From: syzbot <syzbot+d6ec23007e951dadf3de@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
mike.kravetz@oracle.com, mszeredi@redhat.com,
syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: kernel BUG at mm/hugetlb.c:LINE!
Date: Sun, 05 Apr 2020 20:06:12 -0700 [thread overview]
Message-ID: <000000000000b4684e05a2968ca6@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 1a323ea5 x86: get rid of 'errret' argument to __get_user_x..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=132e940be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8c1e98458335a7d1
dashboard link: https://syzkaller.appspot.com/bug?extid=d6ec23007e951dadf3de
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12921933e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=172e940be00000
The bug was bisected to:
commit e950564b97fd0f541b02eb207685d0746f5ecf29
Author: Miklos Szeredi <mszeredi@redhat.com>
Date: Tue Jul 24 13:01:55 2018 +0000
vfs: don't evict uninitialized inode
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=115cad33e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=135cad33e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=155cad33e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+d6ec23007e951dadf3de@syzkaller.appspotmail.com
Fixes: e950564b97fd ("vfs: don't evict uninitialized inode")
overlayfs: upper fs does not support xattr, falling back to index=off and metacopy=off.
------------[ cut here ]------------
kernel BUG at mm/hugetlb.c:3416!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7036 Comm: syz-executor110 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__unmap_hugepage_range+0xa26/0xbc0 mm/hugetlb.c:3416
Code: 00 48 c7 c7 60 37 35 88 e8 57 b4 a2 ff e9 b3 fd ff ff e8 cd 90 c6 ff 0f 0b e9 c4 f7 ff ff e8 c1 90 c6 ff 0f 0b e8 ba 90 c6 ff <0f> 0b e8 b3 90 c6 ff 83 8c 24 c0 00 00 00 01 48 8d bc 24 a0 00 00
RSP: 0018:ffffc900017779b0 EFLAGS: 00010293
RAX: ffff88808cf5c2c0 RBX: ffffffff8c641c08 RCX: ffffffff81ac50b4
RDX: 0000000000000000 RSI: ffffffff81ac58a6 RDI: 0000000000000007
RBP: 0000000020000000 R08: ffff88808cf5c2c0 R09: ffffed10129d8111
R10: ffffed10129d8110 R11: ffff888094ec0887 R12: 0000000000003000
R13: 0000000000000000 R14: 0000000020003000 R15: 0000000000200000
FS: 00000000013c0880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000140 CR3: 0000000093554000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__unmap_hugepage_range_final+0x30/0x70 mm/hugetlb.c:3507
unmap_single_vma+0x238/0x300 mm/memory.c:1296
unmap_vmas+0x16f/0x2f0 mm/memory.c:1332
exit_mmap+0x2aa/0x510 mm/mmap.c:3126
__mmput kernel/fork.c:1082 [inline]
mmput+0x168/0x4b0 kernel/fork.c:1103
exit_mm kernel/exit.c:477 [inline]
do_exit+0xa51/0x2dd0 kernel/exit.c:780
do_group_exit+0x125/0x340 kernel/exit.c:891
__do_sys_exit_group kernel/exit.c:902 [inline]
__se_sys_exit_group kernel/exit.c:900 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:900
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x43efe8
Code: Bad RIP value.
RSP: 002b:00007ffdfe6c00f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043efe8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004be7e8 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 0000040000000011 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d0180 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 2d36245d65cb52f7 ]---
RIP: 0010:__unmap_hugepage_range+0xa26/0xbc0 mm/hugetlb.c:3416
Code: 00 48 c7 c7 60 37 35 88 e8 57 b4 a2 ff e9 b3 fd ff ff e8 cd 90 c6 ff 0f 0b e9 c4 f7 ff ff e8 c1 90 c6 ff 0f 0b e8 ba 90 c6 ff <0f> 0b e8 b3 90 c6 ff 83 8c 24 c0 00 00 00 01 48 8d bc 24 a0 00 00
RSP: 0018:ffffc900017779b0 EFLAGS: 00010293
RAX: ffff88808cf5c2c0 RBX: ffffffff8c641c08 RCX: ffffffff81ac50b4
RDX: 0000000000000000 RSI: ffffffff81ac58a6 RDI: 0000000000000007
RBP: 0000000020000000 R08: ffff88808cf5c2c0 R09: ffffed10129d8111
R10: ffffed10129d8110 R11: ffff888094ec0887 R12: 0000000000003000
R13: 0000000000000000 R14: 0000000020003000 R15: 0000000000200000
FS: 00000000013c0880(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8cc24dd000 CR3: 0000000093554000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
next reply other threads:[~2020-04-06 3:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-06 3:06 syzbot [this message]
2020-04-06 22:05 ` kernel BUG at mm/hugetlb.c:LINE! Mike Kravetz
2020-05-12 15:04 ` Miklos Szeredi
2020-05-12 18:11 ` Mike Kravetz
2020-05-15 22:15 ` Mike Kravetz
2020-05-18 11:12 ` Miklos Szeredi
2020-05-18 23:22 ` Mike Kravetz
2020-05-18 23:41 ` Colin Walters
2020-05-19 0:35 ` Mike Kravetz
2020-05-20 11:20 ` Miklos Szeredi
2020-05-20 17:27 ` Mike Kravetz
2020-05-22 10:05 ` Miklos Szeredi
2020-05-28 0:01 ` Mike Kravetz
2020-05-28 8:37 ` [PATCH v2] ovl: provide real_file() and overlayfs get_unmapped_area() kbuild test robot
2020-05-28 8:37 ` kbuild test robot
2020-05-28 21:01 ` Mike Kravetz
2020-05-28 21:01 ` Mike Kravetz
2020-06-04 9:16 ` Miklos Szeredi
2020-06-04 9:16 ` Miklos Szeredi
2020-06-11 0:13 ` Mike Kravetz
2020-06-11 0:13 ` Mike Kravetz
2020-06-11 0:37 ` Al Viro
2020-06-11 0:37 ` Al Viro
2020-06-11 1:36 ` Matthew Wilcox
2020-06-11 1:36 ` Matthew Wilcox
2020-06-11 2:17 ` Al Viro
2020-06-11 2:17 ` Al Viro
2020-06-11 2:31 ` Mike Kravetz
2020-06-11 2:31 ` Mike Kravetz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000b4684e05a2968ca6@google.com \
--to=syzbot+d6ec23007e951dadf3de@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=mszeredi@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.