From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73EEBCFB420 for ; Sat, 5 Oct 2024 17:12:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BB5EA6B0345; Sat, 5 Oct 2024 13:12:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B643A6B0346; Sat, 5 Oct 2024 13:12:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A2BD46B0349; Sat, 5 Oct 2024 13:12:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 80B8F6B0345 for ; Sat, 5 Oct 2024 13:12:52 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 0C71A80481 for ; Sat, 5 Oct 2024 17:12:52 +0000 (UTC) X-FDA: 82640193384.04.6E7968A Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by imf15.hostedemail.com (Postfix) with ESMTP id 34C0CA0009 for ; Sat, 5 Oct 2024 17:12:50 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ZvDjKz4C; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of rkovhaev@gmail.com designates 209.85.210.171 as permitted sender) smtp.mailfrom=rkovhaev@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728148346; a=rsa-sha256; cv=none; b=qXyfKdANVc+II7AsvrkrExjQiXvuMlH/l71EXz2BoJd1cIBYc/rcHMvtVeHB0L+hJC6/N8 Jyj7012LzGvabiW2t4QvLFohrAXZQrP87u82gUb+FFHMmcu4F6gJO1JYQh5D9CTxymPN20 wXB6xCObWi4Hld8srrwDtjS35WRCi54= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=ZvDjKz4C; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf15.hostedemail.com: domain of rkovhaev@gmail.com designates 209.85.210.171 as permitted sender) smtp.mailfrom=rkovhaev@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728148346; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=fMWPlNWWXTGb7OtDpFy3gXAwrALuscHO9LtwDhUXN6s=; b=8XaaFt1Y754WzFa4ozajylUizjI4Sy9b7cFrO8ZKCcdY8yrZ0TDkfcSVnLQ0bdjB4IQAvF ms64juDiMjt/n+8U5pAZ8LtqPrq5+IH+doUrCGIJvosOH8PqNZ0qZJN4YdTi+gHjJWlm2w B72JRbeyYF4crx4M4M0kmCqDWrYXRIA= Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-718d704704aso2855052b3a.3 for ; Sat, 05 Oct 2024 10:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728148369; x=1728753169; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=fMWPlNWWXTGb7OtDpFy3gXAwrALuscHO9LtwDhUXN6s=; b=ZvDjKz4C7Knrj6wzqy93kOu6CrVG2m83jrpiZnXUBAGJrtiR/pAzKOSNmdyR4LAgfK Herwkt3VM1iZe1mAbHQJVnG9TOHrQAW1wtxBh9P24J+0Oh8R6l90IlFIh8hN5WzJfV+Z g30EGojR9ZPgs3IFWZ1G2jvnV9TyQ+NKvA7tr1MK+1i2bVMDhWCrYAn0101oTsj48URu TE2nIAp04v+uTitWTlsbU02K8uQT4zP7VVtK538dMN0zOznIAAIkhUZAjWuRTKD6cMC4 RcaIvchdF2rCZsK1YHJumiyuEwT5tDCg2rvF+8/PJCXGhqzv0QCrt2tjeE7pZrwqKAzq 1EjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728148369; x=1728753169; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=fMWPlNWWXTGb7OtDpFy3gXAwrALuscHO9LtwDhUXN6s=; b=n56xeNclip83tQCHKlu887txQTCZTSHiNM9R8HkHcI0Hba4fRS8JjqfSGoWiGI4BmW wKLA+eITjjsYs/lX1hfYQ4zPRo4b3B8nFWVLW8lWaRY8e4exOLyX8yH3fD/qwddTbf3C xylNzuJNp8bMwzuCIuLxUx5NmH5GMjlQpdeQMAaHkhVGxGfPWUHZf1kCB/1Kpw6cABLv Y+qMAXrlwSsd/rrj9WiRfCxqDfOVNgUKNCaI4VK1frrfCnLTB2PTWU4OCaIkYzqvw10O ijvNxltazcq2OoGMgqEvsVIDFwXmc3+bY1wNHFFpU7wLqjNsoXJjNiLpS3QnaufCeV6z QuUQ== X-Forwarded-Encrypted: i=1; AJvYcCXljkvwMCGUXE+aiTq0z6aY6NG5eCatN+kIib9SgfVzCaWdjRlATI+KXb13p+ThPb5tpt0nQAKj2A==@kvack.org X-Gm-Message-State: AOJu0YyerheGB8aYV29qeZIWIy0YFG1twUAckjlVW1Ux/XCdY+hzAhcy 5zEZWHWpEPm/PbJL37cK6lPWjHHcGUsXomk3xiTAxliA/d2KGMRq X-Google-Smtp-Source: AGHT+IH2x8/1WWH8WpYqqnFgHANq2gUXUzzLwUNi85zKAghrNgRgluSTu2bqzhYglFIl65mGtDDlQQ== X-Received: by 2002:a05:6a00:2ea2:b0:714:1f6d:11e5 with SMTP id d2e1a72fcca58-71de23b720cmr10432312b3a.12.1728148368733; Sat, 05 Oct 2024 10:12:48 -0700 (PDT) Received: from nuc10 ([74.3.163.187]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0cbf602sm1698217b3a.37.2024.10.05.10.12.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 05 Oct 2024 10:12:47 -0700 (PDT) Date: Sat, 5 Oct 2024 10:12:46 -0700 From: Rustam Kovhaev To: syzbot Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] [mm?] WARNING in page_counter_cancel (5) Message-ID: <20241005171246.GA2236@nuc10> References: <67000a50.050a0220.49194.048d.GAE@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <67000a50.050a0220.49194.048d.GAE@google.com> X-Rspam-User: X-Stat-Signature: i1joez4fq5beqt99o5jbtm959oyfn5q6 X-Rspamd-Queue-Id: 34C0CA0009 X-Rspamd-Server: rspam02 X-HE-Tag: 1728148370-861066 X-HE-Meta: U2FsdGVkX18WOnov27L+hgmqNwRQ8s8NU6BkVE+mEI5xtDlQDVCfkBb2/09oLFZx1WXrJEMroOoVkelym0XtC5bBqMNSzzBGvXDl0TY1zq1BgQvc+VSrNAiilpooqHovnd5Qb5OfqhLzByVK6XfTtO2D+FeVlv1j2fx+1TP2OtXFqOVAe5rwClxcPq2XujDZuBvA3DkjQ8UpAOtg4lI1dWZOdtIpz7sMknp0mZEAuxpKs2+CQW94m/0zr3sYzZ6tTkMTQYWvjNoChiZcdmcIu6TxChecDCnqGagEfDhcyF0dKWX2Jlm0asmgx3DsQZ3VoyUUHGNQr3mNF2NO360ij9BiQMBbqRB++I2Rl2Egzcomg0R+oEp8ZG45oIs6UMkSC0x+wbSZN9QAqQALPtLRx4Twhbw+o4fjvOZvsHF0e5vXBpkvCV/nbMIeYj8b/mj62xZ0Y/Wce+qENUEVKAHOAb8tppfRDsCi4PXzYle21e3n7fU1cXTjm7rdH/C4fZoFlSW44m4/0hLo69r0K4oQM0AoyjRUswZZynOeLtD278hA00Kq3KgUplD7OIRuqc30/sFTiMpm0RXilMHcZAKfD7d7Wj8m+Q8hyEmhe+uMfq4iBHFXohXOsNSRlM+qdn8XCWWk7xPsYmq5XsV7RA8j33P7spM3gxUAmlttqHH9SSrQJC6aAZaw0G9kepX4ua8nLggAomZZM8tlpZ9wOQKGy8ZyVSDZL76k9k25UNGTn+fAYJV5Rq4l1FoNsYF3068fG0iIf5T9TMdvOc4W9piwTz7RAMJKz1DKr6Rm2dkMoq5/kQHz3DBdSQ+Ota6pJHHOXT6U+gNpN2GI7dQoFq8U7GfmwraGdlkNuqng6mSDGp1HHF34POBUZuZQZbXFR4x0jiOvGnDvuGOjCIadgtfg1KmT6KJiLzXOAwoO0bs+88JIgVVYf9alb9pLVnmiLM9pakn7wvaxy31+M3lpq74 fEWNiOju ORd/QgHq6TeErIY1RkNvkvl6jleWlkVB/jWKikP9zvUE6XtA2NTlpV2JSxzWMWJFITFeNGY1GeD3864bAdfyT5z8JV9T6uQdHWdTmZReWiVyAhoxW6osRLBWJwgO95XrSeNon1qBPat1wHcIxBNz+6VQYumrn3MRAn4826RZ5QBJgy4c01VoyEsqOrPX1onkOiGG7s4j4ozZkxzSMWvRHP3SUyiSqCnrKChmp6/UEM6PSjkivbL0WM7jZDA0A/o7ir3dPqeHD//p8UPixop9fDpLNE2wTEY54iO73J/J+1I/llds3bMOPTtywMy2au6cWbtvYJE8vq5kxMHlW1SEis7MdhrF8+yEjKzrCj6Ry5q2v+nCGOKprfefbhJtnucMeXKMfRdE1rMoiez+P7+EBm2HZ+FOx9C1iImAjZdyTvLrQqVaCRAIPdlVFGmpPpNvIi8ITtlLgB3QAELvC8lMsYDFzhGvy6f8FwGFJCQtgSAgYQF5sBepTiHus/ilXVqIBndl9T/Ky/S+Csyg3J+ZUA3XHZwfmt/rSRq6NiBxAzJuwCXJxOl++GCPoZfz2k9bo4P/52e3bk+UMeBA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Oct 04, 2024 at 08:31:28AM -0700, syzbot wrote: > ------------[ cut here ]------------ > page_counter underflow: -512 nr_pages=512 > WARNING: CPU: 1 PID: 5225 at mm/page_counter.c:60 page_counter_cancel+0x110/0x170 mm/page_counter.c:60 > Modules linked in: > CPU: 1 UID: 0 PID: 5225 Comm: syz-executor334 Not tainted 6.12.0-rc1-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 > RIP: 0010:page_counter_cancel+0x110/0x170 mm/page_counter.c:60 > Code: e8 55 23 98 ff 45 84 ed 75 24 e8 6b 21 98 ff c6 05 1a ef 10 0e 01 90 48 c7 c7 c0 9d 5c 8b 4c 89 e2 48 89 ee e8 91 9a 59 ff 90 <0f> 0b 90 90 e8 47 21 98 ff be 08 00 00 00 48 89 df e8 9a 71 f9 ff > RSP: 0018:ffffc900032dfae8 EFLAGS: 00010282 > RAX: 0000000000000000 RBX: ffff8881404a9440 RCX: ffffffff814e2a49 > RDX: ffff88801df38000 RSI: ffffffff814e2a56 RDI: 0000000000000001 > RBP: fffffffffffffe00 R08: 0000000000000001 R09: 0000000000000000 > R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000200 > R13: 0000000000000000 R14: 0000000000000001 R15: ffff888077bbdc18 > FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007f6b788f5243 CR3: 000000007ec10000 CR4: 00000000003526f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > page_counter_uncharge+0x32/0x70 mm/page_counter.c:182 > hugetlb_cgroup_uncharge_counter+0xd6/0x410 mm/hugetlb_cgroup.c:431 > hugetlb_vm_op_close+0x3fe/0x5b0 mm/hugetlb.c:5065 > remove_vma+0xa8/0x1a0 mm/vma.c:330 > exit_mmap+0x4e0/0xb30 mm/mmap.c:1888 > __mmput+0x12a/0x480 kernel/fork.c:1347 > mmput+0x62/0x70 kernel/fork.c:1369 > exit_mm kernel/exit.c:571 [inline] > do_exit+0x9bf/0x2d70 kernel/exit.c:926 > do_group_exit+0xd3/0x2a0 kernel/exit.c:1088 > __do_sys_exit_group kernel/exit.c:1099 [inline] > __se_sys_exit_group kernel/exit.c:1097 [inline] > __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097 > x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > RIP: 0033:0x7f6b7889d879 > Code: Unable to access opcode bytes at 0x7f6b7889d84f. > RSP: 002b:00007ffcea637828 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6b7889d879 > RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 > RBP: 00007f6b78911350 R08: ffffffffffffffb8 R09: 0000000000000000 > R10: 0000000000000003 R11: 0000000000000246 R12: 00007f6b78911350 > R13: 0000000000000000 R14: 00007f6b78911da0 R15: 00007f6b78866f40 > > Hello, Reproduced the same issue in my lab. I'll try to take my chances and fix this one, unless someone is already working on it. In copy_vma() we go to out_vma_link and execute hugetlb_vm_op_close() which uncharges the counter to 0. Then, when the process terminates we execute hugetlb_vm_op_close() again against the same vma and the counter goes negative.