From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752014AbcGAQCx (ORCPT ); Fri, 1 Jul 2016 12:02:53 -0400 Received: from mail-he1eur01on0126.outbound.protection.outlook.com ([104.47.0.126]:23264 "EHLO EUR01-HE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751793AbcGAQCv (ORCPT ); Fri, 1 Jul 2016 12:02:51 -0400 X-Greylist: delayed 4280 seconds by postgrey-1.27 at vger.kernel.org; Fri, 01 Jul 2016 12:02:51 EDT Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Subject: Re: mm: BUG in page_move_anon_rmap To: Dmitry Vyukov , "linux-mm@kvack.org" , Andrew Morton , "Kirill A. Shutemov" , Vlastimil Babka , Hugh Dickins , LKML , Konstantin Khlebnikov , Greg Thelen , Suleiman Souhlal References: CC: syzkaller , Kostya Serebryany , Alexander Potapenko , Sasha Levin From: Andrey Ryabinin Message-ID: <5776945F.5080303@virtuozzo.com> Date: Fri, 1 Jul 2016 19:03:43 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: AM5PR0501CA0015.eurprd05.prod.outlook.com (10.164.187.25) To DB6PR0801MB1303.eurprd08.prod.outlook.com (10.168.11.21) X-MS-Office365-Filtering-Correlation-Id: 028990be-3dd9-4f90-c3ab-08d3a1c9237a X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;2:HFrjL+SCsdVmvuR4LJPtGDGrlLtW/TnunSfoLSYKbBTxJ6wR74uHSeUUC3wE31yAX6apK3RH1tQA/u+KVjrr284Ga2HoNTOBDnxRHVpTjlGIlZJJK4tyJZrWlf6hQ4aaycURUsaeL3+N4kXeRfzgWJP9dWDRYAIQCAQHEW1e/ynQKYWgv7vIlvUrOY1KGsmF;3:InndjiaJH8STSZwBgf2o5AWsW3xO1DV1utHYzOHGAfRxjoHTQtJq75nPB3n2llPSAWcvxToiUa9uBivQtliKdS/RtlD05KeRdrrQC1NCXV3dWlmsoLlflR1K0n8v4LFp X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1303; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;25:kCLMs6XX+KMvug/ktu9hUhCJcJEf93AvhT1ycu0HzRvMppFi67SDDGq3OSZr/QlwNqZqvKqNhMaefc9hUR1AodgHjLssoZ5B4FVHEYY8p1mjekxOWSqA3bV7IC2pxFvD9M5hkHCDkzmuqzSADpGikSWqUWE9kCpjULU45Ibry9nNdy4uMb//uxSgBvt7hiL2PMXLMwayxJoQn4ZMQpaRedeDuN4ewo3naJ8yOpyV3M+U4FV9HMvP/rPu3aJs9BMCdcg9/2rZIlylV/vakUFDu3lsyMpJLHikkix0Wiioe5LODkOMqhsZ39WfikgI+/68lQoi9wuKjyJxoCXWY3DVJWKlU4LZz5FI6GxtXYIJaFUWTM2c11OBdjKVtakX4pE8SCZeIqe3ToSQa/wne8QYNwB2BBxu/pILY7bs8Oqes2etl/tjUPZ9g42B4ZbiNS62r2vOgNcAzSkjTEMGUJ1FMBP3SRpb6GOuV+D0EXdDse9fqrTwLMgvf4/Eqp6pL16f7y+6JEtS8czjUoa+a9qcq82C1ev3bFQi1vPfbcs7XdzfLrPIvQ9RrxX9hjpljnWmyyJH1eLt6RovMpaozTIZLG43S//adQXbHuBSl5D+A5BBAC4aOqiV52KrjRYwVdNy3LWaRX+s5jLdEU7ua1B+PbMPjgZjq9eRxOvZEC8e1T09qq8tzFG6HT6ED0b8CfAaXU5DLPbkMlFqNUhv8IOe9Q==;31:ib0jp7LaHW2GzIXUWpyPkp5zOukEHXA3IpJZorFOpidEkyhETcvxvU5xFx9tBaJJWkkVpAsEf/+kZjWT0dPbRWRTD1RN1aeXJX+IuYvMS34YBNkMkZ6bZNF2iMTcgkkG5i+BBNZ8m8s6jD7pHdyoBPYbZajM65D5/KJwxdZzjE6ydmrYT12fUVuAh0ne/Pq/YTR1DqJ2jR1PAqyITcXFPg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040130)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041072)(6043046);SRVR:DB6PR0801MB1303;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB1303; X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;4:M/DcNRNKOspXmz+3gz6vCDRBQquzdoLWM5bFsXRoZv8pJen7T2IrVmAjYBLj+UTXnDL5BSytbHCdxS+cQ8epgDHnxDuPTScJwEm/Hy+NgetIybGzguoVCpMS2+cHjj+unU0m6VRt0EB2+Qxc1xuBsOkuHc4XVJoIZ3YNrvkBBSurM7bUMxU5ETDtrZiphChdmr+XGMTVfEiH9Ubi0z+T01B39joL3KAJXBuLmMkOMCNYrePYklevrALRxCb2RO5UYKtK7f7WVGbrky5D/f/mHYr3UWbDRjOA/ob4fkKe2vLa6d5H7DJl4xEIgWsIIdHKp+s5HcoL+GnaSbR3JlXRHurn6gg/XShcxSX7YWONpJs1mBe0hxoUV28n0Buft9+KLwdURWILisizqZI9PNHdp2zq0a6a0OdpYklMa5JaWo0= X-Forefront-PRVS: 0990C54589 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(7916002)(24454002)(377454003)(199003)(189002)(586003)(189998001)(23676002)(77096005)(68736007)(105586002)(4326007)(230700001)(2906002)(6116002)(7736002)(19580395003)(80316001)(3846002)(36756003)(8676002)(42186005)(575784001)(99136001)(86362001)(81156014)(81166006)(101416001)(4001350100001)(65816999)(59896002)(87266999)(50466002)(305945005)(106356001)(2950100001)(5001770100001)(76176999)(50986999)(64126003)(92566002)(97736004)(54356999)(33656002)(65956001)(65806001)(2501003)(66066001)(47776003)(7846002)(83506001)(921003)(1121003);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0801MB1303;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA4MDFNQjEzMDM7MjM6dDBSVjYrT3h1bkd2LzZDWVBNa2pPUTdG?= =?utf-8?B?OXpZdVpIWk8vcTQzTEU1ZDR6aHZNWExJaWIxR1hZYmhGd1V0TlRYSWtwWHpN?= =?utf-8?B?NFAxUTJYOGhvK2wrVkZSSTNpMTJLOWt3MHBmN0pSWTZQRjRnZWR1THlQVTZl?= =?utf-8?B?UElyNWxPb1NRdnk2VnZYOXJiZG4vN3R0WjM0QnJxZG9xQklreElkK3RSRWtr?= =?utf-8?B?YlY5NmI3Y0NHVGhSRDZPb0ozenF2N0lHVjkzdHBEY284cHNrTjl6T3VaUVVP?= =?utf-8?B?SjR3ek9mRis5ZTdSS2FXUHNwenQ3RG1jU0ZxMTd1NnF2OTh1Z09wUGt4UUZL?= =?utf-8?B?NFRqc0lIV0dGQ1VXR0l4RXIzVDJPQ0psOXZRa1B3M2Y5UGRoeFZETFFCWVlY?= =?utf-8?B?RjlDRXFtSmNlSGpBb0c1YzNDTEJEeDZLdk1XdEU1Snh2bi9BMDlRTXcyR0sx?= =?utf-8?B?bWIwUFl3dVRtdzVWdGxlajNBMjRTTStiSzRrdVlkY2hvVGNyRFNNblVFcUhH?= =?utf-8?B?am1qNWpocHU2bVNsa01QaXQ1QVRpeVdTRm94NFMvUnZZcUlFTkNDZ1FDWUZw?= =?utf-8?B?Nk5CRFY4SktlTFN1dnhDc1gvK1BhYjE1ZVBGbnRraTdKOUlRYXpCQ0pyTnFF?= =?utf-8?B?K241ODVmZnhmTWY4TTM5aFg0UWF3SVhGaStwQVIzaFMvZUlJbkRjVjRxcUlF?= =?utf-8?B?OG5kWGY2Q2RqbFhEdTFQQ1lQK1ltVEx3cnlsaXN5N1NtZmhkb3FJTDRUS3RH?= =?utf-8?B?Z2tIWkVoblhONmpFMmRTTWVsRm5JOVMxaVFhdlM3Y2MrcEh0SlVjaVlQbW9K?= =?utf-8?B?MHpQdGxQZnUzdjNBQ3BHaCtzVG9yVGkveUNTUS92eDdPVVgwZ1dwcDdGNU9m?= =?utf-8?B?S3BBWVRFVUd5UzZlZVVkNWhNbnlkRWpBVkNlYk55OFlraVBYaHFUNFdVeDg5?= =?utf-8?B?c0ZnMnRKMFBhcmN6ZytrS2lqU3dKUjV5a1JJdVYyNzJlWklTcUtHa1Q3Tm51?= =?utf-8?B?aFdoUXh3RmJmZ1ZBTkVXeU5XcnV3SkNTNWFVd2RVa3FUQlpLQlZiSXhDVDdk?= =?utf-8?B?Q3ZWMXFzQWZkeUNiVkJuZTdnMzJ3WDc0NVdNTUp2czJ5MDIyZjNuSU5jb3RX?= =?utf-8?B?aVo3eVFxd2RnUDVNWGNaZU1nWlpFaWFkT05MUlpZYnRQWEJVUmx5MXA2K1B0?= =?utf-8?B?dXU0OXVGZW5meTJOdnNMZzcwb2tsYVdEd2RXYUJmS0phcXVqMUhsUU5vZ1U5?= =?utf-8?B?R1FZMSs0QkU1WGg0QmZBeTBxL3E5S1lqMW5OU2hJYmt1NmNTN2l2K0V0N1Zx?= =?utf-8?B?MmNBNTB5bS8xU3h2RDdDRTNDWlNsRk9uR2tBZk1CQThWSm9VU205akpIeEZi?= =?utf-8?B?Z2tIQStLZSsrTTI2aW5BdkN0UTJkSU5zM2pXSmtxSmhrKzhOVW41ZnkzcW9p?= =?utf-8?B?MDlKS3A0NGdNTStMY20zd21qYnBBa1lMbU1RSkZpQXhCZzlOMzNnMkZ4c0Zv?= =?utf-8?B?KzJpT3dXeVZOYWRiaHBwNHNpd3ZoZmFMYkNEeUdFZFFUSjV2UXQrbHo0eGJ1?= =?utf-8?B?aVhyVWdYRUtMUTdDU0l3Qk9Dc2I1ODJQblhTNUE3NVFqckVEUkdnV1hzMzlI?= =?utf-8?B?TjJiYThMaGZxRFQxNHpZcU1zUExVMDNrZ0hvNk5pK2xTeXY3NFd4VHFlMjNT?= =?utf-8?B?RVBORWFYY2lYSS9BUHNpRzk0VndFTmc3Zmxsck1JWUNFT3FwbW41Z25QaExk?= =?utf-8?B?cVBjeVEwZ1MxVm94czR5Q3RpclVETzZ5b2ZDL1FEK0Z3V2NZNzBzTkRtUmYy?= =?utf-8?B?aHdPOEdpTGlSdUdJM2RWZmpvc0U4VEs2R3pkRGlmbHBDSFNodGhLU0dIejdh?= =?utf-8?Q?0414iU3a0vM0k=3D?= X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;6:+FaxK6e90s0awRHUvfloZQlWBGzDkR999d+ARSO4ofSaJ5dmqiR6XfHRpFb1DzMRf0N/0JVkZ73Dja73s7SjnJJv9ZkkMRVUay4o4w0EeRAEInzbDyhDCLDIPoBRD3GFGXoasMvP+vnyEQadRaKIjTEvGZAoHm4X9jqLE/8W2zNLiDhoB+bmqmk/JCXTHz9V8wB8J+99hZMppEY6a2bUXaN48XNtRb994QBgYlGsLxnwc6fduWEhuC2fsqcSd041DOUD7urXy8KQNYij4kX94lUZmRP2//uLAJDl44Z/WZpQ08l0cW+AFljORvVy84RN;5:lVHWuKMhzamiCxpA+orkZZOcgxhiRLCM0XYjoCzFggYxrVCOKH8DDY/G0Dg5bY2HdW4bvdngBieIktn6/niaJjR2QOs2pJk2hqfrk/dqkkycJbI/j0aRZv2SNNpjT//I6rBmQgtwHGojx9nDi9CFiQ==;24:BGuLfDyQoiKViKT+lZdvJtP/dpUADuBcnsyRO5Q5ibsEK2KRVAWkTLiJHGpIT/W3cUk01teBkaSKflrVGBiFWBr/8zzmE9ku97xaNnCzzvY=;7:fVDWOjblvLRuA+CSaIb/gqFccrfnDTwJIaCCYJiHATMpNCsVS3wYx2f1O44wy6yTnecu4phMohMBr3t8SFhKGjdKZ2YS+6XLVCA2j2VH7IRsIb7S5zW4VPHZJLN4znj4qrmWj4y9IOoALhmy8L43/wFLbDbrxamF6uCYTi7zcVyJGTGxD1W+JQHt6ixYJUggKlVVG6DbtNJC3eGZQ/Se1T2e7cc/Rk27jB8wozXk4883oNM1WNHWNZvIPYUS4XUw SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB1303;20:wXAjIDzRd4mXJD7pE+Tev+rNMnqslZ8974XObAnn1ccKaa/p8KseDdb/XJ3IgTbeqYDmoalsoHbLtbHC3LZDzBzkUNY0yLkgJ4IRbn4XYK3n9hznyLNY5WND9/qIMzdDl7IVqTCHsjNQ6zZD8puHSuNu86/+R0gkqS1zqeeSQp8= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2016 16:02:43.4039 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1303 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/01/2016 06:31 PM, Dmitry Vyukov wrote: > Hello, > > I am getting the following crashes while running syzkaller fuzzer on > 00bf377d19ad3d80cbc7a036521279a86e397bfb (Jun 29). So far I did not > manage to reproduce it outside of fuzzer, but fuzzer hits it once per > hour or so. > > flags: 0xfffe0000044079(locked|uptodate|dirty|lru|active|head|swapbacked) This report is incomplete. It lacks one line ahead with page address, mapcount, index, etc. > page dumped because: VM_BUG_ON_PAGE(page->index != > linear_page_index(vma, address)) > page->mem_cgroup:ffff88003e829be0 > ------------[ cut here ]------------ > kernel BUG at mm/rmap.c:1103! > invalid opcode: 0000 [#2] SMP DEBUG_PAGEALLOC KASAN > Modules linked in: > CPU: 0 PID: 7043 Comm: syz-fuzzer Tainted: G D 4.7.0-rc5+ #22 So the kernel is already tainted. Can you show us the first oops message? > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > task: ffff8800342f46c0 ti: ffff880034008000 task.ti: ffff880034008000 > RIP: 0010:[] [] > page_move_anon_rmap+0x278/0x310 mm/rmap.c:1103 > RSP: 0000:ffff88003400fad0 EFLAGS: 00010286 > RAX: ffff8800342f46c0 RBX: ffffea0000928000 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffff88003ec16de8 RDI: ffffed0006801f41 > RBP: ffff88003400fb00 R08: 0000000000000001 R09: 0000000000000000 > R10: 0000000000000000 R11: ffffed000fffea01 R12: ffff88006776b8e8 > R13: 001000000c829e00 R14: ffff88006247c3e8 R15: 000000000c829e00 > FS: 00007f7627bc5700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000c829fd8000 CR3: 0000000034b23000 CR4: 00000000000006f0 > Stack: > ffffea0000928000 ffffea000092f600 ffff88006776b8e8 ffffea0000928000 > ffffea0000928001 000000c829fd8000 ffff88003400fc38 ffffffff8173a25f > 0000000000000086 ffff88003400fbd0 ffffea0000928001 ffff880036cd3ec0 > Call Trace: > [] do_wp_page+0x7df/0x1c90 mm/memory.c:2402 > [] handle_pte_fault+0x1e85/0x4960 mm/memory.c:3381 > [< inline >] __handle_mm_fault mm/memory.c:3489 > [] handle_mm_fault+0xeab/0x11a0 mm/memory.c:3518 > [] __do_page_fault+0x457/0xbb0 arch/x86/mm/fault.c:1356 > [] trace_do_page_fault+0xdf/0x5b0 arch/x86/mm/fault.c:1449 > [] do_async_page_fault+0x14/0xd0 arch/x86/kernel/kvm.c:265 > [] async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:923 > Code: 0b e8 dd d5 e2 ff 48 c7 c6 40 f7 d0 86 48 89 df e8 2e 4a fc ff > 0f 0b e8 c7 d5 e2 ff 48 c7 c6 c0 f7 d0 86 48 89 df e8 18 4a fc ff <0f> > 0b e8 b1 d5 e2 ff 4c 89 ee 4c 89 e7 e8 96 80 02 00 49 89 c5 > RIP [] page_move_anon_rmap+0x278/0x310 mm/rmap.c:1103 > RSP > ---[ end trace b6c02a1136e2a9ec ]--- > BUG: sleeping function called from invalid context at include/linux/sched.h:2955 > in_atomic(): 1, irqs_disabled(): 0, pid: 7043, name: syz-fuzzer > lockdep is turned off. > CPU: 0 PID: 7043 Comm: syz-fuzzer Tainted: G D 4.7.0-rc5+ #22 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > ffffffff880b58e0 ffff88003400f5c0 ffffffff82cc924f ffffffff342f46c0 > fffffbfff1016b1c ffff8800342f46c0 0000000000001b83 0000000000000000 > 0000000000000000 dffffc0000000000 ffff88003400f5e8 ffffffff813efbfb > Call Trace: > [< inline >] __dump_stack lib/dump_stack.c:15 > [] dump_stack+0x12e/0x18f lib/dump_stack.c:51 > [] ___might_sleep+0x27b/0x3a0 kernel/sched/core.c:7573 > [] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7535 > [< inline >] threadgroup_change_begin include/linux/sched.h:2955 > [] exit_signals+0x7f/0x430 kernel/signal.c:2392 > [] do_exit+0x234/0x2c80 kernel/exit.c:701 > [] oops_end+0xa1/0xd0 arch/x86/kernel/dumpstack.c:250 > [] die+0x46/0x60 arch/x86/kernel/dumpstack.c:308 > [< inline >] do_trap_no_signal arch/x86/kernel/traps.c:192 > [] do_trap+0x192/0x380 arch/x86/kernel/traps.c:238 > [] do_error_trap+0x11e/0x280 arch/x86/kernel/traps.c:275 > [] do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:288 > [] invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:761 > [] do_wp_page+0x7df/0x1c90 mm/memory.c:2402 > [] handle_pte_fault+0x1e85/0x4960 mm/memory.c:3381 > [< inline >] __handle_mm_fault mm/memory.c:3489 > [] handle_mm_fault+0xeab/0x11a0 mm/memory.c:3518 > [] __do_page_fault+0x457/0xbb0 arch/x86/mm/fault.c:1356 > [] trace_do_page_fault+0xdf/0x5b0 arch/x86/mm/fault.c:1449 > [] do_async_page_fault+0x14/0xd0 arch/x86/kernel/kvm.c:265 > [] async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:923 > note: syz-fuzzer[7043] exited with preempt_count 1 >