From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-f70.google.com (mail-lf0-f70.google.com [209.85.215.70]) by kanga.kvack.org (Postfix) with ESMTP id 079056B0005 for ; Fri, 1 Jul 2016 11:32:14 -0400 (EDT) Received: by mail-lf0-f70.google.com with SMTP id l184so84229175lfl.3 for ; Fri, 01 Jul 2016 08:32:13 -0700 (PDT) Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com. [2a00:1450:4010:c07::235]) by mx.google.com with ESMTPS id 13si9515658ljf.83.2016.07.01.08.32.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Jul 2016 08:32:12 -0700 (PDT) Received: by mail-lf0-x235.google.com with SMTP id f6so79624570lfg.0 for ; Fri, 01 Jul 2016 08:32:12 -0700 (PDT) MIME-Version: 1.0 From: Dmitry Vyukov Date: Fri, 1 Jul 2016 17:31:52 +0200 Message-ID: Subject: mm: BUG in page_move_anon_rmap Content-Type: text/plain; charset=UTF-8 Sender: owner-linux-mm@kvack.org List-ID: To: "linux-mm@kvack.org" , Andrew Morton , "Kirill A. Shutemov" , Vlastimil Babka , Hugh Dickins , LKML , Andrey Ryabinin , Konstantin Khlebnikov , Greg Thelen , Suleiman Souhlal Cc: syzkaller , Kostya Serebryany , Alexander Potapenko , Sasha Levin Hello, I am getting the following crashes while running syzkaller fuzzer on 00bf377d19ad3d80cbc7a036521279a86e397bfb (Jun 29). So far I did not manage to reproduce it outside of fuzzer, but fuzzer hits it once per hour or so. flags: 0xfffe0000044079(locked|uptodate|dirty|lru|active|head|swapbacked) page dumped because: VM_BUG_ON_PAGE(page->index != linear_page_index(vma, address)) page->mem_cgroup:ffff88003e829be0 ------------[ cut here ]------------ kernel BUG at mm/rmap.c:1103! invalid opcode: 0000 [#2] SMP DEBUG_PAGEALLOC KASAN Modules linked in: CPU: 0 PID: 7043 Comm: syz-fuzzer Tainted: G D 4.7.0-rc5+ #22 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff8800342f46c0 ti: ffff880034008000 task.ti: ffff880034008000 RIP: 0010:[] [] page_move_anon_rmap+0x278/0x310 mm/rmap.c:1103 RSP: 0000:ffff88003400fad0 EFLAGS: 00010286 RAX: ffff8800342f46c0 RBX: ffffea0000928000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88003ec16de8 RDI: ffffed0006801f41 RBP: ffff88003400fb00 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: ffffed000fffea01 R12: ffff88006776b8e8 R13: 001000000c829e00 R14: ffff88006247c3e8 R15: 000000000c829e00 FS: 00007f7627bc5700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c829fd8000 CR3: 0000000034b23000 CR4: 00000000000006f0 Stack: ffffea0000928000 ffffea000092f600 ffff88006776b8e8 ffffea0000928000 ffffea0000928001 000000c829fd8000 ffff88003400fc38 ffffffff8173a25f 0000000000000086 ffff88003400fbd0 ffffea0000928001 ffff880036cd3ec0 Call Trace: [] do_wp_page+0x7df/0x1c90 mm/memory.c:2402 [] handle_pte_fault+0x1e85/0x4960 mm/memory.c:3381 [< inline >] __handle_mm_fault mm/memory.c:3489 [] handle_mm_fault+0xeab/0x11a0 mm/memory.c:3518 [] __do_page_fault+0x457/0xbb0 arch/x86/mm/fault.c:1356 [] trace_do_page_fault+0xdf/0x5b0 arch/x86/mm/fault.c:1449 [] do_async_page_fault+0x14/0xd0 arch/x86/kernel/kvm.c:265 [] async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:923 Code: 0b e8 dd d5 e2 ff 48 c7 c6 40 f7 d0 86 48 89 df e8 2e 4a fc ff 0f 0b e8 c7 d5 e2 ff 48 c7 c6 c0 f7 d0 86 48 89 df e8 18 4a fc ff <0f> 0b e8 b1 d5 e2 ff 4c 89 ee 4c 89 e7 e8 96 80 02 00 49 89 c5 RIP [] page_move_anon_rmap+0x278/0x310 mm/rmap.c:1103 RSP ---[ end trace b6c02a1136e2a9ec ]--- BUG: sleeping function called from invalid context at include/linux/sched.h:2955 in_atomic(): 1, irqs_disabled(): 0, pid: 7043, name: syz-fuzzer lockdep is turned off. CPU: 0 PID: 7043 Comm: syz-fuzzer Tainted: G D 4.7.0-rc5+ #22 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffffffff880b58e0 ffff88003400f5c0 ffffffff82cc924f ffffffff342f46c0 fffffbfff1016b1c ffff8800342f46c0 0000000000001b83 0000000000000000 0000000000000000 dffffc0000000000 ffff88003400f5e8 ffffffff813efbfb Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x12e/0x18f lib/dump_stack.c:51 [] ___might_sleep+0x27b/0x3a0 kernel/sched/core.c:7573 [] __might_sleep+0x90/0x1a0 kernel/sched/core.c:7535 [< inline >] threadgroup_change_begin include/linux/sched.h:2955 [] exit_signals+0x7f/0x430 kernel/signal.c:2392 [] do_exit+0x234/0x2c80 kernel/exit.c:701 [] oops_end+0xa1/0xd0 arch/x86/kernel/dumpstack.c:250 [] die+0x46/0x60 arch/x86/kernel/dumpstack.c:308 [< inline >] do_trap_no_signal arch/x86/kernel/traps.c:192 [] do_trap+0x192/0x380 arch/x86/kernel/traps.c:238 [] do_error_trap+0x11e/0x280 arch/x86/kernel/traps.c:275 [] do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:288 [] invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:761 [] do_wp_page+0x7df/0x1c90 mm/memory.c:2402 [] handle_pte_fault+0x1e85/0x4960 mm/memory.c:3381 [< inline >] __handle_mm_fault mm/memory.c:3489 [] handle_mm_fault+0xeab/0x11a0 mm/memory.c:3518 [] __do_page_fault+0x457/0xbb0 arch/x86/mm/fault.c:1356 [] trace_do_page_fault+0xdf/0x5b0 arch/x86/mm/fault.c:1449 [] do_async_page_fault+0x14/0xd0 arch/x86/kernel/kvm.c:265 [] async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:923 note: syz-fuzzer[7043] exited with preempt_count 1 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org