From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA023C77B60 for ; Sun, 30 Apr 2023 13:11:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F4B46B0072; Sun, 30 Apr 2023 09:11:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 37DA96B0074; Sun, 30 Apr 2023 09:11:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1F72E6B0075; Sun, 30 Apr 2023 09:11:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0D8446B0072 for ; Sun, 30 Apr 2023 09:11:24 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id C4157AD6F1 for ; Sun, 30 Apr 2023 13:11:23 +0000 (UTC) X-FDA: 80738093646.21.C0F1909 Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by imf29.hostedemail.com (Postfix) with ESMTP id DAF4D12000D for ; Sun, 30 Apr 2023 13:11:21 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=A+8w6tG+; spf=pass (imf29.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.128.52 as permitted sender) smtp.mailfrom=lstoakes@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682860282; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=T0O3OCgfohBjFWd6dpbocXqqi6G+Kp2YcM7Q1wup3D4=; b=f2Fa52JmXFm1jVCElRp6aXQxMRiwg7vkay6RbMXss5NoOj16zFa1Vxqrn3/aH3BJlo6q0I 7+tSrN1P8DsparUxyY6/xbuo+9BeeaFXcb9dZGyssmsA7hY75K7rc+wRD9uY4lMr0cGZxJ 2BJHkDDk85dJgZq/KcysJ6S/NQ58R2w= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=A+8w6tG+; spf=pass (imf29.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.128.52 as permitted sender) smtp.mailfrom=lstoakes@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682860282; a=rsa-sha256; cv=none; b=NkPHbO6nDahzbDrtjnFfIIEytQXCbP40xc5ebNfENoZX4Y5TN91P1aWC3aA4TKOO5el4aY 07S3YhkxPl+/5mL7rESg/af3EjcyALTFw3W/GfEqyuRmb0km5BftZgf08Gy6VDR9/53tI+ fz+YdvY0LOrNSVwcO87taTlcMQdnulI= Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-3f3331f928cso6389015e9.2 for ; Sun, 30 Apr 2023 06:11:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682860280; x=1685452280; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=T0O3OCgfohBjFWd6dpbocXqqi6G+Kp2YcM7Q1wup3D4=; b=A+8w6tG+z7GZffyGpo6XKiNkk4v4SePtj1l1VKpS2WZJE4OvlbshYBjOvoxLTF8O5s sGnJQ1QFC4ISkTTuFLpU/djCVp8bfEzg9neWNRprNgJgPoB2IwmS4tQvwhLUPgYHDceQ kssVV9kRRqz4wVpXQvrrN8821eX0WslxLxDOSUO2jt046abogSTfyC6l2CnSiBjy8VpM dF/UFaCw757JvGaSfOVU6e7f6RcQViepl0b/7NVHTfi1Fv/v/TDmk3czbX07ZTpzQ3yE aDWrJmzaRF6k41KOTmWk1Up1/1lssWPzIycRsbHYqSVy+CMNBqUHWGqCS2IiXI21v5g5 VNMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682860280; x=1685452280; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=T0O3OCgfohBjFWd6dpbocXqqi6G+Kp2YcM7Q1wup3D4=; b=kBQvAY6x+d4tdmlYvkq+eLHi3Jmc5fIXphlU5Sg054ZZx6q8+MMCzQ6pFxoXzqCtKY WiwJxRiOaCJQHvlWQuLSi7PYjRmsVSNYSVzzeUrNk67fRIiur+zcWZZojn6ySxvDnqa5 zXALyRWKcBPmrgZ+6ePl5JI1mcXFppUXWm7ERntXgDOhmzJkfosBd57+MpJJRqcy8sHF O1SrzDJItfam9gDLryNTcy+qGz69qkipxyHtH4vrQJAGst5Zrz8OV8Ll/WyieVMCnY6G IzQy3dzUBlqjE7o1ubYhsBH4pEUR8O77/siiN9WsEEpeWVEXzaNlcIgVll+qq5R4kx9G VxJw== X-Gm-Message-State: AC+VfDyHHsO5NFxRd0P5AGGWpi21iPZ0rxP+hhKnVPr6/FzgV2B1OLfE BA6Cz9gvdg5eT//J6DCxihc= X-Google-Smtp-Source: ACHHUZ41QC2vemO2hdIKE7rbIhVilo/wYc9Qf7dzV6XlJjhobBRK/V2UX9BSeiLHo2u7TjmvV94O1w== X-Received: by 2002:a7b:cc16:0:b0:3ed:f5b5:37fc with SMTP id f22-20020a7bcc16000000b003edf5b537fcmr8219782wmh.1.1682860280377; Sun, 30 Apr 2023 06:11:20 -0700 (PDT) Received: from localhost ([2a00:23c5:dc8c:8701:1663:9a35:5a7b:1d76]) by smtp.gmail.com with ESMTPSA id v11-20020a1cf70b000000b003f25b40fc24sm15277729wmh.6.2023.04.30.06.11.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Apr 2023 06:11:19 -0700 (PDT) Date: Sun, 30 Apr 2023 14:11:19 +0100 From: Lorenzo Stoakes To: kernel test robot Cc: "Liam R. Howlett" , oe-lkp@lists.linux.dev, lkp@intel.com, Greg Kroah-Hartman , Andrew Morton , linux-mm@kvack.org Subject: Re: [linux-stable-rc:linux-6.2.y] [mm/mempolicy] 75cd8305a0: WARNING:at_mm/mmap.c:#vma_merge Message-ID: References: <202304292203.44ddeff6-oliver.sang@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202304292203.44ddeff6-oliver.sang@intel.com> X-Stat-Signature: 74a5ibcamcecz8ynoq4p8wqckq84shkq X-Rspam-User: X-Rspamd-Queue-Id: DAF4D12000D X-Rspamd-Server: rspam06 X-HE-Tag: 1682860281-824885 X-HE-Meta: U2FsdGVkX1/LYq3hNNVv4e6P4Ey+0hjMgeDTuJdHcCkumnkrfA4LcqrwVKAQczePuIEqLXvmuf7fLBhTKDtfZkz7B1TsR5O8Dgk43TEvpDO65fWYyq4Qa/+Qs77Jh38Yz1gA68qfZmlLscz/EUAcI4AJJj1Ye8yLyGgjXFV2XHwWdrVFDGQb8AQ6K5WDUbmuK2sFdBXSOA8FYQERDjO91LzeeiGsQyMsXh+DI6/l5mLcJJsr8TZp1cx7YjeU/wgBuexxJc/3mcwZl6nyzfafr66a0NEPMRwEoFARvtrOkuvWsJhQrc2M+LaDFx+dBnJDzA1KwLF8aGKFndVIsP6mif2ZLHyM2X2FGt6SweCMpLKmvxUE+iBiEVCtt8aAysYR6b5iP5Y5eP6Oye6b89FKiG5RtFDlHn3N6EIzUfuRzYlv022hfZm8jvH468LomRC77r/eo868aliUUaK0IFASrsUsCSzv2k8mWU8iCfF747r1qF0+ztYFBKzwpZbE4a8CZFiHkdRquPRVKH1JeGbdyh6Kehf0Tm04uzBOD/W/ZfDLtLxkBfmLJsvIGcn9RoNfLj4THiMSROwUQzSZstNYduK21jmRVNpOJ1knO2S5alCCNa7LQqnbj/f5pS+cgkbsoWkB9320R7HOLHsfskFcKT5dRdbMelVMuaH8HNlqo2fT/RY+zzv8FTtuypezsVd1L49CB9IVyMWuukQ6lGdRnZEsCUNIg01JBJh/auNoF72JE95N/ighbcqukZy15lbG+qY9tzd/vaaATxo4kHrT8whnQMJkFqX5aWJQGR7cwwQc0AeUl/M10e2/yK4NxGqzoyOpgpPKkeNIc4tN4X8Y4N26xGh1zldScIisCBSucQXnkt3g/hb0PRvafkj7Y7Nq/sefEBf/Ia8xhZTNbFyyf86f+/NAiRpX6jGTlnnYFc67PntXjitWwdg/mRODn5KVv3cwBcJup44DV7gKuzE TgAd/cpD BepdO/hlosVLiNMO+kMRy2rWnoGbUg7wP0bHWKcUMLhdAhnKZj9VWWuH/MUrKZqYn6+FxDPd8upuTjChk2PQAOjkv6lrR3fNfBUN1hj5J9nCrbvGuCThmcq2LLMWr1S3JhQQJNu2zrTxGdQAsO8Sih+SiTXkbkpUBjAX4D1fC585mvThShUoGoW5FZeVWgJbRw4J2vBcb8lWIQWeODJH603PMXKR4wfj2ow8GZgAOr3AxVYQtuHAjU81yI+d9yOWg5a2EaIrg5hUa3BvxTgPmHHMUS8gaBr80Ax4CMbTBNd+Gb2Y/wBVP83JldU032c02i6xT3UdY+2XblOrbDYZG07tTmV6vik+wBs2ZhAeGaBNNcqzYzuX8JaRkXe5IP2Mk0nwwR3k/cQtlTv87DaS3xckzO+6Qx4IK7hpOPu+EK5XDt+VWtgsSNjOyjP1MBRvoeAppgn4CgYDgZdlRCM7ej3pvRgXu1XiP3fUCec2Q2cx0FpErqLBTSMlvy0rszHp4le5lbxhy9ityRQ0GFfiC2LydTsISaW3ETBGDJQs01vf4GqtGaRPv/S/1ilc8qJcqMVEH X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sun, Apr 30, 2023 at 10:57:44AM +0800, kernel test robot wrote: > > > Hello, > > kernel test robot noticed "WARNING:at_mm/mmap.c:#vma_merge" on: > > commit: 75cd8305a0bd360c3fedaefce1801c13b58e2311 ("mm/mempolicy: fix use-after-free of VMA iterator") > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git linux-6.2.y > > in testcase: trinity > version: trinity-static-x86_64-x86_64-f93256fb_2019-08-28 > with following parameters: > > runtime: 300s > group: group-03 > > test-description: Trinity is a linux system call fuzz tester. > test-url: http://codemonkey.org.uk/projects/trinity/ > > > compiler: gcc-11 > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G > > (please refer to attached dmesg/kmsg for entire log/backtrace) > > > > If you fix the issue, kindly add following tag > | Reported-by: kernel test robot > | Link: https://lore.kernel.org/oe-lkp/202304292203.44ddeff6-oliver.sang@intel.com [snip] (resending email without the egregious quoting of the entire .config , apologies for that! :) I have diagnosed this and submitted a patch which fixes it to mainline [1], which should apply cleanly on backport. Here is a reliable repro, should be built with -lnuma (forgive the messy code, it can probably be pared down further from this):- #include #include #include #include #include int main() { const long page_size = sysconf(_SC_PAGESIZE); char *ptr = mmap(NULL, 5 * page_size,PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_POPULATE, -1, 0); if (ptr == MAP_FAILED) { perror("mmap"); return EXIT_FAILURE; } // Split into 5. if (mlock(ptr + page_size, page_size)) { perror("mlock 1"); return EXIT_FAILURE; } unsigned long nodemask = 1; if (mbind(ptr, page_size * 2, MPOL_LOCAL, &nodemask, 1, 0)) { perror("mbind 1"); return EXIT_FAILURE; } nodemask = 0; // Initialise ranges to be the same for first two pages. if (mbind(ptr, page_size * 2, MPOL_PREFERRED, &nodemask, 1, 0)) { perror("mbind 2"); return EXIT_FAILURE; } // Now, try changing for full range. if (mbind(ptr, page_size * 4, MPOL_PREFERRED, &nodemask, 1, 0)) { perror("mbind 3"); return EXIT_FAILURE; } return EXIT_SUCCESS; } [1]:https://lore.kernel.org/all/db42467a692d78c654ec5c1953329401bd8a9c34.1682859234.git.lstoakes@gmail.com/