Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753959AbbKWIag (ORCPT ); Mon, 23 Nov 2015 03:30:36 -0500 Received: from mail-wm0-f50.google.com ([74.125.82.50]:34670 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753762AbbKWIae (ORCPT ); Mon, 23 Nov 2015 03:30:34 -0500 MIME-Version: 1.0 In-Reply-To: References: From: Dmitry Vyukov Date: Mon, 23 Nov 2015 09:30:13 +0100 Message-ID: Subject: Re: WARNING in shmem_evict_inode To: Hugh Dickins , Andrew Morton , "linux-mm@kvack.org" , LKML , Sasha Levin Cc: syzkaller , Kostya Serebryany , Alexander Potapenko , Eric Dumazet Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3231 Lines: 84 On Mon, Nov 9, 2015 at 9:55 AM, Dmitry Vyukov wrote: > Hello, > > The following program: > > // autogenerated by syzkaller (http://github.com/google/syzkaller) > #include > #include > #include > #include > > #define SYS_memfd_create 319 > > long fd; > > void *thr(void *p) > { > syscall(SYS_ftruncate, fd, 0x8ul, 0, 0, 0, 0); > return 0; > } > > int main() > { > pthread_t th; > > syscall(SYS_mmap, 0x20000000ul, 0x10000ul, 0x3ul, 0x32ul, > 0xfffffffffffffffful, 0x0ul); > memcpy((void*)0x20000f96, "\x23\x65\x6d\x31\x07\x2b\x27\x29\x00", 9); > fd = syscall(SYS_memfd_create, 0x20000f96ul, 0x2ul, 0, 0, 0, 0); > syscall(SYS_fallocate, fd, 0x0ul, 0x31d89288ul, 0x4ul, 0, 0); > syscall(SYS_mmap, 0x20061000ul, 0xc00000ul, > 0x1a9d91e04768640bul, 0x11ul, fd, 0x0ul); > pthread_create(&th, 0, thr, 0); > syscall(SYS_fstat, fd, 0x20550fcful, 0, 0, 0, 0); > pthread_join(th, 0); > return 0; > } > > > triggers WARNING in shmem_evict_inode: > > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 10442 at mm/shmem.c:625 shmem_evict_inode+0x335/0x480() > Modules linked in: > CPU: 1 PID: 8944 Comm: executor Not tainted 4.3.0+ #39 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > 00000000ffffffff ffff88006c6afab8 ffffffff81aad406 0000000000000000 > ffff88006e39ac80 ffffffff83091660 ffff88006c6afaf8 ffffffff81100829 > ffffffff814192e5 ffffffff83091660 0000000000000271 ffff88003d075aa8 > Call Trace: > [] warn_slowpath_null+0x29/0x30 kernel/panic.c:480 > [] shmem_evict_inode+0x335/0x480 mm/shmem.c:625 > [] evict+0x26e/0x580 fs/inode.c:542 > [< inline >] iput_final fs/inode.c:1477 > [] iput+0x4a0/0x790 fs/inode.c:1504 > [< inline >] dentry_iput fs/dcache.c:358 > [] __dentry_kill+0x4fe/0x700 fs/dcache.c:543 > [< inline >] dentry_kill fs/dcache.c:587 > [] dput+0x6ab/0x7a0 fs/dcache.c:796 > [] __fput+0x3fb/0x6e0 fs/file_table.c:226 > [] ____fput+0x15/0x20 fs/file_table.c:244 > [] task_work_run+0x163/0x1f0 kernel/task_work.c:115 > [< inline >] exit_task_work include/linux/task_work.h:21 > [] do_exit+0x7f9/0x2b80 kernel/exit.c:748 > [] do_group_exit+0x108/0x320 kernel/exit.c:878 > [< inline >] SYSC_exit_group kernel/exit.c:889 > [] SyS_exit_group+0x1d/0x20 kernel/exit.c:887 > ---[ end trace 43da88a03e29c2a5 ]--- > > > Run the program in a loop, as the WARNING seems to be triggered by a race. > > On commit d1e41ff11941784f469f17795a4d9425c2eb4b7a (Nov 5). > But I was also able to reproduce it on a 3.11-based kernel. Hello, This is still happening periodically for me. Is anybody looking at this? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/