From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C99DBC3DA42 for ; Wed, 10 Jul 2024 21:05:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3C5D36B00A5; Wed, 10 Jul 2024 17:05:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 374D96B00A6; Wed, 10 Jul 2024 17:05:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F0DA6B00A7; Wed, 10 Jul 2024 17:05:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id EC93A6B00A5 for ; Wed, 10 Jul 2024 17:05:04 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 5F3BD120295 for ; Wed, 10 Jul 2024 21:05:04 +0000 (UTC) X-FDA: 82325072928.10.064BDDA Received: from mail-oo1-f43.google.com (mail-oo1-f43.google.com [209.85.161.43]) by imf05.hostedemail.com (Postfix) with ESMTP id 7C4B1100013 for ; Wed, 10 Jul 2024 21:05:01 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=aO87dQQ0; spf=pass (imf05.hostedemail.com: domain of hughd@google.com designates 209.85.161.43 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720645469; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cVmkM5pkmjEc9AXEIMTtLe8LcvIhr2TG4wt8+Ccj5v8=; b=OMVkNThvrmqpZtFvZJuk/e8iX1DArMjMTcH5zDGf29aqX+Yeonb2efep+o4kvlG5L+/eu6 hAkG9kP+oQH32G/hei1Wgc3P+ONjBRY/EgmNI5o7/KaDBfP/xeg5VhfE7Ckcygwr+i9Qfx cpjmlND3HTLT1PGaYfZkAAmnHeYYc8M= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720645469; a=rsa-sha256; cv=none; b=sABcsXPn2sYGbWapQAUsLeNiddPihB/C0J7fU0KYCh7wq35/Gu+G5CcCD1JjvXUXsq4kXj tuBZPtI8raJ+3pPoW0EUv9+m1eF6JtbhCdwg7T5H2ct1S9ArZuI7K5Jo+CfyrqEJmRnota ix7BKd9FnSLHfVeUqv3+sFfT5dQN83g= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=aO87dQQ0; spf=pass (imf05.hostedemail.com: domain of hughd@google.com designates 209.85.161.43 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-oo1-f43.google.com with SMTP id 006d021491bc7-5c2011716a3so97714eaf.1 for ; Wed, 10 Jul 2024 14:05:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1720645500; x=1721250300; darn=kvack.org; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=cVmkM5pkmjEc9AXEIMTtLe8LcvIhr2TG4wt8+Ccj5v8=; b=aO87dQQ0G05F881KgGspKNnlIYgf/neJPZv+QTgQ8UcB1LZedSaa551KXneYTS8/eF +ssG6CY8d4/1Krvp2D1zFsiY5E1Ed307LgDmau4dGx5QwVqXFgJrDMNQ//7sq3Fn4Pca QdvIBHSqcQInLVwIMir1gV1/H1ydOncqgA2HjvlLez7TvDu/esACZTCdSH4psK7eHBH5 tbLhegol9OBobfOD3q3zkxQBmcN0onyIBRXkAf80f3GuKegdb85T5o32M+S6m06b3SM/ fvq08SATJad+IF+RZH86OmBzsz9zEpxP7r5rioGNm/XQevyugZjSQIq9wRqxC4oXJgY3 BPfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720645500; x=1721250300; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cVmkM5pkmjEc9AXEIMTtLe8LcvIhr2TG4wt8+Ccj5v8=; b=Trb4RyTEHVg/WivHw9xkqypOvY4AWdhzxB7inZWv5cIcRH5EBAG8t6FnPChlIqKJ0k UjTR1Liz7qShZfiyYtChXW4qaa4KTVgiA1wCj/DsdBuhF/h3JDalP7V6S7dFMSAB5qib X2rXPltdpIQokvCmP85lMcuQ0eRnGQPje+Z5gmnDRmhyq9ZNXR2jtbw3c/5lrj5RJP3J qBD8Jnwe2RvvJ2rIjmP14udSi0Mp1benHvSB5mtilWiMc+ekVF41zCaWmPaKl3uoJI88 o5lK8LPS+3y1dT3LWbIl2crq12qJy/LqxPUOXSUcaVDtEIYDdsPbXI2qYaRzG3zmsMDK QYVQ== X-Forwarded-Encrypted: i=1; AJvYcCXEYvEsz+IrLNmCXlQzY9ZljMC3VlwQbNZLYYihr7z8BeVEuG5nJrg1Msf7ClI/1pJQSApKZQiTWrtdMoZcORc2rE4= X-Gm-Message-State: AOJu0YxLtDZNLju1evVtMcQWjOCiem8RrDAPiVfC32e9ad//VALr88Eq jpJ73akKmLvO7FV3oT8Oqd/yVNR0mXUqXzfA4lGKuonKTBS17b9fzzXQ1FMn3g== X-Google-Smtp-Source: AGHT+IFUZ5kQeBLmF75YbeZxVoaVrli5RZC6+DHIVE7ZVFUU01lkYMr4LdOs/bX9zS2V50KlbvQ1sw== X-Received: by 2002:a4a:44c3:0:b0:5c2:27ea:85b2 with SMTP id 006d021491bc7-5c68e498bb5mr6005786eaf.8.1720645500172; Wed, 10 Jul 2024 14:05:00 -0700 (PDT) Received: from darker.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id 006d021491bc7-5c7afecfb7bsm375353eaf.31.2024.07.10.14.04.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Jul 2024 14:04:59 -0700 (PDT) Date: Wed, 10 Jul 2024 14:04:46 -0700 (PDT) From: Hugh Dickins To: syzbot cc: Miaohe Lin , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] BUG: corrupted list in __folio_undo_large_rmappable In-Reply-To: <0000000000002b7de9061cea92b7@google.com> Message-ID: References: <0000000000002b7de9061cea92b7@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 7C4B1100013 X-Stat-Signature: mc481czhaj7gih674fy1gzn6idm9tmm3 X-HE-Tag: 1720645501-109752 X-HE-Meta: U2FsdGVkX1/wAmXlEC92iqJ7BzCDYpOnLv4zEtnCmuxm6SHAvyBO8ZI78M+E3+0PvdccygnW0JbQnKdxz3IeFzb7H1vklU4CKEcC2vbUj8Csvk1TqanDgAQIK3decY/h01zoPNp7+ZfyC9i3UYCWgoaAdFbh9Vj+J//K56BRYHDKK6sl9FzSK1RPMvCokxFySo7O14H1nI791My0USdGTzvEF2LIlzVd9vr95Wqd3uNLDn5jjEACd+ofHhV7X7EQ7/TeQyI/wKNJzgbHQoSJzqBO+5tA1X99xf9kDWjpD/h1RoaFJ7zJfvAo2MZ+SacQTa6jHntip9VeUj4l5Bzu8QdKhysHoViqqb64SG1v2yv6E7Fk0NxXMUN0eIB491Hj/CLsj3rAhkQlEEuYXeywLoIwlDSa11HfcGRUkbkq0DbYwdmgW1L+L68znJClq/ZwsqQUUmO8Sfx00K4DSkAG9eo91Y2RtmWqe4qL+0MSs1rhLKI8n/gkVxGiymH3/T7g1xbl4h4oaQFXdmLB8lix5teMefHCOKoU8Nsz/oP5WD9NZvlj4IsqrK0bxfmrqsbunINskKKvLbCH2i5OyG70qPirdFU6MXI3IHVf10YI+0I914s3CKdgFOsrrNjnD8TPcZL0LHRHKneV/sFRDZlBwJyojZ6/Wu1h/0nVgTpsclUDv//rAbnSJd/XOpGIMY7zAvBC6eGHxSU/KZrpJ4gBOxJIlc1e1kdxZWX+/vnrJ0fkA7/ax8PUEPKYSR0/UkpIKgo6UruacDDSzIq2sdQ6Ob96OA49lcKFRGrlqP0/GtTaDS0qHw1E55AvLT0RJfCL59SqWiHkxMmEhOrMjIrs0jTTZ3qIQE5zEgPq683fjp9hbjZXHoqoFxKKgaXKmajTFZnwCo8EpUW8YnqG/JwxpsQP+8vm06U3sj/m0LqhP6NGfYoqJT6TiPDqVL+4qqZOS7VM4L1aAlnCK26nJCM IuhOq3Fl 3hl9NPbTmFpJqHEezXrHeZbrXhVDEJ6timsD4HXtEvuM4dNSPnHADrk3cBKTiPAmvMbUVtrVp9vHlnK6HIv5NbCkBw/Hw4KLRokVUz9HDMGHVb183bkzhFudJvbaiKLp/oagu+HDi0XrxNfsypVDJTrbXRkaxiWV2s6DDdkE0qIMnEjs76o9SNaS9gqUL+oik9nW5FG0ebrb5h6orE9z1sA0iKWEKu3Jn4gGIfbdv97TOBB03+ksfjgkfnMX9iKuxTL0FjXOfAUbDFxta+xmzHQU/93T3owEjxJbraFEwDdVTNUo007Y71usO45GjI2cVymYUEX6cp3wa9MoGliU7X8HZeJxTxoczg/v54PHorIWHCUrLn7ZvTOFhvd9Isv8bLgTyoJyrQIyYD9CNkKIXFDn3KbBMXh+uCAXjImNht/HzwJehm9vtAkoteUnqkvqUm4Jz22O27AQj4tCikvpYlWtxw0eT/nSGH6Byv8fGmvF7y4OaG4PffyfOIyAoEog/EOWn6VsqTk8pLZFQZWb2EWv+jTZcOPxH0ys/LrrpKeMMNq3LaCXSBYtt4ZE7HEjANZ6rJdfJk4ToEtXjdcUUkFDQ3umlNO+xJejduvDuBcgAMxhpQxrEKWhRN7NC5TZeNJ6nnz7nXxE+KTGOtW4BVzSmJIXipIYPplW8tL5Uxt+s7/955GZloqUe1Hw5sQioMwL/meXVnJvpjuZEmivur3lDC31v3X5ywijgK0QKJ8RXCl08DCwcp7Jvf8DhbPsOQ5nXcgv30XooLX1A5ZHWOj9mqKk5Ay6MHQ8RO0NgAVMEv/1U9RMkKGKfjj/tGCNIN2O/+FhGQMMykAXsJ+x2AEH8hIKCxruhcw5IV2zjNWZMSxZTh9ocQHQDyYMkDEE64qTf0DiQSRSHBIPWhs0GJ6135pUhmd2OHNOnPi3iMW74INNTRJJ6kjojb52bWzmH7tc6qFyg7TIcfAlRIOGqSuhlDRSf yeeYGkNI NAeO+wfyk0pT9fxF8KLVja5hs1Hs45VZaNDVHvWrLHd8j8hCM/SluszCh59xIgJqfTWJ+jL+v/ttL3N4xGnAIPRJogW0Gmjq8aeMr13k5MZ3AbKM6kfDzNTkcFnNT8hfOCMZG8wA7MdsFjNRuSCCK3Y5i0Ir/NE1m1e4dGgG5rI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 10 Jul 2024, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 82d01fe6ee52 Add linux-next specific files for 20240709 > git tree: linux-next > console+strace: https://syzkaller.appspot.com/x/log.txt?x=14904441980000 > kernel config: https://syzkaller.appspot.com/x/.config?x=95a20e7acf357998 > dashboard link: https://syzkaller.appspot.com/bug?extid=a2cc273ad0e5a4c15302 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15882a49980000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=172aba49980000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/12dcacb06142/disk-82d01fe6.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/6ef954821378/vmlinux-82d01fe6.xz > kernel image: https://storage.googleapis.com/syzbot-assets/9ebf01d42887/bzImage-82d01fe6.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+a2cc273ad0e5a4c15302@syzkaller.appspotmail.com > > list_del corruption, ffffea0001eb8090->next is NULL > ------------[ cut here ]------------ > kernel BUG at lib/list_debug.c:53! > Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI > CPU: 0 UID: 0 PID: 5105 Comm: syz-executor331 Not tainted 6.10.0-rc7-next-20240709-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 > RIP: 0010:__list_del_entry_valid_or_report+0xd0/0x140 lib/list_debug.c:52 > Code: 06 e2 42 fd 48 8b 13 4c 39 fa 75 6b b0 01 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 48 c7 c7 a0 9b 20 8c 4c 89 fe e8 71 e0 d7 06 90 <0f> 0b 48 c7 c7 00 9c 20 8c 4c 89 fe e8 5f e0 d7 06 90 0f 0b 48 c7 > RSP: 0018:ffffc900034df410 EFLAGS: 00010046 > RAX: 0000000000000033 RBX: ffff888140e81000 RCX: f885dda17ff31200 > RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 > RBP: ffffea0001eb8090 R08: ffffffff8173a779 R09: 1ffff9200069be1c > R10: dffffc0000000000 R11: fffff5200069be1d R12: dffffc0000000000 > R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001eb8090 > FS: 00007fe27183f6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000200d1a00 CR3: 0000000021fbe000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > __list_del_entry_valid include/linux/list.h:124 [inline] > __list_del_entry include/linux/list.h:215 [inline] > list_del_init include/linux/list.h:287 [inline] > __folio_undo_large_rmappable+0x104/0x230 mm/huge_memory.c:3289 > __folio_migrate_mapping+0x6c1/0x3490 mm/migrate.c:418 > __migrate_folio mm/migrate.c:693 [inline] > migrate_folio+0x111/0x260 mm/migrate.c:720 > move_to_new_folio+0x306/0x12e0 > unmap_and_move_huge_page mm/migrate.c:1444 [inline] > migrate_hugetlbs mm/migrate.c:1563 [inline] > migrate_pages+0xb74/0x3460 mm/migrate.c:1960 > do_mbind mm/mempolicy.c:1388 [inline] > kernel_mbind mm/mempolicy.c:1531 [inline] > __do_sys_mbind mm/mempolicy.c:1605 [inline] > __se_sys_mbind+0x1490/0x19f0 mm/mempolicy.c:1601 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > RIP: 0033:0x7fe2718a4d39 > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007fe27183f208 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed > RAX: ffffffffffffffda RBX: 00007fe27192f338 RCX: 00007fe2718a4d39 > RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000020199000 > RBP: 00007fe27192f330 R08: 0000000000000000 R09: 0000000000000003 > R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2718fc604 > R13: 00007fe2718fc008 R14: 7277682f7665642f R15: 00000000ffffff1f > > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:__list_del_entry_valid_or_report+0xd0/0x140 lib/list_debug.c:52 > Code: 06 e2 42 fd 48 8b 13 4c 39 fa 75 6b b0 01 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 48 c7 c7 a0 9b 20 8c 4c 89 fe e8 71 e0 d7 06 90 <0f> 0b 48 c7 c7 00 9c 20 8c 4c 89 fe e8 5f e0 d7 06 90 0f 0b 48 c7 > RSP: 0018:ffffc900034df410 EFLAGS: 00010046 > RAX: 0000000000000033 RBX: ffff888140e81000 RCX: f885dda17ff31200 > RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000 > RBP: ffffea0001eb8090 R08: ffffffff8173a779 R09: 1ffff9200069be1c > R10: dffffc0000000000 R11: fffff5200069be1d R12: dffffc0000000000 > R13: dffffc0000000000 R14: 0000000000000000 R15: ffffea0001eb8090 > FS: 00007fe27183f6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000200d1a00 CR3: 0000000021fbe000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup #syz fix: mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio