Re: [syzbot] linux-next boot error: WARNING in find_vma

[Andrew Morton <akpm@linux-foundation.org>]

On Tue, 03 Aug 2021 09:46:28 -0700 syzbot <syzbot+dcb8a1e30879e0d60e8c@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    c3f7b3be172b Add linux-next specific files for 20210803
> git tree:       linux-next

Thanks.  I'm suspecting "Add mmap_assert_locked() annotations to
find_vma*()" found an error in Tomoyo - tomoyo_dump_page() should be
holding mmap_lock?

> console output: https://syzkaller.appspot.com/x/log.txt?x=10b71b42300000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=ae62f6b8af876a89
> dashboard link: https://syzkaller.appspot.com/bug?extid=dcb8a1e30879e0d60e8c
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+dcb8a1e30879e0d60e8c@syzkaller.appspotmail.com
> 
> kAFS: Red Hat AFS client v0.1 registering.
> FS-Cache: Netfs 'afs' registered for caching
> Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes, fsverity=yes
> Key type big_key registered
> Key type encrypted registered
> AppArmor: AppArmor sha1 policy hashing enabled
> ima: No TPM chip found, activating TPM-bypass!
> Loading compiled-in module X.509 certificates
> Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
> ima: Allocated hash algorithm: sha256
> ima: No architecture policies found
> evm: Initialising EVM extended attributes:
> evm: security.selinux (disabled)
> evm: security.SMACK64 (disabled)
> evm: security.SMACK64EXEC (disabled)
> evm: security.SMACK64TRANSMUTE (disabled)
> evm: security.SMACK64MMAP (disabled)
> evm: security.apparmor
> evm: security.ima
> evm: security.capability
> evm: HMAC attrs: 0x1
> PM:   Magic number: 1:653:286
> usb usb32-port1: hash matches
> usb usb22: hash matches
> ppp ppp: hash matches
> tty ttyz0: hash matches
> printk: console [netcon0] enabled
> netconsole: network logging started
> gtp: GTP module loaded (pdp ctx size 104 bytes)
> rdma_rxe: loaded
> cfg80211: Loading compiled-in X.509 certificates for regulatory database
> cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
> ALSA device list:
>   #0: Dummy 1
>   #1: Loopback 1
>   #2: Virtual MIDI Card 1
> md: Waiting for all devices to be available before autodetect
> md: If you don't use raid, use raid=noautodetect
> md: Autodetecting RAID arrays.
> md: autorun ...
> md: ... autorun DONE.
> EXT4-fs (sda1): mounted filesystem without journal. Opts: (null). Quota mode: none.
> VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
> devtmpfs: mounted
> Freeing unused kernel image (initmem) memory: 4348K
> Write protecting the kernel read-only data: 169984k
> Freeing unused kernel image (text/rodata gap) memory: 2012K
> Freeing unused kernel image (rodata/data gap) memory: 1460K
> Run /sbin/init as init process
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 1 at include/linux/mmap_lock.h:164 mmap_assert_locked include/linux/mmap_lock.h:164 [inline]
> WARNING: CPU: 1 PID: 1 at include/linux/mmap_lock.h:164 find_vma+0xf8/0x270 mm/mmap.c:2307
> Modules linked in:
> CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.14.0-rc4-next-20210803-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:mmap_assert_locked include/linux/mmap_lock.h:164 [inline]
> RIP: 0010:find_vma+0xf8/0x270 mm/mmap.c:2307
> Code: 49 8d bc 24 28 01 00 00 be ff ff ff ff e8 00 e0 81 07 31 ff 89 c3 89 c6 e8 e5 a5 c9 ff 85 db 0f 85 61 ff ff ff e8 98 9e c9 ff <0f> 0b e9 55 ff ff ff e8 8c 9e c9 ff 4c 89 e7 e8 d4 da fb ff 0f 0b
> RSP: 0000:ffffc90000c67600 EFLAGS: 00010293
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: ffff888011a78000 RSI: ffffffff81ac1ac8 RDI: 0000000000000003
> RBP: 00007fffffffe000 R08: 0000000000000000 R09: 0000000000000001
> R10: ffffffff81ac1abb R11: 0000000000000001 R12: ffff8880260df000
> R13: 0000000000000000 R14: 0000000000002016 R15: 0000000000000000
> FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000000b68e000 CR4: 00000000001506e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  find_extend_vma+0x25/0x150 mm/mmap.c:2622
>  __get_user_pages+0x1c7/0xf70 mm/gup.c:1124
>  __get_user_pages_locked mm/gup.c:1359 [inline]
>  __get_user_pages_remote+0x18f/0x840 mm/gup.c:1868
>  get_user_pages_remote+0x63/0x90 mm/gup.c:1941
>  tomoyo_dump_page+0xd3/0x5b0 security/tomoyo/domain.c:915
>  tomoyo_print_bprm security/tomoyo/audit.c:46 [inline]
>  tomoyo_init_log+0xdc4/0x1ec0 security/tomoyo/audit.c:264
>  tomoyo_supervisor+0x34d/0xf00 security/tomoyo/common.c:2097
>  tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
>  tomoyo_execute_permission+0x37f/0x4a0 security/tomoyo/file.c:619
>  tomoyo_find_next_domain+0x348/0x1f80 security/tomoyo/domain.c:752
>  tomoyo_bprm_check_security security/tomoyo/tomoyo.c:101 [inline]
>  tomoyo_bprm_check_security+0x121/0x1a0 security/tomoyo/tomoyo.c:91
>  security_bprm_check+0x45/0xa0 security/security.c:865
>  search_binary_handler fs/exec.c:1711 [inline]
>  exec_binprm fs/exec.c:1764 [inline]
>  bprm_execve fs/exec.c:1833 [inline]
>  bprm_execve+0x732/0x19b0 fs/exec.c:1795
>  kernel_execve+0x370/0x460 fs/exec.c:1976
>  try_to_run_init_process+0x14/0x4e init/main.c:1426
>  kernel_init+0x12c/0x1d0 init/main.c:1542
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.