From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0D24C83F09 for ; Wed, 9 Jul 2025 00:11:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 40C896B008C; Tue, 8 Jul 2025 20:11:22 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3BD196B0096; Tue, 8 Jul 2025 20:11:22 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2D29C6B0098; Tue, 8 Jul 2025 20:11:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1BB686B008C for ; Tue, 8 Jul 2025 20:11:22 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 99FBC57DCF for ; Wed, 9 Jul 2025 00:11:21 +0000 (UTC) X-FDA: 83642796762.18.3464261 Received: from mail-qt1-f172.google.com (mail-qt1-f172.google.com [209.85.160.172]) by imf10.hostedemail.com (Postfix) with ESMTP id AF70EC0006 for ; Wed, 9 Jul 2025 00:11:19 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=KlwYHAkC; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752019879; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TareOnxwISX+lcaXM73qp5CVhC7/Qy48266uBzG4H9I=; b=JXViru8QxFphLv6+mBsy4HPGnfmo752I5/P4EfinuaP98llY9/vThnirvhoD/tM3tl0eYq N3dkzaOPah6jy2aAIyoTM0B1B0JTDcvRyx/7hYV6UMqqvDWaZY+qSiDPKJSXubcZr/pzUg H7FP3uEDHBmWOmBaUHrsMkYe723Uksw= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=KlwYHAkC; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf10.hostedemail.com: domain of surenb@google.com designates 209.85.160.172 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752019879; a=rsa-sha256; cv=none; b=LX+imRHoTuGFCHmHKKamUUgEkJ9OGazzX0RN+1d/GxDfaLrYDsEzgOYpzIXOqxHZ3eVcV+ FG7dGsjgWcUFOz7XJw5v0Br/cAhAoPngBlcqQ2rwU5ZcZ2FxRLMJhzEqyN5fNZ1qO4oxOL 4hEZUTk/KyDT3OKkTXddUe5WXYdBBp4= Received: by mail-qt1-f172.google.com with SMTP id d75a77b69052e-4a5ac8fae12so206791cf.0 for ; Tue, 08 Jul 2025 17:11:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1752019879; x=1752624679; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=TareOnxwISX+lcaXM73qp5CVhC7/Qy48266uBzG4H9I=; b=KlwYHAkCFdpp4Yb8RRnUhQqo5HAk3CpyKfuDx4PCiJ196UmCJRCnby4ROYBpvu4mbg juYbjDnRyFHC4wRTkHqGQc3qqOm4t9+FKg6fZ8hGAfaFnkAyhyCiq++uWwnSyZBZk+KL pOHKjYIh5Qb5RJRIRe0+iMKhlJmG+c4j6T20SRiPIk7Dmrcn6/bztGgz2J9EBa9/GR5m H9nuoaulfC+wqtp4vRjpRoJKhtDgsBXOckCgJmYrYQdy3dJbncSEHK6vv8IyD1VZXkBE B2byMNJ/PQSdNKEspU8duZH3tFyXYGubW5nApY5rT+aeJXcAvazpdZnV2oUvtFY/9tDZ 3vTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752019879; x=1752624679; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TareOnxwISX+lcaXM73qp5CVhC7/Qy48266uBzG4H9I=; b=wBJsUUlc4QCFAqN8/2x9q6EYa8fSAMOndngSdr6kDAu0gj4DTquJ+JHMiXnmec2jrj WCFd8BE+X2emJEVVxWFwJh1/4me5khJJCiFizaE0iA+x1o+JkryEKz2u0JqzaiR2jOCF sF6Lzm1EuNxqI5HNhoQwb2hOrMLveYdBdYNV6qAP+jZv1/x2sKrCRfJYHJimRanY9bfP rGr2txZ5wax+X79bx34L5zfsSaQk7xlStGdAb2gHvB69rB/4fCsSrvV2qrFAQwwUuecZ EPThsFwKMECXXqZuF0KN6OHOztMg7jC+QJSgx/8muQZmXQ/z146dxwmVjdXiGpmnFYo7 qSvw== X-Forwarded-Encrypted: i=1; AJvYcCX43U/U4Ns3BD/Jtucn6x748shrbdR6IorqXtb4sOrCbRPhbnFkJquvdDxgLBM3vgMsWGm714jFGQ==@kvack.org X-Gm-Message-State: AOJu0YwJJ51lPEOUeE9QWMzQz+dC0W1wBPNkQZKLQDclV5jAaDPIJoDo DDEWBKBe2RdCckmAgNSbusHf6gCy17vnBVq6k28kX25A7YjgEISj7/TXCW1x8+gJsjrYQfNstqQ M4RLH/+G+/opsYmuppRa1wZKZqZOavWGn+1JlSzer X-Gm-Gg: ASbGncuNhY17j2hXd/ZipC8OOfz0EKMkz2V2VmNxwPHT9pWJiOxkvgQ+MM2GqLgsKNp lv2iQv7IPp2u4IJWskf8b7e3CxTjWTBvxMzu4u0vwOpAwE1gK7PUYL7HD3H//j7O8zjHnUfDjAH BQrERaeIMnbXsQ0WxCs0tDHYB/AXrMae7lvPk93VXRrw== X-Google-Smtp-Source: AGHT+IF4A1y1FOvYj1uWjT8cHk05m4R14gEJm0srliKNkuJSA6GnkleKeFrd2bqjmojI9cEN94lXzNXKVGxam9TlkxE= X-Received: by 2002:a05:622a:8c16:b0:4a7:179e:5fec with SMTP id d75a77b69052e-4a9de110275mr885711cf.15.1752019878226; Tue, 08 Jul 2025 17:11:18 -0700 (PDT) MIME-Version: 1.0 References: <686d5adb.050a0220.1ffab7.0018.GAE@google.com> In-Reply-To: <686d5adb.050a0220.1ffab7.0018.GAE@google.com> From: Suren Baghdasaryan Date: Tue, 8 Jul 2025 17:11:07 -0700 X-Gm-Features: Ac12FXylKbEqBMTG7W7-HNcs-CbE_beeX-JQtMBomIOQmtVogjJgziXjbs2Im0Q Message-ID: Subject: Re: [syzbot] [mm?] stack segment fault in mtree_range_walk To: syzbot Cc: Liam.Howlett@oracle.com, akpm@linux-foundation.org, andrii@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lorenzo.stoakes@oracle.com, shakeel.butt@linux.dev, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: AF70EC0006 X-Stat-Signature: i7m387ayqmkb7prxrc3ycctfjdfd5k4j X-Rspam-User: X-HE-Tag: 1752019879-313446 X-HE-Meta: U2FsdGVkX1/wdZVyeB6H7DmoOmj8IiAm8noQwGRCrGBKsLW4v3DNNU/FFF5Lw7TsmwJjMizjFDM5YNvwRIzTMPwOPIhdT5X+1U6ZndVSEpsy1eFBTwn3a1rF95lKZiUM+BZ0V7HNk4BSswl5AaQlY8TN/RmblPtyzw46wQt449mxWmoPeFUuDA0+TLoHzHeTY9NvSTLeuBTcE3Lx13tjIoJIU7ZP/RZbVAUVLflxUdYBMOF982iaVq/xFI05jczonndjdJEjyF9CLPZ70d+a2WzzX+PhtvWaLry5zQZ2agGWq8SfRdNbp0AoNfXY2vXabQESGYjAROJGmOBU2WlgtXSLWTEoR3IOSl8o8kb2uR5JsdRU/li0dkRhoVPDfGtPomyK/wZcqzCBAoVMsKkX6pKCVQ6FYwRhYId01OJqL2aozM9XXMwGK8UVnQ6+iGVeEoNuVVKFSKN/nPfH4d+eITNxgoGH/22XsJwFt2D0Q5NtR9YhJvJquSlignJUC3aldyJY+7a23YUKVxO6AcWHLDI4meMz8rrvosz0GFZpLHCHnsulFo2Tp66Yh7/nVcA4RJa5aZMdwrqn9sjweD7H/CQy69d9UaXpDwtHD15ggAi7+PDTenCFXudv1xSV8YyAfmm4UFi7v6jOb9RMw1BkaYZscaS7KjAvA8UUrikzDncBOyhXGwD9jicYCqinVTZf5i8A4T6CzLXLPz9bQs5RK9CkhTlKoShJEdfqxoSPFuIG7+7XTCV2W14Y1VxmB2tEKdpqPG1rmxnavxY65ssD9zFW1AKOVijAvh/cn0E1mhO5EhqDLgeyaMoKqOvenXrayoSML6XOGMiMVVwf2fPS+Qq+33ZUc2t9OycDURGt3ifnkAS3PPFkZSdyEyaA5tT/MlQCQIA06waS+QQP2bht+HDsjx/eMhFVMtg6r51Fwe3SXzq7hynLbIPSBcl8K7WCilsNu1eGJxuiz5ByP2a KEcHKlkV k0otUdIS2Js+/g0Z2MexuDMAghvUcELjDnhWD49lworofrfegEzjKywbMp354rKyC0hLurPBxBfA7ivPEPKhywRGg0EeDtf0PQi0Ls4HV+ecAszmNBDuuEHBr+fMzUZ6nALjFK8+hEJeVjkO19rSsAaoUluMt2XYKnuQ2xQZ3/L/xmDwNyvjGaQNaWK7b3eslaDOo3euTxeIyBRfLL4lrwMgaxiPbg86dFhoyPsf1Eav24F+jIIWi1mqKQPUJkixkFmLFfUHw1gPsRc4CE4cfa5P5tkdZ5mkumB6ZyelmwFMvVl2BEqYzSwN9wVQIUg60imzOuHx2pU5Ac1CyW72EGy3ENkKqjMn7otQRDPbQQkXzzMoCRhg1TgggaMdEb7RnhqOM3TEa+zHV4Ah20YMuK5p5mRTactlhGAovtRUH2EKLUvAuQaGgGsji4gzaj8JYP0ENFYEXOZOF1Zm2Eqt//3W5mxrDGLuDTx7kE+oIquBw6TtM49ZW71DzZFTo/yK/E/s0lZu7SthHArmMhNpsOjnAFU3tVKsL49aScaKnAKWNxxFW2oLx8s7I7ceAoRb51L+pMuPsKSpoTa0AzR09DKXY0UizOTouTiyMHO2O+W4qxlgtcyNb8wLFfAtEwuINIbRiAT5WsRuNt3dAg2LGjHpyRLUphbl5PfAoAkU6/tFXEuPbMrp3wy78AGonUfOpkA38apeNy6ZYFV/V+fgp5PrDT+SZboOQfa7/gclxtzOSSfMOG9Ns5yteV0Q1XxEImNxlv3uoLFJ8FUrHazXhq24uDTKQSJYJeOe3nRPPHV9NL0sAYfjrVrnFunLtz8mH0qTPRhGHoDm4QBsicDpLh/T5IE2lA/MRIAZsUVBLoFSK8sSvWjz+kZHuXU+1TVC2kRKQtOJ9KBuokd3/RVwHviWJqRvtsjc15pMjzLD1vOTkFIz/umezMHkF881Pcbz86PsS/MCC69v2vS9MzI+NGn7x3q6+ K6v1pWEm frAF3Z8xy9HMehDDejLgt+knvPvJi9cXsy0p+GP3WfOVTEDTOhjG3zJcH06BeaeEZpE2AJNjjRtEy9P7se1B9hq8cJh9p61S X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jul 8, 2025 at 10:52=E2=80=AFAM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 26ffb3d6f02c Add linux-next specific files for 20250704 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=3D13eedf7058000= 0 > kernel config: https://syzkaller.appspot.com/x/.config?x=3D1e4f88512ae53= 408 > dashboard link: https://syzkaller.appspot.com/bug?extid=3D8d7491ac5a289af= 56d5a > compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f604= 9-1~exp1~20250616065826.132), Debian LLD 20.1.7 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D14e15582580= 000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D101edf7058000= 0 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/fd5569903143/dis= k-26ffb3d6.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/1b0c9505c543/vmlinu= x-26ffb3d6.xz > kernel image: https://storage.googleapis.com/syzbot-assets/9d864c72bed1/b= zImage-26ffb3d6.xz > > The issue was bisected to: > > commit 6772c457a86536f3496bf5b3716f34a5ac125783 This is also the previous version of my patchset that is not in linux-next anymore. > Author: Suren Baghdasaryan > Date: Tue Jun 24 19:33:59 2025 +0000 > > fs/proc/task_mmu:: execute PROCMAP_QUERY ioctl under per-vma locks > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D12cad58258= 0000 > final oops: https://syzkaller.appspot.com/x/report.txt?x=3D11cad58258= 0000 > console output: https://syzkaller.appspot.com/x/log.txt?x=3D16cad58258000= 0 > > IMPORTANT: if you fix the issue, please add the following tag to the comm= it: > Reported-by: syzbot+8d7491ac5a289af56d5a@syzkaller.appspotmail.com > Fixes: 6772c457a865 ("fs/proc/task_mmu:: execute PROCMAP_QUERY ioctl unde= r per-vma locks") > > Oops: stack segment: 0000 [#1] SMP KASAN PTI > CPU: 1 UID: 0 PID: 6058 Comm: syz.0.18 Not tainted 6.16.0-rc4-next-202507= 04-syzkaller #0 PREEMPT(full) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS G= oogle 05/07/2025 > RIP: 0010:mtree_range_walk+0x2d7/0x840 lib/maple_tree.c:2773 > Code: 00 00 48 8d 04 2b 48 83 f8 01 0f 84 b4 00 00 00 e8 6e c6 4f f6 49 8= 3 c4 08 48 ff c3 eb ac e8 60 c6 4f f6 31 db e9 e1 00 00 00 <80> 7d 00 00 74= 07 31 ff e8 3c 63 b4 f6 4c 8b 2c 25 00 00 00 00 48 > RSP: 0018:ffffc900039df9a0 EFLAGS: 00010297 > RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000005 > RDX: ffffffff8b6fe83a RSI: ffffffff8f893390 RDI: 0000000000000000 > RBP: dffffc0000000000 R08: ffff888025693c00 R09: 0000000000000003 > R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > FS: 00007f67b2a0b6c0(0000) GS:ffff888125ce7000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f67b2a0af98 CR3: 0000000075f14000 CR4: 00000000003526f0 > Call Trace: > > mas_state_walk lib/maple_tree.c:3630 [inline] > mas_walk lib/maple_tree.c:4933 [inline] > mas_find_setup lib/maple_tree.c:6012 [inline] > mas_find+0x8e9/0xd30 lib/maple_tree.c:6052 > vma_next include/linux/mm.h:864 [inline] > lock_next_vma+0x101/0xdc0 mm/mmap_lock.c:216 > get_next_vma fs/proc/task_mmu.c:182 [inline] > query_vma_find_by_addr fs/proc/task_mmu.c:516 [inline] > query_matching_vma+0x28f/0x4b0 fs/proc/task_mmu.c:545 > do_procmap_query fs/proc/task_mmu.c:637 [inline] > procfs_procmap_ioctl+0x406/0xce0 fs/proc/task_mmu.c:748 > vfs_ioctl fs/ioctl.c:51 [inline] > __do_sys_ioctl fs/ioctl.c:598 [inline] > __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:584 > do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] > do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > RIP: 0033:0x7f67b1b8e929 > Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f= 7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff= ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007f67b2a0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > RAX: ffffffffffffffda RBX: 00007f67b1db6080 RCX: 00007f67b1b8e929 > RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003 > RBP: 00007f67b1c10b39 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > R13: 0000000000000001 R14: 00007f67b1db6080 R15: 00007ffdeba76008 > > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:mtree_range_walk+0x2d7/0x840 lib/maple_tree.c:2773 > Code: 00 00 48 8d 04 2b 48 83 f8 01 0f 84 b4 00 00 00 e8 6e c6 4f f6 49 8= 3 c4 08 48 ff c3 eb ac e8 60 c6 4f f6 31 db e9 e1 00 00 00 <80> 7d 00 00 74= 07 31 ff e8 3c 63 b4 f6 4c 8b 2c 25 00 00 00 00 48 > RSP: 0018:ffffc900039df9a0 EFLAGS: 00010297 > RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000005 > RDX: ffffffff8b6fe83a RSI: ffffffff8f893390 RDI: 0000000000000000 > RBP: dffffc0000000000 R08: ffff888025693c00 R09: 0000000000000003 > R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > FS: 00007f67b2a0b6c0(0000) GS:ffff888125ce7000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f67b2a0af98 CR3: 0000000075f14000 CR4: 00000000003526f0 > ---------------- > Code disassembly (best guess): > 0: 00 00 add %al,(%rax) > 2: 48 8d 04 2b lea (%rbx,%rbp,1),%rax > 6: 48 83 f8 01 cmp $0x1,%rax > a: 0f 84 b4 00 00 00 je 0xc4 > 10: e8 6e c6 4f f6 call 0xf64fc683 > 15: 49 83 c4 08 add $0x8,%r12 > 19: 48 ff c3 inc %rbx > 1c: eb ac jmp 0xffffffca > 1e: e8 60 c6 4f f6 call 0xf64fc683 > 23: 31 db xor %ebx,%ebx > 25: e9 e1 00 00 00 jmp 0x10b > * 2a: 80 7d 00 00 cmpb $0x0,0x0(%rbp) <-- trapping instru= ction > 2e: 74 07 je 0x37 > 30: 31 ff xor %edi,%edi > 32: e8 3c 63 b4 f6 call 0xf6b46373 > 37: 4c 8b 2c 25 00 00 00 mov 0x0,%r13 > 3e: 00 > 3f: 48 rex.W > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > For information about bisection process see: https://goo.gl/tpsmEJ#bisect= ion > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup