From patchwork Tue Jun 6 17:58:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 103185 Delivered-To: patch@linaro.org Received: by 10.182.29.35 with SMTP id g3csp1387603obh; Tue, 6 Jun 2017 10:59:13 -0700 (PDT) X-Received: by 10.84.217.86 with SMTP id e22mr22559877plj.294.1496771953071; Tue, 06 Jun 2017 10:59:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1496771953; cv=none; d=google.com; s=arc-20160816; b=c85K37QulYb5ys2jp7ALTDXhNJ4PyokPcoCgyS9Oh00kRvrv8QjnTXWGhPoMASWSfG h5hBDNi7lndCveZ9UvR1PH7vV6xinwjQd704zUq5a/ZYyPhHlAxiJIlsni70RZ4W7Uu8 choW4xVZCZIgFSQU8x67ay4Vz818E/on8TfLMLaAPYb8P1AbMhX0NHTtSSMNSjORQsDJ 2RNcPvnojhywJhd/ravUNF2mVRs5YQnF3cqbkj6pm9APg3IiZz3b39cJJjoM49nyKMkq 2N3cq02whZMgXtadmmz3xw78yPn0LFzSgYMBvDJgAem2frvUlGGlcBa8MlV2SHjDeri8 3Psw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=kcMEmSA/2TOwRLu3pOv6zW+WrDdfDANwGIIDW6bPOws=; b=hiWGb0ml3dMQ6AfZ/gQxy0hX4Dph75+GYGWZMrsbWnK13krZYo1JjMFw3/v2kWSECP 3KIPxBuEWfhleDqCzs/q1kTCcQnp3dSAsO3qONI5Cq/lE6KAP6ZX53i0B/z33VAIBoP5 v2SijbH0zUOTsqzCQoVYfUW0aQoaeTyRvBxCEgQoApLGwxlgrtW902slYsbeoPk98k/d pfK2Qm8WZJnjhMDXylom5FkL/neqk56gD8f0EwS/7WBnxAGRKm9CjGm1jHz25bgA/+SL PnZ1Gs9FF1HdxpIsy0HCcTAnPWynJez6HvnsMYlA1ovP0/J2/FkcbbapohlYVfQLuK4V Gxcg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k83si3138925pfh.135.2017.06.06.10.59.12; Tue, 06 Jun 2017 10:59:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751680AbdFFR6d (ORCPT + 25 others); Tue, 6 Jun 2017 13:58:33 -0400 Received: from foss.arm.com ([217.140.101.70]:50622 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751513AbdFFR6a (ORCPT ); Tue, 6 Jun 2017 13:58:30 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5FF001596; Tue, 6 Jun 2017 10:58:29 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 303C73F578; Tue, 6 Jun 2017 10:58:29 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id C996E1AE0EF7; Tue, 6 Jun 2017 18:58:36 +0100 (BST) From: Will Deacon To: linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: mark.rutland@arm.com, akpm@linux-foundation.org, kirill.shutemov@linux.intel.com, Punit.Agrawal@arm.com, mgorman@suse.de, steve.capper@arm.com, Will Deacon Subject: [PATCH 0/3] mm: huge pages: Misc fixes for issues found during fuzzing Date: Tue, 6 Jun 2017 18:58:33 +0100 Message-Id: <1496771916-28203-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi there, We ran into very occasional VM_BUG_ONs whilst running the "syzkaller" fuzzing tool on an arm64 box: BUG: Bad page state in process syz-fuzzer pfn:50200 page:ffff7e0000408000 count:0 mapcount:0 mapping: (null) index:0x1 flags: 0xfffc00000000080(waiters) raw: 0fffc00000000080 0000000000000000 0000000000000001 00000000ffffffff raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set bad because of flags: 0x80(waiters) Modules linked in: CPU: 1 PID: 1274 Comm: syz-fuzzer Not tainted 4.11.0-rc3 #13 Hardware name: linux,dummy-virt (DT) Call trace: [] dump_backtrace+0x0/0x538 arch/arm64/kernel/traps.c:73 [] show_stack+0x20/0x30 arch/arm64/kernel/traps.c:228 [] __dump_stack lib/dump_stack.c:16 [inline] [] dump_stack+0x120/0x188 lib/dump_stack.c:52 [] bad_page+0x1d8/0x2e8 mm/page_alloc.c:555 [] check_new_page_bad+0xf8/0x200 mm/page_alloc.c:1682 [] check_new_pages mm/page_alloc.c:1694 [inline] [] rmqueue mm/page_alloc.c:2729 [inline] [] get_page_from_freelist+0xc58/0x2580 mm/page_alloc.c:3046 [] __alloc_pages_nodemask+0x1d0/0x1af0 mm/page_alloc.c:3965 [] __alloc_pages include/linux/gfp.h:426 [inline] [] __alloc_pages_node include/linux/gfp.h:439 [inline] [] alloc_pages_vma+0x438/0x7a8 mm/mempolicy.c:2015 [] do_huge_pmd_wp_page+0x4bc/0x1630 mm/huge_memory.c:1230 [] wp_huge_pmd mm/memory.c:3624 [inline] [] __handle_mm_fault+0x10a0/0x2760 mm/memory.c:3831 [] handle_mm_fault+0x2f0/0x998 mm/memory.c:3878 [] __do_page_fault arch/arm64/mm/fault.c:264 [inline] [] do_page_fault+0x48c/0x730 arch/arm64/mm/fault.c:359 [] do_mem_abort+0xd8/0x2c8 arch/arm64/mm/fault.c:578 Debugging the issue led to Mark's patch, which resolves the problem, but I found a couple of fastgup issues by inspection along the way. Comments welcome. Will --->8 Mark Rutland (1): mm: numa: avoid waiting on freed migrated pages Will Deacon (2): mm/page_ref: Ensure page_ref_unfreeze is ordered against prior accesses mm: migrate: Stabilise page count when migrating transparent hugepages include/linux/page_ref.h | 1 + mm/huge_memory.c | 8 +++++++- mm/migrate.c | 15 ++------------- 3 files changed, 10 insertions(+), 14 deletions(-) -- 2.1.4