From: Dmitry Vyukov <dvyukov@google.com>
To: Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Sasha Levin <sasha.levin@oracle.com>
Cc: syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Eric Dumazet <edumazet@google.com>
Subject: WARNING in shmem_evict_inode
Date: Mon, 9 Nov 2015 09:55:29 +0100 [thread overview]
Message-ID: <CACT4Y+btGx7QKUjQdniRpczMof28V243Yo=Haj_G3acj0=smrg@mail.gmail.com> (raw)
Hello,
The following program:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <syscall.h>
#include <string.h>
#include <stdint.h>
#include <pthread.h>
#define SYS_memfd_create 319
long fd;
void *thr(void *p)
{
syscall(SYS_ftruncate, fd, 0x8ul, 0, 0, 0, 0);
return 0;
}
int main()
{
pthread_t th;
syscall(SYS_mmap, 0x20000000ul, 0x10000ul, 0x3ul, 0x32ul,
0xfffffffffffffffful, 0x0ul);
memcpy((void*)0x20000f96, "\x23\x65\x6d\x31\x07\x2b\x27\x29\x00", 9);
fd = syscall(SYS_memfd_create, 0x20000f96ul, 0x2ul, 0, 0, 0, 0);
syscall(SYS_fallocate, fd, 0x0ul, 0x31d89288ul, 0x4ul, 0, 0);
syscall(SYS_mmap, 0x20061000ul, 0xc00000ul,
0x1a9d91e04768640bul, 0x11ul, fd, 0x0ul);
pthread_create(&th, 0, thr, 0);
syscall(SYS_fstat, fd, 0x20550fcful, 0, 0, 0, 0);
pthread_join(th, 0);
return 0;
}
triggers WARNING in shmem_evict_inode:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 10442 at mm/shmem.c:625 shmem_evict_inode+0x335/0x480()
Modules linked in:
CPU: 1 PID: 8944 Comm: executor Not tainted 4.3.0+ #39
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
00000000ffffffff ffff88006c6afab8 ffffffff81aad406 0000000000000000
ffff88006e39ac80 ffffffff83091660 ffff88006c6afaf8 ffffffff81100829
ffffffff814192e5 ffffffff83091660 0000000000000271 ffff88003d075aa8
Call Trace:
[<ffffffff81100a59>] warn_slowpath_null+0x29/0x30 kernel/panic.c:480
[<ffffffff814192e5>] shmem_evict_inode+0x335/0x480 mm/shmem.c:625
[<ffffffff8151560e>] evict+0x26e/0x580 fs/inode.c:542
[< inline >] iput_final fs/inode.c:1477
[<ffffffff81515f30>] iput+0x4a0/0x790 fs/inode.c:1504
[< inline >] dentry_iput fs/dcache.c:358
[<ffffffff8150667e>] __dentry_kill+0x4fe/0x700 fs/dcache.c:543
[< inline >] dentry_kill fs/dcache.c:587
[<ffffffff8150be7b>] dput+0x6ab/0x7a0 fs/dcache.c:796
[<ffffffff814c499b>] __fput+0x3fb/0x6e0 fs/file_table.c:226
[<ffffffff814c4d05>] ____fput+0x15/0x20 fs/file_table.c:244
[<ffffffff8115ab23>] task_work_run+0x163/0x1f0 kernel/task_work.c:115
[< inline >] exit_task_work include/linux/task_work.h:21
[<ffffffff81105049>] do_exit+0x7f9/0x2b80 kernel/exit.c:748
[<ffffffff8110b268>] do_group_exit+0x108/0x320 kernel/exit.c:878
[< inline >] SYSC_exit_group kernel/exit.c:889
[<ffffffff8110b49d>] SyS_exit_group+0x1d/0x20 kernel/exit.c:887
---[ end trace 43da88a03e29c2a5 ]---
Run the program in a loop, as the WARNING seems to be triggered by a race.
On commit d1e41ff11941784f469f17795a4d9425c2eb4b7a (Nov 5).
But I was also able to reproduce it on a 3.11-based kernel.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next reply other threads:[~2015-11-09 8:55 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-09 8:55 Dmitry Vyukov [this message]
2015-11-23 8:30 ` Dmitry Vyukov
2015-12-02 9:29 ` Hugh Dickins
2015-12-16 19:23 ` Holger Hoffstätte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+btGx7QKUjQdniRpczMof28V243Yo=Haj_G3acj0=smrg@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=akpm@linux-foundation.org \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=hughd@google.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=sasha.levin@oracle.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox