From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E16FEDEC7C for ; Wed, 13 Sep 2023 16:05:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A85496B015E; Wed, 13 Sep 2023 12:05:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A33686B0182; Wed, 13 Sep 2023 12:05:34 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AD146B0184; Wed, 13 Sep 2023 12:05:34 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 733DB6B015E for ; Wed, 13 Sep 2023 12:05:34 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 2DBB0140D9A for ; Wed, 13 Sep 2023 16:05:34 +0000 (UTC) X-FDA: 81232049388.16.B29E58F Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com [209.85.219.170]) by imf27.hostedemail.com (Postfix) with ESMTP id 3B6F54003E for ; Wed, 13 Sep 2023 16:05:31 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pVuAJ3tM; spf=pass (imf27.hostedemail.com: domain of surenb@google.com designates 209.85.219.170 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1694621131; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=j0FEOtK8upVX9062rGQwvkLr47mtWsuxzkFYa37bMGk=; b=8Q/1tHBii5WumGPUdaBGGWHKDoBhUIVxw9MVddq9nD6evNUeDfSpjiBUqx1X8Gs6cFjGxb BwYByuEKnvdzxKI2d+wBqa/K3DwmkwnLUeXHxNASCvKGOElE+11jZNQW+dRfvutkN2e8V9 0VltwDLUwB6UZJE0d/Gas1r+S7AKe60= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1694621131; a=rsa-sha256; cv=none; b=hF5zym8+GqdUnqFotCqALqKpRKXmW7wv+Id6dvwudoBElNyLQPvkIXTDjerkwsKvvXjYe6 8gPC1BHiQZAbiOajXq+cKbgbkFkeY9jGuSkdd5li6I3zHvAcq8szYbUHAy6kGMK9Si+hBq NfRNVdnsHjxGIj+lyxuX+0iD8LrpTc0= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=pVuAJ3tM; spf=pass (imf27.hostedemail.com: domain of surenb@google.com designates 209.85.219.170 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yb1-f170.google.com with SMTP id 3f1490d57ef6-d7b89ae27d3so6155040276.3 for ; Wed, 13 Sep 2023 09:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1694621130; x=1695225930; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=j0FEOtK8upVX9062rGQwvkLr47mtWsuxzkFYa37bMGk=; b=pVuAJ3tMdE5hS2g/cD6ZdDPKbgxnXYDsgXf2b5IAQwctmNs799ppK7o1V5LGCEJLRD LgYoFu6EKVXStq7D9I+uUTfXQUbkmp8FqbpUoFh2DyU3HnK1DD1dknxHb+shwSA7HQJJ 18is1JzsFD6zKkTGZyASD6nW1aGbSAyRrOlnCVyDavMJwpBOGoqh52qcBTQbiy33cCF6 OqHRqDSfL/h4cMfSDoOrD9A8XqrE2TQMlCvpRuvURkhk/oNlOIJ8pJ2rzlPLscoCZsHv NscxcHlv3EiHPD7dmQ7zoMRpXv7EHMJ/kolivXuMHAhcex7Fae3FabS+Ym0H0F5yAL9w A/Cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694621130; x=1695225930; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j0FEOtK8upVX9062rGQwvkLr47mtWsuxzkFYa37bMGk=; b=L5+gNxiNEbX+6ou0RMIxJoVSnU1Am0hbn6lYz6adEblmUnr65Nq2TWqBGGegHUuwj5 NqCkOpERWd/q8uhMqPHVmUeSaLZojRix8fVSHTd+DCzBKO0m0gU0sADFTDHZGwvO0YXR W3YBpsA4gjVN1kbpqFXvTfq7oIpsOsPmc596V7uycguEi9qh/y4+shMcd3/1+8l3UYhC qe9NpuuYqLRJUBVx8XdlnGNQ4mmV5Ugp+fkFZRBUjTqawT6EHmek4koREO6DA8lVPyVz Vzzg5gk36Nfj78/ySqacCi31clc5X1j6FpEHQDsGzoGiEJJk2dar4nC3Ws72qznHvOys VmYQ== X-Gm-Message-State: AOJu0YyHTq0nBD3rxqA1jP+78GwtBB0SIxmgs92C6W09MWzr2hLaOJFd WWzSfStce6SY7OjAwBHSUjhAunuLA4+8xPEDF6L1gQ== X-Google-Smtp-Source: AGHT+IGo1ehGwiEn6OUWA2bjwwy7j0JZaPAvQLqsKcx6c0Wve83SsYcwavDNx6L6hT11eXA5Q0SStm7CV5L8PBL8bXs= X-Received: by 2002:a5b:9c8:0:b0:d4b:ab7b:17ed with SMTP id y8-20020a5b09c8000000b00d4bab7b17edmr2668350ybq.4.1694621129992; Wed, 13 Sep 2023 09:05:29 -0700 (PDT) MIME-Version: 1.0 References: <000000000000f392a60604a65085@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Wed, 13 Sep 2023 16:05:17 +0000 Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in vma_replace_policy To: Matthew Wilcox Cc: syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 3B6F54003E X-Rspam-User: X-Stat-Signature: 6quo59an5ozjs89i4bmcntwbza4d4csu X-Rspamd-Server: rspam03 X-HE-Tag: 1694621131-242651 X-HE-Meta: U2FsdGVkX1/ZyV6hcRC5kQzd8GjYDsfJnLIdloTzOtz7Fz/OozUZSjD9NBQb6CZJKLfpctlpvAXXf8sea3Kv7ToMXytIKmVP2uJay30/wFhnbpl3/FoUwgO2aUCmAvqdvPOm/adJvtie4EbS4kQe4AG0nwLQV6s0RNE5F2PdFab8n73F14weyPD2Ma3Rr9+CAL7lr3tGEwzH0nbKaUb6d/BmIOeHnGP6hexlCCzBTR8IqS1oltf5ASQBbuo7JZ+af9LVXyAHnx5omHGUL6W5J3pxfQF5siniETx2gJ1sehsPHeCsqCJWb4e2fK+kZigVMMNNY4q1y8b0hgzwFaX5966SJj1B0DcgxCVWHp6vBcSQUt7wOD3hWYUiS21fZocPbce0y1morR5+EvBmXkuuQqe+LTH9+xLkmMQ+DTWNJIrYwF7wMk3mG6PcATr9oKUr7U2YKbpi3EX+yVjDmulcVlxVMk++XUgeDdrtUqv9xbEjagyyFxJq1CyxP2DguC1/UWJYECDsOH8J/yS9r8HcUPn00qPE22CBVYfMkrP8VcK+LJ4/yamj2siCIF8FSjZZWiVeTYy30Z/aAjwXZbw1yN1zbKPG4yLSmuhdh7547mM9G6OweCEi+gNJxEbKjDsBNdDS5wtotMyx8iu3RG4G6pvv5dRe7wS+G+1pVsj9mDHgwAXbaczbnig0fa5qWquJDKq22+LhwhtEvBjcXpOmAt4jzMPWkTYerO+K7aQxvqE9m677EAIQ327uVNvaYA4PdpyVFItsV83Fwpt7CnMeDmpkO1NFdvkRY9J0uuvNGVhT2YIKL9ape/UtJwDqCU0qFFXPXx8jIh6olHDosVMGwmQBFPY4kUiyrLGeCClHrU9e2ZaQnI7myiSqIbye85yw3xwjpNj0gw8QxfHibN8FFRLFiXtciCksOk5hgamnjQfrdDk9R3MoJREbe8UMORbqsKQPiILrGxBt7aLtn/F h99wpOrk xNK/SSnu8M/BAolHJqQ9xk7zzgM+Nw4+Ck6VzBLFXdAkXjckV4wbb8zmyP1jN6suCL7g8yCMrg3pcpztdXfwY8ra0XtTLetSGoh44fgebvgnnksrhmIDCS+u+j4q8BRtj/p70hgSaOtdwiBB03dvZpldw/x9qJB8VyFL5Pzy9pN6TJtjqtiC/78R7TV4LHbky5Gg+8gQ3dVFbAMajShNCbd3ZYpnfiHhdpSToxeBQhg6izpszByRyDNuArM/HFTnFUGbRwCZbdyv3fpUYVXvXK5aessmbmeE63v4YArsBy2ylz4Qwz2Xhm4dIKNWQg9sEXuw+L+7CG3xW9AGL182ZmOHPDJj/69DsKJ+QaKLxTUF7qGYmzVXTkoda2NevPrJfn9vK4J2Ua2gdfgiv8dCehnT1d/Jwlz6WBVTZPzsC5O1Ly95DVfp72Lne04qszS8emjUKNcvbSNybXro0GsiJTjUVI8Eiuu4VaXlkvoRSR032xaMhYXQZaEZYBFshkqxnirpFFWN6V9CtwifIQU7lBFFKse2gzUE+DoRG2rZvcgZaGx+/T4Q97RKrPJYrh06yBGyKNj6W1blsffNVksmOK0a1zILc7dL5SaSW17iCsv2mMdL0a9+mgkpihYxECxuHzvaUdrLD5kEqdjv3bN14Y9BuJPIcjfZ5iylTxOG/xnd3A0w71WZ00zgO+Ax+PRyC+Sck0h0sYUyZYKIbW548Za3SQd47s8PzDn6ZrwcI0Ub0XqBK5qFuueVu7IGZoJKel606ITW7fGk+H4UvKQfALSDBiQTHki2P+gCb3Xaon13zxPBHovTpy1M/tNBycLeVvYbvkfDrI33djjTliXQgj9xrlw2kgI4HYg3lrAijLflVGIQqXVtXK7QUvyzUwvIAjx38Cp8y7aWDWeI6AAWa0WUfe7SHER0S5f8skjrLB4otZsg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Sep 12, 2023 at 4:00=E2=80=AFPM Suren Baghdasaryan wrote: > > On Tue, Sep 12, 2023 at 8:03=E2=80=AFAM Suren Baghdasaryan wrote: > > > > On Tue, Sep 12, 2023 at 7:55=E2=80=AFAM Matthew Wilcox wrote: > > > > > > On Tue, Sep 12, 2023 at 06:30:46AM +0100, Matthew Wilcox wrote: > > > > On Tue, Sep 05, 2023 at 06:03:49PM -0700, syzbot wrote: > > > > > Hello, > > > > > > > > > > syzbot found the following issue on: > > > > > > > > > > HEAD commit: a47fc304d2b6 Add linux-next specific files for 20= 230831 > > > > > git tree: linux-next > > > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D16502= ddba80000 > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D6ecd2= a74f20953b9 > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Db591856= e0f0139f83023 > > > > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binuti= ls for Debian) 2.40 > > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D120= e7d70680000 > > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D1523f= 9c0680000 > > > > > > > > > > Downloadable assets: > > > > > disk image: https://storage.googleapis.com/syzbot-assets/b2e8f421= 7527/disk-a47fc304.raw.xz > > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/ed6cdcc0933= 9/vmlinux-a47fc304.xz > > > > > kernel image: https://storage.googleapis.com/syzbot-assets/bd9b24= 75bf5a/bzImage-a47fc304.xz > > > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to = the commit: > > > > > Reported-by: syzbot+b591856e0f0139f83023@syzkaller.appspotmail.co= m > > > > > > > > #syz test > > > > > > > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > > > > index 42b5567e3773..90ad5fe60824 100644 > > > > --- a/mm/mempolicy.c > > > > +++ b/mm/mempolicy.c > > > > @@ -1342,6 +1342,7 @@ static long do_mbind(unsigned long start, uns= igned long len, > > > > vma_iter_init(&vmi, mm, start); > > > > prev =3D vma_prev(&vmi); > > > > for_each_vma_range(vmi, vma, end) { > > > > + vma_start_write(vma); > > > > err =3D mbind_range(&vmi, vma, &prev, start, end, new= ); > > > > if (err) > > > > break; > > > > > > Suren, can you take a look at this? The VMA should be locked by the > > > call to queue_pages_range(), but by the time we get to here, the VMA > > > isn't locked. I don't see anywhere that we cycle the mmap_lock (whic= h > > > would unlock the VMA), but I could have missed something. The two > > > VMA walks should walk over the same set of VMAs. Certainly the VMA > > > being dumped should have been locked by the pagewalk: > > Yeah, this looks strange. queue_pages_range() should have locked all > the vmas and the tree can't change since we are holding mmap_lock for > write. I'll try to reproduce later today and see what's going on. So far I was unable to reproduce the issue. I tried with Linus' ToT using the attached config. linux-next ToT does not boot with this config but defconfig boots and fails to reproduce the issue. I'll try to figure out why current linux-next does not like this config. > > > > > Sure, I'll look into this today. Somehow this report slipped by me > > unnoticed. Thanks! > > > > > > > > vma ffff888077381a00 start 0000000020c2a000 end 0000000021000000 mm = ffff8880258a8980 > > > prot 25 anon_vma 0000000000000000 vm_ops 0000000000000000 > > > pgoff 20c2a file 0000000000000000 private_data 0000000000000000 > > > flags: 0x8100077(read|write|exec|mayread|maywrite|mayexec|account|so= ftdirty) > > > > > > syscall(__NR_mbind, /*addr=3D*/0x20400000ul, /*len=3D*/0xc00000ul, = /*mode=3D*/4ul, > > > /*nodemask=3D*/0ul, /*maxnode=3D*/0ul, /*flags=3D*/3ul); > > > > > > 20400000 + c00000 should overlap 20c2a000-21000000