From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4683EC3DA49 for ; Sat, 20 Jul 2024 05:02:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 91BDC6B0082; Sat, 20 Jul 2024 01:02:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8A4D66B0085; Sat, 20 Jul 2024 01:02:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 745EA6B0088; Sat, 20 Jul 2024 01:02:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 52F536B0082 for ; Sat, 20 Jul 2024 01:02:42 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id BEF5AC0A87 for ; Sat, 20 Jul 2024 05:02:41 +0000 (UTC) X-FDA: 82358935722.04.48BF822 Received: from mail115-100.sinamail.sina.com.cn (mail115-100.sinamail.sina.com.cn [218.30.115.100]) by imf20.hostedemail.com (Postfix) with ESMTP id 366701C0029 for ; Sat, 20 Jul 2024 05:02:37 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf20.hostedemail.com: domain of hdanton@sina.com designates 218.30.115.100 as permitted sender) smtp.mailfrom=hdanton@sina.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721451725; a=rsa-sha256; cv=none; b=c4cG0qZGFAP3UPAMcEILzpwftGM8H+pxgMaigh+03TIIWEvVDXslWARJgHKx769qu7ONmf JlNJlzJnP58IRnTHXia0q8d8l5EG1kRO00kkALfvon1+44aZhwuFxj6qfDourM3iwZ7XHR 6vB6/ZnMmSBvIh4tGH5X9w9Zq6VzvYs= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf20.hostedemail.com: domain of hdanton@sina.com designates 218.30.115.100 as permitted sender) smtp.mailfrom=hdanton@sina.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721451725; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2sYuYeVE5W62mQ7Xr8VBExxyGWw/lxFh84feBBqb2ac=; b=Gz5+PPWBBcVy/u8JbnAxWLdao5qupF6vzfn5j0MsiE9ob1apqNqo1H37moPP6vYgnMIM8k st/Recr7mxNYvwvhSX54xPW3niY4KYf7Oh2YZhKroj45pVjCtApU3ayrET57khMwamk9m2 pH2hvFkne2sHLKmyxUX72Wr1K9JHMq8= X-SMAIL-HELO: localhost.localdomain Received: from unknown (HELO localhost.localdomain)([113.88.51.143]) by sina.com (10.185.250.23) with ESMTP id 669B44E400006706; Sat, 20 Jul 2024 13:02:30 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 8592158913410 X-SMAIL-UIID: 7BA4A1FEA08A4E7CB7EE4F33C27A4070-20240720-130230-1 From: Hillf Danton To: David Hildenbrand Cc: syzbot , hughd@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, Matthew Wilcox , Vivek Kasireddy Subject: Re: [syzbot] [mm?] BUG: Bad page map (8) Date: Sat, 20 Jul 2024 13:02:19 +0800 Message-Id: <20240720050219.1813-1-hdanton@sina.com> In-Reply-To: <9e26dd3a-f983-4d54-b162-52a9938d0dcd@redhat.com> References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 366701C0029 X-Stat-Signature: gdmf3ckx5odon43mrgn64zyymret3kmy X-Rspam-User: X-HE-Tag: 1721451757-943167 X-HE-Meta: U2FsdGVkX19/P2d3dRWyrimjPtYbFMmX3r3GSHuswE1/vxD9hBkm6r48CGryOGwFbpAa86sup8/qbosDnuB6Y3hBGBgK5D/6vub1oq8MgO8pPjMbUl+/bgpBRmIrowewWX8k6e1+rtjU0tsv+wWqWWPJSqq8Px8ToFPVn8kfjj4XGpxqnZ02sw87ZsS5nWYeNjd6+DI+5qwLv8wMKBcT5h/fmTNNH4dWNQCzXKrhWEQwv84g/AhrWLtOemRlppHE+B0ch9N9SchE9OOFbd4b9eF7YxK2IcY/Exx2QVZmQA9UzJBJyiYewxBylJmmLXGQsdzc3jLYidHK3uBMRghJ7e14His7023LRrb0f6bizkFg4NhIrrTR2nX3F6cbto/WUCC7NCKz1cDvASACdjiMdRZr/5JjH7ofCP5fyG+ZgWD6hfCEmHEYMlXLE5+qFLkEWnBeCXgAZb5MxBKySJ2YOXwiAnrglqcV9251T+amT/C7tar0d2JJZqrOnO6tVHUi1tulveel/W9OkK9+aheQlrm4cbBs04FaSFeOmv4XHaiV750UVzfxc6Mpl4YW5Q+N/6FCqoLeoipV2jJdzdwkpJHvr0ylFb6JNjy4+V9U9+c6eqqUfvZ1ptZvAWNFuFOva3Xa1vt62iKYCcG+7dMGZGSt1+Xj9r9G9bSI2QlvhN46dNtmHCNUpTQLjiAdLvXPnbU+UOgdt3UrzfGYtIQUAn/JKO20JFV8OteADCTocNGMFAD0TgvY0lk1iwYu1zw06vq2deZZTTlyIz5pD8Wg74Ir2qu1kVeJmYRWPi5nTulizmviiYhGgLMHraFufnitvm/LLkPEZATBJ4hvJxCVL65ZzzWEJUlV5UznGNFfHR+j6aPWEkZytvioWcZekt6KPO6Ek9YjKCBI7DAVzDwwnflN4ajVboaSdxdFfA0lO6VJb6kQdZ2/q7OkPtj0o8NYwKuD/qgAQYVXCAnFxsU tlvcTwIO PQPp7JTmzW8O69LQeKWB4HM0lQqiIqChRoDJdHfelW0+bbytaAaURP5FZF39ZtVAMuVj3aF5qDg8dwaa7YnNIcRiQs+IDJusrlzG2IblVF7ORij+GnVLfiFRM9EPHD+hJC0rWVbMblRXNFukN5stsYMeEQdnlOKNXUi+88bKvNGmZ9dcFFwR6XF5/QDU8NvptQdOG0PvNrsjEXb2MVx7U1nkt7Sm+0xnAiTk1x8bGXaQGwUxrlSTT04SytZtOkkp0wAkNvcjveKJGcvJlxp2c9DE1HpV3XShtrZmWRuQu2VgzyFHYXvuaEEnqQX61qowT58AHv93X00negeUCMJ8WdbJvklGUIPnENPMkp46CMBdqEhgp3i1coc+WYq3Ib596BQa1kbhT6y5z5wja+eFt/rE8/FRjNc5XhnLUNypx4Ou/E+4reWhUwKoE8m9dRaQatWWj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, 19 Jul 2024 13:21:30 +0200 David Hildenbrand > On 19.07.24 00:51, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 4d145e3f830b Merge tag 'i2c-for-6.10-rc8' of git://git.ker.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=11321495980000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=6b5a15443200e31 > > dashboard link: https://syzkaller.appspot.com/bug?extid=ec4b7d82bb051330f15a > > compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > > userspace arch: arm64 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113e054e980000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1366ab85980000 > > > > The reproducer involves udmabuf. I suspect it has to do with it. > > But I'm curius, does the reproducer not trigger before 4d145e3f830b on > mainliny? > > Viveks changes are not upstream yet, but I can only speculate that we > have some issue similar to the one we had with hugetlb: udmabuf doing > things with memfd/shmem pages that it shouldn't do, because it doesn't > "own" these pages. > > "udmabuf: Use vmf_insert_pfn and VM_PFNMAP for handling mmap" might help. cpu1 cpu2 --- --- evict() find folio2 in page cache truncate_inode_folio() truncate_cleanup_folio(); // unmap folio2 from mmA unmap_mapping_folio(folio2); mmap folio2 to mmB filemap_remove_folio(folio2); If the window exists for mapping folio to userspace while indoe is evicted, is this report false positive?