From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DBA19C7114C for ; Thu, 29 Aug 2024 00:19:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6935B6B00C9; Wed, 28 Aug 2024 20:19:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 644816B00CD; Wed, 28 Aug 2024 20:19:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 497BB6B00CF; Wed, 28 Aug 2024 20:19:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 285AC6B00C9 for ; Wed, 28 Aug 2024 20:19:08 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id DD4171C4093 for ; Thu, 29 Aug 2024 00:19:07 +0000 (UTC) X-FDA: 82503373134.16.0A45BC8 Received: from mx-lax3-1.ucr.edu (mx-lax3-1.ucr.edu [169.235.156.35]) by imf11.hostedemail.com (Postfix) with ESMTP id C8B9140014 for ; Thu, 29 Aug 2024 00:19:02 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=ucr.edu header.s=selector3 header.b=j5e3c0Zz; dkim=pass header.d=ucr.edu header.s=rmail header.b=IMMepS7P; dmarc=pass (policy=quarantine) header.from=ucr.edu; spf=temperror (imf11.hostedemail.com: error in processing during lookup of xli399@ucr.edu: DNS error) smtp.mailfrom=xli399@ucr.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724890674; a=rsa-sha256; cv=none; b=xKvZViKo9flUOxo1tW20lr06J4JDyNZKQZ+oPuPsDD1JitEUWqmEFhLFELKiui3bp6O386 Cu5MdbGR7VAa33b1O5l+CBnRjqN1th6xea9id77VSdyV8+/lVSG1DbuPGYYwS1h4J7HTJt ZxgPdt1LnmsgHAeypvlu17/EBgAF3L4= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=ucr.edu header.s=selector3 header.b=j5e3c0Zz; dkim=pass header.d=ucr.edu header.s=rmail header.b=IMMepS7P; dmarc=pass (policy=quarantine) header.from=ucr.edu; spf=temperror (imf11.hostedemail.com: error in processing during lookup of xli399@ucr.edu: DNS error) smtp.mailfrom=xli399@ucr.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724890674; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=piY5vSxaAQrSvyrcWvXCTwg74AI3HDMUYVVmeZ6xPy0=; b=ffRxoKx9CBgbEppIJZXtZM5HeMPqBIxvGczNc+cp0fCO+gYPi1Tv9zPy5M5zvxK1HkX/H8 2qj2WekrYwfYt3DCj7An36xs34TWiShB3fq92x07yT/wpCyN1henUx0ntgI1kzla0M+kgh QI8mVMs3QtIDubK1KjBF96v/oVMOutc= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ucr.edu; i=@ucr.edu; q=dns/txt; s=selector3; t=1724890742; x=1756426742; h=dkim-signature:x-google-dkim-signature: x-forwarded-encrypted:x-gm-message-state: x-google-smtp-source:mime-version:from:date:message-id: subject:to:content-type:x-cse-connectionguid: x-cse-msgguid; bh=91Qb4x2mE4Yov3OwOKgJwUXPPzemN7wt1wPPgSzydjM=; b=j5e3c0ZzLWO+c/2j2/GtVQY0GZ/RzUYGUMRO+wAAksOChosLquScr8KR oXJ3eEpCk01T9VBEaQSvcdn7BlRQSZClTFfpnbusVa8ewy2vC9n78ePfu eznk5SVmlERRsA3wfLGwzGN1HSTOXaaSma93m1usfBsIunLU8JgWyttEe YWUA0s4gEZN/VHbmPnlLlkPWAA+tPiMEtleNeQS0UPCOo6s/hWwxF30c+ yBG7Y0uDM4hj4yqClFfNP2hOgfHxwQPhuG1BoTpGsLMP2AvDLFI+vtscs cQdtiBWSTZpduFcf0SYR/f5UsAKM1e3sA7r3jTInsJM1W1nCk+QqVdaIP g==; X-CSE-ConnectionGUID: M+AOfXtqRsi5THDPwufihg== X-CSE-MsgGUID: tYQllZjmTiWt2dbPryx7oA== Received: from mail-il1-f197.google.com ([209.85.166.197]) by smtp-lax3-1.ucr.edu with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 28 Aug 2024 17:19:01 -0700 Received: by mail-il1-f197.google.com with SMTP id e9e14a558f8ab-39d2dee9722so524235ab.0 for ; Wed, 28 Aug 2024 17:19:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucr.edu; s=rmail; t=1724890741; x=1725495541; darn=kvack.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=piY5vSxaAQrSvyrcWvXCTwg74AI3HDMUYVVmeZ6xPy0=; b=IMMepS7PI8fDzE0T9d5JoIjHSqxDXkCRwwbLOhFjZU+v0WRL10P/Vu9suf0NpZsVr2 /yTCHKUNLFLfitfUqSgoAFHSJX+ah1F5yW+M4kaBVxoCdXRyf9qx6H3EDd5alwNuJ299 /t/IsGg8NFIVV1e2FbfKYyKexyKOE2kP2bavE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724890741; x=1725495541; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=piY5vSxaAQrSvyrcWvXCTwg74AI3HDMUYVVmeZ6xPy0=; b=UYYhLOwfu2aaTrgAlVFYkgNibU8KQABOv4EFigBjBMuZY/fTUB9waSOAy8/aVnJ5zz N2zmwWAfS2fzhi1NmfPTAQDy4ayz0bknqlyf4/GP092Xxn/OY/pehdTIo9z5LW06yigP akiRhMoYixfWPHNCxMRGUjDHlc/HcSNHh0JSqjVX8KzqQqt1mHEDCGxVnEKPuQxfL4wn S/zH+W6TIFvLzbozWcXg2iLPkTo1KrQq1ux9B7lVIcIz57b+ywNYBqPxsr5PWWkPJbHT S3Jr3Q0QJFT2qd073OPAkjHRGAnjJwo/xWu4qz5ZQMHnVY9z6vMNOYPyEdkggfCIDLVp b21Q== X-Forwarded-Encrypted: i=1; AJvYcCWxAUt1PLm3P/lTswATAwZxcnwmiAvK2m11klw6PeQMP4YEnidM9NNJqwFnrOZjSFw+bFCQxnGFRA==@kvack.org X-Gm-Message-State: AOJu0YxtTCS3hlu9TtkJhdq5suZGOl5EwTGSv5DQbS9+ZbAdSAcgvwoN TKM6qdZRFT7dyqFiGXRq7n5GLsg7E/rzGjATr6pytIHcaO737ARG37QTYEM7hoq6RgAgU6T4wsH IYNm86rOR63Lf/vkgKKSEyFMMpRfFYIlvZiPTpmWiXk6Yltfcm6MBHmTefTI5z3t9GrljQaJMAR JLW4Qe54oMhS2xnveew1kkBM5s X-Received: by 2002:a05:6e02:1845:b0:39d:25a2:7b6b with SMTP id e9e14a558f8ab-39f377d81fcmr17116065ab.1.1724890740833; Wed, 28 Aug 2024 17:19:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGWYq9ZBxKYRX9NBDMJ96aE+ikB6HcOt5nHkpONM5r9OpzxpcBPlGUYVeP26HqnXu3IHCg4QoyYGUMCgjXQvj8= X-Received: by 2002:a05:6e02:1845:b0:39d:25a2:7b6b with SMTP id e9e14a558f8ab-39f377d81fcmr17115955ab.1.1724890740512; Wed, 28 Aug 2024 17:19:00 -0700 (PDT) MIME-Version: 1.0 From: Xingyu Li Date: Wed, 28 Aug 2024 17:18:49 -0700 Message-ID: Subject: BUG: INFO: trying to register non-static key in free_pgtables To: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Yu Hao Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: C8B9140014 X-Stat-Signature: b1ocnsg77gj396ri65wbixhsunppc4ou X-Rspam-User: X-HE-Tag: 1724890742-586708 X-HE-Meta: U2FsdGVkX1/wBWWflGbdyCaN3LKRvshN52xo5TceuGJxtz5gKGSrB0rp/3iAwvMRbSfgY/74SHFpuW1PGLNKtHNdYcflgmliVRyFowtO6Bd4NbYcRSUOdyUpdpJfn3lRC0lu7QYvqunccbCgRDUVhuViikL5mB7k9rroFTlVi/i7Qd2j3/Ux+pj6xhexT2THt3PiP5G5nWbMZV1hMcRmvQCit/YXf8PdPw9iK1saBy92EmZWYBxkWkr7cZgTyNuzxT1KKNY0w6b1zMZPQjPs1iq9a4tpH5tMF/qiSdelyW5aeX+jvzpif4pEOlw/OGfepbDOkhL0w4UeWJftRW3zOOOb4fnNs/3mXr5N4LXv5ifhNbpiPKheY9P1OXAb891i8Cb1Z1ALkBTtf0xYi7Pc0/FS95/0KfKyXb7tkMDUsUqV6//MD8kkNxWddYe2GgoZG586Hwi+N826Se7qaNi/ID0Ad/siUeYfObHEF3BoVV/Ulsz4o4r25wmayMlHT+fVZ6BGI+TeDrXBtSowxlw1PEfwN6P9vfJJ8YPrULh/o0NbqdUfmFLlVzN/YMTsjuH2qguS6PmP2bjdPi2gF6OR8BqT5AJIHegWBRPeNmTGfCLcX09Ehiz/ftIKgmbYvYQynGA1hPsUdmg/rn65mrbAchzF51Ax5psyTFVFRIEPxFLXex4JOmDnzkd4D+pFYzJl8hy9cFXD175MBytK6kYMEO7SdLI772RovkoIA6Wn+wKdIKJ+4fdhyCs1xbNgJNN5ecMcgb9m10QF1kEANNdkVfgo6lKlYFtpgrXaM6Hh/Rn2P3IzOetd7P77JN655gz2E78I1fV+8PhXOxK/Fkl5jEXzufBfiQHeWTyZPPd9vkApS/Gs1Px/maIFh5HdTYOL1zSXueH+qiOQYuti9rS+xKSvqBB3h5q5QpVVkg6pz7QpLHijywW1K3jRlB2gsRAugZjEOPnCCPVvGSW2omu iag6qKX9 74n9fSnb/wlZ4vus7alvegy9mJvS45RMR6E0WB6A1BKRtMxc5PuxuG1taszB5NocahWi+vFW/rNZi/63CucaBqyyHHRAUiYzhVp1e4EeLURTg1aLRS1YYkpd1xgwt3g5pcSkwFKJbbspAR8s6gI0E9DgV+jXw4F7i4Evznw8PL+W9l37PMxCYs55Sq1ozQrF/Hv/JThHG1R6MABqYk9at/aLGwWbUJi5taPNZ7ONXpTHGVYnxBupyfzJdGV2nakt27TUeMbq98+5ZJcxhynvF81wBQ2Hdmya+JDOVts6ndSdmX2HGCfH/YHdnuYrrqPfsJSV3tCB97K16WEwqRb7vFh5dZA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, We found a bug in Linux 6.10 using syzkaller. It is possibly a corrupted lock bug. The reproducer is https://gist.github.com/freexxxyyy/09beafefaba6bf750780dde92b97cab8 The bug report is: Syzkaller hit 'INFO: trying to register non-static key in free_pgtables' bug. INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 8525 Comm: syz-executor118 Not tainted 6.10.0 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x23d/0x360 lib/dump_stack.c:114 assign_lock_key+0x22f/0x260 kernel/locking/lockdep.c:976 register_lock_class+0x285/0x9a0 kernel/locking/lockdep.c:1289 __lock_acquire+0x186/0x8050 kernel/locking/lockdep.c:5014 lock_acquire+0x1a9/0x400 kernel/locking/lockdep.c:5754 down_write+0x36/0x50 kernel/locking/rwsem.c:1579 vma_start_write include/linux/mm.h:736 [inline] free_pgtables+0x458/0xbb0 mm/memory.c:403 exit_mmap+0x435/0xa20 mm/mmap.c:3352 __mmput+0x114/0x3b0 kernel/fork.c:1346 exit_mm+0x207/0x2e0 kernel/exit.c:567 do_exit+0x996/0x2560 kernel/exit.c:863 do_group_exit+0x1fd/0x2b0 kernel/exit.c:1025 get_signal+0x1697/0x1730 kernel/signal.c:2909 arch_do_signal_or_restart+0x92/0x7f0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x95/0x280 kernel/entry/common.c:218 do_syscall_64+0x8a/0x150 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x7fc7391d323d Code: Unable to access opcode bytes at 0x7fc7391d3213. RSP: 002b:00007fff88ca0c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000002 RBX: 0000000000000003 RCX: 00007fc7391d323d RDX: 0000000020000080 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007fff88ca0ce0 R09: 00007fff88ca0ce0 R10: 002367732f766564 R11: 0000000000000246 R12: 00007fff88ca0c7c R13: 00007fff88ca0ca0 R14: 0000000000000000 R15: 00007fff88ca0ce0 ------------[ cut here ]------------ DEBUG_RWSEMS_WARN_ON(sem->magic != sem): count = 0x1, magic = 0x0, owner = 0xffff888019e43c00, curr 0xffff888019e43c00, list not empty WARNING: CPU: 0 PID: 8525 at kernel/locking/rwsem.c:1364 __up_write kernel/locking/rwsem.c:1364 [inline] WARNING: CPU: 0 PID: 8525 at kernel/locking/rwsem.c:1364 up_write+0x405/0x570 kernel/locking/rwsem.c:1632 Modules linked in: CPU: 0 PID: 8525 Comm: syz-executor118 Not tainted 6.10.0 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:__up_write kernel/locking/rwsem.c:1364 [inline] RIP: 0010:up_write+0x405/0x570 kernel/locking/rwsem.c:1632 Code: 48 c7 c7 40 7b 4c 8b 48 c7 c6 20 7d 4c 8b 48 89 da 48 8b 4c 24 20 4c 8b 44 24 30 4c 8b 4c 24 28 50 e8 ef 98 e7 ff 48 83 c4 08 <0f> 0b e9 c0 fc ff ff 0f 0b e9 34 fd ff ff 48 89 5c 24 30 c6 05 b8 RSP: 0018:ffffc9000b517660 EFLAGS: 00010296 RAX: fb8e9a7beeddf000 RBX: 0000000000000001 RCX: ffff888019e43c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b517738 R08: ffffffff8155a25a R09: 1ffff1100c74519a R10: dffffc0000000000 R11: ffffed100c74519b R12: ffff888018f3eeb0 R13: ffff888018f3ee58 R14: 1ffff920016a2ed4 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000056207a826098 CR3: 000000000d932000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vma_start_write include/linux/mm.h:744 [inline] free_pgtables+0x489/0xbb0 mm/memory.c:403 exit_mmap+0x435/0xa20 mm/mmap.c:3352 __mmput+0x114/0x3b0 kernel/fork.c:1346 exit_mm+0x207/0x2e0 kernel/exit.c:567 do_exit+0x996/0x2560 kernel/exit.c:863 do_group_exit+0x1fd/0x2b0 kernel/exit.c:1025 get_signal+0x1697/0x1730 kernel/signal.c:2909 arch_do_signal_or_restart+0x92/0x7f0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x95/0x280 kernel/entry/common.c:218 do_syscall_64+0x8a/0x150 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x7fc7391d323d Code: Unable to access opcode bytes at 0x7fc7391d3213. RSP: 002b:00007fff88ca0c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000002 RBX: 0000000000000003 RCX: 00007fc7391d323d RDX: 0000000020000080 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 0000000000000000 R08: 00007fff88ca0ce0 R09: 00007fff88ca0ce0 R10: 002367732f766564 R11: 0000000000000246 R12: 00007fff88ca0c7c R13: 00007fff88ca0ca0 R14: 0000000000000000 R15: 00007fff88ca0ce0 -- Yours sincerely, Xingyu