From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7491FE77188 for ; Fri, 3 Jan 2025 19:08:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E0A276B0089; Fri, 3 Jan 2025 14:08:34 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DE22D6B008C; Fri, 3 Jan 2025 14:08:34 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C0CB26B0092; Fri, 3 Jan 2025 14:08:34 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 9CEC96B0089 for ; Fri, 3 Jan 2025 14:08:34 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 58DD9140979 for ; Fri, 3 Jan 2025 19:08:34 +0000 (UTC) X-FDA: 82967076948.06.9DFB782 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by imf19.hostedemail.com (Postfix) with ESMTP id 09FA61A0006 for ; Fri, 3 Jan 2025 19:08:30 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=BoksJqir; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=ttCmaIiq; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf19.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1735931311; a=rsa-sha256; cv=pass; b=0Bdmj6G++Ow+Xwwfim4CXNjkAWUQOOYZFSC9rqIpizS31/aWsMLKjYqpaIUsT4ZK747k5O HSR19eTGuGxfNsd456goqq+m/00k7vZuj6PfjKK5MphxuXH3eHC5uyx6XHtqYUCsUCbYCY rq9+QmvKb1F0J77nFZdRVNW54ESDQy8= ARC-Authentication-Results: i=2; imf19.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2023-11-20 header.b=BoksJqir; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=ttCmaIiq; dmarc=pass (policy=reject) header.from=oracle.com; spf=pass (imf19.hostedemail.com: domain of lorenzo.stoakes@oracle.com designates 205.220.177.32 as permitted sender) smtp.mailfrom=lorenzo.stoakes@oracle.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735931311; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=JeZ/4skGTzl7682yPXf3uZcxnFoXE4wcfpU4WQDRiJM=; b=Vhkzjv05xJiujsIjj3mWaylx/BgX7CesKGFZm2SZvbhhf37BR+357Rn3IoDkS0LrpnAFh7 zrff6w+MAhEO3hmk5SpBp4jqvkRbVBw3xU33cDHkiCO0+sEVLTII+XUaKi4d1lMZ65rlUI CWSmAQM6wrh0B49H9gROglnc+Xk4Cdk= Received: from pps.filterd (m0333520.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 503Id1kB020580; Fri, 3 Jan 2025 19:08:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s= corp-2023-11-20; bh=JeZ/4skGTzl7682yPXf3uZcxnFoXE4wcfpU4WQDRiJM=; b= BoksJqir2JiPeKA5QDDfZMFp5v0+FdSWcJxn4oUZ/n4QRpJ616+7emqpCbdYQP0h Uv+Y/iKuthU1Zn2tWjTbxmmOFGZ7oAZqrSQqojsMM45RPVA7li7Fi40VW3YjtGeF esh7TWKlSmb3XzTodSsyBMa3qP5gxJOSjrIWPTzFb2q4PYA2CkBT75fRosqDE5Fj msTToCS8Sgq9cuo91EjjvBPiMg3RihAxdyoEdb8XwpyDh9U6QWuWJJrOjWCEGhDT O/IzQLo2rjfK0Qo0kOVhFvDLDZy4fdvBbvDH9u86/a8R7M2oReinFbyzpUbOCFm1 q50qfwyQMK/k5OaFHbpavw== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43t9chgn8u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 03 Jan 2025 19:08:28 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 503Iu2oJ008489; Fri, 3 Jan 2025 19:08:27 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2042.outbound.protection.outlook.com [104.47.58.42]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 43t7sa7r5c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 03 Jan 2025 19:08:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=j+AYrqEM0Gyu0vtagMTUSrareMVIUWR1c5KhTlKfV+DpaTUQ9wkGK1q1OH6VyyTzvOK3+WE1Nv0cWCcWlT5A/HIjqwC1LQ3/PMiwOE6IzPPMTRt5zFXF1yD1RElhoXhMhY1VziMFQKWMGQGI49YKE+ULBXZJ8cjQBK6hANKHos77q4OR6lxGj9b2JAhe3T+H1ntMbpipKwCbOv6TaKwhfoPHgo68vnqcLCvuYpynVjrmXHUs8lK6BR7NdYiKlQxljCsjqYy45BupBJhPh6CmevLOC8o9R4tJKfbLROCU8kwcfEeV9pNqWIbVQL07j0efuHKFLdU28gLLss76Foi5Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JeZ/4skGTzl7682yPXf3uZcxnFoXE4wcfpU4WQDRiJM=; b=ReGLDBUxk53ENw9k2rlsRF2zAFjVE3Z21+Ebq7X+DAG9R0FWGbGRv/jLEFjPUt63j+PEHolMDbmXlf55z+ZxR6FTP3wbUXC0BJNVIOHXeWBMNkjN7rRdyTb4uuDqr0jHKI+/9tokgY1OZMT5lt0sH00gE6uXvAeJw0hEH5ikhxqWCsgSPWaRJtPXm1vE7tpNn4WUEo7rY9lgkJJqRi3z2723vQdTqteSCWD1J2fqDBaMXhHlDLA+dJynGfsXqr4JqQhAwDj8kdZLIxoXbtRw+wf4HvRkjnBmrVETJhEaQsdcAK6OV20bgjFPBxSUfbEGc0A38aOvGzHCZsPSLFankw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JeZ/4skGTzl7682yPXf3uZcxnFoXE4wcfpU4WQDRiJM=; b=ttCmaIiq6sfmng0wyENJ9fwp/RkKYMue3wjiRMvQIv3XdanvlmHhg2CJvO9N+3PytsNTAu+Bf32N6VQrgmk2Z+YlmFjkeo0jCT2qZEV50Pi/1jFAg86d4S3VQ5wy0UBOuIVrytb38x7lBCXYxXUCihZMtT2XsmarLTgNjXUUsHU= Received: from BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) by SJ0PR10MB5857.namprd10.prod.outlook.com (2603:10b6:a03:3ed::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.12; Fri, 3 Jan 2025 19:08:21 +0000 Received: from BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9]) by BYAPR10MB3366.namprd10.prod.outlook.com ([fe80::baf2:dff1:d471:1c9%4]) with mapi id 15.20.8314.012; Fri, 3 Jan 2025 19:08:20 +0000 Date: Fri, 3 Jan 2025 19:08:16 +0000 From: Lorenzo Stoakes To: Aleksandr Nogikh Cc: syzbot , Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Subject: Re: [syzbot] [mm?] WARNING in vma_merge_existing_range Message-ID: References: <6774c98f.050a0220.25abdd.0991.GAE@google.com> <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-ClientProxiedBy: LO4P265CA0242.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:350::16) To BYAPR10MB3366.namprd10.prod.outlook.com (2603:10b6:a03:14f::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BYAPR10MB3366:EE_|SJ0PR10MB5857:EE_ X-MS-Office365-Filtering-Correlation-Id: 1e379425-2e4d-45b5-db68-08dd2c29fc9c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024; X-Microsoft-Antispam-Message-Info: =?utf-8?B?eUZhZXQ1Zk9VMW1FYzdUaTBrSm1wc0FNNVhNQkZzaXB1dHJYVStVcEVsTkkr?= =?utf-8?B?cWUraVJZOVlHTzBlNkVRWkxDR0FzTERGVXBEQ2NHQjg2Q2JCczhQNkRubkJl?= =?utf-8?B?WmE4ait3YjAvd3NxeTQzWTF0T1dmWlp6ZU9EaCtNNkc5clBKQU5KcWVocEN3?= =?utf-8?B?eEpqVk9hYlZwNFBBckxRM0tkSE01T2RpbjY5bDI4OU1GdkxOMk4zRzk2MHV4?= =?utf-8?B?a1U1cHhmaFlQbWo2bThoWDNLZ0FKTHhLRjlnQ0Iwcnk2bFRoQXVDTjZpaGFX?= =?utf-8?B?dTE4UFl6eFZCSy83QkxwWjk3QjlaNHM1TjRIRjZoWHZGeWFDU2lvbENSbkYz?= =?utf-8?B?c3IxQkltN0docmpHUXFaUGZ1aGdla2lsUk83dmhJaVRnTVRXVUF2WUhRbytO?= =?utf-8?B?ZFEvWjNBdGtYMTlGN2poaTVOeVUyOTJaL1BWRWY4bWlYckhOdjFlRW4xSEdx?= =?utf-8?B?UjVkeGxlSktuTzkwd2NCZlhQeFhwalVpZXp5K3M4cWRiNWNpRHVzODN3Rkwr?= =?utf-8?B?QVhZK2k2YTQxdkE4YXI2ekt1NzZlYUFvREEvS2g4OER0TUdXRVZPSWtWOUE0?= =?utf-8?B?MDNGZkg5NU5BMEtWSXFpa1FGdUVJZ2tqYkFTZ0ViV0kzVjdsem1EK2Ztcmsv?= =?utf-8?B?dkRtbzQ3eTVtbld1Y3FuMnhya0lsMGtmUFpZdW1KVEpBa0o0ZkFUYVQzR05j?= =?utf-8?B?a1pBc0RxRjJnYkFKczEzSGUxWXkrSTFWM0tMck0vS2UreDlKVkVtRHNVM21D?= =?utf-8?B?R3RYOTRmU3BScEdtWWQybXNNRTdHYjlrMTUvMDlPWWdyeGtzUDlKak5ZaWQr?= =?utf-8?B?c3NkOGpqSzVHL2tYeEUxUlUyQmhmdDV2SEE4SE15WnpZb1VYVzdyazRmZkp4?= =?utf-8?B?ejhmOUhFdlJHWEtTc1ViZWdvSlRDV3pGdnVWZ1hrVkF1ZUE0a0NZRkp0dlcz?= =?utf-8?B?ZnVJcGh4c2w0eVhCVXdBcTZEYysvM3ZPMjZsU3pOa1VFaGxKVmZCTFpwQmpt?= =?utf-8?B?WHR5NUNJcW1DWUdqRlVycEdkdE9aMkxOMFViRHVCd3ZVUUZ4Wmcyc014With?= =?utf-8?B?WWdNZ1FvWERWcm1VVlQxUXI4akQ5NDlKN0VubCtkaE8yaElXMnU3QXNGN3BI?= =?utf-8?B?YWt2MmtoV24vTzg4NVNoa1NlYXhxcHdTMDV1c3lxcDNqbEZXWnhFTjgrOE9T?= =?utf-8?B?U3Y0WUljOGU2MFdsZG9hVmF3VGI0Qjhrc0xZU2dveGVQT2JIR3FyaitGSzZ0?= =?utf-8?B?TVNzNmZoZXRNU0tpdHp4OHFoeDlEblk4R1pQMHB1TVkwY0ZDSlJPc0orb1ZU?= =?utf-8?B?cGdNVitCVUlia3Zvd1k2T1dUZFA2YXE5c05CdmUvdkYydVRwdTRnYnFqNi84?= =?utf-8?B?SE1rbFFRNEVZY2x6UzNyS0owMEJNeU1MZENsa1JUajQxeEZMbTRGbFV3cGpz?= =?utf-8?B?TTdSeWFUTjE1b243dHVCT1pBRmxxT2dUZDJZNUZKM2NCWGJGaUdUZ1pIdnF5?= =?utf-8?B?dWtLMXlTSnhiK29UclF5VWJMOWpvcjc4a3hEOXBpSkJ5VGlQd3pXV0FGcTBR?= =?utf-8?B?a0hnVXVyMFZXWUN4M0F6RlZsZHhzWkh4NDZlYXFiM3hXcDY0RnpkR2dTZGh1?= =?utf-8?B?bWMvY1BxTFk0MEJ2MGZzeHY4V1FsVDV6K1hqUmYwUnZFN29GaThKdDZYMlZk?= =?utf-8?B?TExkTy9kOFF5M1R1QTgzQitxNDhkWEJ6SldnaisyL0pPdTZKT1J6UUZzRm1H?= =?utf-8?B?ckdFdGlPVUVOME9mSUVPb21YQi9NTHFqbmFSNkRjWlBEZEF5UWJOTm1zS00r?= =?utf-8?B?dFY3ZXN0Tis3aU1YQjdNUT09?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR10MB3366.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RTlzbjVnSDZFK2xMR1pjZzRYQXNnaXVNN0JEazQ3ZFVRbkY2QmQ2eHorRSs5?= =?utf-8?B?aDJtN1FJZ2VQdnU5NW1GQUZJYW1wcjZjVEZDM0lhbkJUb0ZBV1YyazZMelN5?= =?utf-8?B?SmZMYlIzdjNlWXdDTUhLTFFkbDh3SFNORm1rM0hTUGpsaTVpOFNJRWtET3Zr?= =?utf-8?B?MXp6UElqakNCRFZDS25ickx6S1FFcnQ5aE56WGFjaVdPSEtBZ2dtWDZHWDJr?= =?utf-8?B?QlB0MlZoYVJ4ZUFWM2YvZXNQY3pKeTlPME5QYW91T3FycS9RNVl5V2xFaHFo?= =?utf-8?B?SUR5amFaRlo5eVRFYlZiaG5RZEM4NjdBd2dHN2U1VmVqeWRLZndIWjZtVXhB?= =?utf-8?B?ZjBlbGVKMGo0U2duWFZHK20wV282VytDSHZMb3Vlak5yeTI0all5ck1qOFpa?= =?utf-8?B?SFcvcHVXbk9LQkJncHdmWnVvRVIvc29RdmhVTmhCYzZpZTE0Z0FocStmOHVG?= =?utf-8?B?dE1YWkRKNmc4cHBSMXgxSk5KcUdDb05JYmoxcDVEMTBuNXkrTFZWeHZuaEIv?= =?utf-8?B?VnFEY2gxazFKRFVyVisrclBYUEhsSnQxWG1Id3V6czUyQ01aNzVPY2hzbzBU?= =?utf-8?B?dXhlNUFyNTB6U2lzQ0x5UjdIMUgxYlBRcjhKcGIza05BcFczV1RsZGRlck84?= =?utf-8?B?dkthRFRPUFR0Sm0vd2lLa3B0cTViNnpjREF3NVh6REVqT3dRZnhkR1EzNlZL?= =?utf-8?B?bkhjSHZFOUNsTFR2TkNqVmk2bW9uUTRvV0h1ZUZGdGhNR2puQldiOGV2ZldY?= =?utf-8?B?cHlLOFkzdFNGWEpnV3dSSWhLMkNiYWF0MCt2SG5CSGwvdEpINlgrZ2V0QWRH?= =?utf-8?B?MGhNQ2Z4bWlYR2NGS3pjV0VjNS9wVUVaZ08yeWI0TXpHNURlSGZ0M2VPRWJr?= =?utf-8?B?K3VzRVhDRUtvQThWOXVJdEpKSi9lVEQxdEVPdlh4dzJ0aUpQQk9obkErUHc5?= =?utf-8?B?RnpWR0JKZ25ZUlFHWWRqMjF3NEdCOFVUTS93eVloa0Ewd0pzeGpSRTN0cTk4?= =?utf-8?B?R0ViMUIrMlVXSHkyWWdnSnhBZTBpd282ak95Q0o0Z0RRSWhveksxU2tjV2FZ?= =?utf-8?B?N2xaeHl3ZU9ZRkxNRGY0dVBwbTNlYlpyM1hEdnZkcHBtSmY5UGVFdlZ3eGIv?= =?utf-8?B?SkE1MHp5OVV5NWpCQTlXNkFsWjA5KzBaM0NsUUdseDRlaTJhQlJ1Nk8yajIw?= =?utf-8?B?REpTVHE2WXFLMTR0MEU2c2h4czdvRFVkZEhPTXpuWGdOWHZIN1U5dW4zTEh1?= =?utf-8?B?NlJqTGg2YjUwTjBYL0lwenU4cnZnYjhVNXFlK245S0ZNcWNMQ0Nna0xVUU5v?= =?utf-8?B?ZDVjZDIxaHFYZ3duczRRdlQxMmgrWEEzdXNIdnRmUUtPV09uSURGSHpZdUxo?= =?utf-8?B?dVY5MUUwS1h2SWU0aGtCVEJkbm1yYWhYZS8rcURQVTc1YTczaUdQcktWZDhV?= =?utf-8?B?NElCZDJlZEQ0ZWs1WVZpYkFUcWowZzJxSDYyQnRkNFlEVnduQ3BRS3Mwai9p?= =?utf-8?B?SWJ6V1RYOUZHNjFDYThHMGZxMVNoRTNHZHRTYWNrejJQNi9HdktyQmlyRnVF?= =?utf-8?B?K24rWE1VR1grOUtnOFBwOTJydjg0cnBlSkVaSjVOMU8vM1d3Vnd2QWxiOTkw?= =?utf-8?B?UzZzczcxa05GRTZraXBqN2g1Vm5FQkxhNFNuK3ppRTEzcHhzczMrQmdOMGY2?= =?utf-8?B?dU1lT21iSlFKbTUrRC91VlBDZWhrMFB4L3Q1SEFtSFdXdzNSVDhTSlA1ZEI5?= =?utf-8?B?TUwzcUt5UUh3OTF1dVJneWhDa0k4S0hlNUFQL1FEUVc2SlBLb01xaHZUTmE4?= =?utf-8?B?UE0zUE1INFgrYmZSYkRKeWpBN2liVW5HV1N1WkllWFM2SmQzSTBkSHBseWJW?= =?utf-8?B?NWV2V0pwdlpWWS9rSUl0bXhIWnEvVWt3bm5xWXZqb3d5NS9Pc3N1Tk5kc3pT?= =?utf-8?B?MEVGS29nMHg2Z2hjY01pQmN6ZVlYOEtZS1p3cGVKU1YzNXU5NDhva2UvOFFl?= =?utf-8?B?SGo2Q1YyWE5CYWsvQXJzbHRGemhCN3hwRE5LL0oyaFdZVjIvYWluSFJxc3hk?= =?utf-8?B?Wm9JQTJaajhmQnJVWFZLbHRXOVZiNmVhWmY5aWFFYXZoTVloRlJGelRFdVRr?= =?utf-8?B?dnpCemorUlRvSWkxR1RwYTVuaHo1RXE1R1BXdGdEdkQvWE05a2VHYXQzUWhI?= =?utf-8?B?Smc9PQ==?= X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: lsWombjMbTWfJBv0JxuZAbq2yyC3pWaI8oGSn4+NjWTd3EkSBjJhNVC/tjLxNQZkq99gcayvUHP6HWn+Jul8cu9PgSG/5cMYDR/hZvRLVs0lgnmwmb6IH8pdZ3X6lwx/rO0405AQ9iFPBtBOFukOQZ2rHqVtJZMMsBDukDzSlh3Knt7+jqEJM9MhV7MuxEvMLHtZ9bL8d58tp51K5MGAGz2mcVcT3+kHyO6K44AhDTOXs8TCS3BZC5+vk853JdiIpWoDheDwqUxFzYfJIMjdRvYi2nM1/nbzBreS1HhwdckTgWni7CLm7pdRb+VaYd14nM8sIbD8FLRWPnhElsXbzGKSjlv7iWxBd7VW4z/H7nD+xMp+h+aUvAUGKRNsQ95B1BWpUa+PiM77rNvljAyoytY4g07Bswpm4drNvZxHGLceGxfaWPA5W/U17nv7KYg2FWSE7KRXPFhbdN2W03lEnZXwIJm3I/3Q73N1idIl2G87MjEQf3avmTtLnhNQMlTknmnEPTmv7VqYBzoNjhNZew4unBVFfjs2zPfPs0AHPc/cxm5ji4i3Pljcf0xzKr2rJMnLKJHyuwEPwAywJKa/rnaQlenA+fW1z4w/TwK8xIA= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1e379425-2e4d-45b5-db68-08dd2c29fc9c X-MS-Exchange-CrossTenant-AuthSource: BYAPR10MB3366.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jan 2025 19:08:20.3743 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rv0/Mq9bxTzmfK3qYWKVsGHrmBz44wJ3DiSGTdrIRNI8L6AnNlN1NjL4KEq154O8bJbUQgOCtamQTYI5AviI2LUnYF6wyYXM24K5o3Z66v8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR10MB5857 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-02_03,2025-01-02_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 adultscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 spamscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2501030169 X-Proofpoint-GUID: CcHzt9zjsZTpmg8-NAz-KeA_c9-owYd8 X-Proofpoint-ORIG-GUID: CcHzt9zjsZTpmg8-NAz-KeA_c9-owYd8 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 09FA61A0006 X-Stat-Signature: ofntwicctnyos1j944upu7drjttd5dj6 X-Rspam-User: X-HE-Tag: 1735931310-479731 X-HE-Meta: U2FsdGVkX1/6wYgYYI2dq7QzpQEAbJizlYUC+1ZTP7gyVqaZbqPOaBAPB78i/hSZNGFlSvRg8ZeDywahWnpckD8SCh5sLgl3x08bsR2PuuITbdUrM4HTxYZJYutKdPFyLIrTzeAXNNkriHUaGWmDtZzTb+vU2Q03KwWFmbZwFgQ2WLGaLJjsDFeYBCVJ5kispbNwhmTxJowBdQ4PlHeEe2V+s0L/bSJ0PxjpR3PxetSbhuuIH1uiyYyYTpDm383O6IwB414W5FfNqzxS86rWurKsFw+LNL3rNpmmWMe8TtmIOED4WjmOohhXtcsZwURPzAyeH19AvmSQVC4fSIlJH/qLnPFugUVe25FG0PUK++oFeNr3cxFq9w9wdwZx+gYqN/H/hp+c7sLBoTjxXN2q1ojkHXSKBXDKq5cjcj7PuoAH2DYR3Qet9e2UBvi5kNNfVQVdUkkrcjz96rGtgQUKChhgaMk0lbLFLv99s0nHbnNe1Nv0LIQ4uiJta2jVFZ0wGC1kHk0I+Of2HJwzWk2Z1Xv4E+tWtQsOf8OKdoRkpt7Rvl0Saw0I/lRuRhFsZEdPKVmKYOemgFSiGm7O/j41rQvSHnvewqGln7LjsRai+T6QGwYYrIDtt1UhUG59hBVSdBKUZCVlpehIN2y8yYyso28UKRM5G/FptJmNgtQRQBlyVlW3wPMNU88Bk0v6XPvlugh4lqWuhHaHwUI1+2smHmE3bu5eMSxOxg65tjSj2EwDqf9DRbu1B1AZKepXEc3FWrHm47xIFNWnzY7Qh7rpWVfb5zpN2fvoxMSykqpFCYdf12df2js+9QY/xA7nlotRhIRCflNj2l79YzEkvKKQWI7xqIjBq+LDv+LCGQZNVIx4SH+XbRM2LMKC2418i26DmvLfiCX5l4tcr+tPNQ/3Z6FMT4E4rwe2wDOpXq6Ky6Rlg3TsWxef/NToa6cdyRNscdvKE4TvJ6fzZfumSr7 BRs2dlzE imLVjaW8ROOycARRjfcYOUoEHgne4MGB1XxuTGc72pAZqU7PdGXIShkHWDzPXWkE7uLI162bPfYYWjGWRk6uzLu4rszY2AYvHYhSQKTtZ7+lzLhm3P6+vtJgNskc7asm72o14q6pjXZvzSqbJzpWwj3ZDm9Twu0NuWj3zb9rZWW/HjBQrw0w9dKyMEMapchlRFN/KQnsrxKQLxrQhfl6/id+ZEYfcPoTVp3Vh0+JLwojWXtgHmzmO8jYHZrSlusZwfYP7WwxhD0s7qHgTdWq1GtzplwGYb7VLJkhivZyEejzMB72oX1/arhoc37Lzvf4tvI+QtbPflD444W1DdzbRNzjsnljlrWn/0wWbDyi55O2cO+24hJLFIgVc3TYIlE4OrSJlWDU9EwJZGUrGGaMVsggzBptOXHA7QXG60pbGWKzoaiBMixDYMejcYNHeMYE3OCy9kDZMxcJROgOqC/8J+92K3wcd11HH3Sf4y+xBHVT8rg4vyJZQJhAdRUcXmaxQOLZttFI8v7Y/UceG+YeTgvIKHTB3mLA/DuCc/ftsRkjqEJPN/esGfcGQOpwT0xpA7dOS0gQQiBw7ZWjsT1YbkCwJAA/azBcfsafAH6od4GkmvsnwC5XNJrECENzdtgrEhRD9CwQTJLWMh4l9fhjIc0Yqj6l4gdO2FcmiKvq5zUBvzC8IIPcyHyqKV1+X+1rtvIDTQL7NJZFyVRZ1IGPjcrQpSO6y2jxtFZBY6yzeFGhryUwC4vn/alzLEpTYKjAsturo6WZEx5hQDKVV2BV5uVKm/tLug3zSMiMuPqgl4Yo2gwTVzxRmm+YiNtA7/C7LTZlfTk+ZmqPALRgD5/LpMJbAvoCJENlFm5ClagRNrgGXdxr8jCA6yJhEjVIaPYN92lCtKNBfU5igus9mCLK9cx3qXkP0fCsvCaCFbz2wcbO0B2t0licw2rYt3pODh63/sQNEQd4JguNCQebsc+DrXp7DU1Cx CiGwkzzK 1WafVALOiKaKAEohTIk0TtVDFFCXy620ZpOp2d2lq57h/lUXmFBTS0nQV+aiCTR62QQY0J6FDe0F5S0EC7G3MXx1izuFWnrxPXdntEJFMwI1ugrmckdllcihJM6eJ795sla5EYOMT6xBKLVOn3YsO/gyyerPPnbF5v/7f6wMHXjyABGPECvTXFX5WoBLCsr1rzuHX6mS8WUIvFV2TxTdSBKQUV6MnuhV4rNCnproTWQMvTbNnKxlf89WKlBbaFvvejMWauNI9QdoeFVcWEugHCwTnVD8uxj0T2lapzDswOv3N0lwLRfMxBMLl1y5dQ6oBhYPnvW4fal7VXCOWJQEouh7vs/5lyEL7usSTPIJRoquZTb55RGz3QT7Hf/lRK7My17iLr3zvvumscQAE1N2tl5qS2HL8I0aXKZkRl0zVb7H30aEaCip2+I7QIxlYeluWgLsXcwJ/j4= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 02, 2025 at 06:19:06PM +0100, Aleksandr Nogikh wrote: > On Thu, Jan 2, 2025 at 11:26 AM 'Lorenzo Stoakes' via syzkaller-bugs > wrote: > > > > Happy new year! > > Happy New Year! :) Thanks :) I am submitting a series to add additional information to the debug output here by the way, so if this non-repro case recurs we have more to go on. > > > > > On Tue, Dec 31, 2024 at 08:50:23PM -0800, syzbot wrote: > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: 8379578b11d5 Merge tag 'for-v6.13-rc' of git://git.kernel... > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=16113018580000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=d269ef41b9262400 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=46423ed8fa1f1148c6e4 > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > > userspace arch: i386 > > > > Hmmmm 32-bit? But kernel reports give 64-bit registers? So I guess 32-bit > > userland, 64-bit kernel? > > Yes, that's a 32-bit userspace binary running on a 64-bit kernel. > > > > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > Hmm. Racey thing? > > > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/86d2e3352aff/disk-8379578b.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/345570cd3573/vmlinux-8379578b.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/01da37a51505/bzImage-8379578b.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+46423ed8fa1f1148c6e4@syzkaller.appspotmail.com > > > > > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > > > ------------[ cut here ]------------ > > > WARNING: CPU: 1 PID: 20504 at mm/vma.c:734 vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > > > > It'd be nice if syzbot could actually print the code that generates the > > warning :) a nice-to-have perhaps. > > Thanks for the suggestion! > I've filed https://github.com/google/syzkaller/issues/5654 Great thanks! > > > > > This is: > > > > VM_WARN_ON(start >= end); > > > > I suspect start == end, because start > end would be some drastic and > > god-awful bug. > > > > > Modules linked in: > > > CPU: 1 UID: 0 PID: 20504 Comm: syz.6.5485 Not tainted 6.13.0-rc4-syzkaller-00069-g8379578b11d5 #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > > > RIP: 0010:vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > > > Code: e8 20 24 0f 00 4d 2b 7d 00 4d 89 ec 48 8b 7c 24 38 e9 7f 01 00 00 e8 3a bc a8 ff 90 0f 0b 90 e9 a8 f1 ff ff e8 2c bc a8 ff 90 <0f> 0b 90 e9 0e f2 ff ff e8 1e bc a8 ff 90 0f 0b 90 4d 85 ed 0f 85 > > > > Be useful to get the kernel disassembly too :) > > > > Best guess wranging a python script and objdump: > > > > 0: e8 20 24 0f 00 call 0xf2425 > > 5: 4d 2b 7d 00 sub 0x0(%r13),%r15 > > 9: 4d 89 ec mov %r13,%r12 > > c: 48 8b 7c 24 38 mov 0x38(%rsp),%rdi > > 11: e9 7f 01 00 00 jmp 0x195 > > 16: e8 3a bc a8 ff call 0xffffffffffa8bc55 > > 1b: 90 nop > > 1c: 0f 0b ud2 > > 1e: 90 nop > > 1f: e9 a8 f1 ff ff jmp 0xfffffffffffff1cc > > 24: e8 2c bc a8 ff call 0xffffffffffa8bc55 > > 29: 90 nop > > 2a: <0f> 0b ud2 <-- presumably here? This is an undefined instruction... > > 2c: 90 nop > > 2d: e9 0e f2 ff ff jmp 0xfffffffffffff240 > > 32: e8 1e bc a8 ff call 0xffffffffffa8bc55 > > 37: 90 nop > > 38: 0f 0b ud2 > > 3a: 90 nop > > 3b: 4d 85 ed test %r13,%r13 > > 3e: 0f .byte 0xf > > 3f: 85 .byte 0x85 > > > > Yeah this might be a mix of data and code somehow or just garbage? Not sure > > there's anything discernable there unfortunately. > > Syzbot also did some disassembly at the bottom of the report. I wonder > what's the difference between the two "Code" fields and if there's a > way to automatically select the right one for the disassembly. > Yeah looks like the userland side (the 2nd code block below). Would be handy to have kernel bit too. > > > > > RSP: 0018:ffffc9000ba274a0 EFLAGS: 00010293 > > > RAX: ffffffff81f6b804 RBX: 0000000020c25000 RCX: ffff888060ad1e00 > > > RDX: 0000000000000000 RSI: 0000000020c25000 RDI: 0000000020c25000 > > > RBP: ffffc9000ba275f8 R08: ffffffff81f6aa0d R09: 00000000280000fa > > > R10: ffffc9000ba27810 R11: fffff52001744f07 R12: 0000000020c25000 > > > R13: ffff888069b666c8 R14: ffffc9000ba276a0 R15: ffff888068d0b1f0 > > > FS: 0000000000000000(0000) GS:ffff8880b8700000(0063) knlGS:00000000f5116b40 > > > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 > > > CR2: 00007fa9de2c0018 CR3: 000000006b562000 CR4: 00000000003526f0 > > > > > Call Trace: > > > > > > vma_modify+0x41/0x330 mm/vma.c:1514 > > > > Just passes through start, end (in vmg). > > > > > vma_modify_flags_name+0x3a6/0x430 mm/vma.c:1563 > > > > Just passes through start, end. > > > > > madvise_update_vma+0x2fe/0xc10 mm/madvise.c:159 > > > > Just passes through start, end. > > > > This means it was one of MADV_NORMAL, MADV_RANDOM, MADV_DONTFORK, > > MADV_DOFORK, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_DONTDUMP, MADV_DODUMP, > > MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE. > > > > Yeah we need better error handling here, because this report is just giving > > us very little to go on especially for a non-repro. Will add to TODO. > > > > > madvise_vma_behavior mm/madvise.c:1325 [inline] > > > > Just passes through start, end. > > > > > madvise_walk_vmas mm/madvise.c:1497 [inline] > > > > OK here we find VMAs and walk them. > > > > We explicitly check for start >= send if start < vma->vm_start. > > > > I wonder if the visit() call is splitting the VMA which confuses the logic > > here. > > > > s e > > | | > > v v > > |-------------| > > | | > > |-------------| > > > > Split: > > > > s e > > | | > > v v > > |--------|----| > > | | | > > |--------|----| > > > > prev = this VMA. > > > > if (prev && start < prev->vm_end) > > start = prev->vm_end; > > > > So we end up with: > > > > > > s,e > > | > > v > > |--------|----| > > | | | > > |--------|----| > > > > tmp = vma->vm_end; > > if (end < tmp) > > tmp = end; > > > > That tmp assignment will reinstate the broken end > > > > And... boom. > > > > Let me check this out and see if I can trigger it. > > > > I may be missing some safeguard that prevents this... > > > > > > > do_madvise+0x1e64/0x4d10 mm/madvise.c:1684 > > > > Here we explicitly check for start >= end: > > > > end = start + len; > > if (end < start) > > return -EINVAL; > > > > if (end == start) > > return 0; > > > > So overflow is accounted for also. But since this is a 64-bit kernel not > > really a concern. > > > > > __do_sys_madvise mm/madvise.c:1700 [inline] > > > __se_sys_madvise mm/madvise.c:1698 [inline] > > > __ia32_sys_madvise+0xa6/0xc0 mm/madvise.c:1698 > > > do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] > > > __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 > > > do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 > > > entry_SYSENTER_compat_after_hwframe+0x84/0x8e > > > RIP: 0023:0xf7fc2579 > > > Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > > > RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 00000000000000db > > > RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 0000000000400000 > > > RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 > > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > > > ---------------- > > > Code disassembly (best guess), 2 bytes skipped: > > > 0: 10 06 adc %al,(%rsi) > > > 2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi > > > 6: 10 07 adc %al,(%rdi) > > > 8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi > > > c: 10 08 adc %cl,(%rax) > > > e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi > > > 1e: 00 51 52 add %dl,0x52(%rcx) > > > 21: 55 push %rbp > > > 22: 89 e5 mov %esp,%ebp > > > 24: 0f 34 sysenter > > > 26: cd 80 int $0x80 > > > * 28: 5d pop %rbp <-- trapping instruction > > > 29: 5a pop %rdx > > > 2a: 59 pop %rcx > > > 2b: c3 ret > > > 2c: 90 nop > > > 2d: 90 nop > > > 2e: 90 nop > > > 2f: 90 nop > > > 30: 90 nop > > > 31: 90 nop > > > 32: 90 nop > > > 33: 90 nop > > > 34: 90 nop > > > 35: 90 nop > > > 36: 90 nop > > > 37: 90 nop > > > 38: 90 nop > > > 39: 90 nop > > > 3a: 90 nop > > > 3b: 90 nop > > > 3c: 90 nop > > > 3d: 90 nop > > > > > > > > > --- > > > This report is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this issue. See: > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > > > If the report is already addressed, let syzbot know by replying with: > > > #syz fix: exact-commit-title > > > > > > If you want to overwrite report's subsystems, reply with: > > > #syz set subsystems: new-subsystem > > > (See the list of subsystem names on the web dashboard) > > > > > > If the report is a duplicate of another one, reply with: > > > #syz dup: exact-subject-of-another-report > > > > > > If you want to undo deduplication, reply with: > > > #syz undup > >