From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BFA70CA0EF1 for ; Tue, 12 Sep 2023 15:03:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 249EF6B00E2; Tue, 12 Sep 2023 11:03:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1F9E96B0103; Tue, 12 Sep 2023 11:03:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0C33B6B0105; Tue, 12 Sep 2023 11:03:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id E9DF16B00E2 for ; Tue, 12 Sep 2023 11:03:47 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id E68FD120CAA for ; Tue, 12 Sep 2023 15:03:45 +0000 (UTC) X-FDA: 81228264810.28.A9941A9 Received: from mail-ot1-f45.google.com (mail-ot1-f45.google.com [209.85.210.45]) by imf13.hostedemail.com (Postfix) with ESMTP id 925F920171 for ; Tue, 12 Sep 2023 15:03:22 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rba3MVYw; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of surenb@google.com designates 209.85.210.45 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1694531002; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kaB7HH0dQJ7CpwPFo5lVORGeh+RIfRfhSTGN+9z/Csg=; b=o10B/hs65Yg2XgSb9W8H8O/QmPE8e4lU+nXTMy5VGMxHULXyUbkoLuQJQFLxbzAWCrqLA6 m8xezsI/kRFGT89lRxtlaqeHrCGrIEs191oNiFP6Au6+gBjpUTb10vmZBx9JLTdTLEA1/2 ADVhWRw38wQcYLDosyyzrZ6Y+WVb6F4= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=rba3MVYw; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of surenb@google.com designates 209.85.210.45 as permitted sender) smtp.mailfrom=surenb@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1694531002; a=rsa-sha256; cv=none; b=6GMCMimUb288s3PirnPDQqaOk4uOSAi9wHb0z9VTagN8NQzMp32LAk7zs97a+NwB8qCNF6 Rjn21NSmdPlTI7GoFPks4RD2tzZNk2NlgmDlsK/V5JXG+HffQiLrU1FkmbcxsLH/k62qne 3jJ/1mEXws2AS8tuQupIpp8r20NNnzo= Received: by mail-ot1-f45.google.com with SMTP id 46e09a7af769-6c0bbbbad81so3505321a34.3 for ; Tue, 12 Sep 2023 08:03:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1694531001; x=1695135801; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=kaB7HH0dQJ7CpwPFo5lVORGeh+RIfRfhSTGN+9z/Csg=; b=rba3MVYwIIg+u0WpP+48BZ6U749P71HancBx4nl9xeBpoAZyzayHarhzmb0BEAzytv N0DbSHHBLCXIuKNHSA567kl8nmKNt3ACuYB5+OwdMuYLdxvFPspbNUTAmkKnkBI5JMsA XutIuKZ+9sZdeV/gUhUeANIX9hKOc/oYcQDAd15KbW7B8vfEi0TYyAkYA7kkU3g4IVbl T9BuaBxPkM0TyDX9TvzL9RyKAIpdS9Espqy8jqFPNPDm5zEYVroJwojjD0OsIwsCErfj bA2jae0RQsW/WPxTI5JznTjGVODyTMAx5gmMQziQw5qkH2GTQSWTlbDRaQoqNejn4wve Yvow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694531001; x=1695135801; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kaB7HH0dQJ7CpwPFo5lVORGeh+RIfRfhSTGN+9z/Csg=; b=LskiJE/t6SeXeujDX12e3vWz7r11rIxssvOaLBEEltI1SZai3MCBmIc4OVR+W/nBM2 MOhTR8VKh1FLw//IG12+kSI7r+J80QcceYTNfP7BoJ/xAlmcKSspnFb7Hkr3AFlfUJeu iFExJrwUejLzk+0JQVWokfYFQvEd2S1fdJgLG+DXvshaG2FDs8t3NfQtTYK2Hz2TbTEC OaMDDN56jpkolM0NJiix1lm7mqMPai17J7zdyOpoi7HuJH7xuVCNMGVsc1qE+DfaiDRI +XsEkkWtH178SjJ1AfYvORhd6mLLxxDcXMpkLKhA8Rjq16MgWatpCKB0AX3hPiohnUZz natA== X-Gm-Message-State: AOJu0YxU6EUMdSbISonX2PWXF4JQgIugwtLepF6j4aaXd0BMYbJq3Gsm aNqjGJGyjuAL6/+atLuV/XGxV1cSCN/b9DYMWydwHg== X-Google-Smtp-Source: AGHT+IG3ZscNIixhDWDTxnaO7oI6pgrWIJRItPByJO4MUOaVyzHZ86PaCL0Q84+HfJqUNs4oEPlzUoS5jIqeow7la+I= X-Received: by 2002:a05:6830:114a:b0:6b9:e3b0:1433 with SMTP id x10-20020a056830114a00b006b9e3b01433mr13552803otq.37.1694531001364; Tue, 12 Sep 2023 08:03:21 -0700 (PDT) MIME-Version: 1.0 References: <000000000000f392a60604a65085@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Tue, 12 Sep 2023 08:03:08 -0700 Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in vma_replace_policy To: Matthew Wilcox Cc: syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 925F920171 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: zh6q1ts6y4ujc1uzi981fgbxk6m8wzj3 X-HE-Tag: 1694531002-292304 X-HE-Meta: U2FsdGVkX19LvCZaYtgdfV96L4J9GulsWf3Nl5JCl0Z18eNo8Ught3gAL+wchb3xV38M6r3KC11QmTRNCv/U7uMxDV1yXun70/mip3+4CzBBRZ4hVGDMiK1+QkcCFEMbGgVHlJElkTPzy26ogRHsvET7iTDK5FwuLQNGNzOIf18gKdi13k7EZ3kXaPZuYO/Q9s8YK6WgOHkNsNRrBnJ3AF6x31jT5qS/aJkQWyjn3SEDo+19ua9UiCvMLcSNrGToquib4oMAmNGsV5FLVrGrEyQ+6izFoAGeOx2oX/xQKXvVH+tz6e+Y5PW8ipiOARSQTjDOawRnCI2TleHwNaXRB6SkhXKSlJqxMLTc7v8QMGIGzTQf4q4TVovrubIRXwotTzC3/igfwBkHY5LmbKAHJwKWKL3UI+n51ogJHOryJxHjJOl26zuKYmOPf0jK4iP+02E7z6DMGat0CZ3zaxcVFM+exvk5oRHVMew9r4p3hLm+pfkjQpb/tkcX+djif31o0+F2rS/UIJeqjXdqThiM+AYnVKbv50IfH/ng6IPpPaNq1tUEvV6oDJzN0j6NPvLq8RgkQh2nOVfgQ5RGs0UEHcDeSZJUMLmGe770ihALk7ihb10BktbUftXoY30DMJqM6TUa8ErkBoeCsqWFYfF5Y9N5frTpj/NSr2O/P5pj9heQIUg7XZ6h+CVeDUCMz0opr7cUAePWC4mDj5HYcCIIiO9PIOccH0fySK0015VhVplNrZEcK58MQoB2YLKmhNSa4Z9mmTH8T3j2mVq0lMKxhaFxC1vuqwYf/Fi1r8QstU84ixYTp+3+XrCzunfQ7uCDgVQP8EPGG6HO5b18kr7GkDB84Sw6f/tPos8CiEiWY/tn1q80nPofUoD/SbKNJAD6ZaI3Migl1PnNUeDRlmHwnxzYHV66BkeIDJQlq3+Ca5g8jRovk/GQZSXR2GevOM2n4txij8Sn8sVAsJKTMoR TqF4Copl okZjhavHgZDUwXmotgXCEr3zJkQJmLKmCvNuMW8na+BW3+yD5y+To3h/6K2XWhWDLL6mMxaKt8WcANNzaleeL9k9A2h/96L308RP7Fe15gJ+nynywZaajwdSdCDS0Ox9Wtk/TS9EhLj9L2aRqjvrOdEUZ3LF8L3iF6WP+HJ93A1H6k1np+w7zbR6siPQ5w5jBXOSghSTbK5e7KYZkhuHI2+StoBHItVzfBBWtbLOpP7NHa3XJjrqVBOlU8s8pBcjc4m1SVayUNa5xrbbh8gBpE5L735sMGYj23L06PhjuP5CODipjmEU6sUK1b/OENeR7rvYgd8WQQ/YP8F08Y6WhcG4ZJ0XWDyVt1rYsqwWRcfptRGUv07+IOmJ/06CmlB2MsJyKUtqPKTP+XN8q5ieeRCg21P48fFrGAThUTIJixTQ8+lLlVMZPsW+WzoqKgilJ9+jLTIB5EwPYV0LQKvJm88N4MYV9lcMENVF45AoZnsRBpgboPcl9kxrztAbEULAg3JrW54K/EGYLIXOJf0io4OvpuxrSlLo36EL60a7uGw81oOz3qZUZkRQHKKhkWCPUkangW53+O2C9dBCkWd1AUpn8mQ4JSsQevhHyGGoaJDV2O15tMR6MFN4iCtMx2v5eL7Zr9XcltwqdSCLJAbbxTTNDciBVAlGfhioE+fj++5SuVbb+Feb0pl280jgMmhVQ0c1bCKxseF8Eo1ANpiTRbd06JI3QHG7j5+PQYF5haxXvoUzUNiXkGvnlxjC9Togga9V+I1oDmM+xI9iUwxDIUtfyAK3tCQtKbR0TQT4N6L+WnHsaFyvo4oBZM2QRg8AlE8VAcqFK3I+oweeLgiflq8nWaX2bDfmV+VVSui+ewOcL4aTkc4KV70AHNtVOGcMUgz7MRQ+f1XLml4lzAI9QFmDGsA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Sep 12, 2023 at 7:55=E2=80=AFAM Matthew Wilcox wrote: > > On Tue, Sep 12, 2023 at 06:30:46AM +0100, Matthew Wilcox wrote: > > On Tue, Sep 05, 2023 at 06:03:49PM -0700, syzbot wrote: > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: a47fc304d2b6 Add linux-next specific files for 202308= 31 > > > git tree: linux-next > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D16502ddba= 80000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D6ecd2a74f= 20953b9 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Db591856e0f0= 139f83023 > > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils f= or Debian) 2.40 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D120e7d7= 0680000 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D1523f9c06= 80000 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/b2e8f4217527= /disk-a47fc304.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/ed6cdcc09339/vm= linux-a47fc304.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/bd9b2475bf= 5a/bzImage-a47fc304.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the = commit: > > > Reported-by: syzbot+b591856e0f0139f83023@syzkaller.appspotmail.com > > > > #syz test > > > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > > index 42b5567e3773..90ad5fe60824 100644 > > --- a/mm/mempolicy.c > > +++ b/mm/mempolicy.c > > @@ -1342,6 +1342,7 @@ static long do_mbind(unsigned long start, unsigne= d long len, > > vma_iter_init(&vmi, mm, start); > > prev =3D vma_prev(&vmi); > > for_each_vma_range(vmi, vma, end) { > > + vma_start_write(vma); > > err =3D mbind_range(&vmi, vma, &prev, start, end, new); > > if (err) > > break; > > Suren, can you take a look at this? The VMA should be locked by the > call to queue_pages_range(), but by the time we get to here, the VMA > isn't locked. I don't see anywhere that we cycle the mmap_lock (which > would unlock the VMA), but I could have missed something. The two > VMA walks should walk over the same set of VMAs. Certainly the VMA > being dumped should have been locked by the pagewalk: Sure, I'll look into this today. Somehow this report slipped by me unnoticed. Thanks! > > vma ffff888077381a00 start 0000000020c2a000 end 0000000021000000 mm ffff= 8880258a8980 > prot 25 anon_vma 0000000000000000 vm_ops 0000000000000000 > pgoff 20c2a file 0000000000000000 private_data 0000000000000000 > flags: 0x8100077(read|write|exec|mayread|maywrite|mayexec|account|softdi= rty) > > syscall(__NR_mbind, /*addr=3D*/0x20400000ul, /*len=3D*/0xc00000ul, /*mo= de=3D*/4ul, > /*nodemask=3D*/0ul, /*maxnode=3D*/0ul, /*flags=3D*/3ul); > > 20400000 + c00000 should overlap 20c2a000-21000000