLgVn0o= X-Google-Smtp-Source: AGHT+IGW/048da5zHXurQSN7syVQ1cbpRMtzZBF6b0MhkvexY8CN/0/5qbUxPQbspCfJ/GFlNEdqmhamrHDV5hiNpp693+ZduZ1M MIME-Version: 1.0 X-Received: by 2002:a05:6e02:170c:b0:3df:4cf8:dd46 with SMTP id e9e14a558f8ab-3e135564fa8mr136193525ab.10.1751997147070; Tue, 08 Jul 2025 10:52:27 -0700 (PDT) Date: Tue, 08 Jul 2025 10:52:27 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <686d5adb.050a0220.1ffab7.0018.GAE@google.com> Subject: [syzbot] [mm?] stack segment fault in mtree_range_walk From: syzbot To: Liam.Howlett@oracle.com, akpm@linux-foundation.org, andrii@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, shakeel.butt@linux.dev, surenb@google.com, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Queue-Id: CF55440014 X-Rspamd-Server: rspam03 X-Stat-Signature: s6pyz8xgao1r6az9xufu9hwh6bq8ygfc X-HE-Tag: 1751997148-300069 X-HE-Meta: U2FsdGVkX198l5UYcaJRXCuPGEWZ+MVeLq9VngtX9Z/mFvtNRFyxvzudAvTBxVG3ZAcU7XcXE9MEdL4rW8pO0OskJNR/B1Z5yOiO3UWMEoJDipgaAmMYcThX8Q0ChXX7FFHtRzvrVtk6dgJuLobU4MoQEGJuebf8y2Lx+ZK1iSeIbgIr/7YvuEbR3pq0KKlCHYEZvcexvMreo17MfYjwLDR8v5AHq4+lYDIZPJLkYtSCz+m1iWKhPdF671KA3vJh89W63YVFYr56SCoiwCRh9cuEGgjQsPetRdxClR3ZoJ/Ae4m7YqBhr+6Ej3tSgfWrTW6njQ6PbeU+g36nf1XpBCoLvmHKIQ96AxxwYhw3udaGBjbwW6UTCbDKavejgNe8t/nSoy2k5y0ZvyaSOuy2egwGJ+mLa4ewZwuOb6C6aykSSm3bHQ3bsgrDTXadzdZFck2cxPvVRny7Kep25aLdvX6BLzdeUk7OXHDuj4fkCkHlbVH7iRtX7j7d2Pmv2V/8h3rtXdK8iYzdIJKoYtWSllmjphZvj4ObR2UinLtSJ9Jy5kygb6V2hk3ND6WkjzhO7Sp48mvhK2z08T3Os2f/oZmx7sTvq+Sii815aaDm44aQdczghaoVizoKFS/q4hiO/FQtKqamGeFWA/DlqfuK8goS9oUQZ2I+npWb4Gfajs1nCxMYwSY7cg4o+n1Q6OQsTr5aHWDdMPpd9KOWv5HmySEdGaLXhTzD+bb+eIDZke0oUzVNY6GLIjxIBTTivCVJO37+W1O+eAPnJd8PBzNuYZEUOyN/lHFmS7ndSZU4AGJiXt5ohQq2u3wKe1407TyBEUxOIV8h7mB+yFiT60dDK/Bj3MDJWg1PxlkY1SYZR8O/97xjdeDJuf5/wJaXbZvckzxuDDfhrSkZcoQYuuopD2hJ4ueS4q7bhDiiHT1xXq4wOxiqINqnRdKt+bQBIZ6yF23qR4D3qZYH3+etl2V gSpRYpHJ ZKqq2jgmWcWl5M3U43knJrZfLEHqavzdFi9uSOojty6FUv92IP5vG8eSaZ2yTAXJzOGJ/9Xb2RqUAZ0HdWycKaWuCI7zJR8d+G2CDG1p1wZMrVJL9XQvlL/n0Z1RYN0FzSvfPKcfv0eJb369bY4bM4BrpwoDxkU3KwxE15B6nbuDiddXBhaVprg1KSMboQf/FxWsNLOBuXsNCkOBkM0BeHl0JCumwD4UT38TOY+mi8P7Cjp+64Zz6k51bGGLtzu2dAt9liI2dNf+lHSLWGd0OnX3sxJwwU6EFcQGrKk10bDZ2yUlK0ZFkdmEwymE+cC0DUq9xcUY3KbgrbTBIH+Id0L2K46r0Lnj0e5TRsGqZb7vBmX3ogIWVCzwF5CpF2kAs+B/x5Zrb+HihI2xnN9zOeMJOmSYCfN9HmIIXf/bJJAIbizJlPueDveEhWdmrwznfXhKOUJLks0+L9HjkCWxtv61wvIk5DI0ZvTIm/fJ3W5a5tZyKhPT/iYC3AkzhKnYYZ9xKukmmzriSi4bndnzbb2a10CBbp522DoHFH3jNnoEOZ2rXzb0eEmmH4Ih22y333PVek+9Sdb7lQF4/uHYwU1vxTzv+jQiuobTOOpqJwU5+xZr3DyuXd/5nAnx68U4hxpslZpklsId6D9K8d43lj4Bpol5Qv9s+GSG++nQTFQu7pDgk+ORrSzGPSwulqyF3KEMrx7ywjX9ugGeA5gs9ZOFxqkr6PVBoRCQoG9RC+7ytcd025LlSDmuITLl3sdF7mS3O1bsEfQRDHsYQ/IuhK3rS4v6G7f+xcU9i1bb32jQhwdHTGT4MaN2R+1VAD8FrtoPNk2mlBtP6r43EzP+ulRewmyRI1U3ZrA11BG7MurwPunAlAzWSI92T6mjdUTY0DBlmLzIfcmJZQCNmXLMjoBicXi1mDOW+2B2O6+rtNF4L83OHJ+koAZohXgHwPkFEAjSmyP63AyLpjO2Mfinkbs5GIZwQ dtB7uUe4 33Weyx3gHkq//TjdXqzw/ash+AKulXtFAygzbPfNGHRHpJbeHtWUMCYY/Cflzunbz9TdEB55oYKNo/uUJeiwv4Yp3zMYWMgRXGNPUuMT/VC0LC1VMSLNoF8fSHqXFhkpPm03fNjufkG7tC2u+qSz6do1PN+uK4GwS7LH0ZYV+pP3ke5g4EcFK4ywBsqpDyC6l7Q2nDU4IVLplHihhbGi5d07JbWIgJWJutdK0jSOt8JUeBhL5h8Br/GLr5U7LOfqDLS+YM6rxhECF9CcpHlx5dI7g0y6x2UzCgqzCJOG+F8JSSAiDxjXfXeIMd6EB5ZRpjfn5/evb0ohZm56ylj9PyGohKri+dxOSDG337s5pHkYrGX54RvYtG70jFNHbLryKn5/gl2Yf6XDOrhpAwmNCl4gQYEY0F2I X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: 26ffb3d6f02c Add linux-next specific files for 20250704 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13eedf70580000 kernel config: https://syzkaller.appspot.com/x/.config?x=1e4f88512ae53408 dashboard link: https://syzkaller.appspot.com/bug?extid=8d7491ac5a289af56d5a compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e15582580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101edf70580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/fd5569903143/disk-26ffb3d6.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1b0c9505c543/vmlinux-26ffb3d6.xz kernel image: https://storage.googleapis.com/syzbot-assets/9d864c72bed1/bzImage-26ffb3d6.xz The issue was bisected to: commit 6772c457a86536f3496bf5b3716f34a5ac125783 Author: Suren Baghdasaryan Date: Tue Jun 24 19:33:59 2025 +0000 fs/proc/task_mmu:: execute PROCMAP_QUERY ioctl under per-vma locks bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12cad582580000 final oops: https://syzkaller.appspot.com/x/report.txt?x=11cad582580000 console output: https://syzkaller.appspot.com/x/log.txt?x=16cad582580000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8d7491ac5a289af56d5a@syzkaller.appspotmail.com Fixes: 6772c457a865 ("fs/proc/task_mmu:: execute PROCMAP_QUERY ioctl under per-vma locks") Oops: stack segment: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 6058 Comm: syz.0.18 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:mtree_range_walk+0x2d7/0x840 lib/maple_tree.c:2773 Code: 00 00 48 8d 04 2b 48 83 f8 01 0f 84 b4 00 00 00 e8 6e c6 4f f6 49 83 c4 08 48 ff c3 eb ac e8 60 c6 4f f6 31 db e9 e1 00 00 00 <80> 7d 00 00 74 07 31 ff e8 3c 63 b4 f6 4c 8b 2c 25 00 00 00 00 48 RSP: 0018:ffffc900039df9a0 EFLAGS: 00010297 RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000005 RDX: ffffffff8b6fe83a RSI: ffffffff8f893390 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffff888025693c00 R09: 0000000000000003 R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f67b2a0b6c0(0000) GS:ffff888125ce7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f67b2a0af98 CR3: 0000000075f14000 CR4: 00000000003526f0 Call Trace: mas_state_walk lib/maple_tree.c:3630 [inline] mas_walk lib/maple_tree.c:4933 [inline] mas_find_setup lib/maple_tree.c:6012 [inline] mas_find+0x8e9/0xd30 lib/maple_tree.c:6052 vma_next include/linux/mm.h:864 [inline] lock_next_vma+0x101/0xdc0 mm/mmap_lock.c:216 get_next_vma fs/proc/task_mmu.c:182 [inline] query_vma_find_by_addr fs/proc/task_mmu.c:516 [inline] query_matching_vma+0x28f/0x4b0 fs/proc/task_mmu.c:545 do_procmap_query fs/proc/task_mmu.c:637 [inline] procfs_procmap_ioctl+0x406/0xce0 fs/proc/task_mmu.c:748 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f67b1b8e929 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f67b2a0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f67b1db6080 RCX: 00007f67b1b8e929 RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003 RBP: 00007f67b1c10b39 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000001 R14: 00007f67b1db6080 R15: 00007ffdeba76008 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:mtree_range_walk+0x2d7/0x840 lib/maple_tree.c:2773 Code: 00 00 48 8d 04 2b 48 83 f8 01 0f 84 b4 00 00 00 e8 6e c6 4f f6 49 83 c4 08 48 ff c3 eb ac e8 60 c6 4f f6 31 db e9 e1 00 00 00 <80> 7d 00 00 74 07 31 ff e8 3c 63 b4 f6 4c 8b 2c 25 00 00 00 00 48 RSP: 0018:ffffc900039df9a0 EFLAGS: 00010297 RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000005 RDX: ffffffff8b6fe83a RSI: ffffffff8f893390 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffff888025693c00 R09: 0000000000000003 R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f67b2a0b6c0(0000) GS:ffff888125ce7000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f67b2a0af98 CR3: 0000000075f14000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: 00 00 add %al,(%rax) 2: 48 8d 04 2b lea (%rbx,%rbp,1),%rax 6: 48 83 f8 01 cmp $0x1,%rax a: 0f 84 b4 00 00 00 je 0xc4 10: e8 6e c6 4f f6 call 0xf64fc683 15: 49 83 c4 08 add $0x8,%r12 19: 48 ff c3 inc %rbx 1c: eb ac jmp 0xffffffca 1e: e8 60 c6 4f f6 call 0xf64fc683 23: 31 db xor %ebx,%ebx 25: e9 e1 00 00 00 jmp 0x10b * 2a: 80 7d 00 00 cmpb $0x0,0x0(%rbp) <-- trapping instruction 2e: 74 07 je 0x37 30: 31 ff xor %edi,%edi 32: e8 3c 63 b4 f6 call 0xf6b46373 37: 4c 8b 2c 25 00 00 00 mov 0x0,%r13 3e: 00 3f: 48 rex.W --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup