lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <1dd32f21-4bdc-49e6-ad21-5d27c08ab255@lucifer.local>
Date: Fri, 16 Jan 2026 14:03:04 +0000
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: syzbot ci <syzbot+ci80398e89ae0989e0@...kaller.appspotmail.com>
Cc: akpm@...ux-foundation.org, david@...nel.org, jannh@...gle.com,
        liam.howlett@...cle.com, linux-kernel@...r.kernel.org,
        linux-mm@...ck.org, mhocko@...e.com, rppt@...nel.org,
        shakeel.butt@...ux.dev, surenb@...gle.com, vbabka@...e.cz,
        syzbot@...ts.linux.dev, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot ci] Re: add and use vma_assert_stabilised() helper

Please ignore, this whole series has been resent at [0].

Cheers, Lorenzo

[0]: https://lore.kernel.org/linux-mm/cover.1768569863.git.lorenzo.stoakes@oracle.com/

On Fri, Jan 16, 2026 at 05:51:01AM -0800, syzbot ci wrote:
> syzbot ci has tested the following series
>
> [v1] add and use vma_assert_stabilised() helper
> https://lore.kernel.org/all/cover.1768558900.git.lorenzo.stoakes@oracle.com
> * [PATCH 1/2] mm/vma: add vma_is_*_locked() helpers
> * [PATCH 2/2] mm: add + use vma_is_stabilised(), vma_assert_stabilised() helpers
>
> and found the following issue:
> kernel BUG in anon_vma_name
>
> Full report is available here:
> https://ci.syzbot.org/series/a3867085-bae4-4416-9704-3b23ef9c6006
>
> ***
>
> kernel BUG in anon_vma_name
>
> tree:      mm-new
> URL:       https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
> base:      eeb33083cc4749bdb61582eaeb5c200702607703
> arch:      amd64
> compiler:  Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
> config:    https://ci.syzbot.org/builds/2e5b4d7e-a1a9-48c8-ae3b-654d3ac32e5c/config
>
> Loaded X.509 cert 'Build time autogenerated kernel key: 65176d093d4baf94ab1e788ee9f46804766f83ba'
> ima: Allocated hash algorithm: sha256
> ima: No architecture policies found
> evm: Initialising EVM extended attributes:
> evm: security.selinux (disabled)
> evm: security.SMACK64 (disabled)
> evm: security.SMACK64EXEC (disabled)
> evm: security.SMACK64TRANSMUTE (disabled)
> evm: security.SMACK64MMAP (disabled)
> evm: security.apparmor
> evm: security.ima
> evm: security.capability
> evm: HMAC attrs: 0x1
> PM:   Magic number: 10:472:582
> tty ptyc0: hash matches
> netconsole: network logging started
> gtp: GTP module loaded (pdp ctx size 128 bytes)
> rdma_rxe: loaded
> cfg80211: Loading compiled-in X.509 certificates for regulatory database
> Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
> clk: Disabling unused clocks
> ALSA device list:
>   #0: Dummy 1
>   #1: Loopback 1
>   #2: Virtual MIDI Card 1
> check access for rdinit=/init failed: -2, ignoring
> md: Waiting for all devices to be available before autodetect
> md: If you don't use raid, use raid=noautodetect
> md: Autodetecting RAID arrays.
> md: autorun ...
> md: ... autorun DONE.
> EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
> VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
> devtmpfs: mounted
> Freeing unused kernel image (initmem) memory: 26044K
> Write protecting the kernel read-only data: 212992k
> Freeing unused kernel image (text/rodata gap) memory: 388K
> Freeing unused kernel image (rodata/data gap) memory: 1776K
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> x86/mm: Checking user space page tables
> x86/mm: Checked W+X mappings: passed, no W+X pages found.
> Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
> Run /sbin/init as init process
> vma ffff888175272d80 start 00007fffffffe000 end 00007ffffffff000 mm ffff888100079880
> prot 8000000000000025 anon_vma ffff888110bf8000 vm_ops 0000000000000000
> pgoff 7fffffffe file 0000000000000000 private_data 0000000000000000
> refcnt 1
> flags: 0x8118173(read|write|mayread|maywrite|mayexec|growsdown|seqread|randread|account|softdirty)
> ------------[ cut here ]------------
> kernel BUG at ./include/linux/mmap_lock.h:476!
> Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
> CPU: 0 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full)
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> RIP: 0010:anon_vma_name+0x253/0x260
> Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
> RSP: 0000:ffffc90000067550 EFLAGS: 00010286
> RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
> RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
> R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
> R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
> FS:  0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
> Call Trace:
>  <TASK>
>  vma_modify_flags+0x203/0x330
>  mprotect_fixup+0x46a/0xa50
>  setup_arg_pages+0x565/0xae0
>  load_elf_binary+0xc5e/0x2980
>  bprm_execve+0x93d/0x1410
>  kernel_execve+0x8ef/0x9e0
>  try_to_run_init_process+0x13/0x60
>  kernel_init+0xad/0x1d0
>  ret_from_fork+0x51b/0xa40
>  ret_from_fork_asm+0x1a/0x30
>  </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:anon_vma_name+0x253/0x260
> Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
> RSP: 0000:ffffc90000067550 EFLAGS: 00010286
> RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
> RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
> RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
> R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
> R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
> FS:  0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
>
>
> ***
>
> If these findings have caused you to resend the series or submit a
> separate fix, please add the following tag to your commit message:
>   Tested-by: syzbot@...kaller.appspotmail.com
>
> ---
> This report is generated by a bot. It may contain errors.
> syzbot ci engineers can be reached at syzkaller@...glegroups.com.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ