[syzbot] [mm?] WARNING in try_grab_page

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+9b82859567f2e50c123e@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	 linux-mm@kvack.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] [mm?] WARNING in try_grab_page
Date: Mon, 03 Jul 2023 09:34:55 -0700	[thread overview]
Message-ID: <000000000000273d0105ff97bf56@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    3a8a670eeeaa Merge tag 'net-next-6.5' of git://git.kernel...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c1d408a80000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ce7f4ca96cdf82c7
dashboard link: https://syzkaller.appspot.com/bug?extid=9b82859567f2e50c123e
compiler:       aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-3a8a670e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a940531a9b86/vmlinux-3a8a670e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f3cbae5be61/Image-3a8a670e.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9b82859567f2e50c123e@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:27 [inline]
WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]
WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 raw_atomic_add include/linux/atomic/atomic-arch-fallback.h:537 [inline]
WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 atomic_add include/linux/atomic/atomic-instrumented.h:105 [inline]
WARNING: CPU: 1 PID: 20384 at mm/gup.c:229 try_grab_page+0x108/0x160 mm/gup.c:252
Modules linked in:
CPU: 1 PID: 20384 Comm: syz-executor.1 Not tainted 6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : try_grab_page+0x108/0x160 mm/gup.c:229
lr : follow_page_pte+0x174/0x3e4 mm/gup.c:651
sp : ffff800089bbb5e0
x29: ffff800089bbb5e0 x28: 0000000000200000 x27: ffff000004d23800
x26: 0120000042835fc3 x25: 0000000000000000 x24: 0000000000080000
x23: ffff800089bbb738 x22: fffffc00000a0d40 x21: ffff00001e541008
x20: fcff00001e5a7b40 x19: 0000000000290000 x18: 0000000000000000
x17: 0000000000000000 x16: ffff800081ccc7c0 x15: 0000ffff8b6e9fff
x14: 0000000000000000 x13: 1edfe00003cc9f01 x12: ffff800089bbb628
x11: f6ff00001e64f800 x10: f6ff00001e64f80c x9 : f6ff00001e64f808
x8 : 0000000020001000 x7 : 0000000020000000 x6 : 0000000000000000
x5 : 0000000000042835 x4 : 0000000020001000 x3 : fffffc00000a0d40
x2 : fffffc00000a0d40 x1 : 0000000000290000 x0 : 00000000fffffff3
Call trace:
 __lse_atomic_add arch/arm64/include/asm/atomic_lse.h:27 [inline]
 arch_atomic_add arch/arm64/include/asm/atomic.h:28 [inline]
 raw_atomic_add include/linux/atomic/atomic-arch-fallback.h:537 [inline]
 atomic_add include/linux/atomic/atomic-instrumented.h:105 [inline]
 try_grab_page+0x108/0x160 mm/gup.c:252
 follow_pmd_mask mm/gup.c:734 [inline]
 follow_pud_mask mm/gup.c:765 [inline]
 follow_p4d_mask mm/gup.c:782 [inline]
 follow_page_mask+0x12c/0x2e4 mm/gup.c:839
 __get_user_pages+0x174/0x30c mm/gup.c:1217
 __get_user_pages_locked mm/gup.c:1448 [inline]
 __gup_longterm_locked+0x94/0x8f4 mm/gup.c:2142
 internal_get_user_pages_fast+0x970/0xb60 mm/gup.c:3140
 pin_user_pages_fast+0x4c/0x60 mm/gup.c:3246
 iov_iter_extract_user_pages lib/iov_iter.c:1768 [inline]
 iov_iter_extract_pages+0xc8/0x54c lib/iov_iter.c:1831
 extract_user_to_sg lib/scatterlist.c:1123 [inline]
 extract_iter_to_sg lib/scatterlist.c:1349 [inline]
 extract_iter_to_sg+0x26c/0x6fc lib/scatterlist.c:1339
 hash_sendmsg+0xc0/0x43c crypto/algif_hash.c:117
 sock_sendmsg_nosec net/socket.c:725 [inline]
 sock_sendmsg+0x54/0x60 net/socket.c:748
 ____sys_sendmsg+0x270/0x2ac net/socket.c:2494
 ___sys_sendmsg+0x80/0xdc net/socket.c:2548
 __sys_sendmsg+0x68/0xc4 net/socket.c:2577
 __do_sys_sendmsg net/socket.c:2586 [inline]
 __se_sys_sendmsg net/socket.c:2584 [inline]
 __arm64_sys_sendmsg+0x24/0x30 net/socket.c:2584
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
 el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
 el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2023-07-03 16:35 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-03 16:34 syzbot [this message]
2023-07-25  8:36 ` [syzbot] [mm?] WARNING in try_grab_page Sven Schnelle
2023-07-25  9:28   ` David Howells
2023-07-26  8:25   ` David Howells
2023-07-26  8:31   ` David Howells
2023-07-26  8:31     ` syzbot
2023-09-05 17:36 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000273d0105ff97bf56@google.com \
    --to=syzbot+9b82859567f2e50c123e@syzkaller.appspotmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.