lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5e42fd02-1470-4e4e-892b-edefd32fbc5a@redhat.com>
Date: Tue, 8 Oct 2024 15:11:14 +0200
From: David Hildenbrand <david@...hat.com>
To: syzbot <syzbot+619c487ed60780dab217@...kaller.appspotmail.com>,
 akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
 linux-next@...r.kernel.org, sfr@...b.auug.org.au,
 syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mm?] linux-next test error: kernel BUG in
 folio_add_new_anon_rmap

On 08.10.24 08:51, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    58ca61c1a866 Add linux-next specific files for 20241004
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1265e7d0580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=94f9caf16c0af42d
> dashboard link: https://syzkaller.appspot.com/bug?extid=619c487ed60780dab217
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ff0999f3e964/disk-58ca61c1.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/d0d9a5bad786/vmlinux-58ca61c1.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/3b53cdc9ba34/bzImage-58ca61c1.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+619c487ed60780dab217@...kaller.appspotmail.com
> 
> cfg80211: Loading compiled-in X.509 certificates for regulatory database
> Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
> clk: Disabling unused clocks
> ALSA device list:
>    #0: Dummy 1
>    #1: Loopback 1
>    #2: Virtual MIDI Card 1
> md: Waiting for all devices to be available before autodetect
> md: If you don't use raid, use raid=noautodetect
> md: Autodetecting RAID arrays.
> md: autorun ...
> md: ... autorun DONE.
> EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
> VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
> devtmpfs: mounted
> Freeing unused kernel image (initmem) memory: 26720K
> Write protecting the kernel read-only data: 219136k
> Freeing unused kernel image (rodata/data gap) memory: 1108K
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> x86/mm: Checking user space page tables
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
> Run /sbin/init as init process
> page: refcount:1 mapcount:1 mapping:0000000000000000 index:0x7fffffffe pfn:0x13fe93
> memcg:ffff888140adc000
> anon flags: 0x17ff00000020008(uptodate|swapbacked|node=0|zone=2|lastcpupid=0x7ff)
> raw: 017ff00000020008 0000000000000000 dead000000000122 ffff888030587001
> raw: 00000007fffffffe 0000000000000000 0000000100000000 ffff888140adc000
> page dumped because: VM_BUG_ON_PAGE(PageAnonNotKsm(page))
> page_owner tracks the page as allocated
> page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1, tgid 1 (swapper/0), ts 14891998308, free_ts 0
>   set_page_owner include/linux/page_owner.h:32 [inline]
>   post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537
>   prep_new_page mm/page_alloc.c:1545 [inline]
>   get_page_from_freelist+0x3129/0x3270 mm/page_alloc.c:3493
>   __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4769
>   alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
>   folio_alloc_mpol_noprof mm/mempolicy.c:2283 [inline]
>   vma_alloc_folio_noprof+0x12e/0x230 mm/mempolicy.c:2314
>   folio_prealloc+0x31/0x170
>   alloc_anon_folio mm/memory.c:4738 [inline]
>   do_anonymous_page mm/memory.c:4795 [inline]
>   do_pte_missing mm/memory.c:3971 [inline]
>   handle_pte_fault+0x2518/0x6830 mm/memory.c:5778
>   __handle_mm_fault mm/memory.c:5921 [inline]
>   handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6089
>   faultin_page mm/gup.c:1187 [inline]
>   __get_user_pages+0x1b16/0x48d0 mm/gup.c:1485
>   __get_user_pages_locked mm/gup.c:1751 [inline]
>   get_user_pages_remote+0x31e/0xb60 mm/gup.c:2618
>   get_arg_page+0x266/0x580 fs/exec.c:225
>   copy_string_kernel+0x148/0x1f0 fs/exec.c:684
>   kernel_execve+0x5e2/0xa50 fs/exec.c:1999
>   try_to_run_init_process init/main.c:1394 [inline]
>   kernel_init+0xed/0x2b0 init/main.c:1522
>   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
>   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
> page_owner free stack trace missing
> ------------[ cut here ]------------
> kernel BUG at include/linux/page-flags.h:1134!
> Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
> CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc1-next-20241004-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> RIP: 0010:SetPageAnonExclusive include/linux/page-flags.h:1134 [inline]
> RIP: 0010:folio_add_new_anon_rmap+0x14d3/0x1fe0 mm/rmap.c:1442
> Code: ff 0f 00 00 0f 84 9e 02 00 00 e8 28 91 a9 ff e9 fa ec ff ff e8 1e 91 a9 ff 48 8b 3c 24 48 c7 c6 e0 ff 15 8c e8 3e 13 f5 ff 90 <0f> 0b e8 06 91 a9 ff 48 89 ef 48 c7 c6 a0 00 16 8c e8 27 13 f5 ff
> RSP: 0000:ffffc90000067348 EFLAGS: 00010246
> RAX: 3219d577e7cba600 RBX: 0000000000000001 RCX: ffffc90000066f03
> RDX: 0000000000000003 RSI: ffffffff8c0adc40 RDI: ffffffff8c610f60
> RBP: 0000000000000000 R08: ffffffff901d2caf R09: 1ffffffff203a595
> R10: dffffc0000000000 R11: fffffbfff203a596 R12: 00000007fffffffe
> R13: 1ffff1100614ca00 R14: ffff888030587001 R15: ffff888030a65078
> FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000000e734000 CR4: 00000000003526f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>   <TASK>
>   do_anonymous_page mm/memory.c:4841 [inline]
>   do_pte_missing mm/memory.c:3971 [inline]
>   handle_pte_fault+0x4aec/0x6830 mm/memory.c:5778
>   __handle_mm_fault mm/memory.c:5921 [inline]
>   handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6089
>   faultin_page mm/gup.c:1187 [inline]
>   __get_user_pages+0x1b16/0x48d0 mm/gup.c:1485
>   __get_user_pages_locked mm/gup.c:1751 [inline]
>   get_user_pages_remote+0x31e/0xb60 mm/gup.c:2618
>   get_arg_page+0x266/0x580 fs/exec.c:225
>   copy_string_kernel+0x148/0x1f0 fs/exec.c:684
>   kernel_execve+0x5e2/0xa50 fs/exec.c:1999
>   try_to_run_init_process init/main.c:1394 [inline]
>   kernel_init+0xed/0x2b0 init/main.c:1522
>   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
>   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>   </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:SetPageAnonExclusive include/linux/page-flags.h:1134 [inline]
> RIP: 0010:folio_add_new_anon_rmap+0x14d3/0x1fe0 mm/rmap.c:1442
> Code: ff 0f 00 00 0f 84 9e 02 00 00 e8 28 91 a9 ff e9 fa ec ff ff e8 1e 91 a9 ff 48 8b 3c 24 48 c7 c6 e0 ff 15 8c e8 3e 13 f5 ff 90 <0f> 0b e8 06 91 a9 ff 48 89 ef 48 c7 c6 a0 00 16 8c e8 27 13 f5 ff
> RSP: 0000:ffffc90000067348 EFLAGS: 00010246
> RAX: 3219d577e7cba600 RBX: 0000000000000001 RCX: ffffc90000066f03
> RDX: 0000000000000003 RSI: ffffffff8c0adc40 RDI: ffffffff8c610f60
> RBP: 0000000000000000 R08: ffffffff901d2caf R09: 1ffffffff203a595
> R10: dffffc0000000000 R11: fffffbfff203a596 R12: 00000007fffffffe
> R13: 1ffff1100614ca00 R14: ffff888030587001 R15: ffff888030a65078
> FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000000e734000 CR4: 00000000003526f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup
> 

#syz fix: mm-add-pageanonnotksm-fix


-- 
Cheers,

David / dhildenb


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ