From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80F3BC7113C for ; Wed, 28 Aug 2024 21:37:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 11B896B0085; Wed, 28 Aug 2024 17:37:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0CBC66B0088; Wed, 28 Aug 2024 17:37:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EAE3B6B0089; Wed, 28 Aug 2024 17:37:22 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id C60486B0085 for ; Wed, 28 Aug 2024 17:37:22 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 547C0A98BC for ; Wed, 28 Aug 2024 21:37:22 +0000 (UTC) X-FDA: 82502965524.23.29ED3F1 Received: from mx-lax3-1.ucr.edu (mx-lax3-1.ucr.edu [169.235.156.35]) by imf27.hostedemail.com (Postfix) with ESMTP id 374A540009 for ; Wed, 28 Aug 2024 21:37:16 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=ucr.edu header.s=selector3 header.b=EJgtbkwN; dkim=pass header.d=ucr.edu header.s=rmail header.b=B7nboAQ6; spf=temperror (imf27.hostedemail.com: error in processing during lookup of xli399@ucr.edu: DNS error) smtp.mailfrom=xli399@ucr.edu; dmarc=pass (policy=quarantine) header.from=ucr.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724881020; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=QU8B1TkKudrXi3t6vU2mLRqC95KcE+EPN+9AF0WMWOU=; b=k5DiYnHV8A9XpUIgcOVEgTm3e7NA1nbjMRSMyQWVITAKL9jkgxBZnBluQooa60vpH5rSoY fkU2NnCWT75xkxK7aJHiDrLj9ECd+ebSoZR8B++nD5D2HCW9JlnRM10Ojua2B8CvF8+KeT XUJJfWwvWjgE2a5S7tFVbhRGa7H/ebU= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=ucr.edu header.s=selector3 header.b=EJgtbkwN; dkim=pass header.d=ucr.edu header.s=rmail header.b=B7nboAQ6; spf=temperror (imf27.hostedemail.com: error in processing during lookup of xli399@ucr.edu: DNS error) smtp.mailfrom=xli399@ucr.edu; dmarc=pass (policy=quarantine) header.from=ucr.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724881020; a=rsa-sha256; cv=none; b=fXsiniMBp8HLZ2Rf2KlmpYxmiDtyhEC5FvNEyFm3NRm3OAKvQaY0Gd07G9soEhMrd9HGUA T27RQJ8jjZgWYXqNpvWCooo86NX4gbv8UnXqKZwBO2xCEmGZvlh1WDDjuTZABMLwxQ9bQj ROjC4/Wy0LFhftbk/Wc1CfFRkLqwWSE= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ucr.edu; i=@ucr.edu; q=dns/txt; s=selector3; t=1724881037; x=1756417037; h=dkim-signature:x-google-dkim-signature: x-forwarded-encrypted:x-gm-message-state: x-google-smtp-source:mime-version:from:date:message-id: subject:to:cc:content-type:x-cse-connectionguid: x-cse-msgguid; bh=0haksBrdfYlCNq5hQizhK6BxPSsBBu/Anbu24tJfB+A=; b=EJgtbkwN0kM73zyku5eTCNLdgSfo1mbyUO/8WuIgFSC1UnWNjoDdpN9X frmka2WDTX4T5wB8WUaNjusx51ANgOAQQ8KtEbPCXaETljpuWdEK33VQH yNM65nY3SITYKL47eCfwB/gu865k/yeVIAsbS317FMzMX6P5z9mG0S++B AeQKe2dMx6LYjoRoHLbKUUIg7x7pPhXarORMp6M7+ik/lZcUWey/qO/Oa 7HeWD9XjbuXFByXClEKuQ4aaNLUn+rNCjlZt4O2kJbBRckI5BRze+D7Ee EfSqRzQLyEwhpAblj0LTiEeRsEYuErtV8df9BihgwCsTfKI32eWozo9xh w==; X-CSE-ConnectionGUID: YpW2LNtSSL6We1WJZ/YHJg== X-CSE-MsgGUID: hh7R4UM5QeqHhE1+le9uZw== Received: from mail-pj1-f71.google.com ([209.85.216.71]) by smtp-lax3-1.ucr.edu with ESMTP/TLS/TLS_AES_256_GCM_SHA384; 28 Aug 2024 14:37:16 -0700 Received: by mail-pj1-f71.google.com with SMTP id 98e67ed59e1d1-2d699beb78dso5100449a91.0 for ; Wed, 28 Aug 2024 14:37:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucr.edu; s=rmail; t=1724881035; x=1725485835; darn=kvack.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=QU8B1TkKudrXi3t6vU2mLRqC95KcE+EPN+9AF0WMWOU=; b=B7nboAQ6XBJ0a8teoKw4u56N3Sl908E0TSXuo0O7EIitP161n/JqPXTbABwB6fUUch w7O4WyGJA+bEQHSdKChpoQ+P66H+6ObCp/YI5knuTG5h3uT+9OYQXYFecWlI4BZosUAz kaFdcNmPzvdRLg8o9Vo/qAzq+Qfdq5ARa/B6s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724881035; x=1725485835; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=QU8B1TkKudrXi3t6vU2mLRqC95KcE+EPN+9AF0WMWOU=; b=buT++JZCtcQaodeqWp2xoHvYzV8mWZP5Ez3gjWUKUmg1rZekfhNzMK8bz4F6GSY4Fk 1tBoAPc4NgArmOqXQO/JTbe3eMWtICRwi5PBWNC/NpzRW7ipfItxcFpKASYpGb1lzUUf 5RPfNIP0LQ4hQs+BRhTqDXzC1a9or+Frg9Vm0oTioeF7PC5LPkiaBTxnRM7Hh3sDuIEc cylY5d2mnBNjgAV6KmwsU00aGR6oavnlpJCGbl5Nt28U3ufyLqPxLiP5mcJDF51fJgLN UIeI4GSYm8mmXe8BWWN6qjSz067fEAkm7hWaFKvZTOoaTKHHQElHyZD7XfSOkvxMpa6i qKcA== X-Forwarded-Encrypted: i=1; AJvYcCW7WxzriPcxc2OhDu9nxQO2bMuYMsM/rIGOKc6hfIsYvx52oyLcqJLY80XJFRrDFYtXFa0Me/pVBw==@kvack.org X-Gm-Message-State: AOJu0Yzo6R2d19EqXI/aCkh1n4o7UovsrrMCFyL9sbmkvbZAVtVkHVpI Vm3QYA03rWHPAdJ/ugjfbudBVJsCnyBNZK8+a9lGlOBj6eB8SVon36iYC2hSOCsKEiUJyYJmppK P9Lu71WE8xACc4LRQQBsJwkuR+oLMRlawDuJ1J4ohHYXENLY8ngsC9jFkPTUrzAxj6PvxFiVuL3 2xiITa8TfkCc/1MTltwOH8N5U6 X-Received: by 2002:a17:90b:204:b0:2c4:aa78:b48b with SMTP id 98e67ed59e1d1-2d8564ad2e8mr717420a91.38.1724881034961; Wed, 28 Aug 2024 14:37:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHhmH98AhDlCMsobVBa8AbjzqM3ZS37VCwF14SOZHioc0I5Lh1Ow0KhTADaXXlDeEYLA0Zv9EhmZ2wPQa+/NoI= X-Received: by 2002:a17:90b:204:b0:2c4:aa78:b48b with SMTP id 98e67ed59e1d1-2d8564ad2e8mr717406a91.38.1724881034589; Wed, 28 Aug 2024 14:37:14 -0700 (PDT) MIME-Version: 1.0 From: Xingyu Li Date: Wed, 28 Aug 2024 14:37:04 -0700 Message-ID: Subject: BUG: WARNING in free_pgtables To: akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: Yu Hao Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Stat-Signature: 9sek1kwezuz946kict45wrzndpu86xp8 X-Rspamd-Queue-Id: 374A540009 X-Rspamd-Server: rspam11 X-HE-Tag: 1724881036-420784 X-HE-Meta: U2FsdGVkX19+lMnN8WQKy/WkxKuepXXfdkCBg9dUpPK7hMs5abvqWNM8k7Iq/v3aINfgdHtNH3dun9SHvZlotoCgnSGQiW4Zq1vADPwIqOV8nSYuzZ66cm46erOKHaadfB6HVCZQsq1mfRI+IvQtBlfnNVDa73NPpjt2WSWe1gvoXJPivkgC1mojhz2bkt8R6vulqtbexW6JfR54UbWWFdZPn9n83869g+tjY6jvHO0/Cdn0bVuIRvOOxOinrIhYYlLjlEYwRBbhzTjdOzIHhAogTWvEFRZ4iHpwehk0v1J208GQvsEJgHEcdkRWdqpKLIxkBc+uo2llKSp+yjqhphf9aVlmSY8yJWmRQlFS5qrHOUes24aOSVZE4FRqBLZB18FFxjPlaDtILHfK17uU+XsSQKcvO8yGX0TLxPiWun9fFEAnt+beI76KJmawR961baEV7FLUt5ixhrrrNLHAVV8rJ9Dy1roc1ONLYCatYW2NX6gGjdM5nLcD/1DJMfNcm2Yg5IkmYfJ2NOx9hyml4NzsypI0Cu+2mlQPGnzZxaEN2haElStq5h0jlwwTV85vzs7bXQRaBgBCZkazL+PxZZLIAAgC5/XxyqdQenLIU3DUDUXHnYHkrrocMQPDzb/NvzPwYlrvGPfdtZJmCml4zsfhtbBeH2kD6ZevPVuV7YAqWlb1NGjDMpCI+ua+MFnTqQd90C+uplrCWJehOz0rJVO7nvBP3nSq2CB57Hl+v85VW9Nbf72ILXGWfPLG3ZX4mQpbsAq5SBJ2E6YRuBE6p2FyKt+9hULeU55eSxuwhRYNcdOjQajUphl2gj2ClFJE0iLDlNU9xcKiDr73MaZH1fJvbdg/C+Ok+n3RIS1zSys4El6l69ONdtjGAh4tEkkXBTpUUnsI/MalYztlNfYp7mjgtr2CmFgz9XMlp31y2rC/ZK2G1AVkEk46jypDbSrVZbE0Np1UhAYpPhZ7DZj p6+GMYeC LQHVAl8KeFUqxS48yMkn3zPwILmn7EKFRdwoQvYEtiBwTL28RmnOWM5IysG9qYk8ZbL89NCTaGrCu+MFzhso35uTPSMKrIDRgs0vM/a9ci10kv4M6X350a53N3ROyuPMKTu9UKDMdhyjqB6ZMG86E9JkEEXVrhVdKWAJOzNCxlf6m/K0GUWCg4bzYjfJH/BE9Mm/agvJ25DCRkAFIDNizz7MTzeW0jDZ6hSne3JhhXYzjbzZhYwmbEU+57XyeYVIebJjYVNafKffCs5gvOT5XWcWdsw36Ii3lupXYUF3FriplD5jJHd0L2oQ+tJSiRzaPPtGf0rz/JY3eBsHztLNQJ5AR8Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, We found a bug in Linux 6.10 using syzkaller. It is possibly a logic bug. The reprodcuer is https://gist.github.com/freexxxyyy/5f0c95e95e1bc0fb681e504114b61de8 The bug report is: WARNING: CPU: 0 PID: 8053 at include/linux/rwsem.h:203 mmap_assert_write_locked include/linux/mmap_lock.h:70 [inline] WARNING: CPU: 0 PID: 8053 at include/linux/rwsem.h:203 __is_vma_write_locked include/linux/mm.h:714 [inline] WARNING: CPU: 0 PID: 8053 at include/linux/rwsem.h:203 vma_start_write include/linux/mm.h:733 [inline] WARNING: CPU: 0 PID: 8053 at include/linux/rwsem.h:203 free_pgtables+0x4df/0xbb0 mm/memory.c:403 Modules linked in: CPU: 0 PID: 8053 Comm: syz-executor107 Not tainted 6.10.0 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:rwsem_assert_held_write include/linux/rwsem.h:203 [inline] RIP: 0010:mmap_assert_write_locked include/linux/mmap_lock.h:70 [inline] RIP: 0010:__is_vma_write_locked include/linux/mm.h:714 [inline] RIP: 0010:vma_start_write include/linux/mm.h:733 [inline] RIP: 0010:free_pgtables+0x4df/0xbb0 mm/memory.c:403 Code: 04 00 4d 85 e4 0f 84 86 03 00 00 e8 3b 46 b6 ff 4d 89 ee 4d 89 e5 49 bc 00 00 00 00 00 fc ff df e9 86 fd ff ff e8 21 46 b6 ff <0f> 0b e9 b8 fe ff ff 48 c7 c1 6c 91 24 8f 80 e1 07 80 c1 03 38 c1 RSP: 0018:ffffc9000ac7f748 EFLAGS: 00010293 RAX: ffffffff81db0b3f RBX: ffff88801d8cbe98 RCX: ffff888021fa1e00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffff81db09ea R09: ffffffff8aed5df0 R10: 0000000000000004 R11: ffff888021fa1e00 R12: ffff88802ce66ba0 R13: ffff88801d8cbe88 R14: ffff88802ce66aa8 R15: 1ffff11003b197d1 FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ff0448ce6b0 CR3: 00000000244bc000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: exit_mmap+0x435/0xa20 mm/mmap.c:3352 __mmput+0x114/0x3b0 kernel/fork.c:1346 exit_mm+0x207/0x2e0 kernel/exit.c:567 do_exit+0x996/0x2560 kernel/exit.c:863 do_group_exit+0x1fd/0x2b0 kernel/exit.c:1025 get_signal+0x1697/0x1730 kernel/signal.c:2909 arch_do_signal_or_restart+0x92/0x7f0 arch/x86/kernel/signal.c:310 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x95/0x280 kernel/entry/common.c:218 do_syscall_64+0x8a/0x150 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x7fb06353406d Code: Unable to access opcode bytes at 0x7fb063534043. RSP: 002b:00007fb0634d10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: 0000000000000002 RBX: 00007fb0635c92e8 RCX: 00007fb06353406d RDX: 0000000020000080 RSI: 0000000000000001 RDI: 0000000000000004 RBP: 00007fb0635c92e0 R08: 00007fb0634d1640 R09: 0000000000000000 R10: 00007fb0634d1640 R11: 0000000000000246 R12: 00007fb0635c92ec R13: 0000000000000000 R14: 00007fb0634f67c0 R15: 00007fb0634b1000 -- Yours sincerely, Xingyu