From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EF6C6C4707B
	for <linux-mm@archiver.kernel.org>; Thu, 11 Jan 2024 21:13:54 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 632116B0099; Thu, 11 Jan 2024 16:13:54 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5E2156B009A; Thu, 11 Jan 2024 16:13:54 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 483566B009B; Thu, 11 Jan 2024 16:13:54 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 35C2F6B0099
	for <linux-mm@kvack.org>; Thu, 11 Jan 2024 16:13:54 -0500 (EST)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 04CA840C1F
	for <linux-mm@kvack.org>; Thu, 11 Jan 2024 21:13:53 +0000 (UTC)
X-FDA: 81668282388.03.6A29027
Received: from mail-yw1-f174.google.com (mail-yw1-f174.google.com [209.85.128.174])
	by imf30.hostedemail.com (Postfix) with ESMTP id 4499A80005
	for <linux-mm@kvack.org>; Thu, 11 Jan 2024 21:13:52 +0000 (UTC)
Authentication-Results: imf30.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=l9qpRrve;
	spf=pass (imf30.hostedemail.com: domain of surenb@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=surenb@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1705007632;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=d+xq1TtNnp/gjdjiyMqlvepkDkjpAkmL94vcnwd59ac=;
	b=4WPl89FakdcXfAF+mRpYCCZkv356NJZTS0v1Dgi6FY8+oJueE8RljyN2zSURw1QKe/rJe5
	vpO2vQnyQOMwVFwofGZ6kOYOcvBUtv4xFfQSq94pwzcy7UpbMAId7lLzxg8rxS7hsCgaL/
	X9hNI6k7A0o463DhYds7oWSMOulzKIU=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705007632; a=rsa-sha256;
	cv=none;
	b=ku90S0AsSLRGP0Gf3l+8oLXcrcMQ6iURDTHUQ+NxNLxWo60u6FkDDztr2MB27dNzJjdon3
	LPvT/SU/iIzwBnNu15IZ47ks5urw5wAKT6AL5A8TcFNI4o6ryipVXfFW76mahJnRTVearf
	PLRVDB1zvyvt+yCAuHHaGWpY3XZDZN4=
ARC-Authentication-Results: i=1;
	imf30.hostedemail.com;
	dkim=pass header.d=google.com header.s=20230601 header.b=l9qpRrve;
	spf=pass (imf30.hostedemail.com: domain of surenb@google.com designates 209.85.128.174 as permitted sender) smtp.mailfrom=surenb@google.com;
	dmarc=pass (policy=reject) header.from=google.com
Received: by mail-yw1-f174.google.com with SMTP id 00721157ae682-5e86fc3f1e2so51879527b3.0
        for <linux-mm@kvack.org>; Thu, 11 Jan 2024 13:13:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1705007631; x=1705612431; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=d+xq1TtNnp/gjdjiyMqlvepkDkjpAkmL94vcnwd59ac=;
        b=l9qpRrveQ4iBVXxb2e3Jrt2NQ/5jfmSGidIzau2kJy68w3oZlDIs4XWzEugf79bot9
         a8yuRul/axhI4fsCHGN8O2Ievo4n5LtXGMn6W/rnsG54bjiRlKzEhHQ1Ft76NfWaJmZx
         b/+QzA+JMAdaj90seUlO/XnAvp/Ga1xFPUYn4a5Y8m9s+CDzKMjmyfEKdP+uT7UhmOKi
         C9MVmCBb/ipVEWzBG+Aszwt7fx+ELJmWIKHRINtRkvT2tUJuIihnBcfHw+uVaAFUuwgE
         Dawq+YYWwi8y3kjYYtccbzoQ5e9uCs6jlpIUqOAxZhSCF5yFSf3wjDNSwYfIOAbHuUsF
         Al7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705007631; x=1705612431;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=d+xq1TtNnp/gjdjiyMqlvepkDkjpAkmL94vcnwd59ac=;
        b=QoOKD4takWJcFbVfuSJ12cM7Onf7G1pHC6EIJp0XHp/jSi3KuU0rXReSwbKLUfbBQy
         cDOfXhhW3KOviES/YdmlJ3Eyl3t6X1q3qNBmd1UG/fYPmj6OPvgsMzI/27DKuTULYJ+O
         YA12defCQXe2759gRXrnCF0FRSQpdlcvF9sjv37eueeRZ2gKuz72imgWpsAV4F7r5vme
         LYwCbkY+DIr9UpG0563FT9FEsxuKOJzJGPw9CevnPpYfg6KZ5/UIhm80pJDOk5ivgPLj
         IOkQgChiJdON//+ce+ebam7PWnJjScJkwXTGFbb3gAnEnQEWFd+u7fTXQsvvPw4F/tzV
         Trag==
X-Gm-Message-State: AOJu0YwiU3UYUB66ETQyb5bE1iiIg4mCENyg4e+wobkdsDKfDCFPky+p
	C0iQv1Z/VmQDblDPIsoL4Rpy/s/gD0h7sXyD1PTxgcNnAIg7
X-Google-Smtp-Source: AGHT+IHILrutT2/eQmrr2s79qeIc3WjC8/Moy6OGTbSSGmdU44d/ZhXjSyGZI8OltlzGi28+6US+BuB9FVHvLo1lUYE=
X-Received: by 2002:a81:5dd5:0:b0:5f8:c3a:6989 with SMTP id
 r204-20020a815dd5000000b005f80c3a6989mr472875ywb.34.1705007631145; Thu, 11
 Jan 2024 13:13:51 -0800 (PST)
MIME-Version: 1.0
References: <00000000000011d709060eadffd3@google.com> <CAJuCfpG-8w_KQ8bWvSr=GrXM+Jx3YKn5DqTFJU2MaMojML_a-A@mail.gmail.com>
 <CAJuCfpFfKYn+G1+puQ0KxzWCnbfFT51tKwV8MnrP7YZcJAORwg@mail.gmail.com>
 <CAJuCfpHTAAPEjMLrcxyG8zW7HA47EinB8CQfKGmBw7gGxqQ=vA@mail.gmail.com>
 <5ed23cf3-eedd-44aa-a498-d2a9ab046535@redhat.com> <CAJuCfpG5T71Sc46pB2eGpV7TreMZX2VZ-kDfaNmtn+etP0q9JA@mail.gmail.com>
 <bf9dbc58-35c4-4a35-b194-6d8d9e7e4923@redhat.com> <CAJuCfpGRA7KJhMBneqAj+dw=rQReU7PyR1r34yqrNSoa-RUKbg@mail.gmail.com>
 <15ce90cd-ff0b-4bc3-bee4-880bee3200ae@redhat.com>
In-Reply-To: <15ce90cd-ff0b-4bc3-bee4-880bee3200ae@redhat.com>
From: Suren Baghdasaryan <surenb@google.com>
Date: Thu, 11 Jan 2024 13:13:40 -0800
Message-ID: <CAJuCfpFcjxX4RkcYyzLWMBqPw4amzbiJCZx8UdmM1H2_QkoOqA@mail.gmail.com>
Subject: Re: [syzbot] [mm?] kernel BUG in move_pages
To: David Hildenbrand <david@redhat.com>
Cc: syzbot <syzbot+705209281e36404998f6@syzkaller.appspotmail.com>, 
	Peter Xu <peterx@redhat.com>, aarcange@redhat.com, akpm@linux-foundation.org, 
	linux-kernel@vger.kernel.org, linux-mm@kvack.org, 
	syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Stat-Signature: wqkeipqd6bfeaz3x47mnmkztdk51zj4w
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: 4499A80005
X-Rspam-User: 
X-HE-Tag: 1705007632-147326
X-HE-Meta: U2FsdGVkX19wx10TM9WQrHE7cwTDAn6CZN4K10qWf+JAlwLWxA9qCpsM8BwBrghWmMiQxNDnDUtBa3w46253tyNmk8CbXUtsiIfei78/VjEUrNdAtkbUTRXL/ExaeqPWsWQMF5fwc7ofPXFUDENlYxH+4QPkJ+q1+imnzeRoTCBfEz00CSshl5mxK+iR5q1vrxZ3a4wHkiNW+lyrZ2ZiLUFoINz4WomaSEleGcZrS1P9zxH3OJTYId5cYWo+S4Fibe9DkVw4oTG9jyBgUqxsPoHAMM8IYfOdVxxEBA526FVV4KNXnp/4DyGiAjGCAwTYPI151PY9FETMOT28hh31dTpAJpG8LjN7noUI0HDcXtLF0sXvUwCEH6WXzZwMZtYgmZlz+ZDyYDtea4OQTh6ESh/6OoRX3skUWD2+Y9Zfq12WmGID/mB7oL2zmmCS8419Q3fg+e9wmBBhiKv34JlTqaYBrAL2sW0Cctxvehx8Snrlme/p5I9Lmxj7NbF76rrxww6i3xVSubRdh+OauXr4EjhTLpIQACQ5mYyYofcyI+3r4CYc+b7dSK5AFNHjk7ECfHfncGti2DEFSiU1aXZtBmEP/XLofAHDh84o5idGrWu4o539bPcnA3tgoKADOBeofxw6864StlAUxkpC1nqA3xBqg9E+1gHKCTxaIkHbszWgr0YXFkbwVZvTlNP7hPCQXKt4XrMsLjyqdr8CLFoNGMotdS83+lDsC6rZys3hsRR91KIq/CuXPtPWqoiCF35I2934AgmXpp7hNXkWsk1phy6iyYEpiD90n3d3F/k0AQVBrhO3ICgfLpSr11RhpuQUJ+JmA30sSe6ns7XT1PwvJVIpsq4iUsrQ5J77QK2ugxGGMV7X1FSg2dziaExqSRMhnxBWyuA+R0L09h1Z7Lux8LG2T+IBh7UrKeqnj1TQ1ACrtvEM971EgSv3qo8ZX9r4yyUAvKgi+b1gNeGCTSS
 ln+0Dipk
 c38360+N/VLBMqHLJZgVe0i3CtomqO7zUZ3g5/6Q0o76ZfUBqecjH5RYhuOvzmT68KvLe4TZ0ejEcWRNQuyBwsSGa1+f26wE//6q4ceYwufkKTo19MwrEaoEsDY9VqCPH8PumpGkYEE3OV0abdiCSUFCXfPsygy8qVFnwM8Gx8TZCDNJ84BO5gPmD6y1g8VTY9/W4L8QYsFBpo7z51iGWk+a0HAbLs07XZLPP/cB2H+NVAOO4eLHhhFgYL7Ws11peAr4CSH01BLFXfTQ2sTdQr2gXC9BoDWZWQLfcrPeZ42oVn/Wb4pNO4TZSnE1efuIoPZcGSvH99xick90NBlfYwJzrEDpzcVi7VOD4v/bbtFfmhkj7UhtLbxLua3GZt4dW4Hh79Y3Mr76CWoK3wewn2F5LxqIYpSsb4/rb1cE5iDw5mBPb5qzOxZ8FLlVAl/pWYgUJNmMd4tVOHW0NUVtmKS0KDXmIHJSMhrTqSpy2rOnlXPC/Qt4CSi4Bwxu7O/64/WyQgbGOAEKVCiCQi4prBIN/P5AY+47+/2yEYv2/dl+ym9v3nCUQgfzMxgoYrq38dH7nGN+r0VKdvaDGwoWvk5bMEziF4Qk7R+zYFOBFIaVcKb6nBzMM87TD0wwE1fTzb7cRURqSyuPXnU22VTJXWjfvw1zWThZJf1kHxGcKjBu2dmL2ekfdpWv2DB2p5K8snGEYfuU1p2Yf8OaXpx1xBRz1f0sNknZ7QNjNm0xm7+Qg1C1pDlEf83eUYjT/738UcwDcAvMyd7oaqx+8SgxkiYc9LZbGhqbhBwaVBbcC4WpKCTmtHYIfY5j9ufWNNMX2tyjPHefiJCVvovJG0e5varcjGtnyS/7BDrLSAXUbAicYk/7PGJ/S71j5CLSU5bfQAhpMdVYXjxtGzAY=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Jan 11, 2024 at 1:06=E2=80=AFPM David Hildenbrand <david@redhat.com=
> wrote:
>
> On 11.01.24 22:04, Suren Baghdasaryan wrote:
> > On Thu, Jan 11, 2024 at 9:00=E2=80=AFPM David Hildenbrand <david@redhat=
.com> wrote:
> >>
> >> On 11.01.24 21:20, Suren Baghdasaryan wrote:
> >>> On Thu, Jan 11, 2024 at 6:58=E2=80=AFPM David Hildenbrand <david@redh=
at.com> wrote:
> >>>>
> >>>> On 11.01.24 19:34, Suren Baghdasaryan wrote:
> >>>>> On Thu, Jan 11, 2024 at 8:44=E2=80=AFAM Suren Baghdasaryan <surenb@=
google.com> wrote:
> >>>>>>
> >>>>>> On Thu, Jan 11, 2024 at 8:40=E2=80=AFAM Suren Baghdasaryan <surenb=
@google.com> wrote:
> >>>>>>>
> >>>>>>> On Thu, Jan 11, 2024 at 8:25=E2=80=AFAM syzbot
> >>>>>>> <syzbot+705209281e36404998f6@syzkaller.appspotmail.com> wrote:
> >>>>>>>>
> >>>>>>>> Hello,
> >>>>>>>>
> >>>>>>>> syzbot found the following issue on:
> >>>>>>>>
> >>>>>>>> HEAD commit:    e2425464bc87 Add linux-next specific files for 2=
0240105
> >>>>>>>> git tree:       linux-next
> >>>>>>>> console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D1494=
1cdee80000
> >>>>>>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=3D4056=
b9349f3da8c9
> >>>>>>>> dashboard link: https://syzkaller.appspot.com/bug?extid=3D705209=
281e36404998f6
> >>>>>>>> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binut=
ils for Debian) 2.40
> >>>>>>>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=3D12=
5d0a09e80000
> >>>>>>>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=3D15bc=
7331e80000
> >>>>>>>>
> >>>>>>>> Downloadable assets:
> >>>>>>>> disk image: https://storage.googleapis.com/syzbot-assets/2f73818=
5e2cf/disk-e2425464.raw.xz
> >>>>>>>> vmlinux: https://storage.googleapis.com/syzbot-assets/b248fcf4ea=
46/vmlinux-e2425464.xz
> >>>>>>>> kernel image: https://storage.googleapis.com/syzbot-assets/a9945=
c8223f4/bzImage-e2425464.xz
> >>>>>>>>
> >>>>>>>> The issue was bisected to:
> >>>>>>>>
> >>>>>>>> commit adef440691bab824e39c1b17382322d195e1fab0
> >>>>>>>> Author: Andrea Arcangeli <aarcange@redhat.com>
> >>>>>>>> Date:   Wed Dec 6 10:36:56 2023 +0000
> >>>>>>>>
> >>>>>>>>        userfaultfd: UFFDIO_MOVE uABI
> >>>>>>>>
> >>>>>>>> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=3D1=
1cb6ea9e80000
> >>>>>>>> final oops:     https://syzkaller.appspot.com/x/report.txt?x=3D1=
3cb6ea9e80000
> >>>>>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=3D15cb=
6ea9e80000
> >>>>>>>>
> >>>>>>>> IMPORTANT: if you fix the issue, please add the following tag to=
 the commit:
> >>>>>>>> Reported-by: syzbot+705209281e36404998f6@syzkaller.appspotmail.c=
om
> >>>>>>>> Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
> >>>>>>>>
> >>>>>>>>     do_one_initcall+0x128/0x680 init/main.c:1237
> >>>>>>>>     do_initcall_level init/main.c:1299 [inline]
> >>>>>>>>     do_initcalls init/main.c:1315 [inline]
> >>>>>>>>     do_basic_setup init/main.c:1334 [inline]
> >>>>>>>>     kernel_init_freeable+0x692/0xc30 init/main.c:1552
> >>>>>>>>     kernel_init+0x1c/0x2a0 init/main.c:1442
> >>>>>>>>     ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
> >>>>>>>>     ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
> >>>>>>>> ------------[ cut here ]------------
> >>>>>>>> kernel BUG at include/linux/page-flags.h:1035!
> >>>>>>>> invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> >>>>>>>> CPU: 0 PID: 5068 Comm: syz-executor191 Not tainted 6.7.0-rc8-nex=
t-20240105-syzkaller #0
> >>>>>>>> Hardware name: Google Google Compute Engine/Google Compute Engin=
e, BIOS Google 11/17/2023
> >>>>>>>> RIP: 0010:PageAnonExclusive include/linux/page-flags.h:1035 [inl=
ine]
> >>>>>>>
> >>>>>>>    From a quick look, I think the new ioctl is being used against=
 a
> >>>>>>> file-backed page and that's why PageAnonExclusive() throws this e=
rror.
> >>>>>>> I'll confirm if this is indeed the case and will add checks for t=
hat
> >>>>>>> case. Thanks!
> >>>>>>
> >>>>>> Hmm. Looking at the reproducer it does not look like a file-backed
> >>>>>> memory... Anyways, I'm on it.
> >>>>>
> >>>>> Looks like the test is trying to move the huge_zero_page. Wonder ho=
w
> >>>>> we should handle this. Just fail or do something else? Adding David
> >>>>> and Peter for feedback.
> >>>>
> >>>> You'll need some special-casing to handle that. But it should be fai=
rly
> >>>> easy.
> >>>
> >>> Ok, so should we treat zeropage the same as PAE and map destination
> >>> PTE/PMD to zeropage while clearing source PTE/PMD?
> >>
> >> Likely yes. So it's transparent for user space what we are moving. (th=
is
> >> sounds like an easy case to not require a prior write access just to
> >> move it)
> >
> > Ok, working on it. split_huge_pmd() already knows how to split
> > huge_zero_page but I think I'll need special handling in both
> > move_pages_pte() and move_pages_huge_pmd().
>
> A PTE-mapped huge zeropage is just a page table populated with the
> ordinary shared zeropage. Are you moving the ordinary shared zeropage as
> well? If not, you should do so for consistency (or not do either :) ).

Yes, I think I should move ordinary zeropages as well.

>
> --
> Cheers,
>
> David / dhildenb
>