From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C13F4E7716D for ; Thu, 5 Dec 2024 15:26:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 86B5C6B00A9; Thu, 5 Dec 2024 10:19:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D92246B00C3; Thu, 5 Dec 2024 10:19:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B705A6B00D3; Thu, 5 Dec 2024 10:19:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 953036B0089 for ; Tue, 5 Nov 2024 11:40:04 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 4AE53ACCB0 for ; Tue, 5 Nov 2024 16:40:04 +0000 (UTC) X-FDA: 82752603150.02.BB2B2A3 Received: from mail-qt1-f193.google.com (mail-qt1-f193.google.com [209.85.160.193]) by imf25.hostedemail.com (Postfix) with ESMTP id 749E0A002B for ; Tue, 5 Nov 2024 16:39:38 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=rowland.harvard.edu header.s=google header.b=fZHWGAYi; spf=pass (imf25.hostedemail.com: domain of stern@g.harvard.edu designates 209.85.160.193 as permitted sender) smtp.mailfrom=stern@g.harvard.edu; dmarc=pass (policy=none) header.from=rowland.harvard.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730824580; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GRBcew+0JiL3+UmM8Y8pVven1H5td1/bh4NGZK/Ka30=; b=Qb7/PpJwZlwd0qXRiryo0WyVQBXd4W/jYWDZ6vkTjSvjKAHGWUI4obIuqPW3aO32VDuThW xcyso/R8EE8U5+AR5Q3ssgRy0QsdQdq3dUpT7ORqPLvDFdlfFDGWmNH3vas3GXZW+Gx4NS 3y9UJbZTKXdCmx288+a2cv1LXtoHo6A= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=rowland.harvard.edu header.s=google header.b=fZHWGAYi; spf=pass (imf25.hostedemail.com: domain of stern@g.harvard.edu designates 209.85.160.193 as permitted sender) smtp.mailfrom=stern@g.harvard.edu; dmarc=pass (policy=none) header.from=rowland.harvard.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730824580; a=rsa-sha256; cv=none; b=aubO90IH3cQjyABBuZrp2nY70crIzWRawKNIkyUPP1xQIyUzxMi5+WqfmDeOp8Vk3+atJv eWYitI5HqxjeQpiJX7L+yB+9v+rN1Z2EVmbRnafaO7+szrx3j7UrpHZBCFoEwxxyqp+yTR E8/hCvWwcj/Ew2RZ5YRkSX+6wiPsbUk= Received: by mail-qt1-f193.google.com with SMTP id d75a77b69052e-4608e389407so77024811cf.2 for ; Tue, 05 Nov 2024 08:40:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rowland.harvard.edu; s=google; t=1730824801; x=1731429601; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=GRBcew+0JiL3+UmM8Y8pVven1H5td1/bh4NGZK/Ka30=; b=fZHWGAYiJxXumTTGZ0Jy25AqFDOT5fnrbnq6wH4Rxud1SBun05aoGKj1wV3Libe18v UZLgAi4Xx53M/B8Ib2jnhBQ61OOWsVkh/GSxrC0L6g51PU6JJ0uRAkJxsnzNJdGwNcRl 8pnO42wMmkh946Kiu0x7XecfRZC/7SXpVm4t1GAatTCMymJMDzDR3mMgKuzw0yj3NxOq Hgu7HIPQVDKMHItezXVgKWM5bnFKm5YdLny4w/ytvbPuh7HkvgcnZS6fShMpZ1C7jo1v 2lJBJU6vUiOmVY/qE8MxXfRbh+gwb8n18a0zkXqCYLS++NfH0/6/L0HK4feKFh2i8GCx hDmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730824801; x=1731429601; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=GRBcew+0JiL3+UmM8Y8pVven1H5td1/bh4NGZK/Ka30=; b=RXZKVgfZAZk0HaN5vzQnzsyLqluorimG+QGB1p0UXL/YwrGv599hjJfb7dJBLg1azn 44aDDCAq+xpYz5J2PrgArkmYy+BNBiJVBq2rNGNYi8ApdLg9OisGcz2FZizRH2fi2d5i fC1tw2402FUf9vw8ff2xRC1gEkJpa2zvGB8GMR5qQP6hY9mF4khLwOkx38Jpk+s7k+IA Q0Nx9fHW3ChszQz2ECv0ZXLbOgckozSrvpoMNQ7wql9NkLSMSh7HzLvUUZwx1Rg0oKYR YrOwLdbwcZahtr68xSvP/5uAcJ1jHTws65G4K1o2G0/BpfE6Voxv9r1ChROv/gpPSUbt DkuQ== X-Forwarded-Encrypted: i=1; AJvYcCUdhDV8XL6mY4Jv5KuUt/QPNgyltP99MK01SjaAp71xRAlKPut/566jt8N26g9tXxEVDJX7J0zbXg==@kvack.org X-Gm-Message-State: AOJu0Yz8GIM+s0m8y30nrVdhqQI8RRLgXUxUptMLijPLdtMLvCQcMXLC +D1iMAZrNLw7cwqxTxP1bKAv4rzAhr8Fci42OS7QctvnRYEOoNGhAseuTyn5QA== X-Google-Smtp-Source: AGHT+IF1lrJ55ZLaqsMQmCJc+nZLoIrd0pBKX6PyZTE2jGiWvlQkkwXauxY0gK7p2TEXIq7R5lQScQ== X-Received: by 2002:a05:6214:46a0:b0:6cc:255:202f with SMTP id 6a1803df08f44-6d18586b5e2mr624317936d6.51.1730824801484; Tue, 05 Nov 2024 08:40:01 -0800 (PST) Received: from rowland.harvard.edu ([140.247.12.5]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d3541775a5sm62122436d6.110.2024.11.05.08.40.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Nov 2024 08:40:00 -0800 (PST) Date: Tue, 5 Nov 2024 11:39:59 -0500 From: Alan Stern To: Andrew Morton Cc: syzbot , linux-kernel@vger.kernel.org, linux-mm@kvack.org, pasha.tatashin@soleen.com, syzkaller-bugs@googlegroups.com, linux-usb@vger.kernel.org Subject: Re: [syzbot] [mm?] kernel BUG in __page_table_check_zero (2) Message-ID: References: <67230d7e.050a0220.529b6.0005.GAE@google.com> <20241104200007.dc8d0f018cc536a4957a1cd0@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241104200007.dc8d0f018cc536a4957a1cd0@linux-foundation.org> X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 749E0A002B X-Stat-Signature: rwou4szar5yezfo5iq5x7epbuaojqboo X-Rspam-User: X-HE-Tag: 1730824778-497243 X-HE-Meta: U2FsdGVkX19YnSZ9K2Sj328LqbIRoeXiyiiElQ4AUAbn47Y3QJ19tABZZB18G9RPGWic6+FNPJi2DkftK1WwaVZ3WWikobezcQ67EztLd7+yPA0Y17K+d9vHILPUmivHxiCPFh8OqkVQdaNMfD+3Bic0tlYPSkv9ZPgICghIHr3rNZZq+3rnLtd/4R7ful9U+k6Tvf0gGsxEU7JCliIMeLUvznZxq+tlZ16DazAaKvHB3ddQ4EHeqILaaeCvZILtokEnEzVoCSQx4y2dbR+B3fdI3k3Zz9IVI4CBZyO+ApGI0CJ8GFi/Fkqpkx1sF3sUK0nyYlM0MO475bje+xH8fGnWh9TEoNLanvJdMOIsl4G448+BiilMjoF8ZU2om75fhEi9Oua1pu6Z/RyDutONkdb5PJGzf1mn4het3VCGFgJ5iq1HLzL+PM5v0mAt/HLMqkP+0kP7ELgm0noLl2iRiwIoLwfk/eTG99PjHj6vE+Y2J3JEgPWx+eNLVsciP3G3xBpMX0yG/9MaeK+vGtbrovkqi1I5hRNZTwxVJqL46yiJtY79WWKvmi7RgFN3C1XTPID5kUxHSFYfakuZckOmFi+iF77Qo8LHuBSA8c2I2n5i2bZu3qc5kjxYHz1VdmAkj5ZRD40JgDIsysDpf9khYLK7XWqCSowaNpQn3MFQp+AouLDY7UheH9MVVjgkb1Y+dzvVdXGKYNQJ3xXB5S5Bq7naclFUBtfMO4M7KGEcrXUhqiMnvB5wqR0UF7kKQIH3SN2SpVuSfOWLCNZYJh33C4FLLETaMak30e8SSPIUpBv3plnesgGyc9r0Sh0XaF/m8o/O8y5rpHt/d6LICjCw+ELM026/NypHxqD4yI3a3Z0Sqy9bqhJsI8tKmXOrRQ9nPiAa+DQ43aFo/QMG8n31JD/1cPfD+34DG7I2XZ9OCjOS5kZcSt8cO9IqlKQc5JvR+oh+vNS96njsKnismfO dBxh+vgP NUSePttV9bs6bXUKDPiqj9gGqgy42Od4HpLveNHq/9ff7/VP0pZy70ZfTy8olQhGPCvKhL8KzfF5GXSbA1umntnJOyZr0f2/EGKKjuxOdgPhuamNnKwerXoWQbTAxOeXNF9CrZmtj4Wh7TspYFj8T/D0VKvnT8rASDex5keLaJkBFqF7DZUq+AD30ohiPc10HRRV1OQ6qsIGvotn87u4Df1y5idXpbj9Jqd4zOc695T1OI2Fn8FHA7krw4Z41odbm5VozgWKSMgIE2+JDbv0dRxkkY7F75gTUg1/LrDEvtwNEB+IFjcRHOKnMuErxIBtbvr91S0wi9jEKR4jx9irusoL9fQNpS9Mo3M6trRgsoJ8ogKQjYQiQFpVuYqqC1i9NWpx7VFSyIpXCHJjbFme3FlUpglIRvsW/BK/uVACyCuA+MgP1AB7cHv/qUKK096gaqKUh3Q/eFqJIHxsj8mW14okClr3Yoh9pbD6a6eydOacMqA6gy/HWk/7t4mHB9nxKqD9/3dnDetDc057VaWFfuo3rmSE5YOuXWosbMUbq5sr3X0I0SHt2dJVDP+4RLpPycva+rd5AJxFTuaQj2XfgrbVR8O3vaNHlvGaj5CoihpdxLq54GG0Wy9dlI8eMFtYbuyY1H9Dehl25sfGZKHQaxuk3sHkjn4onPhc6xjwV/OaLK1VHstKxRW6UNlu8vKQA3ly3jaVX0w3m5t7zRv3VJdVyeyBLVugJzK+48PyjwvI1tSvJ9AZez1TdW3m12tHRsxEKRElED1fIeJHfExeNoUi/dbQsxEY3kwrTRkR7LXW62J95Lbp567o1Cnp5er2DNakItE6ynIhc7lkklmTBZAKIypgFgoW6RRG/ESx3Bw990ZImZHgJnLlWtPFD5mPTmA6jmln9tYA/nJsnttQb7XX3wTvuuBtz8/EO8lOFS1c2ce/I+dHbOEwlS7GbWaAXpIgMHcZHzWHytaIY3k0O6f7iVRN+ APg4pK+D tY3/NU4Qei2zsjyLejuuXiA+VccuZLvGVMXhB8ffC12j1/AhkgFk8lmXu3NDqH5pSRiO8PtPVQpHN5pvwkc2HpFDho0kTM6NIGArkyForeDwMSLF1KEvw2BIP/LpdHiX30M4+U9hzGyNE49wi/rcBRpGqZOqs2GqmeEeKzB+WxZMRyCKw74Er1qBhoCnG8WT+p6Yko+YLiexICu3ZpufKWG59k18OdHMg88Vpc7o+BzzXzP1IdYAO8EEAss3XtGYwH/C8wbd80VLqLNtjVnlqgGYCVflATWZGXYieT/jhTc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Nov 04, 2024 at 08:00:07PM -0800, Andrew Morton wrote: > On Wed, 30 Oct 2024 21:54:22 -0700 syzbot wrote: > > > Hello, > > > > syzbot found the following issue on: > > Thanks. I'm suspecting some USB issue - fault injection was used to > trigger a memory allocation failure and dec_usb_memory_use_count() ended > up freeing an in-use page. Could USB folks please have a look? Andrew, I'm not sure what to look for. Can you read through usbdev_mmap() in drivers/usb/core/devio.c, along with the four short routines preceding it, and let us know if anything seems obviously wrong? Alan Stern > > HEAD commit: 850925a8133c Merge tag '9p-for-6.12-rc5' of https://github.. > > git tree: upstream > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=1346c940580000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=309bb816d40abc28 > > dashboard link: https://syzkaller.appspot.com/bug?extid=ccc0e1cfdb72b664f0d8 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=158ab65f980000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=120e6a87980000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/da8019730dec/disk-850925a8.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/b1ee80babbbc/vmlinux-850925a8.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/462580e2ad54/bzImage-850925a8.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+ccc0e1cfdb72b664f0d8@syzkaller.appspotmail.com > > > > Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 > > RSP: 002b:00007ffede422258 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 > > RAX: ffffffffffffffda RBX: 00007ffede422280 RCX: 00007f69e1b3c569 > > RDX: 0000000002000005 RSI: 0000000000003000 RDI: 000000002001a000 > > RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000080000000 > > R10: 0000000000011012 R11: 0000000000000246 R12: 00007ffede42227c > > R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 > > > > ------------[ cut here ]------------ > > kernel BUG at mm/page_table_check.c:157! > > Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI > > CPU: 1 UID: 0 PID: 5850 Comm: syz-executor279 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > > RIP: 0010:__page_table_check_zero+0x274/0x350 mm/page_table_check.c:157 > > Code: c1 0f 8c 39 fe ff ff 48 89 df e8 87 28 f3 ff e9 2c fe ff ff e8 dd 6a 89 ff 90 0f 0b e8 d5 6a 89 ff 90 0f 0b e8 cd 6a 89 ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 95 6f 89 > > RSP: 0018:ffffc900046bf6d8 EFLAGS: 00010293 > > RAX: ffffffff820b7fa3 RBX: dffffc0000000000 RCX: ffff88802fc13c00 > > RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801e97380c > > RBP: ffff88801e97380c R08: ffff88801e97380f R09: 1ffff11003d2e701 > > R10: dffffc0000000000 R11: ffffed1003d2e702 R12: ffff88801e9737c0 > > R13: 1ffffffff34887b4 R14: 0000000000000002 R15: 0000000000000000 > > FS: 0000555570714380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00007f69e1b92385 CR3: 0000000073ae6000 CR4: 0000000000350ef0 > > Call Trace: > > > > page_table_check_free include/linux/page_table_check.h:41 [inline] > > free_pages_prepare mm/page_alloc.c:1109 [inline] > > free_unref_page+0xd0f/0xf20 mm/page_alloc.c:2638 > > dec_usb_memory_use_count+0x259/0x350 drivers/usb/core/devio.c:198 > > mmap_region+0x2180/0x2a30 mm/mmap.c:1574 > > do_mmap+0x8f0/0x1000 mm/mmap.c:496 > > vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:588 > > ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:542 > > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > > do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 > > entry_SYSCALL_64_after_hwframe+0x77/0x7f