From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9EDACA0EF1 for ; Tue, 12 Sep 2023 16:01:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6BD486B011B; Tue, 12 Sep 2023 12:01:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 66D4E6B011C; Tue, 12 Sep 2023 12:01:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 534DD6B011D; Tue, 12 Sep 2023 12:01:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 446E76B011B for ; Tue, 12 Sep 2023 12:01:17 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F192D40B69 for ; Tue, 12 Sep 2023 16:01:16 +0000 (UTC) X-FDA: 81228409752.13.FCB4291 Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) by imf06.hostedemail.com (Postfix) with ESMTP id 3836D180039 for ; Tue, 12 Sep 2023 16:01:07 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=QrMtmLVK; spf=pass (imf06.hostedemail.com: domain of surenb@google.com designates 209.85.167.173 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1694534468; a=rsa-sha256; cv=none; b=aS/XtuMFcaG1r8jfj8wdEoXsJds5smvIwEWZIwz+qcNNlM/Gzh/nN+7b/VnaQ10DDXuMgJ w6pKj1gy8Easvxm8tH1v9ZaMOEZQtOMl4t7afunBkZ1q9Zcwio+Gb8PN1bp4dniFeBUd9x bZUrkBWOT9anQLm9rswlQ1T7Mcw2G4s= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=QrMtmLVK; spf=pass (imf06.hostedemail.com: domain of surenb@google.com designates 209.85.167.173 as permitted sender) smtp.mailfrom=surenb@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1694534468; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=syxnbBGsoOeBXpse3OW+r1GVcvCXzUeqkMjuqo6yekM=; b=BNsfrBui+zf/odUvh7Y0xbG5Itq57uZ7NnTd1bI6h52LOFleeW2spW7raEdQtc+JBbBGjG p+Vv5hJNhK9Tdyrknso3p6Gd+dN1Vwc4Rbb/odgLiRmQMcJMS2MVOuMZzenln7em9aa7X3 wVSZ072uv/awmXv11Z53ZKWBPvYvE28= Received: by mail-oi1-f173.google.com with SMTP id 5614622812f47-3ab3aa9ae33so4458032b6e.2 for ; Tue, 12 Sep 2023 09:01:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1694534467; x=1695139267; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=syxnbBGsoOeBXpse3OW+r1GVcvCXzUeqkMjuqo6yekM=; b=QrMtmLVKbABtN2mC3+P2CrCJPWblOoQmcFnSZhXJLIhfahDDy5iX9y40EPuZ71uC1U m80SdHGD96d/AMVxK5lehi97rJZ51QGfTNNjgLNrjXoWVeC1ny8UzboKRYPIB1nrEN+C hMftUiISrp5OkILQYSiVsYgmiP+v1kQ7Hg/VzQaoV1ibVJyzMFy7zqETzLQsSiGVDKIK /b72c4U3382uHcEmd4BOSeK/GfzH3NZw6P1u6P+2zBoOCZD8BZasBFmOHwSZAnzT3tFU AKdexxzK4oY4q/33ymXe8XmFTDvFlzJ6QH914k/ZZologf/bN6Kof0/qsrGKT1nJ3Cry ByvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694534467; x=1695139267; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=syxnbBGsoOeBXpse3OW+r1GVcvCXzUeqkMjuqo6yekM=; b=Q9HwCGi6hHhYeQ9/KfkpkbvY8IYJIXuApNIZGav6UuBKKOn5OW1AjvcBYORxwygi9P cQNmeIZXwbZDrNo0c0FmAVazZ2iqNtQcp0pDqaoeHGVI1fHuMDnk2CxcbOfJX9N/9Pbi QNcrbuJ1N065i6KY7u4WG8R44Sv+NXTqxaZPwj0uaLfClwOYtqbK//DCO12dez7Rz+f8 zIdMzr7+a709DKxCpsno5ISJ+PNRZmjWLHVBKdgpnecTCEeifLpMkkOpQ9KSUzP5Q5vZ n7BFIvqH/ckfmzlVlfNflBjLd7RAyxWZbOUTsiZPGBPxLbDMwAS/Khw/NldO/RZpTbtU fC5A== X-Gm-Message-State: AOJu0Yz8XST/MrKGjis05m7k8T2D74qVxVvU1n6HIztPPglajfHZesF3 uGxHJ1fvOwx1Kp6WAcr3OGpqUqCKF1ECOIICwxEPEA== X-Google-Smtp-Source: AGHT+IEPb29YqbZ7PWp/Jc6Ra95sT//dYJ4AYylnr28PZ+ojW0cReoL2plSjy1SSmqxxfinmFH6vxVBj5967PgbAJ6s= X-Received: by 2002:a05:6808:b33:b0:3a7:2390:3583 with SMTP id t19-20020a0568080b3300b003a723903583mr131929oij.38.1694534466928; Tue, 12 Sep 2023 09:01:06 -0700 (PDT) MIME-Version: 1.0 References: <000000000000f392a60604a65085@google.com> In-Reply-To: From: Suren Baghdasaryan Date: Tue, 12 Sep 2023 09:00:53 -0700 Message-ID: Subject: Re: [syzbot] [mm?] kernel BUG in vma_replace_policy To: Matthew Wilcox Cc: syzbot , akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 3836D180039 X-Stat-Signature: qpxoef9t97awj1xrgou6intw8mqgypif X-Rspam-User: X-HE-Tag: 1694534467-285201 X-HE-Meta: U2FsdGVkX1+voYv8wn6n0hKUSEpPUvsQkMHZXTsBPKldVttAPGX6mXWkFyA/zc3kl9ehaVxCkAhw1DDYHeGx5whu3J/Vvy4ZKcmmY50vdfYi3g4hM1QgfRe/ZCmLramfHEGLb7njxHRAo+G/0LKlXe1+CvqNmrfuC2tE7iAwvErQgJOCisQbdLlK5uHIqQNH46MG6RS5SOXV7qWQgGU/Iibqpu6NkvXqrVgOYuKcfE1MJ7ud196MD3zl8Hcy5dzY36orMPMOyOzvXX8YveZ8yaJdfh7UHdvUhbaxR2gM2/mZC3PvD30AP6rryXhBbP3wfu9vtMiWRHg+N/bshvYuVYOE2USaZK2Tx1pRYYPzM/06JiVUfRSZvHouiAblCckyJ/kJKd9xlWn5QGU7id4pI/Qf318x/Y8wXdjoL3saJ2LMwbA4wFgmmFBtqs6nzDYIYNHY9RHxn9fc3PSg6HwqvcXa/wB1TaWzc97WKRZ4DEGgdC8sqkhGR0wdOlN/8Hx39PBWQbYJOsgKhNF/Vpt5EL2iVWZUjgTpB4sj6wpHsPoG2sZGRKEFNNWCOw0qk6x8X+9C3HdX3YrJjBgMU7kWJogyWRyCQrm1lr0JVYj10U6+gL885Ta5GzJ5SIzEeVJnwAbE9PtlB5R97vmlqeutYX4o/dgdqRCFXlb0b+Hv7noeX7Gt9FioXC34qvFJV0FM+Vj96yi0AX5q4ynI6BHmO8m/7qA5rYK2P+xQCZmz3EUe6Dwqme0Fn2jWXQ9qEeGL5yOM7+j95VXr0Nu+VKtpFHfeVgYKievGKi/SR32FIP7ax1FIwhHVaRh0V2TDnMk7lVGleJ+WreJO1RHPN1XIJaoYQXGGnN42uapnmLqvMlhiES2GhpIcasNxeUS6NZ5mhu4iiZGnKzThq7vD3H5YPHTNO9TD38uCS9R4vvq1nJwZcZNQEo4CX5l8EJtLrnu7AA5oXa/0hqQnYzxFMY1 XButd9zF Y2r72YGkt3q3w1e+FMWDFVQhBLxGFQcEhhKgrSikv26m0+KQ1m76OBl+BpsmCozpzI5hQvLGZV/eheMXvP1Ya2Qw7itVjbGd17BmBxt2NjjHI3slS92/0vZ/MdVBmDSH/UMZdf2rvr95MWGNSwyGEZLI45/vfG2WUsspSxlj4SYmzI/PzXOpYSTlhofJfm/MjDpb83v6qyj/bCOMb37L8bZb7Ix3Fdp7EgAli4XX4482xMa6RgMAhC77kMHppnCbVe6Od6L1NIqcvHNL1Hgvo/rn8+5ROB2xVvqBZGUvlVMSM/xDarT7xgRUqY11lLK33CX2QlFxKIs+YB/D6+lS2y0cmLzTgDZrU0xXcMxBanYpFQ4VuyIOXpZSKeUxrLvgVX16WJ/z5XGyJWuSkjWaNSaqHXHSG1o2XzPPeKgJZ7OiQNZ+V1XVdIu0uNN8AL1HBKOdqPirJYl3myxCx/p9LCcRjKDjbDuESssQDOOCXiSCfqBXJYlXqfJ6KnwcADcDRnc8QacAEP1qAlWBlTExoYd0xg7haankvIWnQVLnGRd6WsVA327zQp3XjxeKPlPoEwGn5XFc68FYEsODq0WmAe4kSpAaMor9TTdCEV7ou62q2tQ2kEpmijwlCE7aAH57zDa4qRBYTRSxaKyPKZN9TLvIj1oWasmz7Wo+cSyXbMyXUYROusMV3GeeDBJVJbki8KvCDjHxE7pNLwjYAy+RZvFaOm5/fcuy+ob/Xsf48t3eJfYeOQJ3lOGl3uNifm2OTnBgi7FB2Flcvvn7fTTvJN1vUMTmXb9ebrf8Hf/iFNlr6D1kNzk2rBkjppKamJC4f4+ZFa7TrMyHnozK/cTxzFaPZxQMqJRuTdO2UhrnAQp9tqF2Q9kwqfutQy7T0OFgjNtxpBU8+mnDkqmedUvxtmrYmJ9sXBwROZxexwA3YZug9yUA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Sep 12, 2023 at 8:03=E2=80=AFAM Suren Baghdasaryan wrote: > > On Tue, Sep 12, 2023 at 7:55=E2=80=AFAM Matthew Wilcox wrote: > > > > On Tue, Sep 12, 2023 at 06:30:46AM +0100, Matthew Wilcox wrote: > > > On Tue, Sep 05, 2023 at 06:03:49PM -0700, syzbot wrote: > > > > Hello, > > > > > > > > syzbot found the following issue on: > > > > > > > > HEAD commit: a47fc304d2b6 Add linux-next specific files for 2023= 0831 > > > > git tree: linux-next > > > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=3D16502dd= ba80000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3D6ecd2a7= 4f20953b9 > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=3Db591856e0= f0139f83023 > > > > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils= for Debian) 2.40 > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D120e7= d70680000 > > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=3D1523f9c= 0680000 > > > > > > > > Downloadable assets: > > > > disk image: https://storage.googleapis.com/syzbot-assets/b2e8f42175= 27/disk-a47fc304.raw.xz > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/ed6cdcc09339/= vmlinux-a47fc304.xz > > > > kernel image: https://storage.googleapis.com/syzbot-assets/bd9b2475= bf5a/bzImage-a47fc304.xz > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to th= e commit: > > > > Reported-by: syzbot+b591856e0f0139f83023@syzkaller.appspotmail.com > > > > > > #syz test > > > > > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > > > index 42b5567e3773..90ad5fe60824 100644 > > > --- a/mm/mempolicy.c > > > +++ b/mm/mempolicy.c > > > @@ -1342,6 +1342,7 @@ static long do_mbind(unsigned long start, unsig= ned long len, > > > vma_iter_init(&vmi, mm, start); > > > prev =3D vma_prev(&vmi); > > > for_each_vma_range(vmi, vma, end) { > > > + vma_start_write(vma); > > > err =3D mbind_range(&vmi, vma, &prev, start, end, new); > > > if (err) > > > break; > > > > Suren, can you take a look at this? The VMA should be locked by the > > call to queue_pages_range(), but by the time we get to here, the VMA > > isn't locked. I don't see anywhere that we cycle the mmap_lock (which > > would unlock the VMA), but I could have missed something. The two > > VMA walks should walk over the same set of VMAs. Certainly the VMA > > being dumped should have been locked by the pagewalk: Yeah, this looks strange. queue_pages_range() should have locked all the vmas and the tree can't change since we are holding mmap_lock for write. I'll try to reproduce later today and see what's going on. > > Sure, I'll look into this today. Somehow this report slipped by me > unnoticed. Thanks! > > > > > vma ffff888077381a00 start 0000000020c2a000 end 0000000021000000 mm ff= ff8880258a8980 > > prot 25 anon_vma 0000000000000000 vm_ops 0000000000000000 > > pgoff 20c2a file 0000000000000000 private_data 0000000000000000 > > flags: 0x8100077(read|write|exec|mayread|maywrite|mayexec|account|soft= dirty) > > > > syscall(__NR_mbind, /*addr=3D*/0x20400000ul, /*len=3D*/0xc00000ul, /*= mode=3D*/4ul, > > /*nodemask=3D*/0ul, /*maxnode=3D*/0ul, /*flags=3D*/3ul); > > > > 20400000 + c00000 should overlap 20c2a000-21000000