[syzbot ci] Re: add and use vma_assert_stabilised() helper
0 views
Skip to first unread message
syzbot ci
Jan 16, 2026, 8:51:03 AM (18 hours ago) Jan 16
to ak...@linux-foundation.org, da...@kernel.org, ja...@google.com, liam.h...@oracle.com, linux-...@vger.kernel.org, linu...@kvack.org, lorenzo...@oracle.com, mho...@suse.com, rp...@kernel.org, shakee...@linux.dev, sur...@google.com, vba...@suse.cz, syz...@lists.linux.dev, syzkall...@googlegroups.com
syzbot ci has tested the following series
[v1] add and use vma_assert_stabilised() helper
https://lore.kernel.org/all/cover.1768558900.g...@oracle.com
* [PATCH 1/2] mm/vma: add vma_is_*_locked() helpers
* [PATCH 2/2] mm: add + use vma_is_stabilised(), vma_assert_stabilised() helpers
and found the following issue:
kernel BUG in anon_vma_name
Full report is available here:
https://ci.syzbot.org/series/a3867085-bae4-4416-9704-3b23ef9c6006
***
kernel BUG in anon_vma_name
tree: mm-new
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
base: eeb33083cc4749bdb61582eaeb5c200702607703
arch: amd64
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/2e5b4d7e-a1a9-48c8-ae3b-654d3ac32e5c/config
Loaded X.509 cert 'Build time autogenerated kernel key: 65176d093d4baf94ab1e788ee9f46804766f83ba'
ima: Allocated hash algorithm: sha256
ima: No architecture policies found
evm: Initialising EVM extended attributes:
evm: security.selinux (disabled)
evm: security.SMACK64 (disabled)
evm: security.SMACK64EXEC (disabled)
evm: security.SMACK64TRANSMUTE (disabled)
evm: security.SMACK64MMAP (disabled)
evm: security.apparmor
evm: security.ima
evm: security.capability
evm: HMAC attrs: 0x1
PM: Magic number: 10:472:582
tty ptyc0: hash matches
netconsole: network logging started
gtp: GTP module loaded (pdp ctx size 128 bytes)
rdma_rxe: loaded
cfg80211: Loading compiled-in X.509 certificates for regulatory database
Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
clk: Disabling unused clocks
ALSA device list:
#0: Dummy 1
#1: Loopback 1
#2: Virtual MIDI Card 1
check access for rdinit=/init failed: -2, ignoring
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
devtmpfs: mounted
Freeing unused kernel image (initmem) memory: 26044K
Write protecting the kernel read-only data: 212992k
Freeing unused kernel image (text/rodata gap) memory: 388K
Freeing unused kernel image (rodata/data gap) memory: 1776K
x86/mm: Checked W+X mappings: passed, no W+X pages found.
x86/mm: Checking user space page tables
x86/mm: Checked W+X mappings: passed, no W+X pages found.
Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
Run /sbin/init as init process
vma ffff888175272d80 start 00007fffffffe000 end 00007ffffffff000 mm ffff888100079880
prot 8000000000000025 anon_vma ffff888110bf8000 vm_ops 0000000000000000
pgoff 7fffffffe file 0000000000000000 private_data 0000000000000000
refcnt 1
flags: 0x8118173(read|write|mayread|maywrite|mayexec|growsdown|seqread|randread|account|softdirty)
------------[ cut here ]------------
kernel BUG at ./include/linux/mmap_lock.h:476!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:anon_vma_name+0x253/0x260
Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffc90000067550 EFLAGS: 00010286
RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
Call Trace:
<TASK>
vma_modify_flags+0x203/0x330
mprotect_fixup+0x46a/0xa50
setup_arg_pages+0x565/0xae0
load_elf_binary+0xc5e/0x2980
bprm_execve+0x93d/0x1410
kernel_execve+0x8ef/0x9e0
try_to_run_init_process+0x13/0x60
kernel_init+0xad/0x1d0
ret_from_fork+0x51b/0xa40
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:anon_vma_name+0x253/0x260
Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffc90000067550 EFLAGS: 00010286
RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
[v1] add and use vma_assert_stabilised() helper
https://lore.kernel.org/all/cover.1768558900.g...@oracle.com
* [PATCH 1/2] mm/vma: add vma_is_*_locked() helpers
* [PATCH 2/2] mm: add + use vma_is_stabilised(), vma_assert_stabilised() helpers
and found the following issue:
kernel BUG in anon_vma_name
Full report is available here:
https://ci.syzbot.org/series/a3867085-bae4-4416-9704-3b23ef9c6006
***
kernel BUG in anon_vma_name
tree: mm-new
URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/akpm/mm.git
base: eeb33083cc4749bdb61582eaeb5c200702607703
arch: amd64
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
config: https://ci.syzbot.org/builds/2e5b4d7e-a1a9-48c8-ae3b-654d3ac32e5c/config
Loaded X.509 cert 'Build time autogenerated kernel key: 65176d093d4baf94ab1e788ee9f46804766f83ba'
ima: Allocated hash algorithm: sha256
ima: No architecture policies found
evm: Initialising EVM extended attributes:
evm: security.selinux (disabled)
evm: security.SMACK64 (disabled)
evm: security.SMACK64EXEC (disabled)
evm: security.SMACK64TRANSMUTE (disabled)
evm: security.SMACK64MMAP (disabled)
evm: security.apparmor
evm: security.ima
evm: security.capability
evm: HMAC attrs: 0x1
PM: Magic number: 10:472:582
tty ptyc0: hash matches
netconsole: network logging started
gtp: GTP module loaded (pdp ctx size 128 bytes)
rdma_rxe: loaded
cfg80211: Loading compiled-in X.509 certificates for regulatory database
Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
clk: Disabling unused clocks
ALSA device list:
#0: Dummy 1
#1: Loopback 1
#2: Virtual MIDI Card 1
check access for rdinit=/init failed: -2, ignoring
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT4-fs (sda1): mounted filesystem b4773fba-1738-4da0-8a90-0fe043d0a496 ro with ordered data mode. Quota mode: none.
VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
devtmpfs: mounted
Freeing unused kernel image (initmem) memory: 26044K
Write protecting the kernel read-only data: 212992k
Freeing unused kernel image (text/rodata gap) memory: 388K
Freeing unused kernel image (rodata/data gap) memory: 1776K
x86/mm: Checked W+X mappings: passed, no W+X pages found.
x86/mm: Checking user space page tables
x86/mm: Checked W+X mappings: passed, no W+X pages found.
Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
Run /sbin/init as init process
vma ffff888175272d80 start 00007fffffffe000 end 00007ffffffff000 mm ffff888100079880
prot 8000000000000025 anon_vma ffff888110bf8000 vm_ops 0000000000000000
pgoff 7fffffffe file 0000000000000000 private_data 0000000000000000
refcnt 1
flags: 0x8118173(read|write|mayread|maywrite|mayexec|growsdown|seqread|randread|account|softdirty)
------------[ cut here ]------------
kernel BUG at ./include/linux/mmap_lock.h:476!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 1 Comm: init Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:anon_vma_name+0x253/0x260
Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffc90000067550 EFLAGS: 00010286
RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
Call Trace:
<TASK>
vma_modify_flags+0x203/0x330
mprotect_fixup+0x46a/0xa50
setup_arg_pages+0x565/0xae0
load_elf_binary+0xc5e/0x2980
bprm_execve+0x93d/0x1410
kernel_execve+0x8ef/0x9e0
try_to_run_init_process+0x13/0x60
kernel_init+0xad/0x1d0
ret_from_fork+0x51b/0xa40
ret_from_fork_asm+0x1a/0x30
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:anon_vma_name+0x253/0x260
Code: ff 4c 89 ff e8 8e 7d 0a 00 e9 e9 fe ff ff e8 34 db a2 ff eb 0c e8 2d db a2 ff eb 05 e8 26 db a2 ff 48 89 df e8 6e 77 08 ff 90 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0000:ffffc90000067550 EFLAGS: 00010286
RAX: 000000000000014c RBX: ffff888175272d80 RCX: 37717524f4bb9000
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1c3ae40 R12: dffffc0000000000
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000001
FS: 0000000000000000(0000) GS:ffff88818e405000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88823ffff000 CR3: 0000000110c5a000 CR4: 00000000000006f0
***
If these findings have caused you to resend the series or submit a
separate fix, please add the following tag to your commit message:
Tested-by: syz...@syzkaller.appspotmail.com
---
This report is generated by a bot. It may contain errors.
syzbot ci engineers can be reached at syzk...@googlegroups.com.
Lorenzo Stoakes
Jan 16, 2026, 9:03:14 AM (18 hours ago) Jan 16
to syzbot ci, ak...@linux-foundation.org, da...@kernel.org, ja...@google.com, liam.h...@oracle.com, linux-...@vger.kernel.org, linu...@kvack.org, mho...@suse.com, rp...@kernel.org, shakee...@linux.dev, sur...@google.com, vba...@suse.cz, syz...@lists.linux.dev, syzkall...@googlegroups.com
Please ignore, this whole series has been resent at [0].
Cheers, Lorenzo
[0]: https://lore.kernel.org/linux-mm/cover.1768569863.g...@oracle.com/
Cheers, Lorenzo
[0]: https://lore.kernel.org/linux-mm/cover.1768569863.g...@oracle.com/
Reply all
Reply to author
Forward
0 new messages