Received: by 2002:ab2:6d45:0:b0:1fb:d597:ff75 with SMTP id d5csp43520lqr;
        Tue, 4 Jun 2024 20:24:37 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUr1IfhlKzEBPPZhWS4JJOYIuHCHpRKm1Ia7qElcct6+mjERvAMHp5z8AJQfdTdLVLtpIFnvSU8QMOpUKzvqLIE6gtzMraWQ+uS7jnFxw==
X-Google-Smtp-Source: AGHT+IF9n6TFt6bia3ZmlYpvfmtioAitpXKfcNKnkzMGG0kE/2KZe3784+OYy4dpEf8vtlD/Pw3/
X-Received: by 2002:a05:620a:1792:b0:794:eb14:be95 with SMTP id af79cd13be357-795240e153fmr158213685a.70.1717557877567;
        Tue, 04 Jun 2024 20:24:37 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717557877; cv=pass;
        d=google.com; s=arc-20160816;
        b=NPS1CVY2+njGl4zqFuxOHOxeRe5/w305fyORIhGbPZrOe0OIpkkd+xZmV1rBcL4i56
         fvybZZBq5b9YT8Tr9k8oH1nEx6oBar8NQOH/4I1pFiMwcfn0nWh0kKmANsfgv1SUQaCZ
         y7jK3fK+qVvAsKD3xTiFPTVItSWBuHOGC+uOWzXIigjck2pSv3xNGdLdQGPrkHm5LW4r
         mrE7n8CV04pzA1ymuAacT27CI4m7PVSjBBsfune7OFtqk//1gRp9aoCzQWcJA2jtNtBT
         F03SAKr0P95jJ9Jswcym6yOMSfvHR9VipVpO8XydxiCOshgQC/KZjYkkUI9GZvtiqlaW
         w+lg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :subject:cc:to:from:date:dkim-signature;
        bh=dbrnJhu/n7SYvoasNoQnxUfmLqDc0xf342zK7Z5uB8s=;
        fh=qU6cknlW8nz4KtfyKPYEq+6RZgvXZtEmCBCxVlDs1yI=;
        b=jpbh4jDS0mNNNPz2vxu1C9fXhGEa61sCv+BU33tbuI6Rvw9DF9s7NkDEiFmigPvw1a
         Bg82bfMZA2xM02YFq0JfE3A19U+2k9OQTawuOqYL/K91yS4T2xctopSFPf6q1/00HPAR
         61DpWu202qtl9L4kghYSaJfzCJyzN7hMaQ62rWma/oXHpNHW/PUdY9jhK/2CEN/pQ6+j
         0GuSyImhhqvXXX90ffUdMSdHMeZkfAN4kolP2lvKsZ4S/kHAplCFY65mqa+xuTIFsZ9X
         fwnbPrcS2/um8mntCeu5n8OaNj9OfOIGHqvJy/r79T4/8EypkRn0kLGj4e+z+dh9Ekf7
         8c+w==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=2JFmtiDM;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id af79cd13be357-795215aa1d9si188713185a.286.2024.06.04.20.24.37
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 04 Jun 2024 20:24:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=2JFmtiDM;
       arc=pass (i=1 dkim=pass dkdomain=linux-foundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-201718-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id B363A1C21773
	for <linux.lists.archive@gmail.com>; Wed,  5 Jun 2024 03:23:35 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id C500A6E613;
	Wed,  5 Jun 2024 03:23:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="2JFmtiDM"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6C4579DE
	for <linux-kernel@vger.kernel.org>; Wed,  5 Jun 2024 03:23:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717557808; cv=none; b=k04yi2WSshVlmiNoKDeD2ItDUFK8jYIQxTxKeEf6VL0WUeFWtWln1Bko0l31gbu5GwiaBI1OGeTmZKcsAHoOwJk4EzW2mG+0FzoFwU1YqWf+fyPUOsixgzC2GQEAzg6fNl6S+wCv0c6SkkyTGYakFKSGl+9bLBAj+azORC6Y470=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717557808; c=relaxed/simple;
	bh=7H29Oal966I5Bv2EA8I2x/Oc47qcILF4gRXbga2Kdpc=;
	h=Date:From:To:Cc:Subject:Message-Id:In-Reply-To:References:
	 Mime-Version:Content-Type; b=FwwbNDF/TpkGVUeF4nhmW24V5ZOpnBJbouwX4l/f65Jsd2WVhf+ULq2EG5W+CNN4R1ye8f65rMj5WGhiXBCBv1WfwdjnTLpCAk79B2jfnRLRRAyTRSwsN9Uh/4q47vUwqLDM3wNJInhl7AeqBq1w6GS0Bf//bzcj7ReSXLdddwQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=2JFmtiDM; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1289CC32781;
	Wed,  5 Jun 2024 03:23:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
	s=korg; t=1717557808;
	bh=7H29Oal966I5Bv2EA8I2x/Oc47qcILF4gRXbga2Kdpc=;
	h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
	b=2JFmtiDM9CqyfXTG8mjJAXb19GitD/mRvzoOT17vELhUw8cE51CIau50K9vffSjk/
	 L0gJBg7Cuh6bMx+0YAACcnhGMY4h8fzRsfop+HQSXf47qDds9yQWXv5JTVfiwTlcgs
	 LuYN5B+feAR2fL4Y31XcuaGLY3UaFilN8mf0qifI=
Date: Tue, 4 Jun 2024 20:23:27 -0700
From: Andrew Morton <akpm@linux-foundation.org>
To: syzbot <syzbot+5a1cb2c00e895afca87e@syzkaller.appspotmail.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
 syzkaller-bugs@googlegroups.com, Lance Yang <ioworker0@gmail.com>, Hillf
 Danton <hdanton@sina.com>
Subject: Re: [syzbot] [mm?] kernel panic: corrupted stack end in
 userfaultfd_ioctl
Message-Id: <20240604202327.37b6ff1ec94fe6c0a212c9f7@linux-foundation.org>
In-Reply-To: <000000000000109e6b0619fbfd44@google.com>
References: <000000000000109e6b0619fbfd44@google.com>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


For some reason this thread doesn't appear in my linux-mm archive. 
Lance, please take a look?


On Mon, 03 Jun 2024 06:05:33 -0700 syzbot <syzbot+5a1cb2c00e895afca87e@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=104284f2980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=5a1cb2c00e895afca87e
> compiler:       aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=124e1664980000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15683162980000
> 
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+5a1cb2c00e895afca87e@syzkaller.appspotmail.com
> 
> Kernel panic - not syncing: corrupted stack end detected inside scheduler
> CPU: 1 PID: 3188 Comm: syz-executor396 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
> Hardware name: linux,dummy-virt (DT)
> Call trace:
>  dump_backtrace+0x94/0xec arch/arm64/kernel/stacktrace.c:317
>  show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0x38/0x90 lib/dump_stack.c:114
>  dump_stack+0x18/0x24 lib/dump_stack.c:123
>  panic+0x39c/0x3d0 kernel/panic.c:347
>  schedule_debug kernel/sched/core.c:5962 [inline]
>  schedule+0x0/0x104 kernel/sched/core.c:6628
>  preempt_schedule_irq+0x3c/0x80 kernel/sched/core.c:7067
>  arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:301 [inline]
>  __el1_irq arch/arm64/kernel/entry-common.c:539 [inline]
>  el1_interrupt+0x4c/0x64 arch/arm64/kernel/entry-common.c:551
>  el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556
>  el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594
>  __rcu_read_lock+0x0/0x14 kernel/rcu/tree_stall.h:125
>  pte_offset_map_nolock+0x38/0xb0 mm/pgtable-generic.c:314
>  move_pages_pte mm/userfaultfd.c:1160 [inline]
>  move_pages+0x330/0x13a4 mm/userfaultfd.c:1733
>  userfaultfd_move fs/userfaultfd.c:2016 [inline]
>  userfaultfd_ioctl+0x6f4/0x1ed8 fs/userfaultfd.c:2134
>  vfs_ioctl fs/ioctl.c:51 [inline]
>  __do_sys_ioctl fs/ioctl.c:907 [inline]
>  __se_sys_ioctl fs/ioctl.c:893 [inline]
>  __arm64_sys_ioctl+0xac/0xf0 fs/ioctl.c:893
>  __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
>  invoke_syscall+0x48/0x118 arch/arm64/kernel/syscall.c:48
>  el0_svc_common.constprop.0+0x40/0xe0 arch/arm64/kernel/syscall.c:133
>  do_el0_svc+0x1c/0x28 arch/arm64/kernel/syscall.c:152
>  el0_svc+0x34/0xf8 arch/arm64/kernel/entry-common.c:712
>  el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
>  el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
> SMP: stopping secondary CPUs
> Kernel Offset: disabled
> CPU features: 0x00,00000006,8f17bd7c,1767f6bf
> Memory Limit: none
> Rebooting in 86400 seconds..
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup