mm: BUG in __munlock_pagevec

mm: BUG in __munlock_pagevec

[Sasha Levin]

Hi all,

I've hit the following while fuzzing with trinity on the latest -next kernel:


[  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
[  850.306773] flags: 0x2fffff80000000()
[  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
[  850.308027] page_owner info is not active (free page?)
[  850.308925] ------------[ cut here ]------------
[  850.309614] kernel BUG at include/linux/page-flags.h:326!
[  850.310333] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  850.311176] Modules linked in:
[  850.311650] CPU: 5 PID: 7051 Comm: trinity-c129 Not tainted 4.4.0-rc2-next-20151127-sasha-00012-gf0498ca-dirty #2661
[  850.313115] task: ffff8806eaf08000 ti: ffff8806b1170000 task.ti: ffff8806b1170000
[  850.314085] RIP: __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)
[  850.315341] RSP: 0018:ffff8806b11778d0  EFLAGS: 00010046
[  850.316086] RAX: ffff8806eaf08000 RBX: ffff8806b1177b58 RCX: 0000000000000000
[  850.316938] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffffed00d622eef6
[  850.317777] RBP: ffff8806b1177a20 R08: fffffbfff439eaf3 R09: ffffffffa1cf5798
[  850.318453] R10: ffff8806f2aef9c0 R11: 1ffffffff439eaed R12: ffffea001a5a0f00
[  850.319131] R13: dffffc0000000000 R14: ffffea001a5a0f20 R15: ffff8806b11779f8
[  850.319807] FS:  0000000000000000(0000) GS:ffff8806fd340000(0000) knlGS:0000000000000000
[  850.320595] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  850.321155] CR2: 00000000006e0000 CR3: 00000006e2fd2000 CR4: 00000000000406e0
[  850.321839] Stack:
[  850.322045]  1ffff100d622ef23 ffff88082ffd8000 ffff8806b1177b48 0000000300000000
[  850.322811]  0000000000000003 ffff88082ffd6000 ffff8806b1177938 ffff8806b1177b58
[  850.323570]  ffffea001aadf700 0000000041b58ab3 ffffffff9e8778fa ffffffff93597a40
[  850.324396] Call Trace:
[  850.330731] munlock_vma_pages_range (mm/mlock.c:485)
[  850.335325] exit_mmap (mm/mmap.c:2844)
[  850.338123] mmput (include/linux/compiler.h:218 kernel/fork.c:750 kernel/fork.c:717)
[  850.338591] do_exit (./arch/x86/include/asm/bitops.h:311 include/linux/thread_info.h:92 kernel/exit.c:438 kernel/exit.c:735)
[  850.341432] do_group_exit (kernel/exit.c:862)
[  850.341950] SyS_exit_group (kernel/exit.c:889)
[  850.342582] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
[ 850.343177] Code: 34 07 00 48 8b 85 f0 fe ff ff 49 8b 54 24 20 48 89 c3 83 e2 01 74 50 e8 ea 38 07 00 48 c7 c6 20 a3 4e 9c 4c 89 e7 e8 9b 6b fe ff <0f> 0b e8 d4 38 07 00 48 8b 85 d0 fe ff ff 48 8b 9d c0 fe ff ff
All code
========
   0:   34 07                   xor    $0x7,%al
   2:   00 48 8b                add    %cl,-0x75(%rax)
   5:   85 f0                   test   %esi,%eax
   7:   fe                      (bad)
   8:   ff                      (bad)
   9:   ff 49 8b                decl   -0x75(%rcx)
   c:   54                      push   %rsp
   d:   24 20                   and    $0x20,%al
   f:   48 89 c3                mov    %rax,%rbx
  12:   83 e2 01                and    $0x1,%edx
  15:   74 50                   je     0x67
  17:   e8 ea 38 07 00          callq  0x73906
  1c:   48 c7 c6 20 a3 4e 9c    mov    $0xffffffff9c4ea320,%rsi
  23:   4c 89 e7                mov    %r12,%rdi
  26:   e8 9b 6b fe ff          callq  0xfffffffffffe6bc6
  2b:*  0f 0b                   ud2             <-- trapping instruction
  2d:   e8 d4 38 07 00          callq  0x73906
  32:   48 8b 85 d0 fe ff ff    mov    -0x130(%rbp),%rax
  39:   48 8b 9d c0 fe ff ff    mov    -0x140(%rbp),%rbx
        ...

Code starting with the faulting instruction
===========================================
   0:   0f 0b                   ud2
   2:   e8 d4 38 07 00          callq  0x738db
   7:   48 8b 85 d0 fe ff ff    mov    -0x130(%rbp),%rax
   e:   48 8b 9d c0 fe ff ff    mov    -0x140(%rbp),%rbx
        ...
[  850.345913] RIP __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)
[  850.346536]  RSP <ffff8806b11778d0>


Thanks,
Sasha

mm: BUG in __munlock_pagevec

[Sasha Levin]

Hi all,

I've hit the following while fuzzing with trinity on the latest -next kernel:


[  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
[  850.306773] flags: 0x2fffff80000000()
[  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
[  850.308027] page_owner info is not active (free page?)
[  850.308925] ------------[ cut here ]------------
[  850.309614] kernel BUG at include/linux/page-flags.h:326!
[  850.310333] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  850.311176] Modules linked in:
[  850.311650] CPU: 5 PID: 7051 Comm: trinity-c129 Not tainted 4.4.0-rc2-next-20151127-sasha-00012-gf0498ca-dirty #2661
[  850.313115] task: ffff8806eaf08000 ti: ffff8806b1170000 task.ti: ffff8806b1170000
[  850.314085] RIP: __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)
[  850.315341] RSP: 0018:ffff8806b11778d0  EFLAGS: 00010046
[  850.316086] RAX: ffff8806eaf08000 RBX: ffff8806b1177b58 RCX: 0000000000000000
[  850.316938] RDX: 0000000000000000 RSI: 0000000000000046 RDI: ffffed00d622eef6
[  850.317777] RBP: ffff8806b1177a20 R08: fffffbfff439eaf3 R09: ffffffffa1cf5798
[  850.318453] R10: ffff8806f2aef9c0 R11: 1ffffffff439eaed R12: ffffea001a5a0f00
[  850.319131] R13: dffffc0000000000 R14: ffffea001a5a0f20 R15: ffff8806b11779f8
[  850.319807] FS:  0000000000000000(0000) GS:ffff8806fd340000(0000) knlGS:0000000000000000
[  850.320595] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  850.321155] CR2: 00000000006e0000 CR3: 00000006e2fd2000 CR4: 00000000000406e0
[  850.321839] Stack:
[  850.322045]  1ffff100d622ef23 ffff88082ffd8000 ffff8806b1177b48 0000000300000000
[  850.322811]  0000000000000003 ffff88082ffd6000 ffff8806b1177938 ffff8806b1177b58
[  850.323570]  ffffea001aadf700 0000000041b58ab3 ffffffff9e8778fa ffffffff93597a40
[  850.324396] Call Trace:
[  850.330731] munlock_vma_pages_range (mm/mlock.c:485)
[  850.335325] exit_mmap (mm/mmap.c:2844)
[  850.338123] mmput (include/linux/compiler.h:218 kernel/fork.c:750 kernel/fork.c:717)
[  850.338591] do_exit (./arch/x86/include/asm/bitops.h:311 include/linux/thread_info.h:92 kernel/exit.c:438 kernel/exit.c:735)
[  850.341432] do_group_exit (kernel/exit.c:862)
[  850.341950] SyS_exit_group (kernel/exit.c:889)
[  850.342582] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:188)
[ 850.343177] Code: 34 07 00 48 8b 85 f0 fe ff ff 49 8b 54 24 20 48 89 c3 83 e2 01 74 50 e8 ea 38 07 00 48 c7 c6 20 a3 4e 9c 4c 89 e7 e8 9b 6b fe ff <0f> 0b e8 d4 38 07 00 48 8b 85 d0 fe ff ff 48 8b 9d c0 fe ff ff
All code
========
   0:   34 07                   xor    $0x7,%al
   2:   00 48 8b                add    %cl,-0x75(%rax)
   5:   85 f0                   test   %esi,%eax
   7:   fe                      (bad)
   8:   ff                      (bad)
   9:   ff 49 8b                decl   -0x75(%rcx)
   c:   54                      push   %rsp
   d:   24 20                   and    $0x20,%al
   f:   48 89 c3                mov    %rax,%rbx
  12:   83 e2 01                and    $0x1,%edx
  15:   74 50                   je     0x67
  17:   e8 ea 38 07 00          callq  0x73906
  1c:   48 c7 c6 20 a3 4e 9c    mov    $0xffffffff9c4ea320,%rsi
  23:   4c 89 e7                mov    %r12,%rdi
  26:   e8 9b 6b fe ff          callq  0xfffffffffffe6bc6
  2b:*  0f 0b                   ud2             <-- trapping instruction
  2d:   e8 d4 38 07 00          callq  0x73906
  32:   48 8b 85 d0 fe ff ff    mov    -0x130(%rbp),%rax
  39:   48 8b 9d c0 fe ff ff    mov    -0x140(%rbp),%rbx
        ...

Code starting with the faulting instruction
===========================================
   0:   0f 0b                   ud2
   2:   e8 d4 38 07 00          callq  0x738db
   7:   48 8b 85 d0 fe ff ff    mov    -0x130(%rbp),%rax
   e:   48 8b 9d c0 fe ff ff    mov    -0x140(%rbp),%rbx
        ...
[  850.345913] RIP __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)
[  850.346536]  RSP <ffff8806b11778d0>


Thanks,
Sasha

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: mm: BUG in __munlock_pagevec

[Vlastimil Babka]

On 11/30/2015 03:24 PM, Sasha Levin wrote:
> Hi all,
> 
> I've hit the following while fuzzing with trinity on the latest -next kernel:
> 
> 
> [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
> [  850.306773] flags: 0x2fffff80000000()
> [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
> [  850.308027] page_owner info is not active (free page?)
> [  850.308925] ------------[ cut here ]------------
> [  850.309614] kernel BUG at include/linux/page-flags.h:326!
> [  850.310333] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> [  850.311176] Modules linked in:
> [  850.311650] CPU: 5 PID: 7051 Comm: trinity-c129 Not tainted 4.4.0-rc2-next-20151127-sasha-00012-gf0498ca-dirty #2661
> [  850.313115] task: ffff8806eaf08000 ti: ffff8806b1170000 task.ti: ffff8806b1170000
> [  850.314085] RIP: __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)

That's TestClearPageMlocked(page) which has PF_NO_TAIL.

The page dump suggests the page was freed between the check triggering,
and the page being dumped. But being on munlock's pagevec should pin the
page. So a pin/unpin mismatch somewhere, together with a race?

Moreover, a PageTail(page) shouldn't even get on the pagevec,
munlock_vma_pages_range() skips tail pages. So another race that made
the page a Tail after it was added to pagevec?

Or maybe __munlock_pagevec_fill() encountered a tail page, and since it
assumes that it can't happen, there's no check. Maybe a VM_BUG_ON_PAGE()
there would catch this earlier? Could be related to "thp: allow mlocked
THP again".

Ah, __munlock_pagevec_fill() does a get_page(), which would increase
page->count on the compound head, which could also explain the mismatch.

------8<------
diff --git a/mm/mlock.c b/mm/mlock.c
index af421d8bd6da..156d2840aa62 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -393,7 +393,9 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
 		if (!page || page_zone_id(page) != zoneid)
 			break;
 
+		VM_BUG_ON_PAGE(PageTail(page), page);
 		get_page(page);
+
 		/*
 		 * Increase the address that will be returned *before* the
 		 * eventual break due to pvec becoming full by adding the page

Re: mm: BUG in __munlock_pagevec

[Vlastimil Babka]

On 11/30/2015 03:24 PM, Sasha Levin wrote:
> Hi all,
> 
> I've hit the following while fuzzing with trinity on the latest -next kernel:
> 
> 
> [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
> [  850.306773] flags: 0x2fffff80000000()
> [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
> [  850.308027] page_owner info is not active (free page?)
> [  850.308925] ------------[ cut here ]------------
> [  850.309614] kernel BUG at include/linux/page-flags.h:326!
> [  850.310333] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> [  850.311176] Modules linked in:
> [  850.311650] CPU: 5 PID: 7051 Comm: trinity-c129 Not tainted 4.4.0-rc2-next-20151127-sasha-00012-gf0498ca-dirty #2661
> [  850.313115] task: ffff8806eaf08000 ti: ffff8806b1170000 task.ti: ffff8806b1170000
> [  850.314085] RIP: __munlock_pagevec (include/linux/page-flags.h:326 mm/mlock.c:296)

That's TestClearPageMlocked(page) which has PF_NO_TAIL.

The page dump suggests the page was freed between the check triggering,
and the page being dumped. But being on munlock's pagevec should pin the
page. So a pin/unpin mismatch somewhere, together with a race?

Moreover, a PageTail(page) shouldn't even get on the pagevec,
munlock_vma_pages_range() skips tail pages. So another race that made
the page a Tail after it was added to pagevec?

Or maybe __munlock_pagevec_fill() encountered a tail page, and since it
assumes that it can't happen, there's no check. Maybe a VM_BUG_ON_PAGE()
there would catch this earlier? Could be related to "thp: allow mlocked
THP again".

Ah, __munlock_pagevec_fill() does a get_page(), which would increase
page->count on the compound head, which could also explain the mismatch.

------8<------
diff --git a/mm/mlock.c b/mm/mlock.c
index af421d8bd6da..156d2840aa62 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -393,7 +393,9 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
 		if (!page || page_zone_id(page) != zoneid)
 			break;
 
+		VM_BUG_ON_PAGE(PageTail(page), page);
 		get_page(page);
+
 		/*
 		 * Increase the address that will be returned *before* the
 		 * eventual break due to pvec becoming full by adding the page

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: mm: BUG in __munlock_pagevec

[Kirill A. Shutemov]

On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
> Hi all,
> 
> I've hit the following while fuzzing with trinity on the latest -next kernel:
> 
> 
> [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
> [  850.306773] flags: 0x2fffff80000000()
> [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
> [  850.308027] page_owner info is not active (free page?)

Could you check this completely untested patch:

diff --git a/mm/mlock.c b/mm/mlock.c
index af421d8bd6da..9197b6721a1e 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
 		if (!page || page_zone_id(page) != zoneid)
 			break;
 
+		/*
+		 * Do not use pagevec for PTE-mapped THP,
+		 * munlock_vma_pages_range() will handle them.
+		 */
+		if (PageTransCompound(page))
+			break;
+
 		get_page(page);
 		/*
 		 * Increase the address that will be returned *before* the
-- 
 Kirill A. Shutemov

Re: mm: BUG in __munlock_pagevec

[Kirill A. Shutemov]

On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
> Hi all,
> 
> I've hit the following while fuzzing with trinity on the latest -next kernel:
> 
> 
> [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
> [  850.306773] flags: 0x2fffff80000000()
> [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
> [  850.308027] page_owner info is not active (free page?)

Could you check this completely untested patch:

diff --git a/mm/mlock.c b/mm/mlock.c
index af421d8bd6da..9197b6721a1e 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
 		if (!page || page_zone_id(page) != zoneid)
 			break;
 
+		/*
+		 * Do not use pagevec for PTE-mapped THP,
+		 * munlock_vma_pages_range() will handle them.
+		 */
+		if (PageTransCompound(page))
+			break;
+
 		get_page(page);
 		/*
 		 * Increase the address that will be returned *before* the
-- 
 Kirill A. Shutemov

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: mm: BUG in __munlock_pagevec

[Sasha Levin]

On 12/01/2015 04:38 PM, Kirill A. Shutemov wrote:
> On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
>> > Hi all,
>> > 
>> > I've hit the following while fuzzing with trinity on the latest -next kernel:
>> > 
>> > 
>> > [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
>> > [  850.306773] flags: 0x2fffff80000000()
>> > [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
>> > [  850.308027] page_owner info is not active (free page?)
> Could you check this completely untested patch:
> 
> diff --git a/mm/mlock.c b/mm/mlock.c
> index af421d8bd6da..9197b6721a1e 100644
> --- a/mm/mlock.c
> +++ b/mm/mlock.c
> @@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
>  		if (!page || page_zone_id(page) != zoneid)
>  			break;
>  
> +		/*
> +		 * Do not use pagevec for PTE-mapped THP,
> +		 * munlock_vma_pages_range() will handle them.
> +		 */
> +		if (PageTransCompound(page))
> +			break;
> +
>  		get_page(page);
>  		/*
>  		 * Increase the address that will be returned *before* the

I've started seeing:

[ 1197.233931] BUG: Bad page state in process trinity-subchil  pfn:110600
[ 1197.234002] page:ffffea0004418000 count:0 mapcount:0 mapping:          (null) index:0x2a00 compound_mapcount: 0
[ 1197.234013] flags: 0x6fffff80144008(uptodate|head|swapbacked|mlocked)
[ 1197.234035] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 1197.234040] bad because of flags: 0x100000:(mlocked)
[ 1197.234051] Modules linked in:
[ 1197.234070] CPU: 23 PID: 4958 Comm: trinity-subchil Tainted: G    B           4.4.0-rc3-next-20151203-sasha-00025-gf813aca-dirty #2691
[ 1197.234076]  1ffff1003e1a4eb2 000000003cc27d3f ffff8801f0d27610 ffffffffa2fb13f2
[ 1197.234092]  0000000041b58ab3 ffffffffae036b9b ffffffffa2fb1327 0000000000100000
[ 1197.234108]  ffffffffa169ab93 000000003cc27d3f 0100000000000000 000000000018bce1
[ 1197.234124] Call Trace:
[ 1197.234142]  [<ffffffffa2fb13f2>] dump_stack+0xcb/0x149
[ 1197.234156]  [<ffffffffa2fb1327>] ? _atomic_dec_and_lock+0xf7/0xf7
[ 1197.234170]  [<ffffffffa169ab93>] ? dump_page_badflags+0x4a3/0x590
[ 1197.234185]  [<ffffffffa161d673>] bad_page+0x263/0x310
[ 1197.234206]  [<ffffffffa161d410>] ? set_page_refcounted+0x1a0/0x1a0
[ 1197.234221]  [<ffffffffa1777fb0>] ? mem_cgroup_move_charge_pte_range+0xa60/0xa60
[ 1197.234237]  [<ffffffffa1620ef9>] free_pages_prepare+0x489/0x1700
[ 1197.234255]  [<ffffffffa1778a80>] ? uncharge_list+0x590/0x5a0
[ 1197.234270]  [<ffffffffa1620a70>] ? build_zonelists+0x1920/0x1920
[ 1197.234286]  [<ffffffffa30247b2>] ? __list_del_entry+0x172/0x2b0
[ 1197.234299]  [<ffffffffa1629053>] __free_pages_ok+0x43/0x230
[ 1197.234312]  [<ffffffffa16292d2>] free_compound_page+0x92/0xa0
[ 1197.234326]  [<ffffffffa17685f6>] free_transhuge_page+0x96/0xa0
[ 1197.234340]  [<ffffffffa1643637>] __put_compound_page+0xc7/0xd0
[ 1197.234353]  [<ffffffffa1643bef>] release_pages+0x35f/0xb10
[ 1197.234373]  [<ffffffffa1643890>] ? put_pages_list+0x190/0x190
[ 1197.234428]  [<ffffffffa16477fc>] ? lru_add_drain_cpu+0x49c/0x4b0
[ 1197.234442]  [<ffffffffa16eecc9>] free_pages_and_swap_cache+0x49/0x410
[ 1197.234455]  [<ffffffffa16a0547>] tlb_flush_mmu_free+0x97/0x130
[ 1197.234467]  [<ffffffffa16a7447>] unmap_page_range+0x1877/0x1bd0
[ 1197.234480]  [<ffffffffa16a5bd0>] ? vm_normal_page+0x1f0/0x1f0
[ 1197.234493]  [<ffffffffa17616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[ 1197.234506]  [<ffffffffa16a79d7>] unmap_single_vma+0x237/0x250
[ 1197.234518]  [<ffffffffa16a9e96>] unmap_vmas+0x126/0x1b0
[ 1197.234532]  [<ffffffffa16c9fd0>] exit_mmap+0x2b0/0x420
[ 1197.234547]  [<ffffffffa17616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[ 1197.234563]  [<ffffffffa16c9d20>] ? SyS_remap_file_pages+0x630/0x630
[ 1197.234575]  [<ffffffffa174185d>] ? kmem_cache_free+0x26d/0x2d0
[ 1197.234592]  [<ffffffffa13cf532>] ? __might_sleep+0x1f2/0x220
[ 1197.234606]  [<ffffffffa13509d5>] mmput+0xe5/0x320
[ 1197.234620]  [<ffffffffa13508f0>] ? sighand_ctor+0x70/0x70
[ 1197.234635]  [<ffffffffa1362a39>] ? mm_update_next_owner+0x5c9/0x600
[ 1197.234649]  [<ffffffffa13dde39>] ? preempt_count_add+0xe9/0x140
[ 1197.234664]  [<ffffffffa13638fd>] do_exit+0xe8d/0x1540
[ 1197.234678]  [<ffffffffa11693a4>] ? sched_clock+0x44/0x50
[ 1197.234693]  [<ffffffffa13f058c>] ? local_clock+0x1c/0x20
[ 1197.234709]  [<ffffffffa1362a70>] ? mm_update_next_owner+0x600/0x600
[ 1197.234724]  [<ffffffffa1607721>] ? __context_tracking_exit+0xb1/0xc0
[ 1197.234738]  [<ffffffffa160784b>] ? context_tracking_exit+0x11b/0x120
[ 1197.234754]  [<ffffffffa1005e5a>] ? syscall_trace_enter_phase1+0x4aa/0x4f0
[ 1197.234771]  [<ffffffffa10059b0>] ? enter_from_user_mode+0x80/0x80
[ 1197.234800]  [<ffffffffa3024353>] ? check_preemption_disabled+0x233/0x250
[ 1197.234813]  [<ffffffffa1364209>] do_group_exit+0x1e9/0x330
[ 1197.234825]  [<ffffffffa136436d>] SyS_exit_group+0x1d/0x20
[ 1197.234842]  [<ffffffffab9178d5>] entry_SYSCALL_64_fastpath+0x35/0x99


Thanks,
Sasha

Re: mm: BUG in __munlock_pagevec

[Sasha Levin]

On 12/01/2015 04:38 PM, Kirill A. Shutemov wrote:
> On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
>> > Hi all,
>> > 
>> > I've hit the following while fuzzing with trinity on the latest -next kernel:
>> > 
>> > 
>> > [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
>> > [  850.306773] flags: 0x2fffff80000000()
>> > [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
>> > [  850.308027] page_owner info is not active (free page?)
> Could you check this completely untested patch:
> 
> diff --git a/mm/mlock.c b/mm/mlock.c
> index af421d8bd6da..9197b6721a1e 100644
> --- a/mm/mlock.c
> +++ b/mm/mlock.c
> @@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
>  		if (!page || page_zone_id(page) != zoneid)
>  			break;
>  
> +		/*
> +		 * Do not use pagevec for PTE-mapped THP,
> +		 * munlock_vma_pages_range() will handle them.
> +		 */
> +		if (PageTransCompound(page))
> +			break;
> +
>  		get_page(page);
>  		/*
>  		 * Increase the address that will be returned *before* the

I've started seeing:

[ 1197.233931] BUG: Bad page state in process trinity-subchil  pfn:110600
[ 1197.234002] page:ffffea0004418000 count:0 mapcount:0 mapping:          (null) index:0x2a00 compound_mapcount: 0
[ 1197.234013] flags: 0x6fffff80144008(uptodate|head|swapbacked|mlocked)
[ 1197.234035] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[ 1197.234040] bad because of flags: 0x100000:(mlocked)
[ 1197.234051] Modules linked in:
[ 1197.234070] CPU: 23 PID: 4958 Comm: trinity-subchil Tainted: G    B           4.4.0-rc3-next-20151203-sasha-00025-gf813aca-dirty #2691
[ 1197.234076]  1ffff1003e1a4eb2 000000003cc27d3f ffff8801f0d27610 ffffffffa2fb13f2
[ 1197.234092]  0000000041b58ab3 ffffffffae036b9b ffffffffa2fb1327 0000000000100000
[ 1197.234108]  ffffffffa169ab93 000000003cc27d3f 0100000000000000 000000000018bce1
[ 1197.234124] Call Trace:
[ 1197.234142]  [<ffffffffa2fb13f2>] dump_stack+0xcb/0x149
[ 1197.234156]  [<ffffffffa2fb1327>] ? _atomic_dec_and_lock+0xf7/0xf7
[ 1197.234170]  [<ffffffffa169ab93>] ? dump_page_badflags+0x4a3/0x590
[ 1197.234185]  [<ffffffffa161d673>] bad_page+0x263/0x310
[ 1197.234206]  [<ffffffffa161d410>] ? set_page_refcounted+0x1a0/0x1a0
[ 1197.234221]  [<ffffffffa1777fb0>] ? mem_cgroup_move_charge_pte_range+0xa60/0xa60
[ 1197.234237]  [<ffffffffa1620ef9>] free_pages_prepare+0x489/0x1700
[ 1197.234255]  [<ffffffffa1778a80>] ? uncharge_list+0x590/0x5a0
[ 1197.234270]  [<ffffffffa1620a70>] ? build_zonelists+0x1920/0x1920
[ 1197.234286]  [<ffffffffa30247b2>] ? __list_del_entry+0x172/0x2b0
[ 1197.234299]  [<ffffffffa1629053>] __free_pages_ok+0x43/0x230
[ 1197.234312]  [<ffffffffa16292d2>] free_compound_page+0x92/0xa0
[ 1197.234326]  [<ffffffffa17685f6>] free_transhuge_page+0x96/0xa0
[ 1197.234340]  [<ffffffffa1643637>] __put_compound_page+0xc7/0xd0
[ 1197.234353]  [<ffffffffa1643bef>] release_pages+0x35f/0xb10
[ 1197.234373]  [<ffffffffa1643890>] ? put_pages_list+0x190/0x190
[ 1197.234428]  [<ffffffffa16477fc>] ? lru_add_drain_cpu+0x49c/0x4b0
[ 1197.234442]  [<ffffffffa16eecc9>] free_pages_and_swap_cache+0x49/0x410
[ 1197.234455]  [<ffffffffa16a0547>] tlb_flush_mmu_free+0x97/0x130
[ 1197.234467]  [<ffffffffa16a7447>] unmap_page_range+0x1877/0x1bd0
[ 1197.234480]  [<ffffffffa16a5bd0>] ? vm_normal_page+0x1f0/0x1f0
[ 1197.234493]  [<ffffffffa17616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[ 1197.234506]  [<ffffffffa16a79d7>] unmap_single_vma+0x237/0x250
[ 1197.234518]  [<ffffffffa16a9e96>] unmap_vmas+0x126/0x1b0
[ 1197.234532]  [<ffffffffa16c9fd0>] exit_mmap+0x2b0/0x420
[ 1197.234547]  [<ffffffffa17616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[ 1197.234563]  [<ffffffffa16c9d20>] ? SyS_remap_file_pages+0x630/0x630
[ 1197.234575]  [<ffffffffa174185d>] ? kmem_cache_free+0x26d/0x2d0
[ 1197.234592]  [<ffffffffa13cf532>] ? __might_sleep+0x1f2/0x220
[ 1197.234606]  [<ffffffffa13509d5>] mmput+0xe5/0x320
[ 1197.234620]  [<ffffffffa13508f0>] ? sighand_ctor+0x70/0x70
[ 1197.234635]  [<ffffffffa1362a39>] ? mm_update_next_owner+0x5c9/0x600
[ 1197.234649]  [<ffffffffa13dde39>] ? preempt_count_add+0xe9/0x140
[ 1197.234664]  [<ffffffffa13638fd>] do_exit+0xe8d/0x1540
[ 1197.234678]  [<ffffffffa11693a4>] ? sched_clock+0x44/0x50
[ 1197.234693]  [<ffffffffa13f058c>] ? local_clock+0x1c/0x20
[ 1197.234709]  [<ffffffffa1362a70>] ? mm_update_next_owner+0x600/0x600
[ 1197.234724]  [<ffffffffa1607721>] ? __context_tracking_exit+0xb1/0xc0
[ 1197.234738]  [<ffffffffa160784b>] ? context_tracking_exit+0x11b/0x120
[ 1197.234754]  [<ffffffffa1005e5a>] ? syscall_trace_enter_phase1+0x4aa/0x4f0
[ 1197.234771]  [<ffffffffa10059b0>] ? enter_from_user_mode+0x80/0x80
[ 1197.234800]  [<ffffffffa3024353>] ? check_preemption_disabled+0x233/0x250
[ 1197.234813]  [<ffffffffa1364209>] do_group_exit+0x1e9/0x330
[ 1197.234825]  [<ffffffffa136436d>] SyS_exit_group+0x1d/0x20
[ 1197.234842]  [<ffffffffab9178d5>] entry_SYSCALL_64_fastpath+0x35/0x99


Thanks,
Sasha

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

Re: mm: BUG in __munlock_pagevec

[Sasha Levin]

On 12/04/2015 03:46 PM, Sasha Levin wrote:
> On 12/01/2015 04:38 PM, Kirill A. Shutemov wrote:
>> > On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
>>>> >> > Hi all,
>>>> >> > 
>>>> >> > I've hit the following while fuzzing with trinity on the latest -next kernel:
>>>> >> > 
>>>> >> > 
>>>> >> > [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
>>>> >> > [  850.306773] flags: 0x2fffff80000000()
>>>> >> > [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
>>>> >> > [  850.308027] page_owner info is not active (free page?)
>> > Could you check this completely untested patch:
>> > 
>> > diff --git a/mm/mlock.c b/mm/mlock.c
>> > index af421d8bd6da..9197b6721a1e 100644
>> > --- a/mm/mlock.c
>> > +++ b/mm/mlock.c
>> > @@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
>> >  		if (!page || page_zone_id(page) != zoneid)
>> >  			break;
>> >  
>> > +		/*
>> > +		 * Do not use pagevec for PTE-mapped THP,
>> > +		 * munlock_vma_pages_range() will handle them.
>> > +		 */
>> > +		if (PageTransCompound(page))
>> > +			break;
>> > +
>> >  		get_page(page);
>> >  		/*
>> >  		 * Increase the address that will be returned *before* the
> I've started seeing:

And:

[  883.470914] kernel BUG at mm/mlock.c:460!
[  883.472612] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  883.474950] Modules linked in:
[  883.476583] CPU: 11 PID: 15210 Comm: trinity-c191 Not tainted 4.4.0-rc3-next-20151203-sasha-00025-gf813aca-dirty #2691
[  883.481771] task: ffff8801026b4000 ti: ffff8808a25d0000 task.ti: ffff8808a25d0000
[  883.485068] RIP: 0010:[<ffffffff816b9d43>]  [<ffffffff816b9d43>] munlock_vma_pages_range+0x2b3/0xab0
[  883.493522] RSP: 0018:ffff8808a25d79e8  EFLAGS: 00010246
[  883.495623] RAX: 0000000000000000 RBX: ffffea0029af2740 RCX: 0000000000000000
[  883.498478] RDX: 1ffffd400535e4ef RSI: 0000000000000246 RDI: ffffea0029af2778
[  883.501609] RBP: ffff8808a25d7be0 R08: fffffbfff36d4114 R09: ffffffff9b6a08a4
[  883.504475] R10: 0000000000000001 R11: 1ffffffff36d410d R12: ffffea0029af2760
[  883.507422] R13: ffff8808a25d7bb8 R14: dffffc0000000000 R15: ffffea0029af0000
[  883.510004] FS:  0000000000000000(0000) GS:ffff880aa4600000(0000) knlGS:0000000000000000
[  883.511243] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  883.512303] CR2: 0000000000639378 CR3: 0000000880b7b000 CR4: 00000000000006a0
[  883.518040] DR0: 0000000000008ac6 DR1: 0000000000000000 DR2: 0000000000000000
[  883.519467] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  883.520662] Stack:
[  883.521038]  ffff8811eb99db60 0000000000000002 ffff880aa7fcf000 1ffff101144baf4b
[  883.522493]  ffffed023d733b6c 0000000002c97000 000077f75da28510 0000002e00000000
[  883.524015]  ffff8808a25d7a78 ffffea002a6a495c 00007f04ffe7b000 ffffea0029af0001
[  883.527296] Call Trace:
[  883.528482]  [<ffffffff816b9a90>] ? munlock_vma_page+0x400/0x400
[  883.531246]  [<ffffffff8144dbe0>] ? in_lock_functions+0x30/0x40
[  883.534027]  [<ffffffff813ddd1d>] ? get_parent_ip+0xd/0x40
[  883.536351]  [<ffffffff813dde39>] ? preempt_count_add+0xe9/0x140
[  883.539045]  [<ffffffff8173d597>] ? free_debug_processing+0x417/0x550
[  883.542045]  [<ffffffff818a0b45>] ? exit_aio+0x365/0x3c0
[  883.544352]  [<ffffffff816c9f11>] exit_mmap+0x1f1/0x420
[  883.546476]  [<ffffffff817616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[  883.548906]  [<ffffffff816c9d20>] ? SyS_remap_file_pages+0x630/0x630
[  883.551544]  [<ffffffff8174185d>] ? kmem_cache_free+0x26d/0x2d0
[  883.553718]  [<ffffffff817616ff>] ? __khugepaged_exit+0x2ff/0x3a0
[  883.556319]  [<ffffffff81761400>] ? hugepage_madvise+0x160/0x160
[  883.558901]  [<ffffffff813cc436>] ? ___might_sleep+0xd6/0x3f0
[  883.561232]  [<ffffffff813cf532>] ? __might_sleep+0x1f2/0x220
[  883.566857]  [<ffffffff813509d5>] mmput+0xe5/0x320
[  883.568416]  [<ffffffff813508f0>] ? sighand_ctor+0x70/0x70
[  883.570136]  [<ffffffff81362a39>] ? mm_update_next_owner+0x5c9/0x600
[  883.572272]  [<ffffffff813dde39>] ? preempt_count_add+0xe9/0x140
[  883.574501]  [<ffffffff813638fd>] do_exit+0xe8d/0x1540
[  883.577297]  [<ffffffff811693a4>] ? sched_clock+0x44/0x50
[  883.579268]  [<ffffffff813f058c>] ? local_clock+0x1c/0x20
[  883.581118]  [<ffffffff81362a70>] ? mm_update_next_owner+0x600/0x600
[  883.585181]  [<ffffffff81607721>] ? __context_tracking_exit+0xb1/0xc0
[  883.587569]  [<ffffffff8160784b>] ? context_tracking_exit+0x11b/0x120
[  883.589850]  [<ffffffff81005e5a>] ? syscall_trace_enter_phase1+0x4aa/0x4f0
[  883.592297]  [<ffffffff810059b0>] ? enter_from_user_mode+0x80/0x80
[  883.594603]  [<ffffffff83024353>] ? check_preemption_disabled+0x233/0x250
[  883.596920]  [<ffffffff81364209>] do_group_exit+0x1e9/0x330
[  883.598682]  [<ffffffff8136436d>] SyS_exit_group+0x1d/0x20
[  883.602748]  [<ffffffff8b9178d5>] entry_SYSCALL_64_fastpath+0x35/0x99
[  883.604899] Code: 3c 30 00 74 08 4c 89 ff e8 0b be 08 00 49 8b 07 a9 00 00 10 00 74 22 e8 9c c3 08 00 48 c7 c6 c0 94 b0 8b 48 89 df e8 3d 0f fe ff <0f> 0b 48 c7 c7 e0 f3 ec 8f e8 ad 71 9f 01 e8 7a c3 08 00 4c 89
[  883.613771] RIP  [<ffffffff816b9d43>] munlock_vma_pages_range+0x2b3/0xab0
[  883.614902]  RSP <ffff8808a25d79e8>


Thanks,
Sasha

Re: mm: BUG in __munlock_pagevec

[Sasha Levin]

On 12/04/2015 03:46 PM, Sasha Levin wrote:
> On 12/01/2015 04:38 PM, Kirill A. Shutemov wrote:
>> > On Mon, Nov 30, 2015 at 09:24:56AM -0500, Sasha Levin wrote:
>>>> >> > Hi all,
>>>> >> > 
>>>> >> > I've hit the following while fuzzing with trinity on the latest -next kernel:
>>>> >> > 
>>>> >> > 
>>>> >> > [  850.305385] page:ffffea001a5a0f00 count:0 mapcount:1 mapping:dead000000000400 index:0x1ffffffffff
>>>> >> > [  850.306773] flags: 0x2fffff80000000()
>>>> >> > [  850.307175] page dumped because: VM_BUG_ON_PAGE(1 && PageTail(page))
>>>> >> > [  850.308027] page_owner info is not active (free page?)
>> > Could you check this completely untested patch:
>> > 
>> > diff --git a/mm/mlock.c b/mm/mlock.c
>> > index af421d8bd6da..9197b6721a1e 100644
>> > --- a/mm/mlock.c
>> > +++ b/mm/mlock.c
>> > @@ -393,6 +393,13 @@ static unsigned long __munlock_pagevec_fill(struct pagevec *pvec,
>> >  		if (!page || page_zone_id(page) != zoneid)
>> >  			break;
>> >  
>> > +		/*
>> > +		 * Do not use pagevec for PTE-mapped THP,
>> > +		 * munlock_vma_pages_range() will handle them.
>> > +		 */
>> > +		if (PageTransCompound(page))
>> > +			break;
>> > +
>> >  		get_page(page);
>> >  		/*
>> >  		 * Increase the address that will be returned *before* the
> I've started seeing:

And:

[  883.470914] kernel BUG at mm/mlock.c:460!
[  883.472612] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  883.474950] Modules linked in:
[  883.476583] CPU: 11 PID: 15210 Comm: trinity-c191 Not tainted 4.4.0-rc3-next-20151203-sasha-00025-gf813aca-dirty #2691
[  883.481771] task: ffff8801026b4000 ti: ffff8808a25d0000 task.ti: ffff8808a25d0000
[  883.485068] RIP: 0010:[<ffffffff816b9d43>]  [<ffffffff816b9d43>] munlock_vma_pages_range+0x2b3/0xab0
[  883.493522] RSP: 0018:ffff8808a25d79e8  EFLAGS: 00010246
[  883.495623] RAX: 0000000000000000 RBX: ffffea0029af2740 RCX: 0000000000000000
[  883.498478] RDX: 1ffffd400535e4ef RSI: 0000000000000246 RDI: ffffea0029af2778
[  883.501609] RBP: ffff8808a25d7be0 R08: fffffbfff36d4114 R09: ffffffff9b6a08a4
[  883.504475] R10: 0000000000000001 R11: 1ffffffff36d410d R12: ffffea0029af2760
[  883.507422] R13: ffff8808a25d7bb8 R14: dffffc0000000000 R15: ffffea0029af0000
[  883.510004] FS:  0000000000000000(0000) GS:ffff880aa4600000(0000) knlGS:0000000000000000
[  883.511243] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  883.512303] CR2: 0000000000639378 CR3: 0000000880b7b000 CR4: 00000000000006a0
[  883.518040] DR0: 0000000000008ac6 DR1: 0000000000000000 DR2: 0000000000000000
[  883.519467] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  883.520662] Stack:
[  883.521038]  ffff8811eb99db60 0000000000000002 ffff880aa7fcf000 1ffff101144baf4b
[  883.522493]  ffffed023d733b6c 0000000002c97000 000077f75da28510 0000002e00000000
[  883.524015]  ffff8808a25d7a78 ffffea002a6a495c 00007f04ffe7b000 ffffea0029af0001
[  883.527296] Call Trace:
[  883.528482]  [<ffffffff816b9a90>] ? munlock_vma_page+0x400/0x400
[  883.531246]  [<ffffffff8144dbe0>] ? in_lock_functions+0x30/0x40
[  883.534027]  [<ffffffff813ddd1d>] ? get_parent_ip+0xd/0x40
[  883.536351]  [<ffffffff813dde39>] ? preempt_count_add+0xe9/0x140
[  883.539045]  [<ffffffff8173d597>] ? free_debug_processing+0x417/0x550
[  883.542045]  [<ffffffff818a0b45>] ? exit_aio+0x365/0x3c0
[  883.544352]  [<ffffffff816c9f11>] exit_mmap+0x1f1/0x420
[  883.546476]  [<ffffffff817616ee>] ? __khugepaged_exit+0x2ee/0x3a0
[  883.548906]  [<ffffffff816c9d20>] ? SyS_remap_file_pages+0x630/0x630
[  883.551544]  [<ffffffff8174185d>] ? kmem_cache_free+0x26d/0x2d0
[  883.553718]  [<ffffffff817616ff>] ? __khugepaged_exit+0x2ff/0x3a0
[  883.556319]  [<ffffffff81761400>] ? hugepage_madvise+0x160/0x160
[  883.558901]  [<ffffffff813cc436>] ? ___might_sleep+0xd6/0x3f0
[  883.561232]  [<ffffffff813cf532>] ? __might_sleep+0x1f2/0x220
[  883.566857]  [<ffffffff813509d5>] mmput+0xe5/0x320
[  883.568416]  [<ffffffff813508f0>] ? sighand_ctor+0x70/0x70
[  883.570136]  [<ffffffff81362a39>] ? mm_update_next_owner+0x5c9/0x600
[  883.572272]  [<ffffffff813dde39>] ? preempt_count_add+0xe9/0x140
[  883.574501]  [<ffffffff813638fd>] do_exit+0xe8d/0x1540
[  883.577297]  [<ffffffff811693a4>] ? sched_clock+0x44/0x50
[  883.579268]  [<ffffffff813f058c>] ? local_clock+0x1c/0x20
[  883.581118]  [<ffffffff81362a70>] ? mm_update_next_owner+0x600/0x600
[  883.585181]  [<ffffffff81607721>] ? __context_tracking_exit+0xb1/0xc0
[  883.587569]  [<ffffffff8160784b>] ? context_tracking_exit+0x11b/0x120
[  883.589850]  [<ffffffff81005e5a>] ? syscall_trace_enter_phase1+0x4aa/0x4f0
[  883.592297]  [<ffffffff810059b0>] ? enter_from_user_mode+0x80/0x80
[  883.594603]  [<ffffffff83024353>] ? check_preemption_disabled+0x233/0x250
[  883.596920]  [<ffffffff81364209>] do_group_exit+0x1e9/0x330
[  883.598682]  [<ffffffff8136436d>] SyS_exit_group+0x1d/0x20
[  883.602748]  [<ffffffff8b9178d5>] entry_SYSCALL_64_fastpath+0x35/0x99
[  883.604899] Code: 3c 30 00 74 08 4c 89 ff e8 0b be 08 00 49 8b 07 a9 00 00 10 00 74 22 e8 9c c3 08 00 48 c7 c6 c0 94 b0 8b 48 89 df e8 3d 0f fe ff <0f> 0b 48 c7 c7 e0 f3 ec 8f e8 ad 71 9f 01 e8 7a c3 08 00 4c 89
[  883.613771] RIP  [<ffffffff816b9d43>] munlock_vma_pages_range+0x2b3/0xab0
[  883.614902]  RSP <ffff8808a25d79e8>


Thanks,
Sasha

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>