From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50D15C83F1A for ; Thu, 17 Jul 2025 19:13:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8EAD88D0009; Thu, 17 Jul 2025 15:13:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89FE58D0006; Thu, 17 Jul 2025 15:13:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 789118D0009; Thu, 17 Jul 2025 15:13:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 62D808D0006 for ; Thu, 17 Jul 2025 15:13:36 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 861D510CAFE for ; Thu, 17 Jul 2025 19:13:35 +0000 (UTC) X-FDA: 83674705590.11.B2BB49D Received: from mail-il1-f208.google.com (mail-il1-f208.google.com [209.85.166.208]) by imf09.hostedemail.com (Postfix) with ESMTP id D2254140006 for ; Thu, 17 Jul 2025 19:13:33 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=none; spf=pass (imf09.hostedemail.com: domain of 3XEt5aAkbACMRXYJ9KKDQ9OOHC.FNNFKDTRDQBNMSDMS.BNL@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.208 as permitted sender) smtp.mailfrom=3XEt5aAkbACMRXYJ9KKDQ9OOHC.FNNFKDTRDQBNMSDMS.BNL@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752779613; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=GWdSGCRq+7SVgHzFW0mmkhT41NWWYrMSP/M+TxAFGNI=; b=ZMsIPVIL1o553ojeDhlgY3kY9Hk9uGJNfQHdHoVC4V5+phMQLFy7S1EdlhtG5nIf1YC4ds x2+QQ9hjv3wRidr6R9AOK6+IxP8NVCNUhKJqc4/cqauHXEYpSiJu25WFkLn+MbYdQrkv49 5KAVzYS+dtsRyeXQiQ3M9NPdnsXS4sc= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=none; spf=pass (imf09.hostedemail.com: domain of 3XEt5aAkbACMRXYJ9KKDQ9OOHC.FNNFKDTRDQBNMSDMS.BNL@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.166.208 as permitted sender) smtp.mailfrom=3XEt5aAkbACMRXYJ9KKDQ9OOHC.FNNFKDTRDQBNMSDMS.BNL@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752779613; a=rsa-sha256; cv=none; b=m5N3w3M/gB5PGb9Xok+Mssj9WMLdw/9UmHH8qV+3TwIC3qFGaAeqyNnp6JakUCceJibBZY wrLO1sAiXh4nQzGBYwrc+AJjDsE7XDgH1pwRp+tmbWSQKmvIUjK6xvrj4rA34uT3tzrGAQ AZzqhzKbaGXv+ajVPmvOJ/J9IPbFNU4= Received: by mail-il1-f208.google.com with SMTP id e9e14a558f8ab-3df33827a8cso21726485ab.1 for ; Thu, 17 Jul 2025 12:13:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752779613; x=1753384413; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=GWdSGCRq+7SVgHzFW0mmkhT41NWWYrMSP/M+TxAFGNI=; b=ZU6KyFYfFDnoDNOY9fD2yK8JSFfb/rSs3dfHwr1fhlB1fZQuecld0ONkbb0medcCbX uOJYeImZ1f53TJ9ZUZ6AOYlH5ohD5geInIUi5q53NyYKYaEUHA965nGJfgfTBUhv4QFZ 5pExfdpCJjdr5pa0m3jzAw3xktHgjD36m1HOWEDAyd2W29ujrr0gLTRdo/VU9VuCYCr/ Y9jvcgtmxHrCW3geY/7qPiFgoN42kNEFYhoez9NRtyXfJKOsBrjRcRcVQ4evlZQXBjd7 t2bAx10g1WytrdZWamn0uYjVO1FU53rYfDMLT38djKa5wIvHzklbvRbQcEU75mdulDAl VSbQ== X-Forwarded-Encrypted: i=1; AJvYcCXWiVxa8mdHkYTumkLbMrEBawvqJQ4+is3rQMaNhjHXS4Z1WtJ2GS3lV7nbQHgHiJN5Zm+qJ8tujA==@kvack.org X-Gm-Message-State: AOJu0YxuWn4bdpq5186mrVHy3eSmJoLf0yNNRJv/+K7+oSbqXsNHMywg 7rENn7bs2+6npSt+P8K6eecgk3nYL59fEiXWg2+xOeJqXd36eWnTnTjIvjT7bGW9Ja8b3+GLBuy yK06SfJEzsEm/fnLQGAF85iJQEKOzt3TnfQGqXlhFW4ylYl+cCD/YUb0nsPg= X-Google-Smtp-Source: AGHT+IFOtEwoW+pIIgXzo3NIwMKX8VH8wayWU79dvKMTTDNcHt64bMPJql7UtkDElqdMDzXnG4soPcCYRJTAKBtOVi0Hz4a/J1il MIME-Version: 1.0 X-Received: by 2002:a05:6e02:1445:b0:3df:2cd1:f61b with SMTP id e9e14a558f8ab-3e282c5298fmr65746315ab.0.1752779612874; Thu, 17 Jul 2025 12:13:32 -0700 (PDT) Date: Thu, 17 Jul 2025 12:13:32 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <68794b5c.a70a0220.693ce.0050.GAE@google.com> Subject: [syzbot] [mm?] BUG: unable to handle kernel paging request in move_pages From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, peterx@redhat.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Queue-Id: D2254140006 X-Rspamd-Server: rspam06 X-Stat-Signature: as38x9ph97t3u969amk9wtzc9kd6118o X-HE-Tag: 1752779613-589619 X-HE-Meta: U2FsdGVkX1/A5fpfB8nS1MWUgrDva1AXi82C4AffHciaIL3rbfNxBmH1sNpRQRN/U+DlHdnIOVa3Ov2rhP/M2bSc9DgjDKcie7r4KB9XVL0s949vyDuJ8aauylc6VldjyFln3A6S8OH/VwThKPv+/aH9fxxBkCGEuYLfwUuMSvcafcy27egxvDeX7jueZoy5HJd3RB+hz+3ge/REnubigijCBNLG+qcTHQ3qds/Kt2rJrX5neh2lbpXdL4W1wLPW1IZ2wrS0eXbhMa6QTinKF4LU2xyTMo+wVvr2e0ScuFifQQJraC0VasoM12i7MTjVjp5Y47XbZH9M4AxYyjmuH4N28OA3c7uTXLJtOKtfCEvzZL5LkovV4AEmVt5L/p+yBL/yR8GjOLHHwiJOho8vVXobR/uHw/iI1kOPXrn+AkjB16LMKcJ925EQrulEGzbqjHpwjgIR3/1Jglua9Vr2GX7n0vTLr47jaZLyMJbJw/lwG+qjeCiObPiVEkeWahJaUMq99lEHELqv72oJaT2uZE5nkhLfKe4UewtEXK6HbsgR4+/3bd5rFofUwGPAhKP31hSZU7IjBTzECL9dIXYBB8+QOO/tWJ7ji+u8cY6QnWfhuFaQskL5XUoUVJyqVg/mMaxb2dkSgFroRt87V0IztkzSviotKkrhDFBnLi0ojN3vDIyqI6c8nZB1nFQCPzmvVmcSjHp079RunFdIPiVnNW8+yadY6OBjU9RUgpAllzEWV/9gLInmsu7tSzf9+QkMcZBays3zxLfsJAXUDuonGfNITB3SEySzuDeSzDGKOeQLuNsoTvBHD+sJsHI2P/QADjWCliZftUrNlJIhFKAA1rXVbOwMtwAKz47BjuiYKs0wqdfpGEyhbC6UJh2MZT9tatSgMLcCSGMXA2ZDq1+rx52763kxQ5My2lPMnd+DuzRt50puWRI/GvzUsAqxpzcTr7qbBebOzz/+OMtOdsN w4OfjOZa 30RPRUKd1xkH/JYkk6atdjU+zQ0MZ8dkiWL+k7gB7xroOazOM5AajF1OsqRU4MOIVmA5p8R2NBlvRqcGQzI4j5vwIHJcN5eHKYbHOfIUxR3v0g4O97S1NiW/Hsh6H/uFS+mLPb/CWuuffP9fTi+H43FpkSbnLIDOa2t14gVxRxcVqjYkPqHTepuAAyLQFaR1A6pwsa6ZZPACWb1tXwzcAWZpqQB5/jiOv4md1+403YqnZsOTMvkd9vV6nerk/qLpvn4tVdHEDSQpD9+ooHIuw3yXrMlyQMPk3O5Witff6kPq1J1ejrN2h80O+hZVAiPT/PQMhm2Vi1tzG3xi0nCerGkc4RDKQK0Ha8ZqC8ZQLeOKZIoRbP1/sM/U01UENrj1pdYNYOCihW8TkPbzzprpI0fiwEG2zIpyaWa06DaLdFgVeVuM6A0Lcom+D/K61frSEZI3tk5bp42sGyHknIXRZeDqx+n43U5sGpcRJSnPyLLxGPsOfTXIxlngR6rYm8Lci7h7JInWYsHz7EBFRLRJn2hH4/gWYH6qnFYfiuJcG1aIhoOods6gromf8ITFWg1OzLJhReIqGWLakFUTy6Ze7h5VSz1TchBxCdOo2Jz8N18XITIcX8WS0Gjcb9rVtJOkxzSBShU1YOv733qCdKzw4T3T1KOqK/vP4R+Si8Yok3IroBM9TdAt3Z/SCgMeyAGQHNlQAD5UU2734ZzcKUor1LrPoZkmEG5C1b9dFYfCvtt0udGkJjvxXEGiEGT9OibZNhFOxtVJ5y11qQMCGvpjD9id6Yj0YbjftQ/5hTflFJMjma01ZaYq/CFWHARfLhuv9FCokUXdRWsGY117O8Eckqvc7Mzcs2VBB0PmAQGSyQ+8pBZftMvhiZLNrk7Dub+TzBLCyyHvhp97LyMRclOBFcSPyrMjAUxit/+TJW9VmAG0HFF1oBW+k/eXDtqFybAq5hZQjEoTsIwNaYfLARt+HAyD/+HYG W5Ad4v87 XrLqPMirT2L30i4j1yFHtErLRSW723x32p8xeZZm2CL991VVPRs0v+JtL+UsYvv61MzHc0l060PhKVdWNnh+flipemRrG5K2H7Oo+L9RIZK9zY6n+bIEyIkBn6Ft68pIHS66mhR112xOPNHtAKe6lI4tGeC+jLNCRmeiTOabKEvByuqfggREPvOb1sKwDWp7+tLxADJJAa96YNFCeF081IdVXtM6rOuGlHrgelqwXYy87q3LmZRk6v97kvkIxTsADgfjrYznfvQaMde4jKPAt1mDtnRD73KXCHQ6KeLlg+mXeidOuwpKFWc5u9a6FHd9IP6jDCYRIl9oYOjCPeppE7V2WakxMvenI/Ll0rKsUhqgPVFPC2F4apVthIi2AzG8ZRsNl//PG6F+mu3bj8P6sa6N+6WgyzpaKS0IMQvnPgIpS+Tc2+C1azAGnjYa6IZ9iBhihZoXGT+K453aw7HSurDGofKg4DkrnuHJuQd1DGpPUqepouYbV0Pq5QoOiwRX X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: e8352908bdcd Add linux-next specific files for 20250716 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=17f81382580000 kernel config: https://syzkaller.appspot.com/x/.config?x=b7b0e60e17dc5717 dashboard link: https://syzkaller.appspot.com/bug?extid=b446dbe27035ef6bd6c2 compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10041382580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10eb158c580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ae8cc81c1781/disk-e8352908.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/57aaea991896/vmlinux-e8352908.xz kernel image: https://storage.googleapis.com/syzbot-assets/feb871619bd4/bzImage-e8352908.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b446dbe27035ef6bd6c2@syzkaller.appspotmail.com BUG: unable to handle page fault for address: ffffea6000391008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 13fff8067 P4D 13fff8067 PUD 0 Oops: Oops: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 5860 Comm: syz-executor832 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline] RIP: 0010:move_pages+0xbe6/0x1430 mm/userfaultfd.c:1824 Code: c1 ec 06 4b 8d 1c 2c 48 83 c3 08 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 9a 30 f4 ff <48> 8b 1b 48 89 de 48 83 e6 01 31 ff e8 59 70 8f ff 48 89 d8 48 83 RSP: 0018:ffffc90003f778a8 EFLAGS: 00010246 RAX: 1ffffd4c00072201 RBX: ffffea6000391008 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520007eef00 R12: 0000006000391000 R13: ffffea0000000000 R14: 200018000e4401fd R15: 00002000003ab000 FS: 00007ff35708f6c0(0000) GS:ffff8881258aa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea6000391008 CR3: 0000000074390000 CR4: 00000000003526f0 Call Trace: userfaultfd_move fs/userfaultfd.c:1923 [inline] userfaultfd_ioctl+0x2e8b/0x4c80 fs/userfaultfd.c:2046 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:598 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff3570d6519 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff35708f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff357160308 RCX: 00007ff3570d6519 RDX: 0000200000000180 RSI: 00000000c028aa05 RDI: 0000000000000003 RBP: 00007ff357160300 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff35712d074 R13: 0000200000000180 R14: 0000200000000188 R15: 00002000002b9000 Modules linked in: CR2: ffffea6000391008 ---[ end trace 0000000000000000 ]--- RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline] RIP: 0010:move_pages+0xbe6/0x1430 mm/userfaultfd.c:1824 Code: c1 ec 06 4b 8d 1c 2c 48 83 c3 08 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 9a 30 f4 ff <48> 8b 1b 48 89 de 48 83 e6 01 31 ff e8 59 70 8f ff 48 89 d8 48 83 RSP: 0018:ffffc90003f778a8 EFLAGS: 00010246 RAX: 1ffffd4c00072201 RBX: ffffea6000391008 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 R10: dffffc0000000000 R11: fffff520007eef00 R12: 0000006000391000 R13: ffffea0000000000 R14: 200018000e4401fd R15: 00002000003ab000 FS: 00007ff35708f6c0(0000) GS:ffff8881258aa000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffea6000391008 CR3: 0000000074390000 CR4: 00000000003526f0 ---------------- Code disassembly (best guess): 0: c1 ec 06 shr $0x6,%esp 3: 4b 8d 1c 2c lea (%r12,%r13,1),%rbx 7: 48 83 c3 08 add $0x8,%rbx b: 48 89 d8 mov %rbx,%rax e: 48 c1 e8 03 shr $0x3,%rax 12: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 19: fc ff df 1c: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) 20: 74 08 je 0x2a 22: 48 89 df mov %rbx,%rdi 25: e8 9a 30 f4 ff call 0xfff430c4 * 2a: 48 8b 1b mov (%rbx),%rbx <-- trapping instruction 2d: 48 89 de mov %rbx,%rsi 30: 48 83 e6 01 and $0x1,%rsi 34: 31 ff xor %edi,%edi 36: e8 59 70 8f ff call 0xff8f7094 3b: 48 89 d8 mov %rbx,%rax 3e: 48 rex.W 3f: 83 .byte 0x83 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup