[moderation/CI] Re: mm: page_ext: add count limit to page_ext_iter_next to prevent invalid PFN access
0 views
Skip to first unread message
syzbot ci
Jun 22, 2026, 12:23:39 PM (yesterday) Jun 22
to syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
syzbot ci has tested the following series
[v2] mm: page_ext: add count limit to page_ext_iter_next to prevent invalid PFN access
https://lore.kernel.org/all/20260622-page_ext...@oss.qualcomm.com
* [PATCH v2] mm: page_ext: add count limit to page_ext_iter_next to prevent invalid PFN access
and found the following issue:
WARNING in depot_fetch_stack
Full report is available here:
https://ci.syzbot.org/series/092dd7dc-cb78-46b6-8703-6044fff2631d
***
WARNING in depot_fetch_stack
tree: mm-new
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
base: e1201ff76176ef666b13d1a4ec6b6190ddc6abc8
arch: amd64
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
config: https://ci.syzbot.org/builds/18f461a2-7098-44bc-9d42-634b56ba48d9/config
------------[ cut here ]------------
!refcount_read(&stack->count)
WARNING: lib/stackdepot.c:517 at depot_fetch_stack+0x91/0xa0, CPU#0: kworker/u9:4/1114
Modules linked in:
CPU: 0 UID: 0 PID: 1114 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events_unbound call_usermodehelper_exec_work
RIP: 0010:depot_fetch_stack+0x91/0xa0
Code: 39 f5 72 d0 48 8d 3d 7e 1b 4d 0b 89 ee 44 89 f2 89 d9 67 48 0f b9 3a 31 c0 5b 41 5e 5d e9 87 67 b8 06 cc 90 0f 0b 90 eb ee 90 <0f> 0b 90 eb e8 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0000:ffffc900079a6ce0 EFLAGS: 00010246
RAX: ffff888168b94000 RBX: 0000000000000ce0 RCX: 0000000000000067
RDX: 0000000000000000 RSI: ffffffff8e215937 RDI: ffffffff8c28ab20
RBP: 0000000000000067 R08: ffff88810495a407 R09: 1ffff1102092b480
R10: dffffc0000000000 R11: ffffed102092b481 R12: 00000000019c0068
R13: 0000000000000001 R14: 000000000000010f R15: ffff88810afb1dc0
FS: 0000000000000000(0000) GS:ffff88818dcb5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000e74a000 CR4: 00000000000006f0
Call Trace:
<TASK>
__set_page_owner+0x140/0x4c0
post_alloc_hook+0x1f9/0x250
get_page_from_freelist+0x21fa/0x2270
__alloc_frozen_pages_noprof+0x18d/0x380
alloc_pages_mpol+0x212/0x380
alloc_pages_noprof+0xac/0x2a0
get_free_pages_noprof+0xf/0x80
__kasan_populate_vmalloc+0x38/0x1c0
alloc_vmap_area+0xd1a/0x1420
__get_vm_area_node+0x1f2/0x300
__vmalloc_node_range_noprof+0x358/0x1730
__vmalloc_node_noprof+0xc2/0x100
dup_task_struct+0x28e/0x830
copy_process+0x79d/0x4380
kernel_clone+0x2d7/0x940
user_mode_thread+0x110/0x180
call_usermodehelper_exec_work+0x5c/0x230
process_scheduled_works+0xa8e/0x14e0
worker_thread+0xa47/0xfb0
kthread+0x389/0x470
ret_from_fork+0x514/0xb70
ret_from_fork_asm+0x1a/0x30
</TASK>
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
To test a patch for this bug, please reply with `#syz test`
(should be on a separate line).
The patch should be attached to the email.
Note: arguments like custom git repos and branches are not supported.
The email will later be sent to:
[ak...@linux-foundation.org da...@kernel.org han...@cmpxchg.org jack...@google.com ker...@oss.qualcomm.com ketan....@oss.qualcomm.com li...@infradead.org linux-...@vger.kernel.org linu...@kvack.org l...@kernel.org lui...@redhat.com mho...@suse.com rp...@kernel.org sta...@vger.kernel.org sur...@google.com vba...@kernel.org wi...@infradead.org z...@nvidia.com]
If the report looks fine to you, reply with:
#syz upstream
If the report is a false positive, reply with
#syz invalid
[v2] mm: page_ext: add count limit to page_ext_iter_next to prevent invalid PFN access
https://lore.kernel.org/all/20260622-page_ext...@oss.qualcomm.com
* [PATCH v2] mm: page_ext: add count limit to page_ext_iter_next to prevent invalid PFN access
and found the following issue:
WARNING in depot_fetch_stack
Full report is available here:
https://ci.syzbot.org/series/092dd7dc-cb78-46b6-8703-6044fff2631d
***
WARNING in depot_fetch_stack
tree: mm-new
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
base: e1201ff76176ef666b13d1a4ec6b6190ddc6abc8
arch: amd64
compiler: Debian clang version 22.1.6 (++20260514074242+fc4aad7b5db3-1~exp1~20260514074407.73), Debian LLD 22.1.6
config: https://ci.syzbot.org/builds/18f461a2-7098-44bc-9d42-634b56ba48d9/config
------------[ cut here ]------------
!refcount_read(&stack->count)
WARNING: lib/stackdepot.c:517 at depot_fetch_stack+0x91/0xa0, CPU#0: kworker/u9:4/1114
Modules linked in:
CPU: 0 UID: 0 PID: 1114 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: events_unbound call_usermodehelper_exec_work
RIP: 0010:depot_fetch_stack+0x91/0xa0
Code: 39 f5 72 d0 48 8d 3d 7e 1b 4d 0b 89 ee 44 89 f2 89 d9 67 48 0f b9 3a 31 c0 5b 41 5e 5d e9 87 67 b8 06 cc 90 0f 0b 90 eb ee 90 <0f> 0b 90 eb e8 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0000:ffffc900079a6ce0 EFLAGS: 00010246
RAX: ffff888168b94000 RBX: 0000000000000ce0 RCX: 0000000000000067
RDX: 0000000000000000 RSI: ffffffff8e215937 RDI: ffffffff8c28ab20
RBP: 0000000000000067 R08: ffff88810495a407 R09: 1ffff1102092b480
R10: dffffc0000000000 R11: ffffed102092b481 R12: 00000000019c0068
R13: 0000000000000001 R14: 000000000000010f R15: ffff88810afb1dc0
FS: 0000000000000000(0000) GS:ffff88818dcb5000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 000000000e74a000 CR4: 00000000000006f0
Call Trace:
<TASK>
__set_page_owner+0x140/0x4c0
post_alloc_hook+0x1f9/0x250
get_page_from_freelist+0x21fa/0x2270
__alloc_frozen_pages_noprof+0x18d/0x380
alloc_pages_mpol+0x212/0x380
alloc_pages_noprof+0xac/0x2a0
get_free_pages_noprof+0xf/0x80
__kasan_populate_vmalloc+0x38/0x1c0
alloc_vmap_area+0xd1a/0x1420
__get_vm_area_node+0x1f2/0x300
__vmalloc_node_range_noprof+0x358/0x1730
__vmalloc_node_noprof+0xc2/0x100
dup_task_struct+0x28e/0x830
copy_process+0x79d/0x4380
kernel_clone+0x2d7/0x940
user_mode_thread+0x110/0x180
call_usermodehelper_exec_work+0x5c/0x230
process_scheduled_works+0xa8e/0x14e0
worker_thread+0xa47/0xfb0
kthread+0x389/0x470
ret_from_fork+0x514/0xb70
ret_from_fork_asm+0x1a/0x30
</TASK>
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
To test a patch for this bug, please reply with `#syz test`
(should be on a separate line).
The patch should be attached to the email.
Note: arguments like custom git repos and branches are not supported.
The email will later be sent to:
[ak...@linux-foundation.org da...@kernel.org han...@cmpxchg.org jack...@google.com ker...@oss.qualcomm.com ketan....@oss.qualcomm.com li...@infradead.org linux-...@vger.kernel.org linu...@kvack.org l...@kernel.org lui...@redhat.com mho...@suse.com rp...@kernel.org sta...@vger.kernel.org sur...@google.com vba...@kernel.org wi...@infradead.org z...@nvidia.com]
If the report looks fine to you, reply with:
#syz upstream
If the report is a false positive, reply with
#syz invalid
Aleksandr Nogikh
Jun 22, 2026, 1:00:15 PM (yesterday) Jun 22
to syzbot ci, syzkaller-upst...@googlegroups.com, syz...@lists.linux.dev
#syz upstream
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/6a396189.af26c8ab.2133ed.0002.GAE%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/6a396189.af26c8ab.2133ed.0002.GAE%40google.com.
Reply all
Reply to author
Forward
0 new messages