From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail-it0-f70.google.com (mail-it0-f70.google.com [209.85.214.70])
	by kanga.kvack.org (Postfix) with ESMTP id 6FCF26B027B
	for <linux-mm@kvack.org>; Tue, 15 Nov 2016 08:27:37 -0500 (EST)
Received: by mail-it0-f70.google.com with SMTP id b123so14266138itb.3
        for <linux-mm@kvack.org>; Tue, 15 Nov 2016 05:27:37 -0800 (PST)
Received: from mga02.intel.com (mga02.intel.com. [134.134.136.20])
        by mx.google.com with ESMTPS id z8si22179721pab.243.2016.11.15.05.27.36
        for <linux-mm@kvack.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 15 Nov 2016 05:27:36 -0800 (PST)
Date: Tue, 15 Nov 2016 16:27:03 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: mm: BUG in munlock_vma_pages_range
Message-ID: <20161115132703.7s7rrgmwttegcdh4@black.fi.intel.com>
References: <CACT4Y+ZKGtDQ=jO95tMrzR=-8r5vpZqgE9DNTW8vdmckM+NhYw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACT4Y+ZKGtDQ=jO95tMrzR=-8r5vpZqgE9DNTW8vdmckM+NhYw@mail.gmail.com>
Sender: owner-linux-mm@kvack.org
List-ID: <linux-mm.kvack.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>, Vlastimil Babka <vbabka@suse.cz>, "linux-mm@kvack.org" <linux-mm@kvack.org>, LKML <linux-kernel@vger.kernel.org>, Konstantin Khlebnikov <koct9i@gmail.com>, Andrey Ryabinin <aryabinin@virtuozzo.com>, syzkaller <syzkaller@googlegroups.com>

On Tue, Nov 15, 2016 at 05:47:26AM +0100, Dmitry Vyukov wrote:
> Hello,
> 
> The following program triggers BUG in munlock_vma_pages_range:
> 
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include <sys/mman.h>
> 
> int main()
> {
>   mmap((void*)0x20105000ul, 0xc00000ul, 0x2ul, 0x2172ul, -1, 0);
>   mremap((void*)0x201fd000ul, 0x4000ul, 0xc00000ul, 0x3ul, 0x203f0000ul);
>   return 0;
> }
> 
> 
> page:ffffea0001847cc0 count:0 mapcount:1 mapping:dead000000000400
> index:0x20400 compound_mapcount: 1
> flags: 0x5fffc0000000000()
> page dumped because: VM_BUG_ON_PAGE(PageMlocked(page))

Ughh.. mlock() again.

This should fix the issue: