From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F151C7115B for ; Mon, 23 Jun 2025 09:53:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2B7066B00AD; Mon, 23 Jun 2025 05:53:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 266466B00B7; Mon, 23 Jun 2025 05:53:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 155276B00B9; Mon, 23 Jun 2025 05:53:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0285F6B00AD for ; Mon, 23 Jun 2025 05:53:56 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 8AADA1404B9 for ; Mon, 23 Jun 2025 09:53:55 +0000 (UTC) X-FDA: 83586204030.24.9013B51 Received: from mail-qv1-f53.google.com (mail-qv1-f53.google.com [209.85.219.53]) by imf17.hostedemail.com (Postfix) with ESMTP id A6FDF40007 for ; Mon, 23 Jun 2025 09:53:53 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=NrX45A7w; spf=pass (imf17.hostedemail.com: domain of glider@google.com designates 209.85.219.53 as permitted sender) smtp.mailfrom=glider@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750672433; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1MYJ8Ld2YhT5jQm/lDg/PdDLP/gpdIe8KlR+jR1iis0=; b=EeoIYaC0OsgUIB9zVb/K5rxfCIDSqr6OsWYH1/NjGSElih4KsEftPNEgF6HUgYATfJkSaL 9us9G/ju1/YTPdhqsBY9DYHSjApHiyeg7h9dbFlgUyr6O8fqcVefj49gr7qIJ6oUj7RDMK wGZ8O9psTdVzWMGi4pBMqUWgh1BQ77Y= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=NrX45A7w; spf=pass (imf17.hostedemail.com: domain of glider@google.com designates 209.85.219.53 as permitted sender) smtp.mailfrom=glider@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1750672433; a=rsa-sha256; cv=none; b=q9/abynj3EJuktjH0/boNEbCqYvNnd4p2l1yQ3CooEAH+9ffx0691Xm1Udq5nMiG5Mr0ej KAJ9KSeNuW5gT+ZNnBja9P4tv2PpSo+qvenAa82wmAB+siWvAN/Pfnq21gUGBXV2rzfDO6 ks6TBee4aVKGFmHwe6mKjuXLj7WbrGY= Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-6facba680a1so45595286d6.3 for ; Mon, 23 Jun 2025 02:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1750672433; x=1751277233; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=1MYJ8Ld2YhT5jQm/lDg/PdDLP/gpdIe8KlR+jR1iis0=; b=NrX45A7wpgnYwvgt0xbsMJ5OGT5SiwLiKU5BS+FgLuVkOWFcUh8Sr/LSxegqZ8vdu6 f3IZRKe15VxQ0pg6JCX+Xa1K6EZ4lwTafl6H3p2JaYzekL2AE+YMBYdgF2IU3WC0LyUn 2EjdrdsPNUuAbFW7ONtWIqd+rcr87uXa/T4iTkSVCe+zt1FoX9AoX00zATQa+mMjPfLW K/v9GuoUi5i78mJQAkDe2XE7ag/OLtTfnP36vM05RBMPpIJ1dwHHSUUVYim2mAwmEs6P 2j2gTRxzHLfu2z9dr7dvAX3YP9/2stJsj+IttKfupGsmzd+elIPVCdT7+rAMKvZcUMVr pgYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750672433; x=1751277233; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1MYJ8Ld2YhT5jQm/lDg/PdDLP/gpdIe8KlR+jR1iis0=; b=YNgX/tSjFhgpSBODHsDRCT03TS/kDz6a5zwfLi9zyjclWiC3IArlJwbSK+GYFep8f6 i9wuR60rcqfxZ08VelguUQiQ5qeF7smcv4vNtcL9+7YpM33F3Q1LVP8Rb+JJGZIvuDWQ A2BlroZgFYmUYfM50L9SfPv1xLhUpcWKj0I0SwlZXiUWdyqHopXHIw3U8g3JMq/JTIHF MkkAVrvZdQsxP27pBN0lYe91pPfVGt4CXKRfFdv9nuj5CLscQoGJlXhdR9yNKZXaW+FT DuZjg5bmjn+Wo6QNGe0Hpru3V0C4RpPyEovcdJxP4RdamjSDdXm0O3wNr6PceCFt8bLy rZwg== X-Forwarded-Encrypted: i=1; AJvYcCUv/bYAeXY5oTxF4G4DQPtu1EMz7xJAHMvQR4/jodCXI+7hX8bYWFOv2YohWtNkezelu3cVq1JhQQ==@kvack.org X-Gm-Message-State: AOJu0Yz/3f5kfAjPlZ62d2tbtWfTpH3Xb43EcjF6+6W/KNkDM7z0FmhC bqsfR+gXB50NFSg2IMxTTQblUWdeGRsPApQ8nwoh2ntYwM73Dd9G0pzxrPqEOLYJP02Rcx3IS64 RIfFPLxyRDndApFsQJTe2TCV25xh99yl96glR53Ov X-Gm-Gg: ASbGnctQ1vVRGWQ+2AuvMt8sfdsLON1kICJU0S2fUGhesPQU1/fTq0SHSSh7OajKuco e9dT4/ynKb0FRnI7NF+bEjjCnztqYx3qYBpL5HKwqWdj/nZawCqGOb6Vn/i75rZghuEBfhG7qBf SEF2740OFYzM+VWgY7c+C67J4GsTqEKeFLMGzPQP04zNAB+hJ4tnBvDf7oxpUx287pktGyAWQOg A== X-Google-Smtp-Source: AGHT+IFX9sZftARuyi6eb1zYlu+z3jKlXm0//IyHkmZSu26oOjY7sADAH2akKqUEU7tpILlMO2Jt+xA49eKcdlEKeEY= X-Received: by 2002:a05:6214:2427:b0:6fb:43d:65b7 with SMTP id 6a1803df08f44-6fd0a5c1776mr217459176d6.36.1750672432489; Mon, 23 Jun 2025 02:53:52 -0700 (PDT) MIME-Version: 1.0 References: <6857299a.a00a0220.137b3.0085.GAE@google.com> In-Reply-To: From: Alexander Potapenko Date: Mon, 23 Jun 2025 11:53:15 +0200 X-Gm-Features: Ac12FXz_zfg3yBJguqG7j_axVUPXtzC7srPFRYhdD65HCgVqc8QCRPDRe21ZCKI Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in sanity_check_pinned_pages To: David Hildenbrand Cc: syzbot , akpm@linux-foundation.org, axboe@kernel.dk, catalin.marinas@arm.com, jgg@ziepe.ca, jhubbard@nvidia.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, peterx@redhat.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam11 X-Rspam-User: X-Rspamd-Queue-Id: A6FDF40007 X-Stat-Signature: 1xj88towkact3tkus39ty4np9yf81de3 X-HE-Tag: 1750672433-955423 X-HE-Meta: U2FsdGVkX19dw4Xm91Jl5OU7SDoHMSHv9wbKZsPU9GMS+UM9bSRxWFZQucQBixkH6a8daTIXWmlTlswLvY+3Cq4HsRZ3jlcMLEORPNdAQkIohWJsgnfWY6SUq3mMSynCA1sP7yks79cK0orokBr/2Pc5APPfgoUC7owItpg6oTB0pxQwLEQdljNnPvi1vwSCG/+IGusq3h2vk1D1n0TJiNAQMyO1Bwr+sd+WqUT2I8hIbi8hGZG6PTEr4WO+b5b/a4pbWNr3iYTBnarx6K+cdcSIbVQh6Uv8sF78ShWOPKDo95ZKjkElR4KF2GsQwuZq/l2umLa6rkCxa2Z5pcsz8yRomOtRCkE/8bunx+e5aPNdkZ074jRzBkiDCXz119d9eCHJkrAlqA928mdu8/BVhp6lwLrUf7I2SxYeJKGXCVDS3MI5nv6oBX6yvebA+r5fT3wdbdxjrU6WOaFMjDe0czcSruS/Ny+Gwjxc/Vh8yticynzMdwZlu+fyxQASbC1BxsZzQkFh5M/NmkWyI+kNi6n/sCA3a7Vkoi2uLUaCuZYxJAL7P+NtJABln4Bj7o4UzLT3AxHBlJ8ScyFwi71i1hm+uPAuPtdJGEY1yIhoe3Ql/2BQMI056Y1QKfLiq3QTC9NiBEIDToSc9fmlshwyr/PLUwLKMv01WoQj5No+EffNiH5ML3fu1raiamRmpHK/ISSZ9Pt3jaADP9bbuHrsy7/RFHvFrnZ0M9IVuEomhj7PYBsQgUGNr7qx9vUdYT9MlCCAQ2tzgo+B0ITk1hYWHjo4R0Ty0HoQ+dK77DL7+0zMzZ3+9lwKJLXcgQJlaYWNsgZnu0GOKBRBjB0jtxU2J74y9UUifcAVuv2hNMlnfT4jLHhkTcQgpRtOI9rXJo4lGM8v6jqJmMPzqyd+YKYao4carhPI2CPT8NLxX1FxncuLDBFZp+e5oMuA/VvCYS1pQ3aCWB7UW+VAajejnjR yu6I6inz IiaOFhbx5QhwhCW3Af3h622dpOcfBGA4oc+PM0Y6vUfsMApGQ0aalLb7QVF5UY5oVYthrl9RTqsFpY+u5UBT07bJ+FlxFoLPqX4GWATd5yupyo6WJFfDu++sWoyIgQD2soaVg6EU81fwVTwUDtnRmFc9z8DsGi8hptvVMMkbrX5Zza+OFJFgQh3OChL9DsGL5YuQI8SvPzSPJFhJGSFjBRfMbr4sP109f1LyUG8695h19YGnN7Cyzmaqt5nf3UV+KB/28R1eCgkv4bpMkMeQUhggrWiK8vX+dCpDZEoXDwve+mvK6ks0QPbLeDOKd5Jxqdbxm9Bpk+jHvmcZprTdUs5hv2LB57J844xYB33aL+0q+n3ovC9RiZaY5boXFBDNV+9VkbPwH5LkiSSST31CBHiyt5/uC2UCF0Pn5IdmZEkX5Q6L1NX1KxZZiJNh6WCpft25kzMZPLDtF1fddgXaYAlilDsR+j3IUMrFVt6/hRvkW42EUr0RAFX26Rf8TP78o5jQ29qIKug84m6EqU/IpVFP37dVc6WIZwif9OumIrGG77u8ssPAuY0K/hRuJ3dWQe7sQH8jTkyFOtxCdJIoeZgWlPI7crOvq65TDrGmuhfHmNXie+RKjYfCU8N9teiJWt1jg X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jun 23, 2025 at 11:29=E2=80=AFAM 'David Hildenbrand' via syzkaller-bugs wrote: > > On 21.06.25 23:52, syzbot wrote: > > syzbot has found a reproducer for the following issue on: > > > > HEAD commit: 9aa9b43d689e Merge branch 'for-next/core' into for-kern= elci > > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/lin= ux.git for-kernelci > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1525330c580= 000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D27f179c74d5= c35cd > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D1d33589377246= 7199ab6 > > compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07= 757-1~exp1~20250514183223.118), Debian LLD 20.1.6 > > userspace arch: arm64 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D16d733705= 80000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D160ef30c580= 000 > > There is not that much magic in there, I'm afraid. > > fork() is only used to spin up guests, but before the memory region of > interest is actually allocated, IIUC. No threading code that races. > > IIUC, it triggers fairly fast on aarch64. I've left it running for a > while on x86_64 without any luck. > > So maybe this is really some aarch64-special stuff (pointer tagging?). > > In particular, there is something very weird in the reproducer: > > syscall(__NR_madvise, /*addr=3D*/0x20a93000ul, /*len=3D*/0x4000ul, > /*advice=3DMADV_HUGEPAGE|0x800000000*/ 0x80000000eul); > > advise is supposed to be a 32bit int. What does the magical > "0x800000000" do? I am pretty sure this is a red herring. Syzkaller sometimes mutates integer flags, even if the result makes no sense - because sometimes it can trigger interesting bugs. This `advice` argument will be discarded by is_valid_madvise(), resulting in -EINVAL.