From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E09AC25B48 for ; Thu, 26 Oct 2023 15:48:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A47EA8D002B; Thu, 26 Oct 2023 11:48:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9F7E88D0001; Thu, 26 Oct 2023 11:48:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F0DC8D002B; Thu, 26 Oct 2023 11:48:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 7EADB8D0001 for ; Thu, 26 Oct 2023 11:48:25 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5BA551A0A62 for ; Thu, 26 Oct 2023 15:48:25 +0000 (UTC) X-FDA: 81388044570.12.94DE4DB Received: from mail-ot1-f78.google.com (mail-ot1-f78.google.com [209.85.210.78]) by imf18.hostedemail.com (Postfix) with ESMTP id B233D1C0015 for ; Thu, 26 Oct 2023 15:48:22 +0000 (UTC) Authentication-Results: imf18.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf18.hostedemail.com: domain of 3RYo6ZQkbAHQkqrcSddWjShhaV.YggYdWmkWjUgflWfl.Uge@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.78 as permitted sender) smtp.mailfrom=3RYo6ZQkbAHQkqrcSddWjShhaV.YggYdWmkWjUgflWfl.Uge@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698335302; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=d7Eidu7L2iUdEB+zorsdtmhjh6dd+U7bOpJNv0nhuZo=; b=P+4oNY0fxr4nh2zhNLkyXHAs16hE5a/2xHXb9l9MTVe3Cx9cJaWEWGDgQ6rhwmG2Ysqi64 ETKokyGOl8jD00LlPRCbIHzWqpNyhOsSxy8WVGZ5LQFfpiMHOW3waiAOuklp8KUjPkuyLz cCcXcRZomTDS2ZX2Glx9XpoWm6o4EuA= ARC-Authentication-Results: i=1; imf18.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=appspotmail.com (policy=none); spf=pass (imf18.hostedemail.com: domain of 3RYo6ZQkbAHQkqrcSddWjShhaV.YggYdWmkWjUgflWfl.Uge@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com designates 209.85.210.78 as permitted sender) smtp.mailfrom=3RYo6ZQkbAHQkqrcSddWjShhaV.YggYdWmkWjUgflWfl.Uge@M3KW2WVRGUFZ5GODRSRYTGD7.apphosting.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698335302; a=rsa-sha256; cv=none; b=2OFpOs7tgLF+MDZQ2Ova/Qx6f6lAWO0P2q8yK0/9FqpXgulO9r8O34P8jV01nImT4SOq8Z oBncr9iReMpf6+jRdKZnAsrsbgHx3NNXoXR9PeXcyN+qgqDBoU4sAMvV2RRHLwtbwAkbi6 z7eEykd9U/KXSh4cKP4cfhHQUVK9IKc= Received: by mail-ot1-f78.google.com with SMTP id 46e09a7af769-6ce37a2b2e9so1349648a34.0 for ; Thu, 26 Oct 2023 08:48:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698335301; x=1698940101; h=to:from:subject:message-id:date:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=d7Eidu7L2iUdEB+zorsdtmhjh6dd+U7bOpJNv0nhuZo=; b=CQJmRFiq9BMkLs0ZcoRMHYXRslHswL4cvhvbLO6OGcRXLJjfPAnAROldihUZgxOLKB 0Eq/ZwisB8A1i7EVLSQFG+oiA9+EX7xdN746VKN5wr1QBmgRNGQRVJWeRitdEMmPBSOB MF7Tu/PfevGh27q9rv8XOiwOR1y+B6z4il/EP8mC9SDjCoeO/6OPj1YAQPwDKhv8god2 mADDSqbTXfDUQxY/UM8zHgtu/B5AoENM08l1g6zbl2gTvOrE3FIPpAdUq2f1ziGU7Yt3 dE4ahoXKt2VsuL8ubbrNhPjEhUuDS8T4iOvf93ZvZKJ3CrCUy30SjwXW5AhCDaDg4w5P PoIA== X-Gm-Message-State: AOJu0Ywz47njeG6JN+PrTx0XfjzJ/mIJkwDy0/6pQjEmGTpkTbb0/3CB HUl5jzF7P2Fh90MdUpHvcIhAgpB057uN/86+WP2JRbnhue6M X-Google-Smtp-Source: AGHT+IE98igJbpoF/jA+2/AHqkb5glZhVxOvJFLUKAhtdoieEyHQJIOE1I8O0Iqkkeb8ek8ZRkglNtPvbAXZa/g12fzPTYGH9/5s MIME-Version: 1.0 X-Received: by 2002:a9d:7d01:0:b0:6c6:42ca:ed46 with SMTP id v1-20020a9d7d01000000b006c642caed46mr5076566otn.0.1698335301712; Thu, 26 Oct 2023 08:48:21 -0700 (PDT) Date: Thu, 26 Oct 2023 08:48:21 -0700 X-Google-Appengine-App-Id: s~syzkaller X-Google-Appengine-App-Id-Alias: syzkaller Message-ID: <0000000000005e44550608a0806c@google.com> Subject: [syzbot] [mm?] BUG: unable to handle kernel paging request in __pte_offset_map_lock From: syzbot To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: B233D1C0015 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: g8cq87nbnswckc17dojp8hqo118qyzpy X-HE-Tag: 1698335302-73701 X-HE-Meta: U2FsdGVkX1+E+/D1ly+2iXmlHfX88BUYAg9PDXJ9M2Q0kOxViUUaww0QxvRoMiMPFqmZAa5XrkZs0F2xK6ah2lq2UpM5ZF3x83rfzYTJOmHfCrNyHAumDS1AvvWhKHRhan+raPRVjEEwzoBsz54Kn1BI45D+gl/wknpihuuCgwv20S0DSSEfYic7hc5bqFzm8QIecnWdZu4rGSSGIzL3f1je6LxqXJJBTfHgELtaXZIGFPcvYAZE1e7P4rJtmvQew3uT9y+XMzH9m8lmRdlwPLLwXkj0xPzzPEeXBLHaXnU9PAFA7hSlxmSX6tDFZrEXDOMWvTIC2F+n+6SIHNZU7PRG3K41VUwJEe6jq9pSB5D/Q5jHrEAMUaiwPooQLGVkvHrggzWCW/t8ADh1g1dBWeFqp4PSDNY2eDJXEssQijtK6RLJGmQ5qKC8kjEdpfX0viUrPIYWyeMolcBOrNYeQ9X9zb9SvEA8xmKMuGXPgTBoQNSTXEodm18eMsKLyZdVKMpiAJWCck/yEprjGH8Ue8hXZGNEtXCLJank48jsvb6v9NWIGgsQIUvnd2IunHRKjSDjwAneXhH9N4eQV2Qh/qhHbQ2c0vevtEOLF19pWzo/s+1wQzuIIo3JXxnE0VPu+Vr3OeNsf0IhSwxaO5HWv0dK1qVvoHsJqxk8cK66CmxUNZpnv5n6fYFmAdRSlZdbufKeB6gzXQN1NioHlemnlj4oBVo3BRpV1Yx+w1fyoW1AKA0SWYKYR11JrYEmQEg1x1gqUcj2HcqVMJsGdBb1QiQs7TN6SrM94IQmD6OpkWdjXW2TJFxBRTZjY5DET9c0zxxiPcdiQYfWbpT1xg24Soe+KIVXYeYgzJG+R9ndkCTxUbQQuR03jRdsvOkLlGnBrlcNLqu3aI/rIhRTfjycdQU4XAYHG/IjiGvgWKPJPVN+hARClXAk24s29wO9qKcfhHejTkTxnjOK5apaCqS NUJbOBNz HcrmwV7FYmhnjB4TcQnXzEsaZnoC1uCFy7zKaC78npHCBf5btoGOWiydIsWWYhGcqCWM1TXHzGIy5Wn+t2S1P3meteJ7Mjx5uDeow4V7rzX8KXf0+mg/SMlorCLBsvonkM2o2THdK4F7/6fpNcO/GUadITnGhuHX7UkbsO3s+iSsqPqqebeqgW0AG2WMb+E0c6e4jD6kU+vyFByGzye7KjFTKaEc6LHrXPK0acbN3op55GFUojD5t+pjrEKl7icnI2ZHImXWilgKoLfs7JNn6fZKloHTPxJmnBXeMSYjR5BHRYVxNF5ITu2n3jQKDbfalcKlfV9h8ZS6+bNKvsqbs0mvUo6GkW5XM21cG21z0+ySe7aIFssYHMeEOxeGpZyeDr+pc1MwBxqygnsS0l5dx3iCfzKlYw2u+dh6GN4BZSWPeyb3dwBUdzqrElZQPs8fbfH52fl1aaSfKHPDtxZkPb9HpJYvxw+dJR8TbhBUrsh4ltD8tGR9afE2YI9EOThutb+n9hiOkfILVZJoJLDpPSymFtR3V2p7IA5zSinUElNy3XyBfnQgo87C7FThXBHe1nZM8gohBaAYW41kOYwkaYEEAlHM8luI8LMkEmziWBYMEmkw0s4p0bUgl4qVZAXXuzp9ilayHypghhsAT+UfVRhXBHoO0EivQKst+YVQrLRJjpaeooPoYH15wA+PBNAzDyDVFhSjzIA94BKSxUvMCZVtvp3xTOQ6tbmQLR8T6SWO/kTM4TewY5gqBkIcjnZp2/i/o5DbLjKLe1JadORmuvcB10bDaUJn1DwLrPZyTNJ8fvlBMrIMI2qg+24TSeUMYoHPV5P7Pxg3H8IE/qN6ou0nsVvI7Mwof1LuHWrwjF3ILbaPKuaHp82edyd5NsAU81+UEhtwTTzS5i4KVfI2oEutan9PhwhK6GEAaHK8x4fBq4IewdG0eIS0gfC5iTcm9fSFpzaDoGbG1babojhCfxJhK19Yg RiBaKmpn 54fX3kWsHmj8lUVIaCnlXTkE53/ye56gHNlAZLFr2KMcompBPmMXwx8V/vfihpGKCfM2/KAoVR/Ybd+w1fd/cIULjXZdNi03TcikrH7T1TycfeD05OqO3BOs4SZnB5IOuOnN+ySW581OHmb8otaU2Hv2Wz0CTqSWn1kI7XNjgp8WHaD8kACGuAqARQIQbS1/9L451uSgfk0n2qm5ztshS37zsyYgckLnOX4gvYQQYDybw63F2v3iH00soVpGQ+pJSgf1Aw82VzCFZ3enAj2306uVz97p+11TUevrKS0Ger2YHvtCx+2eb497j2/RaSVFE1I6A24iuThP6Yy3tXJLHgt1yHF7stb3OIsDkwLcvbb2MgH+Wg6TWh2HzOA+vAIZSFEjZ/aGX5ZoV9xz4KBCRxL9AeP9cgRzbALN44ylzs8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello, syzbot found the following issue on: HEAD commit: 78124b0c1d10 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=111b0e71680000 kernel config: https://syzkaller.appspot.com/x/.config?x=f27cd6e68911e026 dashboard link: https://syzkaller.appspot.com/bug?extid=89edd67979b52675ddec compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16b8e671680000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=125a9df5680000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/bd512de820ae/disk-78124b0c.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a47a437b1d4f/vmlinux-78124b0c.xz kernel image: https://storage.googleapis.com/syzbot-assets/3ae8b966bcd7/Image-78124b0c.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+89edd67979b52675ddec@syzkaller.appspotmail.com Unable to handle kernel paging request at virtual address dfff800000000004 KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfff800000000004] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 7952 Comm: syz-executor682 Not tainted 6.6.0-rc6-syzkaller-g78124b0c1d10 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __lock_acquire+0x104/0x75e8 kernel/locking/lockdep.c:5004 lr : lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5753 sp : ffff800098f26d40 x29: ffff800098f27000 x28: ffff8000808df4bc x27: ffff7000131e4e18 x26: 1ffff00011c340b9 x25: 0000000000000000 x24: 0000000000000000 x23: ffff7000131e4dd0 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000000 x19: 0000000000000022 x18: ffff800098f27750 x17: 0000ffff833dafff x16: ffff80008a632120 x15: 0000000000000001 x14: ffff80008e1a05d0 x13: ffff800098f26e80 x12: dfff800000000000 x11: ffff800080319468 x10: ffff80008e1a05cc x9 : 00000000000000f3 x8 : 0000000000000004 x7 : ffff8000808df4bc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000022 Call trace: __lock_acquire+0x104/0x75e8 kernel/locking/lockdep.c:5004 lock_acquire+0x23c/0x71c kernel/locking/lockdep.c:5753 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x48/0x60 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] __pte_offset_map_lock+0x154/0x360 mm/pgtable-generic.c:373 pte_offset_map_lock include/linux/mm.h:2939 [inline] filemap_map_pages+0x698/0x11f0 mm/filemap.c:3582 do_fault_around mm/memory.c:4525 [inline] do_read_fault mm/memory.c:4558 [inline] do_fault mm/memory.c:4705 [inline] do_pte_missing mm/memory.c:3669 [inline] handle_pte_fault mm/memory.c:4978 [inline] __handle_mm_fault mm/memory.c:5119 [inline] handle_mm_fault+0x326c/0x49fc mm/memory.c:5284 faultin_page mm/gup.c:956 [inline] __get_user_pages+0x3e0/0xa24 mm/gup.c:1239 populate_vma_page_range+0x254/0x328 mm/gup.c:1666 __mm_populate+0x240/0x3d8 mm/gup.c:1775 mm_populate include/linux/mm.h:3305 [inline] vm_mmap_pgoff+0x2bc/0x3d4 mm/util.c:551 ksys_mmap_pgoff+0xd0/0x5b0 mm/mmap.c:1400 __do_sys_mmap arch/arm64/kernel/sys.c:28 [inline] __se_sys_mmap arch/arm64/kernel/sys.c:21 [inline] __arm64_sys_mmap+0xf8/0x110 arch/arm64/kernel/sys.c:21 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: b006f948 b943a108 34000208 d343fe68 (386c6908) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: b006f948 adrp x8, 0xdf29000 4: b943a108 ldr w8, [x8, #928] 8: 34000208 cbz w8, 0x48 c: d343fe68 lsr x8, x19, #3 * 10: 386c6908 ldrb w8, [x8, x12] <-- trapping instruction --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup