From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6847DD40D13 for ; Wed, 6 Nov 2024 01:08:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 91FCE6B0085; Tue, 5 Nov 2024 20:08:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8CF536B0089; Tue, 5 Nov 2024 20:08:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 796FA6B008A; Tue, 5 Nov 2024 20:08:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 5A9EE6B0085 for ; Tue, 5 Nov 2024 20:08:48 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id BA2DE1C70A1 for ; Wed, 6 Nov 2024 01:08:47 +0000 (UTC) X-FDA: 82753885200.29.8C4E7FE Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf24.hostedemail.com (Postfix) with ESMTP id 5FA38180013 for ; Wed, 6 Nov 2024 01:08:41 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=SbJTHb3S; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of 3nMEqZwYKCAs3plyunrzzrwp.nzxwty58-xxv6lnv.z2r@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3nMEqZwYKCAs3plyunrzzrwp.nzxwty58-xxv6lnv.z2r@flex--seanjc.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730855267; a=rsa-sha256; cv=none; b=0BGLKUp92trCgmQkI3/0WbqR2pq8UGZ1bQzbj1jgQqCum54Y6IXa4NI/+v6IZyeVRYWHEu IGg32RZoCQiOoe8KCZzceI0rGP1XLpQ4eZawHGT8cPriqBcURsM5YCLyv+NswZ7bWkf6e8 16t6OrmKS56KPUcPc5bjYG6edMDYtdo= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=SbJTHb3S; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf24.hostedemail.com: domain of 3nMEqZwYKCAs3plyunrzzrwp.nzxwty58-xxv6lnv.z2r@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3nMEqZwYKCAs3plyunrzzrwp.nzxwty58-xxv6lnv.z2r@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730855267; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UMgtJ0KzOhmo9rIc3kh4+kOac/nNqUwcudzaP6/Cffs=; b=qusPWx+Oa25JeA8d8tIOZ7+eVpsSJTgf4L8huEb4TQR/SQ4tFCY7QaowbL5neRrheXqY1R iH2+4hpGcrTi4B7qzDZXrf1YJkn6Lv7XcoYbo+O84A105dTMI3/wMcg0L3QvtBgynt1hmx Fa/QgiJn1Y59SqgRZIaSIaoIzBgi4qU= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6ea8a5e86e9so61353597b3.2 for ; Tue, 05 Nov 2024 17:08:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730855325; x=1731460125; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=UMgtJ0KzOhmo9rIc3kh4+kOac/nNqUwcudzaP6/Cffs=; b=SbJTHb3SUMAsbBgJyn8LdQDCuhEmhiq1irCqMU2V3jcEo7Y3ZQJQreCZNVtddHRbuz L9e5Z31Fr83lE5lFbVNq+4Oxy1Wv8aZIRPFhLdTmr65hCE/JrzlUxgI0JHuGPovOZbP2 tgz3Um9fDnMAdWzoVZ0DfDZm/HlBgfaIeT7lhFIPAZIX932Edmi7faxPc7ENbysAL1g5 rju8apWzyTgQ+wKpXSfKu9TG9YebS+oUXL/qBkfdlrBIgsRLyeGYxeQZACnpODMMK+Tv OfXr3MIpXaDePnsUUV9q73/x6dc2M42+LG7MqwaY7hI5DR/PY4UWGuMqzJHRpgQHyBY9 UcrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730855325; x=1731460125; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UMgtJ0KzOhmo9rIc3kh4+kOac/nNqUwcudzaP6/Cffs=; b=XIJ3qWl3bovyhZzLFkAnHJjoSvJLmepuETJVFsMgKYWcbUB3x1OBMkVk6J3KjxUWGx W0Z9AEwAMEDbp3gytqHirBcfsxYeguslC5KwbbVoHwQipt5Uom+yNiYe2JvCEnSjArQ9 XwKMbJHrcXGPBnGU11yhmdZv0kN+nxlZZtWqwl8kvrtnJ8YyGTALHeWRPNCX4tfjRpaS zjIU3LEAMEjfmZ/oQlaTgJzQ3aKDsHqZ09rG1u+9QFRMeTqZFNXIjOOO78QotY//MA4B L/w+kj4eLBj/v36k/d0MOyfuuHAmv5uycVg57ladkvyGK4pq6SU6Zbsu6gAhXEY7unu/ fwxQ== X-Forwarded-Encrypted: i=1; AJvYcCXot6QJxPojlvCo7cGQmyG8USS4/4m4MCEz90Qs95h6Afe2SCeLIPzNKJmAcBify2lWj4Mc6XjBqA==@kvack.org X-Gm-Message-State: AOJu0YzIyvduXMQFl+KOKkjebaIX22Xe0g/hhn6wNNZ9orvD3QK9OaH5 +iYIaCSyA5uiMGLBP+0EBJV7aFsC8+FTvXYM6GEk+2Szczz/giCle2FmzoOlH+Nil001uOuRfcu zKw== X-Google-Smtp-Source: AGHT+IGX5AnXwVptVRYCTmYijITYZQXNG5Ljn81Ng3J/Wc79SvOmCCyPXICY2sJgH0SuFzxPk+mYHO6MGJ0= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:9d:3983:ac13:c240]) (user=seanjc job=sendgmr) by 2002:a05:690c:4c09:b0:6db:b2ed:7625 with SMTP id 00721157ae682-6ea521c92b4mr1265787b3.0.1730855324900; Tue, 05 Nov 2024 17:08:44 -0800 (PST) Date: Tue, 5 Nov 2024 17:08:43 -0800 In-Reply-To: <20241105105248.812dc586921df56e5bf78a5e@linux-foundation.org> Mime-Version: 1.0 References: <6729f475.050a0220.701a.0019.GAE@google.com> <20241105105248.812dc586921df56e5bf78a5e@linux-foundation.org> Message-ID: Subject: Re: [syzbot] [mm?] BUG: Bad page state in kvm_coalesced_mmio_init From: Sean Christopherson To: Andrew Morton Cc: syzbot , linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, kvm@vger.kernel.org Content-Type: text/plain; charset="us-ascii" X-Rspam-User: X-Rspamd-Queue-Id: 5FA38180013 X-Rspamd-Server: rspam11 X-Stat-Signature: dw7hm7kn5sts5jet5haow4mbt6jb4qyb X-HE-Tag: 1730855321-882688 X-HE-Meta: U2FsdGVkX18rGvIPH3pMUBovXelMDbhRYswz7SOeawBzay2i+RBZhFV1B5SWLMh0JVERfKJIlRqmEtRHCSZDvpn+Zgeq00PSlwfy92TgSFYZBvvBEQ0zyvmUzW+1Y+3nVNSQG5g7q6h1Dm3no909dNhyEQSEkq2o4zBjNwRAzP/euam4Cw/Uo+YFbf70tICQKDj8n0uFV9U9k/X3IWGYH8A4dAM7v6Vr7QFK4dIYZ69DOn0JeSVbsM1fUrmIrTtRb9OBT2BbeyOGwS2laRN5hT+uhA9ESxc+rdcMTiHAJy/seWWdJhVuaWkGmwI0iCR14REgLmAfMCQziTsBwAv5QrVLN7SJPAJIaZwf9j6zVjgDhlCyc6h/3en4gYw40fK4SS+/RCr38l46VF9ePN/JtYIbgwwiKFBNoZgNfVcAaezV/0PZdx1bQwrj8E+ixsrztXAKR7i1acIE7qFQOvGSWT1sxOjkwBSYlN3e0yorNNfdep+4nlzsGz2RaOsvhlX/BQnDYUmVLnqCj+ewaDfQGgpVrl554LYg0a+bqaq7+TFJOKjBllcZeKWKj8bUDpu77Q0ezlSd156HTsZ4TylQANa+rG+ZHsPrpIDMNXUnR4gxyJsTaDmZkMU6txgjuYMmhFmfnEwA1vi9B9EA5FW0qqrM+MXK3efANGeXL8OoDN15ymmQGmdkPEW4xU65B5nKHjJwYZdk6ot25m/f8FIg31w6uZkvJ8ujq6nrnssorr0pGFgAL13adolaNMWRErmgZQDzUpABGHzmlB7/D5xlkONkcoQAUXBzZxcmdse7hj11SnZh4PjYFDVvkyRhAxEG5lw1xxcOXbBrlI71tlMLjpROLnP5bPQk8S9So4RuTqIm5hBX9JdA491vIdicv1mUxcXAf3BixHmgEf9WFf+jbHckOMuHzNgOUMopNQljMEx8wf4AzR3UXabar7rUvk5HQ0dprjaSc1Gf3McS4z2 8rtNnJ57 /YHxREpteYgWQOKUm/1R+ddrtcY81a/9RLyxQGUOsIanlUFuVuc2vXFxwYFdyOQwAwGwXriBX9h42ctxfHt3Fg4K/ttKtE+fy72ingnWapM8UVVM0d5QVUbdmVWL2/zGlWwfsuazHQxjlUSmtB09xyIJdcTM1T/O/gHwxo4TtroId3Hum0ccV8oquL9v2VxiegrJv/rg9mw/hJKuFQXddphhdGnKtr+H4egaxqaS84ez6AV5Qkcjczk8PiMBDTJdb8uJYiEuAUopgw/AjlqHRWiuuvjTLy0iU4dQys4P2D8RW2REHOt7U55iWVcMThT8KaieoM3dgCGHGaaxhvu6VP1AdjfWQN67RRs8QtWMYc+SpyKikKRKdph0EXUmw58PiILE83WbGrAQDLodfJ2VZcLysDgmrsjT6eqiPNaw7Gc4qIHLzgXayCn3CSE/PGBIBqpZP/tI8PGA7ON0gC9jsxwCCWenS4iWVDKZVRp7fMCWv0gnzBtlpLQ/1dwDOx0Wk2LIQrfxHnk8fasggOwKWqt/xV/a208VW3+mLJy1W7Ki1v8QdfBsgeNHp62/vFd6MkSzGlvtoOS7pK/GtH32l/yMBwhk9bmchHSrJ/C/pEJmgD3pXsa+NxHXasMIJ8Yge+ccWLiV1fLdLRgmvsgZtt/smQjOC4W3JolzW1dWZOosARyyUH/QSfMw3U/+25kddjckS9b8kgmI/suEVqFvUCSLqV5I60AEZdYe0kRCxOXAeELtEGpKz1wvE1h9aMg4rPWOwCXnnHVJAcw5SqUizgn64Ud29A2kYsN0r5rEgZ/dYDL0YjxwmjYZZ8JjDLE1dLSFrLydgC0ttlopZrgxVQcofY0WGCVPhsW3Sg8ix/C/7f3dGwIha+mo3zUt5eg4rKwC0zHj/z4LsMr9aGWE9oadjcBKywgC7sS68eeWkxtswVsnDat1geOE+6+2gQYTTmt22705Q3emaiJevezFIpWV+njnG RbLB77Wk nw3VLqESHMj63apB+3lWBwdogMF7rRlcp1bTQrXKB0uu1obfdkYjxOB3GOwOJCZa6Gb7q/NXA3UtL6lCaZknPCMY803tg9WI6NNiW7/wzyjNL6FFA/N1oX9lwHnS46wV614ZK7a21GAcb/uKrXo0wvjJtDcrVPLLSs9XvSpd6C0s30mpiKnMnMC4Vzdr8JlITbHQkBuKV8IWtwjrx1fvB3LUakX0QWsJd1HAYBSSdNcVzvCmP44dTxLk1kPPatSbLjGcxQrt8zX5xbDplGl24aL1y/UpUFhR X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Nov 05, 2024, Andrew Morton wrote: > (cc kvm list) > > On Tue, 05 Nov 2024 02:33:25 -0800 syzbot wrote: > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 59b723cd2adb Linux 6.12-rc6 > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=17996587980000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=11254d3590b16717 > > dashboard link: https://syzkaller.appspot.com/bug?extid=e985d3026c4fd041578e > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > userspace arch: i386 > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/202d791be971/disk-59b723cd.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/9bfa02908d87/vmlinux-59b723cd.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/93c8c8740b4d/bzImage-59b723cd.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+e985d3026c4fd041578e@syzkaller.appspotmail.com > > > > BUG: Bad page state in process syz.5.504 pfn:61f45 > > page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 > > flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) > > raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 > > raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 > > page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set > > page_owner tracks the page as allocated > > page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 > > set_page_owner include/linux/page_owner.h:32 [inline] > > post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 > > prep_new_page mm/page_alloc.c:1545 [inline] > > get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 > > __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 > > alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 > > kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 > > kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] > > kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] > > kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 > > __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] > > __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 > > do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] > > __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 > > do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 > > entry_SYSENTER_compat_after_hwframe+0x84/0x8e ... > > If the report is a duplicate of another one, reply with: > > #syz dup: exact-subject-of-another-report There's already a proposed fix (and long discussion) for this issue[*], but AFAIK there's no upstream visible report to dup this against. Ah, yep, looks like Roman was working off a Google-internal report. I'll point him at this one. [*] https://lore.kernel.org/all/20241021164837.2681358-1-roman.gushchin@linux.dev