lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <688adb45.a00a0220.26d0e1.0036.GAE@google.com>
Date: Wed, 30 Jul 2025 19:56:05 -0700
From: syzbot <syzbot+b446dbe27035ef6bd6c2@...kaller.appspotmail.com>
To: akpm@...ux-foundation.org, hdanton@...a.com, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org, lokeshgidra@...gle.com, peterx@...hat.com, 
	stable@...r.kernel.org, surenb@...gle.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mm?] BUG: unable to handle kernel paging request in move_pages

Hello,

syzbot tried to test the proposed patch but the build/boot failed:


[   28.845257][    T1] Demotion targets for Node 1: null
[   28.850968][    T1] debug_vm_pgtable: [debug_vm_pgtable         ]: Validating architecture page table helpers
[   31.966884][    T1] Key type .fscrypt registered
[   31.971683][    T1] Key type fscrypt-provisioning registered
[   31.981903][    T1] kAFS: Red Hat AFS client v0.1 registering.
[   32.015243][    T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[   32.023899][    T1] Key type big_key registered
[   32.028720][    T1] Key type encrypted registered
[   32.033688][    T1] AppArmor: AppArmor sha256 policy hashing enabled
[   32.040442][    T1] ima: No TPM chip found, activating TPM-bypass!
[   32.047114][    T1] Loading compiled-in module X.509 certificates
[   32.084977][    T1] Loaded X.509 cert 'Build time autogenerated kernel key: 9e306c316bea685e5e2c978a84108ea320e0bb8d'
[   32.096049][    T1] ima: Allocated hash algorithm: sha256
[   32.102136][    T1] ima: No architecture policies found
[   32.108474][    T1] evm: Initialising EVM extended attributes:
[   32.114683][    T1] evm: security.selinux (disabled)
[   32.120010][    T1] evm: security.SMACK64 (disabled)
[   32.125234][    T1] evm: security.SMACK64EXEC (disabled)
[   32.130721][    T1] evm: security.SMACK64TRANSMUTE (disabled)
[   32.136717][    T1] evm: security.SMACK64MMAP (disabled)
[   32.142322][    T1] evm: security.apparmor
[   32.146620][    T1] evm: security.ima
[   32.150513][    T1] evm: security.capability
[   32.155010][    T1] evm: HMAC attrs: 0x1
[   32.161853][    T1] PM:   Magic number: 1:781:764
[   32.167399][    T1] tty ptyp0: hash matches
[   32.171863][    T1] event_source breakpoint: hash matches
[   32.177883][    T1] netconsole: network logging started
[   32.184127][    T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[   32.196802][    T1] rdma_rxe: loaded
[   32.202557][    T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   32.214150][    T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   32.222646][    T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[   32.233530][    T1] clk: Disabling unused clocks
[   32.238743][    T1] ALSA device list:
[   32.240606][ T1232] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[   32.242690][    T1]   #0: Dummy 1
[   32.252694][ T1232] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[   32.255969][    T1]   #1: Loopback 1
[   32.268969][    T1]   #2: Virtual MIDI Card 1
[   32.277374][    T1] check access for rdinit=/init failed: -2, ignoring
[   32.284083][    T1] md: Waiting for all devices to be available before autodetect
[   32.291864][    T1] md: If you don't use raid, use raid=noautodetect
[   32.298455][    T1] md: Autodetecting RAID arrays.
[   32.303602][    T1] md: autorun ...
[   32.307281][    T1] md: ... autorun DONE.
[   32.462042][    T1] EXT4-fs (sda1): orphan cleanup on readonly fs
[   32.471960][    T1] EXT4-fs (sda1): mounted filesystem 4f91c6db-4997-4bb4-91b8-7e83a20c1bf1 ro with ordered data mode. Quota mode: none.
[   32.484967][    T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[   32.495205][    T1] devtmpfs: mounted
[   32.588172][    T1] Freeing unused kernel image (initmem) memory: 26168K
[   32.600162][    T1] Write protecting the kernel read-only data: 215040k
[   32.623912][    T1] Freeing unused kernel image (text/rodata gap) memory: 1780K
[   32.638083][    T1] Freeing unused kernel image (rodata/data gap) memory: 1392K
[   32.848558][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   32.856738][    T1] x86/mm: Checking user space page tables
[   33.038272][    T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   33.052334][    T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[   33.062661][    T1] Run /sbin/init as init process
[   33.861085][ T5182] mount (5182) used greatest stack depth: 24104 bytes left
[   33.936286][ T5183] EXT4-fs (sda1): re-mounted 4f91c6db-4997-4bb4-91b8-7e83a20c1bf1 r/w.
mount: mounting devtmpfs on /dev failed: Device or resource busy
mount: mounting smackfs on /sys/fs/smackfs failed: No such file or directory
mount: mounting selinuxfs on /sys/fs/selinux failed: No such file or directory
[   34.124544][ T5187] mount (5187) used greatest stack depth: 21768 bytes left
Starting syslogd: OK
Starting acpid: OK
Starting klogd: OK
Running sysctl: [   35.067485][ T5215] logger (5215) used greatest stack depth: 20232 bytes left
OK
Populating /dev using udev: [   35.630326][ T5217] udevd[5217]: starting version 3.2.14
[   35.905047][ T5218] udevd[5218]: starting eudev-3.2.14
[   35.910508][ T5217] udevd (5217) used greatest stack depth: 18888 bytes left
[   45.256949][ T5311] ------------[ cut here ]------------
[   45.262574][ T5311] AppArmor WARN apparmor_unix_stream_connect: ((({ typeof(*(new_ctx->label)) *__UNIQUE_ID_rcu2215 = (typeof(*(new_ctx->label)) *)({ do { __attribute__((__noreturn__)) extern void __compiletime_assert_2216(void) __attribute__((__error__("Unsupported access size for {READ,WRITE}_ONCE()."))); if (!((sizeof((new_ctx->label)) == sizeof(char) || sizeof((new_ctx->label)) == sizeof(short) || sizeof((new_ctx->label)) == sizeof(int) || sizeof((new_ctx->label)) == sizeof(long)) || sizeof((new_ctx->label)) == sizeof(long long))) __compiletime_assert_2216(); } while (0); (*(const volatile typeof( _Generic(((new_ctx->label)), char: (char)0, unsigned char: (unsigned char)0, signed char: (signed char)0, unsigned short: (unsigned short)0, signed short: (signed short)0, unsigned int: (unsigned int)0, signed int: (signed int)0, unsigned long: (unsigned long)0, signed long: (signed long)0, unsigned long long: (unsigned long long)0, signed long long: (signed long long)0, default: ((new_ctx->label)))) *)&((new_ctx->label))); }); ; 
[   45.263241][ T5311] WARNING: security/apparmor/lsm.c:1211 at apparmor_unix_stream_connect+0x5fa/0x650, CPU#1: udevadm/5311
[   45.366388][ T5311] Modules linked in:
[   45.370460][ T5311] CPU: 1 UID: 0 PID: 5311 Comm: udevadm Not tainted 6.16.0-next-20250730-syzkaller-g79fb37f39b77-dirty #0 PREEMPT(full) 
[   45.383250][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   45.393425][ T5311] RIP: 0010:apparmor_unix_stream_connect+0x5fa/0x650
[   45.400386][ T5311] Code: 2b 39 fd 48 89 ef e8 35 4d 00 00 e9 09 fe ff ff e8 fb 2a 39 fd 90 48 c7 c7 80 49 fd 8b 48 c7 c6 55 fd c6 8d e8 07 b2 fc fc 90 <0f> 0b 90 90 e9 27 fe ff ff e8 d8 2a 39 fd be 02 00 00 00 eb 0a e8
[   45.420317][ T5311] RSP: 0018:ffffc90002fe7ba8 EFLAGS: 00010246
[   45.426486][ T5311] RAX: 9dc56ab1cd53fc00 RBX: 1ffff1100f9680a8 RCX: ffff88802573bc00
[   45.434510][ T5311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   45.442606][ T5311] RBP: ffff88801ba8f8f8 R08: ffff8880b8724253 R09: 1ffff110170e484a
[   45.450777][ T5311] R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff88807cb40540
[   45.458900][ T5311] R13: 1ffff1100652ff20 R14: 0000000000000000 R15: 000000000000002f
[   45.466941][ T5311] FS:  00007f76c2063880(0000) GS:ffff8881258ff000(0000) knlGS:0000000000000000
[   45.475912][ T5311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.482735][ T5311] CR2: 00007f76c187ae00 CR3: 000000007703c000 CR4: 00000000003526f0
[   45.490960][ T5311] Call Trace:
[   45.494279][ T5311]  <TASK>
[   45.497315][ T5311]  security_unix_stream_connect+0xcb/0x2c0
[   45.503280][ T5311]  unix_stream_connect+0x9bc/0x1140
[   45.508693][ T5311]  ? __pfx_unix_stream_connect+0x10/0x10
[   45.514371][ T5311]  ? apparmor_socket_connect+0xd1/0x1c0
[   45.520004][ T5311]  ? bpf_lsm_socket_connect+0x9/0x20
[   45.525337][ T5311]  __sys_connect+0x313/0x440
[   45.530054][ T5311]  ? count_memcg_event_mm+0x21/0x260
[   45.535468][ T5311]  ? __pfx___sys_connect+0x10/0x10
[   45.540839][ T5311]  __x64_sys_connect+0x7a/0x90
[   45.545652][ T5311]  do_syscall_64+0xfa/0x3b0
[   45.550262][ T5311]  ? lockdep_hardirqs_on+0x9c/0x150
[   45.555504][ T5311]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.561680][ T5311]  ? clear_bhb_loop+0x60/0xb0
[   45.566469][ T5311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.572402][ T5311] RIP: 0033:0x7f76c18a7407
[   45.577029][ T5311] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[   45.596931][ T5311] RSP: 002b:00007fff51b7aea0 EFLAGS: 00000202 ORIG_RAX: 000000000000002a
[   45.605391][ T5311] RAX: ffffffffffffffda RBX: 00007f76c2063880 RCX: 00007f76c18a7407
[   45.613557][ T5311] RDX: 0000000000000013 RSI: 000055c6cf4e5948 RDI: 0000000000000003
[   45.621707][ T5311] RBP: 000000000000001e R08: 0000000000000000 R09: 0000000000000000
[   45.629803][ T5311] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff51b7af00
[   45.637970][ T5311] R13: 0000000000000000 R14: 0000000000000007 R15: 0000000000000000
[   45.646036][ T5311]  </TASK>
[   45.649515][ T5311] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   45.656924][ T5311] CPU: 1 UID: 0 PID: 5311 Comm: udevadm Not tainted 6.16.0-next-20250730-syzkaller-g79fb37f39b77-dirty #0 PREEMPT(full) 
[   45.669550][ T5311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   45.679726][ T5311] Call Trace:
[   45.683035][ T5311]  <TASK>
[   45.686086][ T5311]  dump_stack_lvl+0x99/0x250
[   45.690702][ T5311]  ? __asan_memcpy+0x40/0x70
[   45.695331][ T5311]  ? __pfx_dump_stack_lvl+0x10/0x10
[   45.700632][ T5311]  ? __pfx__printk+0x10/0x10
[   45.705252][ T5311]  vpanic+0x281/0x750
[   45.709254][ T5311]  ? __pfx_vpanic+0x10/0x10
[   45.713769][ T5311]  ? is_bpf_text_address+0x292/0x2b0
[   45.719065][ T5311]  ? is_bpf_text_address+0x26/0x2b0
[   45.724280][ T5311]  panic+0xb9/0xc0
[   45.728191][ T5311]  ? __pfx_panic+0x10/0x10
[   45.732652][ T5311]  __warn+0x334/0x4c0
[   45.736661][ T5311]  ? apparmor_unix_stream_connect+0x5fa/0x650
[   45.742751][ T5311]  ? apparmor_unix_stream_connect+0x5fa/0x650
[   45.748855][ T5311]  report_bug+0x2be/0x4f0
[   45.753201][ T5311]  ? apparmor_unix_stream_connect+0x5fa/0x650
[   45.759287][ T5311]  ? apparmor_unix_stream_connect+0x5fa/0x650
[   45.765369][ T5311]  ? apparmor_unix_stream_connect+0x5fc/0x650
[   45.771457][ T5311]  handle_bug+0x84/0x160
[   45.775713][ T5311]  exc_invalid_op+0x1a/0x50
[   45.780229][ T5311]  asm_exc_invalid_op+0x1a/0x20
[   45.785090][ T5311] RIP: 0010:apparmor_unix_stream_connect+0x5fa/0x650
[   45.791785][ T5311] Code: 2b 39 fd 48 89 ef e8 35 4d 00 00 e9 09 fe ff ff e8 fb 2a 39 fd 90 48 c7 c7 80 49 fd 8b 48 c7 c6 55 fd c6 8d e8 07 b2 fc fc 90 <0f> 0b 90 90 e9 27 fe ff ff e8 d8 2a 39 fd be 02 00 00 00 eb 0a e8
[   45.811507][ T5311] RSP: 0018:ffffc90002fe7ba8 EFLAGS: 00010246
[   45.817614][ T5311] RAX: 9dc56ab1cd53fc00 RBX: 1ffff1100f9680a8 RCX: ffff88802573bc00
[   45.825597][ T5311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   45.833592][ T5311] RBP: ffff88801ba8f8f8 R08: ffff8880b8724253 R09: 1ffff110170e484a
[   45.841787][ T5311] R10: dffffc0000000000 R11: ffffed10170e484b R12: ffff88807cb40540
[   45.849789][ T5311] R13: 1ffff1100652ff20 R14: 0000000000000000 R15: 000000000000002f
[   45.857797][ T5311]  ? apparmor_unix_stream_connect+0x5f9/0x650
[   45.863898][ T5311]  security_unix_stream_connect+0xcb/0x2c0
[   45.869723][ T5311]  unix_stream_connect+0x9bc/0x1140
[   45.874965][ T5311]  ? __pfx_unix_stream_connect+0x10/0x10
[   45.880638][ T5311]  ? apparmor_socket_connect+0xd1/0x1c0
[   45.886338][ T5311]  ? bpf_lsm_socket_connect+0x9/0x20
[   45.891652][ T5311]  __sys_connect+0x313/0x440
[   45.896264][ T5311]  ? count_memcg_event_mm+0x21/0x260
[   45.901585][ T5311]  ? __pfx___sys_connect+0x10/0x10
[   45.906836][ T5311]  __x64_sys_connect+0x7a/0x90
[   45.911620][ T5311]  do_syscall_64+0xfa/0x3b0
[   45.916226][ T5311]  ? lockdep_hardirqs_on+0x9c/0x150
[   45.921443][ T5311]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.927532][ T5311]  ? clear_bhb_loop+0x60/0xb0
[   45.932230][ T5311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.938138][ T5311] RIP: 0033:0x7f76c18a7407
[   45.942597][ T5311] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[   45.962764][ T5311] RSP: 002b:00007fff51b7aea0 EFLAGS: 00000202 ORIG_RAX: 000000000000002a
[   45.971201][ T5311] RAX: ffffffffffffffda RBX: 00007f76c2063880 RCX: 00007f76c18a7407
[   45.979193][ T5311] RDX: 0000000000000013 RSI: 000055c6cf4e5948 RDI: 0000000000000003
[   45.987272][ T5311] RBP: 000000000000001e R08: 0000000000000000 R09: 0000000000000000
[   45.995541][ T5311] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff51b7af00
[   46.003610][ T5311] R13: 0000000000000000 R14: 0000000000000007 R15: 0000000000000000
[   46.011603][ T5311]  </TASK>
[   46.021763][ T5311] Kernel Offset: disabled
[   46.026647][ T5311] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3145104381=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 44f8051e44
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=44f8051e446824395d02720c745353cd454d9553 -X github.com/google/syzkaller/prog.gitRevisionDate=20250716-133924"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"44f8051e446824395d02720c745353cd454d9553\"
/usr/bin/ld: /tmp/ccnhngWI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=11622cf0580000


Tested on:

commit:         79fb37f3 Add linux-next specific files for 20250730
git tree:       linux-next
kernel config:  https://syzkaller.appspot.com/x/.config?x=1f38ce0ee8aa681d
dashboard link: https://syzkaller.appspot.com/bug?extid=b446dbe27035ef6bd6c2
compiler:       Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
patch:          https://syzkaller.appspot.com/x/patch.diff?x=114e4834580000


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ